Automic VaultAutomic Vault

brew

使用 Homebrew, Nix 安装 wrkflw

查看 wrkflw 的安装路径、可执行文件、元数据以及面向 AI 代理工作流的安全说明。

安装

其他安装命令

macOS

Homebrew已验证 · 100%
brew install wrkflw

local Homebrew formula metadata

Linux

Nix已验证 · 92%
nix profile install nixpkgs#wrkflw

nixpkgs package indexes · pkgs/by-name/wr/wrkflw/package.nix · 来源: api.github.com

概览

软件包摘要

Validate and execute GitHub Actions workflows locally

命令和别名

  • wrkflw

历史

项目历史与用法

wrkflw is a Rust command-line tool for validating and executing GitHub Actions workflows locally. It is a young project, created in 2025, but it has enough primary-source history to describe its niche: local CI workflow feedback before pushing to GitHub.

The project overlaps with tools such as `act`, but its README emphasizes validation, a terminal UI, multiple runtimes, expression evaluation, workflow dependency handling, reusable workflows, matrix builds, artifacts, cache, and secrets support.

项目历史

The `bahdotsh/wrkflw` repository and crates.io package were created on 29 March 2025. GitHub releases show a fast early cadence in 2025, including 0.3.0 in April, 0.4.0 later that month, and several 0.5 through 0.7 releases in August.

By April 2026, wrkflw had reached version 0.8.0. The author's 2026 project note frames wrkflw as both a serious CI-tooling project and a way to learn Rust deeply, specifically citing hard parts such as the expression evaluator, async executor/runtime boundaries, and error design.

采用历史

wrkflw's adoption is early but nontrivial for a new CLI: GitHub metadata shows thousands of stars within its first year, while crates.io records the package and version history. Its niche is the developer desire to test GitHub Actions locally rather than discovering workflow syntax or job-ordering problems only after a push.

The project also reflects a 2020s shift in CI tooling from remote-only validation toward local emulation. Its README lists Docker, Podman, plain emulation, and secure emulation runtimes, while the author note explains secure emulation as a compromise for users without containers who still need guardrails before running workflow steps locally.

使用方式

Users run wrkflw in repositories with GitHub Actions workflow files to validate workflow syntax and execute jobs locally. The tool supports selecting jobs, respecting `needs` dependencies, evaluating GitHub expression syntax, handling matrices, watching files, and using a TUI for workflow, execution, DAG, logs, trigger, secrets, and help views.

For package users, the important runtime distinction is container-backed execution versus emulation. The author's note is explicit that secure emulation does not provide full filesystem isolation; it validates commands, strips risky environment variables, applies timeouts, and blocks obvious dangerous patterns, while Docker or Podman remain the stronger boundary.

为什么软件包爱好者会关心

wrkflw is significant as a modern local-CI CLI in Rust. It packages a large slice of GitHub Actions behavior into a local executable, giving developers faster feedback loops and package managers another option in the same broad problem space as `act`.

Its package-nerd interest is also architectural: CI workflow files combine YAML, expression language semantics, dependency graphs, containers, secrets, and artifacts. A single binary that attempts to validate and emulate that surface is useful even when users still rely on GitHub-hosted runners for final truth.

时间线

  • 2025-03-29: The GitHub repository and crates.io package are created.
  • 2025-04-21: wrkflw 0.3.0 is published on GitHub.
  • 2025-04-30: wrkflw 0.4.0 is published on GitHub.
  • 2025-08-13: wrkflw 0.7.0 is published on GitHub.
  • 2026-04-21: wrkflw 0.8.0 is published on GitHub and crates.io.
  • 2026: The author documents the design motivation behind secure emulation.

Related projects

  • nektos/act is the best-known adjacent tool for running GitHub Actions locally.
  • GitHub Actions is the workflow format and hosted CI service that wrkflw validates and emulates.
  • Docker and Podman are supported runtimes for container-backed local workflow execution.

安全态势

风险级别:绿色

narrow executable package without higher-risk signals.

风险分类器

绿色 风险 · 低 置信度 · appliance

原因

  • narrow executable package without higher-risk signals

信号

  • metadata:no-higher-risk-signals

安装行为

  • formula 元数据中未记录 Homebrew post-install 钩子。
  • Homebrew bottle 元数据适用于 6 个平台目标。
  • 构建元数据列出 2 个构建依赖。

建议审查

在无人值守的代理使用前,请检查该工具是否读取明文凭据、写入远程状态、发布制品或调用插件。

可执行文件

已安装的可执行文件

命令类型暴露范围备注
wrkflwcli全局可执行文件

新鲜度

版本和新鲜度

这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。

页面生成时间2026-07-08
管理器版本0.8.0
管理器更新时间2026-05-11
本地数据OK
上游当前
检测到的最新版本v0.8.0

https://github.com/bahdotsh/wrkflw

  • OK没有生成新鲜度警告。

安装元数据

软件包元数据

软件包键brew:wrkflw
版本0.8.0
软件包管理器Homebrew
软件包管理器页面https://formulae.brew.sh/formula/wrkflw
主页https://github.com/bahdotsh/wrkflw
仓库https://github.com/bahdotsh/wrkflw
上游文档https://github.com/bahdotsh/wrkflw#readme
许可证MIT
源码归档https://github.com/bahdotsh/wrkflw/archive/refs/tags/v0.8.0.tar.gz
最后更新2026-05-11T18:23:42-04:00
Pulseupdated
构建依赖pkgconf, rust
Bottle可用 (于 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-install未定义
服务未声明

注册表事实

源数据库详情

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namewrkflw
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

源数据库匹配

其他软件包管理器记录

匹配项来自外部软件包管理器索引,并与本地 Automic Vault 软件包链接分开显示。

Nix95%

wrkflw

nix profile install nixpkgs#wrkflw
  • normalized package name match
  • 匹配方式:Wrkflw
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/wr/wrkflw/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

来源线索

由仓库数据生成

此页面由 av-webscripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。

使用的来源

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment