Hive Hive
Sign in

Kura 0.9.0

Metadata
Source
GitHub
Version
kura@0.9.0
Published
Jun 10, 2026 · 17:46 UTC
Repository
tuist/tuist
Update

Kura 0.9.0 makes project-scoped tokens work across the full Bazel/Buck2 REAPI gRPC surface, the same way they already work over HTTP CAS.

  • You can now use project-scoped tokens for REAPI operations including GetCapabilities, FindMissingBlobs, BatchUpdateBlobs, BatchReadBlobs, action cache, ByteStream Read, and ByteStream Write.
  • Authorization now derives the project namespace from the REAPI instance_name or resource_name, so the token is checked against the exact storage target and cannot be redirected across projects.
  • When present, gRPC metadata headers x-kura-tenant-id and x-tuist-account-handle are used to enforce the same tenant check as the HTTP path. Clients that omit them keep the previous behavior.
  • ByteStream Write now authorizes once per stream on the first chunk, after the namespace is known, instead of authorizing before the stream starts.

Docker image: ghcr.io/tuist/kura:0.9.0