Installation
Kova is a native desktop application for macOS, Windows, and Linux. Download the latest release from the Releases page and follow the instructions for your platform below.
macOS
- Download the
.dmgfile from the Releases page. - Open the
.dmgand drag Kova.app into your Applications folder. - Launch Kova from Applications or Spotlight.
Universal binary
The .dmg is a universal binary — the same file runs natively on both Apple Silicon (M1/M2/M3/M4) and Intel Macs. No separate downloads needed.
Signed and notarised
Kova is signed and notarised by Apple. You will not see any security warning on first launch.
Windows
- Download the
.msifile from the Releases page. - Run the installer and follow the prompts.
- Download the
_x64-setup.exefile from the Releases page. - Run the setup executable and follow the prompts.
Windows SmartScreen
Because Kova is not yet code-signed for Windows, SmartScreen may show a "Windows protected your PC" warning.
To proceed: click More info → Run anyway.
This warning will disappear once Kova acquires a Windows code-signing certificate.
Linux
sudo curl -fsSL https://deb.kova.md/key.gpg \
| sudo gpg --dearmor -o /etc/apt/keyrings/kova.gpg
sudo tee /etc/apt/sources.list.d/kova.sources > /dev/null << EOF
Types: deb
URIs: https://deb.kova.md
Suites: stable
Components: main
Signed-By: /etc/apt/keyrings/kova.gpg
EOF
sudo apt update && sudo apt install kova
Flathub's current policy excludes LLM-assisted apps, so Kova ships from a self-hosted Flatpak repo:
Or build it locally from the manifest in the Kova repository:
- Download the
.AppImagefile. -
Make it executable:
-
Run it:
No automatic updates
The AppImage release does not currently support automatic in-app updates. Check the Releases page manually for new versions. This is a known limitation tracked in issue #3.
AppImageLauncher
For desktop integration (application menu entry, file associations), install AppImageLauncher and double-click the AppImage.
System requirements for AppImage: GTK/WebKit desktop environment, fontconfig.
Building from source
See the Contributing page for full instructions on cloning the repo, installing dependencies, and running a development build.
Verifying your version
After installing, open Kova and check Settings → Updates to see the installed version and optionally enable automatic update checks.
Verifying a download
You don't have to trust a release binary blindly — every release can be checked back to its source.
Build provenance (recommended)
Each release asset (.dmg, .msi, .exe, .deb, .rpm, .AppImage) carries a signed build provenance attestation tying it to the exact commit and GitHub Actions run that built it. Verify with the GitHub CLI:
A pass confirms the file was produced, unmodified, by Kova's release workflow from the KovaMD/Kova repository.
Rebuild from source (Nix)
For full reproducibility, rebuild from pinned source instead of trusting a prebuilt binary:
Package repositories
The APT and RPM repositories (deb.kova.md, rpm.kova.md) are GPG-signed — apt/dnf verify signatures automatically once the key is added, as shown above. Desktop auto-updates are signed with Tauri's updater key.
See SECURITY.md for how to report a vulnerability.