Manifest & strategies

The user manifest at ~/.config/foxora/apps.toml is the single source of truth for installed apps, their backends, and their provenance.

Location

bash

~/.config/foxora/apps.toml

Record fields

source — resolved backend (nixpkgs|appimage|deb|flatpak|kit).
attr — (optional) backend-specific attribute (e.g. nix attribute path).
path — (optional) on-disk install path.
exec — (optional) entrypoint binary.
strategy — (optional) install strategy used (see below).
pin — (optional) version pin enforced at install.
provenance — (optional) JSON object with origin metadata.
provenance-attestation — (optional) hash recorded for kits.
attested-at — (optional) timestamp the attestation was first recorded.
installed-at — install timestamp.

Strategies

The strategy field reflects how fur actually installed the package:

user-profile — nixpkgs into the user profile.
appimage-run — AppImage run via appimage-run.
auto-patchelf — .deb patched with autoPatchelf.
fhs-env-wrap — .deb wrapped with a steam-run FHS env.
flatpak-install — Flatpak install.
kit-fetch — signed kit fetch + verify.

Sample record

toml

[apps."@foxora/dev-tools"]
source     = "kit"
strategy   = "kit-fetch"
pin        = "1.4.2"
attested-at = "2026-04-19T10:21:33Z"
provenance-attestation = "sha256:9a3c...e7"
installed-at = "2026-04-19T10:21:34Z"

Don't hand-edit in steady state

The manifest is intended for fur to manage. If you need to recover from corruption, run fur system repair and consult the break/fix runbook.

PreviousFoxora Kits Next Paths & filesystem