Show HN: A tool to solve the Agent Supply Chain pandora box
github.comAn OSS tool I built to manage agent configuration (plugins, skills, et al) as we do code dependencies. With a portable manifest, lockfile, and audits.
APM ships as a CLI. Install it first e.g. with brew or pip and then:
"apm install <org>/<repo>" or "apm install plugin@marketplace"
That will resolve the dependency (through Artifactory if configured too) and pin the sha or version to the lockfile after scanning for hidden unicode. It then deploys to any agent runtime you may be using (e.g. Copilot, Codex, Cursor, Claude).
I built this over a year working with large scale enterprises clamoring for it.
No comments yet.