Automic VaultAutomic Vault

brew

Install wush with Homebrew, Nix

Transfer files between computers via WireGuard. Version 0.4.1 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install wush

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#wush

nixpkgs package indexes · pkgs/by-name/wu/wush/package.nix · source: api.github.com

overview

Package summary

Transfer files between computers via WireGuard

Commands and aliases

  • wush

history

Project history and usage

wush is a Coder-maintained command-line tool for file transfer and remote shell access over peer-to-peer WireGuard connections. Its README describes it as similar to magic-wormhole but without needing to set up or trust a relay server for authentication, and with WireGuard as the secure transport.

Project history

The project is published at `coder/wush` and is written in Go. Its repository structure includes CLI commands, a browser-facing site, overlay networking code, and SSH-related code, reflecting a tool that grew from simple file transfer into a broader remote-access utility.

wush builds on Tailscale's `tsnet` package and public DERP relays but does not require a Tailscale account. The README explains that each CLI manages an in-memory control server, exchanges WireGuard nodes over UDP or DERP, and authenticates connections with x25519 keys embedded in the auth string.

Adoption history

The public repository has drawn visible interest for a young networking utility, with GitHub showing roughly 1.4k stars. Coder also publishes `wush-action`, a GitHub Action that uses wush to SSH into GitHub Actions runners; its README documents a v1.0.0 release on July 26, 2025 and supported Linux, Windows, and macOS runners.

How it is used

A typical flow starts with `wush serve` on a host, which prints an auth key. A client can then run commands such as `wush cp` to copy files or `wush ssh` to open a shell, paste the auth key, and connect over the WireGuard-backed overlay. The hosted `wush.dev` page also presents the tool as send, receive, and access, with command-line to browser use.

Why package nerds care

wush is significant to package and networking-tool watchers because it combines several fashionable building blocks into a small CLI: WireGuard, NAT traversal, DERP fallback, magic-wormhole-style pairing, and SSH/file-transfer workflows. It is not a full VPN product; it is a transient transport for moving bytes or opening shells with less setup.

Timeline

  • 2024: Public discussion and issues around wush appear in the GitHub repository.
  • 2025-07-26: `coder/wush-action` v1.0.0 is released for debugging GitHub Actions with wush.
  • 2026: `wush.dev` advertises wush v0.4.0 with WireGuard-powered peer-to-peer file transfer and remote access.

Related projects

  • wush is explicitly compared with magic-wormhole in its README. Internally it relies on Tailscale's tsnet and public DERP relay infrastructure, while exposing familiar user workflows such as copying files and opening SSH sessions.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 8 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
wushcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.4.1
manager updated
local dataok
upstreamcurrent
latest detectedv0.4.1

https://github.com/coder/wush

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:wush
Version0.4.1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/wush
Homepagehttps://github.com/coder/wush
Repositoryhttps://github.com/coder/wush
Upstream docshttps://github.com/coder/wush#readme
LicenseCC0-1.0
Source archivehttps://github.com/coder/wush/archive/refs/tags/v0.4.1.tar.gz
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namewush
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

wush

nix profile install nixpkgs#wush
  • normalized package name match
  • Matched by: Wush
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/wu/wush/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment