Safety and Opt-out

updater.zig is designed with user privacy and control as primary concerns. This page explains all safety features and opt-out mechanisms.

Design Principles

Zero surprise networking: No network requests without explicit opt-in
Never fail builds: Update checks never cause build failures
User control: Multiple ways to disable checking
Nested dependency safe: Parent projects can control child dependencies

Global Opt-out

Environment Variable

Set ZIG_UPDATE_CHECK_DISABLE to disable all update checking:

bash

# Linux/macOS
export ZIG_UPDATE_CHECK_DISABLE=1

# Windows (PowerShell)
$env:ZIG_UPDATE_CHECK_DISABLE = "1"

# Windows (CMD)
set ZIG_UPDATE_CHECK_DISABLE=1

This disables:

Build-time checks
Runtime foreground checks
Runtime background checks
Checks from all dependencies (nested dependency safe)

Checking Status

zig

if (updater.isGloballyDisabled()) {
    std.debug.print("Update checking is disabled\n", .{});
    return;
}

CI Detection

Common CI environments are automatically detected:

Environment Variable	CI System
`CI`	Generic CI indicator
`CONTINUOUS_INTEGRATION`	Generic CI indicator
`GITHUB_ACTIONS`	GitHub Actions
`GITLAB_CI`	GitLab CI
`CIRCLECI`	CircleCI
`TRAVIS`	Travis CI
`JENKINS_URL`	Jenkins
`BUILDKITE`	Buildkite
`DRONE`	Drone CI
`AZURE_PIPELINES`	Azure Pipelines

Checking CI Status

zig

if (updater.isCI()) {
    std.debug.print("Running in CI environment\n", .{});
    return;
}

Configuration-based Disabling

Disable in Config

zig

const result = try updater.checkForUpdates(allocator, .{
    .enabled = false,  // Explicitly disable
    .provider = updater.providers.github,
    .owner = "username",
    .repo = "project",
    .current_version = "1.0.0",
});

Build Options

zig

const updater_dep = b.dependency("updater", .{
    .target = target,
    .optimize = optimize,
    .enable_update_checker = false,  // Disable at build time
});

Or via command line:

bash

zig build -Denable_update_checker=false

For Library Authors

If you are writing a library that uses updater.zig:

1. Make it Optional

zig

pub fn build(b: *std.Build) void {
    // Default to false for libraries
    const enable_updates = b.option(
        bool,
        "enable_library_updates",
        "Enable checking for library updates",
    ) orelse false;

    if (enable_updates) {
        // Only add update checking if explicitly enabled
        updater.build_integration.addUpdateCheck(b, .{
            .owner = "library-author",
            .repo = "mylib",
            .current_version = "1.0.0",
        });
    }
}

2. Document Network Behavior

Always document:

When network requests are made
What data is sent
How users can disable it

3. Respect User Preferences

Always check the global opt-out:

zig

if (updater.isGloballyDisabled()) {
    return;  // Respect user's choice
}

Network Behavior

What updater.zig sends

HTTP GET request to the provider's API
User-Agent header (configurable)
Accept header for JSON

What updater.zig receives

Release/tag information from the API
Version number
Release URL

What updater.zig does NOT do

Track users
Send identifying information
Make requests without explicit configuration
Store any data

Error Handling

Update checks are designed to be non-fatal:

Build-time

Build-time checks never fail the build:

warning: [updater.zig] Update check failed: ConnectionFailed
Build succeeded.

Runtime

Runtime checks return errors that should be handled gracefully:

zig

const result = updater.checkForUpdates(allocator, config) catch |err| {
    // Log but don't crash
    std.log.warn("Update check failed: {}", .{err});
    return;
};

Nested Dependency Safety

When your project depends on a library that uses updater.zig:

your-project/
├── build.zig
└── deps/
    └── some-library/  (uses updater.zig internally)

Setting ZIG_UPDATE_CHECK_DISABLE=1 will disable update checks in:

Your project
some-library
Any transitive dependencies

This ensures users have complete control over network behavior.

Recommendations

For Application Developers

Enable update checking for your main application
Disable it in CI environments (automatic)
Document the feature for your users
Respect the global opt-out

For Library Developers

Default to disabled
Require explicit opt-in
Document network behavior clearly
Always check isGloballyDisabled()

For End Users

Use ZIG_UPDATE_CHECK_DISABLE=1 to opt out globally
Check library documentation for per-library options
Review build options for update-related settings

Next Steps

Configuration - Full configuration reference
Custom Providers - Self-hosted servers

Safety and Opt-out ​

Design Principles ​

Global Opt-out ​

Environment Variable ​

Checking Status ​

CI Detection ​

Checking CI Status ​

Configuration-based Disabling ​

Disable in Config ​

Build Options ​

For Library Authors ​

1. Make it Optional ​

2. Document Network Behavior ​

3. Respect User Preferences ​

Network Behavior ​

What updater.zig sends ​

What updater.zig receives ​

What updater.zig does NOT do ​

Error Handling ​

Build-time ​

Runtime ​

Nested Dependency Safety ​

Recommendations ​

For Application Developers ​

For Library Developers ​

For End Users ​

Next Steps ​