Microsoft APM: The New Package Manager for AI Agents
🔄 Update — 06. July 2026: Details on Manifest, Lockfile, and GitHub Actions Integration
Microsoft’s Agent Package Manager (APM) receives detailed specifications regarding declarative configuration and automation for AI agents. Developers can now manage and lock dependencies with higher accuracy and security.
What’s new?
- Versioned Dependencies: Manifest files (
apm.yml) and lockfiles (apm.lock.yaml) secure MCP servers and skills via exact Git commit SHAs to prevent unexpected behavior. - GitHub Actions Integration: The official
microsoft/apm-actionautomates the installation and deployment of agent configurations within CI/CD pipelines. - Security Scanning: APM performs automatic scans during installation to prevent malicious payload executions and Unicode injections (such as Glassworm attacks).
Why this adds to the article
These details show how APM bridges the gap between experimental agent development and professional enterprise software engineering, specifically regarding automated workflows and security.
Summary
Microsoft has introduced “APM” (Agent Package Manager), a new open-source dependency manager designed specifically for AI agents, similar to npm for web development or pip for Python. APM allows developers to declare, version, and share the configuration, skills, prompts, and Model Context Protocol (MCP) servers their projects require in a single apm.yml manifest.
What happened?
On July 5, 2026, Microsoft published the official documentation and GitHub pages for the Agent Package Manager (APM). The tool allows developers to resolve agentic dependencies by running apm install, which downloads configurations and deploys them to supported AI coding environments such as GitHub Copilot, Claude Code, Cursor, Gemini, and Windsurf.
Why it matters
Before APM, keeping agent behaviors and tool configurations synchronized across different developer machines and IDEs was highly manual and fragmented. APM addresses this with:
- Unified Configuration: A central
apm.ymlfile to manage all agent resources. - Deterministic Builds: The
apm.lock.yamlfile locks dependencies to specific commit SHAs, guaranteeing reproducibility for teams and CI runners. - Enhanced Security: Automated security scans check packages for malicious payloads and Unicode injections.
- Enterprise Governance: The
apm-policy.ymlconfiguration lets organizations define allowed packages and servers.
Evidence
The core documentation is hosted at https://microsoft.github.io/apm/. Installation endpoints are live via https://aka.ms/apm-unix and https://aka.ms/apm-windows, and Windows users can install the tool directly using Winget: winget install -e --id Microsoft.APM.
Analysis
By establishing a formal dependency management system, Microsoft is driving AI engineering toward traditional software engineering practices. A lock-file for prompt templates and MCP server references means team members can finally collaborate on agentic workflows without experiencing configuration drift. This is a critical milestone for building reliable, production-grade AI agent systems.
Practical Takeaways
- Install APM: Execute
curl -sSL https://aka.ms/apm-unix | shon Unix/macOS, or install via Winget on Windows. - Initialize Projects: Run
apm init <project-name>to create your firstapm.yml. - Integrate into CI/CD: Track
apm.lock.yamlin git to ensure automated pipelines run the exact same agent dependencies.
Open Questions
- How quickly will rival tooling vendors (like Anthropic or OpenAI) natively adopt Microsoft’s APM standard?
- Will Microsoft host a public registry for sharing community-built agent packages?