Show HN: A tool to solve the Agent Supply Chain pandora box

An open-source, community-driven dependency manager for AI agents. Think package.json , requirements.txt , or Cargo.toml — but for AI agent configuration. GitHub Copilot · Claude Code · Cursor · OpenCode · Codex Documentation · Quick Start · CLI Reference AI coding agents need context to be useful — standards, prompts, skills, plugins — but today every developer sets this up manually. Nothing is portable nor reproducible. There's no manifest for it. APM fixes this. Declare your project's agentic dependencies once in apm.yml , and every developer who clones your repo gets a fully configured agent setup in seconds — with transitive dependency resolution, just like npm or pip. It's also the first tool that lets you author plugins with a real dependency manager and export standard plugin.json packages. # apm.yml — ships with your project name: your-project version: 1.0.0 dependencies: apm: # Skills from any repository - anthropics/skills/skills/frontend-design # Plugins - github/awesome-copilot/plugins/context-engineering # Specific agent primitives from any repository - github/awesome-copilot/agents/api-architect.agent.md # A full APM package with instructions, skills, prompts, hooks... - microsoft/apm-sample-package#v1.0.0 git clone && cd apm install # every agent is configured - One manifest for everything — instructions, skills, prompts, agents, hooks, plugins, MCP servers - Install from anywhere — GitHub, GitLab, Bitbucket, Azure DevOps, GitHub Enterprise, any git host - Transitive dependencies — packages can depend on packages; APM resolves the full tree - Content security — apm audit scans for hidden Unicode;apm install blocks compromised packages before agents read them - Author plugins — build Copilot, Claude, and Cursor plugins with dependency management and security scanning, then export standard plugin.json - Marketplaces — install plugins from curated registries in one command; deployed across all targets, locked, scanned, and governed by apm-policy.yaml - Pack & distribute — apm pack bundles your configuration as a zipped package or a standalone plugin - CI/CD ready — GitHub Action for automated workflows curl -sSL https://aka.ms/apm-unix | sh irm https://aka.ms/apm-windows | iex Native release binaries are published for macOS, Linux, and Windows x86_64. apm update reuses the matching platform installer. Other install methods # Homebrew brew install microsoft/apm/apm # pip pip install apm-cli # Scoop scoop bucket add apm https://github.com/microsoft/scoop-apm scoop install apm # pip pip install apm-cli Then start adding packages: apm install microsoft/apm-sample-package#v1.0.0 Or install from a marketplace: apm marketplace add github/awesome-copilot apm install azure-cloud-development@awesome-copilot See the Getting Started guide for the full walkthrough. agentrc analyzes your codebase and generates tailored agent instructions — architecture, conventions, build commands — from real code, not templates. Use agentrc to author high-quality instructions, then package them with APM to share across your org. The .instructions.md format is shared by both tools — no conversion needed when moving instructions into APM packages. Created and maintained by @danielmeppiel. - Roadmap & Discussions - Contributing - AI Native Development guide — a practical learning path for AI-native development Built on open standards: AGENTS.md · Agent Skills · MCP This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.