Foxora Kits

Foxora Kits are signed, pinned, attested app bundles. Trust policy, pin policy, and attestation immutability are enforced at install time.

What a kit guarantees

Origin — signed with ed25519 by a key in the trusted keyring.
Identity — pinned to a specific version (when pin policy requires).
Continuity — the recorded provenance attestation is immutable; an attestation mismatch fails install unless an explicit override is set.

Trust policy

FOXORA_KIT_TRUST_PATH — path to the trusted keyring.
FOXORA_KIT_TRUST_POLICY=permissive|signature-required — whether unsigned kits may install.
FOXORA_KIT_STRICT_VERIFY=true|false — strict signature verification mode.

Pin policy

FOXORA_KIT_PIN_POLICY=permissive|require-pinned — require explicit version pins.
FOXORA_KIT_ALLOW_ATTESTATION_UPDATE=1 — permit a single controlled attestation migration. Avoid in steady state.

Catalog & provenance

Local + (optional) remote index are merged into one catalog.
Each install records an immutable attestation hash + timestamp into the manifest record.
Permission prompts can be auto-accepted with FOXORA_KIT_AUTO_ACCEPT=true (CI only).

Recommended posture

bash

export FOXORA_KIT_TRUST_POLICY=signature-required
export FOXORA_KIT_PIN_POLICY=require-pinned

fur install @foxora/<kit> --json | jq '.attestation'

Attestation mismatch

A mismatch between the recorded attestation and the catalog's current attestation fails install. Use FOXORA_KIT_ALLOW_ATTESTATION_UPDATE=1 only for a deliberate, audited migration.

PreviousSource resolution Next Manifest & strategies