v0.2.0-rc.5
Pre-release
Pre-release
Get it
Grab your platform's archive below (install + MCP registration) — or take the container image:
docker pull ghcr.io/tobert/kaibo:0.2.0-rc.5# one-line install into a devcontainer or any image — the binary is fully static
COPY --from=ghcr.io/tobert/kaibo:0.2.0-rc.5 /usr/local/bin/kaibo /usr/local/bin/kaibo(Pull version tags like 0.2.0-rc.5 — the sha256-* tags on the package page are
cosign signature/attestation artifacts riding alongside the image, not images.)
Verify it
Run these from the folder holding your downloads. Every artifact carries SLSA
build provenance — any downloaded file, one command:
gh attestation verify kaibo-v0.2.0-rc.5-x86_64-unknown-linux-musl.tar.gz -R tobert/kaibo
gh attestation verify oci://ghcr.io/tobert/kaibo:0.2.0-rc.5 -R tobert/kaiboOr keyless-verify the signed checksum manifest with cosign ≥ 3 (covers every file it lists, works offline):
cosign verify-blob \
--bundle checksums.txt.sigstore.json \
--certificate-identity "https://github.com/tobert/kaibo/.github/workflows/release.yml@refs/tags/v0.2.0-rc.5" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
checksums.txt
sha256sum -c --ignore-missing checksums.txtWhat's Changed
- feat(release): per-tag get+verify block on every release page by @tobert in #72
- chore: bump to 0.2.0-rc.5 by @tobert in #73
Full Changelog: v0.2.0-rc.4...v0.2.0-rc.5