#368 Autoupdate silently fails when swamp is installed system-wide via the official install.sh

Summary

The official install.sh installer recommends sudo install.sh to install swamp system-wide under /usr/local/bin, where the binary is owned by root:wheel. The built-in autoupdate scheduler runs as the unprivileged user, so it cannot write to that path and fails silently on every scheduled run. After 10 days my CLI was still on the version I installed and there was no interactive signal — the failures only surface in ~/.swamp/log/autoupdate.log or via swamp update --setup-auto status (which shows Last check: ("error") without saying what the error was).

End state: a freshly installed, autoupdate-enabled swamp installed by the documented path never auto-updates.

Environment

• Installed version: 20260509.235714.0-sha.7ace6b02 (downloaded 2026-05-10)
• Latest available: 20260516.045246.0-sha.e6eda98d (per swamp update --check on 2026-05-18)
• macOS arm64 (Darwin 25.4.0)
• Installed via curl -fsSL https://swamp-club.com/install.sh | sudo sh
• Binary path / owner:

-rwxr-xr-x@ 1 root  wheel  /usr/local/bin/swamp

• Autoupdate state (swamp update --setup-auto status):

Autoupdate: enabled
Cadence: "daily"
Scheduler installed: true
Last check: "2026-05-17T09:22:50.722Z" ("error")

Steps to reproduce

1. curl -fsSL https://swamp-club.com/install.sh | sudo sh — the installer's own --help explicitly suggests this for the "Installs the latest release for all users under /usr/local/bin" case.
2. swamp update --setup-auto and enable daily autoupdate.
3. Wait until a swamp release is published.
4. Observe that the installed binary never advances.
5. cat ~/.swamp/log/autoupdate.log — 10 consecutive daily failures:

{"timestamp":"2026-05-08T09:22:47.432Z","versionBefore":"20260508.001043.0-sha.3d787176","versionAfter":null,"outcome":"error","error":"Cannot update /usr/local/bin/swamp: permission denied. Re-run with: sudo swamp update"}
...
{"timestamp":"2026-05-17T09:22:50.722Z","versionBefore":"20260509.235714.0-sha.7ace6b02","versionAfter":null,"outcome":"error","error":"Cannot update /usr/local/bin/swamp: permission denied. Re-run with: sudo swamp update"}

Expected

The documented install path and the built-in autoupdate feature should compose. Possible fixes (any combination):

1. swamp update --setup-auto detects the mismatch at setup time and either declines to enable, or installs a privileged scheduler with explicit consent. An actionable message that names the conflict ("binary at /usr/local/bin/swamp is owned by root but the scheduler runs as $USER; reinstall under $HOME/.local/bin or schedule sudo swamp update instead") would already be a big win.
2. install.sh defaults to a user-writable location even when invoked with sudo, and only writes /usr/local/bin as a symlink — the script already does this for the $HOME/.swamp/bin case, so the pattern exists.
3. Repeated autoupdate failures surface in normal CLI output — e.g. a one-line warning on swamp invocation when the scheduler has failed N consecutive times, or swamp doctor flagging the writability mismatch. Right now the only signal is hidden in ~/.swamp/log/autoupdate.log.

Actual

• install.sh with sudo leaves a root-owned binary at /usr/local/bin/swamp.
• swamp update --setup-auto accepts the enable with no warning about writability.
• The scheduled update fails daily with permission denied, logs to ~/.swamp/log/autoupdate.log, and is invisible to interactive use.
• swamp doctor does not flag the mismatch.
• The error message says "Re-run with: sudo swamp update", which is the right interactive fix but a no-op for the unattended scheduler.

Notes

The sudo guidance is in the installer's own --help (from install.sh):

# Installs the latest release for all users under `/usr/local/bin`
sudo $program

So users who follow the script's most-obvious "system-wide install" advice end up with autoupdate permanently broken.