Credential access
Reads GitHub CLI tokens and can print or use them for API calls.
brew / approval gates
GitHub command-line tool. Version 2.96.0 via Homebrew; verified 2026-07-03.
agent safety
gh is the GitHub control-plane CLI for repositories, releases, issues, and authenticated developer state.
Reads GitHub CLI tokens and can print or use them for API calls.
Can modify repositories, pull requests, releases, secrets, and organization state.
Can create releases, upload assets, and trigger release automation.
Use GitHub token protection plus approval gates for write and token-display commands.
Permit status and read-only queries; require approval for token output, release creation, repo writes, and workflow dispatch.
install
brew install ghlocal Homebrew formula metadata
sudo port install ghMacPorts ports tree · devel/gh/Portfile · source: api.github.com
sudo apt install ghDebian stable package indexes · gh · source: deb.debian.org
sudo dnf install ghFedora Rawhide package metadata · gh · source: dl.fedoraproject.org
nix profile install nixpkgs#ghnixpkgs package indexes · pkgs/by-name/gh/gh/package.nix · source: api.github.com
sudo zypper install ghopenSUSE Tumbleweed package metadata · gh · source: download.opensuse.org
choco install ghChocolatey community package catalog · gh · source: community.chocolatey.org
scoop install main/ghScoop official bucket manifest trees · bucket/gh.json · source: api.github.com
winget install --id GitHub.cli -eWindows Package Manager source index · GitHub.cli · source: cdn.winget.microsoft.com
overview
GitHub command-line tool
history
GitHub CLI, invoked as `gh`, is GitHub's official command-line tool for working with pull requests, issues, repositories, releases, Actions, authentication, and GitHub API data from a terminal.
GitHub created the cli/cli repository in October 2019 and opened the project as a new official CLI distinct from the older community `hub` tool. GitHub announced the beta in February 2020 and released GitHub CLI 1.0 in September 2020.
The README frames `gh` as a standalone tool that brings GitHub concepts next to `git` and source code work. The project grew into a cross-platform Go CLI with first-party manuals, release binaries, package repositories, GitHub Enterprise support, extension support, API helpers, and later supply-chain features such as build provenance attestations for release artifacts.
GitHub CLI has broad adoption because it is distributed through GitHub's own package repositories and release binaries, package managers such as Homebrew and WinGet, and GitHub-hosted Actions runner images. Its first-party status made it a standard automation interface for GitHub workflows in shells and CI jobs.
Practitioners use `gh` to create and review pull requests, triage issues, clone and browse repositories, trigger or inspect Actions workflows, manage releases and gists, authenticate to GitHub hosts, call the GitHub API, and script repository operations without leaving the command line.
For package and automation ecosystems, `gh` is important because it gives GitHub an official, versioned executable surface. Package maintainers can depend on consistent commands across macOS, Linux, and Windows, while CI authors can use a preinstalled or easily installed binary instead of hand-rolling API calls.
approval gates
The local approval-gate seed includes 7 rules for gh. Covered entrypoints: gh. Severity labels: critical, high. Coverage: partial, reviewed 2026-05-21.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
$XDG_CONFIG_HOME/gh/config.yml~/.config/gh/config.yml%AppData%\GitHub CLI\config.ymlCredential-bearing paths to review before unattended agent runs.
$XDG_CONFIG_HOME/gh/hosts.yml~/.config/gh/hosts.yml%AppData%\GitHub CLI\hosts.ymlexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
gh | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
install metadata
| Package key | brew:gh |
|---|---|
| Version | 2.96.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/gh |
| Homepage | https://cli.github.com/ |
| Repository | https://github.com/cli/cli |
| Upstream docs | https://cli.github.com/manual/gh |
| License | MIT |
| Source archive | https://github.com/cli/cli/archive/refs/tags/v2.96.0.tar.gz |
| Last updated | 2026-07-03T00:29:16Z |
| Pulse | updated |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | gh |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
gh 2.46.0-3
GitHub CLI, GitHub’s official command line tool
sudo apt install ghgh
nix profile install nixpkgs#ghgh 2.45.0-1build1
GitHub CLI, GitHub’s official command line tool
sudo apt install ghgh 2.93.0-1.fc45
GitHub's official command line tool
sudo dnf install ghgh 2.93.0-1.1
The official CLI for GitHub
sudo zypper install ghgh-bash-completion 2.93.0-1.1
Bash Completion for gh
sudo zypper install gh-bash-completiongh-fish-completion 2.93.0-1.1
Fish completion for gh
sudo zypper install gh-fish-completiongh-zsh-completion 2.93.0-1.1
ZSH Completion for gh
sudo zypper install gh-zsh-completiongh
sudo port install ghgh
choco install ghmain/gh
scoop install main/ghGitHub.cli
winget install --id GitHub.cli -esource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.