Agent update lifecycle — who controls updates, how you are notified, and what happens to your cluster.

This page covers how the Layerup AI Agent is updated over time, with a clear distinction between the two deployment models. For Option 2 (your private cloud), your CI/CD pipeline controls every promotion — see CI/CD Pipeline & Deployment Strategies for that model. This page is specifically for Option 3 (Layerup’s Cloud), where Layerup operates the dedicated cluster on your behalf.

The fundamental difference: who controls promotion

concern	Option 2: Your Private Cloud	Option 3: Layerup’s Cloud
Who applies the update	Your platform engineering team	Layerup
What gates promotion	Your five-gate CI/CD pipeline (see `/agents/lifecycle/cicd`)	Layerup’s internal release process + customer advance notice + freeze status check
Customer veto	Always — your team chooses when to promote	Yes — via freeze request; see §U2 below
Rollback authority	Your team executes rollback via load balancer config	Layerup executes rollback within 4 hours of a confirmed regression report
Testing before production	Your regression test suite against historical cases	Layerup runs validation against your dedicated cluster’s shadow-mode baseline

Two update categories

Category 1 — Non-critical updates (new capabilities, performance improvements, dependency refreshes)

Non-critical updates include new agent capabilities, OCR pipeline improvements, dependency version refreshes, performance optimisations, and LLM orchestration framework updates that do not address a confirmed security vulnerability. Advance notice: Layerup sends a release notification to your designated technical contact at least 14 calendar days before the update is scheduled to be applied to your dedicated cluster. The notification includes:

A changelog describing all changes in the new version
The scheduled maintenance window (date, time, expected duration — maximum 30 minutes)
A link to the updated SBOM and Cosign-signed image digest
Instructions for submitting a freeze request if needed

Maintenance window: Non-critical updates are applied during your agreed maintenance window — a recurring time slot (e.g., Sunday 02:00–04:00 ET) established during the deployment engagement. No updates are applied outside this window for non-critical releases.

Category 2 — Critical security patches (CVSS ≥ 7.0 vulnerabilities)

Critical security patches address confirmed vulnerabilities in the agent container, its dependencies, or the underlying OS layer.

CVSS severity	notice period	applied during maintenance window?
Critical (CVSS ≥ 9.0)	48 hours	No — applied as soon as the patch is tested and validated
High (CVSS 7.0–8.9)	7 calendar days	Yes — next available maintenance window within 7 days

For Critical patches, Layerup will notify your designated contacts as soon as the patch is confirmed ready, with a minimum 48-hour window before application. For CVSS ≥ 9.0 vulnerabilities, freeze requests do not apply — Layerup will apply the patch to protect the integrity of your cluster and the BAA obligations.

Freeze requests

What a freeze is

A freeze request instructs Layerup not to apply a scheduled non-critical update to your dedicated cluster. Freeze requests are honoured for up to 90 calendar days from the scheduled update date. When to use a freeze:

Your team has a live regulatory examination or audit period where any system change must be avoided
Your organisation’s change freeze calendar prohibits non-emergency changes during a specific period
Your integration team needs additional time to validate a specific release against your UAT environment before it is applied to production

How to request a freeze

Submit a freeze request to your Layerup implementation engineer at least 5 business days before the scheduled maintenance window. Include:

The specific update version you are requesting to freeze
The duration of the freeze (up to 90 days)
The reason (optional, but useful for Layerup to plan the rescheduled window)

Layerup will confirm the freeze in writing within 1 business day.

Freeze limits and exceptions

rule	detail
Maximum freeze duration	90 calendar days per release
Consecutive freezes	Permitted — but clusters more than 180 days behind the current release require a joint review with Layerup’s engineering team
Critical security patches	Freeze requests do not apply to CVSS ≥ 9.0 patches (see Category 2 above)
End of freeze	Layerup schedules the deferred update in the next available maintenance window after the freeze expires

Pre-update validation

Before applying any update to your dedicated cluster, Layerup runs an automated validation against a representative sample of your cluster’s recent processing history:

Shadow run: The new agent version is run against the 100 most recent cases from your cluster (from the shadow mode log — no live cases are re-processed). Shadow outputs are compared against the outputs produced by the current production version.
Regression check: Layerup’s release team reviews any recommendation-level differences between the shadow and production outputs. A diff rate above 2% on any decision type blocks the release from being applied to your cluster until the discrepancy is investigated.
Performance check: Processing time and confidence score distributions are compared against your cluster’s established baseline. A statistically significant shift in either metric blocks the release.

If any pre-update check fails, Layerup will not apply the update to your cluster. You will be notified within 24 hours of the check failure, and a new maintenance window will be scheduled once the issue is resolved.

Rollback

If a production regression is confirmed after an update is applied to your dedicated cluster, Layerup will execute a rollback to the prior version within 4 hours of a confirmed regression report.

How to report a regression

Contact your Layerup implementation engineer via the dedicated support channel (provided during the deployment engagement). Include:

The case IDs exhibiting anomalous behaviour
The specific output dimension that appears incorrect (recommendation type, confidence score range, evidence citation quality)
The approximate time the anomaly started (to correlate with the update application time)

Layerup retains the prior agent version on your dedicated cluster for 30 calendar days post-update. After 30 days, the prior version is decommissioned and rollback to that version is no longer available.

Update notification contacts

During the deployment engagement, your organisation designates:

contact role	purpose
Technical contact (primary)	Receives all release notifications, maintenance window confirmations, and pre-update validation reports
Technical contact (secondary)	Receives all notifications in copy; acts as backup if primary is unavailable
Security contact	Receives critical security patch notifications specifically; may be the same as primary technical contact

Contact designations can be updated at any time by notifying your Layerup implementation engineer.

Summary of SLAs

commitment	SLA
Non-critical update advance notice	≥ 14 calendar days
Critical patch (CVSS 7.0–8.9) advance notice	≥ 7 calendar days
Critical patch (CVSS ≥ 9.0) advance notice	≥ 48 hours
Maximum maintenance window duration	30 minutes
Freeze request confirmation	≤ 1 business day
Pre-update validation report (on failure)	≤ 24 hours after check failure
Rollback execution (confirmed regression)	≤ 4 hours
Prior version retention post-update	30 calendar days

​Agent update lifecycle — who controls updates, how you are notified, and what happens to your cluster.

​The fundamental difference: who controls promotion

​Two update categories

​Category 1 — Non-critical updates (new capabilities, performance improvements, dependency refreshes)

​Category 2 — Critical security patches (CVSS ≥ 7.0 vulnerabilities)

​Freeze requests

​What a freeze is

​How to request a freeze

​Freeze limits and exceptions

​Pre-update validation

​Rollback

​How to report a regression

​Update notification contacts

​Summary of SLAs