Manages developer toolchains from git-based registries. Resolves versions, generates mise configuration, verifies checksums and signatures, tracks upstream updates.
cargo install --git https://gitlab.com/nomograph/kit.git Developer tools should be verified, not trusted.
Package managers install binaries from volunteer-maintained formulas. kit cuts out the intermediary. Tool definitions point directly to upstream publishers. Checksums are verified against the publisher's own artifacts. If a checksum fails, the pipeline halts. No fallback, no override, no "install anyway."
Tool definitions live in git registries. Each definition specifies where to get the binary, what checksum to expect, and what version to pin. kit resolves all definitions and generates a mise config.
Tool definitions are TOML files in git repositories. One definition per tool. Version, platform URLs, checksums, signatures. Version-controlled and auditable.
kit sync clones registries, resolves versions across all
definitions, and generates a single mise config. No manual
.mise.toml editing.
Every binary is checksum-verified after download. Signature verification when the publisher provides signing keys. S-2 integrity: if verification fails, the install halts.
kit status shows installed vs registry versions with
drift detection. Know immediately when a tool has a new upstream
release you haven't pulled.
Resolved versions and checksums are written to a lockfile. Reproducible installs across machines. The lockfile is committed to the repo.
kit ships with a CI pipeline that runs check, evaluate, and apply phases. Security-hardened: no shell injection paths, no ambient credential access.
kit setupone-time config creationkit syncpull, resolve, generate, install, verifykit statusinstalled vs registry + driftkit verifyre-verify all installed binarieskit add <name> <source>add tool definitionkit push <name>push definition to registrykit pin <name> <ver>pin version locallykit doctordiagnose config and registry health