Back to Signal Feed
CodeTracked since May 21, 2026

Add background remote-agent install/update lifecycle to CoStrict

The PR introduces a remote-agent installer module that automatically checks for new agent package versions, downloads server-hosted zip bundles, and performs install/uninstall, verification, and immediate cache refresh for agents, commands, skills, rules, and MCP modules.

RemoteAgentInstallerAgentDownloaderAgentInstallerInstallRecordManager

What Happened

  • The PR introduces a remote-agent installer module that automatically checks for new agent package versions, downloads server-hosted zip bundles, and performs install/uninstall, verification, and immediate cache refresh for agents, commands, skills, rules, and MCP modules.
  • The PR introduces a remote-agent installer module that automatically checks for new agent package versions, downloads server-hosted zip bundles, and performs install/uninstall, verification, and immediate cache refresh for agents, commands, skills, rules, and MCP modules.
  • 1 evidence item attached for review.

What is Different

Before

Scattered source updates, isolated context, and manual follow-up across multiple feeds.

Now

Implemented end-to-end lifecycle management for remote agent packages in the CoStrict extension: version polling, secure zip download (redirect + checksum), atomic install/uninstall for five module categories, post-install integrity checks, fatal-error gating, retry policy, and hot-reload integration.

Why Track This

Why It Matters

For VS Code users and extension operators, CoStrict can now receive and apply new agent capabilities (skills, commands, rules, MCP integrations) with background auto-update and immediate in-process activation, reducing manual rollout steps and operator downtime. The implementation adds a singleton orchestrator with scheduled update checks (default 60 minutes, configurable), downloader validation, manifest/version checks, path-traversal-safe extraction, multi-window file locking, and exponential backoff on non-fatal failures; teams should watch whether silent background failures and lock expiry timing cause delayed recoveries or skipped updates in busy multi-window environments.

Impact

For VS Code users and extension operators, CoStrict can now receive and apply new agent capabilities (skills, commands, rules, MCP integrations) with background auto-update and immediate in-process activation, reducing manual rollout steps and operator downtime. The implementation adds a singleton orchestrator with scheduled update checks (default 60 minutes, configurable), downloader validation, manifest/version checks, path-traversal-safe extraction, multi-window file locking, and exponential backoff on non-fatal failures; teams should watch whether silent background failures and lock expiry timing cause delayed recoveries or skipped updates in busy multi-window environments.

What To Watch Next

  • Watch whether RemoteAgentInstaller becomes a repeated pattern.
  • Track follow-up changes around AI Integration in IDEs.
  • Compare future signals against this evidence trail.
  • Re-check risk flags: silent_background_update_failures, cross_window_file_lock_contention.
Open Topic TimelineOpen Technical EventOpen Original Sourcesilent_background_update_failures / cross_window_file_lock_contention / checksum_or_manifest_mismatch_blocking_updates / polling_interval_tuning / update_server_connectivity_regressions

Supporting Evidence

GITHUB PULL REQUESTHigh Trust

zgsm-ai/costrict PR #1215: Feat/install remote agents

Open the original source to review the supporting evidence.