Plugins and Agent Package Manager

Plugins for AI coding agents are becoming an industry standard. Copilot CLI, Claude Code, Cursor. But plugins solve distribution. They don't solve the governance, security nor lifecycle around them.

When your developers install plugins from untrusted sources, which may ship prompt injection attacks -- how do you protect from that?

When someone updates one rules file in your plugin, and it accidentally breaks key agentic workflows -- how do you avoid that?

When compliance asks what agent config was active during last Tuesday's incident -- where's the receipt?

When your agent plugin depends on your org's shared coding standards -- who helps you build and resolve that tree?

These aren't plugin problems. They're supply-chain problems. And we've solved them before -- npm, pip, cargo all draw the same line between "the artifact" and "the toolchain that governs the artifact."

That's what APM does for plugins:

apm install owner/any-plugin
auto-detects plugin.json, pins exact commit SHA, scans for malicious unicode

apm init my-plugin --plugin
author a plugin with transitive deps, devDependencies, security scanning

apm audit --ci --policy
ensure only allowed plugins are installed, leveraging a CI gate

apm pack --format plugin
export a clean plugin.json directory ready for your marketplace

When you author a plugin with APM, the output is a standard plugin with no APM artifacts. Consumers install it with their tool of choice and never know APM was involved. The governance stays in your repo as apm.lock.yaml -- diffable, reviewable, auditable through git and CI checks.

I keep learning from the community what matters here. If you're building plugins or managing agent config across teams, I'd genuinely love to hear what problems you're hitting.

Open source, community driven, MIT license: github.com/microsoft/apm

Видео Plugins and Agent Package Manager канала Daniel Meppiel