kit v0.3.0
kit is a supply chain tool for managing developer toolchains from
git-based registries. It resolves versions, generates mise config,
verifies checksums and cosign signatures, and automates upstream
update tracking.
kit setup no longer hardcodes a default registry. Everyone brings
their own:
kit setup --registry https://gitlab.com/nomograph/kits.git
Interactive tool update workflow for day-to-day use. Queries upstream,
shows available updates with bump classification (major/minor/patch),
and updates tool definitions on confirmation:
kit upgrade
kit upgrade --yes
kit upgrade cosign
kit add now produces zero-edit tool definitions for both GitHub and
GitLab sources:
kit add jq jqlang/jq
kit add muxr nomograph/muxr --gitlab
Auto-detects: aqua registry membership, cosign bundles in release
assets, tier based on registry namespace, checksum files and format,
tag prefix and version. Resolves GitLab project_id from URL path
(--project-id flag removed).
kit audit # check all tools for known CVEs
kit remove <name> # remove a tool from writable registry
kit man-page > kit.1
- kit check reports ALL checksum mismatches before exiting
- kit apply falls back to GitLab API when glab auth unavailable in CI
- CI images now pulled from GitLab container registry (no Docker Hub)
103 tests. 16 commands. 0 clippy warnings.
kit setup --registry https://gitlab.com/nomograph/kits.git
kit sync