Automic Vault

brew package intelligence

uv

Automic Vault tracks uv because plain text package credentials matters when AI agents run command-line tools on macOS.

Read docs Run scanner

overview

What Automic Vault knows about uv

Extremely fast Python package installer and resolver, written in Rust

Homepage

Not present in the local metadata.

Commands and aliases

No executable aliases were found in the local package database.

radioisotope

Plain Text Package Credentials

`uv auth login` stores package index credentials in a plaintext credentials.toml file by default. Our isotope stores that credentials file in the macOS keychain and exposes it through a temporary UV_CREDENTIALS_DIR only while `uv` runs.

Local README excerpt

uv Radioisotope

uv auth login stores HTTP package index credentials in a plaintext credentials.toml file by default.

This radioisotope migrates that credentials file into the Automic Vault keychain and wraps uv so the credentials are reconstructed in a temporary UV_CREDENTIALS_DIR only while uv is running.

Caveats

  • We currently migrate the default uv credentials file only.
  • UV_CREDENTIALS_DIR overrides are detected but must be migrated manually.
  • New uv auth login credentials written after migration are written to the

temporary runtime directory and will not persist.

Source: data/radioisotopes/uv/README.md

Caveats

  • We currently migrate the default uv credentials file only.
  • UV_CREDENTIALS_DIR overrides must be migrated manually.
  • New `uv auth login` writes after migration are not persisted.

approval gates

Human review metadata for risky commands

The local approval-gate seed includes 7 rules for uv. Covered entrypoints: uv, uvx. Severity labels: critical, high, medium.

Example gated actions

  • Extremely fast Python package installer and resolver, written in Rust
  • Publish distributions to a Python package index.
  • Install Python packages into an environment.
  • Remove Python packages from an environment.
  • Resolve dependencies and execute a command or script.
  • Synchronize an environment to lockfile or project metadata.
  • Download and execute a Python tool package.

install metadata

Resolver facts

Package keybrew:uv
Last updated2026-05-22T01:44:36Z
Pulseupdated

source trail

Generated from repository data

This page is regenerated by scripts/generate-pkg-pages.py. Deployments refuse to publish if www/pkg/ is stale relative to local package data.

Used sources

  • Nucleus package database
  • approval-gate seed metadata
  • local isotope README
  • radioisotope security manifest