After this chapter you can place APM on a grounded map of the still-forming category around
it — using the book's four properties (Portability,
Reproducibility,
Provenance / security, and
Governance) as the map's coordinates rather than
marketing claims. You will name the shared standards layer APM builds on
(SKILL.md, AGENTS.md, MCP) and the broader OpenAPM bid it advances; compare APM
honestly against gh skill, orthogonalhq/apm, TheLarkInn/aipm,
and vercel-labs/skills; and make the adopt / watch / build-around call
as a decision about scope and governance, not install ergonomics. One discipline frames the
whole chapter: this is a snapshot dated 2026-07-01, and every tool named below
— APM included — is pre-1.0 and moving, so treat the map as a map, not a
verdict.
Objective
Concept/Theory
A young category that has not settled
“Agent context management” is a genuinely new tool category — barely a year old as
a named idea. APM was introduced on the GitHub Blog in October 2025
(How
to build reliable AI workflows with agentic primitives and context engineering) and only reached
the microsoft/apm organization in early 2026
(microsoft/apm). A category this young
has no settled winner and no frozen interfaces: standards, registries, and even the
scope of a package (skills only, or every primitive type?) are still being negotiated in
public.
So the responsible closing move for this book is not a prediction of who wins. It is a
grounded map: what exists, what each tool optimizes, and where the seams are. The
four properties you have carried since Chapter 1 are the map's
coordinate system. The honest way to compare two agent-context tools is not “which
install command is shorter,” but which of the four properties each one
actually delivers, and across how many primitive types. That reframing is this chapter's whole
job.
Keep the distinction between a map and a prediction in view. A market report ranks vendors and forecasts share; a grounded map plots tools against stable axes so you can locate your own need on it. The goal is that you leave able to place a new tool you meet next year — not to memorize today's leaderboard.
The standards layer underneath the tools
Beneath the competing command-line tools sits a shared standards layer that most of them build on. APM's own framing is that it is “built on open standards” (microsoft/apm) — it does not compete with these formats, it consumes and composes them:
-
SKILL.md / Agent Skills
(agentskills.io) — the community format
for packaging a reusable skill, adopted across a large number of agents. APM implements it for its
skillprimitive. - AGENTS.md (agents.md) — the shared convention for the agent instruction file, now maintained as an open community standard (its stewardship moved under the Linux Foundation's Agentic AI Foundation in late 2025; see agents.md). APM builds on it as a foundation.
- MCP — the Model Context Protocol for tool and data servers (modelcontextprotocol.io). APM declares and governs MCP servers as a primitive rather than reinventing them.
-
OpenAPM v0.1
(the OpenAPM
spec) — Microsoft's own broader bid. Where SKILL.md standardizes one primitive,
OpenAPM tries to standardize the whole manifest + lockfile + policy
triad (
apm.yml,apm.lock.yaml,apm-policy.yml), dependency resolution, and the primitive type system. It is an editor's Working Draft with no backward-compat guarantee before v1.0, and — the fact that matters most this chapter — it defines no central registry today; the registry API is on the public roadmap (OpenAPM v0.2).
Hold two distinctions apart, because the rest of the chapter leans on them. First,
standard vs. tool: a spec (SKILL.md, OpenAPM) defines a format; a
tool (APM, gh skill) implements one. Second, narrow vs. broad:
SKILL.md standardizes a single primitive (the skill), while OpenAPM standardizes the packaging system
across every primitive. That makes SKILL.md and OpenAPM not rivals for one slot but
two live bids at different scopes — a broad spec that can consume the
narrow one. The open question is convergence: whether the broad spec absorbs or aligns with
the widely adopted narrow one over time. That is something to watch, not to bet on.
The standards layer is also why the properties are possible at all. Shared formats are what make Portability real: a skill written to SKILL.md or an instruction file written to AGENTS.md moves across harnesses because the format is shared, not the tool. OpenAPM extends that same shared-format guarantee to Reproducibility (a normative lockfile) and Governance (a normative policy file). Standards are the substrate; the four properties are what they buy.
In APM
Where APM sits on the map
APM's distinctive position has two halves, and honesty requires stating both. The first half is its
strength: among the tools in this space, APM has the broadest primitive coverage
— the seven types you met in Chapter 3 (instructions,
prompts, skills, agents, plugins, MCP servers, and hooks) — and it ships enterprise
governance in apm-policy.yml
(Chapter 9), which no skills-only installer offers. In the
language of the four properties, APM is the tool that carries all four across
all primitive types, not one property over a single slice.
The second half is the gap: APM has no central, searchable registry today. Distribution is git-based — “any git repository is a valid APM package” (What is APM?) — while several narrower rivals already ship a registry or GitHub-backed discovery. The registry HTTP API (publisher identity, search, yank/deprecate) is on the public roadmap (OpenAPM v0.2), and its progress is tracked on microsoft/apm. This is the category's biggest open question for APM, and the book has said so plainly since Chapter 2 — it is not a footnote.
Why the missing registry is not a missing core
Here Chapter 2 pays off. The registry is the most optional part of a package manager; the load-bearing parts are the manifest (declared intent) and the lockfile (a pinned, verified result). npm, pip, and Cargo all resolved git and path sources long before a central index mattered. So git-based APM already delivers all four properties today: a team gets Portability from the manifest, Reproducibility from the lockfile (Chapter 6), Provenance / security from content-hash pinning and install-time scanning (Chapter 8), and Governance from policy (Chapter 9) — none of which needs an index.
The clean line to draw: “no registry” limits discovery, not management. What git-based APM does not yet give you is easy search and browse of third-party packages. That is a real limitation — but it is about the convenience of finding packages, not the ability to declare, pin, verify, and govern them. Conflating the two is the trap; it is the Chapter 2 misconception (“a package manager is basically a downloader with a registry”) in new clothes.
When to use / pitfalls
The tools, side by side
Several tools overlap with APM, and none of them is a strawman. Each is real and actively developed; each optimizes a subset of the four properties over a narrower primitive set. Read the table below as “which properties, over how many primitive types” — not “which install command is shortest.”
| Tool (2026-07-01) | Owner · language | Manifest | Lockfile | Central registry | Primitive coverage | Governance / policy |
|---|---|---|---|---|---|---|
Microsoft APM (this book)microsoft/apm,
apm-cli v0.23.1
|
Microsoft · Python | apm.yml |
apm.lock.yaml (versions + content hashes) |
None yet — git-based; registry API on the public roadmap (OpenAPM v0.2) | Broadest — all seven: skills, prompts, instructions, agents, plugins, MCP servers, hooks | apm-policy.yml, install-time, tighten-only inheritance |
gh skill (official GitHub)GitHub CLI v2.90.0 |
GitHub · Go | none (provenance in SKILL.md) | none | GitHub-as-registry | Skills only | none (relies on GitHub supply chain) |
orthogonalhq/apm (same CLI name)github.com/orthogonalhq/apm |
Orthogonal (indep.) · Rust + Next.js | none | apm-lock.json |
Public, searchable (apm.orthg.nl) | Skills only | none |
TheLarkInn/aipmgithub.com/TheLarkInn/aipm |
Sean Larkin (independent) · Rust | aipm.toml |
content-addressable store (partial) | planned | skills, agents, MCP servers, hooks (Claude-focused) | none stated |
vercel-labs/skills (“npx skills”)github.com/vercel-labs/skills |
Vercel Labs · TypeScript | none | none | git URLs + skills.sh index |
Skills only (broad agent support, ~72 per its repo) | none |
Mapped onto the four properties, the table reads cleanly. Every tool delivers some
Portability — that is the price of entry
— but only APM and aipm carry it across every primitive type.
Reproducibility needs a lockfile, which APM,
orthogonalhq/apm, and (in plan) aipm have but the two skills-only
installers do not. On Provenance / security,
gh skill has the cleanest supply-chain story (immutable releases, tree-SHA) via
GitHub-as-registry (the
gh skill changelog), while APM leans on content-hash pinning plus install-time scanning. And on
Governance, APM is effectively alone: no skills-only
installer offers an org-level allow/deny gate.
When a narrow installer is enough — and when it isn't
They do not all do the same thing, so “pick the one with the nicest CLI” hides the difference that actually matters. Use the scope of your need to decide:
-
A narrow skill installer is plenty when an individual workflow only needs
skills and values a registry or clean provenance today —
gh skillfor GitHub-native provenance,orthogonalhq/apmfor a searchable index,vercel-labs/skillsfor the widest agent reach. A skills-only tool cannot express a project's prompts, instructions, agents, and MCP servers as one governed, locked dependency graph, but if you never needed that graph, the ceremony would be overkill. - You need the full manifest / lockfile / policy / audit story when context is shared, plural, and answerable to someone — a regulated or multi-team context where “which agent configuration was active at release 4.2.1?” must have an answer, and where an organization decides which sources and MCP servers are allowed. That is APM's coverage, and it is the shape Meridian has been building toward for eleven chapters.
- “Build around” — a thin wrapper or an internal registry proxy (Chapter 11) — is the middle path for a team that wants APM's contract and internal discovery before the official registry lands.
Two more tools are adjacent rather than head-to-head, and worth knowing so you do not miscategorize
them: anthropics/skills
is the SKILL.md reference implementation and a content library, not a manager; and the
MCP Registry and
Smithery are MCP-server indexes APM can
consume rather than replace.
Worked example
Recap & next
Recap — the whole arc
This book made one wager: agent context is where application code was before npm, pip, and Cargo — scattered, drifting, “works on my machine.” Every chapter added one layer, and each layer protected one of the four properties:
-
Portability — the
apm.ymlmanifest and harness targets (Chapters 4–5) turned Meridian's four scattered per-harness files into one declared source of truth. -
Reproducibility — the
apm.lock.yamllockfile (Chapter 6), forced by a CI break, made restores byte-for-byte; Chapter 7 made change deliberate. - Provenance / security — install-time scanning and content-hash pinning (Chapter 8) blocked a sketchy transitive MCP server before it touched disk.
-
Governance —
apm-policy.yml(Chapter 9) and its warn → block rollout, then fleet-scale ownership and CI gating (Chapter 11), turned rules-in-heads into an enforced, owned contract — after Meridian crossed the ramp to publishingmeridian-standards(Chapter 10).
And this chapter turned those four properties into a yardstick: a grounded map of a young category, where APM sits as the broad-coverage, policy-carrying, git-based option among narrower installers — the make-vs-adopt call reframed as scope and governance, not install UX, and the Chapter 2 name collision confirmed as real, not hypothetical.
Open questions
This is the last chapter, so there is no next one — the “next” is yours. The category is still settling, and the honest close is a set of open questions to carry into your own adoption, not a sales pitch:
- Does the registry land, and when? OpenAPM v0.2 — the registry HTTP API, publisher identity, yank/deprecate — is the roadmap milestone that decides whether discovery stops being APM's rough edge (microsoft/apm).
- Do the standards converge or fragment? Whether the broad OpenAPM bid aligns with the widely adopted SKILL.md format — or the two drift apart — will shape which packages stay portable across tools.
- Does the category consolidate? Whether one broad standard emerges or the space splinters across narrower installers is genuinely undecided at v0.23.1 — and everything above is a 2026-07-01 snapshot that will move.
Your move is the one Meridian made: adopt APM for the contract you can rely on now
— the manifest, the lockfile, policy, and your own internal packages, delivering all four
properties over git today — while you watch the registry and the standards, and
guard against installing the wrong “apm.” Start where the drift hurts most
(microsoft/apm,
the docs), declare one manifest, and
carry the open questions above into your own adoption.