A small release that ships native musl binaries for Alpine users and splits the library half of fnox into its own fnox-core crate for downstream Rust consumers.
Added
musl Linux binaries (#452) -- @jdx
Releases now include x86_64-unknown-linux-musl and aarch64-unknown-linux-musl artifacts alongside the existing gnu builds. The previous glibc-linked binaries failed on Alpine with cannot execute: required file not found (missing libudev.so.1 and glibc-only symbols like __res_init) — even with gcompat installed. The musl builds are statically linked and run cleanly on alpine:3 and friends:
docker run --rm -v "$PWD:/work" alpine:3 sh -c \
'cd /work && tar xzf fnox-*-x86_64-unknown-linux-musl.tar.gz && ./fnox --version'Note: the fido2 provider is not compiled into musl builds (its ctap-hid-fido2 dependency doesn't build under musl). Alpine users needing hardware-key-style flows should use age, pass, or a cloud provider. The keychain provider compiles but, as on any headless Linux, requires a session bus at runtime.
Docs site favicons and web manifest (#448) -- @jdx
Adds a simplified vault-door favicon.svg plus favicon.ico, 16/32 PNGs, apple-touch-icon.png, Android Chrome icons, and a site.webmanifest for installable-PWA metadata.
Changed
fnox-core library crate (#458) -- @jdx
The repo is now a Cargo workspace, and the library half of fnox — every provider, the Provider trait, Config, SecretResolver, lease backends, settings, and the top-level Fnox API introduced in v1.22 — lives in a new fnox-core crate under crates/fnox-core/. The root fnox crate keeps the CLI-only pieces (commands, MCP server, TUI, shell integration, hook-env).
This is a pure refactor with no behavior change. Existing Rust consumers don't need to update imports: the binary crate's lib.rs re-exports every fnox-core module, so fnox::providers::*, fnox::config::*, fnox::Fnox, etc. continue to resolve. Projects that want a leaner dep tree can now depend on fnox-core directly instead.
Docs nav star badge (#447) -- @jdx
The GitHub link in the docs top-nav now reads ★ N instead of a bare number, and the count is actually populated on the live site — the deploy workflow now passes GITHUB_TOKEN to the VitePress build so stars.data.ts can hit the GitHub API at build time.
Full Changelog: v1.23.0...v1.23.1
💚 Sponsor fnox
fnox is maintained by @jdx under en.dev — a small independent studio building developer tooling like mise, aube, hk, and more. Keeping fnox secure, maintained, and free is funded by sponsors.
If fnox is handling secrets or config for you or your team, please consider sponsoring at en.dev. Sponsorships are what let fnox stay independent and the project keep moving.