'%20filter='url(%23b)'%20transform='translate(0%20-286)'/%3e%3cpath%20d='M1636.5%20147c-123.436%200-223.5%20102.975-223.5%20230s100.064%20230%20223.5%20230S1860%20504.025%201860%20377c-.143-126.964-100.124-229.853-223.5-230Zm107.16%20308.341c-1.892%202.323-4.973%203.231-7.78%202.295l-98.896-32.908-98.896%2032.908c-2.807.933-5.884.022-7.774-2.3-1.89-2.32-2.212-5.587-.815-8.25l101.128-192.49c1.376-2.238%203.776-3.596%206.357-3.596%202.58%200%204.981%201.358%206.357%203.596l101.128%20192.49c1.401%202.663%201.08%205.932-.81%208.255Z'%20fill='url(%23c)'%20filter='url(%23d)'%20transform='translate(0%20-286)'/%3e%3c/g%3e%3c/svg%3e)
Agent install and updates
The Loopback agent is the on-host component that drives WireGuard, firewall application, metrics hooks, shell sessions, and update orchestration. This page covers platform-level concerns beyond workspace token minting (see Agents and remote access).
Install and download
System routes serve:
- Install script generation for bootstrapping.
- Binary download endpoints for agent packages.
Hosts must be able to reach these URLs from their network context; air-gapped installs require operator mirroring.
Version catalog
The platform maintains a catalog of agent releases (semver). Each row typically carries:
- Channel - e.g. stable vs preview/unstable (labels vary by operator).
- Published flag - controls whether update checks offer the build.
- Upgrade eligibility - which currently running versions may move to this release (including wildcard “any” policies where used).
- Integrity material for packages (e.g. SHA-512 for Debian assets).
- Optional module tags (for example load-balancer firewall integration where enabled).
Update check API
Dedicated update-check endpoints let a running agent ask “is there a newer published version on my channel?” Logic:
- Considers only published rows in the requested channel.
- Compares semver ordering.
- Honors upgrade eligibility for the current version.
204 responses mean no update; 200 returns metadata for the next version.
Module versions
Add-on module catalogs (for example LBFW) follow the same channel and upgrade eligibility semantics.
Update deliveries (operator)
Staged update deliveries (operator-facing API) describe phased rollouts of agent or module updates across host populations. They require operator or administrator roles. Reconciliation waves progress until targets complete; this is how controlled fleet upgrades avoid thundering herds.