Rust-first, macOS-first CLI and local app broker for mediated credential access from the command line.
Release reference version: v2.0.0
apw remains the installed executable name.
This project is not affiliated with Apple. It interoperates with Apple-provided password infrastructure on supported macOS versions.
Note: APW CLI was historically forked from
bendews/apw, but the currentv2line is a substantially rewritten Rust-first implementation.
mainnow tracks thev2.0.0native-only redesign line.- Rust in
rust/remains the maintained CLI. native-app/is the new primary runtime surface for the app-assisted broker.- The historical Deno code is archived under
legacy/deno/for parity audits and rollback reference only. - Legacy daemon/browser-helper code remains in-tree only to preserve the historical
v1.xparity line during migration. - The command migration matrix is tracked in
docs/NATIVE_MIGRATION.md.
Archive policy: docs/ARCHIVE_POLICY.md
- Installs the APW macOS app bundle with
apw app install - Launches the local APW broker with
apw app launch - Reports app, broker, and legacy runtime health with
apw statusandapw status --json - Supports structured stderr logging via
--log-levelorAPW_LOG - Reports machine-readable build metadata with
apw version --json - Reports bootstrap diagnostics with
apw doctor - Returns a fill-intent credential envelope with
apw fill <url> - Returns an app-mediated credential for a supported domain with
apw login <url>
- Supported target: macOS
- Current primary runtime on macOS: the APW local app broker
- Historical parity runtime: legacy daemon/browser-helper code retained for migration only
- Legacy direct/native/browser runtime modes remain available only for the
v1.xcompatibility path - Unsupported target: non-macOS platforms
Detailed migration and redesign notes:
Detailed instructions: docs/INSTALLATION.md
cargo build --manifest-path rust/Cargo.toml --release
./scripts/build-native-app.shcargo install --path rust --locked
./scripts/build-native-app.sh
apw app installFor local formula validation from this checkout:
./packaging/homebrew/install-from-source.shThe formula template is kept in
packaging/homebrew/apw.rb.template and can be rendered with
scripts/render-homebrew-formula.sh <version> <sha256>.
The supported v2.0.0 bootstrap flow is app-first:
./scripts/build-native-app.sh
apw app install
apw app launch
apw doctor --json
apw login https://vault.example.comIn a notarized build with associated-domain entitlements wired,
apw login routes through the
AuthenticationServicesBroker
and returns an iCloud Keychain credential surfaced via the Apple
credential picker (issue #13).
A separate demo bootstrap path is available for first-run
validation. Setting APW_DEMO=1 makes the broker materialize and
return the bundled placeholder credential for https://example.com —
nothing else. Without APW_DEMO=1, the demo path returns a typed
no_credential_source error rather than silently falling back to a
plaintext file (issue #14):
APW_DEMO=1 apw app install
APW_DEMO=1 apw app launch
APW_DEMO=1 apw login https://example.comOptional reduced-security mode for external password managers can be configured
in ~/.apw/config.json with an absolute provider path:
{
"fallbackProvider": "1password",
"fallbackProviderPath": "/usr/local/bin/op"
}Supported fallback providers are 1password and bitwarden. Configuration alone
does not activate fallback for apw login; callers must pass
apw login --external-fallback <url> to explicitly choose this reduced-security
path when the native broker is unavailable or returns no results. JSON fallback
payloads use transport: "external_cli", securityMode: "reduced_external_cli",
and externalFallbackExplicit: true so automation can distinguish them from
native broker approvals. APW does not cache external-provider credentials.
apw --help
apw app install
apw app launch
apw doctor
APW_LOG=debug apw status --json
apw status
apw status --json
apw version
apw version --json
apw fill https://example.com
apw login https://example.comMachine-readable build metadata is available via apw version and
apw version --json.
Legacy migration commands remain available in the repo:
apw start
apw auth
apw pw
apw otp
apw host doctor --json- APW stores legacy runtime config in
~/.apw/config.json - The v2 app broker stores bootstrap runtime state under
~/.apw/native-app/ ~/.apwis created with mode0700- config and status files are written with mode
0600 - Legacy session secret material is stored in the user keychain when the
v1.xcompatibility path is used - Transport, parser, and status errors are returned as typed failures instead of silent partial output
Security and release validation guidance:
docs/SECURITY_POSTURE_AND_TESTING.md
rust/: supported CLI, legacy daemon, migration scaffolding, and packaging targetnative-app/: v2 bootstrap macOS app bundle and local broker servicenative-host/: legacy macOS companion host from the parity linebrowser-bridge/: legacy bridge retained only during migrationlegacy/deno/: archived compatibility referencepackaging/homebrew/: Homebrew formula and local install helpersdocs/: installation, migration, archive, security, and breakout docs
Rust is still the maintained CLI path, but the active product contract is now the native app broker. The Deno implementation remains only for audit and behavior comparison.
Parity and archive details:
docs/MIGRATION_AND_PARITY.md
Migration details:
docs/NATIVE_MIGRATION.md
This project is licensed under GPL-3.0-only. See
LICENSE.