fix: update notifier semver comparison + release v0.8.3

mostlydev · mostlydev · commit fd51af9546cd · 2026-04-09T13:54:55.000-04:00
The update-available notifier used string inequality (latest != version) to
decide whether to print the notice. After upgrading past a cached latest_tag
(the cache has a 1 hour TTL), the newer binary would read its pre-upgrade
cache and emit "Update available: v0.8.2 -&gt; v0.8.1" because the two strings
were unequal — a phantom downgrade seen on the Tiverton host right after
`claw update`.

Switch to strict semver ordering (golang.org/x/mod/semver) so stale caches
whose latest_tag is older than the running binary no longer trigger a
bogus notice. Add a focused test covering the regression plus the typical
newer/equal/malformed cases.

Also refresh site/changelog.md with the v0.8.3 entry and bump the nav
dropdown version. go mod tidy promoted x/mod and robfig/cron/v3 from
indirect to direct — both are in fact imported directly.
diff --git a/cmd/claw/update_check.go b/cmd/claw/update_check.go
@@ -8,6 +8,8 @@ import (
 	"path/filepath"
 	"strings"
 	"time"
+
+	"golang.org/x/mod/semver"
 )
 
 const (
@@ -90,16 +92,16 @@ func writeCache(c *updateCheckCache) {
 	_ = os.WriteFile(path, data, 0o644)
 }
 
-// maybeNotifyUpdate prints an update notice if a newer release is available.
-// Checks at most once per hour; never blocks on network errors.
+// maybeNotifyUpdate prints an update notice if a strictly newer release is
+// available. Checks at most once per hour; never blocks on network errors.
 func maybeNotifyUpdate() {
 	if version == "dev" {
 		return
 	}
 
 	cache := readCache()
 	if cache != nil && time.Since(cache.CheckedAt) < updateCheckInterval {
-		if cache.LatestTag != "" && cache.LatestTag != version {
+		if isNewerRelease(cache.LatestTag, version) {
 			printUpdateNotice(cache.LatestTag)
 		}
 		return
@@ -111,11 +113,28 @@ func maybeNotifyUpdate() {
 		LatestTag: latest,
 	})
 
-	if latest != "" && latest != version {
+	if isNewerRelease(latest, version) {
 		printUpdateNotice(latest)
 	}
 }
 
+// isNewerRelease reports whether latest is a strictly higher semantic version
+// than current. Both inputs are expected to be unprefixed (e.g. "0.8.2"),
+// matching the format stored in the cache and stamped into the binary by
+// goreleaser. Returns false for empty, malformed, or equal/older versions so
+// stale caches after an upgrade don't flag a phantom "downgrade".
+func isNewerRelease(latest, current string) bool {
+	if latest == "" || current == "" {
+		return false
+	}
+	l := "v" + strings.TrimPrefix(latest, "v")
+	c := "v" + strings.TrimPrefix(current, "v")
+	if !semver.IsValid(l) || !semver.IsValid(c) {
+		return false
+	}
+	return semver.Compare(l, c) > 0
+}
+
 func printUpdateNotice(latest string) {
 	fmt.Fprintf(os.Stderr, "\n  Update available: v%s → v%s  (run: claw update)\n\n", version, latest)
 }
diff --git a/cmd/claw/update_check_test.go b/cmd/claw/update_check_test.go
@@ -0,0 +1,43 @@
+package main
+
+import "testing"
+
+func TestIsNewerRelease(t *testing.T) {
+	tests := []struct {
+		name    string
+		latest  string
+		current string
+		want    bool
+	}{
+		{"strictly newer patch", "0.8.2", "0.8.1", true},
+		{"strictly newer minor", "0.9.0", "0.8.9", true},
+		{"strictly newer major", "1.0.0", "0.99.9", true},
+		{"equal", "0.8.2", "0.8.2", false},
+
+		// Regression: v0.8.1 cache read by a freshly upgraded v0.8.2 binary
+		// was printing "Update available: v0.8.2 → v0.8.1" because the pre-fix
+		// code compared with != instead of semver ordering.
+		{"stale cache after upgrade", "0.8.1", "0.8.2", false},
+
+		{"empty latest", "", "0.8.2", false},
+		{"empty current", "0.8.2", "", false},
+		{"both empty", "", "", false},
+		{"malformed latest", "garbage", "0.8.2", false},
+		{"malformed current", "0.8.2", "garbage", false},
+
+		// Accept strings with or without a leading "v" on either side —
+		// the cache historically stores unprefixed values but the field could
+		// drift; the comparator should still work.
+		{"v-prefixed latest", "v0.8.2", "0.8.1", true},
+		{"v-prefixed current", "0.8.2", "v0.8.1", true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := isNewerRelease(tt.latest, tt.current)
+			if got != tt.want {
+				t.Errorf("isNewerRelease(%q, %q) = %v, want %v", tt.latest, tt.current, got, tt.want)
+			}
+		})
+	}
+}
diff --git a/go.mod b/go.mod
@@ -5,7 +5,9 @@ go 1.23.0
 require (
 	github.com/docker/docker v26.1.4+incompatible
 	github.com/moby/buildkit v0.13.2
+	github.com/robfig/cron/v3 v3.0.1
 	github.com/spf13/cobra v1.8.1
+	golang.org/x/mod v0.13.0
 	gopkg.in/yaml.v3 v3.0.1
 	oras.land/oras-go/v2 v2.6.0
 )
@@ -26,13 +28,11 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
 	go.opentelemetry.io/otel v1.21.0 // indirect
 	go.opentelemetry.io/otel/metric v1.21.0 // indirect
 	go.opentelemetry.io/otel/trace v1.21.0 // indirect
-	golang.org/x/mod v0.13.0 // indirect
 	golang.org/x/sync v0.14.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect
diff --git a/site/.vitepress/config.mts b/site/.vitepress/config.mts
@@ -43,7 +43,7 @@ export default defineConfig({
     nav: [
       { text: 'Guide', link: '/guide/what-is-clawdapus' },
       {
-        text: 'v0.8.2',
+        text: 'v0.8.3',
         items: [
           { text: 'Changelog', link: '/changelog' },
           { text: 'Manifesto', link: '/manifesto' },
diff --git a/site/changelog.md b/site/changelog.md
@@ -31,7 +31,13 @@ outline: deep
 
 <!-- Nothing yet -->
 
-## v0.8.2 <Badge type="tip" text="Latest" /> {#v0-8-2}
+## v0.8.3 <Badge type="tip" text="Latest" /> {#v0-8-3}
+
+*2026-04-09*
+
+- **Fix: update-check notifier prints phantom "downgrade" after upgrading** — the update-available notifier used a plain string inequality instead of a semver comparison, so a freshly upgraded binary reading its pre-upgrade cache (within the 1 hour TTL) would print `Update available: v0.8.2 → v0.8.1`. The notifier now uses strict semver ordering, so a stale cache whose `latest_tag` is older than the running binary no longer triggers a bogus notice. As a one-time workaround on an already-upgraded host, `rm ~/.claw/.claw-update-check` clears the stale cache.
+
+## v0.8.2 {#v0-8-2}
 
 *2026-04-09*
 

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ export default defineConfig({`
`43`	`43`	`nav: [`
`44`	`44`	`{ text: 'Guide', link: '/guide/what-is-clawdapus' },`
`45`	`45`	`{`
`46`		`- text: 'v0.8.2',`
	`46`	`+ text: 'v0.8.3',`
`47`	`47`	`items: [`
`48`	`48`	`{ text: 'Changelog', link: '/changelog' },`
`49`	`49`	`{ text: 'Manifesto', link: '/manifesto' },`