Official Homebrew/homebrew-cask support for VibeProxy

[fettpl]

This issue documents the move toward official Homebrew/homebrew-cask distribution for VibeProxy.

This is not a retry of the earlier custom-tap-in-the-main-repo approach discussed in #5. The previous blocker there was the maintenance burden of keeping a cask in the app repo or a dedicated tap repo synchronized with every release.

The updated approach is different:

• Submit vibeproxy directly to Homebrew/homebrew-cask
• Let Homebrew maintain the official cask entry and autobump it after release
• Avoid any release-workflow writebacks from this repo
• Avoid any requirement for a separate homebrew-vibeproxy repository

The first submission will be Apple Silicon only. Current upstream messaging is still inconsistent on Intel support:

• README.md publishes VibeProxy-x86_64.zip as untested
• INSTALLATION.md still says Intel Macs are not supported

To keep the first official cask review low-risk, the initial PR will target the confirmed arm64 release asset only and leave Intel for a follow-up once the support policy is consistent.

Assumptions carried into the Homebrew submission:

• Stable tags stay in the form vX.Y.Z
• The Apple Silicon release asset remains VibeProxy-arm64.zip
• The archive continues to contain VibeProxy.app
• The bundle identifier remains com.vibeproxy.app
• Releases remain code-signed and notarized
• Minimum supported macOS remains Ventura or later

Unless a concrete blocker is raised, submission will proceed immediately on the official Homebrew/homebrew-cask track and any later upstream feedback can be handled as follow-up.

Validation blocker found during cask preparation

While preparing the official cask, the current arm64 release artifacts for v1.8.127 were validated locally:

• brew style --fix vibeproxy passed
• brew audit --cask --online vibeproxy passed
• brew audit --cask --new vibeproxy passed
• brew install --cask vibeproxy succeeded against a local tap checkout

However, the app bundle itself currently fails signature verification from both published arm64 artifacts:

• VibeProxy-arm64.zip extracts to an app that fails codesign --verify --deep --strict
• VibeProxy-arm64.dmg mounts an app that fails codesign --verify --deep --strict
• spctl -a -vv also fails against both extracted/mounted app bundles

That means the Homebrew submission should pause until the release packaging/signing issue is fixed upstream. Once the release artifact verifies cleanly, the cask work is already scoped and can resume immediately.

[fettpl]

@ranaroussi quick heads-up: the official Homebrew cask work is ready, but the current v1.8.127 arm64 release artifacts fail local signature verification from both published formats, so I paused the PR rather than submit against a broken artifact.

What I validated locally:

• brew style --fix vibeproxy: passed
• brew audit --cask --online vibeproxy: passed
• brew audit --cask --new vibeproxy: passed
• brew install --cask vibeproxy: passed
• brew uninstall --cask vibeproxy: passed

Remaining blocker:

• VibeProxy-arm64.zip -> extracted VibeProxy.app fails codesign --verify --deep --strict
• VibeProxy-arm64.dmg -> mounted VibeProxy.app fails codesign --verify --deep --strict
• spctl -a -vv also fails against both app bundles

If you can take a quick look at the release packaging/signing pipeline and confirm whether this is expected or cut a fixed release, I can resume and submit the Homebrew/homebrew-cask PR immediately. The cask branch is already prepared on my fork.

[fettpl]

Checked the new release v1.8.128 from April 3, 2026 at 12:13:20 UTC. The Homebrew blocker is still present.

Current results on Apple Silicon:

• VibeProxy-arm64.zip extracts successfully, but codesign --verify --deep --strict fails on the extracted VibeProxy.app
• VibeProxy-arm64.dmg mounts successfully, but codesign --verify --deep --strict fails on /Volumes/VibeProxy/VibeProxy.app
• spctl -a -vv still fails against both app bundles

So the cask should still stay paused until the release packaging/signing issue is fixed upstream.

[fettpl]

Update: v1.8.129 resolved the blocking signing issue for the DMG artifact, so the Homebrew submission is now live.

What changed:

• VibeProxy-arm64.dmg now passes local codesign --verify --deep --strict and spctl -a -vv
• VibeProxy-arm64.zip still fails after extraction, so the cask intentionally targets the DMG
• brew style --fix, brew audit --cask --online, brew audit --cask --new, brew install --cask vibeproxy, and brew uninstall --cask vibeproxy all passed locally against v1.8.129

Homebrew PR:

• vibeproxy 1.8.129 (new cask) Homebrew/homebrew-cask#257601

Unless review uncovers something unexpected on the Homebrew side, this should now be on the normal upstream review track there.

[fettpl]

Update: the official Homebrew cask has now been merged.

Merged PR:

• vibeproxy 1.8.129 (new cask) Homebrew/homebrew-cask#257601
• State: MERGED
• Merged at: 2026-04-05 04:33:59 UTC
• Merge commit: 25634c8af48aa3fc371499018af9bd9eaff17218

This means VibeProxy is now available through the official Homebrew cask repository via:

brew install --cask vibeproxy

If the cask does not show up immediately on a given machine, a normal brew update / API refresh should catch it shortly.

[ranaroussi]

Closing as resolved: VibeProxy is now available in the official Homebrew cask, per the merged Homebrew/homebrew-cask PR referenced above.