# OL-4258 — Auto-update refused (cargo-install-managed binary)
> The running binary was installed via `cargo install`. Auto-update via
> npm tarball + `self_replace` would not take effect (cargo's bin
> directory is owned by your toolchain, not the OS supervisor), so the
> apply is refused.
## When this fires
- `current_exe()` resolves under `~/.cargo/bin/` (Unix) or
`%USERPROFILE%\.cargo\bin\` (Windows).
- The auto-update worker, the daemon RPC, AND the manual CLI apply all
short-circuit at this gate.
## How to fix it
```bash
cargo install --force --locked openlatch-provider
```
This is the documented recovery path — cargo handles its own install
directory, and `--force` overwrites the prior bytes.
If you really want to bypass the gate (uncommon — usually means you
manually copied an npm-installed binary into `.cargo/bin`):
```bash
openlatch-provider update --apply --yes --force-cargo
```
`--force-cargo` is not advertised in `--help` for new users; it's
documented here because the rare maintainer use-case is real.
## Related
- `.claude/rules/auto-update.md` — cargo-install gate (invariant 4).
- Telemetry: tracing-only event, not a posthog event.