brew package intelligence

withgraphite/tap/graphite

Automic Vault tracks withgraphite/tap/graphite because plain text graphite cli tokens matters when AI agents run command-line tools on macOS.

Read docs Run scanner

overview

What Automic Vault knows about withgraphite/tap/graphite

This package is present in local Automic Vault package data. The page is generated so package-specific security metadata has a stable URL.

Homepage

Not present in the local metadata.

Commands and aliases

No executable aliases were found in the local package database.

radioisotope

Plain Text Graphite CLI Tokens

Graphite CLI stores auth tokens in its XDG config directory, usually in ~/.config/graphite/auth, and can also store profile tokens in user_config. Our isotope stores those token-bearing config files in the macOS keychain and injects them through a temporary XDG_CONFIG_HOME while `gt` runs.

Local README excerpt

Graphite CLI Radioisotope

Graphite CLI stores authentication in its XDG config directory, usually ~/.config/graphite/auth. It can also store profile auth tokens in ~/.config/graphite/user_config.

The radioisotope moves the token-bearing config into the macOS keychain and runs gt with a temporary XDG_CONFIG_HOME containing the injected Graphite config files.

Caveats

Only the current XDG config layout is migrated.
auth, user_config, and aliases are injected when available, but runtime

auth/config/alias changes are not persisted back to the keychain.

If user_config contains auth tokens, the original file is replaced with an

empty JSON object after migration.

Direct execution of the original binary will not receive credentials.

Source: data/radioisotopes/graphite/README.md

Coverage source

https://github.com/withgraphite/homebrew-tap/blob/HEAD/Formula/graphite.rb

Caveats

Only the current XDG config layout is migrated.
Runtime auth/config/alias changes are not persisted back to keychain.
Direct execution of the original binary will not receive credentials.

install metadata

Resolver facts

Package key	brew:withgraphite/tap/graphite

source trail

Generated from repository data

This page is regenerated by scripts/generate-pkg-pages.py. Deployments refuse to publish if www/pkg/ is stale relative to local package data.

Used sources

local isotope README
radioisotope security manifest