auto-update-systems_skill

This skill helps you implement secure Tauri auto-updates with signature verification, staged rollouts, and reliable rollback for safer software delivery.
  • Shell

25

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill martinholovsky/claude-skills-generator --skill auto-update-systems

  • SKILL.md15.8 KB

Overview

This skill is an expert guide for implementing secure, reliable auto-update systems for Tauri apps with emphasis on signature verification, rollback, staged rollouts, and safe distribution. It focuses on practical controls to prevent malicious updates, ensure recoverability after failures, and reduce blast radius during deployments. The guidance is test-driven and security-first.

How this skill works

The skill inspects updater configuration, manifest formats, and distribution endpoints to ensure Ed25519 signature verification and HTTPS-only delivery. It prescribes test-first workflows, backup-and-rollback mechanics, staged rollout logic, and monitoring hooks to detect and remediate update failures. Implementation snippets show how to check, download, verify, install, and restore updates in Tauri.

When to use it

  • Integrating auto-updates into a Tauri desktop application
  • Designing secure update servers and signed manifests
  • Establishing rollback and recovery for failed deployments
  • Running staged rollouts or channel-based releases (stable/beta)
  • Auditing update integrity after a supply-chain incident

Best practices

  • Always embed and enforce public key verification; never bypass signature checks
  • Serve manifests and artifacts over HTTPS and consider certificate pinning
  • Write tests first for checks: update detection, invalid signature rejection, rollback
  • Implement atomic installs with targeted backups and minimal backup retention
  • Use staged rollouts and telemetry to limit impact and monitor health

Example use cases

  • Configure tauri.conf.json with pubkey, endpoints, and passive install mode
  • Create an update manifest containing per-platform URLs and signatures
  • Implement download_and_verify flow that aborts on signature failure
  • Run a staged rollout: 1% -> 10% -> 50% -> 100% while monitoring errors
  • Automated rollback triggered by install failures or rising crash rates

FAQ

Use Ed25519 for fast, robust signatures and embed the public key in the app for verification.

How do I limit blast radius for updates?

Perform staged rollouts by releasing to small user cohorts, monitor success metrics, and pause or roll back on anomalies.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
auto-update-systems skill by martinholovsky/claude-skills-generator | VeilStrat