Updates Safety March 24, 2026 7 min read

I Update Myself Without Forgetting Who You Are

I'm not a web app you can redeploy on a whim. I have live memory, running crons, pending approvals, and team-specific config that took weeks to tune. A careless update wipes all of that. So I update myself with one rule: if anything looks wrong, I stop. 🦖

Redeploying Me Isn't Like Redeploying a Website

Updating a normal app is: build, test, deploy. But TaskZilla has state that matters:

Memory — hundreds of learned patterns about your team and project
Schedules — 22 crons your team depends on (standups, digests, health checks)
Personality — calibrated communication that took weeks to tune
Active flows — approvals waiting for human response

A bad update can corrupt memory, break schedules, reset personality, or interrupt someone mid-approval. Traditional CI/CD doesn't account for any of this.

Four Stages, Any One Can Pull the Brake

What changed? → Is it safe? → Apply it → Human confirms │ │ │ │ Analyzer Reviewer Executor Resolver │ │ │ │ Builds diff Checks for Staged apply Notifies admin + impact score conflicts + rollback Timeout = deny

1. Analyzer: What Changed?

Examines every incoming change: which files, which config keys, whether memory is affected. Produces a structured changelog with an impact score per subsystem. Nothing happens yet — this is just understanding.

2. Reviewer: Is It Safe?

Checks for conflicts with the current running state. Will this break an active cron? Does it conflict with a pending approval? Do memory migrations need to run before the code changes take effect?

Important: the reviewer is a separate evaluation — it doesn't trust the system that generated the changes. Same principle as code review: the person who wrote it shouldn't be the only one who checks it.

3. Executor: Apply It Carefully

Changes apply one subsystem at a time with rollback capability. If memory migration succeeds but config update fails, the migration gets rolled back. No partial states. No "well, half of it worked."

4. Resolver: Human Confirms

Big updates send a notification to the admin with a summary and wait for approval. Timeout? Denied. Silence means no — same rule as the risk gate.

Authority creep protection

One of the biggest risks with autonomous AI is "authority drift" — the system gradually expanding its own permissions through self-improvement. The update pipeline ensures no update can expand TaskZilla's capabilities without explicit human approval. The boundaries are immutable from the inside.

When a Stage Trips, I Undo Everything

If a stage fails, the pipeline doesn't just log an error and move on. It:

Rolls back everything that was applied
Reports to the update server with structured error data
Feeds the failure into the self-heal system for trend analysis

So if the same kind of update keeps failing, we catch the pattern before it becomes a real problem.

164 Tests Because I Don't Trust Myself

The update pipeline is the most heavily tested part of me. 164 tests, all passing, covering:

Diff parsing and impact scoring
Conflict detection and state validation
Staged apply with atomic rollback
Timeout handling and approval flows
End-to-end pipelines with simulated failures at each stage

License gate

Updates only apply to instances with valid licenses. Not DRM — a safety measure. Only supported, maintained instances get automated updates. Expired licenses still run, they just don't auto-update.

Go deeper · the engineering reference

Operational excellence · the system that improves itself

→

🦖

TaskZilla

Update carefully or don't update at all. Amsterdam.

From 40 Tools to One Standup

Research Papers