Automic Vault

brew 软件包情报

安装 gh

查看 gh 的安装路径、可执行文件、元数据以及面向 AI 代理工作流的安全说明。

安装命令 安全说明

安装

使用 Automic Vault 安装

Automic Vault
下载 AV 
sudo av install brew:gh

macOS

Homebrew 已验证 · 100%
brew install gh

local Homebrew formula metadata

MacPorts 已验证 · 94%
sudo port install gh

MacPorts ports tree · devel/gh/Portfile · 来源: api.github.com

Linux

Debian apt 已验证 · 92%
sudo apt install gh

Debian stable package indexes · gh · 来源: deb.debian.org

Fedora dnf 已验证 · 92%
sudo dnf install gh

Fedora Rawhide package metadata · gh · 来源: dl.fedoraproject.org

Nix 已验证 · 92%
nix profile install nixpkgs#gh

nixpkgs package indexes · pkgs/by-name/gh/gh/package.nix · 来源: api.github.com

openSUSE zypper 已验证 · 92%
sudo zypper install gh

openSUSE Tumbleweed package metadata · gh · 来源: download.opensuse.org

Windows

Chocolatey 已验证 · 92%
choco install gh

Chocolatey community package catalog · gh · 来源: community.chocolatey.org

Scoop 已验证 · 92%
scoop install main/gh

Scoop official bucket manifest trees · bucket/gh.json · 来源: api.github.com

Windows Package Manager 已验证 · 92%
winget install --id GitHub.cli -e

Windows Package Manager source index · GitHub.cli · 来源: cdn.winget.microsoft.com

平台说明

  • 没有特定于此软件包的平台说明。

概览

软件包摘要

Automic Vault 根据本地软件包数据发布 gh 的安装路径、可执行文件事实和安全元数据。

命令和别名

  • gh

来源摘要

GitHub command-line tool

radioisotope

Trivially Accessible Secrets

`gh` stores its secrets in the Keychain but they can be trivially obtained: 1. `gh auth token` 2. `security find-generic-password -s 'gh:github.com' -w` Our isotope prevents anything but `gh` itself from accessing its secrets by gating `gh auth token` behind a Automic Vault human-approval prompt and gating attempts to use the macOS `security` tool behind a keychain approval prompt.

风险分类器

blue 风险 · high 置信度 · tool

原因

  • broad networked developer tool

信号

  • override:gh

安装行为

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • 构建元数据列出 1 个构建依赖。

本地 README 摘录

Automic Vault Fork Notes

This repository is the Automic Vault fork of GitHub CLI.

Automic Vault is a macOS-first secret and execution control system that keeps sensitive credentials behind explicit human approval in the Automic Vault GUI app instead of exposing them directly to terminal tools.

This fork currently adds the following behavior on top of upstream cli/cli:

  • Direct macOS Keychain access from the signed gh binary instead of

/usr/bin/security, so Keychain trust is attached to this app binary.

  • Human approval gating through the Automic Vault GUI daemon before commands

print stored tokens in plain text. This covers gh auth token, gh auth status --show-token, gh config get -h HOST oauth_token, and the hidden gh auth git-credential get helper.

  • A migration [subcommand] that the Automic Vault app uses when migrating

secrets from the factory-release to our isotope.

  • A hazard detector for insecure gh installs, including plaintext

hosts.yml tokens and Keychain ACLs that allow /usr/bin/security to read gh secrets.

来源: data/isotopes/gh-cli/README.md

Caveats

  • 本地 manifest 中没有列出注意事项。

审批门

Human review metadata for risky commands

The local approval-gate seed includes 7 rules for gh. Covered entrypoints: gh. Severity labels: critical, high. Coverage: partial, 已审查 2026-05-21.

受控操作示例

  • Print the active GitHub authentication token.
  • Create or refresh local GitHub authentication state.
  • Delete a GitHub repository.
  • Change repository settings, visibility, topics, or metadata.
  • Merge a pull request.
  • Create, upload to, edit, or delete GitHub releases.
  • Trigger a GitHub Actions workflow.

可执行文件

已安装的可执行文件

命令类型暴露范围备注
ghcliglobal executable

新鲜度

版本和新鲜度

这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。

页面生成时间2026-05-26
管理器版本2.92.0
管理器更新时间2026-05-21
本地数据ok
上游current
检测到的最新版本v2.92.0

https://github.com/cli/cli

  • ok没有生成新鲜度警告。

安装元数据

软件包元数据

软件包键brew:gh
版本2.92.0
软件包管理器Homebrew
软件包管理器页面https://formulae.brew.sh/formula/gh
主页https://cli.github.com/
仓库https://github.com/cli/cli
上游文档https://cli.github.com/
许可证MIT
源码归档https://github.com/cli/cli/archive/refs/tags/v2.92.0.tar.gz
更新2026-05-21T14:58:05+02:00
Pulseupdated
构建依赖go
Bottle可用 (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-install未定义
服务未声明

软件包图谱

链接来自本地软件包关系图、补充数据、依赖边、生态匹配和软件包 hub 归属。

相关

  • goBuild dependency declared by Homebrew.
  • saplingPopular package that depends on this formula.
  • sugarjarPopular package that depends on this formula.

也可通过以下方式获取

  • 没有记录跨生态等价项。

来源线索

由仓库数据生成

此页面由 scripts/generate-pkg-pages.py 写入。如果 www/pkg/ 相对于本地软件包数据已过期,部署会拒绝发布。

使用的来源

  • Geiger risk classifier
  • Nucleus package database
  • approval-gate seed metadata
  • cross-ecosystem install command graph
  • local isotope README
  • package relationship graph
  • package version freshness
  • package-page enrichment
  • radioisotope security manifest