Tags

Tags give the ability to mark specific points in history as being important

  • v0.13.0

    protected
    33e59bdf · fix(brew): direct brew install/verify path -- mise has no brew backend ·
    Release: kit v0.13.0 
    kit v0.13.0 - brew source backend (direct install, not via mise)

  • archive/pre-lfs-migrate-2026-05-04

    ff69a374 · ci: bump pipeline component to v2.7.0 (versioned image pinning) · 
    Backup of main before LFS-migrate force-push (chore/migrate-pipeline-v4 -> main)

  • v0.12.0

    protected
    5b248c5e · release: v0.12.0 · 
    release v0.12.0

- **`agent-shape.toml`** at the repo root with `[commands].top_level`
  enumerating 19 subcommands. Cross-validated against the binary via
  `jig check --binary` so the shape file and the actual CLI surface
  cannot drift apart silently.
- **`scripts/agent-shape-fixture.sh`**, an idempotent fixture script
  that seeds 3 registries for agent-shape tuning runs. Re-running it
  is safe; existing state is left untouched.
- **5 tuning tasks** under the agent-shape workflow plus a first
  baseline (n=5).
- **Treatment v0** for first-contact discoverability:
  - `kit --help` now opens with a workflow preamble naming
    `kit status`, `kit pin`, `kit unpin`, and `kit verify-registry`
    so the first thing an agent reads points at the right entry
    points.
  - `kit skill` gains a first-contact section and worked examples.
  - `kit status` prints a soft mtime nudge when `kit.toml` is newer
    than the lockfile, pointing at `kit verify` to refresh derived
    state. Non-fatal; safe across coarse-mtime filesystems.
- **`hero.svg`** and **`avatar.svg`** in the nomograph paper-palette
  OV-1 style.
- **`CODEOWNERS`** at the repo root.

- README aligned with current state; aspirational claims dropped.

  • v0.11.0

    protected
    5de440e4 · Merge branch 'chore/rune-parity-0.11' into 'main' ·
    Release: kit v0.11.0 
    v0.11.0 — rune-parity discipline + kit skill subcommand

  • v0.10.2

    protected
    132c50ed · fix(sync): clean up output noise ·
    Release: kit v0.10.2 
    v0.10.2 -- clean up sync output

  • v0.10.1

    protected
    944a55ed · chore: bump to v0.10.1 (retag after dep fix) ·
    Release: kit v0.10.1 
    kit v0.10.1: split apply output by auto-merge eligibility

Breaking change to apply-result.json contract:
- New: auto_merge_group and review_group (optional ApplyGroup objects)
- Removed: flat applied array, single auto_merge_eligible boolean

Each group has its own branch_hint, commit_message, mr_title, mr_body.
The CI pipeline component creates separate MRs per group so low-tier
patches auto-merge without being blocked by own/high tier tools.

Also fixes RUSTSEC-2026-0098 (rustls-webpki) and RUSTSEC-2026-0097 (rand).

  • v0.10.0

    protected
    92bab15c · feat(ci): partition apply output by auto-merge eligibility · 
    kit v0.10.0: split apply output by auto-merge eligibility

Breaking change to apply-result.json contract:
- New: auto_merge_group and review_group (optional ApplyGroup objects)
- Removed: flat applied array, single auto_merge_eligible boolean

Each group has its own branch_hint, commit_message, mr_title, mr_body.
The CI pipeline component creates separate MRs per group so low-tier
patches auto-merge without being blocked by own/high tier tools.

AppliedUpdate now carries eval_reason and review_reasons for
richer MR descriptions on review-needed updates.

  • v0.9.1

    protected
    359b1ae8 · chore(kit): bump to v0.9.1 (clippy fix for CI) ·
    Release: kit v0.9.1 
    kit v0.9.1 -- project-local-first tool management

Kit discovers context via kit.toml in your project root. When found,
lockfile and mise config scope to that project. Global state is never
modified.

New:
- kit init: create project-local kit.toml (seeds from global config)
- kit.toml walk-up resolution (like Cargo.toml)
- .kit.lock next to kit.toml (committed for reproducibility)
- .mise.toml merge with kit:begin/kit:end markers
- kit status shows provenance (kit-managed vs user-managed tools)
- Conflict detection when user and kit tool versions differ
- Global mode writes to conf.d/kit.toml (additive, not destructive)
- One-time migration of old "Managed by kit" config.toml

Changed:
- kit init --registry: existing registry creation (now requires flag)
- Global mise output moves from config.toml to conf.d/kit.toml

  • v0.9.0

    protected
    971da989 · feat(kit): project-local-first tool management · 
    kit v0.9.0 -- project-local-first tool management

Kit now discovers context via kit.toml in your project root. When found,
lockfile and mise config are scoped to that project. Global state is
never modified.

New:
- kit init: create project-local kit.toml (seeds from global config)
- kit.toml walk-up resolution (like Cargo.toml)
- .kit.lock next to kit.toml (committed for reproducibility)
- .mise.toml merge with kit:begin/kit:end markers
- kit status shows provenance (kit-managed vs user-managed tools)
- Conflict detection when user and kit tool versions differ
- Global mode writes to conf.d/kit.toml (additive, not destructive)
- One-time migration of old "Managed by kit" config.toml

Changed:
- kit init --registry: existing registry creation (was default, now requires flag)
- Global mise output moves from config.toml to conf.d/kit.toml

  • v0.8.0

    protected
    a1d99c0e · feat(kit): decouple apply from git/MR lifecycle ·
    Release: kit v0.8.0 
    v0.8.0: decouple apply from git/MR lifecycle

  • v0.7.0

    protected
    60db8601 · feat: setup --registry adds to existing config, downgrade warning, bootstrap docs ·
    Release: kit v0.7.0 
    feat: setup --registry adds to existing config, downgrade warning, bootstrap docs

  • v0.6.0

    protected
    a51f5742 · chore(kit): bump to v0.6.0 ·
    Release: kit v0.6.0 
    kit v0.6.0

Ship audit release. Root cause fix for checksum verification failures
on own tools, plus 8 additional findings from comprehensive code audit.

kit check was downloading cosign bundles (.bundle files) instead of
binaries for own tools. The release link matching used contains()
which matched kit-darwin-arm64.bundle before kit-darwin-arm64 because
the bundle link appeared earlier in the release links array.

Fixed: exact name match first, then URL ends_with(/asset_name) fallback.

- jq advisory filter: escape dots in version before regex interpolation
- Bundle URL construction: append .bundle instead of replace() which
  could corrupt URL path
- resolve_installed_sha: return None when binary not found (don't
  store registry checksums in the binary_sha256 field)
- cmd_upgrade: remove stale [tool.checksums] after version bump
- check_crates: exact name match instead of prefix match
- URL validation: reject embedded newlines
- cmd_pin: validate version before saving
- apply commit: include flagged updates in commit message

125 tests. 0 clippy warnings.
6 adversarial reviews + 1 ship audit, 55 total findings addressed.

  • v0.5.4

    protected
    35bd6292 · chore(kit): bump to v0.5.4, pipeline v2.4.7 (crates publish fix) · 
    kit v0.5.4

Simplified check (no in-code retry), crates.io publish fix.

Changes since v0.5.2:
- Reverted retry/diagnostic logic in check -- download, hash, compare,
  report. Transient failures handled by CI retry, not application code.
- Pipeline component updated to v2.4.7 (--allow-dirty for cargo publish).

  • v0.5.3

    protected
    baabaeeb · chore(kit): bump to v0.5.3 ·
    Release: kit v0.5.3 
    kit v0.5.3

Simplified check: download, hash, compare, report.

Removed in-code retry logic, diagnostic logging, and CDN caching
workarounds from the check phase. Transient download failures are
the CI layer's responsibility (retry: max: 2 in pipeline config).
Kit check should surface problems, not mask them.

Investigated on GCE: the checksum mismatches seen on storr could
not be reproduced with the same container image and reqwest config.
The issue is transient and infrastructure-specific.

  • v0.5.2

    protected
    05a24fcf · chore(kit): bump to v0.5.2 ·
    Release: kit v0.5.2 
    kit v0.5.2 -- flagged updates included in MR diff

  • v0.5.1

    protected
    ca677569 · chore(kit): bump to v0.5.1 ·
    Release: kit v0.5.1 
    kit v0.5.1 -- evaluate no longer fatals on rejections, branch naming fix, graceful npm/crates skip

  • v0.5.0

    protected
    7c147caf · ci: use pipeline v2.4.4, exclude assets from crate package ·
    Release: kit v0.5.0 
    First crates.io release as nomograph-kit

  • v0.4.0

    protected
    7fce0cf2 · fix(kit): gracefully skip npm/crates checks when CLI unavailable ·
    Release: kit v0.4.0 
    kit v0.4.0 -- Three-Pipeline Supply Chain Architecture

Sense/Respond/Verify -- LLM-augmented supply chain maintenance.

New: kit sense, kit verify-registry.
Changed: check no longer fatals on version bumps, evaluate accepts
sense-report.json, apply produces richer MR audit trail, init --ci
generates three-pipeline CI.

125 tests. 20 commands.

cargo install nomograph-kit

  • v0.3.2

    protected
    fa19ce79 · chore: bump version to 0.3.2 ·
    Release: kit v0.3.2 
    kit v0.3.2

Security fix release.

- S5-1: add https_only to MR creation fallback client
- Pipeline v2.1.0: nomograph container registry, release install instructions
- Explicit audit_allow_failure: false
- Updated yanked fastrand

  • v0.3.1

    protected
    fd7d5f5f · chore: version 0.3.1, pipeline v2.1.0 ·
    Release: kit v0.3.1 
    kit v0.3.1

CI hardening and supply chain fix.

- Pipeline v2.1.0: nomograph container registry, release install instructions
- Explicit audit_allow_failure: false
- Supply chain gap fixes from main (unreleased since v0.3.0)
- Updated yanked fastrand