From a401722739eb90720f9470e8654bf48eb8c9e974 Mon Sep 17 00:00:00 2001
From: hemarina <hemarina@microsoft.com>
Date: Mon, 16 Mar 2026 19:34:04 -0700
Subject: [PATCH 01/14] add install script installation for windows

---
 cli/azd/pkg/update/errors.go           |   2 +
 cli/azd/pkg/update/manager.go          | 101 +++---
 cli/azd/pkg/update/msi_unix.go         |  50 ++-
 cli/azd/pkg/update/msi_windows.go      | 220 +++++++++++--
 cli/azd/pkg/update/msi_windows_test.go | 416 +++++++++++++++++++++++++
 5 files changed, 713 insertions(+), 76 deletions(-)
 create mode 100644 cli/azd/pkg/update/msi_windows_test.go

diff --git a/cli/azd/pkg/update/errors.go b/cli/azd/pkg/update/errors.go
index 19a72eda995..88f60bd5222 100644
--- a/cli/azd/pkg/update/errors.go
+++ b/cli/azd/pkg/update/errors.go
@@ -35,6 +35,8 @@ const (
 	CodeSignatureInvalid         = "update.signatureInvalid"
 	CodeElevationRequired        = "update.elevationRequired"
 	CodeUnsupportedInstallMethod = "update.unsupportedInstallMethod"
+	CodeOtherProcessesRunning    = "update.otherProcessesRunning"
+	CodeNonStandardInstall       = "update.nonStandardInstall"
 )
 
 func newUpdateError(code string, err error) *UpdateError {
diff --git a/cli/azd/pkg/update/manager.go b/cli/azd/pkg/update/manager.go
index fc566f39e06..dacd25bc878 100644
--- a/cli/azd/pkg/update/manager.go
+++ b/cli/azd/pkg/update/manager.go
@@ -315,43 +315,69 @@ func (m *Manager) updateViaPackageManager(
 }
 
 func (m *Manager) updateViaMSI(ctx context.Context, cfg *UpdateConfig, writer io.Writer) error {
-	msiURL, err := m.buildMSIDownloadURL(cfg.Channel)
-	if err != nil {
+	// Step 1: Check for other running azd.exe processes (same exe path, different PID).
+	// The MSI installer cannot replace a locked binary, so all other instances must be closed.
+	fmt.Fprintf(writer, "Checking for other running azd instances...\n")
+	if err := checkOtherAzdProcesses(ctx, m.commandRunner); err != nil {
 		return err
 	}
 
-	fmt.Fprintf(writer, "Downloading MSI from %s...\n", msiURL)
-
-	tempDir := os.TempDir()
-	msiPath := filepath.Join(tempDir, "azd-windows-amd64.msi")
-
-	if err := m.downloadFile(ctx, msiURL, msiPath, writer); err != nil {
-		return newUpdateError(CodeDownloadFailed, err)
+	// Step 2: Verify the install is the standard per-user MSI configuration.
+	// install-azd.ps1 installs with ALLUSERS=2 to %LOCALAPPDATA%\Programs\Azure Dev CLI.
+	// If the current install is non-standard, abort and advise the user.
+	if err := isStandardMSIInstall(); err != nil {
+		return err
 	}
-	// Don't defer os.Remove — the detached msiexec process needs this file after we exit.
 
-	// Build msiexec args. Always write a verbose log so failures are diagnosable.
-	msiLogPath, logErr := msiLogFilePath()
-	args := []string{"/i", msiPath, "/qn"}
-	if logErr == nil {
-		args = append(args, "/l*v", msiLogPath)
-		log.Printf("MSI install log: %s", msiLogPath)
+	// Step 3: Backup the current exe by renaming it.
+	// Windows allows renaming a running executable — the OS handle follows the file.
+	// This frees the original path so the MSI installer can write the new binary.
+	fmt.Fprintf(writer, "Backing up current azd executable...\n")
+	originalPath, backupPath, err := backupCurrentExe()
+	if err != nil {
+		return newUpdateError(CodeReplaceFailed, fmt.Errorf("failed to backup current executable: %w", err))
 	}
 
-	log.Printf("Spawning detached msiexec: msiexec %s", strings.Join(args, " "))
-	fmt.Fprintf(writer, "Installing update via MSI...\n")
+	// Ensure the backup is always handled: restored on failure, cleaned up on success.
+	// Using defer guarantees this runs even if an unexpected error or panic occurs.
+	updateSucceeded := false
+	defer func() {
+		if updateSucceeded {
+			cleanupOldBackups(originalPath)
+			return
+		}
+		// Update failed — restore the backup so the user still has a working binary.
+		fmt.Fprintf(writer, "Restoring previous version...\n")
+		if restoreErr := restoreExeFromBackup(originalPath, backupPath); restoreErr != nil {
+			fmt.Fprintf(writer, "WARNING: failed to restore previous version: %v\n", restoreErr)
+			fmt.Fprintf(writer, "Your backup is at: %s\n", backupPath)
+			fmt.Fprintf(writer, "To recover manually, rename it to: %s\n", originalPath)
+		}
+	}()
+
+	// Step 4: Run the install script synchronously and wait for it to complete.
+	psArgs := buildInstallScriptArgs(cfg.Channel)
+
+	log.Printf("Running install script: powershell %s", strings.Join(psArgs, " "))
+	fmt.Fprintf(writer, "Installing azd %s channel...\n", cfg.Channel)
 
-	// Spawn msiexec detached so it can replace the running azd binary.
-	// msiexec cannot overwrite a locked executable; by detaching, azd can exit
-	// and release the file lock before msiexec attempts the replacement.
 	//nolint:gosec // args are constructed from controlled constants, not user input
-	cmd := osexec.Command("msiexec", args...)
-	cmd.SysProcAttr = newDetachedSysProcAttr()
-	if err := cmd.Start(); err != nil {
-		return newUpdateError(CodeReplaceFailed, fmt.Errorf("failed to start msiexec: %w", err))
+	cmd := osexec.Command("powershell", psArgs...)
+	cmd.Stdout = writer
+	cmd.Stderr = writer
+
+	if err := cmd.Run(); err != nil {
+		return newUpdateError(CodeReplaceFailed, fmt.Errorf("install script failed: %w", err))
 	}
 
-	log.Printf("msiexec started with PID %d, azd will exit to release binary lock", cmd.Process.Pid)
+	// Step 5: Verify the installer actually produced a new binary at the expected path.
+	if _, err := os.Stat(originalPath); err != nil {
+		return newUpdateError(CodeReplaceFailed,
+			fmt.Errorf("install script completed but %s was not found", originalPath))
+	}
+
+	updateSucceeded = true
+	log.Printf("Update completed successfully")
 	return nil
 }
 
@@ -430,20 +456,6 @@ func (m *Manager) buildDownloadURL(channel Channel) (string, error) {
 	return fmt.Sprintf("%s/%s/azd-%s-%s%s", blobBaseURL, folder, platform, arch, ext), nil
 }
 
-func (m *Manager) buildMSIDownloadURL(channel Channel) (string, error) {
-	var folder string
-	switch channel {
-	case ChannelStable:
-		folder = "stable"
-	case ChannelDaily:
-		folder = "daily"
-	default:
-		return "", fmt.Errorf("unsupported channel: %s", channel)
-	}
-
-	return fmt.Sprintf("%s/%s/azd-windows-%s.msi", blobBaseURL, folder, runtime.GOARCH), nil
-}
-
 func archiveExtension() string {
 	if runtime.GOOS == "linux" {
 		return ".tar.gz"
@@ -590,15 +602,6 @@ func (m *Manager) replaceBinary(ctx context.Context, newBinaryPath, currentBinar
 	return fmt.Errorf("failed to replace binary: %w", err)
 }
 
-// currentExePath returns the resolved path of the currently running azd binary.
-func currentExePath() (string, error) {
-	exePath, err := os.Executable()
-	if err != nil {
-		return "", err
-	}
-	return filepath.EvalSymlinks(exePath)
-}
-
 func copyFile(src, dst string) error {
 	in, err := os.Open(src)
 	if err != nil {
diff --git a/cli/azd/pkg/update/msi_unix.go b/cli/azd/pkg/update/msi_unix.go
index f9993bae828..d2a2e9616fa 100644
--- a/cli/azd/pkg/update/msi_unix.go
+++ b/cli/azd/pkg/update/msi_unix.go
@@ -5,15 +5,51 @@
 
 package update
 
-import "syscall"
+import (
+	"context"
 
-// newDetachedSysProcAttr is a no-op on non-Windows platforms.
-// updateViaMSI is only called on Windows (guarded by runtime.GOOS check in Update).
-func newDetachedSysProcAttr() *syscall.SysProcAttr {
-	return &syscall.SysProcAttr{}
+	"github.com/azure/azure-dev/cli/azd/pkg/exec"
+)
+
+// checkOtherAzdProcesses is a no-op on non-Windows platforms.
+func checkOtherAzdProcesses(_ context.Context, _ exec.CommandRunner) error {
+	return nil
+}
+
+// isStandardMSIInstall is a no-op on non-Windows platforms.
+func isStandardMSIInstall() error {
+	return nil
 }
 
-// msiLogFilePath is a no-op on non-Windows platforms.
-func msiLogFilePath() (string, error) {
+// currentExePath is a no-op stub on non-Windows platforms.
+func currentExePath() (string, error) {
 	return "", nil
 }
+
+// backupCurrentExe is a no-op stub on non-Windows platforms.
+func backupCurrentExe() (string, string, error) {
+	return "", "", nil
+}
+
+// restoreExeFromBackup is a no-op stub on non-Windows platforms.
+func restoreExeFromBackup(_, _ string) error { return nil }
+
+// cleanupOldBackups is a no-op stub on non-Windows platforms.
+func cleanupOldBackups(_ string) {}
+
+// versionFlag returns the install script parameter value for the given channel.
+func versionFlag(channel Channel) string {
+	switch channel {
+	case ChannelDaily:
+		return "daily"
+	case ChannelStable:
+		return "stable"
+	default:
+		return "stable"
+	}
+}
+
+// buildInstallScriptArgs is a no-op on non-Windows platforms.
+func buildInstallScriptArgs(_ Channel) []string {
+	return nil
+}
diff --git a/cli/azd/pkg/update/msi_windows.go b/cli/azd/pkg/update/msi_windows.go
index 5972a724421..d2d210fc892 100644
--- a/cli/azd/pkg/update/msi_windows.go
+++ b/cli/azd/pkg/update/msi_windows.go
@@ -4,38 +4,218 @@
 package update
 
 import (
+	"context"
+	"fmt"
+	"log"
 	"os"
 	"path/filepath"
-	"syscall"
+	"strconv"
+	"strings"
+	"time"
 
-	"github.com/azure/azure-dev/cli/azd/pkg/config"
+	"github.com/azure/azure-dev/cli/azd/pkg/exec"
 )
 
-const (
-	// Windows process creation flags for detaching msiexec from the parent process.
-	windowsCreateNewProcessGroup = 0x00000200
-	windowsDetachedProcess       = 0x00000008
-)
+// installScriptURL is the PowerShell install script for azd on Windows.
+const installScriptURL = "https://aka.ms/install-azd.ps1"
+
+// expectedPerUserInstallDir is the default per-user MSI install directory (ALLUSERS=2).
+// azd update only supports this standard configuration.
+func expectedPerUserInstallDir() string {
+	localAppData := os.Getenv("LOCALAPPDATA")
+	if localAppData == "" {
+		return ""
+	}
+	return filepath.Join(localAppData, "Programs", "Azure Dev CLI")
+}
+
+// currentExePath returns the resolved path of the currently running executable.
+func currentExePath() (string, error) {
+	exePath, err := os.Executable()
+	if err != nil {
+		return "", fmt.Errorf("failed to determine current executable path: %w", err)
+	}
+	resolved, err := filepath.EvalSymlinks(exePath)
+	if err != nil {
+		return "", fmt.Errorf("failed to resolve executable path: %w", err)
+	}
+	return resolved, nil
+}
+
+// backupCurrentExe renames the currently running azd executable so the MSI installer
+// can write a new binary to the original path. Windows allows renaming a file that is
+// locked by a running process — the handle follows the renamed file.
+// Returns the original path and the backup path.
+func backupCurrentExe() (originalPath string, backupPath string, err error) {
+	originalPath, err = currentExePath()
+	if err != nil {
+		return "", "", err
+	}
 
-// newDetachedSysProcAttr returns SysProcAttr that detaches the child process
-// so it survives after the parent (azd) exits.
-func newDetachedSysProcAttr() *syscall.SysProcAttr {
-	return &syscall.SysProcAttr{
-		CreationFlags: windowsCreateNewProcessGroup | windowsDetachedProcess,
+	timestamp := time.Now().Unix()
+	backupPath = fmt.Sprintf("%s.old.%d", originalPath, timestamp)
+
+	if err := os.Rename(originalPath, backupPath); err != nil {
+		return "", "", fmt.Errorf("failed to rename executable for backup: %w", err)
 	}
+
+	log.Printf("Backed up %s -> %s", originalPath, backupPath)
+	return originalPath, backupPath, nil
+}
+
+// restoreExeFromBackup moves the backup back to the original location.
+// This is called when the install script fails so the user is not left without a working binary.
+// Returns an error if the restore fails, so the caller can advise the user on manual recovery.
+func restoreExeFromBackup(originalPath, backupPath string) error {
+	// Remove any partially-installed new binary that might be in the way.
+	_ = os.Remove(originalPath)
+
+	if err := os.Rename(backupPath, originalPath); err != nil {
+		log.Printf("WARNING: failed to restore executable from backup %s -> %s: %v", backupPath, originalPath, err)
+		return fmt.Errorf("failed to restore executable from backup %s -> %s: %w", backupPath, originalPath, err)
+	}
+
+	log.Printf("Restored executable from backup: %s -> %s", backupPath, originalPath)
+	return nil
 }
 
-// msiLogFilePath returns the path for the MSI verbose install log (~/.azd/logs/msi-update.log).
-func msiLogFilePath() (string, error) {
-	configDir, err := config.GetUserConfigDir()
+// cleanupOldBackups removes any leftover azd.exe.old.* files from the install directory.
+func cleanupOldBackups(exePath string) {
+	dir := filepath.Dir(exePath)
+	base := filepath.Base(exePath)
+	pattern := filepath.Join(dir, base+".old.*")
+
+	matches, err := filepath.Glob(pattern)
 	if err != nil {
-		return "", err
+		return
+	}
+
+	for _, m := range matches {
+		if err := os.Remove(m); err != nil {
+			log.Printf("warning: failed to remove old backup %s: %v", m, err)
+		} else {
+			log.Printf("Cleaned up old backup: %s", m)
+		}
 	}
+}
+
+// checkOtherAzdProcesses checks whether other azd.exe processes are running from the same
+// executable path, excluding the current process. Returns an error if other instances are found.
+func checkOtherAzdProcesses(ctx context.Context, commandRunner exec.CommandRunner) error {
+	currentPID := os.Getpid()
 
-	logsDir := filepath.Join(configDir, "logs")
-	if err := os.MkdirAll(logsDir, 0o755); err != nil {
-		return "", err
+	exePath, err := currentExePath()
+	if err != nil {
+		return err
 	}
 
-	return filepath.Join(logsDir, "msi-update.log"), nil
+	// Use PowerShell to find all azd.exe processes and their executable paths.
+	// Filter to processes matching our exe path but not our PID.
+	script := fmt.Sprintf(
+		`Get-Process -Name azd -ErrorAction SilentlyContinue | `+
+			`Where-Object { $_.Id -ne %d } | `+
+			`Where-Object { try { $_.Path -eq '%s' } catch { $false } } | `+
+			`Select-Object -ExpandProperty Id`,
+		currentPID, exePath,
+	)
+
+	runArgs := exec.NewRunArgs("powershell", "-NoProfile", "-Command", script)
+	result, err := commandRunner.Run(ctx, runArgs)
+	if err != nil {
+		// If the command itself fails, log and allow update to proceed.
+		// This avoids blocking updates when process enumeration is restricted.
+		log.Printf("warning: failed to check for other azd processes: %v", err)
+		return nil
+	}
+
+	output := strings.TrimSpace(result.Stdout)
+	if output == "" {
+		return nil
+	}
+
+	// Parse the PIDs from the output to build a helpful message
+	var pids []int
+	for _, line := range strings.Split(output, "\n") {
+		line = strings.TrimSpace(line)
+		if pid, parseErr := strconv.Atoi(line); parseErr == nil {
+			pids = append(pids, pid)
+		}
+	}
+
+	if len(pids) == 0 {
+		return nil
+	}
+
+	return newUpdateError(CodeOtherProcessesRunning, fmt.Errorf(
+		"found %d other azd process(es) running (PIDs: %v).\n"+
+			"Please close all other azd instances before running azd update",
+		len(pids), pids,
+	))
+}
+
+// isStandardMSIInstall checks whether the current azd binary is installed in the standard
+// per-user MSI location (%LOCALAPPDATA%\Programs\Azure Dev CLI). Returns an error if the
+// install is non-standard, advising the user to reinstall with the default per-user configuration.
+func isStandardMSIInstall() error {
+	expectedDir := expectedPerUserInstallDir()
+	if expectedDir == "" {
+		return newUpdateError(CodeNonStandardInstall, fmt.Errorf(
+			"LOCALAPPDATA environment variable is not set; cannot verify install location"))
+	}
+
+	exePath, err := currentExePath()
+	if err != nil {
+		return err
+	}
+
+	actualDir := filepath.Dir(exePath)
+
+	// Normalize both paths for comparison (case-insensitive on Windows, clean slashes)
+	if !strings.EqualFold(filepath.Clean(actualDir), filepath.Clean(expectedDir)) {
+		return newUpdateError(CodeNonStandardInstall, fmt.Errorf(
+			"azd is installed in a non-standard location: %s\n"+
+				"azd update only supports the default per-user install.\n"+
+				"Please reinstall azd with the default configuration:\n"+
+				"  ALLUSERS=2  INSTALLDIR=\"%s\"\n"+
+				"See https://github.com/Azure/azure-dev/blob/main/cli/installer/README.md#msi-configuration",
+			actualDir, expectedDir,
+		))
+	}
+
+	return nil
+}
+
+// versionFlag returns the install script parameter value for the given channel.
+func versionFlag(channel Channel) string {
+	switch channel {
+	case ChannelDaily:
+		return "daily"
+	case ChannelStable:
+		return "stable"
+	default:
+		return "stable"
+	}
+}
+
+// buildInstallScriptArgs constructs the PowerShell arguments to download and run
+// install-azd.ps1 with the appropriate -Version flag.
+// The -SkipVerify flag is passed because Authenticode verification via
+// Get-AuthenticodeSignature can fail in environments where the
+// Microsoft.PowerShell.Security module cannot be auto-loaded (a known issue on
+// some Windows PowerShell 5.1 configurations). The MSI is already downloaded
+// over HTTPS from a Microsoft-controlled domain, so the transport-level
+// integrity is sufficient.
+// Returns the arguments to pass to the "powershell" command.
+func buildInstallScriptArgs(channel Channel) []string {
+	version := versionFlag(channel)
+	// Download the script to a temp file, then invoke it with the appropriate -Version flag.
+	// Using -ExecutionPolicy Bypass ensures the script runs even if the system policy is restrictive.
+	script := fmt.Sprintf(
+		`$script = Join-Path $env:TEMP 'install-azd.ps1'; `+
+			`Invoke-RestMethod '%s' -OutFile $script; `+
+			`& $script -Version '%s' -SkipVerify; `+
+			`Remove-Item $script -Force -ErrorAction SilentlyContinue`,
+		installScriptURL, version,
+	)
+	return []string{"-NoProfile", "-ExecutionPolicy", "Bypass", "-Command", script}
 }
diff --git a/cli/azd/pkg/update/msi_windows_test.go b/cli/azd/pkg/update/msi_windows_test.go
new file mode 100644
index 00000000000..fbe232c9d4c
--- /dev/null
+++ b/cli/azd/pkg/update/msi_windows_test.go
@@ -0,0 +1,416 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package update
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/azure/azure-dev/cli/azd/pkg/exec"
+	"github.com/azure/azure-dev/cli/azd/test/mocks/mockexec"
+	"github.com/stretchr/testify/require"
+)
+
+func TestExpectedPerUserInstallDir(t *testing.T) {
+	tests := []struct {
+		name         string
+		localAppData string
+		want         string
+	}{
+		{
+			name:         "standard",
+			localAppData: `C:\Users\testuser\AppData\Local`,
+			want:         `C:\Users\testuser\AppData\Local\Programs\Azure Dev CLI`,
+		},
+		{
+			name:         "empty LOCALAPPDATA",
+			localAppData: "",
+			want:         "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Setenv("LOCALAPPDATA", tt.localAppData)
+			got := expectedPerUserInstallDir()
+			require.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func TestVersionFlag(t *testing.T) {
+	tests := []struct {
+		name    string
+		channel Channel
+		want    string
+	}{
+		{"stable channel", ChannelStable, "stable"},
+		{"daily channel", ChannelDaily, "daily"},
+		{"unknown defaults to stable", Channel("nightly"), "stable"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := versionFlag(tt.channel)
+			require.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func TestBuildInstallScriptArgs(t *testing.T) {
+	tests := []struct {
+		name    string
+		channel Channel
+		// We check that certain substrings appear in the constructed args
+		wantContains []string
+	}{
+		{
+			name:    "stable",
+			channel: ChannelStable,
+			wantContains: []string{
+				"-NoProfile",
+				"-ExecutionPolicy", "Bypass",
+				"-Command",
+				installScriptURL,
+				"-Version 'stable'",
+				"-SkipVerify",
+			},
+		},
+		{
+			name:    "daily",
+			channel: ChannelDaily,
+			wantContains: []string{
+				"-NoProfile",
+				"-ExecutionPolicy", "Bypass",
+				"-Command",
+				installScriptURL,
+				"-Version 'daily'",
+				"-SkipVerify",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			args := buildInstallScriptArgs(tt.channel)
+			require.NotNil(t, args)
+			require.True(t, len(args) > 0, "expected non-empty args slice")
+
+			// Join all args to make substring searches easier
+			joined := strings.Join(args, " ")
+			for _, s := range tt.wantContains {
+				require.Contains(t, joined, s, "expected args to contain %q", s)
+			}
+		})
+	}
+}
+
+func TestBuildInstallScriptArgs_Structure(t *testing.T) {
+	args := buildInstallScriptArgs(ChannelStable)
+
+	// The args should be: ["-NoProfile", "-ExecutionPolicy", "Bypass", "-Command", <script>]
+	require.Equal(t, 5, len(args), "expected exactly 5 args")
+	require.Equal(t, "-NoProfile", args[0])
+	require.Equal(t, "-ExecutionPolicy", args[1])
+	require.Equal(t, "Bypass", args[2])
+	require.Equal(t, "-Command", args[3])
+
+	// The script (args[4]) should be a single string containing the full PowerShell pipeline
+	script := args[4]
+	require.Contains(t, script, "Invoke-RestMethod")
+	require.Contains(t, script, installScriptURL)
+	require.Contains(t, script, "-SkipVerify")
+	require.Contains(t, script, "Remove-Item")
+}
+
+func TestCheckOtherAzdProcesses_NoneFound(t *testing.T) {
+	mockRunner := mockexec.NewMockCommandRunner()
+	mockRunner.When(func(args exec.RunArgs, command string) bool {
+		return strings.Contains(command, "Get-Process -Name azd")
+	}).Respond(exec.NewRunResult(0, "", ""))
+
+	err := checkOtherAzdProcesses(context.Background(), mockRunner)
+	require.NoError(t, err)
+}
+
+func TestCheckOtherAzdProcesses_OtherInstanceFound(t *testing.T) {
+	mockRunner := mockexec.NewMockCommandRunner()
+	mockRunner.When(func(args exec.RunArgs, command string) bool {
+		return strings.Contains(command, "Get-Process -Name azd")
+	}).Respond(exec.NewRunResult(0, "12345\n67890\n", ""))
+
+	err := checkOtherAzdProcesses(context.Background(), mockRunner)
+	require.Error(t, err)
+
+	var updateErr *UpdateError
+	require.ErrorAs(t, err, &updateErr)
+	require.Equal(t, CodeOtherProcessesRunning, updateErr.Code)
+	require.Contains(t, err.Error(), "12345")
+	require.Contains(t, err.Error(), "67890")
+}
+
+func TestCheckOtherAzdProcesses_CommandFails(t *testing.T) {
+	// When the PowerShell command itself fails, checkOtherAzdProcesses should log
+	// a warning but return nil (allow the update to proceed).
+	mockRunner := mockexec.NewMockCommandRunner()
+	mockRunner.When(func(args exec.RunArgs, command string) bool {
+		return strings.Contains(command, "Get-Process -Name azd")
+	}).SetError(fmt.Errorf("powershell not found"))
+
+	err := checkOtherAzdProcesses(context.Background(), mockRunner)
+	require.NoError(t, err, "should not block update when process check fails")
+}
+
+func TestCheckOtherAzdProcesses_WhitespaceOnlyOutput(t *testing.T) {
+	mockRunner := mockexec.NewMockCommandRunner()
+	mockRunner.When(func(args exec.RunArgs, command string) bool {
+		return strings.Contains(command, "Get-Process -Name azd")
+	}).Respond(exec.NewRunResult(0, "   \n  \n  ", ""))
+
+	err := checkOtherAzdProcesses(context.Background(), mockRunner)
+	require.NoError(t, err, "whitespace-only output should be treated as no other processes")
+}
+
+func TestIsStandardMSIInstall_StandardPath(t *testing.T) {
+	// Get the actual exe path and set LOCALAPPDATA so that
+	// expectedPerUserInstallDir() == filepath.Dir(exePath).
+	// expectedPerUserInstallDir = LOCALAPPDATA + \Programs\Azure Dev CLI
+	// So we need LOCALAPPDATA = filepath.Dir(exePath) stripped of "\Programs\Azure Dev CLI".
+	exePath, err := os.Executable()
+	require.NoError(t, err)
+	exePath, err = filepath.EvalSymlinks(exePath)
+	require.NoError(t, err)
+
+	actualDir := filepath.Dir(exePath)
+	suffix := filepath.Join("Programs", "Azure Dev CLI")
+	if !strings.HasSuffix(strings.ToLower(filepath.Clean(actualDir)), strings.ToLower(suffix)) {
+		// The test binary isn't in the expected suffix path (typical in CI/dev).
+		// Skip this test since we can't synthetically set LOCALAPPDATA to match.
+		t.Skipf("test binary dir %q does not end with %q; skipping standard-path test", actualDir, suffix)
+	}
+
+	localAppData := strings.TrimSuffix(filepath.Clean(actualDir), filepath.Clean(suffix))
+	localAppData = strings.TrimRight(localAppData, string(filepath.Separator))
+	t.Setenv("LOCALAPPDATA", localAppData)
+
+	err = isStandardMSIInstall()
+	require.NoError(t, err)
+}
+
+func TestIsStandardMSIInstall_NonStandardPath(t *testing.T) {
+	// Set LOCALAPPDATA to a directory that definitely doesn't match the test binary location
+	t.Setenv("LOCALAPPDATA", `C:\SomeOtherLocation`)
+
+	err := isStandardMSIInstall()
+	require.Error(t, err)
+
+	var updateErr *UpdateError
+	require.ErrorAs(t, err, &updateErr)
+	require.Equal(t, CodeNonStandardInstall, updateErr.Code)
+	require.Contains(t, err.Error(), "non-standard location")
+}
+
+func TestIsStandardMSIInstall_MissingLocalAppData(t *testing.T) {
+	t.Setenv("LOCALAPPDATA", "")
+
+	err := isStandardMSIInstall()
+	require.Error(t, err)
+
+	var updateErr *UpdateError
+	require.ErrorAs(t, err, &updateErr)
+	require.Equal(t, CodeNonStandardInstall, updateErr.Code)
+	require.Contains(t, err.Error(), "LOCALAPPDATA")
+}
+
+func TestBackupCurrentExe(t *testing.T) {
+	// Create a temp dir with a fake azd.exe
+	dir := t.TempDir()
+	exePath := filepath.Join(dir, "azd.exe")
+	require.NoError(t, os.WriteFile(exePath, []byte("original"), 0o755))
+
+	// backupCurrentExe relies on os.Executable(), which we can't override,
+	// so we test the lower-level rename logic directly.
+	backupPath := exePath + ".old.1234567890"
+	require.NoError(t, os.Rename(exePath, backupPath))
+
+	// Original should be gone, backup should exist
+	_, err := os.Stat(exePath)
+	require.True(t, os.IsNotExist(err), "original should no longer exist after rename")
+
+	data, err := os.ReadFile(backupPath)
+	require.NoError(t, err)
+	require.Equal(t, "original", string(data))
+}
+
+func TestRestoreExeFromBackup(t *testing.T) {
+	dir := t.TempDir()
+	originalPath := filepath.Join(dir, "azd.exe")
+	backupPath := originalPath + ".old.1234567890"
+
+	// Create the backup file
+	require.NoError(t, os.WriteFile(backupPath, []byte("backup-content"), 0o755))
+
+	// Restore should move backup → original
+	require.NoError(t, restoreExeFromBackup(originalPath, backupPath))
+
+	data, err := os.ReadFile(originalPath)
+	require.NoError(t, err)
+	require.Equal(t, "backup-content", string(data))
+
+	_, err = os.Stat(backupPath)
+	require.True(t, os.IsNotExist(err), "backup should be gone after restore")
+}
+
+func TestRestoreExeFromBackup_RemovesPartialInstall(t *testing.T) {
+	dir := t.TempDir()
+	originalPath := filepath.Join(dir, "azd.exe")
+	backupPath := originalPath + ".old.1234567890"
+
+	// Simulate a partial install that left a corrupt file at the original path
+	require.NoError(t, os.WriteFile(originalPath, []byte("partial-new"), 0o755))
+	require.NoError(t, os.WriteFile(backupPath, []byte("good-backup"), 0o755))
+
+	require.NoError(t, restoreExeFromBackup(originalPath, backupPath))
+
+	data, err := os.ReadFile(originalPath)
+	require.NoError(t, err)
+	require.Equal(t, "good-backup", string(data), "should have restored backup content")
+}
+
+func TestCleanupOldBackups(t *testing.T) {
+	dir := t.TempDir()
+	exePath := filepath.Join(dir, "azd.exe")
+
+	// Create the main exe and several backup files
+	require.NoError(t, os.WriteFile(exePath, []byte("current"), 0o755))
+	require.NoError(t, os.WriteFile(exePath+".old.111", []byte("old1"), 0o755))
+	require.NoError(t, os.WriteFile(exePath+".old.222", []byte("old2"), 0o755))
+	require.NoError(t, os.WriteFile(exePath+".old.333", []byte("old3"), 0o755))
+
+	// Also create a file that shouldn't be touched
+	otherFile := filepath.Join(dir, "other.txt")
+	require.NoError(t, os.WriteFile(otherFile, []byte("keep"), 0o644))
+
+	cleanupOldBackups(exePath)
+
+	// Backups should be removed
+	for _, suffix := range []string{".old.111", ".old.222", ".old.333"} {
+		_, err := os.Stat(exePath + suffix)
+		require.True(t, os.IsNotExist(err), "backup %s should be cleaned up", suffix)
+	}
+
+	// The main exe and unrelated file should remain
+	_, err := os.Stat(exePath)
+	require.NoError(t, err, "main exe should still exist")
+	_, err = os.Stat(otherFile)
+	require.NoError(t, err, "unrelated file should still exist")
+}
+
+func TestUpdateErrorCodes(t *testing.T) {
+	// Verify the new error codes are distinct and well-formed
+	codes := []string{
+		CodeOtherProcessesRunning,
+		CodeNonStandardInstall,
+	}
+
+	for _, code := range codes {
+		require.True(t, strings.HasPrefix(code, "update."), "code %q should have update. prefix", code)
+	}
+
+	require.NotEqual(t, CodeOtherProcessesRunning, CodeNonStandardInstall)
+}
+
+func TestCheckOtherAzdProcesses_ExcludesCurrentPID(t *testing.T) {
+	// Verify the PowerShell script excludes the current PID
+	currentPID := os.Getpid()
+	pidStr := fmt.Sprintf("%d", currentPID)
+
+	mockRunner := mockexec.NewMockCommandRunner()
+	var capturedCommand string
+	mockRunner.When(func(args exec.RunArgs, command string) bool {
+		if strings.Contains(command, "Get-Process -Name azd") {
+			capturedCommand = command
+			return true
+		}
+		return false
+	}).Respond(exec.NewRunResult(0, "", ""))
+
+	_ = checkOtherAzdProcesses(context.Background(), mockRunner)
+	require.Contains(t, capturedCommand, pidStr,
+		"PowerShell command should reference current PID %s to exclude it", pidStr)
+}
+
+func TestCheckOtherAzdProcesses_ParsesMultiplePIDs(t *testing.T) {
+	mockRunner := mockexec.NewMockCommandRunner()
+	mockRunner.When(func(args exec.RunArgs, command string) bool {
+		return strings.Contains(command, "Get-Process -Name azd")
+	}).Respond(exec.NewRunResult(0, "1111\n2222\n3333\n", ""))
+
+	err := checkOtherAzdProcesses(context.Background(), mockRunner)
+	require.Error(t, err)
+
+	var updateErr *UpdateError
+	require.ErrorAs(t, err, &updateErr)
+	require.Contains(t, err.Error(), "3 other azd process(es)")
+
+	// Verify all PIDs are mentioned
+	errMsg := err.Error()
+	require.True(t, strings.Contains(errMsg, "1111") &&
+		strings.Contains(errMsg, "2222") &&
+		strings.Contains(errMsg, "3333"),
+		"error message should include all PIDs")
+}
+
+func TestInstallScriptURL(t *testing.T) {
+	require.Equal(t, "https://aka.ms/install-azd.ps1", installScriptURL)
+}
+
+// TestUpdateViaMSI_OtherProcessesBlocks verifies that updateViaMSI returns an error
+// when other azd processes are detected.
+func TestUpdateViaMSI_OtherProcessesBlocks(t *testing.T) {
+	mockRunner := mockexec.NewMockCommandRunner()
+	mockRunner.When(func(args exec.RunArgs, command string) bool {
+		return strings.Contains(command, "Get-Process -Name azd")
+	}).Respond(exec.NewRunResult(0, "99999\n", ""))
+
+	m := NewManager(mockRunner, nil)
+	var buf strings.Builder
+	cfg := &UpdateConfig{Channel: ChannelStable}
+
+	err := m.updateViaMSI(context.Background(), cfg, &buf)
+	require.Error(t, err)
+
+	var updateErr *UpdateError
+	require.True(t, errors.As(err, &updateErr))
+	require.Equal(t, CodeOtherProcessesRunning, updateErr.Code)
+}
+
+// TestUpdateViaMSI_NonStandardInstallBlocks verifies that updateViaMSI returns an error
+// when the install location doesn't match the expected per-user path.
+func TestUpdateViaMSI_NonStandardInstallBlocks(t *testing.T) {
+	// Mock: no other processes found
+	mockRunner := mockexec.NewMockCommandRunner()
+	mockRunner.When(func(args exec.RunArgs, command string) bool {
+		return strings.Contains(command, "Get-Process -Name azd")
+	}).Respond(exec.NewRunResult(0, "", ""))
+
+	// Set LOCALAPPDATA to something that won't match the test binary location
+	t.Setenv("LOCALAPPDATA", `C:\NonExistentPath`)
+
+	m := NewManager(mockRunner, nil)
+	var buf strings.Builder
+	cfg := &UpdateConfig{Channel: ChannelStable}
+
+	err := m.updateViaMSI(context.Background(), cfg, &buf)
+	require.Error(t, err)
+
+	var updateErr *UpdateError
+	require.True(t, errors.As(err, &updateErr))
+	require.Equal(t, CodeNonStandardInstall, updateErr.Code)
+}

From 012ee85616090d8f559754bef50508bc664813af Mon Sep 17 00:00:00 2001
From: hemarina <hemarina@microsoft.com>
Date: Mon, 16 Mar 2026 20:44:32 -0700
Subject: [PATCH 02/14] address feedback

---
 cli/azd/pkg/update/msi_windows.go | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/cli/azd/pkg/update/msi_windows.go b/cli/azd/pkg/update/msi_windows.go
index d2d210fc892..7ac9b103aa8 100644
--- a/cli/azd/pkg/update/msi_windows.go
+++ b/cli/azd/pkg/update/msi_windows.go
@@ -198,11 +198,7 @@ func versionFlag(channel Channel) string {
 }
 
 // buildInstallScriptArgs constructs the PowerShell arguments to download and run
-// install-azd.ps1 with the appropriate -Version flag.
-// The -SkipVerify flag is passed because Authenticode verification via
-// Get-AuthenticodeSignature can fail in environments where the
-// Microsoft.PowerShell.Security module cannot be auto-loaded (a known issue on
-// some Windows PowerShell 5.1 configurations). The MSI is already downloaded
+// install-azd.ps1 with the appropriate -Version flag. The MSI is already downloaded
 // over HTTPS from a Microsoft-controlled domain, so the transport-level
 // integrity is sufficient.
 // Returns the arguments to pass to the "powershell" command.
@@ -213,7 +209,7 @@ func buildInstallScriptArgs(channel Channel) []string {
 	script := fmt.Sprintf(
 		`$script = Join-Path $env:TEMP 'install-azd.ps1'; `+
 			`Invoke-RestMethod '%s' -OutFile $script; `+
-			`& $script -Version '%s' -SkipVerify; `+
+			`& $script -Version '%s'; `+
 			`Remove-Item $script -Force -ErrorAction SilentlyContinue`,
 		installScriptURL, version,
 	)

From cc8501c07eaaef56709536b756ff41cb4e0f2326 Mon Sep 17 00:00:00 2001
From: hemarina <hemarina@microsoft.com>
Date: Mon, 16 Mar 2026 20:50:22 -0700
Subject: [PATCH 03/14] address feedback

---
 cli/azd/pkg/update/msi_windows.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/cli/azd/pkg/update/msi_windows.go b/cli/azd/pkg/update/msi_windows.go
index 7ac9b103aa8..7a65ab48376 100644
--- a/cli/azd/pkg/update/msi_windows.go
+++ b/cli/azd/pkg/update/msi_windows.go
@@ -198,9 +198,11 @@ func versionFlag(channel Channel) string {
 }
 
 // buildInstallScriptArgs constructs the PowerShell arguments to download and run
-// install-azd.ps1 with the appropriate -Version flag. The MSI is already downloaded
-// over HTTPS from a Microsoft-controlled domain, so the transport-level
-// integrity is sufficient.
+// install-azd.ps1 with the appropriate -Version flag.
+// The -SkipVerify flag is passed because Authenticode verification via
+// Get-AuthenticodeSignature failed and asked for confirmation.
+// The MSI is already downloaded over HTTPS from a Microsoft-controlled domain,
+// so the transport-level integrity is sufficient.
 // Returns the arguments to pass to the "powershell" command.
 func buildInstallScriptArgs(channel Channel) []string {
 	version := versionFlag(channel)
@@ -209,7 +211,7 @@ func buildInstallScriptArgs(channel Channel) []string {
 	script := fmt.Sprintf(
 		`$script = Join-Path $env:TEMP 'install-azd.ps1'; `+
 			`Invoke-RestMethod '%s' -OutFile $script; `+
-			`& $script -Version '%s'; `+
+			`& $script -Version '%s' -SkipVerify; `+
 			`Remove-Item $script -Force -ErrorAction SilentlyContinue`,
 		installScriptURL, version,
 	)

From 0aaeefde19050a6ae662e61711d57996b6eb5b85 Mon Sep 17 00:00:00 2001
From: hemarina <hemarina@microsoft.com>
Date: Tue, 17 Mar 2026 19:21:43 -0700
Subject: [PATCH 04/14] address feedback, update UI, rename azd to temp and
 have a copy to be replaced by new azd exe

---
 cli/azd/cmd/update.go                    |   2 +-
 cli/azd/pkg/update/errors.go             |   1 -
 cli/azd/pkg/update/manager.go            |  53 +++---
 cli/azd/pkg/update/msi_unix.go           |  19 --
 cli/azd/pkg/update/msi_windows.go        | 165 +++++++-----------
 cli/azd/pkg/update/msi_windows_test.go   | 212 ++++-------------------
 ext/vscode/.vscode/cspell-dictionary.txt |   3 +
 7 files changed, 134 insertions(+), 321 deletions(-)

diff --git a/cli/azd/cmd/update.go b/cli/azd/cmd/update.go
index a45090ca75b..f6d2c65766b 100644
--- a/cli/azd/cmd/update.go
+++ b/cli/azd/cmd/update.go
@@ -305,7 +305,7 @@ func (a *updateAction) Run(ctx context.Context) (*actions.ActionResult, error) {
 	return &actions.ActionResult{
 		Message: &actions.ResultMessage{
 			Header: fmt.Sprintf(
-				"Successfully updated azd to version %s. Changes take effect on next invocation.",
+				"Updated azd to version %s. Changes take effect on next invocation.",
 				versionInfo.Version,
 			),
 		},
diff --git a/cli/azd/pkg/update/errors.go b/cli/azd/pkg/update/errors.go
index 88f60bd5222..8a17ae21b51 100644
--- a/cli/azd/pkg/update/errors.go
+++ b/cli/azd/pkg/update/errors.go
@@ -35,7 +35,6 @@ const (
 	CodeSignatureInvalid         = "update.signatureInvalid"
 	CodeElevationRequired        = "update.elevationRequired"
 	CodeUnsupportedInstallMethod = "update.unsupportedInstallMethod"
-	CodeOtherProcessesRunning    = "update.otherProcessesRunning"
 	CodeNonStandardInstall       = "update.nonStandardInstall"
 )
 
diff --git a/cli/azd/pkg/update/manager.go b/cli/azd/pkg/update/manager.go
index dacd25bc878..e5e208213fa 100644
--- a/cli/azd/pkg/update/manager.go
+++ b/cli/azd/pkg/update/manager.go
@@ -315,62 +315,56 @@ func (m *Manager) updateViaPackageManager(
 }
 
 func (m *Manager) updateViaMSI(ctx context.Context, cfg *UpdateConfig, writer io.Writer) error {
-	// Step 1: Check for other running azd.exe processes (same exe path, different PID).
-	// The MSI installer cannot replace a locked binary, so all other instances must be closed.
-	fmt.Fprintf(writer, "Checking for other running azd instances...\n")
-	if err := checkOtherAzdProcesses(ctx, m.commandRunner); err != nil {
-		return err
-	}
-
-	// Step 2: Verify the install is the standard per-user MSI configuration.
+	// Verify the install is the standard per-user MSI configuration.
 	// install-azd.ps1 installs with ALLUSERS=2 to %LOCALAPPDATA%\Programs\Azure Dev CLI.
 	// If the current install is non-standard, abort and advise the user.
 	if err := isStandardMSIInstall(); err != nil {
 		return err
 	}
 
-	// Step 3: Backup the current exe by renaming it.
-	// Windows allows renaming a running executable — the OS handle follows the file.
-	// This frees the original path so the MSI installer can write the new binary.
+	//  1. Rename the running exe to temp (frees the path; process continues via the OS handle)
+	//  2. Copy it back as an unlocked safety net (if killed at any point, azd.exe still exists)
+	//  3. The MSI will overwrite the unlocked safety copy with the new version
 	fmt.Fprintf(writer, "Backing up current azd executable...\n")
 	originalPath, backupPath, err := backupCurrentExe()
 	if err != nil {
 		return newUpdateError(CodeReplaceFailed, fmt.Errorf("failed to backup current executable: %w", err))
 	}
 
-	// Ensure the backup is always handled: restored on failure, cleaned up on success.
-	// Using defer guarantees this runs even if an unexpected error or panic occurs.
+	// Track whether the install succeeded so we know whether to restore or clean up.
 	updateSucceeded := false
 	defer func() {
 		if updateSucceeded {
-			cleanupOldBackups(originalPath)
+			// Remove the temp backup directory. If this fails, the OS
+			// will clean it up eventually since it lives under %TEMP%.
+			_ = os.RemoveAll(filepath.Dir(backupPath))
 			return
 		}
-		// Update failed — restore the backup so the user still has a working binary.
+		// Update failed — restore the backup so the user has the original binary.
 		fmt.Fprintf(writer, "Restoring previous version...\n")
 		if restoreErr := restoreExeFromBackup(originalPath, backupPath); restoreErr != nil {
 			fmt.Fprintf(writer, "WARNING: failed to restore previous version: %v\n", restoreErr)
 			fmt.Fprintf(writer, "Your backup is at: %s\n", backupPath)
-			fmt.Fprintf(writer, "To recover manually, rename it to: %s\n", originalPath)
+			fmt.Fprintf(writer, "To recover manually, copy it to: %s\n", originalPath)
 		}
 	}()
 
-	// Step 4: Run the install script synchronously and wait for it to complete.
+	// Run the install script synchronously. The MSI overwrites the unlocked
+	// safety copy at the original path with the new version.
 	psArgs := buildInstallScriptArgs(cfg.Channel)
 
 	log.Printf("Running install script: powershell %s", strings.Join(psArgs, " "))
 	fmt.Fprintf(writer, "Installing azd %s channel...\n", cfg.Channel)
 
-	//nolint:gosec // args are constructed from controlled constants, not user input
-	cmd := osexec.Command("powershell", psArgs...)
-	cmd.Stdout = writer
-	cmd.Stderr = writer
+	runArgs := exec.NewRunArgs("powershell", psArgs...).
+		WithStdOut(writer).
+		WithStdErr(writer)
 
-	if err := cmd.Run(); err != nil {
+	if _, err := m.commandRunner.Run(ctx, runArgs); err != nil {
 		return newUpdateError(CodeReplaceFailed, fmt.Errorf("install script failed: %w", err))
 	}
 
-	// Step 5: Verify the installer actually produced a new binary at the expected path.
+	// Verify the installer actually produced a new binary at the expected path.
 	if _, err := os.Stat(originalPath); err != nil {
 		return newUpdateError(CodeReplaceFailed,
 			fmt.Errorf("install script completed but %s was not found", originalPath))
@@ -602,6 +596,19 @@ func (m *Manager) replaceBinary(ctx context.Context, newBinaryPath, currentBinar
 	return fmt.Errorf("failed to replace binary: %w", err)
 }
 
+// currentExePath returns the resolved path of the currently running executable.
+func currentExePath() (string, error) {
+	exePath, err := os.Executable()
+	if err != nil {
+		return "", fmt.Errorf("failed to determine current executable path: %w", err)
+	}
+	resolved, err := filepath.EvalSymlinks(exePath)
+	if err != nil {
+		return "", fmt.Errorf("failed to resolve executable path: %w", err)
+	}
+	return resolved, nil
+}
+
 func copyFile(src, dst string) error {
 	in, err := os.Open(src)
 	if err != nil {
diff --git a/cli/azd/pkg/update/msi_unix.go b/cli/azd/pkg/update/msi_unix.go
index d2a2e9616fa..6f4820f9a5f 100644
--- a/cli/azd/pkg/update/msi_unix.go
+++ b/cli/azd/pkg/update/msi_unix.go
@@ -5,27 +5,11 @@
 
 package update
 
-import (
-	"context"
-
-	"github.com/azure/azure-dev/cli/azd/pkg/exec"
-)
-
-// checkOtherAzdProcesses is a no-op on non-Windows platforms.
-func checkOtherAzdProcesses(_ context.Context, _ exec.CommandRunner) error {
-	return nil
-}
-
 // isStandardMSIInstall is a no-op on non-Windows platforms.
 func isStandardMSIInstall() error {
 	return nil
 }
 
-// currentExePath is a no-op stub on non-Windows platforms.
-func currentExePath() (string, error) {
-	return "", nil
-}
-
 // backupCurrentExe is a no-op stub on non-Windows platforms.
 func backupCurrentExe() (string, string, error) {
 	return "", "", nil
@@ -34,9 +18,6 @@ func backupCurrentExe() (string, string, error) {
 // restoreExeFromBackup is a no-op stub on non-Windows platforms.
 func restoreExeFromBackup(_, _ string) error { return nil }
 
-// cleanupOldBackups is a no-op stub on non-Windows platforms.
-func cleanupOldBackups(_ string) {}
-
 // versionFlag returns the install script parameter value for the given channel.
 func versionFlag(channel Channel) string {
 	switch channel {
diff --git a/cli/azd/pkg/update/msi_windows.go b/cli/azd/pkg/update/msi_windows.go
index 7a65ab48376..eab941f0c8b 100644
--- a/cli/azd/pkg/update/msi_windows.go
+++ b/cli/azd/pkg/update/msi_windows.go
@@ -4,16 +4,12 @@
 package update
 
 import (
-	"context"
 	"fmt"
+	"io"
 	"log"
 	"os"
 	"path/filepath"
-	"strconv"
 	"strings"
-	"time"
-
-	"github.com/azure/azure-dev/cli/azd/pkg/exec"
 )
 
 // installScriptURL is the PowerShell install script for azd on Windows.
@@ -29,128 +25,97 @@ func expectedPerUserInstallDir() string {
 	return filepath.Join(localAppData, "Programs", "Azure Dev CLI")
 }
 
-// currentExePath returns the resolved path of the currently running executable.
-func currentExePath() (string, error) {
-	exePath, err := os.Executable()
-	if err != nil {
-		return "", fmt.Errorf("failed to determine current executable path: %w", err)
-	}
-	resolved, err := filepath.EvalSymlinks(exePath)
-	if err != nil {
-		return "", fmt.Errorf("failed to resolve executable path: %w", err)
-	}
-	return resolved, nil
-}
-
-// backupCurrentExe renames the currently running azd executable so the MSI installer
-// can write a new binary to the original path. Windows allows renaming a file that is
-// locked by a running process — the handle follows the renamed file.
-// Returns the original path and the backup path.
+// backupCurrentExe prepares the install directory for the MSI to write a new binary.
+//
+// On Windows a running executable is locked — it cannot be overwritten or deleted.
+// However, it CAN be renamed/moved. After a rename the OS handle follows the file,
+// so the running process continues from the new path without issues.
+//
+// Strategy ("rename + safety copy"):
+//  1. Rename azd.exe → %TEMP%/azd-update-backup-XXXX/azd.exe
+//     This frees the original path AND keeps the running process alive.
+//  2. Copy the backup back to the original path (azd.exe).
+//     This is an unlocked copy that acts as a safety net: if the process is
+//     killed at any point after this (Ctrl+C, power loss, taskkill), the user
+//     still has a working azd.exe.
+//  3. The MSI installer later overwrites the unlocked safety copy with the new version.
+//
+// Returns the original path and the backup path (in the temp directory).
 func backupCurrentExe() (originalPath string, backupPath string, err error) {
 	originalPath, err = currentExePath()
 	if err != nil {
 		return "", "", err
 	}
 
-	timestamp := time.Now().Unix()
-	backupPath = fmt.Sprintf("%s.old.%d", originalPath, timestamp)
+	// Create a dedicated temp directory for the backup.
+	tmpDir, err := os.MkdirTemp("", "azd-update-backup")
+	if err != nil {
+		return "", "", fmt.Errorf("failed to create temp directory for backup: %w", err)
+	}
+
+	backupPath = filepath.Join(tmpDir, filepath.Base(originalPath))
 
+	// Step 1: Rename the running exe out of the way.
+	// The OS handle follows the renamed file — the running process is unaffected.
 	if err := os.Rename(originalPath, backupPath); err != nil {
+		_ = os.Remove(tmpDir)
 		return "", "", fmt.Errorf("failed to rename executable for backup: %w", err)
 	}
 
-	log.Printf("Backed up %s -> %s", originalPath, backupPath)
-	return originalPath, backupPath, nil
-}
-
-// restoreExeFromBackup moves the backup back to the original location.
-// This is called when the install script fails so the user is not left without a working binary.
-// Returns an error if the restore fails, so the caller can advise the user on manual recovery.
-func restoreExeFromBackup(originalPath, backupPath string) error {
-	// Remove any partially-installed new binary that might be in the way.
-	_ = os.Remove(originalPath)
-
-	if err := os.Rename(backupPath, originalPath); err != nil {
-		log.Printf("WARNING: failed to restore executable from backup %s -> %s: %v", backupPath, originalPath, err)
-		return fmt.Errorf("failed to restore executable from backup %s -> %s: %w", backupPath, originalPath, err)
+	// Step 2: Copy the backup back as an unlocked safety copy.
+	// If the process is killed before the MSI finishes, this file ensures the
+	// user still has a working azd.exe at the original path.
+	if err := copyFileWindows(backupPath, originalPath); err != nil {
+		// Copy failed — restore the rename so we don't leave a broken state.
+		_ = os.Rename(backupPath, originalPath)
+		_ = os.Remove(tmpDir)
+		return "", "", fmt.Errorf("failed to create safety copy of executable: %w", err)
 	}
 
-	log.Printf("Restored executable from backup: %s -> %s", backupPath, originalPath)
-	return nil
+	log.Printf("Backed up %s -> %s", originalPath, backupPath)
+	return originalPath, backupPath, nil
 }
 
-// cleanupOldBackups removes any leftover azd.exe.old.* files from the install directory.
-func cleanupOldBackups(exePath string) {
-	dir := filepath.Dir(exePath)
-	base := filepath.Base(exePath)
-	pattern := filepath.Join(dir, base+".old.*")
-
-	matches, err := filepath.Glob(pattern)
+// copyFileWindows copies src to dst, preserving the file mode.
+func copyFileWindows(src, dst string) error {
+	in, err := os.Open(src)
 	if err != nil {
-		return
-	}
-
-	for _, m := range matches {
-		if err := os.Remove(m); err != nil {
-			log.Printf("warning: failed to remove old backup %s: %v", m, err)
-		} else {
-			log.Printf("Cleaned up old backup: %s", m)
-		}
+		return err
 	}
-}
-
-// checkOtherAzdProcesses checks whether other azd.exe processes are running from the same
-// executable path, excluding the current process. Returns an error if other instances are found.
-func checkOtherAzdProcesses(ctx context.Context, commandRunner exec.CommandRunner) error {
-	currentPID := os.Getpid()
+	defer in.Close()
 
-	exePath, err := currentExePath()
+	out, err := os.Create(dst)
 	if err != nil {
 		return err
 	}
+	defer out.Close()
 
-	// Use PowerShell to find all azd.exe processes and their executable paths.
-	// Filter to processes matching our exe path but not our PID.
-	script := fmt.Sprintf(
-		`Get-Process -Name azd -ErrorAction SilentlyContinue | `+
-			`Where-Object { $_.Id -ne %d } | `+
-			`Where-Object { try { $_.Path -eq '%s' } catch { $false } } | `+
-			`Select-Object -ExpandProperty Id`,
-		currentPID, exePath,
-	)
-
-	runArgs := exec.NewRunArgs("powershell", "-NoProfile", "-Command", script)
-	result, err := commandRunner.Run(ctx, runArgs)
-	if err != nil {
-		// If the command itself fails, log and allow update to proceed.
-		// This avoids blocking updates when process enumeration is restricted.
-		log.Printf("warning: failed to check for other azd processes: %v", err)
-		return nil
+	if _, err := io.Copy(out, in); err != nil {
+		return err
 	}
 
-	output := strings.TrimSpace(result.Stdout)
-	if output == "" {
-		return nil
-	}
+	return out.Close()
+}
 
-	// Parse the PIDs from the output to build a helpful message
-	var pids []int
-	for _, line := range strings.Split(output, "\n") {
-		line = strings.TrimSpace(line)
-		if pid, parseErr := strconv.Atoi(line); parseErr == nil {
-			pids = append(pids, pid)
-		}
-	}
+// restoreExeFromBackup overwrites the original path with the backup copy.
+// This is called when the install script fails so the user has the same
+// binary they started with (rather than a partially-installed one).
+// Returns an error if the restore fails, so the caller can advise the user on manual recovery.
+func restoreExeFromBackup(originalPath, backupPath string) error {
+	// The safety copy at originalPath may be the old version or a partially-installed
+	// new binary. Overwrite it with the known-good backup.
+	_ = os.Remove(originalPath)
 
-	if len(pids) == 0 {
-		return nil
+	if err := copyFileWindows(backupPath, originalPath); err != nil {
+		log.Printf("WARNING: failed to restore executable from backup %s -> %s: %v", backupPath, originalPath, err)
+		return fmt.Errorf("failed to restore executable from backup %s -> %s: %w", backupPath, originalPath, err)
 	}
 
-	return newUpdateError(CodeOtherProcessesRunning, fmt.Errorf(
-		"found %d other azd process(es) running (PIDs: %v).\n"+
-			"Please close all other azd instances before running azd update",
-		len(pids), pids,
-	))
+	// Clean up the backup directory.
+	_ = os.RemoveAll(filepath.Dir(backupPath))
+
+	log.Printf("Restored executable from backup: %s -> %s", backupPath, originalPath)
+	return nil
 }
 
 // isStandardMSIInstall checks whether the current azd binary is installed in the standard
@@ -200,7 +165,7 @@ func versionFlag(channel Channel) string {
 // buildInstallScriptArgs constructs the PowerShell arguments to download and run
 // install-azd.ps1 with the appropriate -Version flag.
 // The -SkipVerify flag is passed because Authenticode verification via
-// Get-AuthenticodeSignature failed and asked for confirmation.
+// Get-AuthenticodeSignature failed.
 // The MSI is already downloaded over HTTPS from a Microsoft-controlled domain,
 // so the transport-level integrity is sufficient.
 // Returns the arguments to pass to the "powershell" command.
diff --git a/cli/azd/pkg/update/msi_windows_test.go b/cli/azd/pkg/update/msi_windows_test.go
index fbe232c9d4c..587717c9696 100644
--- a/cli/azd/pkg/update/msi_windows_test.go
+++ b/cli/azd/pkg/update/msi_windows_test.go
@@ -6,13 +6,11 @@ package update
 import (
 	"context"
 	"errors"
-	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 
-	"github.com/azure/azure-dev/cli/azd/pkg/exec"
 	"github.com/azure/azure-dev/cli/azd/test/mocks/mockexec"
 	"github.com/stretchr/testify/require"
 )
@@ -129,54 +127,6 @@ func TestBuildInstallScriptArgs_Structure(t *testing.T) {
 	require.Contains(t, script, "Remove-Item")
 }
 
-func TestCheckOtherAzdProcesses_NoneFound(t *testing.T) {
-	mockRunner := mockexec.NewMockCommandRunner()
-	mockRunner.When(func(args exec.RunArgs, command string) bool {
-		return strings.Contains(command, "Get-Process -Name azd")
-	}).Respond(exec.NewRunResult(0, "", ""))
-
-	err := checkOtherAzdProcesses(context.Background(), mockRunner)
-	require.NoError(t, err)
-}
-
-func TestCheckOtherAzdProcesses_OtherInstanceFound(t *testing.T) {
-	mockRunner := mockexec.NewMockCommandRunner()
-	mockRunner.When(func(args exec.RunArgs, command string) bool {
-		return strings.Contains(command, "Get-Process -Name azd")
-	}).Respond(exec.NewRunResult(0, "12345\n67890\n", ""))
-
-	err := checkOtherAzdProcesses(context.Background(), mockRunner)
-	require.Error(t, err)
-
-	var updateErr *UpdateError
-	require.ErrorAs(t, err, &updateErr)
-	require.Equal(t, CodeOtherProcessesRunning, updateErr.Code)
-	require.Contains(t, err.Error(), "12345")
-	require.Contains(t, err.Error(), "67890")
-}
-
-func TestCheckOtherAzdProcesses_CommandFails(t *testing.T) {
-	// When the PowerShell command itself fails, checkOtherAzdProcesses should log
-	// a warning but return nil (allow the update to proceed).
-	mockRunner := mockexec.NewMockCommandRunner()
-	mockRunner.When(func(args exec.RunArgs, command string) bool {
-		return strings.Contains(command, "Get-Process -Name azd")
-	}).SetError(fmt.Errorf("powershell not found"))
-
-	err := checkOtherAzdProcesses(context.Background(), mockRunner)
-	require.NoError(t, err, "should not block update when process check fails")
-}
-
-func TestCheckOtherAzdProcesses_WhitespaceOnlyOutput(t *testing.T) {
-	mockRunner := mockexec.NewMockCommandRunner()
-	mockRunner.When(func(args exec.RunArgs, command string) bool {
-		return strings.Contains(command, "Get-Process -Name azd")
-	}).Respond(exec.NewRunResult(0, "   \n  \n  ", ""))
-
-	err := checkOtherAzdProcesses(context.Background(), mockRunner)
-	require.NoError(t, err, "whitespace-only output should be treated as no other processes")
-}
-
 func TestIsStandardMSIInstall_StandardPath(t *testing.T) {
 	// Get the actual exe path and set LOCALAPPDATA so that
 	// expectedPerUserInstallDir() == filepath.Dir(exePath).
@@ -229,19 +179,23 @@ func TestIsStandardMSIInstall_MissingLocalAppData(t *testing.T) {
 }
 
 func TestBackupCurrentExe(t *testing.T) {
-	// Create a temp dir with a fake azd.exe
-	dir := t.TempDir()
-	exePath := filepath.Join(dir, "azd.exe")
+	// backupCurrentExe relies on os.Executable(), which we can't override,
+	// so we test the underlying move-to-temp-dir logic directly.
+	installDir := t.TempDir()
+	exePath := filepath.Join(installDir, "azd.exe")
 	require.NoError(t, os.WriteFile(exePath, []byte("original"), 0o755))
 
-	// backupCurrentExe relies on os.Executable(), which we can't override,
-	// so we test the lower-level rename logic directly.
-	backupPath := exePath + ".old.1234567890"
+	// Simulate what backupCurrentExe does: create temp dir, move exe there.
+	tmpDir, err := os.MkdirTemp("", "azd-update-backup")
+	require.NoError(t, err)
+	defer os.RemoveAll(tmpDir)
+
+	backupPath := filepath.Join(tmpDir, "azd.exe")
 	require.NoError(t, os.Rename(exePath, backupPath))
 
-	// Original should be gone, backup should exist
-	_, err := os.Stat(exePath)
-	require.True(t, os.IsNotExist(err), "original should no longer exist after rename")
+	// Original should be gone, backup should exist in temp dir
+	_, err = os.Stat(exePath)
+	require.True(t, os.IsNotExist(err), "original should no longer exist after move")
 
 	data, err := os.ReadFile(backupPath)
 	require.NoError(t, err)
@@ -249,14 +203,18 @@ func TestBackupCurrentExe(t *testing.T) {
 }
 
 func TestRestoreExeFromBackup(t *testing.T) {
-	dir := t.TempDir()
-	originalPath := filepath.Join(dir, "azd.exe")
-	backupPath := originalPath + ".old.1234567890"
+	installDir := t.TempDir()
+	originalPath := filepath.Join(installDir, "azd.exe")
+
+	// Create a temp backup dir with the backed-up exe
+	tmpDir, err := os.MkdirTemp("", "azd-update-backup")
+	require.NoError(t, err)
+	defer os.RemoveAll(tmpDir)
 
-	// Create the backup file
+	backupPath := filepath.Join(tmpDir, "azd.exe")
 	require.NoError(t, os.WriteFile(backupPath, []byte("backup-content"), 0o755))
 
-	// Restore should move backup → original
+	// Restore should move backup → original and remove the temp dir
 	require.NoError(t, restoreExeFromBackup(originalPath, backupPath))
 
 	data, err := os.ReadFile(originalPath)
@@ -265,12 +223,21 @@ func TestRestoreExeFromBackup(t *testing.T) {
 
 	_, err = os.Stat(backupPath)
 	require.True(t, os.IsNotExist(err), "backup should be gone after restore")
+
+	// The temp directory should have been cleaned up
+	_, err = os.Stat(tmpDir)
+	require.True(t, os.IsNotExist(err), "temp backup dir should be removed after restore")
 }
 
 func TestRestoreExeFromBackup_RemovesPartialInstall(t *testing.T) {
-	dir := t.TempDir()
-	originalPath := filepath.Join(dir, "azd.exe")
-	backupPath := originalPath + ".old.1234567890"
+	installDir := t.TempDir()
+	originalPath := filepath.Join(installDir, "azd.exe")
+
+	tmpDir, err := os.MkdirTemp("", "azd-update-backup")
+	require.NoError(t, err)
+	defer os.RemoveAll(tmpDir)
+
+	backupPath := filepath.Join(tmpDir, "azd.exe")
 
 	// Simulate a partial install that left a corrupt file at the original path
 	require.NoError(t, os.WriteFile(originalPath, []byte("partial-new"), 0o755))
@@ -283,126 +250,17 @@ func TestRestoreExeFromBackup_RemovesPartialInstall(t *testing.T) {
 	require.Equal(t, "good-backup", string(data), "should have restored backup content")
 }
 
-func TestCleanupOldBackups(t *testing.T) {
-	dir := t.TempDir()
-	exePath := filepath.Join(dir, "azd.exe")
-
-	// Create the main exe and several backup files
-	require.NoError(t, os.WriteFile(exePath, []byte("current"), 0o755))
-	require.NoError(t, os.WriteFile(exePath+".old.111", []byte("old1"), 0o755))
-	require.NoError(t, os.WriteFile(exePath+".old.222", []byte("old2"), 0o755))
-	require.NoError(t, os.WriteFile(exePath+".old.333", []byte("old3"), 0o755))
-
-	// Also create a file that shouldn't be touched
-	otherFile := filepath.Join(dir, "other.txt")
-	require.NoError(t, os.WriteFile(otherFile, []byte("keep"), 0o644))
-
-	cleanupOldBackups(exePath)
-
-	// Backups should be removed
-	for _, suffix := range []string{".old.111", ".old.222", ".old.333"} {
-		_, err := os.Stat(exePath + suffix)
-		require.True(t, os.IsNotExist(err), "backup %s should be cleaned up", suffix)
-	}
-
-	// The main exe and unrelated file should remain
-	_, err := os.Stat(exePath)
-	require.NoError(t, err, "main exe should still exist")
-	_, err = os.Stat(otherFile)
-	require.NoError(t, err, "unrelated file should still exist")
-}
-
-func TestUpdateErrorCodes(t *testing.T) {
-	// Verify the new error codes are distinct and well-formed
-	codes := []string{
-		CodeOtherProcessesRunning,
-		CodeNonStandardInstall,
-	}
-
-	for _, code := range codes {
-		require.True(t, strings.HasPrefix(code, "update."), "code %q should have update. prefix", code)
-	}
-
-	require.NotEqual(t, CodeOtherProcessesRunning, CodeNonStandardInstall)
-}
-
-func TestCheckOtherAzdProcesses_ExcludesCurrentPID(t *testing.T) {
-	// Verify the PowerShell script excludes the current PID
-	currentPID := os.Getpid()
-	pidStr := fmt.Sprintf("%d", currentPID)
-
-	mockRunner := mockexec.NewMockCommandRunner()
-	var capturedCommand string
-	mockRunner.When(func(args exec.RunArgs, command string) bool {
-		if strings.Contains(command, "Get-Process -Name azd") {
-			capturedCommand = command
-			return true
-		}
-		return false
-	}).Respond(exec.NewRunResult(0, "", ""))
-
-	_ = checkOtherAzdProcesses(context.Background(), mockRunner)
-	require.Contains(t, capturedCommand, pidStr,
-		"PowerShell command should reference current PID %s to exclude it", pidStr)
-}
-
-func TestCheckOtherAzdProcesses_ParsesMultiplePIDs(t *testing.T) {
-	mockRunner := mockexec.NewMockCommandRunner()
-	mockRunner.When(func(args exec.RunArgs, command string) bool {
-		return strings.Contains(command, "Get-Process -Name azd")
-	}).Respond(exec.NewRunResult(0, "1111\n2222\n3333\n", ""))
-
-	err := checkOtherAzdProcesses(context.Background(), mockRunner)
-	require.Error(t, err)
-
-	var updateErr *UpdateError
-	require.ErrorAs(t, err, &updateErr)
-	require.Contains(t, err.Error(), "3 other azd process(es)")
-
-	// Verify all PIDs are mentioned
-	errMsg := err.Error()
-	require.True(t, strings.Contains(errMsg, "1111") &&
-		strings.Contains(errMsg, "2222") &&
-		strings.Contains(errMsg, "3333"),
-		"error message should include all PIDs")
-}
-
 func TestInstallScriptURL(t *testing.T) {
 	require.Equal(t, "https://aka.ms/install-azd.ps1", installScriptURL)
 }
 
-// TestUpdateViaMSI_OtherProcessesBlocks verifies that updateViaMSI returns an error
-// when other azd processes are detected.
-func TestUpdateViaMSI_OtherProcessesBlocks(t *testing.T) {
-	mockRunner := mockexec.NewMockCommandRunner()
-	mockRunner.When(func(args exec.RunArgs, command string) bool {
-		return strings.Contains(command, "Get-Process -Name azd")
-	}).Respond(exec.NewRunResult(0, "99999\n", ""))
-
-	m := NewManager(mockRunner, nil)
-	var buf strings.Builder
-	cfg := &UpdateConfig{Channel: ChannelStable}
-
-	err := m.updateViaMSI(context.Background(), cfg, &buf)
-	require.Error(t, err)
-
-	var updateErr *UpdateError
-	require.True(t, errors.As(err, &updateErr))
-	require.Equal(t, CodeOtherProcessesRunning, updateErr.Code)
-}
-
 // TestUpdateViaMSI_NonStandardInstallBlocks verifies that updateViaMSI returns an error
 // when the install location doesn't match the expected per-user path.
 func TestUpdateViaMSI_NonStandardInstallBlocks(t *testing.T) {
-	// Mock: no other processes found
-	mockRunner := mockexec.NewMockCommandRunner()
-	mockRunner.When(func(args exec.RunArgs, command string) bool {
-		return strings.Contains(command, "Get-Process -Name azd")
-	}).Respond(exec.NewRunResult(0, "", ""))
-
 	// Set LOCALAPPDATA to something that won't match the test binary location
 	t.Setenv("LOCALAPPDATA", `C:\NonExistentPath`)
 
+	mockRunner := mockexec.NewMockCommandRunner()
 	m := NewManager(mockRunner, nil)
 	var buf strings.Builder
 	cfg := &UpdateConfig{Channel: ChannelStable}
diff --git a/ext/vscode/.vscode/cspell-dictionary.txt b/ext/vscode/.vscode/cspell-dictionary.txt
index a2fcac35f8e..1b241ed04b7 100644
--- a/ext/vscode/.vscode/cspell-dictionary.txt
+++ b/ext/vscode/.vscode/cspell-dictionary.txt
@@ -41,3 +41,6 @@ qbsearch
 mystorageacct
 aiapps
 itemprop
+ALLUSERS
+pids
+INSTALLDIR

From 2e82bb2c410adfcb4f601b44c73838cb1b53bbcb Mon Sep 17 00:00:00 2001
From: hemarina <hemarina@microsoft.com>
Date: Tue, 17 Mar 2026 19:58:09 -0700
Subject: [PATCH 05/14] fix cspell and golang, address feedback

---
 cli/azd/.vscode/cspell-azd-dictionary.txt |   2 +
 cli/azd/pkg/update/manager.go             |  22 +++-
 cli/azd/pkg/update/msi_unix.go            |  12 --
 cli/azd/pkg/update/msi_windows.go         |   6 +-
 cli/azd/pkg/update/msi_windows_test.go    | 151 ++++++++++++++++++++++
 ext/vscode/.vscode/cspell-dictionary.txt  |   3 -
 6 files changed, 176 insertions(+), 20 deletions(-)

diff --git a/cli/azd/.vscode/cspell-azd-dictionary.txt b/cli/azd/.vscode/cspell-azd-dictionary.txt
index 307c698fcaa..7eb6124caec 100644
--- a/cli/azd/.vscode/cspell-azd-dictionary.txt
+++ b/cli/azd/.vscode/cspell-azd-dictionary.txt
@@ -1,6 +1,7 @@
 AADSTS
 ABRT
 ACCESSTOKEN
+ALLUSERS
 AZCLI
 AZURECLI
 AZURESUBSCRIPTION
@@ -176,6 +177,7 @@ ldflags
 lechnerc77
 libc
 llms
+INSTALLDIR
 localtools
 maml
 mcptools
diff --git a/cli/azd/pkg/update/manager.go b/cli/azd/pkg/update/manager.go
index e5e208213fa..1d5f0d3e4b3 100644
--- a/cli/azd/pkg/update/manager.go
+++ b/cli/azd/pkg/update/manager.go
@@ -353,6 +353,15 @@ func (m *Manager) updateViaMSI(ctx context.Context, cfg *UpdateConfig, writer io
 	// safety copy at the original path with the new version.
 	psArgs := buildInstallScriptArgs(cfg.Channel)
 
+	// Snapshot the safety copy's mod time before the install so we can detect
+	// whether the MSI actually replaced the file. A plain os.Stat after install
+	// would always succeed because the safety copy already exists at originalPath.
+	preInfo, statErr := os.Stat(originalPath)
+	if statErr != nil {
+		return newUpdateError(CodeReplaceFailed,
+			fmt.Errorf("failed to stat safety copy before install: %w", statErr))
+	}
+
 	log.Printf("Running install script: powershell %s", strings.Join(psArgs, " "))
 	fmt.Fprintf(writer, "Installing azd %s channel...\n", cfg.Channel)
 
@@ -364,12 +373,21 @@ func (m *Manager) updateViaMSI(ctx context.Context, cfg *UpdateConfig, writer io
 		return newUpdateError(CodeReplaceFailed, fmt.Errorf("install script failed: %w", err))
 	}
 
-	// Verify the installer actually produced a new binary at the expected path.
-	if _, err := os.Stat(originalPath); err != nil {
+	// Verify the MSI actually replaced the binary by comparing mod time and
+	// size against the pre-install safety copy. If both are identical the MSI
+	// did not write a new file (silent failure).
+	postInfo, statErr := os.Stat(originalPath)
+	if statErr != nil {
 		return newUpdateError(CodeReplaceFailed,
 			fmt.Errorf("install script completed but %s was not found", originalPath))
 	}
 
+	if postInfo.ModTime().Equal(preInfo.ModTime()) && postInfo.Size() == preInfo.Size() {
+		return newUpdateError(CodeReplaceFailed,
+			fmt.Errorf("install script completed but the binary at %s was not updated "+
+				"(file unchanged); the MSI may have failed silently", originalPath))
+	}
+
 	updateSucceeded = true
 	log.Printf("Update completed successfully")
 	return nil
diff --git a/cli/azd/pkg/update/msi_unix.go b/cli/azd/pkg/update/msi_unix.go
index 6f4820f9a5f..7caca921251 100644
--- a/cli/azd/pkg/update/msi_unix.go
+++ b/cli/azd/pkg/update/msi_unix.go
@@ -18,18 +18,6 @@ func backupCurrentExe() (string, string, error) {
 // restoreExeFromBackup is a no-op stub on non-Windows platforms.
 func restoreExeFromBackup(_, _ string) error { return nil }
 
-// versionFlag returns the install script parameter value for the given channel.
-func versionFlag(channel Channel) string {
-	switch channel {
-	case ChannelDaily:
-		return "daily"
-	case ChannelStable:
-		return "stable"
-	default:
-		return "stable"
-	}
-}
-
 // buildInstallScriptArgs is a no-op on non-Windows platforms.
 func buildInstallScriptArgs(_ Channel) []string {
 	return nil
diff --git a/cli/azd/pkg/update/msi_windows.go b/cli/azd/pkg/update/msi_windows.go
index eab941f0c8b..4b3ff1425e8 100644
--- a/cli/azd/pkg/update/msi_windows.go
+++ b/cli/azd/pkg/update/msi_windows.go
@@ -36,7 +36,7 @@ func expectedPerUserInstallDir() string {
 //     This frees the original path AND keeps the running process alive.
 //  2. Copy the backup back to the original path (azd.exe).
 //     This is an unlocked copy that acts as a safety net: if the process is
-//     killed at any point after this (Ctrl+C, power loss, taskkill), the user
+//     killed at any point after this (Ctrl+C, power loss, ect), the user
 //     still has a working azd.exe.
 //  3. The MSI installer later overwrites the unlocked safety copy with the new version.
 //
@@ -76,7 +76,7 @@ func backupCurrentExe() (originalPath string, backupPath string, err error) {
 	return originalPath, backupPath, nil
 }
 
-// copyFileWindows copies src to dst, preserving the file mode.
+// copyFileWindows copies src to dst.
 func copyFileWindows(src, dst string) error {
 	in, err := os.Open(src)
 	if err != nil {
@@ -88,9 +88,9 @@ func copyFileWindows(src, dst string) error {
 	if err != nil {
 		return err
 	}
-	defer out.Close()
 
 	if _, err := io.Copy(out, in); err != nil {
+		out.Close()
 		return err
 	}
 
diff --git a/cli/azd/pkg/update/msi_windows_test.go b/cli/azd/pkg/update/msi_windows_test.go
index 587717c9696..877ad79071a 100644
--- a/cli/azd/pkg/update/msi_windows_test.go
+++ b/cli/azd/pkg/update/msi_windows_test.go
@@ -6,6 +6,7 @@ package update
 import (
 	"context"
 	"errors"
+	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
@@ -272,3 +273,153 @@ func TestUpdateViaMSI_NonStandardInstallBlocks(t *testing.T) {
 	require.True(t, errors.As(err, &updateErr))
 	require.Equal(t, CodeNonStandardInstall, updateErr.Code)
 }
+
+func TestUpdateViaMSI_SuccessPath_CleansUpBackup(t *testing.T) {
+	// Set up an "install directory" with a fake azd.exe.
+	installDir := t.TempDir()
+	originalPath := filepath.Join(installDir, "azd.exe")
+	require.NoError(t, os.WriteFile(originalPath, []byte("old-binary"), 0o755))
+
+	// --- Simulate backupCurrentExe ---
+	backupDir, err := os.MkdirTemp("", "azd-update-backup")
+	require.NoError(t, err)
+	defer os.RemoveAll(backupDir) // safety net if test fails early
+
+	backupPath := filepath.Join(backupDir, "azd.exe")
+	// Step 1: rename exe to backup
+	require.NoError(t, os.Rename(originalPath, backupPath))
+	// Step 2: copy back as unlocked safety copy
+	require.NoError(t, copyFileWindows(backupPath, originalPath))
+
+	// Verify both exist: safety copy at original, backup in temp
+	_, err = os.Stat(originalPath)
+	require.NoError(t, err, "safety copy should exist at original path")
+	_, err = os.Stat(backupPath)
+	require.NoError(t, err, "backup should exist in temp dir")
+
+	// --- Simulate successful MSI install ---
+	// The MSI overwrites the unlocked safety copy with a new binary.
+	require.NoError(t, os.WriteFile(originalPath, []byte("new-binary-v2"), 0o755))
+
+	// --- Simulate updateViaMSI success cleanup (updateSucceeded = true) ---
+	err = os.RemoveAll(filepath.Dir(backupPath))
+	require.NoError(t, err)
+
+	// Verify: new binary is at original path, backup dir is gone
+	data, err := os.ReadFile(originalPath)
+	require.NoError(t, err)
+	require.Equal(t, "new-binary-v2", string(data), "original path should have the new binary")
+
+	_, err = os.Stat(backupDir)
+	require.True(t, os.IsNotExist(err), "backup directory should be cleaned up after success")
+}
+
+func TestUpdateViaMSI_FailurePath_RestoresOriginal(t *testing.T) {
+	installDir := t.TempDir()
+	originalPath := filepath.Join(installDir, "azd.exe")
+	require.NoError(t, os.WriteFile(originalPath, []byte("old-binary"), 0o755))
+
+	// --- Simulate backupCurrentExe ---
+	backupDir, err := os.MkdirTemp("", "azd-update-backup")
+	require.NoError(t, err)
+	defer os.RemoveAll(backupDir)
+
+	backupPath := filepath.Join(backupDir, "azd.exe")
+	require.NoError(t, os.Rename(originalPath, backupPath))
+	require.NoError(t, copyFileWindows(backupPath, originalPath))
+
+	// --- Simulate failed MSI install that partially overwrote the safety copy ---
+	require.NoError(t, os.WriteFile(originalPath, []byte("corrupted-partial"), 0o755))
+
+	// --- Simulate updateViaMSI failure path (updateSucceeded = false) ---
+	var buf strings.Builder
+	fmt.Fprintf(&buf, "Restoring previous version...\n")
+	restoreErr := restoreExeFromBackup(originalPath, backupPath)
+	if restoreErr != nil {
+		fmt.Fprintf(&buf, "WARNING: failed to restore previous version: %v\n", restoreErr)
+		fmt.Fprintf(&buf, "Your backup is at: %s\n", backupPath)
+		fmt.Fprintf(&buf, "To recover manually, copy it to: %s\n", originalPath)
+	}
+
+	// Verify: original binary is restored, backup dir is cleaned up
+	require.NoError(t, restoreErr, "restore should succeed")
+
+	data, err := os.ReadFile(originalPath)
+	require.NoError(t, err)
+	require.Equal(t, "old-binary", string(data), "original binary should be restored from backup")
+
+	_, err = os.Stat(backupDir)
+	require.True(t, os.IsNotExist(err), "backup directory should be cleaned up after restore")
+
+	output := buf.String()
+	require.Contains(t, output, "Restoring previous version...")
+	require.NotContains(t, output, "WARNING", "restore should succeed without warnings")
+}
+
+func TestUpdateViaMSI_FailurePath_PrintsRecoveryInstructions(t *testing.T) {
+	installDir := t.TempDir()
+	originalPath := filepath.Join(installDir, "azd.exe")
+
+	// Create a backup in a temp dir
+	backupDir, err := os.MkdirTemp("", "azd-update-backup")
+	require.NoError(t, err)
+	defer os.RemoveAll(backupDir)
+
+	backupPath := filepath.Join(backupDir, "azd.exe")
+	require.NoError(t, os.WriteFile(backupPath, []byte("old-binary"), 0o755))
+
+	// Now remove the backup so restoreExeFromBackup will fail when trying to read it
+	require.NoError(t, os.Remove(backupPath))
+
+	// Make the install dir read-only so the copy will definitely fail
+	// (backup file doesn't exist, so copyFileWindows will fail on Open)
+
+	// --- Simulate updateViaMSI failure path with broken restore ---
+	var buf strings.Builder
+	fmt.Fprintf(&buf, "Restoring previous version...\n")
+	restoreErr := restoreExeFromBackup(originalPath, backupPath)
+	if restoreErr != nil {
+		fmt.Fprintf(&buf, "WARNING: failed to restore previous version: %v\n", restoreErr)
+		fmt.Fprintf(&buf, "Your backup is at: %s\n", backupPath)
+		fmt.Fprintf(&buf, "To recover manually, copy it to: %s\n", originalPath)
+	}
+
+	require.Error(t, restoreErr, "restore should fail when backup is missing")
+
+	output := buf.String()
+	require.Contains(t, output, "WARNING: failed to restore previous version")
+	require.Contains(t, output, "Your backup is at:")
+	require.Contains(t, output, "To recover manually, copy it to:")
+}
+
+func TestUpdateViaMSI_SafetyCopySurvivesInterruption(t *testing.T) {
+	installDir := t.TempDir()
+	originalPath := filepath.Join(installDir, "azd.exe")
+	originalContent := []byte("original-binary-content")
+	require.NoError(t, os.WriteFile(originalPath, originalContent, 0o755))
+
+	// --- Simulate backupCurrentExe ---
+	backupDir, err := os.MkdirTemp("", "azd-update-backup")
+	require.NoError(t, err)
+	defer os.RemoveAll(backupDir)
+
+	backupPath := filepath.Join(backupDir, "azd.exe")
+	require.NoError(t, os.Rename(originalPath, backupPath))
+	require.NoError(t, copyFileWindows(backupPath, originalPath))
+
+	// At this point (post-backup, pre-install), if the process is killed,
+	// the user should still have a valid azd.exe at the original path.
+	data, err := os.ReadFile(originalPath)
+	require.NoError(t, err)
+	require.Equal(t, originalContent, data,
+		"safety copy at original path should match the original binary")
+
+	// The safety copy should be a distinct file (not a hard link to the backup)
+	// — verify by checking that removing the backup doesn't affect the safety copy.
+	require.NoError(t, os.Remove(backupPath))
+
+	data, err = os.ReadFile(originalPath)
+	require.NoError(t, err)
+	require.Equal(t, originalContent, data,
+		"safety copy should survive even if backup is deleted (independent file)")
+}
diff --git a/ext/vscode/.vscode/cspell-dictionary.txt b/ext/vscode/.vscode/cspell-dictionary.txt
index 1b241ed04b7..a2fcac35f8e 100644
--- a/ext/vscode/.vscode/cspell-dictionary.txt
+++ b/ext/vscode/.vscode/cspell-dictionary.txt
@@ -41,6 +41,3 @@ qbsearch
 mystorageacct
 aiapps
 itemprop
-ALLUSERS
-pids
-INSTALLDIR

From 1507a9d52c9426b02632d5613cfb2fc498bf3379 Mon Sep 17 00:00:00 2001
From: hemarina <hemarina@microsoft.com>
Date: Wed, 18 Mar 2026 13:34:33 -0700
Subject: [PATCH 06/14] fix golang-run

---
 cli/azd/pkg/update/msi_windows_test.go | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/cli/azd/pkg/update/msi_windows_test.go b/cli/azd/pkg/update/msi_windows_test.go
index 877ad79071a..744de37cb1e 100644
--- a/cli/azd/pkg/update/msi_windows_test.go
+++ b/cli/azd/pkg/update/msi_windows_test.go
@@ -184,7 +184,7 @@ func TestBackupCurrentExe(t *testing.T) {
 	// so we test the underlying move-to-temp-dir logic directly.
 	installDir := t.TempDir()
 	exePath := filepath.Join(installDir, "azd.exe")
-	require.NoError(t, os.WriteFile(exePath, []byte("original"), 0o755))
+	require.NoError(t, os.WriteFile(exePath, []byte("original"), 0600))
 
 	// Simulate what backupCurrentExe does: create temp dir, move exe there.
 	tmpDir, err := os.MkdirTemp("", "azd-update-backup")
@@ -213,7 +213,7 @@ func TestRestoreExeFromBackup(t *testing.T) {
 	defer os.RemoveAll(tmpDir)
 
 	backupPath := filepath.Join(tmpDir, "azd.exe")
-	require.NoError(t, os.WriteFile(backupPath, []byte("backup-content"), 0o755))
+	require.NoError(t, os.WriteFile(backupPath, []byte("backup-content"), 0600))
 
 	// Restore should move backup → original and remove the temp dir
 	require.NoError(t, restoreExeFromBackup(originalPath, backupPath))
@@ -241,8 +241,8 @@ func TestRestoreExeFromBackup_RemovesPartialInstall(t *testing.T) {
 	backupPath := filepath.Join(tmpDir, "azd.exe")
 
 	// Simulate a partial install that left a corrupt file at the original path
-	require.NoError(t, os.WriteFile(originalPath, []byte("partial-new"), 0o755))
-	require.NoError(t, os.WriteFile(backupPath, []byte("good-backup"), 0o755))
+	require.NoError(t, os.WriteFile(originalPath, []byte("partial-new"), 0600))
+	require.NoError(t, os.WriteFile(backupPath, []byte("good-backup"), 0600))
 
 	require.NoError(t, restoreExeFromBackup(originalPath, backupPath))
 
@@ -278,7 +278,7 @@ func TestUpdateViaMSI_SuccessPath_CleansUpBackup(t *testing.T) {
 	// Set up an "install directory" with a fake azd.exe.
 	installDir := t.TempDir()
 	originalPath := filepath.Join(installDir, "azd.exe")
-	require.NoError(t, os.WriteFile(originalPath, []byte("old-binary"), 0o755))
+	require.NoError(t, os.WriteFile(originalPath, []byte("old-binary"), 0600))
 
 	// --- Simulate backupCurrentExe ---
 	backupDir, err := os.MkdirTemp("", "azd-update-backup")
@@ -299,7 +299,7 @@ func TestUpdateViaMSI_SuccessPath_CleansUpBackup(t *testing.T) {
 
 	// --- Simulate successful MSI install ---
 	// The MSI overwrites the unlocked safety copy with a new binary.
-	require.NoError(t, os.WriteFile(originalPath, []byte("new-binary-v2"), 0o755))
+	require.NoError(t, os.WriteFile(originalPath, []byte("new-binary-v2"), 0600))
 
 	// --- Simulate updateViaMSI success cleanup (updateSucceeded = true) ---
 	err = os.RemoveAll(filepath.Dir(backupPath))
@@ -317,7 +317,7 @@ func TestUpdateViaMSI_SuccessPath_CleansUpBackup(t *testing.T) {
 func TestUpdateViaMSI_FailurePath_RestoresOriginal(t *testing.T) {
 	installDir := t.TempDir()
 	originalPath := filepath.Join(installDir, "azd.exe")
-	require.NoError(t, os.WriteFile(originalPath, []byte("old-binary"), 0o755))
+	require.NoError(t, os.WriteFile(originalPath, []byte("old-binary"), 0600))
 
 	// --- Simulate backupCurrentExe ---
 	backupDir, err := os.MkdirTemp("", "azd-update-backup")
@@ -329,7 +329,7 @@ func TestUpdateViaMSI_FailurePath_RestoresOriginal(t *testing.T) {
 	require.NoError(t, copyFileWindows(backupPath, originalPath))
 
 	// --- Simulate failed MSI install that partially overwrote the safety copy ---
-	require.NoError(t, os.WriteFile(originalPath, []byte("corrupted-partial"), 0o755))
+	require.NoError(t, os.WriteFile(originalPath, []byte("corrupted-partial"), 0600))
 
 	// --- Simulate updateViaMSI failure path (updateSucceeded = false) ---
 	var buf strings.Builder
@@ -366,7 +366,7 @@ func TestUpdateViaMSI_FailurePath_PrintsRecoveryInstructions(t *testing.T) {
 	defer os.RemoveAll(backupDir)
 
 	backupPath := filepath.Join(backupDir, "azd.exe")
-	require.NoError(t, os.WriteFile(backupPath, []byte("old-binary"), 0o755))
+	require.NoError(t, os.WriteFile(backupPath, []byte("old-binary"), 0600))
 
 	// Now remove the backup so restoreExeFromBackup will fail when trying to read it
 	require.NoError(t, os.Remove(backupPath))
@@ -396,7 +396,7 @@ func TestUpdateViaMSI_SafetyCopySurvivesInterruption(t *testing.T) {
 	installDir := t.TempDir()
 	originalPath := filepath.Join(installDir, "azd.exe")
 	originalContent := []byte("original-binary-content")
-	require.NoError(t, os.WriteFile(originalPath, originalContent, 0o755))
+	require.NoError(t, os.WriteFile(originalPath, originalContent, 0600))
 
 	// --- Simulate backupCurrentExe ---
 	backupDir, err := os.MkdirTemp("", "azd-update-backup")

From 27c3061bfe370e7a358568cfe1c88692835a0f37 Mon Sep 17 00:00:00 2001
From: hemarina <hemarina@microsoft.com>
Date: Wed, 18 Mar 2026 14:47:00 -0700
Subject: [PATCH 07/14] clean up tests due to feedback

---
 cli/azd/pkg/update/msi_windows_test.go | 180 -------------------------
 1 file changed, 180 deletions(-)

diff --git a/cli/azd/pkg/update/msi_windows_test.go b/cli/azd/pkg/update/msi_windows_test.go
index 744de37cb1e..9516908e503 100644
--- a/cli/azd/pkg/update/msi_windows_test.go
+++ b/cli/azd/pkg/update/msi_windows_test.go
@@ -6,7 +6,6 @@ package update
 import (
 	"context"
 	"errors"
-	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
@@ -178,31 +177,6 @@ func TestIsStandardMSIInstall_MissingLocalAppData(t *testing.T) {
 	require.Equal(t, CodeNonStandardInstall, updateErr.Code)
 	require.Contains(t, err.Error(), "LOCALAPPDATA")
 }
-
-func TestBackupCurrentExe(t *testing.T) {
-	// backupCurrentExe relies on os.Executable(), which we can't override,
-	// so we test the underlying move-to-temp-dir logic directly.
-	installDir := t.TempDir()
-	exePath := filepath.Join(installDir, "azd.exe")
-	require.NoError(t, os.WriteFile(exePath, []byte("original"), 0600))
-
-	// Simulate what backupCurrentExe does: create temp dir, move exe there.
-	tmpDir, err := os.MkdirTemp("", "azd-update-backup")
-	require.NoError(t, err)
-	defer os.RemoveAll(tmpDir)
-
-	backupPath := filepath.Join(tmpDir, "azd.exe")
-	require.NoError(t, os.Rename(exePath, backupPath))
-
-	// Original should be gone, backup should exist in temp dir
-	_, err = os.Stat(exePath)
-	require.True(t, os.IsNotExist(err), "original should no longer exist after move")
-
-	data, err := os.ReadFile(backupPath)
-	require.NoError(t, err)
-	require.Equal(t, "original", string(data))
-}
-
 func TestRestoreExeFromBackup(t *testing.T) {
 	installDir := t.TempDir()
 	originalPath := filepath.Join(installDir, "azd.exe")
@@ -251,10 +225,6 @@ func TestRestoreExeFromBackup_RemovesPartialInstall(t *testing.T) {
 	require.Equal(t, "good-backup", string(data), "should have restored backup content")
 }
 
-func TestInstallScriptURL(t *testing.T) {
-	require.Equal(t, "https://aka.ms/install-azd.ps1", installScriptURL)
-}
-
 // TestUpdateViaMSI_NonStandardInstallBlocks verifies that updateViaMSI returns an error
 // when the install location doesn't match the expected per-user path.
 func TestUpdateViaMSI_NonStandardInstallBlocks(t *testing.T) {
@@ -273,153 +243,3 @@ func TestUpdateViaMSI_NonStandardInstallBlocks(t *testing.T) {
 	require.True(t, errors.As(err, &updateErr))
 	require.Equal(t, CodeNonStandardInstall, updateErr.Code)
 }
-
-func TestUpdateViaMSI_SuccessPath_CleansUpBackup(t *testing.T) {
-	// Set up an "install directory" with a fake azd.exe.
-	installDir := t.TempDir()
-	originalPath := filepath.Join(installDir, "azd.exe")
-	require.NoError(t, os.WriteFile(originalPath, []byte("old-binary"), 0600))
-
-	// --- Simulate backupCurrentExe ---
-	backupDir, err := os.MkdirTemp("", "azd-update-backup")
-	require.NoError(t, err)
-	defer os.RemoveAll(backupDir) // safety net if test fails early
-
-	backupPath := filepath.Join(backupDir, "azd.exe")
-	// Step 1: rename exe to backup
-	require.NoError(t, os.Rename(originalPath, backupPath))
-	// Step 2: copy back as unlocked safety copy
-	require.NoError(t, copyFileWindows(backupPath, originalPath))
-
-	// Verify both exist: safety copy at original, backup in temp
-	_, err = os.Stat(originalPath)
-	require.NoError(t, err, "safety copy should exist at original path")
-	_, err = os.Stat(backupPath)
-	require.NoError(t, err, "backup should exist in temp dir")
-
-	// --- Simulate successful MSI install ---
-	// The MSI overwrites the unlocked safety copy with a new binary.
-	require.NoError(t, os.WriteFile(originalPath, []byte("new-binary-v2"), 0600))
-
-	// --- Simulate updateViaMSI success cleanup (updateSucceeded = true) ---
-	err = os.RemoveAll(filepath.Dir(backupPath))
-	require.NoError(t, err)
-
-	// Verify: new binary is at original path, backup dir is gone
-	data, err := os.ReadFile(originalPath)
-	require.NoError(t, err)
-	require.Equal(t, "new-binary-v2", string(data), "original path should have the new binary")
-
-	_, err = os.Stat(backupDir)
-	require.True(t, os.IsNotExist(err), "backup directory should be cleaned up after success")
-}
-
-func TestUpdateViaMSI_FailurePath_RestoresOriginal(t *testing.T) {
-	installDir := t.TempDir()
-	originalPath := filepath.Join(installDir, "azd.exe")
-	require.NoError(t, os.WriteFile(originalPath, []byte("old-binary"), 0600))
-
-	// --- Simulate backupCurrentExe ---
-	backupDir, err := os.MkdirTemp("", "azd-update-backup")
-	require.NoError(t, err)
-	defer os.RemoveAll(backupDir)
-
-	backupPath := filepath.Join(backupDir, "azd.exe")
-	require.NoError(t, os.Rename(originalPath, backupPath))
-	require.NoError(t, copyFileWindows(backupPath, originalPath))
-
-	// --- Simulate failed MSI install that partially overwrote the safety copy ---
-	require.NoError(t, os.WriteFile(originalPath, []byte("corrupted-partial"), 0600))
-
-	// --- Simulate updateViaMSI failure path (updateSucceeded = false) ---
-	var buf strings.Builder
-	fmt.Fprintf(&buf, "Restoring previous version...\n")
-	restoreErr := restoreExeFromBackup(originalPath, backupPath)
-	if restoreErr != nil {
-		fmt.Fprintf(&buf, "WARNING: failed to restore previous version: %v\n", restoreErr)
-		fmt.Fprintf(&buf, "Your backup is at: %s\n", backupPath)
-		fmt.Fprintf(&buf, "To recover manually, copy it to: %s\n", originalPath)
-	}
-
-	// Verify: original binary is restored, backup dir is cleaned up
-	require.NoError(t, restoreErr, "restore should succeed")
-
-	data, err := os.ReadFile(originalPath)
-	require.NoError(t, err)
-	require.Equal(t, "old-binary", string(data), "original binary should be restored from backup")
-
-	_, err = os.Stat(backupDir)
-	require.True(t, os.IsNotExist(err), "backup directory should be cleaned up after restore")
-
-	output := buf.String()
-	require.Contains(t, output, "Restoring previous version...")
-	require.NotContains(t, output, "WARNING", "restore should succeed without warnings")
-}
-
-func TestUpdateViaMSI_FailurePath_PrintsRecoveryInstructions(t *testing.T) {
-	installDir := t.TempDir()
-	originalPath := filepath.Join(installDir, "azd.exe")
-
-	// Create a backup in a temp dir
-	backupDir, err := os.MkdirTemp("", "azd-update-backup")
-	require.NoError(t, err)
-	defer os.RemoveAll(backupDir)
-
-	backupPath := filepath.Join(backupDir, "azd.exe")
-	require.NoError(t, os.WriteFile(backupPath, []byte("old-binary"), 0600))
-
-	// Now remove the backup so restoreExeFromBackup will fail when trying to read it
-	require.NoError(t, os.Remove(backupPath))
-
-	// Make the install dir read-only so the copy will definitely fail
-	// (backup file doesn't exist, so copyFileWindows will fail on Open)
-
-	// --- Simulate updateViaMSI failure path with broken restore ---
-	var buf strings.Builder
-	fmt.Fprintf(&buf, "Restoring previous version...\n")
-	restoreErr := restoreExeFromBackup(originalPath, backupPath)
-	if restoreErr != nil {
-		fmt.Fprintf(&buf, "WARNING: failed to restore previous version: %v\n", restoreErr)
-		fmt.Fprintf(&buf, "Your backup is at: %s\n", backupPath)
-		fmt.Fprintf(&buf, "To recover manually, copy it to: %s\n", originalPath)
-	}
-
-	require.Error(t, restoreErr, "restore should fail when backup is missing")
-
-	output := buf.String()
-	require.Contains(t, output, "WARNING: failed to restore previous version")
-	require.Contains(t, output, "Your backup is at:")
-	require.Contains(t, output, "To recover manually, copy it to:")
-}
-
-func TestUpdateViaMSI_SafetyCopySurvivesInterruption(t *testing.T) {
-	installDir := t.TempDir()
-	originalPath := filepath.Join(installDir, "azd.exe")
-	originalContent := []byte("original-binary-content")
-	require.NoError(t, os.WriteFile(originalPath, originalContent, 0600))
-
-	// --- Simulate backupCurrentExe ---
-	backupDir, err := os.MkdirTemp("", "azd-update-backup")
-	require.NoError(t, err)
-	defer os.RemoveAll(backupDir)
-
-	backupPath := filepath.Join(backupDir, "azd.exe")
-	require.NoError(t, os.Rename(originalPath, backupPath))
-	require.NoError(t, copyFileWindows(backupPath, originalPath))
-
-	// At this point (post-backup, pre-install), if the process is killed,
-	// the user should still have a valid azd.exe at the original path.
-	data, err := os.ReadFile(originalPath)
-	require.NoError(t, err)
-	require.Equal(t, originalContent, data,
-		"safety copy at original path should match the original binary")
-
-	// The safety copy should be a distinct file (not a hard link to the backup)
-	// — verify by checking that removing the backup doesn't affect the safety copy.
-	require.NoError(t, os.Remove(backupPath))
-
-	data, err = os.ReadFile(originalPath)
-	require.NoError(t, err)
-	require.Equal(t, originalContent, data,
-		"safety copy should survive even if backup is deleted (independent file)")
-}

From 018c02b17b39c0622d67b2ecab5391ad830b3be2 Mon Sep 17 00:00:00 2001
From: hemarina <hemarina@microsoft.com>
Date: Thu, 19 Mar 2026 14:22:36 -0700
Subject: [PATCH 08/14] brew

---
 cli/azd/pkg/update/manager.go | 84 ++++++++++++++++++++++++++++++++++-
 1 file changed, 82 insertions(+), 2 deletions(-)

diff --git a/cli/azd/pkg/update/manager.go b/cli/azd/pkg/update/manager.go
index 1d5f0d3e4b3..3080809a24e 100644
--- a/cli/azd/pkg/update/manager.go
+++ b/cli/azd/pkg/update/manager.go
@@ -271,7 +271,7 @@ func (m *Manager) Update(ctx context.Context, cfg *UpdateConfig, writer io.Write
 
 	switch installedBy {
 	case installer.InstallTypeBrew:
-		return m.updateViaPackageManager(ctx, "brew", []string{"upgrade", "azd"}, writer)
+		return m.updateViaBrew(ctx, cfg, writer)
 	case installer.InstallTypeWinget:
 		return m.updateViaPackageManager(ctx, "winget", []string{"upgrade", "Microsoft.Azd"}, writer)
 	case installer.InstallTypeChoco:
@@ -290,6 +290,86 @@ func (m *Manager) Update(ctx context.Context, cfg *UpdateConfig, writer io.Write
 	}
 }
 
+func (m *Manager) updateViaBrew(ctx context.Context, cfg *UpdateConfig, writer io.Writer) error {
+	fmt.Fprintf(writer, "Checking Homebrew cask installation...\n")
+
+	// Determine which cask is currently installed by checking `brew list --cask`.
+	listArgs := exec.NewRunArgs("brew", "list", "--cask")
+	listResult, err := m.commandRunner.Run(ctx, listArgs)
+	if err != nil {
+		log.Printf("brew list --cask failed: %v", err)
+	}
+
+	caskOutput := ""
+	if err == nil {
+		caskOutput = listResult.Stdout
+	}
+
+	hasAzd := false
+	hasAzdDaily := false
+	for _, line := range strings.Split(caskOutput, "\n") {
+		name := strings.TrimSpace(line)
+		if name == "azd@daily" {
+			hasAzdDaily = true
+		} else if name == "azd" {
+			hasAzd = true
+		}
+	}
+
+	targetChannel := cfg.Channel
+
+	if !hasAzd && !hasAzdDaily {
+		// azd is not installed as a cask (formula install or other).
+		// Uninstall the non-cask version and install the correct cask.
+		fmt.Fprintf(writer, "azd is not installed as a Homebrew cask. Reinstalling as cask...\n")
+		if err := m.updateViaPackageManager(ctx, "brew", []string{"uninstall", "azd"}, writer); err != nil {
+			log.Printf("brew uninstall azd failed: %v", err)
+		}
+		switch targetChannel {
+		case ChannelStable:
+			return m.updateViaPackageManager(ctx, "brew", []string{"install", "--cask", "azure/azd/azd"}, writer)
+		case ChannelDaily:
+			return m.updateViaPackageManager(ctx, "brew", []string{"install", "--cask", "azure/azd/azd@daily"}, writer)
+		default:
+			return fmt.Errorf("unsupported channel: %s", targetChannel)
+		}
+	}
+
+	// Determine if the user is switching channels.
+	currentlyDaily := hasAzdDaily
+	currentlyStable := hasAzd
+
+	if currentlyDaily && targetChannel == ChannelStable {
+		// Switching from daily to stable
+		fmt.Fprintf(writer, "Switching from daily to stable channel...\n")
+		if err := m.updateViaPackageManager(ctx, "brew", []string{"uninstall", "--cask", "azd@daily"}, writer); err != nil {
+			return err
+		}
+		return m.updateViaPackageManager(ctx, "brew", []string{"install", "--cask", "azure/azd/azd"}, writer)
+	}
+
+	if currentlyStable && targetChannel == ChannelDaily {
+		// Switching from stable to daily
+		fmt.Fprintf(writer, "Switching from stable to daily channel...\n")
+		if err := m.updateViaPackageManager(ctx, "brew", []string{"uninstall", "--cask", "azd"}, writer); err != nil {
+			return err
+		}
+		return m.updateViaPackageManager(ctx, "brew", []string{"install", "--cask", "azure/azd/azd@daily"}, writer)
+	}
+
+	// Same channel — update in place.
+	switch targetChannel {
+	case ChannelStable:
+		fmt.Fprintf(writer, "Updating azd (stable channel)...\n")
+		return m.updateViaPackageManager(ctx, "brew", []string{"upgrade", "--cask", "azure/azd/azd"}, writer)
+	case ChannelDaily:
+		fmt.Fprintf(writer, "Updating azd (daily channel)...\n")
+		return m.updateViaPackageManager(ctx, "brew", []string{"upgrade", "--cask", "azure/azd/azd@daily"}, writer)
+	default:
+		return fmt.Errorf("unsupported channel: %s", targetChannel)
+	}
+}
+
 func (m *Manager) updateViaPackageManager(
 	ctx context.Context,
 	command string,
@@ -766,7 +846,7 @@ func extractFromZip(archivePath, binaryName, destPath string) error {
 // IsPackageManagerInstall returns true if azd was installed via a package manager.
 func IsPackageManagerInstall() bool {
 	switch installer.InstalledBy() {
-	case installer.InstallTypeBrew, installer.InstallTypeWinget, installer.InstallTypeChoco:
+	case installer.InstallTypeWinget, installer.InstallTypeChoco:
 		return true
 	default:
 		return false

From 3c87de92f06acbaf488ca03777be03c03bed6af9 Mon Sep 17 00:00:00 2001
From: hemarina <hemarina@microsoft.com>
Date: Thu, 19 Mar 2026 15:56:11 -0700
Subject: [PATCH 09/14] installscript for non windows

---
 cli/azd/pkg/update/manager.go | 58 ++++++++++++++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

diff --git a/cli/azd/pkg/update/manager.go b/cli/azd/pkg/update/manager.go
index 3080809a24e..14599d64e21 100644
--- a/cli/azd/pkg/update/manager.go
+++ b/cli/azd/pkg/update/manager.go
@@ -33,6 +33,8 @@ const (
 	stableVersionURL = "https://aka.ms/azure-dev/versions/cli/latest"
 	// blobBaseURL is the base URL for Azure Blob Storage where azd binaries are hosted.
 	blobBaseURL = "https://azuresdkartifacts.z5.web.core.windows.net/azd/standalone/release"
+	// installShScriptURL is the shell install script for azd on Linux/macOS.
+	installShScriptURL = "https://aka.ms/install-azd.sh"
 )
 
 // VersionInfo holds the result of a version check.
@@ -276,7 +278,12 @@ func (m *Manager) Update(ctx context.Context, cfg *UpdateConfig, writer io.Write
 		return m.updateViaPackageManager(ctx, "winget", []string{"upgrade", "Microsoft.Azd"}, writer)
 	case installer.InstallTypeChoco:
 		return m.updateViaPackageManager(ctx, "choco", []string{"upgrade", "azd"}, writer)
-	case installer.InstallTypePs, installer.InstallTypeSh, installer.InstallTypeDeb,
+	case installer.InstallTypeSh:
+		if runtime.GOOS == "windows" {
+			return m.updateViaMSI(ctx, cfg, writer)
+		}
+		return m.updateViaInstallScript(ctx, cfg, writer)
+	case installer.InstallTypePs, installer.InstallTypeDeb,
 		installer.InstallTypeRpm, installer.InstallTypeUnknown:
 		if runtime.GOOS == "windows" {
 			return m.updateViaMSI(ctx, cfg, writer)
@@ -370,6 +377,55 @@ func (m *Manager) updateViaBrew(ctx context.Context, cfg *UpdateConfig, writer i
 	}
 }
 
+func (m *Manager) updateViaInstallScript(ctx context.Context, cfg *UpdateConfig, writer io.Writer) error {
+	fmt.Fprintf(writer, "Updating azd via install script...\n")
+
+	currentPath, err := currentExePath()
+	if err != nil {
+		return fmt.Errorf("failed to determine current path: %w", err)
+	}
+	installFolder := filepath.Dir(currentPath)
+
+	// Download install-azd.sh to a temp file.
+	tempDir := os.TempDir()
+	scriptPath := filepath.Join(tempDir, "install-azd.sh")
+
+	if err := m.downloadFile(ctx, installShScriptURL, scriptPath, writer); err != nil {
+		return newUpdateError(CodeDownloadFailed, fmt.Errorf("failed to download install script: %w", err))
+	}
+	defer os.Remove(scriptPath)
+
+	// Make the script executable.
+	if err := os.Chmod(scriptPath, 0o555); err != nil {
+		return newUpdateError(CodeReplaceFailed, fmt.Errorf("failed to set script permissions: %w", err))
+	}
+
+	versionArg := string(cfg.Channel)
+	runArgs := exec.NewRunArgs("bash", scriptPath,
+		"--version", versionArg,
+		"--install-folder", installFolder,
+		"--symlink-folder", "",
+	)
+	runArgs = runArgs.WithStdOut(writer).WithStdErr(writer).WithInteractive(true)
+
+	log.Printf("Running install script: bash %s --version %s --install-folder %s --symlink-folder \"\"",
+		scriptPath, versionArg, installFolder)
+	fmt.Fprintf(writer, "Installing azd %s channel to %s...\n", cfg.Channel, installFolder)
+
+	result, err := m.commandRunner.Run(ctx, runArgs)
+	if err != nil {
+		return newUpdateError(CodeReplaceFailed, fmt.Errorf("install script failed: %w", err))
+	}
+
+	if result.ExitCode != 0 {
+		return newUpdateErrorf(CodeReplaceFailed,
+			"install script failed with exit code %d", result.ExitCode)
+	}
+
+	log.Printf("Install script completed successfully")
+	return nil
+}
+
 func (m *Manager) updateViaPackageManager(
 	ctx context.Context,
 	command string,

From fe3a3ec612b5d5fd695720bcfd83bd8b8da2a653 Mon Sep 17 00:00:00 2001
From: hemarina <hemarina@microsoft.com>
Date: Thu, 19 Mar 2026 16:08:24 -0700
Subject: [PATCH 10/14] fix exit 1 bug when switch channel on non windows for
 binary download

---
 cli/azd/pkg/update/manager.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/cli/azd/pkg/update/manager.go b/cli/azd/pkg/update/manager.go
index 14599d64e21..e4a0767016c 100644
--- a/cli/azd/pkg/update/manager.go
+++ b/cli/azd/pkg/update/manager.go
@@ -734,7 +734,12 @@ func (m *Manager) replaceBinary(ctx context.Context, newBinaryPath, currentBinar
 	// On unix, try with sudo if permission denied
 	if runtime.GOOS != "windows" {
 		log.Printf("direct replacement failed (%v), trying with sudo", err)
-		runArgs := exec.NewRunArgs("sudo", "cp", newBinaryPath, currentBinaryPath)
+		// Use "rm -f && cp" instead of plain "cp" to avoid "Text file busy" (ETXTBSY) errors.
+		// On Linux, writing to a running binary's inode fails because the kernel holds a
+		// write lock on executing files. Removing first unlinks the filename (the running
+		// process keeps the old inode alive via its fd), then cp creates a new inode.
+		shellCmd := fmt.Sprintf("rm -f %q && cp %q %q", currentBinaryPath, newBinaryPath, currentBinaryPath)
+		runArgs := exec.NewRunArgs("sudo", "sh", "-c", shellCmd)
 		runArgs = runArgs.WithInteractive(true)
 		result, sudoErr := m.commandRunner.Run(ctx, runArgs)
 		if sudoErr != nil {

From 7ba27d76b494c6620468de5dc9325ff02e570e8f Mon Sep 17 00:00:00 2001
From: hemarina <hemarina@microsoft.com>
Date: Thu, 19 Mar 2026 16:43:43 -0700
Subject: [PATCH 11/14] add tests

---
 cli/azd/pkg/update/manager_test.go | 371 +++++++++++++++++++++++++++++
 1 file changed, 371 insertions(+)

diff --git a/cli/azd/pkg/update/manager_test.go b/cli/azd/pkg/update/manager_test.go
index 4f3eec3718a..27e71a8b6ec 100644
--- a/cli/azd/pkg/update/manager_test.go
+++ b/cli/azd/pkg/update/manager_test.go
@@ -648,3 +648,374 @@ func (t *urlRewriteTransport) RoundTrip(req *http.Request) (*http.Response, erro
 	newReq.Header = req.Header
 	return t.base.RoundTrip(newReq)
 }
+
+func TestUpdateViaBrew(t *testing.T) {
+	t.Run("NotCask_Stable", func(t *testing.T) {
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew list --cask"
+		}).Respond(exec.NewRunResult(0, "some-other-cask\n", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew uninstall azd"
+		}).Respond(exec.NewRunResult(0, "", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew install --cask azure/azd/azd"
+		}).Respond(exec.NewRunResult(0, "Installed", ""))
+
+		m := NewManager(mockRunner, nil)
+		var buf bytes.Buffer
+		err := m.updateViaBrew(context.Background(), &UpdateConfig{Channel: ChannelStable}, &buf)
+		require.NoError(t, err)
+		require.Contains(t, buf.String(), "not installed as a Homebrew cask")
+	})
+
+	t.Run("NotCask_Daily", func(t *testing.T) {
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew list --cask"
+		}).Respond(exec.NewRunResult(0, "some-other-cask\n", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew uninstall azd"
+		}).Respond(exec.NewRunResult(0, "", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew install --cask azure/azd/azd@daily"
+		}).Respond(exec.NewRunResult(0, "Installed", ""))
+
+		m := NewManager(mockRunner, nil)
+		var buf bytes.Buffer
+		err := m.updateViaBrew(context.Background(), &UpdateConfig{Channel: ChannelDaily}, &buf)
+		require.NoError(t, err)
+		require.Contains(t, buf.String(), "not installed as a Homebrew cask")
+	})
+
+	t.Run("NotCask_UnsupportedChannel", func(t *testing.T) {
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew list --cask"
+		}).Respond(exec.NewRunResult(0, "some-other-cask\n", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew uninstall azd"
+		}).Respond(exec.NewRunResult(0, "", ""))
+
+		m := NewManager(mockRunner, nil)
+		var buf bytes.Buffer
+		err := m.updateViaBrew(context.Background(), &UpdateConfig{Channel: Channel("nightly")}, &buf)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "unsupported channel")
+	})
+
+	t.Run("SwitchDailyToStable", func(t *testing.T) {
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew list --cask"
+		}).Respond(exec.NewRunResult(0, "azd@daily\n", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew uninstall --cask azd@daily"
+		}).Respond(exec.NewRunResult(0, "", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew install --cask azure/azd/azd"
+		}).Respond(exec.NewRunResult(0, "Installed", ""))
+
+		m := NewManager(mockRunner, nil)
+		var buf bytes.Buffer
+		err := m.updateViaBrew(context.Background(), &UpdateConfig{Channel: ChannelStable}, &buf)
+		require.NoError(t, err)
+		require.Contains(t, buf.String(), "Switching from daily to stable")
+	})
+
+	t.Run("SwitchStableToDaily", func(t *testing.T) {
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew list --cask"
+		}).Respond(exec.NewRunResult(0, "azd\n", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew uninstall --cask azd"
+		}).Respond(exec.NewRunResult(0, "", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew install --cask azure/azd/azd@daily"
+		}).Respond(exec.NewRunResult(0, "Installed", ""))
+
+		m := NewManager(mockRunner, nil)
+		var buf bytes.Buffer
+		err := m.updateViaBrew(context.Background(), &UpdateConfig{Channel: ChannelDaily}, &buf)
+		require.NoError(t, err)
+		require.Contains(t, buf.String(), "Switching from stable to daily")
+	})
+
+	t.Run("SwitchDailyToStable_UninstallFails", func(t *testing.T) {
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew list --cask"
+		}).Respond(exec.NewRunResult(0, "azd@daily\n", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew uninstall --cask azd@daily"
+		}).Respond(exec.NewRunResult(1, "", "Error: cask not installed"))
+
+		m := NewManager(mockRunner, nil)
+		var buf bytes.Buffer
+		err := m.updateViaBrew(context.Background(), &UpdateConfig{Channel: ChannelStable}, &buf)
+		require.Error(t, err)
+		var updateErr *UpdateError
+		require.ErrorAs(t, err, &updateErr)
+		require.Equal(t, CodePackageManagerFailed, updateErr.Code)
+	})
+
+	t.Run("UpgradeStable", func(t *testing.T) {
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew list --cask"
+		}).Respond(exec.NewRunResult(0, "azd\n", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew upgrade --cask azure/azd/azd"
+		}).Respond(exec.NewRunResult(0, "Updated", ""))
+
+		m := NewManager(mockRunner, nil)
+		var buf bytes.Buffer
+		err := m.updateViaBrew(context.Background(), &UpdateConfig{Channel: ChannelStable}, &buf)
+		require.NoError(t, err)
+		require.Contains(t, buf.String(), "Updating azd (stable channel)")
+	})
+
+	t.Run("UpgradeDaily", func(t *testing.T) {
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew list --cask"
+		}).Respond(exec.NewRunResult(0, "azd@daily\n", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew upgrade --cask azure/azd/azd@daily"
+		}).Respond(exec.NewRunResult(0, "Updated", ""))
+
+		m := NewManager(mockRunner, nil)
+		var buf bytes.Buffer
+		err := m.updateViaBrew(context.Background(), &UpdateConfig{Channel: ChannelDaily}, &buf)
+		require.NoError(t, err)
+		require.Contains(t, buf.String(), "Updating azd (daily channel)")
+	})
+
+	t.Run("UpgradeStable_Fails", func(t *testing.T) {
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew list --cask"
+		}).Respond(exec.NewRunResult(0, "azd\n", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew upgrade --cask azure/azd/azd"
+		}).Respond(exec.NewRunResult(1, "", "Error: already up-to-date"))
+
+		m := NewManager(mockRunner, nil)
+		var buf bytes.Buffer
+		err := m.updateViaBrew(context.Background(), &UpdateConfig{Channel: ChannelStable}, &buf)
+		require.Error(t, err)
+		var updateErr *UpdateError
+		require.ErrorAs(t, err, &updateErr)
+		require.Equal(t, CodePackageManagerFailed, updateErr.Code)
+	})
+
+	t.Run("UpgradeUnsupportedChannel", func(t *testing.T) {
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew list --cask"
+		}).Respond(exec.NewRunResult(0, "azd\n", ""))
+
+		m := NewManager(mockRunner, nil)
+		var buf bytes.Buffer
+		err := m.updateViaBrew(context.Background(), &UpdateConfig{Channel: Channel("nightly")}, &buf)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "unsupported channel")
+	})
+
+	t.Run("ListFails_FallsBackToInstall", func(t *testing.T) {
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew list --cask"
+		}).SetError(fmt.Errorf("brew not found"))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew uninstall azd"
+		}).Respond(exec.NewRunResult(0, "", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew install --cask azure/azd/azd"
+		}).Respond(exec.NewRunResult(0, "Installed", ""))
+
+		m := NewManager(mockRunner, nil)
+		var buf bytes.Buffer
+		err := m.updateViaBrew(context.Background(), &UpdateConfig{Channel: ChannelStable}, &buf)
+		require.NoError(t, err)
+	})
+
+	t.Run("UninstallFails_StillInstallsCask", func(t *testing.T) {
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew list --cask"
+		}).Respond(exec.NewRunResult(0, "other-cask\n", ""))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew uninstall azd"
+		}).Respond(exec.NewRunResult(1, "", "No such formula: azd"))
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return command == "brew install --cask azure/azd/azd"
+		}).Respond(exec.NewRunResult(0, "Installed", ""))
+
+		m := NewManager(mockRunner, nil)
+		var buf bytes.Buffer
+		err := m.updateViaBrew(context.Background(), &UpdateConfig{Channel: ChannelStable}, &buf)
+		require.NoError(t, err)
+	})
+}
+
+func TestUpdateViaInstallScript(t *testing.T) {
+	t.Run("Success_Stable", func(t *testing.T) {
+		scriptContent := []byte("#!/bin/bash\necho installing")
+		server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.Header().Set("Content-Length", fmt.Sprintf("%d", len(scriptContent)))
+			w.WriteHeader(http.StatusOK)
+			_, _ = w.Write(scriptContent)
+		}))
+		defer server.Close()
+
+		client := &http.Client{
+			Transport: &urlRewriteTransport{
+				base:      http.DefaultTransport,
+				targetURL: server.URL,
+			},
+		}
+
+		var capturedArgs exec.RunArgs
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return args.Cmd == "bash"
+		}).RespondFn(func(args exec.RunArgs) (exec.RunResult, error) {
+			capturedArgs = args
+			return exec.NewRunResult(0, "Installation complete", ""), nil
+		})
+
+		m := NewManager(mockRunner, client)
+		var buf bytes.Buffer
+		err := m.updateViaInstallScript(context.Background(), &UpdateConfig{Channel: ChannelStable}, &buf)
+		require.NoError(t, err)
+		require.Contains(t, buf.String(), "Updating azd via install script")
+		require.Contains(t, buf.String(), "Installing azd stable channel")
+
+		// Verify bash was called with correct arguments
+		require.Equal(t, "bash", capturedArgs.Cmd)
+		require.True(t, strings.HasSuffix(capturedArgs.Args[0], "install-azd.sh"))
+		require.Equal(t, "--version", capturedArgs.Args[1])
+		require.Equal(t, "stable", capturedArgs.Args[2])
+		require.Equal(t, "--install-folder", capturedArgs.Args[3])
+		require.NotEmpty(t, capturedArgs.Args[4]) // install folder path
+		require.Equal(t, "--symlink-folder", capturedArgs.Args[5])
+		require.Equal(t, "", capturedArgs.Args[6])
+	})
+
+	t.Run("Success_Daily", func(t *testing.T) {
+		scriptContent := []byte("#!/bin/bash\necho installing")
+		server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.Header().Set("Content-Length", fmt.Sprintf("%d", len(scriptContent)))
+			w.WriteHeader(http.StatusOK)
+			_, _ = w.Write(scriptContent)
+		}))
+		defer server.Close()
+
+		client := &http.Client{
+			Transport: &urlRewriteTransport{
+				base:      http.DefaultTransport,
+				targetURL: server.URL,
+			},
+		}
+
+		var capturedArgs exec.RunArgs
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return args.Cmd == "bash"
+		}).RespondFn(func(args exec.RunArgs) (exec.RunResult, error) {
+			capturedArgs = args
+			return exec.NewRunResult(0, "Installation complete", ""), nil
+		})
+
+		m := NewManager(mockRunner, client)
+		var buf bytes.Buffer
+		err := m.updateViaInstallScript(context.Background(), &UpdateConfig{Channel: ChannelDaily}, &buf)
+		require.NoError(t, err)
+		require.Contains(t, buf.String(), "Installing azd daily channel")
+		require.Equal(t, "daily", capturedArgs.Args[2])
+	})
+
+	t.Run("DownloadFailure", func(t *testing.T) {
+		server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(http.StatusNotFound)
+		}))
+		defer server.Close()
+
+		client := &http.Client{
+			Transport: &urlRewriteTransport{
+				base:      http.DefaultTransport,
+				targetURL: server.URL,
+			},
+		}
+
+		m := NewManager(nil, client)
+		var buf bytes.Buffer
+		err := m.updateViaInstallScript(context.Background(), &UpdateConfig{Channel: ChannelStable}, &buf)
+		require.Error(t, err)
+		var updateErr *UpdateError
+		require.ErrorAs(t, err, &updateErr)
+		require.Equal(t, CodeDownloadFailed, updateErr.Code)
+	})
+
+	t.Run("ScriptExecutionError", func(t *testing.T) {
+		scriptContent := []byte("#!/bin/bash\necho installing")
+		server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.Header().Set("Content-Length", fmt.Sprintf("%d", len(scriptContent)))
+			w.WriteHeader(http.StatusOK)
+			_, _ = w.Write(scriptContent)
+		}))
+		defer server.Close()
+
+		client := &http.Client{
+			Transport: &urlRewriteTransport{
+				base:      http.DefaultTransport,
+				targetURL: server.URL,
+			},
+		}
+
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return args.Cmd == "bash"
+		}).SetError(fmt.Errorf("bash: command not found"))
+
+		m := NewManager(mockRunner, client)
+		var buf bytes.Buffer
+		err := m.updateViaInstallScript(context.Background(), &UpdateConfig{Channel: ChannelStable}, &buf)
+		require.Error(t, err)
+		var updateErr *UpdateError
+		require.ErrorAs(t, err, &updateErr)
+		require.Equal(t, CodeReplaceFailed, updateErr.Code)
+	})
+
+	t.Run("ScriptNonZeroExit", func(t *testing.T) {
+		scriptContent := []byte("#!/bin/bash\necho installing")
+		server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.Header().Set("Content-Length", fmt.Sprintf("%d", len(scriptContent)))
+			w.WriteHeader(http.StatusOK)
+			_, _ = w.Write(scriptContent)
+		}))
+		defer server.Close()
+
+		client := &http.Client{
+			Transport: &urlRewriteTransport{
+				base:      http.DefaultTransport,
+				targetURL: server.URL,
+			},
+		}
+
+		mockRunner := mockexec.NewMockCommandRunner()
+		mockRunner.When(func(args exec.RunArgs, command string) bool {
+			return args.Cmd == "bash"
+		}).Respond(exec.NewRunResult(1, "", "installation failed"))
+
+		m := NewManager(mockRunner, client)
+		var buf bytes.Buffer
+		err := m.updateViaInstallScript(context.Background(), &UpdateConfig{Channel: ChannelStable}, &buf)
+		require.Error(t, err)
+		var updateErr *UpdateError
+		require.ErrorAs(t, err, &updateErr)
+		require.Equal(t, CodeReplaceFailed, updateErr.Code)
+	})
+}

From cd96fa3649c55cd7398948eebc4195e63677ab2b Mon Sep 17 00:00:00 2001
From: hemarina <hemarina@microsoft.com>
Date: Thu, 19 Mar 2026 22:16:44 -0700
Subject: [PATCH 12/14] address feedback

---
 cli/azd/pkg/update/manager.go     | 100 +++++-------------------------
 cli/azd/pkg/update/msi_windows.go |   2 +-
 2 files changed, 17 insertions(+), 85 deletions(-)

diff --git a/cli/azd/pkg/update/manager.go b/cli/azd/pkg/update/manager.go
index 41ea2aee7b6..4282a0390b3 100644
--- a/cli/azd/pkg/update/manager.go
+++ b/cli/azd/pkg/update/manager.go
@@ -314,7 +314,7 @@ func (m *Manager) updateViaBrew(ctx context.Context, cfg *UpdateConfig, writer i
 
 	hasAzd := false
 	hasAzdDaily := false
-	for _, line := range strings.Split(caskOutput, "\n") {
+	for line := range strings.SplitSeq(caskOutput, "\n") {
 		name := strings.TrimSpace(line)
 		if name == "azd@daily" {
 			hasAzdDaily = true
@@ -386,17 +386,26 @@ func (m *Manager) updateViaInstallScript(ctx context.Context, cfg *UpdateConfig,
 	}
 	installFolder := filepath.Dir(currentPath)
 
-	// Download install-azd.sh to a temp file.
-	tempDir := os.TempDir()
-	scriptPath := filepath.Join(tempDir, "install-azd.sh")
+	// Download install-azd.sh into a uniquely-created temp directory with restrictive permissions
+	scriptDir, err := os.MkdirTemp("", "azd-update-*")
+	if err != nil {
+		return newUpdateError(CodeDownloadFailed, fmt.Errorf("failed to create temp directory: %w", err))
+	}
+	defer os.RemoveAll(scriptDir)
+
+	// Restrict the temp directory so only the current user can read/write/traverse it.
+	if err := os.Chmod(scriptDir, 0o700); err != nil {
+		return newUpdateError(CodeDownloadFailed, fmt.Errorf("failed to set temp directory permissions: %w", err))
+	}
+
+	scriptPath := filepath.Join(scriptDir, "install-azd.sh")
 
 	if err := m.downloadFile(ctx, installShScriptURL, scriptPath, writer); err != nil {
 		return newUpdateError(CodeDownloadFailed, fmt.Errorf("failed to download install script: %w", err))
 	}
-	defer os.Remove(scriptPath)
 
-	// Make the script executable.
-	if err := os.Chmod(scriptPath, 0o555); err != nil {
+	// Make the script executable
+	if err := os.Chmod(scriptPath, 0o500); err != nil {
 		return newUpdateError(CodeReplaceFailed, fmt.Errorf("failed to set script permissions: %w", err))
 	}
 
@@ -451,10 +460,6 @@ func (m *Manager) updateViaPackageManager(
 }
 
 func (m *Manager) updateViaMSI(ctx context.Context, cfg *UpdateConfig, writer io.Writer) error {
-	// Verify the install is the standard per-user MSI configuration.
-	// install-azd.ps1 installs with ALLUSERS=2 to %LOCALAPPDATA%\Programs\Azure Dev CLI.
-	// If the current install is non-standard, abort and advise the user.
-	if err := isStandardMSIInstall(); err != nil {
 	// Verify the install is the standard per-user MSI configuration.
 	// install-azd.ps1 installs with ALLUSERS=2 to %LOCALAPPDATA%\Programs\Azure Dev CLI.
 	// If the current install is non-standard, abort and advise the user.
@@ -505,55 +510,6 @@ func (m *Manager) updateViaMSI(ctx context.Context, cfg *UpdateConfig, writer io
 	log.Printf("Running install script: powershell %s", strings.Join(psArgs, " "))
 	fmt.Fprintf(writer, "Installing azd %s channel...\n", cfg.Channel)
 
-	runArgs := exec.NewRunArgs("powershell", psArgs...).
-		WithStdOut(writer).
-		WithStdErr(writer)
-
-	if _, err := m.commandRunner.Run(ctx, runArgs); err != nil {
-		return newUpdateError(CodeReplaceFailed, fmt.Errorf("install script failed: %w", err))
-	//  1. Rename the running exe to temp (frees the path; process continues via the OS handle)
-	//  2. Copy it back as an unlocked safety net (if killed at any point, azd.exe still exists)
-	//  3. The MSI will overwrite the unlocked safety copy with the new version
-	fmt.Fprintf(writer, "Backing up current azd executable...\n")
-	originalPath, backupPath, err := backupCurrentExe()
-	if err != nil {
-		return newUpdateError(CodeReplaceFailed, fmt.Errorf("failed to backup current executable: %w", err))
-	}
-
-	// Track whether the install succeeded so we know whether to restore or clean up.
-	updateSucceeded := false
-	defer func() {
-		if updateSucceeded {
-			// Remove the temp backup directory. If this fails, the OS
-			// will clean it up eventually since it lives under %TEMP%.
-			_ = os.RemoveAll(filepath.Dir(backupPath))
-			return
-		}
-		// Update failed — restore the backup so the user has the original binary.
-		fmt.Fprintf(writer, "Restoring previous version...\n")
-		if restoreErr := restoreExeFromBackup(originalPath, backupPath); restoreErr != nil {
-			fmt.Fprintf(writer, "WARNING: failed to restore previous version: %v\n", restoreErr)
-			fmt.Fprintf(writer, "Your backup is at: %s\n", backupPath)
-			fmt.Fprintf(writer, "To recover manually, copy it to: %s\n", originalPath)
-		}
-	}()
-
-	// Run the install script synchronously. The MSI overwrites the unlocked
-	// safety copy at the original path with the new version.
-	psArgs := buildInstallScriptArgs(cfg.Channel)
-
-	// Snapshot the safety copy's mod time before the install so we can detect
-	// whether the MSI actually replaced the file. A plain os.Stat after install
-	// would always succeed because the safety copy already exists at originalPath.
-	preInfo, statErr := os.Stat(originalPath)
-	if statErr != nil {
-		return newUpdateError(CodeReplaceFailed,
-			fmt.Errorf("failed to stat safety copy before install: %w", statErr))
-	}
-
-	log.Printf("Running install script: powershell %s", strings.Join(psArgs, " "))
-	fmt.Fprintf(writer, "Installing azd %s channel...\n", cfg.Channel)
-
 	runArgs := exec.NewRunArgs("powershell", psArgs...).
 		WithStdOut(writer).
 		WithStdErr(writer)
@@ -577,23 +533,6 @@ func (m *Manager) updateViaMSI(ctx context.Context, cfg *UpdateConfig, writer io
 				"(file unchanged); the MSI may have failed silently", originalPath))
 	}
 
-	updateSucceeded = true
-	log.Printf("Update completed successfully")
-	// Verify the MSI actually replaced the binary by comparing mod time and
-	// size against the pre-install safety copy. If both are identical the MSI
-	// did not write a new file (silent failure).
-	postInfo, statErr := os.Stat(originalPath)
-	if statErr != nil {
-		return newUpdateError(CodeReplaceFailed,
-			fmt.Errorf("install script completed but %s was not found", originalPath))
-	}
-
-	if postInfo.ModTime().Equal(preInfo.ModTime()) && postInfo.Size() == preInfo.Size() {
-		return newUpdateError(CodeReplaceFailed,
-			fmt.Errorf("install script completed but the binary at %s was not updated "+
-				"(file unchanged); the MSI may have failed silently", originalPath))
-	}
-
 	updateSucceeded = true
 	log.Printf("Update completed successfully")
 	return nil
@@ -825,24 +764,17 @@ func (m *Manager) replaceBinary(ctx context.Context, newBinaryPath, currentBinar
 	return fmt.Errorf("failed to replace binary: %w", err)
 }
 
-// currentExePath returns the resolved path of the currently running executable.
 // currentExePath returns the resolved path of the currently running executable.
 func currentExePath() (string, error) {
 	exePath, err := os.Executable()
 	if err != nil {
 		return "", fmt.Errorf("failed to determine current executable path: %w", err)
-		return "", fmt.Errorf("failed to determine current executable path: %w", err)
 	}
 	resolved, err := filepath.EvalSymlinks(exePath)
 	if err != nil {
 		return "", fmt.Errorf("failed to resolve executable path: %w", err)
 	}
 	return resolved, nil
-	resolved, err := filepath.EvalSymlinks(exePath)
-	if err != nil {
-		return "", fmt.Errorf("failed to resolve executable path: %w", err)
-	}
-	return resolved, nil
 }
 
 func copyFile(src, dst string) error {
diff --git a/cli/azd/pkg/update/msi_windows.go b/cli/azd/pkg/update/msi_windows.go
index 4b3ff1425e8..95d2c3d8d9f 100644
--- a/cli/azd/pkg/update/msi_windows.go
+++ b/cli/azd/pkg/update/msi_windows.go
@@ -36,7 +36,7 @@ func expectedPerUserInstallDir() string {
 //     This frees the original path AND keeps the running process alive.
 //  2. Copy the backup back to the original path (azd.exe).
 //     This is an unlocked copy that acts as a safety net: if the process is
-//     killed at any point after this (Ctrl+C, power loss, ect), the user
+//     killed at any point after this (Ctrl+C, power loss, etc.), the user
 //     still has a working azd.exe.
 //  3. The MSI installer later overwrites the unlocked safety copy with the new version.
 //

From 56ff338949e310271f840e0a453d2f2683e9e9b1 Mon Sep 17 00:00:00 2001
From: hemarina <104857065+hemarina@users.noreply.github.com>
Date: Thu, 19 Mar 2026 22:23:40 -0700
Subject: [PATCH 13/14] Update cli/azd/pkg/update/manager.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 cli/azd/pkg/update/manager.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cli/azd/pkg/update/manager.go b/cli/azd/pkg/update/manager.go
index 4282a0390b3..0ee83462e10 100644
--- a/cli/azd/pkg/update/manager.go
+++ b/cli/azd/pkg/update/manager.go
@@ -382,7 +382,7 @@ func (m *Manager) updateViaInstallScript(ctx context.Context, cfg *UpdateConfig,
 
 	currentPath, err := currentExePath()
 	if err != nil {
-		return fmt.Errorf("failed to determine current path: %w", err)
+		return newUpdateError(CodeReplaceFailed, fmt.Errorf("failed to determine current path: %w", err))
 	}
 	installFolder := filepath.Dir(currentPath)
 

From 4d3c34c789beda4e593b22f55fd8da7136de0924 Mon Sep 17 00:00:00 2001
From: hemarina <hemarina@microsoft.com>
Date: Thu, 19 Mar 2026 22:29:30 -0700
Subject: [PATCH 14/14] address feedback, separate rm and cp commands with sudo

---
 cli/azd/pkg/update/manager.go | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/cli/azd/pkg/update/manager.go b/cli/azd/pkg/update/manager.go
index 4282a0390b3..3f797832373 100644
--- a/cli/azd/pkg/update/manager.go
+++ b/cli/azd/pkg/update/manager.go
@@ -743,20 +743,27 @@ func (m *Manager) replaceBinary(ctx context.Context, newBinaryPath, currentBinar
 	// On unix, try with sudo if permission denied
 	if runtime.GOOS != "windows" {
 		log.Printf("direct replacement failed (%v), trying with sudo", err)
-		// Use "rm -f && cp" instead of plain "cp" to avoid "Text file busy" (ETXTBSY) errors.
-		// On Linux, writing to a running binary's inode fails because the kernel holds a
-		// write lock on executing files. Removing first unlinks the filename (the running
-		// process keeps the old inode alive via its fd), then cp creates a new inode.
-		shellCmd := fmt.Sprintf("rm -f %q && cp %q %q", currentBinaryPath, newBinaryPath, currentBinaryPath)
-		runArgs := exec.NewRunArgs("sudo", "sh", "-c", shellCmd)
-		runArgs = runArgs.WithInteractive(true)
-		result, sudoErr := m.commandRunner.Run(ctx, runArgs)
-		if sudoErr != nil {
-			return newUpdateError(CodeElevationFailed, sudoErr)
+		// Remove the destination first to avoid "Text file busy" (ETXTBSY) errors.
+		rmArgs := exec.NewRunArgs("sudo", "rm", "-f", currentBinaryPath)
+		rmArgs = rmArgs.WithInteractive(true)
+		rmResult, rmErr := m.commandRunner.Run(ctx, rmArgs)
+		if rmErr != nil {
+			return newUpdateError(CodeElevationFailed, fmt.Errorf("sudo rm failed: %w", rmErr))
 		}
-		if result.ExitCode != 0 {
+		if rmResult.ExitCode != 0 {
 			return newUpdateErrorf(CodeElevationFailed,
-				"sudo copy failed with exit code %d", result.ExitCode)
+				"sudo rm failed with exit code %d", rmResult.ExitCode)
+		}
+
+		cpArgs := exec.NewRunArgs("sudo", "cp", newBinaryPath, currentBinaryPath)
+		cpArgs = cpArgs.WithInteractive(true)
+		cpResult, cpErr := m.commandRunner.Run(ctx, cpArgs)
+		if cpErr != nil {
+			return newUpdateError(CodeElevationFailed, fmt.Errorf("sudo cp failed: %w", cpErr))
+		}
+		if cpResult.ExitCode != 0 {
+			return newUpdateErrorf(CodeElevationFailed,
+				"sudo cp failed with exit code %d", cpResult.ExitCode)
 		}
 		return nil
 	}