Homebrew Cask Authoring
Author and maintain Homebrew Casks with correct token naming, stanzas, audit/style compliance, and local install testing.
Operating rules
- Prefer the official Homebrew documentation (Cask Cookbook, Acceptable Casks) when uncertain.
- Keep casks minimal: only add stanzas that are required for correct install/uninstall/cleanup.
- Avoid destructive system changes unless explicitly requested; call out any
rm/tap changes before suggesting them. - When testing local casks, ensure Homebrew reads from the local file (not the API).
- Treat local Homebrew tap overrides as temporary. When done testing/submitting, restore standard Homebrew state unless the user asks to keep the override.
app_imageis a Linux-only artifact: a macOS install raisesThis cask requires Linux.unless everyapp_imagestanza is gated inside anon_linux do ... endblock. Conversely,app,pkg,suite,qlplugin,prefpane,vst_plugin, etc. are macOS-only and must be gated insideon_macos. (Top-leveldepends_on :linuxis for a Linux-only cask only — it deliberately makes the cask refuse to install on macOS, so don't reach for it to gate a cross-platform cask.)
Quick intake (ask these first)
Collect:
- App name (exact
.appbundle name on macOS; for Linux, the AppImage filename) - Homepage (official)
- Download URL(s) (DMG/ZIP/PKG on macOS;
.AppImage/.tar.gzon Linux) and whether they differ by arch - Version scheme (single version? per-arch? per-OS?)
- Install artifact type (
app,pkg,suite,app_image,binary, etc.) - Platforms supported: macOS only, Linux only, or both (cross-platform)
- Uninstall requirements (pkgutil ids, launch agents, kernel extensions)
- Desired cleanup (zap paths)
If any of these are unknown, propose a short plan to discover them.
Pre-flight checks (before writing the cask)
Before investing effort in a new cask, verify:
- Notability: The app must have meaningful public presence. GitHub projects with <30 forks/watchers or <75 stars are likely to be rejected. Self-submission threshold is 3× higher (90 forks / 90 watchers / 225 stars) if the PR author also owns the upstream repo. See Acceptable Casks.
- Repo age: GitHub repos less than 30 days old cause a hard
brew audit --newfailure. Wait until the repo is old enough. - Previously refused: Search closed unmerged PRs for the token. If previously rejected for unfixable reasons, do not re-submit.
- Existing PRs: Check open PRs to avoid duplicating work.
- Modern macOS compatibility: Casks that don't work on current macOS will be rejected outright. Avoid submitting x86-only /
requires_rosettanew casks — they're on a deprecation path (blocked once macOS 27 is stable, removed after 28). This only governs the macOS side of a cross-platform cask — a Linux-only cask (or one withdepends_on :linux) is exempt. - Linux/AppImage notability: Acceptable Casks doesn't carve out a Linux exception, so hold Linux-only and cross-platform casks to the same notability bar as macOS casks (1). AppImage distribution alone is not sufficient; the upstream project still needs the public presence described in (1).
Workflow: create or update a cask
1) Choose the token
- Start from the
.appbundle name. - Remove
.appand common suffixes: "App", "for macOS", version numbers. - Remove "Mac" unless it distinguishes the product (e.g., "WinZip Mac" vs "WinZip").
- Drop "Desktop" by default — reviewers want the bare name. Maintainer guidance: "It should be ok to use
executorfor the token here, if the CLI is added tohomebrew-corelater it can useexecutor-cli." The bare name goes to whichever component lands in Homebrew first; subsequent siblings disambiguate (-cli,-cloud, etc.). - Only keep "Desktop" when:
- It's part of the actual product brand (e.g.,
Docker Desktop→docker-desktop,LTX Desktop→ltx-desktop), or - An upstream sibling component (CLI, cloud variant) already exists in Homebrew (formula or cask) under the bare name.
- It's part of the actual product brand (e.g.,
- A bare-named CLI that exists only upstream (npm, crates.io, etc.) and isn't yet packaged for Homebrew is not a reason to keep "Desktop" — submit the cask under the bare name and let the CLI take a suffix if/when it's added.
- The
cask token mentions desktopaudit cop isstrict_only(fires under--new); reviewers accept the suffix when justified by the rules above. Existing-desktopcasks (aks-desktop,grammarly-desktop,firefly-iota-desktop) don't validate the suffix as a generic pattern — check why each was named that way before citing them. Justify the choice in the PR description either way. - Downcase; replace spaces/underscores with hyphens.
- Remove non-alphanumerics except hyphens.
- Use
@beta,@nightly, or@<major>for variants.
Confirm the token before writing the file.
2) Draft a minimal cask
Use this canonical structure:
cask "token" do
version "1.2.3"
sha256 "..."
url "https://example.com/app-#{version}.dmg"
name "Official App Name"
desc "Short one-line description"
homepage "https://example.com"
app "AppName.app"
end
Rules of thumb:
- Prefer
httpsURLs. - Add
verified:when download host domain differs fromhomepagedomain. - Keep
descfactual and concise (no marketing).
3) Handle architecture (if needed)
Always confirm the binary's architectures — don't assume from vendor marketing. Mount the DMG (or unpack the artifact) and run:
lipo -archs "/Volumes/<Vol>/<AppName>.app/Contents/MacOS/<AppName>"
Then:
- Single-arch (
arm64only): adddepends_on arch: :arm64alongside anymacos:gate. Without it, Intel users on a supported macOS can install a cask they can't run — a user-facing install-time regression reviewers will flag. - Universal (
arm64 x86_64): no arch gate needed. - Different URLs and/or sha256 per CPU: use
arch+sha256 arm: ..., intel: ...when versions match. - Different versions per CPU: use
on_arm/on_intelblocks.
4) Add uninstall/zap stanzas
uninstall: Required forpkgandinstallerartifacts. Includepkgutil:identifiers, launch agents, etc.- For
.appcasks,uninstall quit:is still useful sobrew uninstallcleanly terminates a running app. If the app bundles helper processes (look inContents/Helpers/or runpgrep -lf <AppName>while it's running), pass an array of bundle IDs (e.g. main app +*.launcher) — a single ID leaves helpers stranded. quit:/signal:no longer run duringbrew upgrade/brew reinstallby default (Nov 2025 change). If you need the app to be quit during upgrade, addon_upgrade: :quit(oron_upgrade: [:quit, :signal]).
- For
zap: Recommended for thorough cleanup (support dirs, preferences, caches) but not enforced bybrew audit. Reviewers expect it for new casks — verify paths are accurate.- Primary tool:
brew generate-zap <token>(documented Mar 2026). Install and launch the app first, then run it to get a draft zap stanza. Still review the output — it can include noise. If it aborts after only printing the "Scanning" line, it likely hit a TCC permission error (e.g.Operation not permitted @ dir_initialize - .../sharedfilelist/...); exit code can still look fine. Fall back tofind ~/Library -name "*<bundle-id>*"plus a manual sweep of the standard Electron locations (Application Support,Caches,HTTPStorages,Logs,Preferences,Saved Application State). - Also scan while the app is in active use, not just after first launch. Paths like
~/Library/HTTPStorages/<bundle-id>, session caches, and some preferences only appear after login/real interaction.generate-zapmay miss these if you only ran the app once. - If state still survives
--zap+ reinstall, scan outside~/Library/. Apps that bundle a Node CLI/server (Contents/Resources/sidecar/) often persist to dotfolders (~/.<appname>) and XDG paths (~/.local/share/<appname>) —generate-zapand bundle-ID scans don't cover these. Cloning the upstream repo and grepping foros.homedir()/env-pathswill surface them. - Keep Keystone/GoogleUpdater-style shared components in
zaponly (neveruninstall) — they're shared across vendor apps.
- Primary tool:
livecheck:strategy :extract_plistandversion :latestare automatically excluded from autobump — nono_autobump!needed.- Prefer non-GitHub livecheck strategies; reserve
:github_latest/:github_releasesfor when nothing else works. Homebrew setsPRIORITY = 0on both, so livecheck never auto-picks them — opt-in only, "when Git isn't sufficient or appropriate" (docs.brew.sh). Try:gittags first, then:electron_builder(latest-mac.yml), then a:sparkle/:header_match/:page_matchon the download URL or a project version feed. Full preference order + thetag_name-vs-asset caveat: see the reference.
- Prefer non-GitHub livecheck strategies; reserve
depends_on: Optional. Only add when genuinely needed (e.g., specific macOS version, another cask dependency).
5) Cross-platform casks: macOS + Linux (AppImage)
Target both OSes with shared top-level stanzas plus sibling on_macos / on_linux
blocks — don't nest them (the OS conditions are mutually exclusive, so a nested block
is unreachable dead code, not an error). Gotchas beyond the Operating rules:
app_imageis Linux-only (see Operating rules) — macOS-only artifacts (app,pkg,suite, …) go inon_macos.zapgoes inon_macosonly. AppImageon_linuxblocks conventionally carry nozap: the install is a single symlinkbrew uninstallalready removes, and zap paths are macOS~/Librarylocations. (Idiomatic across every current AppImage cask, not brew-enforced.)arch/osare the first stanzas — beforeversion, not merely beforeurl. Homebrew's canonical order opens with the[arch, on_arch_conditional, os]group, then[version, sha256];brew style --fixhoists them. (Required wheneverurlinterpolates#{arch}/#{os}.)- Within that group,
archprecedesos. With a top-levelarch, writearchthenos-brew styleflagsosfirst as "os stanza out of order". The reverse-looking layout (osleading) is only correct in the per-OS nested shape (archinsideon_macos/on_linux), where there is no top-levelarch, soosis the first stanza. Don't generalise "os before arch" - it holds only whenarchis nested.
- Within that group,
archandsha256do not share key vocabularies.archtakesarm:/intel:on both OSes, soarch arm: …, intel: …insideon_linuxis correct. Butsha256keys are OS-specific:arm:/intel:(aliasx86_64:) feed the macOS branch only; Linux readsarm64_linux:/x86_64_linux:. Never putsha256 arm:/intel:insideon_linux- on Linux they resolve tonil, the sha goes missing, and the cask fails audit/install. Keep all four shas in one top-levelsha256block (arm:/intel:/arm64_linux:/x86_64_linux:).- Prefer the
osstanza when the asset path embeds an OS-specific string that differs from the OS type name (macos/linux) — e.g.mac,darwin,osx,macos-x64,linux-amd64. Declareos macos: "<macstr>", linux: "<linuxstr>"at the top of the cask and interpolate#{os}inurl/app_image. This is idiomatic and readable; do not fake it with a local variable likeurl_os = on_system_conditional macos: "mac", linux: "linux". Theosstanza also reads correctly inbrew livecheckandbrew auditcontexts where local variables aren't re-evaluated. Models:agentsview(os macos: "darwin", linux: "linux"),bruno,filen(os macos: "mac", linux: "linux"— Linux side via homebrew-cask#272068, pending). bruno/agentsview are the merged, authoritative models. Skip the stanza when the asset name doesn't embed an OS string at all — a single top-levelarchis then simpler. - Split
archper OS when asset names embed different arch strings (e.g. macOS usesx64, Linux usesx86_64). Declarearchinsideon_macos do … endandon_linux do … endseparately, and add anos macos: "<macstr>", linux: "<linuxstr>"stanza so the URL can interpolate both#{arch}and#{os}. Model:bruno—on_macos do arch arm: "arm64", intel: "x64" end/on_linux do arch arm: "arm64", intel: "x86_64" endos macos: "mac", linux: "linux", thenurl ".../bruno_#{version}_#{arch}_#{os}#{url_end}". Don't use this shape when the asset name doesn't embed an OS string — a single top-levelarchis simpler.
- Define the OS-varying URL suffix as a local directly above
url:url_end = on_system_conditional macos: ".dmg", linux: ".AppImage", then interpolate#{url_end}in theurl. Place it immediately aboveurl(the local must precede its interpolation, consistent with the canonical stanza order whereurlfollowsarch/os/version/sha256) — krehel's homebrew-cask#272068 point. A file extension is not a CPU/OS name, so it can't be anos/archstanza; this is the one place a local variable is idiomatic — contrast theurl_osanti-pattern above, which encodes OS names and should be theosstanza instead. This is repo convention (theurl_end = on_system_conditional ...local appears across casks — bruno, tabby, agentsview, …), not Cookbook-documented. Model:filen. When the whole filename varies (not just the suffix), usefilename/artifactinstead (see the t3-code example in the reference). - Single-arch Linux build: put the unkeyed
sha256anddepends_on arch: :x86_64insideon_linux— a top-leveldepends_on arch:would block macOS. auto_updates truegoes insideon_macosfor cross-platform casks. AppImage installs on Linux are a single symlink with no in-place updater, so declaringauto_updatestop-level (or insideon_linux) misrepresents the Linux artifact. The macOS.appis the only side that genuinely self-updates (Sparkle/Tauri updater), so gate the assertion there. Model:t3-code,agentsview.- Inside
on_macos do, use the keyword formdepends_on macos: :<symbol>(a minimum, parsed as>=), never the baredepends_on :macos. Derive<symbol>from the app'sLSMinimumSystemVersion; if that's absent or below Homebrew's floor (:catalina/ 10.15 — older symbols like:high_sierra/:mojaveare disabled and fail CI), omitdepends_on macos:entirely rather than guess. Derivation steps + symbol map: see the reference.
Worked examples (full cross-platform + single-arch t3-code), app_image internals,
sha256 placement, and the model-cask list live in
references/homebrew-cask-contribution-workflow.md.
6) Validate and test locally
Run, in this order:
brew style --fix <token>
brew audit --cask --online <token>
For new casks also run:
brew audit --cask --new <token>
HOMEBREW_NO_INSTALL_FROM_API=1 brew install --cask <token>
brew uninstall --cask <token>
Then validate the full zap path with the app running:
HOMEBREW_NO_INSTALL_FROM_API=1 brew install --cask <token>
open /Applications/<AppName>.app # log in, use it
HOMEBREW_NO_INSTALL_FROM_API=1 brew uninstall --zap --cask <token>
pgrep -lf <AppName> # should be empty — if not, add bundle IDs to `uninstall quit:`
Reinstalling after a plain brew uninstall (without --zap) should leave session data intact (so login persists). Reinstalling after --zap should require a fresh login. Verifying both confirms the zap paths are actually the ones that hold user state.
Important notes:
- Always install/uninstall by token name, not file path. Running
brew install ./Casks/t/token.rbwill fail when using a tap symlink — usebrew install --cask tokeninstead. HOMEBREW_NO_INSTALL_FROM_API=1forces Homebrew to use your local cask file rather than the API.brew audit --cask --newchecks GitHub repo age (must be >30 days) and notability — if the repo is too new, this will fail regardless of cask quality.brew auditprints nothing on success (silent = pass) — don't mistake empty output for the command failing to run.- When iterating on the
zapstanza, reinstall before re-zapping.brew uninstall --zapreads the cached cask from/opt/homebrew/Caskroom/<token>/.metadata/<version>/..., not your working copy. After editing zap paths:brew uninstall→brew install(refreshes the cached metadata) →brew uninstall --zap. The==> Trashing files:log will silently use the previous stanza otherwise. - Cross-platform casks:
brew audit --cask --onlinevalidates both theon_macosandon_linuxsides from either OS — run it even if you can only install-test one. On Linux the AppImage lands in~/Applications/<target>;brew uninstall --zap --cask <token>removes it (confirm withls -l ~/Applications/<target>).
If install fails:
- Re-check URL reachability,
sha256, and artifact name. - Re-run with verbosity:
brew install --cask --verbose <token>.
7) PR hygiene
Before suggesting submission:
- Ensure
brew styleand all relevantbrew auditcommands pass. - For new casks, check the token has not been previously refused/unmerged.
- One cask change per PR, minimal diffs, no drive-by formatting.
- Target the
mainbranch (notmaster).
Commit message format (first line <=50 chars):
- New cask:
token version (new cask) - Version update:
token version - Fix/change:
token: description
PR body: keep the default template, then replace the placeholder opener with a short prose sentence (hint: a bare URL as the first line may trigger the request-info bot — a full sentence like "Adds a new cask for App Name - short description." is safer). Keep all checklist items; tick only what was actually done.
8) AI disclosure
The PR template includes an AI disclosure section. If AI assisted with the PR:
- Check the AI checkbox in the template.
- Split the disclosure into two parts: what the agent ran (list the
brewcommands executed and note the human read the output) and what the human verified manually (app install, login, actual usage, zap path derivation, running-app uninstall). Reviewers value seeing both halves. - Call out any non-obvious things the agent's testing surfaced (e.g. a helper process needing a second bundle ID in
uninstall quit:).
Local development patterns
If the user is editing Homebrew/homebrew-cask locally and wants Homebrew to execute their working copy, use a tap symlink workflow.
Before changing the tap, print the current Homebrew state/commands so the restore path is visible in-context.
When the task is done (typically after local validation, commit, or PR creation), restore standard Homebrew state unless the user asks to keep the local override. Prompt before leaving Homebrew in a non-standard state.
Read the full end-to-end checklist here:
references/homebrew-cask-contribution-workflow.md