t1440: harden aidevops update when brew or auth refresh fails

[marcusquinn]

Summary

• Guard brew lookups by resolving the executable path before running timeout-wrapped brew commands.
• Fall back to the public GitHub releases API for gh version checks so update flows survive brew absence and auth refresh failures.
• Add regression coverage for the brew-missing and gh-auth-failure update paths.

Closes #4141

[coderabbitai]

Warning

Rate limit exceeded

@marcusquinn has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 6 minutes and 15 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: caba84b6-9181-45eb-b28d-4d33e6b9e1be

📥 Commits

Reviewing files that changed from the base of the PR and between db7ea8c and 40727fe.

📒 Files selected for processing (3)

• .agents/scripts/tool-version-check.sh
• aidevops.sh
• tests/test-update-fallbacks.sh

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bugfix/t1440-update-failure

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the resilience of the aidevops update process. It addresses potential points of failure related to brew and gh (GitHub CLI) by ensuring that version lookups and updates can gracefully handle situations where brew is not found or gh authentication encounters issues. By introducing a direct fallback to the public GitHub API for gh version checks and hardening brew command execution, the system becomes more robust and less prone to interruptions during updates.

Highlights

• Brew Lookup Hardening: Ensured the brew executable path is explicitly resolved before execution, preventing issues if brew is not directly in PATH or its execution fails.
• GitHub CLI (gh) Version Fallback: Implemented a fallback mechanism to use the public GitHub releases API for gh version checks, allowing updates to proceed even if brew is absent or gh authentication refresh fails.
• Regression Test Coverage: Added new tests to specifically cover the scenarios where brew is missing or gh authentication fails, ensuring the robustness of the update paths.

Changelog

• .agents/scripts/tool-version-check.sh
  • Introduced get_public_release_tag function to retrieve the latest release tag from the GitHub API.
  • Modified get_brew_latest to explicitly find the brew executable and, for gh, to use the new public API fallback if brew is not available.
  • Added a shellcheck directive to ignore a specific warning.
  • Adjusted JSON output formatting for consistency.
• aidevops.sh
  • Added get_public_release_tag function, mirroring the one in tool-version-check.sh, to fetch GitHub release tags.
  • Updated cmd_update to first locate the brew executable and then, for gh updates, to utilize the public GitHub API fallback when brew is absent or gh authentication is problematic.
• tests/test-update-fallbacks.sh
  • Added a new comprehensive test script to validate the new fallback mechanisms. This script simulates missing brew and gh authentication failures, verifying that the aidevops and tool-version-check scripts correctly use the public GitHub API for gh version retrieval.

Activity

• The pull request addresses and closes issue t1440: Fix aidevops update failures when brew is missing or token refresh returns 500 #4141.
• No other human activity (comments, reviews, progress updates) was provided in the context.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 402 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Wed Mar 11 16:16:20 UTC 2026: Code review monitoring started
Wed Mar 11 16:16:20 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 402

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 402
• VULNERABILITIES: 0

Generated on: Wed Mar 11 16:16:23 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[gemini-code-assist]

Code Review

This pull request significantly improves the robustness of the aidevops update process by guarding brew lookups and implementing a fallback to the public GitHub releases API for gh version checks. The changes effectively handle scenarios where brew is unavailable or gh authentication fails, which is a great step towards hardening the system. The addition of comprehensive regression tests in tests/test-update-fallbacks.sh is particularly commendable, providing excellent coverage for these new failure modes and ensuring the reliability of the implemented fallbacks. The overall approach aligns well with the stated objectives.

[gemini-code-assist]

This get_public_release_tag function is duplicated in .agents/scripts/tool-version-check.sh. While duplication of simple, self-contained helper functions is acceptable for standalone scripts to avoid source dependencies and maintain independence, it is crucial to ensure consistency across these duplicated functions. Specifically, ensure consistency in timeout values. The cmd_update function in this file uses 30 seconds for package queries, while this function uses 15 seconds. It would be more consistent to use 30 seconds here as well, or define a shared constant.

Suggested change

	tag=$(_timeout_cmd 15 curl -fsSL "https://api.github.com/repos/${repo}/releases/latest" 2>/dev/null |
	tag=$(_timeout_cmd 30 curl -fsSL "https://api.github.com/repos/${repo}/releases/latest" 2>/dev/null |

References

1. In shell scripts, extract repeated logic into an internal helper function to improve maintainability. This applies even for standalone scripts where external source dependencies are avoided.
2. For standalone shell scripts, it is acceptable to duplicate simple, self-contained helper functions (e.g., a cross-platform sed wrapper) instead of introducing source dependencies. This maintains script independence and avoids risks like path resolution issues, which is particularly important in focused bugfix pull requests.