Summary
The PromptKit CLI (@alan-jowett/promptkit) currently has no mechanism to tell users that a newer version is available. Users who installed via npm i -g (or via an old npx cache) can silently run an outdated build indefinitely. Any ""update banner"" users may have seen in the past belongs to npm itself or to the downstream LLM CLI (copilot, claude, codex), not to PromptKit.
Motivation
- Users running against stale PromptKit content may hit bugs that are already fixed upstream.
- Triage is harder when there is no in-CLI signal that the user is behind.
- This is a solved problem in the Node ecosystem; PromptKit should follow the same convention (
npm, yarn, vercel, gh all do it).
Proposed change
Add a lightweight update check to cli/bin/cli.js for the default interactive command.
Behavior
-
Query https://registry.npmjs.org/<pkg>/latest with a short timeout (≈ 1500 ms).
-
Compare json.version against package.json.version using basic semver major.minor.patch ordering.
-
If latest > current, print a one-box banner before spawning the LLM CLI:
+----------------------------------------+
| Update available: 0.6.1 -> 0.7.0 |
| Run: npm i -g @alan-jowett/promptkit |
+----------------------------------------+
-
Cache the result in ~/.promptkit/update-check.json for 24 hours so subsequent launches don't hit the network.
-
Never block, retry, or fail the CLI on network/cache errors — silently skip and let the CLI continue.
Opt-out / non-interactive safety
- Skipped when
NO_UPDATE_NOTIFIER=1.
- Skipped when
CI env var is set.
- Skipped when
stdout is not a TTY (scripted/piped usage).
- Skipped when
--no-update-check flag is passed.
- Skipped for non-interactive subcommands (
list, search, show, --version) to keep machine-readable output clean.
Implementation constraints
- No new runtime dependencies. Use Node's built-in
https module. Do not pull in update-notifier, got, semver, etc.
- Pure functions (version parsing, comparison, banner formatting) go in a new
cli/lib/update-check.js module with unit tests that don't touch the network.
- Network fetch timeout is hard-capped; no pathological hang regardless of registry responsiveness.
Acceptance criteria
- Fresh session on an outdated install prints the banner once, then spawns the LLM CLI normally.
- Second invocation within 24 h hits the cache and still prints the banner — no second network call.
- Network failures, cache I/O failures, and malformed JSON never surface to the user.
NO_UPDATE_NOTIFIER=1, CI=1, --no-update-check, and non-TTY stdout all suppress the banner.promptkit --version and promptkit list --json output nothing extra.- Unit tests cover version comparison edge cases (leading
v, prerelease tags, equal versions, major/minor/patch bumps).
Out of scope
- Update detection when
bootstrap.md is loaded manually (no CLI involved). Tracked separately if we pursue it; it requires agent-runtime web tools and is not universally available.
Summary
The PromptKit CLI (
@alan-jowett/promptkit) currently has no mechanism to tell users that a newer version is available. Users who installed vianpm i -g(or via an oldnpxcache) can silently run an outdated build indefinitely. Any ""update banner"" users may have seen in the past belongs to npm itself or to the downstream LLM CLI (copilot,claude,codex), not to PromptKit.Motivation
npm,yarn,vercel,ghall do it).Proposed change
Add a lightweight update check to
cli/bin/cli.jsfor the defaultinteractivecommand.Behavior
Query
https://registry.npmjs.org/<pkg>/latestwith a short timeout (≈ 1500 ms).Compare
json.versionagainstpackage.json.versionusing basic semver major.minor.patch ordering.If
latest > current, print a one-box banner before spawning the LLM CLI:Cache the result in
~/.promptkit/update-check.jsonfor 24 hours so subsequent launches don't hit the network.Never block, retry, or fail the CLI on network/cache errors — silently skip and let the CLI continue.
Opt-out / non-interactive safety
NO_UPDATE_NOTIFIER=1.CIenv var is set.stdoutis not a TTY (scripted/piped usage).--no-update-checkflag is passed.list,search,show,--version) to keep machine-readable output clean.Implementation constraints
httpsmodule. Do not pull inupdate-notifier,got,semver, etc.cli/lib/update-check.jsmodule with unit tests that don't touch the network.Acceptance criteria
NO_UPDATE_NOTIFIER=1,CI=1,--no-update-check, and non-TTY stdout all suppress the banner.promptkit --versionandpromptkit list --jsonoutput nothing extra.v, prerelease tags, equal versions, major/minor/patch bumps).Out of scope
bootstrap.mdis loaded manually (no CLI involved). Tracked separately if we pursue it; it requires agent-runtime web tools and is not universally available.