kit v0.2.0
Uses `mise which` for binary path resolution instead of heuristic
guessing. Distinguishes archive-distributed tools (binary-hash) from
bare-binary tools (full checksum + cosign verification). 23/26 tools
verify out of the box.
Query GitHub Advisory DB for known CVEs on all GitHub and npm-sourced
tools. Exits non-zero on high/critical findings.
Delete a tool definition from a writable registry. Git commit + push.
Reports ALL checksum mismatches before exiting, not just the first.
Gives operators full incident scope in one CI run.
MR creation falls back to GitLab API via CI_JOB_TOKEN when glab auth
is unavailable. Tested end-to-end in the nomograph/kits registry
pipeline.
94 tests. 0 clippy warnings. 14 commands.
cargo install --git https://gitlab.com/nomograph/kit.git