Skip to content

v0.1.1

Latest

Choose a tag to compare

@github-actions github-actions released this 05 Jul 11:10

Fixed

  • The release bundle now carries a generated resources.sexp manifest mapping the bundled prompt directory to its place in the bundle, so a source install serves the workflow prompts — workon, handoff, implement, plan, research, validate — over MCP prompts/list and resources/list. Requires kli ≥ 0.1.3, which registers the manifest's roots at load; on older kli the prompts remain unavailable (tools are unaffected either way).

Install

kli install https://github.com/kleisli-io/cairn/releases/download/v0.1.1/cairn.bundle 1b92b2928de8de87711c299d7353f1e0b602068e

The second argument is the artifact's git-tree-sha1 pin: kli recomputes it over the unpacked tree and refuses on mismatch (integrity floor, always on). Then serve it to any MCP client with kli mcp-serve cairn.

To additionally require the release signature (authenticity, opt-in), add the Kleisli.IO release key to trustRoots in your kli settings.json:

"trustRoots": ["373cb80b9c572f0f437b868a6cd6ffa4f174576567e2ebeb9f2b8e26414e056e"]

With a trust root set, kli fetches cairn.bundle.sig alongside the artifact and installs only if the ed25519 signature over the bundle verifies against a trusted key. The same key is committed at release/trust/cairn-release.pub. SHA-256 sums of both assets are in checksums.txt.