Fix update install recovery

[brennanb2025]

Summary

• Add an install marker and recovery state machine around updater restart attempts.
• Add a macOS ShipIt relaunch guard so a stale old app process exits while the native installer is replacing the app bundle.
• Route ready-update quits through the guarded install path and surface preparing/installing/restarting/recovery states in the update UI, Settings, and status bar.

Testing

I tested this specifically against update-path regression risk, not only generic build health:

• pnpm exec vitest run --config config/vitest.config.ts src/main/updater.test.ts src/main/updater.mac-install.test.ts src/main/updater.check-failure.test.ts src/main/update-install-marker.test.ts src/main/update-quit-policy.test.ts src/main/mac-update-relaunch-guard.test.ts

  • Passed: 6 files, 72 tests.
  • Covers marker persistence before quitAndInstall, preparing/installing/restarting marker transitions, marker write failure recovery, recovery retry attempt reuse, completed-update marker cleanup, macOS Squirrel readiness deferral, deferred quit resume, active ShipIt stale relaunch self-quit, stale ShipIt state rejection, duplicate bundle rejection, and normal quit policy behavior.

• pnpm exec vitest run --config config/vitest.config.ts src/renderer/src/components/UpdateCard.test.ts src/renderer/src/hooks/useIpcEvents.test.ts src/main/updater-nudge.test.ts

  • Passed: 3 files, 83 tests.
  • Covers renderer/update IPC behavior and the update card visibility/store paths affected by preparing, installing, restarting, and recovery states.

• pnpm test

  • First run had one unrelated timeout in src/renderer/src/components/sidebar/WorktreeCard.quick-actions.test.tsx; rerunning that file alone passed immediately.
  • Full rerun passed: 764 files, 7953 tests passed, 9 skipped.

• pnpm run lint

  • Passed with 0 warnings and 0 errors.

• DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer pnpm run build:mac

  • Passed.
  • Built both macOS architectures and artifacts:
    • dist/orca-macos-x64.dmg
    • dist/orca-macos-arm64.dmg
    • dist/Orca-1.4.6-mac.zip
    • dist/Orca-1.4.6-arm64-mac.zip
  • Note: the first pnpm run build:mac attempt failed because the active developer directory was Command Line Tools. Retrying with full Xcode via DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer succeeded.

• Packaged artifact sanity checks:

  • Verified dist/mac-arm64/Orca.app/Contents/Info.plist has CFBundleShortVersionString=1.4.6.
  • Verified dist/mac-arm64/Orca.app/Contents/Info.plist has CFBundleIdentifier=com.stablyai.orca.
  • Verified dist/mac-arm64/Orca.app/Contents/Resources/app-update.yml exists and points to the GitHub release provider with updaterCacheDirName: orca-updater.
  • Verified dist/mac-arm64/Orca.app/Contents/Resources/Orca Computer Use.app is packaged.

• Packaged launch smoke:

  • Ran dist/mac-arm64/Orca.app/Contents/MacOS/Orca with a temporary ORCA_USER_DATA_PATH.
  • It exited cleanly, but an existing production /Applications/Orca.app instance was already running, so this primarily verified the packaged executable does not crash before Electron single-instance handoff rather than a fully independent fresh-window launch.

Risk: high

Historic risk metadata backfill based on the existing risk:high label.