feat: implement smart update recommendations

[pratyush07-hub]

Related Issue

Closes #91

Summary

This PR introduces the Smart Update Recommendations System, which provides predictive, risk-aware guidance for system and package updates before they are applied.
The system analyzes installed packages, evaluates available updates, and recommends when and how updates should be applied to minimize instability and breaking changes.

Key Features

• Smart Update Recommendations

  Categorizes updates as Security, Immediate, Scheduled, or Deferred based on risk.

• Risk & Impact Analysis

  Evaluates updates using version changes, package sensitivity, and changelog keywords, with optional LLM support.

• Optional LLM Integration

  Predicts breaking changes, groups related updates, and explains recommendations. Works fully without an LLM.

• New CLI Command

  cortex update recommend

• Comprehensive Documentation

  Adds a dedicated feature guide in docs/SMART_UPDATE_RECOMMENDATIONS.md and updates existing user and developer guides.

• Test Suite

  Includes 25+ unit tests in tests/test_update_recommender.py covering version parsing, risk scoring, and update categorization logic.

Demonstration

screencast-from-2026-01-23-02-00-48_IQ5A2AK3.1.mp4

Files Changed

Core

• cortex/update_recommender.py (new)
• cortex/cli.py (updated)
• cortex/i18n/locales/en.yaml (updated)

Tests

• tests/test_update_recommender.py (new)

Docs

• docs/SMART_UPDATE_RECOMMENDATIONS.md (new)
• docs/guides/User-Guide.md (updated)
• docs/guides/Developer-Guide.md (updated)
• README.md (updated)

AI Disclosure

• No AI used
• AI/IDE/Agents used (please describe below)

Used Claude Opus 4.5 (Antigravity Coding Assistant) :

• Assist with structuring the recommendation workflow
• Generate and refine unit test cases, with a focus on pytest parameterized tests
• Improve documentation clarity and consistency

Checklist

• PR title follows format: type(scope): description or [scope] description
• Tests pass (pytest tests/)
• MVP label added if closing MVP issue
• Update "Cortex -h" (if needed)

Summary by CodeRabbit

• New Features

  • Smart Update Recommendations: AI-assisted update scanning with risk scoring, timing categories (immediate, scheduled, deferred, security), grouping, breaking-change guidance, CLI subcommand with JSON output and --no-llm opt-out.

• Documentation

  • Added user, developer, and feature guides, README entry, command examples, JSON schema, usage patterns, and best-practice guidance.

• Tests

  • Comprehensive tests for parsing, recommendation logic, categorization, security detection, display, and LLM integration.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a Smart Update Recommendations feature: new CLI subcommand cortex update recommend, a full UpdateRecommender engine with data models, heuristics and optional LLM analysis, i18n strings, docs, and comprehensive tests. No existing public API signatures were removed.

Changes

Cohort / File(s)	Summary
CLI Integration cortex/cli.py	Adds update recommend subcommand with --no-llm and --json flags; new progress branch for "recommend"; constructs LLMRouter when applicable; prints JSON or rich output; adds module-level logger.
Core Recommendation Engine cortex/update_recommender.py	New module implementing PackageVersion, UpdateInfo, UpdateRecommendation, enums (RiskLevel, UpdateCategory, ChangeType), package-manager probing (dpkg/rpm, apt/dnf/yum), change/risk analysis, grouping, optional LLM integration, display helpers, and public recommend_updates entry.
Internationalization cortex/i18n/locales/en.yaml	Adds progress.update_recommend translation keys and strings for status, categories, risks, notes, LLM messages, and recommendation templates.
Documentation README.md, docs/SMART_UPDATE_RECOMMENDATIONS.md, docs/guides/Developer-Guide.md, docs/guides/User-Guide.md	Introduces feature docs, CLI usage examples (including JSON), JSON schema, developer notes, strategies, and troubleshooting guidance.
Tests tests/test_update_recommender.py	New comprehensive unit tests: version parsing/comparison, recommender logic, package-manager interaction mocks, risk/security heuristics, LLM interaction/mocking, display formatting, and recommend_updates flows.

Sequence Diagram(s)

sequenceDiagram
    participant User as User/CLI
    participant CLI as cortex/cli.py
    participant Recommender as UpdateRecommender
    participant PkgMgr as Package Manager(s)
    participant LLM as LLMRouter
    participant Output as Console/JSON

    User->>CLI: cortex update recommend [--json|--no-llm]
    CLI->>Recommender: instantiate (llm_router?)
    Recommender->>PkgMgr: get_installed_packages()
    PkgMgr-->>Recommender: installed packages & versions
    Recommender->>PkgMgr: get_available_updates()
    PkgMgr-->>Recommender: available updates + changelogs
    Recommender->>Recommender: analyze_change_type(), assess_risk(), categorize_update(), group_updates()
    alt use_llm
        Recommender->>LLM: analyze_with_llm(updates)
        LLM-->>Recommender: llm_analysis_text
    end
    Recommender-->>CLI: UpdateRecommendation (struct)
    CLI->>Output: format as JSON or rich panels
    Output-->>User: recommendations output

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat: add self-update and version management #594 — overlaps CLI update subcommands and update/self-update flows; directly relevant to integrating the update recommend branch into existing update handling.

Suggested reviewers

• mikejmorgan-ai
• Suyashd999

Poem

🐇
I nibble changelogs soft and small,
sniff risks where updates sprawl,
I hop and group each cautious bite,
"Apply the safe, postpone the blight."
Hooray — a tidy patchwork night!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 59.18% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: implementing a smart update recommendations feature.
Description check	✅ Passed	The PR description includes all required template sections: Related Issue, Summary, AI Disclosure, and Checklist with appropriate completions.
Linked Issues check	✅ Passed	All acceptance criteria from issue #91 are met: scans available updates, assesses per-update risk, recommends timing categories, groups related updates, predicts breaking changes, supports optional LLM, includes unit tests with >80% coverage, and provides comprehensive documentation.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with issue #91 requirements. Files modified include the core recommender module, CLI integration, i18n support, tests, and documentation—all within the scope of implementing smart update recommendations.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @pratyush07-hub, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the Cortex system by integrating an intelligent update recommendation engine. This system proactively analyzes available package updates, assesses their potential risks, and provides actionable guidance on the optimal timing for their application. The goal is to empower users with better decision-making capabilities regarding system maintenance, ensuring stability while keeping software up-to-date.

Highlights

• New Feature: Smart Update Recommendations System: Introduces a new AI-powered system that provides predictive, risk-aware guidance for system and package updates, aiming to minimize instability and breaking changes.
• Update Categorization: Updates are categorized into Security, Immediate, Scheduled, or Deferred based on their assessed risk and impact.
• Risk & Impact Analysis: The system evaluates updates using factors such as version changes (major, minor, patch), package sensitivity (e.g., kernel, databases), and keywords found in changelogs to determine risk.
• Optional LLM Integration: The system can optionally integrate with a Large Language Model (LLM) to predict breaking changes, group related updates, and provide detailed explanations for recommendations, though it functions fully without an LLM.
• New CLI Command: A new command, cortex update recommend, has been added to the CLI for users to access the update recommendations.
• Comprehensive Documentation and Testing: The feature includes dedicated documentation in docs/SMART_UPDATE_RECOMMENDATIONS.md and is supported by over 25 unit tests covering version parsing, risk scoring, and categorization logic.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces the Smart Update Recommendations System, a valuable new feature that provides AI-powered guidance for system and package updates. The implementation includes a new core module (cortex/update_recommender.py), CLI integration, and comprehensive documentation updates. The system categorizes updates by risk, analyzes version changes, and can leverage LLM support for deeper insights. Overall, the feature is well-designed and adds significant value to Cortex Linux.

I am having trouble creating individual review comments. Click here to see my feedback.

cortex/update_recommender.py (294-303)

Retrieving the current version for each package by running pm info installed name inside the loop is inefficient. For DNF/YUM systems, it would be more efficient to fetch all installed package versions once (similar to dpkg-query) and then look up the current version from that cached data. This avoids multiple subprocess.run calls.

cortex/cli.py (1953-1954)

Catching a generic Exception here is too broad and can mask underlying issues. It's better to catch more specific exceptions that might occur during the import or instantiation of LLMRouter, such as ImportError or ModuleNotFoundError.

                    except (ImportError, ModuleNotFoundError):
                        pass

cortex/cli.py (1963)

The overall_risk is currently outputting its integer value (e.g., 1, 2, 3, 4). However, the documentation in docs/SMART_UPDATE_RECOMMENDATIONS.md shows a string representation (e.g., "medium"). To maintain consistency with the documentation and provide a more human-readable output, please use overall_risk.value_str.

                    "overall_risk": recommendation.overall_risk.value_str,

cortex/cli.py (1959-2008)

The manual conversion of the UpdateRecommendation dataclass to a JSON-serializable dictionary is quite verbose and prone to errors if the dataclass structure changes. Consider using a library like dataclasses-json to automatically handle this serialization, which would make the code more concise and maintainable.

Alternatively, you could implement a to_dict method within the UpdateRecommendation and UpdateInfo dataclasses to encapsulate this serialization logic.

cortex/update_recommender.py (257-263)

The RPM package name parsing parts[0].rsplit(".", 1)[0] might be overly aggressive. If a package name legitimately contains a dot (e.g., python.requests), this logic would incorrectly truncate the name. It's generally safer to assume the first part is the package name unless there's a specific reason to split by a dot.

                                name, new_ver = parts[0], parts[1]

cortex/update_recommender.py (300-301)

The parsing logic l.split(":", 1)[1].strip() for extracting the version from dnf/yum info output is fragile. It assumes the line starts with "Version" and has a colon followed by the version. A more robust approach would be to use a regular expression to extract the version, or to parse the output more carefully, as the format might vary slightly across different RPM-based distributions or versions of dnf/yum.

cortex/update_recommender.py (521-522)

Catching a generic Exception here is too broad. It's better to catch specific exceptions that might occur during the LLM API call, such as APIError from the LLM client library or network-related exceptions. A broad catch can hide other programming errors.

cortex/update_recommender.py (755-756)

Catching a generic Exception here is too broad. Consider catching more specific exceptions that UpdateRecommender methods might raise, such as RuntimeError for LLM issues or subprocess.CalledProcessError for package manager command failures. This improves error handling clarity.

[coderabbitai]

Actionable comments posted: 5

🤖 Fix all issues with AI agents

In `@cortex/update_recommender.py`:
- Around line 701-717: get_recommendations is calling
is_security_update(pkg_name) with only the package name, so security signals in
changelog/description are never considered; update the loop that builds
UpdateInfo (around PackageVersion.parse, analyze_change_type, assess_risk,
is_security_update) to populate and pass the package description/changelog and
repo/channel metadata into is_security_update and assess_risk (and include those
fields when constructing UpdateInfo) — if metadata isn't present on the update
tuple, fetch the changelog/description from the package source or repo/channel
API before calling is_security_update and assess_risk so security updates (e.g.,
*-security origins) are detected.
- Around line 389-398: The public method analyze_change_type lacks a docstring;
add a concise docstring above analyze_change_type describing what the function
does (determine MAJOR/MINOR/PATCH/UNKNOWN based on PackageVersion comparison),
list the parameters (current: PackageVersion, new: PackageVersion) and their
meaning, and document the return value (ChangeType) including the tie-breaker
behavior for alphanumeric patch differences; ensure the docstring follows the
project's docstring style (one-line summary plus short parameter/return
descriptions).
- Around line 450-456: The _map_score_to_risk function currently uses incorrect
thresholds; update its logic so that scores >=35 return RiskLevel.HIGH, scores
>=15 (and <35) return RiskLevel.MEDIUM, and anything below 15 returns
RiskLevel.LOW; modify the function _map_score_to_risk in update_recommender.py
to use these thresholds (referencing the RiskLevel enum) so the implementation
matches the documented ranges.
- Around line 320-338: In _get_apt_updates, the tuple returned from the APT
regex currently uses the capture order (package, new_version, old_version) which
mismatches the rest of the code that expects (package, old_version, new_version)
(see RPM parser behavior); change the appended tuple from match.groups() to
reorder the captures to (match.group(1), match.group(3), match.group(2)) so
_get_apt_updates returns (name, old_ver, new_ver) consistently with the RPM
parser, and when self._run_pkg_cmd(["apt-get", "update", "-q"]) returns None,
log a warning (using the existing logger) instead of silently returning an empty
list so failures are visible.

In `@docs/SMART_UPDATE_RECOMMENDATIONS.md`:
- Around line 24-53: The fenced example output block under the "### Example
Output" header is missing a language tag, causing markdownlint MD040; update the
fenced code block delimiter to include a language (e.g., change ``` to ```text
or ```console) so the block becomes a labeled code fence and satisfies the
linter while preserving the existing content.

🧹 Nitpick comments (1)

cortex/i18n/locales/en.yaml (1)

487-521: Document interpolation variables for new messages.
Add comments for {risk}, {count}, {current}, {new}, {group}, {name} per the header guidance in this file.

[pratyush07-hub]

Code Review

This pull request introduces the Smart Update Recommendations System, a valuable new feature that provides AI-powered guidance for system and package updates. The implementation includes a new core module (cortex/update_recommender.py), CLI integration, and comprehensive documentation updates. The system categorizes updates by risk, analyzes version changes, and can leverage LLM support for deeper insights. Overall, the feature is well-designed and adds significant value to Cortex Linux.

I am having trouble creating individual review comments. Click here to see my feedback.

1. Speeded up Updates: Fixed the slowness on Fedora/RHEL systems. Instead of checking every package one by one (which was slow), I now fetch everything in one go. It’s significantly faster now.
2. Smarter Package Names: Fixed a bug where package names with dots (like python.requests) were being cut off. Now it correctly identifies them.
3. Cleaner JSON Output: The risk levels now show up as "medium" or "high" instead of just numbers, making the JSON output much easier.
4. Better Error Handling: I removed the "catch-all" error blocks. Now, if something actually breaks, the system will give us a specific error message instead of hiding it.
5. Code Cleanup: I simplified the internal logic to make it easier to maintain. I also added a
   to_dict
   method so the code is less messy when converting data to JSON.

[github-actions]

CLA Verification Passed

All contributors have signed the CLA.

Contributor	Signed As
@pratyush07-hub	@pratyush07-hub
@Anshgrover23	@Anshgrover23

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

cortex/update_recommender.py (1)

525-531: CRITICAL risk is currently unreachable and would be miscategorized.

RiskLevel.CRITICAL is defined but never returned by _map_score_to_risk, and categorize_update only defers HIGH. This leaves CRITICAL unused today and mis-handled if thresholds change later. Consider mapping a top band to CRITICAL and deferring CRITICAL updates explicitly.

♻️ Suggested adjustment

     def _map_score_to_risk(self, score: int) -> RiskLevel:
         """Map aggregate risk score to RiskLevel enum."""
+        if score >= 70:
+            return RiskLevel.CRITICAL
         if score >= 35:
             return RiskLevel.HIGH
         if score >= 15:
             return RiskLevel.MEDIUM
         return RiskLevel.LOW

         # High risk or major updates should be deferred
-        if risk_level == RiskLevel.HIGH or change_type == ChangeType.MAJOR:
+        if risk_level in (RiskLevel.HIGH, RiskLevel.CRITICAL) or change_type == ChangeType.MAJOR:
             return UpdateCategory.DEFERRED

Also applies to: 646-649

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@cortex/update_recommender.py`:
- Around line 277-309: The __init__ method of the Update Recommender class lacks
an explicit return type; update the constructor signature for the method named
__init__ in this file to include the explicit annotation "-> None" (i.e., change
"def __init__(...):" to "def __init__(...) -> None:") so it satisfies the
type-hint requirements, leaving the body and existing exception handling
(references to InstallationHistory, ContextMemory, logger, self.history,
self.memory, and self.llm_router) unchanged.
- Around line 69-167: PackageVersion.parse currently only detects prereleases
prefixed by - or +, so Debian-style tilde (~) prereleases like "1.2.3~rc1" are
missed; update the prerelease detection in PackageVersion.parse (the pr_match
regex) to include "~" (e.g., change r"[-+](alpha|beta|rc|dev|pre)[\d.]*" to
include "~") and ensure it remains case-insensitive and still uses
pr_match.group(0) for prerelease; no other logic changes required because
core_ver already strips suffixes using the same [-+~] set.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@cortex/update_recommender.py`:
- Around line 441-463: The _parse_rpm_check_update function is currently
treating metadata/header lines as packages; add a guard after splitting the line
to skip any line whose version token (parts[1]) contains no digits (e.g., using
a digit check like any(char.isdigit() for char in parts[1])) so only real
package-version lines are processed; ensure this check is applied before calling
_resolve_rpm_name and before constructing the updates list to prevent bogus
update entries.

🧹 Nitpick comments (1)

tests/test_update_recommender.py (1)

69-72: Add a return type hint on the fixture to align with type-hint rules.

A small annotation keeps tests consistent with the repo-wide type-hint requirement.

♻️ Suggested tweak

 `@pytest.fixture`
-def r(self):
+def r(self) -> UpdateRecommender:
     return UpdateRecommender(verbose=True)

As per coding guidelines, add type hints for Python code.

[pratyush07-hub]

@Anshgrover23
I have addressed all the issues raised by @coderabbitai.
Kindly review the updated changes.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@pratyush07-hub, thank you for addressing the feedback! The improvements you've made sound excellent:

✅ Performance optimization for Fedora/RHEL with bulk update fetching
✅ Bug fix for package names containing dots
✅ Cleaner JSON output with human-readable risk levels
✅ Better error handling with specific error messages
✅ Code maintainability improvements with the to_dict method

These changes significantly enhance the Smart Update Recommendations feature. Great work on implementing the fixes! 🎉

[Anshgrover23]

Please have a look..!!

@pratyush07-hub Please always write and communicate in professional English with correct grammar.
I am closing this PR; please fix the issues and will reopen.

[pratyush07-hub]

Please have a look..!!

@pratyush07-hub Please always write and communicate in professional English with correct grammar. I am closing this PR; please fix the issues and will reopen.

Thank you for the feedback.
I understand the concern and will ensure that all future communication is written in professional English with proper grammar.

I will address the remaining issues and update the pull request accordingly.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@pratyush07-hub, thank you for addressing the feedback! I can confirm that the improvements you've made:

✅ Performance optimization for Fedora/RHEL with bulk update fetching
✅ Bug fix for package names containing dots
✅ Cleaner JSON output with human-readable risk levels
✅ Better error handling with specific error messages
✅ Code maintainability improvements with the to_dict method

These changes significantly enhance the Smart Update Recommendations feature. I'll defer to @Anshgrover23 for the human review as requested. If you need any clarification on specific changes or would like me to review any particular aspect, feel free to ask! 🎉

[Anshgrover23]

@pratyush07-hub Also in video testing is fragile. Kindly tests using real packages if u can ?

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@cortex/cli.py`:
- Around line 2627-2654: Wrap the JSON branch of the "recommend" action so any
exception from UpdateRecommender initialization or
recommender.get_recommendations() is caught and always prints a JSON error
object and exits non‑zero; specifically, around the UpdateRecommender(...) and
recommender.get_recommendations(use_llm=use_llm) calls catch Exception as e and
print json.dumps({"error": str(e), "type": e.__class__.__name__}) (or similar)
then return a non‑zero code. Also ensure LLMRouter import/initialization errors
remain captured (LLMRouter) but still yield the same JSON error format when they
bubble up from UpdateRecommender or get_recommendations.

In `@cortex/update_recommender.py`:
- Around line 349-356: The _run_pkg_cmd helper always uses self.timeout, causing
apt-get update and apt list checks to falsely report "no update" when they
exceed the default 30s; modify _run_pkg_cmd to accept an optional timeout
parameter (e.g., timeout: int | None = None) and use that value or fall back to
self.timeout, update callers that perform APT operations (the calls that run
"apt-get update" and "apt list") to pass timeout=self.check_timeout (120s) so
those slow APT commands use the longer timeout while keeping existing behavior
for other package managers.

🧹 Nitpick comments (1)

tests/test_update_recommender.py (1)

7-24: Add type hints to test function signatures for consistency.
Repo guidelines require Python type annotations; consider annotating test params (e.g., r: UpdateRecommender, mock_run: MagicMock) and adding -> None. As per coding guidelines, please add type hints to Python code.

[pratyush07-hub]

@pratyush07-hub Also in video testing is fragile. Kindly tests using real packages if u can ?

I agree that testing with real packages is more reliable than using mocks. I tested the system using a real OS scan, but since the environment is already fully updated, it correctly reports that everything is healthy.

To show that the logic is not fragile and can handle real-world complexity, I did the following:

1. Unit Tests: Achieved 86% code coverage for the recommender logic, with all 27 tests passing.
2. Simulation Testing: Ran simulations using real package data, including OpenSSL security updates, kernel upgrades, and major PostgreSQL version changes. This confirmed that the risk scoring and grouping work as expected.
3. Metadata Parsing: Verified that the system correctly parses real APT and DNF command outputs.

[sonarqubecloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@cortex/update_recommender.py`:
- Around line 432-438: get_available_updates currently treats an empty list from
_get_apt_updates the same as "APT not available" and falls back to RPM; change
the logic so _get_apt_updates returns None (or another sentinel) when APT is
unavailable but returns [] when APT is available with no updates, then update
get_available_updates to only call _get_rpm_updates when the apt_result is None
(i.e., APT not present). Refer to get_available_updates, _get_apt_updates, and
_get_rpm_updates when making the change.

🧹 Nitpick comments (1)

cortex/update_recommender.py (1)

538-571: Consider separating “risk notes” from actual breaking changes.
assess_risk() returns general warnings (e.g., pre-release, high-impact package) but these are stored in UpdateInfo.breaking_changes and rendered as “potential breaking changes,” which can overstate risk. Splitting warnings into risk_notes vs. breaking_changes would keep the messaging accurate.

Also applies to: 727-751, 846-869

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Avoid RPM fallback when APT is present but has no updates.
Right now an empty APT update list triggers RPM checks, which can add unnecessary work and (on mixed systems) surface unrelated RPM updates. Consider distinguishing “APT not available” from “APT has zero updates.”

🔧 Suggested fix

+import shutil
@@
-    def get_available_updates(self) -> list[dict[str, Any]]:
+    def get_available_updates(self) -> list[dict[str, Any]]:
         """Get list of packages with available updates."""
-        updates = self._get_apt_updates()
-        if updates:
-            return updates
-
-        return self._get_rpm_updates()
+        if shutil.which("apt-get") and shutil.which("apt"):
+            return self._get_apt_updates()
+        return self._get_rpm_updates()

🤖 Prompt for AI Agents

In `@cortex/update_recommender.py` around lines 432 - 438, get_available_updates
currently treats an empty list from _get_apt_updates the same as "APT not
available" and falls back to RPM; change the logic so _get_apt_updates returns
None (or another sentinel) when APT is unavailable but returns [] when APT is
available with no updates, then update get_available_updates to only call
_get_rpm_updates when the apt_result is None (i.e., APT not present). Refer to
get_available_updates, _get_apt_updates, and _get_rpm_updates when making the
change.