An open-source, community-driven dependency manager for AI agents.
Think package.json
, requirements.txt
, or Cargo.toml
— but for AI agent configuration.
GitHub Copilot · Claude Code · Cursor · OpenCode · Codex · Gemini · Windsurf · Kiro
** Documentation** ·
·
Portable by manifest. Secure by default. Governed by policy.One file describes every agent's context; one command reproduces it everywhere; one policy controls what an org will allow.
AI coding agents need context to be useful — standards, prompts, skills, plugins — but today every developer sets this up manually. Nothing is portable nor reproducible. There's no manifest for it.
APM fixes this. Declare your project's agentic dependencies once in apm.yml
, and every developer who clones your repo gets a fully configured agent setup in seconds — with transitive dependency resolution, just like npm or pip. It's also the first tool that lets you author plugins with a real dependency manager and export standard plugin.json
packages.
name: your-project
version: 1.0.0
dependencies:
apm:
- anthropics/skills/skills/frontend-design
- github/awesome-copilot/plugins/context-engineering
- github/awesome-copilot/agents/api-architect.agent.md
- microsoft/apm-sample-package#v1.0.0
mcp:
- name: io.github.github/github-mcp-server
transport: http # MCP transport name, not URL scheme -- connects over HTTPS
git clone <org/repo> && cd <repo>
apm install # every agent is configured
Coming from npx skills add? Drop-in:
apm install vercel-labs/agent-skills # whole bundle, like npx skills add
apm install vercel-labs/agent-skills --skill deploy-to-vercel # one skill, persisted to apm.yml
Same install gesture. You also get a manifest, lockfile, and reproducibility.
Zero-config Copilot:
apm compile -t copilot # writes .github/copilot-instructions.md
One command, no configuration -- VS Code and GitHub Copilot read the file automatically. APM dogfoods this target on its own repository.
One apm.yml
describes every primitive your agents need — instructions, skills, prompts, agents, hooks, plugins, MCP servers — and apm install
reproduces the exact same setup across every client on every machine. apm.lock.yaml
pins the resolved tree the way package-lock.json
does for npm.
— declared once, deployed across Copilot, Claude, Cursor, OpenCode, Codex, Gemini, Windsurf, KiroOne manifest for everything— GitHub, GitLab, Bitbucket, Azure DevOps, GitHub Enterprise, Gitea, Gogs, any git hostInstall from anywhere— packages can depend on packages; APM resolves the full treeTransitive dependencies— build Copilot, Claude, and Cursor plugins with dependency management, then export standardAuthor pluginsplugin.json
— install plugins from curated registries in one command, deployed across all targets and lockedMarketplaces—Pack & distributeapm pack
bundles your configuration as a zipped package or a standalone plugin— GitHub Action for automated workflowsCI/CD ready
Agent context is executable in effect — a prompt is a program for an LLM. APM treats it that way. Every install scans for hidden Unicode that can hijack agent behavior; the lockfile pins integrity hashes; transitive MCP servers are gated by trust prompts.
—Content securityapm install
blocks compromised packages before agents read them;apm audit
runs the same checks on demand—Lockfile integrityapm.lock
records resolved sources and content hashes for full provenance—SBOM exportapm lock export --format cyclonedx|spdx
emits a standard inventory of what reached disk, straight from the lockfile — provenance for procurement, not a compliance attestation—Drift detectionapm audit
rebuilds your agent context in scratch and diffs it against your working tree to catch hand-edits before they ship— transitive MCP servers require explicit consentMCP trust boundaries
apm-policy.yml
lets a security team say "these are the only sources, scopes, and primitives this org will allow" and have every apm install
enforce it — with tighten-only inheritance from enterprise to org to repo, a published bypass contract, and audit-mode CI gates.
apm-policy.yml governs what gets installed; your agent harness governs what runs. The two planes do not overlap.
— the canonical enterprise reference: enforcement points, bypass contract, air-gapped story, failure semantics, rollout playbookGovernance Guide— every check, every field, every defaultPolicy reference— staged rollout from warn to block across hundreds of reposAdoption playbook— wireGitHub rulesets integrationapm audit --ci
into branch protection
curl -sSL https://aka.ms/apm-unix | sh
irm https://aka.ms/apm-windows | iex
Native release binaries are published for macOS, Linux, and Windows x86_64. apm update
reuses the matching platform installer.
Then start adding packages:
apm install microsoft/apm-sample-package#v1.0.0
Or install from a marketplace:
apm marketplace add github/awesome-copilot
apm install azure-cloud-development@awesome-copilot
Or add an MCP server (wired into Copilot, Claude, Cursor, Codex, OpenCode, Gemini, Windsurf, and Kiro):
apm install --mcp io.github.github/github-mcp-server --transport http # connects over HTTPS
See the ** Getting Started guide** for the full walkthrough.
agentrc analyzes your codebase and generates tailored agent instructions — architecture, conventions, build commands — from real code, not templates.
Use agentrc to author high-quality instructions, then package them with APM to share across your org. The .instructions.md
format is shared by both tools — no conversion needed when moving instructions into APM packages.
Created by @danielmeppiel. Maintained by @danielmeppiel and @sergio-sisternes-epam.
Roadmap & DiscussionsContributingAI Native Development guide— a practical learning path for AI-native development
Built on open standards: AGENTS.md · Agent Skills · MCP
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.