chore: bump version to 0.2.24

Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.43 to 0.4.44.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.43...v0.4.44)

---
updated-dependencies:
- dependency-name: chrono
  dependency-version: 0.4.44
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/dependabot.yml

@@ -0,0 +1,16 @@
+version: 2
+updates:
+  # GitHub Actions — обновляет версии actions в workflows
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    labels: [dependencies, ci]
+
+  # Cargo — только security-апдейты, без шума от minor/patch
+  - package-ecosystem: cargo
+    directory: /
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5
+    labels: [dependencies, rust]

.github/workflows/ci.yml

@@ -11,7 +11,7 @@ jobs:
     name: Test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Install Rust
         uses: dtolnay/rust-toolchain@stable
@@ -36,7 +36,7 @@ jobs:
       security-events: write  # for uploading SARIF to GitHub Security tab
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0  # full history required for gitleaks
 
@@ -72,7 +72,7 @@ jobs:
       # ── CVE scan of source tree and Cargo.lock ──────────────────────────────
       - name: Trivy — filesystem scan (Cargo.lock + source)
         if: always()
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.34.1
         with:
           scan-type: fs
           scan-ref: .
@@ -82,7 +82,7 @@ jobs:
           exit-code: 0  # warn only; change to 1 to block the pipeline
 
       - name: Upload Trivy fs results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: trivy-fs.sarif

.github/workflows/release.yml

@@ -11,7 +11,7 @@ env:
 jobs:
   build:
     name: Build & Push
-    runs-on: self-hosted
+    runs-on: [self-hosted, nora]
     permissions:
       contents: read
       packages: write
@@ -87,6 +87,30 @@ jobs:
           cache-from: type=gha,scope=redos
           cache-to: type=gha,mode=max,scope=redos
 
+      # ── Astra Linux SE ───────────────────────────────────────────────────────
+      - name: Extract metadata (astra)
+        id: meta-astra
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          flavor: suffix=-astra,onlatest=true
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=astra
+
+      - name: Build and push (astra)
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.astra
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.meta-astra.outputs.tags }}
+          labels: ${{ steps.meta-astra.outputs.labels }}
+          cache-from: type=gha,scope=astra
+          cache-to: type=gha,mode=max,scope=astra
+
   scan:
     name: Scan (${{ matrix.name }})
     runs-on: ubuntu-latest
@@ -104,6 +128,8 @@ jobs:
             suffix: ""
           - name: redos
             suffix: "-redos"
+          - name: astra
+            suffix: "-astra"
 
     steps:
       - name: Log in to Container Registry
@@ -120,17 +146,17 @@ jobs:
       # ── CVE scan of the pushed image ────────────────────────────────────────
       # Images are FROM scratch — no OS packages, only binary CVE scan
       - name: Trivy — image scan (${{ matrix.name }})
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.30.0
         with:
           scan-type: image
           image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.ver.outputs.tag }}${{ matrix.suffix }}
           format: sarif
           output: trivy-image-${{ matrix.name }}.sarif
           severity: HIGH,CRITICAL
-          exit-code: 0  # warn only; change to 1 to block on vulnerabilities
+          exit-code: 1  # block release on HIGH/CRITICAL vulnerabilities
 
       - name: Upload Trivy image results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: trivy-image-${{ matrix.name }}.sarif
@@ -158,6 +184,18 @@ jobs:
         id: ver
         run: echo "tag=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT
 
+      # ── Binary — extract from Docker image ──────────────────────────────────
+      - name: Extract binary from image
+        run: |
+          docker create --name nora-extract \
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.ver.outputs.tag }}
+          docker cp nora-extract:/usr/local/bin/nora ./nora-linux-amd64
+          docker rm nora-extract
+          chmod +x ./nora-linux-amd64
+          sha256sum ./nora-linux-amd64 > nora-linux-amd64.sha256
+          echo "Binary size: $(du -sh nora-linux-amd64 | cut -f1)"
+          cat nora-linux-amd64.sha256
+
       # ── SBOM — Software Bill of Materials ───────────────────────────────────
       - name: Generate SBOM (SPDX)
         uses: anchore/sbom-action@v0
@@ -182,9 +220,25 @@ jobs:
         with:
           generate_release_notes: true
           files: |
+            nora-linux-amd64
+            nora-linux-amd64.sha256
             nora-${{ github.ref_name }}.sbom.spdx.json
             nora-${{ github.ref_name }}.sbom.cdx.json
           body: |
+            ## Install
+
+            ```bash
+            curl -fsSL https://getnora.io/install.sh | sh
+            ```
+
+            Or download the binary directly:
+
+            ```bash
+            curl -LO https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/nora-linux-amd64
+            chmod +x nora-linux-amd64
+            sudo mv nora-linux-amd64 /usr/local/bin/nora
+            ```
+
             ## Docker
 
             **Alpine (standard):**
@@ -197,6 +251,11 @@ jobs:
             docker pull ghcr.io/${{ github.repository }}:${{ github.ref_name }}-redos
             ```
 
+            **Astra Linux SE:**
+            ```bash
+            docker pull ghcr.io/${{ github.repository }}:${{ github.ref_name }}-astra
+            ```
+
             ## Changelog
 
             See [CHANGELOG.md](https://github.com/${{ github.repository }}/blob/main/CHANGELOG.md)

CHANGELOG.md

@@ -4,6 +4,104 @@ All notable changes to NORA will be documented in this file.
 
 ---
 
+## [0.2.24] - 2026-02-24
+
+### Added / Добавлено
+- `install.sh` installer script live at <https://getnora.io/install.sh> — `curl -fsSL https://getnora.io/install.sh | sh`
+- Скрипт установки `install.sh` доступен на <https://getnora.io/install.sh>
+
+### CI/CD
+- Restore Astra Linux SE Docker image build, Trivy scan, and release artifact (`-astra` tag)
+- Восстановлена сборка Docker-образа для Astra Linux SE, сканирование Trivy и артефакт релиза (тег `-astra`)
+
+---
+
+## [0.2.23] - 2026-02-24
+
+### Added / Добавлено
+- Binary (`nora`) + SHA-256 checksum attached to every GitHub Release
+- Бинарник (`nora`) и SHA-256 контрольная сумма прикреплены к каждому релизу GitHub
+
+### Fixed / Исправлено
+- Security: bump `prometheus` 0.13 → 0.14 (CVE-2025-53605) and `bytes` 1.11.0 → 1.11.1 (CVE-2026-25541)
+- Безопасность: обновлены `prometheus` 0.13 → 0.14 (CVE-2025-53605) и `bytes` 1.11.0 → 1.11.1 (CVE-2026-25541)
+
+### CI/CD
+- Add Dependabot for automated dependency updates / Добавлен Dependabot для автоматического обновления зависимостей
+- Pin `aquasecurity/trivy-action` to `0.30.0`, bump to `0.34.1`; scan gate blocks release on HIGH/CRITICAL CVE
+- Закреплён `trivy-action@0.30.0`, обновлён до `0.34.1`; сканирование блокирует релиз при HIGH/CRITICAL CVE
+- Upgrade `codeql-action` v3 → v4 / Обновлён `codeql-action` v3 → v4
+- Fix `deny.toml` deprecated keys (`copyleft`, `unlicensed` removed in `cargo-deny`) / Исправлены устаревшие ключи в `deny.toml`
+- Fix binary path in Docker image (`/usr/local/bin/nora`) / Исправлен путь бинарника в Docker-образе
+- Pin build job to `nora` runner label / Джоб сборки закреплён за runner'ом с меткой `nora`
+- Allow `CDLA-Permissive-2.0` license (`webpki-roots`) / Разрешена лицензия `CDLA-Permissive-2.0`
+- Ignore `RUSTSEC-2025-0119` (unmaintained transitive dep `number_prefix` via `indicatif`)
+
+### Dependencies / Зависимости
+- `chrono` 0.4.43 → 0.4.44
+- `quick-xml` 0.31.0 → 0.39.2
+- `toml` 0.8.23 → 1.0.3+spec-1.1.0
+- `flate2` 1.1.8 → 1.1.9
+- `softprops/action-gh-release` 1 → 2
+- `actions/checkout` 4 → 6
+- `docker/build-push-action` 5 → 6
+
+### Documentation / Документация
+- Replace text title with SVG logo; `O` styled in blue-600 / Заголовок заменён SVG-логотипом; буква `O` стилизована в blue-600
+
+---
+
+## [0.2.22] - 2026-02-24
+
+### Changed / Изменено
+- First stable release with Docker images published to container registry
+- Первый стабильный релиз с Docker-образами, опубликованными в container registry
+
+---
+
+## [0.2.21] - 2026-02-24
+
+### CI/CD
+- Consolidate all Docker builds into a single job to fix runner network issues / Все Docker-сборки объединены в один job для устранения сетевых проблем runner'а
+- Build musl static binary for maximum portability / Сборка musl-бинарника для максимальной переносимости
+- Add security scanning (Trivy) + SBOM generation to release pipeline / Добавлено сканирование безопасности (Trivy) и генерация SBOM в pipeline релиза
+- Add Cargo cache to speed up builds / Добавлен кэш Cargo для ускорения сборок
+- Replace `gitleaks` GitHub Action with CLI (no license requirement) / `gitleaks` Action заменён CLI-вызовом (лицензия не требуется)
+- Use GitHub-runner's own Rust toolchain (avoid path conflicts) / Используется Rust toolchain самого GitHub-runner'а
+- Use shared runner filesystem instead of artifact API (avoids network upload latency) / Общая файловая система runner'а вместо artifact API
+- Remove Astra Linux build temporarily / Сборка для Astra Linux временно удалена
+
+---
+
+## [0.2.20] - 2026-02-23
+
+### Added / Добавлено
+- Parallel CI builds for Astra Linux and RedOS / Параллельная сборка в CI для Astra Linux и RedOS
+
+### Changed / Изменено
+- Use `FROM scratch` base image for Astra Linux and RedOS Docker builds / Базовый образ `FROM scratch` для Docker-сборок Astra Linux и RedOS
+- Shared `reqwest::Client` across all registry handlers / Общий `reqwest::Client` для всех registry-обработчиков
+
+### Fixed / Исправлено
+- Auth: replace `starts_with` with explicit `matches!` for token path checks / Аутентификация: `starts_with` заменён явной проверкой `matches!` для путей с токенами
+- Remove unnecessary QEMU step for amd64-only builds / Удалён лишний шаг QEMU для amd64-сборок
+
+---
+
+## [0.2.19] - 2026-01-31
+
+### Added / Добавлено
+- Pre-commit hook to prevent accidental commits of sensitive files / Pre-commit хук для защиты от случайного коммита чувствительных файлов
+- README badges: build status, version, license / Бейджи в README: статус сборки, версия, лицензия
+
+### Performance / Производительность
+- In-memory repository index with pagination for faster dashboard load / Индекс репозитория в памяти с пагинацией для ускорения загрузки дашборда
+
+### Fixed / Исправлено
+- Use `div_ceil` instead of manual ceiling division / Использован `div_ceil` вместо ручной реализации деления с округлением вверх
+
+---
+
 ## [0.2.18] - 2026-01-31
 
 ### Changed

Cargo.lock

@@ -234,9 +234,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 
 [[package]]
 name = "bytes"
-version = "1.11.0"
+version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3"
+checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
 
 [[package]]
 name = "cc"
@@ -262,9 +262,9 @@ checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724"
 
 [[package]]
 name = "chrono"
-version = "0.4.43"
+version = "0.4.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118"
+checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0"
 dependencies = [
  "iana-time-zone",
  "js-sys",
@@ -495,9 +495,9 @@ checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582"
 
 [[package]]
 name = "flate2"
-version = "1.1.8"
+version = "1.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b375d6465b98090a5f25b1c7703f3859783755aa9a80433b36e0379a3ec2f369"
+checksum = "843fba2746e448b37e26a819579957415c8cef339bf08564fe8b7ddbd959573c"
 dependencies = [
  "crc32fast",
  "miniz_oxide",
@@ -1201,7 +1201,7 @@ checksum = "38bf9645c8b145698bb0b18a4637dcacbc421ea49bef2317e4fd8065a387cf21"
 
 [[package]]
 name = "nora-cli"
-version = "0.2.20"
+version = "0.2.22"
 dependencies = [
  "clap",
  "flate2",
@@ -1215,7 +1215,7 @@ dependencies = [
 
 [[package]]
 name = "nora-registry"
-version = "0.2.20"
+version = "0.2.22"
 dependencies = [
  "async-trait",
  "axum",
@@ -1253,7 +1253,7 @@ dependencies = [
 
 [[package]]
 name = "nora-storage"
-version = "0.2.20"
+version = "0.2.22"
 dependencies = [
  "axum",
  "base64",
@@ -1412,9 +1412,9 @@ dependencies = [
 
 [[package]]
 name = "prometheus"
-version = "0.13.4"
+version = "0.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d33c28a30771f7f96db69893f78b857f7450d7e0237e9c8fc6427a81bae7ed1"
+checksum = "3ca5326d8d0b950a9acd87e6a3f94745394f62e4dae1b1ee22b2bc0c394af43a"
 dependencies = [
  "cfg-if",
  "fnv",
@@ -1422,14 +1422,28 @@ dependencies = [
  "memchr",
  "parking_lot",
  "protobuf",
- "thiserror 1.0.69",
+ "thiserror 2.0.18",
 ]
 
 [[package]]
 name = "protobuf"
-version = "2.28.0"
+version = "3.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94"
+checksum = "d65a1d4ddae7d8b5de68153b48f6aa3bba8cb002b243dbdbc55a5afbc98f99f4"
+dependencies = [
+ "once_cell",
+ "protobuf-support",
+ "thiserror 1.0.69",
+]
+
+[[package]]
+name = "protobuf-support"
+version = "3.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3e36c2f31e0a47f9280fb347ef5e461ffcd2c52dd520d8e216b52f93b0b0d7d6"
+dependencies = [
+ "thiserror 1.0.69",
+]
 
 [[package]]
 name = "quanta"
@@ -1448,9 +1462,9 @@ dependencies = [
 
 [[package]]
 name = "quick-xml"
-version = "0.31.0"
+version = "0.39.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1004a344b30a54e2ee58d66a71b32d2db2feb0a31f9a2d302bf0536f15de2a33"
+checksum = "958f21e8e7ceb5a1aa7fa87fab28e7c75976e0bfe7e23ff069e0a260f894067d"
 dependencies = [
  "memchr",
  "serde",
@@ -1836,11 +1850,11 @@ dependencies = [
 
 [[package]]
 name = "serde_spanned"
-version = "0.6.9"
+version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bf41e0cfaf7226dca15e8197172c295a782857fcb97fad1808a166870dee75a3"
+checksum = "f8bbf91e5a4d6315eee45e704372590b30e260ee83af6639d64557f51b067776"
 dependencies = [
- "serde",
+ "serde_core",
 ]
 
 [[package]]
@@ -2139,44 +2153,42 @@ dependencies = [
 
 [[package]]
 name = "toml"
-version = "0.8.23"
+version = "1.0.3+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc1beb996b9d83529a9e75c17a1686767d148d70663143c7854d8b4a09ced362"
-dependencies = [
- "serde",
- "serde_spanned",
- "toml_datetime",
- "toml_edit",
-]
-
-[[package]]
-name = "toml_datetime"
-version = "0.6.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22cddaf88f4fbc13c51aebbf5f8eceb5c7c5a9da2ac40a13519eb5b0a0e8f11c"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "toml_edit"
-version = "0.22.27"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a"
+checksum = "c7614eaf19ad818347db24addfa201729cf2a9b6fdfd9eb0ab870fcacc606c0c"
 dependencies = [
  "indexmap",
- "serde",
+ "serde_core",
  "serde_spanned",
  "toml_datetime",
- "toml_write",
+ "toml_parser",
+ "toml_writer",
  "winnow",
 ]
 
 [[package]]
-name = "toml_write"
-version = "0.1.2"
+name = "toml_datetime"
+version = "1.0.0+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d99f8c9a7727884afe522e9bd5edbfc91a3312b36a77b5fb8926e4c31a41801"
+checksum = "32c2555c699578a4f59f0cc68e5116c8d7cabbd45e1409b989d4be085b53f13e"
+dependencies = [
+ "serde_core",
+]
+
+[[package]]
+name = "toml_parser"
+version = "1.0.9+spec-1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "702d4415e08923e7e1ef96cd5727c0dfed80b4d2fa25db9647fe5eb6f7c5a4c4"
+dependencies = [
+ "winnow",
+]
+
+[[package]]
+name = "toml_writer"
+version = "1.0.6+spec-1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ab16f14aed21ee8bfd8ec22513f7287cd4a91aa92e44edfe2c17ddd004e92607"
 
 [[package]]
 name = "tonic"
@@ -2856,9 +2868,6 @@ name = "winnow"
 version = "0.7.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5a5364e9d77fcdeeaa6062ced926ee3381faa2ee02d3eb83a5c27a8825540829"
-dependencies = [
- "memchr",
-]
 
 [[package]]
 name = "wiremock"
@@ -3038,9 +3047,9 @@ dependencies = [
 
 [[package]]
 name = "zlib-rs"
-version = "0.5.5"
+version = "0.6.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "40990edd51aae2c2b6907af74ffb635029d5788228222c4bb811e9351c0caad3"
+checksum = "c745c48e1007337ed136dc99df34128b9faa6ed542d80a1c673cf55a6d7236c8"
 
 [[package]]
 name = "zmij"

Cargo.toml

@@ -7,7 +7,7 @@ members = [
 ]
 
 [workspace.package]
-version = "0.2.22"
+version = "0.2.24"
 edition = "2021"
 license = "MIT"
 authors = ["DevITWay <devitway@gmail.com>"]

README.md

@@ -1,4 +1,5 @@
-# 🐿️ N○RA
+<img src="logo.jpg" alt="NORA" height="120" />
+
 
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
 [![Release](https://img.shields.io/github/v/release/getnora-io/nora)](https://github.com/getnora-io/nora/releases)

deny.toml

@@ -4,7 +4,9 @@
 [advisories]
 # Vulnerability database (RustSec)
 db-urls = ["https://github.com/rustsec/advisory-db"]
-ignore = []
+ignore = [
+    "RUSTSEC-2025-0119",  # number_prefix unmaintained, transitive via indicatif; no fix available
+]
 
 [licenses]
 # Allowed open-source licenses
@@ -20,15 +22,13 @@ allow = [
     "CC0-1.0",
     "OpenSSL",
     "Zlib",
-    "MPL-2.0",           # Mozilla Public License — ok for binary linking
+    "CDLA-Permissive-2.0",   # webpki-roots (CA certificates bundle)
+    "MPL-2.0",
 ]
-copyleft = "warn"        # GPL etc — warn, don't block
-unlicensed = "deny"
 
 [bans]
 multiple-versions = "warn"
 deny = [
-    # Prefer rustls over openssl for static builds and supply chain cleanliness
     { name = "openssl-sys" },
     { name = "openssl" },
 ]
@@ -37,5 +37,4 @@ skip = []
 [sources]
 unknown-registry = "warn"
 unknown-git = "warn"
-# Allow only the official crates.io index
 allow-registry = ["https://github.com/rust-lang/crates.io-index"]

install.sh

@@ -0,0 +1,98 @@
+#!/usr/bin/env sh
+# NORA installer — https://getnora.io/install.sh
+# Usage: curl -fsSL https://getnora.io/install.sh | sh
+
+set -e
+
+REPO="getnora-io/nora"
+BINARY="nora"
+INSTALL_DIR="/usr/local/bin"
+
+# ── Detect OS and architecture ──────────────────────────────────────────────
+
+OS="$(uname -s)"
+ARCH="$(uname -m)"
+
+case "$OS" in
+  Linux)  os="linux" ;;
+  Darwin) os="darwin" ;;
+  *)
+    echo "Unsupported OS: $OS"
+    echo "Please download manually: https://github.com/$REPO/releases/latest"
+    exit 1
+    ;;
+esac
+
+case "$ARCH" in
+  x86_64 | amd64) arch="amd64" ;;
+  aarch64 | arm64) arch="arm64" ;;
+  *)
+    echo "Unsupported architecture: $ARCH"
+    echo "Please download manually: https://github.com/$REPO/releases/latest"
+    exit 1
+    ;;
+esac
+
+ASSET="${BINARY}-${os}-${arch}"
+
+# ── Get latest release version ──────────────────────────────────────────────
+
+VERSION="$(curl -fsSL "https://api.github.com/repos/$REPO/releases/latest" \
+  | grep '"tag_name"' \
+  | sed 's/.*"tag_name": *"\([^"]*\)".*/\1/')"
+
+if [ -z "$VERSION" ]; then
+  echo "Failed to get latest version"
+  exit 1
+fi
+
+echo "Installing NORA $VERSION ($os/$arch)..."
+
+# ── Download binary and checksum ────────────────────────────────────────────
+
+BASE_URL="https://github.com/$REPO/releases/download/$VERSION"
+TMP_DIR="$(mktemp -d)"
+trap 'rm -rf "$TMP_DIR"' EXIT
+
+echo "Downloading $ASSET..."
+curl -fsSL "$BASE_URL/$ASSET" -o "$TMP_DIR/$BINARY"
+curl -fsSL "$BASE_URL/$ASSET.sha256" -o "$TMP_DIR/$ASSET.sha256"
+
+# ── Verify checksum ─────────────────────────────────────────────────────────
+
+echo "Verifying checksum..."
+EXPECTED="$(awk '{print $1}' "$TMP_DIR/$ASSET.sha256")"
+ACTUAL="$(sha256sum "$TMP_DIR/$BINARY" | awk '{print $1}')"
+
+if [ "$EXPECTED" != "$ACTUAL" ]; then
+  echo "Checksum mismatch!"
+  echo "  Expected: $EXPECTED"
+  echo "  Actual:   $ACTUAL"
+  exit 1
+fi
+
+echo "Checksum OK"
+
+# ── Install ─────────────────────────────────────────────────────────────────
+
+chmod +x "$TMP_DIR/$BINARY"
+
+if [ -w "$INSTALL_DIR" ]; then
+  mv "$TMP_DIR/$BINARY" "$INSTALL_DIR/$BINARY"
+elif command -v sudo >/dev/null 2>&1; then
+  sudo mv "$TMP_DIR/$BINARY" "$INSTALL_DIR/$BINARY"
+else
+  # Fallback to ~/.local/bin
+  INSTALL_DIR="$HOME/.local/bin"
+  mkdir -p "$INSTALL_DIR"
+  mv "$TMP_DIR/$BINARY" "$INSTALL_DIR/$BINARY"
+  echo "Installed to $INSTALL_DIR/$BINARY"
+  echo "Make sure $INSTALL_DIR is in your PATH"
+fi
+
+# ── Done ────────────────────────────────────────────────────────────────────
+
+echo ""
+echo "NORA $VERSION installed to $INSTALL_DIR/$BINARY"
+echo ""
+nora --version 2>/dev/null || true

logo.svg

@@ -0,0 +1,5 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 300 72" width="300" height="72">
+  <text font-family="'SF Mono', 'Fira Code', 'Cascadia Code', monospace" font-weight="800" fill="#0f172a" letter-spacing="1">
+    <tspan x="8" y="58" font-size="52">N</tspan><tspan font-size="68" dy="-10" fill="#2563EB">O</tspan><tspan font-size="52" dy="10">RA</tspan>
+  </text>
+</svg>

nora-cli/Cargo.toml

@@ -20,4 +20,4 @@ serde_json.workspace = true
 clap = { version = "4", features = ["derive"] }
 indicatif = "0.17"
 tar = "0.4"
-flate2 = "1.0"
+flate2 = "1.1"

nora-registry/Cargo.toml

@@ -26,18 +26,18 @@ sha2.workspace = true
 async-trait.workspace = true
 hmac.workspace = true
 hex.workspace = true
-toml = "0.8"
+toml = "1.0"
 uuid = { version = "1", features = ["v4"] }
 bcrypt = "0.17"
 base64 = "0.22"
-prometheus = "0.13"
+prometheus = "0.14"
 lazy_static = "1.5"
 httpdate = "1"
 utoipa = { version = "5", features = ["axum_extras"] }
 utoipa-swagger-ui = { version = "9", features = ["axum", "reqwest"] }
 clap = { version = "4", features = ["derive"] }
 tar = "0.4"
-flate2 = "1.0"
+flate2 = "1.1"
 indicatif = "0.17"
 chrono = { version = "0.4", features = ["serde"] }
 thiserror = "2"

nora-storage/Cargo.toml

@@ -19,10 +19,10 @@ serde.workspace = true
 serde_json.workspace = true
 tracing.workspace = true
 tracing-subscriber.workspace = true
-toml = "0.8"
+toml = "1.0"
 uuid = { version = "1", features = ["v4"] }
 sha2 = "0.10"
 base64 = "0.22"
 httpdate = "1"
 chrono = { version = "0.4", features = ["serde"] }
-quick-xml = { version = "0.31", features = ["serialize"] }
+quick-xml = { version = "0.39", features = ["serialize"] }