Kite ships macOS as an unsigned universal DMG attached to a GitHub release. Homebrew installs that DMG through the rootsec1/homebrew-kite tap.
The app is not notarized today. macOS may show an unidentified developer warning on first launch. Users can still open it with right-click > Open, or from System Settings > Privacy & Security > Open Anyway.
brew tap rootsec1/kite
brew install --cask kiteThe current public release is v0.1.4:
- GitHub release:
https://github.com/rootsec1/kite/releases/tag/v0.1.4 - Homebrew tap cask:
https://github.com/rootsec1/homebrew-kite/blob/main/Casks/kite.rb
Create the public tap repository once:
gh repo create rootsec1/homebrew-kite --publicCreate HOMEBREW_TAP_TOKEN in rootsec1/kite with contents:write access to rootsec1/homebrew-kite. This can be a fine-grained GitHub token scoped to only the tap repository.
The token setup is intentionally split this way:
- Token repository access:
rootsec1/homebrew-kite - Secret location:
rootsec1/kite
The release workflow runs from rootsec1/kite, builds the app, then uses HOMEBREW_TAP_TOKEN to push the generated cask into rootsec1/homebrew-kite.
Fine-grained token settings:
- Open GitHub Settings > Developer settings > Personal access tokens > Fine-grained tokens.
- Set Repository access to Only select repositories.
- Select
rootsec1/homebrew-kite. - Add Repository permissions > Contents > Read and write.
- Generate the token and store it as the
HOMEBREW_TAP_TOKENActions secret onrootsec1/kite.
If the token is exported in your shell, store it without printing it:
printf %s "$HOMEBREW_TAP_TOKEN" | gh secret set HOMEBREW_TAP_TOKEN --repo rootsec1/kiteThe release workflow writes Casks/kite.rb in that tap. Users install Kite with:
brew tap rootsec1/kite
brew install --cask kite- Update
package.jsonandsrc-tauri/tauri.conf.jsonto the release version. - Commit the version change.
- Tag and push:
git tag v0.1.4
git push origin main v0.1.4The Release workflow will:
- Build a universal macOS DMG.
- Publish
Kite_<version>_universal.dmg, checksums, andkite.rbto GitHub Releases. - Update the Homebrew tap when
HOMEBREW_TAP_TOKENis configured.
No Apple Developer account, signing certificate, App Store Connect key, or notarization secret is required for this flow.
Kite is not ready for Homebrew/homebrew-cask yet. The official audit currently blocks it for:
- Gatekeeper signature verification failure because the app is unsigned.
- GitHub notability below Homebrew's threshold for new casks.
The custom tap remains the correct distribution path until both are fixed. To prepare an official cask PR:
- Sign and notarize the macOS app with a Developer ID certificate.
- Build public adoption until the repository passes Homebrew's notability audit.
- Run:
brew audit --cask --new rootsec1/kite/kite- Submit to
Homebrew/homebrew-caskonly after the audit passes.
gh run list --repo rootsec1/kite --workflow Release --limit 3
gh release view v0.1.4 --repo rootsec1/kite
gh api repos/rootsec1/homebrew-kite/contents/Casks/kite.rb --jq '.content' | base64 --decodebun run build
cd src-tauri && cargo check --lockedTo dry-run cask generation:
bun scripts/generate-homebrew-cask.mjs \
--version 0.1.4 \
--sha256 0000000000000000000000000000000000000000000000000000000000000000 \
--url https://github.com/rootsec1/kite/releases/download/v0.1.4/Kite_0.1.4_universal.dmg \
--output /tmp/kite.rb