Cmdcrate takes one git tag and turns it into signed binaries for every OS and arch, a Homebrew tap, a Scoop bucket, an apt and an AUR package, a one-line install script, and a self-updating client — published in parallel, in under a minute. Stop hand-rolling release scripts. Pack the crate once; it lands on every developer's machine.
$ git tag v2.4.0 && git push --tags
cmdcrate detected tag v2.4.0 · crate.toml loaded
→ cross-compiling 6 os × 5 arch … 30 binaries 18s
→ signing cosign keyless (ci@acme.iam) · SLSA L3 4s
→ packing channels:
✓ homebrew acme/tap bottle + formula
✓ scoop acme/bucket manifest + hash
✓ apt / deb repo.acme.dev amd64 · arm64
✓ aur acme-cli-bin PKGBUILD bumped
✓ npm @acme/cli postinstall shim
✓ install.sh get.acme.dev curl | sh, pinned
released v2.4.0 · 30 artifacts · 6 channels · 47s
clients on auto-update will pull within the hour
$ _One crate.toml feeds every channel a developer already installs from
Describe your CLI once in a crate.toml and Cmdcrate handles the matrix nobody wants to maintain — every OS, every arch, every libc, cross-compiled, stripped, reproducible, and signed before a single byte is published.
Linux, macOS, Windows, FreeBSD; amd64, arm64, armv7, riscv64; glibc and musl. Cmdcrate fans the build across the whole matrix in parallel, so a 30-target release finishes in the time a laptop builds one.
Pinned toolchains and a hermetic build sandbox mean the binary you ship today rebuilds bit-for-bit next year. The same input tag always produces the same digest — provable, not promised.
Every artifact is cosign-signed keylessly from your CI identity and stamped with SLSA build provenance. No long-lived key to leak, and any user can verify a binary came from your pipeline before they run it.
Conventional commits become a grouped, human-readable release note automatically — features, fixes, breaking changes — attached to the GitHub release and every package manifest. No more writing the same notes six times.
What a release looks like once Cmdcrate is driving
Nobody reads your README to learn the install command — they reach for the package manager already on their machine. Cmdcrate publishes to all of them from one release, so whatever a user types, your CLI is one line away and already up to date.
Cmdcrate owns the boring half of distribution: it opens the PR to your Homebrew tap, regenerates the Scoop manifest with the right hashes, bumps the AUR PKGBUILD, signs the apt repo, and pushes the Winget manifest — every channel, every release, with zero manual edits. The formula, the bottle, the checksum, the version string: all generated from the same artifacts you just built, so a channel can never drift out of sync with the binary it points at.
Ship a curl | sh installer that detects OS and arch, verifies the signature, and pins a version — served from your domain over an immutable CDN path. No piping an unsigned blob from a stranger.
Binaries mirror to edge regions worldwide, so a developer in Sydney pulls from Sydney. Versioned, content-addressed URLs mean an old release link never rots.
Promote a build from nightly to beta to stable with one command. Power users opt into the edge; everyone else stays on the channel you bless — same crate, different lane.
Distribute company-only CLIs behind SSO with token-gated install. The same one-line experience your team loves, scoped to people who are actually on the payroll.
Pick the row that matches a user's machine — Cmdcrate generates the native package for it from the exact binaries your tag just produced, with the right checksum, signature, and version string already filled in. No per-ecosystem submission ritual to learn.
Opens the PR to your tap with a versioned formula and a poured bottle per arch. `brew install acme` resolves the moment the release lands.
Generates a Scoop manifest with correct SHA-256 hashes and submits the Winget package — plus a signed MSI when you want a double-click installer.
Builds amd64 and arm64 .deb packages and signs your apt repo, so `apt install` pulls a verified binary from a key your users already trust.
Bumps the PKGBUILD and the .SRCINFO on every tag and pushes to your `-bin` package. Arch users stay current without you touching makepkg.
A `curl | sh` script that sniffs OS and arch, verifies the cosign signature, and pins the version — served over an immutable path on your own domain.
A postinstall shim that fetches the right prebuilt binary for npm-first teams, and a derivation for Nix users — both wired to the same signed artifacts.
“Our old release was a 400-line shell script, two hours of babysitting, and a 50/50 chance the Homebrew bump broke. We replaced all of it with a crate.toml and a git tag. A full release across nine channels now finishes before my coffee does.”
“The auto-updater changed how we think about shipping. We used to sit on fixes for weeks because half our users were on stale versions. Now we cut a patch, stage it to 10%, and the whole base is on it by the next morning — no announcement required.”
“We shipped a bad flag parser at 2pm, saw the error rate climb on the staged cohort, and rolled back from my phone before it ever hit the stable channel. With our hand-rolled pipeline that would've been a fire drill and a hotfix release.”
Shipping a release is only half the job — the other half is getting it onto machines that already installed last month's version. Cmdcrate embeds an updater in your binary, so adoption isn't a blog post you hope people read.
Link the Cmdcrate updater into your CLI and it checks your release feed, downloads the signed delta, verifies it, and swaps itself in place on next run — no package manager, no sudo, no user action.
Release to 5% of clients, watch the crash and error telemetry, then ramp to 100% — or halt instantly. A bad version reaches a handful of users, not your whole base.
Pull a release from the channel and self-updating clients fall back to the last good version on their next check. A regression is reverted in minutes, not in a frantic patch release.
Updates ship as binary diffs to keep them tiny, and every delta is verified against your signing identity before it's applied. A compromised mirror can't push a payload your users will trust.
See which versions are live across your install base in real time — what fraction upgraded, who's stuck on an ancient build, where the long tail lives. Deprecate with data instead of guesswork.
Warn users on an end-of-life version straight from their terminal, with the exact upgrade command for their platform. The nudge lands where they actually are.
Public CLIs ship free, forever — that's most of the ecosystem. You pay when you need private distribution, staged rollouts, and adoption analytics for a commercial tool.
For public CLIs and indie maintainers.
For commercial and internal command-line tools.
For regulated vendors and air-gapped fleets.
No. Cmdcrate wraps your existing build — Go, Rust, Zig, Node-with-pkg, a static C binary, whatever compiles. You write a crate.toml describing your targets and channels, and the release runs in your CI on a tag. The auto-updater is the only thing that links into your binary, and it's a few lines and entirely optional.
Yes — that's the point. The cross-compile matrix, the changelog, the signing, the tap and bucket and AUR bumps, the install script, the CDN, and the auto-updater are one tool driven by one config instead of a pile of scripts and one-off GitHub Actions you maintain by hand.
Every update is a binary delta signed with the same keyless identity that signed the original release, and the client verifies that signature against a transparency log before applying anything. Updates are fetched over your own immutable CDN paths, so a hijacked mirror or a man-in-the-middle can't hand your users a binary they'll trust.
On Open Source and Team, artifacts are served from Cmdcrate's edge CDN under versioned, content-addressed URLs you can point your own domain at. Enterprise can run self-hosted runners and mirror every artifact into storage you control, including fully air-gapped environments with no outbound connectivity.
Yes. Mark a crate private and installs are gated behind your SSO with short-lived tokens. Your team gets the same one-line brew, scoop, or curl experience as a public tool, but only people in your identity provider can pull the binary or receive updates.
Cmdcrate generates and submits the native artifact for each channel from the binaries you already built — Winget manifests, Scoop manifests with correct hashes, signed MSI where you want one, and Nixpkgs derivations. You don't need to learn each ecosystem's submission ritual; the tool speaks all of them.
Drop a crate.toml in your repo, push a tag, and watch signed binaries fan out to every package manager and onto every machine that auto-updates — in under a minute. No release script, no card to start, no channel left behind.