[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-72502":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":25,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":34,"readmeContent":35,"aiSummary":36,"trendingCount":16,"starSnapshotCount":16,"syncStatus":37,"lastSyncTime":38,"discoverSource":39},72502,"apm","microsoft\u002Fapm","microsoft","Agent Package Manager","https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002F",null,"Python",2811,234,8,63,0,39,111,478,117,29.11,"MIT License",false,"main",true,[27,28,29,30,31,32,33],"ai-agents","claude-code","codex-cli","context-engineering","github-copilot","package-manager","prompt-engineering","2026-06-12 02:03:04","# APM – Agent Package Manager\n\n**An open-source, community-driven dependency manager for AI agents.**\n\nThink `package.json`, `requirements.txt`, or `Cargo.toml` — but for AI agent configuration.\n\nGitHub Copilot · Claude Code · Cursor · OpenCode · Codex · Gemini · Windsurf\n\n**[Documentation](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002F)** · **[Quick Start](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fgetting-started\u002Fquick-start\u002F)** · **[CLI Reference](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Freference\u002Fcli-commands\u002F)** · **[Roadmap](https:\u002F\u002Fgithub.com\u002Forgs\u002Fmicrosoft\u002Fprojects\u002F2304)**\n\n---\n\n> **Portable by manifest. Secure by default. Governed by policy.**\n> One file describes every agent's context; one command reproduces it everywhere; one policy controls what an org will allow.\n\n## Why APM\n\nAI coding agents need context to be useful — standards, prompts, skills, plugins — but today every developer sets this up manually. Nothing is portable nor reproducible. There's no manifest for it.\n\n**APM fixes this.** Declare your project's agentic dependencies once in `apm.yml`, and every developer who clones your repo gets a fully configured agent setup in seconds — with transitive dependency resolution, just like npm or pip. It's also the first tool that lets you **author plugins** with a real dependency manager and export standard `plugin.json` packages.\n\n```yaml\n# apm.yml — ships with your project\nname: your-project\nversion: 1.0.0\ndependencies:\n  apm:\n    # Skills from any repository\n    - anthropics\u002Fskills\u002Fskills\u002Ffrontend-design\n    # Plugins\n    - github\u002Fawesome-copilot\u002Fplugins\u002Fcontext-engineering\n    # Specific agent primitives from any repository\n    - github\u002Fawesome-copilot\u002Fagents\u002Fapi-architect.agent.md\n    # A full APM package with instructions, skills, prompts, hooks...\n    - microsoft\u002Fapm-sample-package#v1.0.0\n  mcp:\n    # MCP servers -- installed into every detected client\n    - name: io.github.github\u002Fgithub-mcp-server\n      transport: http   # MCP transport name, not URL scheme -- connects over HTTPS\n```\n\n```bash\ngit clone \u003Corg\u002Frepo> && cd \u003Crepo>\napm install    # every agent is configured\n```\n\n**Coming from `npx skills add`?** Drop-in:\n\n```bash\napm install vercel-labs\u002Fagent-skills                            # whole bundle, like npx skills add\napm install vercel-labs\u002Fagent-skills --skill deploy-to-vercel   # one skill, persisted to apm.yml\n```\n\nSame install gesture. You also get a [manifest, lockfile, and reproducibility](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Freference\u002Fpackage-types\u002F#skill-collection-skillsnameskillmd).\n\n**Zero-config Copilot:**\n\n```bash\napm compile -t copilot   # writes .github\u002Fcopilot-instructions.md\n```\n\nOne command, no configuration -- VS Code and GitHub Copilot read the file automatically. APM dogfoods this target on its own repository.\n\n## The three promises\n\n### 1. Portable by manifest\n\nOne `apm.yml` describes every primitive your agents need — instructions, skills, prompts, agents, hooks, plugins, MCP servers — and `apm install` reproduces the exact same setup across every client on every machine. `apm.lock.yaml` pins the resolved tree the way `package-lock.json` does for npm.\n\n- **[One manifest for everything](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Freference\u002Fprimitive-types\u002F)** — declared once, deployed across Copilot, Claude, Cursor, OpenCode, Codex, Gemini, Windsurf\n- **[Install from anywhere](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fguides\u002Fdependencies\u002F)** — GitHub, GitLab, Bitbucket, Azure DevOps, GitHub Enterprise, Gitea, Gogs, any git host\n- **[Transitive dependencies](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fguides\u002Fdependencies\u002F)** — packages can depend on packages; APM resolves the full tree\n- **[Author plugins](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fguides\u002Fplugins\u002F)** — build Copilot, Claude, and Cursor plugins with dependency management, then export standard `plugin.json`\n- **[Marketplaces](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fguides\u002Fmarketplaces\u002F)** — install plugins from curated registries in one command, deployed across all targets and locked\n- **[Pack & distribute](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fguides\u002Fpack-distribute\u002F)** — `apm pack` bundles your configuration as a zipped package or a standalone plugin\n- **[CI\u002FCD ready](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fapm-action)** — GitHub Action for automated workflows\n\n### 2. Secure by default\n\nAgent context is executable in effect — a prompt is a program for an LLM. APM treats it that way. Every install scans for hidden Unicode that can hijack agent behavior; the lockfile pins integrity hashes; transitive MCP servers are gated by trust prompts.\n\n- **[Content security](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fenterprise\u002Fsecurity\u002F)** — `apm install` blocks compromised packages before agents read them; `apm audit` runs the same checks on demand\n- **[Lockfile integrity](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fenterprise\u002Fgovernance\u002F)** — `apm.lock` records resolved sources and content hashes for full provenance\n- **[Drift detection](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fguides\u002Fdrift-detection\u002F)** — `apm audit` rebuilds your agent context in scratch and diffs it against your working tree to catch hand-edits before they ship\n- **[MCP trust boundaries](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fguides\u002Fmcp-servers\u002F)** — transitive MCP servers require explicit consent\n\n### 3. Governed by policy\n\n`apm-policy.yml` lets a security team say *\"these are the only sources, scopes, and primitives this org will allow\"* and have every `apm install` enforce it — with tighten-only inheritance from enterprise to org to repo, a published bypass contract, and audit-mode CI gates.\n\n- **[Governance Guide](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fenterprise\u002Fgovernance-guide\u002F)** — the canonical enterprise reference: enforcement points, bypass contract, air-gapped story, failure semantics, rollout playbook\n- **[Policy reference](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fenterprise\u002Fpolicy-reference\u002F)** — every check, every field, every default\n- **[Adoption playbook](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fenterprise\u002Fadoption-playbook\u002F)** — staged rollout from warn to block across hundreds of repos\n- **[GitHub rulesets integration](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fintegrations\u002Fgithub-rulesets\u002F)** — wire `apm audit --ci` into branch protection\n\n## Get Started\n\n#### Linux \u002F macOS\n\n```bash\ncurl -sSL https:\u002F\u002Faka.ms\u002Fapm-unix | sh\n```\n\n#### Windows\n\n```powershell\nirm https:\u002F\u002Faka.ms\u002Fapm-windows | iex\n```\n\nNative release binaries are published for macOS, Linux, and Windows x86_64. `apm update` reuses the matching platform installer.\n\n\u003Cdetails>\n\u003Csummary>Other install methods\u003C\u002Fsummary>\n\n#### Linux \u002F macOS\n\n```bash\n# Homebrew\nbrew install microsoft\u002Fapm\u002Fapm\n# pip\npip install apm-cli\n```\n\n#### Windows\n\n```powershell\n# Scoop\nscoop bucket add apm https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fscoop-apm\nscoop install apm\n# pip\npip install apm-cli\n```\n\n\u003C\u002Fdetails>\n\nThen start adding packages:\n\n```bash\napm install microsoft\u002Fapm-sample-package#v1.0.0\n```\n\nOr install from a marketplace:\n\n```bash\napm marketplace add github\u002Fawesome-copilot\napm install azure-cloud-development@awesome-copilot\n```\n\nOr add an MCP server (wired into Copilot, Claude, Cursor, Codex, OpenCode, Gemini, and Windsurf):\n\n```bash\napm install --mcp io.github.github\u002Fgithub-mcp-server --transport http   # connects over HTTPS\n```\n\n> *Codex CLI currently does not support remote MCP servers; the install will skip Codex with a notice. Omit `--transport http` to use the local Docker variant on Codex (requires `GITHUB_PERSONAL_ACCESS_TOKEN`).*\n\nSee the **[Getting Started guide](https:\u002F\u002Fmicrosoft.github.io\u002Fapm\u002Fgetting-started\u002Fquick-start\u002F)** for the full walkthrough.\n\n## Works with agentrc\n\n[agentrc](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fagentrc) analyzes your codebase and generates tailored agent instructions — architecture, conventions, build commands — from real code, not templates.\n\nUse agentrc to author high-quality instructions, then package them with APM to share across your org. The `.instructions.md` format is shared by both tools — no conversion needed when moving instructions into APM packages.\n\n## Community\n\nCreated by [@danielmeppiel](https:\u002F\u002Fgithub.com\u002Fdanielmeppiel). Maintained by [@danielmeppiel](https:\u002F\u002Fgithub.com\u002Fdanielmeppiel) and [@sergio-sisternes-epam](https:\u002F\u002Fgithub.com\u002Fsergio-sisternes-epam).\n\n- [Roadmap & Discussions](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fapm\u002Fdiscussions\u002F116)\n- [Contributing](CONTRIBUTING.md)\n- [AI Native Development guide](https:\u002F\u002Fdanielmeppiel.github.io\u002Fawesome-ai-native) — a practical learning path for AI-native development\n\n---\n\n**Built on open standards:** [AGENTS.md](https:\u002F\u002Fagents.md) · [Agent Skills](https:\u002F\u002Fagentskills.io) · [MCP](https:\u002F\u002Fmodelcontextprotocol.io)\n\n## Trademarks\n\nThis project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow [Microsoft's Trademark & Brand Guidelines](https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Flegal\u002Fintellectualproperty\u002Ftrademarks\u002Fusage\u002Fgeneral). Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.\n","APM 是一个专为AI代理设计的依赖管理工具。它通过`apm.yml`文件声明项目的AI代理依赖，支持技能、插件等多种资源类型，并自动解析和安装所有直接及间接依赖项，确保不同开发者环境下的配置一致性与可复现性。采用Python编写，支持GitHub Copilot等主流AI编码助手，以及多种AI代理如Claude Code和Codex CLI。适用于需要统一管理和分发AI辅助开发环境的企业或团队，帮助简化AI代理的设置流程，提高开发效率。",2,"2026-06-11 03:42:19","high_star"]