# Microsoft Agent Package Manager > Source: > Published: 2026-06-24 09:14:27+00:00 **An open-source, community-driven dependency manager for AI agents.** Think `package.json` , `requirements.txt` , or `Cargo.toml` — but for AI agent configuration. GitHub Copilot · Claude Code · Cursor · OpenCode · Codex · Gemini · Windsurf · Kiro ** Documentation** · **·** [Quick Start](https://microsoft.github.io/apm/getting-started/quick-start/)**·** [CLI Reference](https://microsoft.github.io/apm/reference/cli-commands/) [Roadmap](https://github.com/orgs/microsoft/projects/2304) Portable by manifest. Secure by default. Governed by policy.One file describes every agent's context; one command reproduces it everywhere; one policy controls what an org will allow. AI coding agents need context to be useful — standards, prompts, skills, plugins — but today every developer sets this up manually. Nothing is portable nor reproducible. There's no manifest for it. **APM fixes this.** Declare your project's agentic dependencies once in `apm.yml` , and every developer who clones your repo gets a fully configured agent setup in seconds — with transitive dependency resolution, just like npm or pip. It's also the first tool that lets you **author plugins** with a real dependency manager and export standard `plugin.json` packages. ``` # apm.yml — ships with your project name: your-project version: 1.0.0 dependencies: apm: # Skills from any repository - anthropics/skills/skills/frontend-design # Plugins - github/awesome-copilot/plugins/context-engineering # Specific agent primitives from any repository - github/awesome-copilot/agents/api-architect.agent.md # A full APM package with instructions, skills, prompts, hooks... - microsoft/apm-sample-package#v1.0.0 mcp: # MCP servers -- installed into every detected client - name: io.github.github/github-mcp-server transport: http # MCP transport name, not URL scheme -- connects over HTTPS git clone && cd apm install # every agent is configured ``` **Coming from npx skills add?** Drop-in: ``` apm install vercel-labs/agent-skills # whole bundle, like npx skills add apm install vercel-labs/agent-skills --skill deploy-to-vercel # one skill, persisted to apm.yml ``` Same install gesture. You also get a [manifest, lockfile, and reproducibility](https://microsoft.github.io/apm/reference/package-types/#skill-collection-skillsnameskillmd). **Zero-config Copilot:** ``` apm compile -t copilot # writes .github/copilot-instructions.md ``` One command, no configuration -- VS Code and GitHub Copilot read the file automatically. APM dogfoods this target on its own repository. One `apm.yml` describes every primitive your agents need — instructions, skills, prompts, agents, hooks, plugins, MCP servers — and `apm install` reproduces the exact same setup across every client on every machine. `apm.lock.yaml` pins the resolved tree the way `package-lock.json` does for npm. — declared once, deployed across Copilot, Claude, Cursor, OpenCode, Codex, Gemini, Windsurf, Kiro[One manifest for everything](https://microsoft.github.io/apm/reference/primitive-types/)— GitHub, GitLab, Bitbucket, Azure DevOps, GitHub Enterprise, Gitea, Gogs, any git host[Install from anywhere](https://microsoft.github.io/apm/guides/dependencies/)— packages can depend on packages; APM resolves the full tree[Transitive dependencies](https://microsoft.github.io/apm/guides/dependencies/)— build Copilot, Claude, and Cursor plugins with dependency management, then export standard[Author plugins](https://microsoft.github.io/apm/guides/plugins/)`plugin.json` — install plugins from curated registries in one command, deployed across all targets and locked[Marketplaces](https://microsoft.github.io/apm/guides/marketplaces/)—[Pack & distribute](https://microsoft.github.io/apm/guides/pack-distribute/)`apm pack` bundles your configuration as a zipped package or a standalone plugin— GitHub Action for automated workflows[CI/CD ready](https://github.com/microsoft/apm-action) Agent context is executable in effect — a prompt is a program for an LLM. APM treats it that way. Every install scans for hidden Unicode that can hijack agent behavior; the lockfile pins integrity hashes; transitive MCP servers are gated by trust prompts. —[Content security](https://microsoft.github.io/apm/enterprise/security/)`apm install` blocks compromised packages before agents read them;`apm audit` runs the same checks on demand—[Lockfile integrity](https://microsoft.github.io/apm/enterprise/governance/)`apm.lock` records resolved sources and content hashes for full provenance—[SBOM export](https://microsoft.github.io/apm/reference/cli/lock/)`apm lock export --format cyclonedx|spdx` emits a standard inventory of what reached disk, straight from the lockfile — provenance for procurement, not a compliance attestation—[Drift detection](https://microsoft.github.io/apm/guides/drift-detection/)`apm audit` rebuilds your agent context in scratch and diffs it against your working tree to catch hand-edits before they ship— transitive MCP servers require explicit consent[MCP trust boundaries](https://microsoft.github.io/apm/guides/mcp-servers/) `apm-policy.yml` lets a security team say *"these are the only sources, scopes, and primitives this org will allow"* and have every `apm install` enforce it — with tighten-only inheritance from enterprise to org to repo, a published bypass contract, and audit-mode CI gates. apm-policy.yml governs what gets installed; your agent harness governs what runs. The two planes do not overlap. — the canonical enterprise reference: enforcement points, bypass contract, air-gapped story, failure semantics, rollout playbook[Governance Guide](https://microsoft.github.io/apm/enterprise/governance-guide/)— every check, every field, every default[Policy reference](https://microsoft.github.io/apm/enterprise/policy-reference/)— staged rollout from warn to block across hundreds of repos[Adoption playbook](https://microsoft.github.io/apm/enterprise/adoption-playbook/)— wire[GitHub rulesets integration](https://microsoft.github.io/apm/integrations/github-rulesets/)`apm audit --ci` into branch protection ``` curl -sSL https://aka.ms/apm-unix | sh irm https://aka.ms/apm-windows | iex ``` Native release binaries are published for macOS, Linux, and Windows x86_64. `apm update` reuses the matching platform installer. Then start adding packages: ``` apm install microsoft/apm-sample-package#v1.0.0 ``` Or install from a marketplace: ``` apm marketplace add github/awesome-copilot apm install azure-cloud-development@awesome-copilot ``` Or add an MCP server (wired into Copilot, Claude, Cursor, Codex, OpenCode, Gemini, Windsurf, and Kiro): ``` apm install --mcp io.github.github/github-mcp-server --transport http # connects over HTTPS ``` See the ** Getting Started guide** for the full walkthrough. [agentrc](https://github.com/microsoft/agentrc) analyzes your codebase and generates tailored agent instructions — architecture, conventions, build commands — from real code, not templates. Use agentrc to author high-quality instructions, then package them with APM to share across your org. The `.instructions.md` format is shared by both tools — no conversion needed when moving instructions into APM packages. Created by [@danielmeppiel](https://github.com/danielmeppiel). Maintained by [@danielmeppiel](https://github.com/danielmeppiel) and [@sergio-sisternes-epam](https://github.com/sergio-sisternes-epam). [Roadmap & Discussions](https://github.com/microsoft/apm/discussions/116)[Contributing](/microsoft/apm/blob/main/CONTRIBUTING.md)[AI Native Development guide](https://danielmeppiel.github.io/awesome-ai-native)— a practical learning path for AI-native development **Built on open standards:** [AGENTS.md](https://agents.md) · [Agent Skills](https://agentskills.io) · [MCP](https://modelcontextprotocol.io) This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow [Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general). Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.