kit -- developer toolchain supply chain
OfficialPin, verify, and sync developer binaries safely.
Software Engineering#toolchain#supply-chain-security#cosign#registry-management#version-pinning#checksum-verification
Authornomograph-ai
Version1.0.0
Installs0
System Documentation
What problem does it solve?
kit prevents “version drift” and weak supply-chain verification when installing developer tools from multiple git-based registries by making resolution, integrity checks, and trust posture explicit and reproducible.
Core Features & Use Cases
- Resolve cross-registry tool versions: selects the effective tool definition across configured registries and generates the corresponding mise configuration lock.
- Enforce verification posture by tier: validates installed binaries using the required method (cosign/attestation for higher trust tiers, checksums for lower tiers) rather than relying on ad-hoc installs.
- Automate upstream update tracking (CI pipelines): supports a three-stage workflow to detect upstream changes, evaluate them, apply updates, and hard-gate registry merges via deterministic verification.
Quick Start
Run the safety-first flow by syncing your resolved tool versions with kit sync after you set up one registry, then confirm what you actually have with kit status.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: kit -- developer toolchain supply chain Download link: https://github.com/nomograph-ai/kit/archive/main.zip#kit-developer-toolchain-supply-chain Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.