Chapter 12

The Landscape & What's Next

Place APM in the market and standards landscape, then decide what to adopt, watch, or build around.

Objective

After this chapter you can place APM on a grounded map of the still-forming category around it — using the book's four properties (Portability, Reproducibility, Provenance / security, and Governance) as the map's coordinates rather than marketing claims. You will name the shared standards layer APM builds on (SKILL.md, AGENTS.md, MCP) and the broader OpenAPM bid it advances; compare APM honestly against gh skill, orthogonalhq/apm, TheLarkInn/aipm, and vercel-labs/skills; and make the adopt / watch / build-around call as a decision about scope and governance, not install ergonomics. One discipline frames the whole chapter: this is a snapshot dated 2026-07-01, and every tool named below — APM included — is pre-1.0 and moving, so treat the map as a map, not a verdict.

Concept/Theory

A young category that has not settled

“Agent context management” is a genuinely new tool category — barely a year old as a named idea. APM was introduced on the GitHub Blog in October 2025 (How to build reliable AI workflows with agentic primitives and context engineering) and only reached the microsoft/apm organization in early 2026 (microsoft/apm). A category this young has no settled winner and no frozen interfaces: standards, registries, and even the scope of a package (skills only, or every primitive type?) are still being negotiated in public.

So the responsible closing move for this book is not a prediction of who wins. It is a grounded map: what exists, what each tool optimizes, and where the seams are. The four properties you have carried since Chapter 1 are the map's coordinate system. The honest way to compare two agent-context tools is not “which install command is shorter,” but which of the four properties each one actually delivers, and across how many primitive types. That reframing is this chapter's whole job.

Keep the distinction between a map and a prediction in view. A market report ranks vendors and forecasts share; a grounded map plots tools against stable axes so you can locate your own need on it. The goal is that you leave able to place a new tool you meet next year — not to memorize today's leaderboard.

The standards layer underneath the tools

Beneath the competing command-line tools sits a shared standards layer that most of them build on. APM's own framing is that it is “built on open standards” (microsoft/apm) — it does not compete with these formats, it consumes and composes them:

  • SKILL.md / Agent Skills (agentskills.io) — the community format for packaging a reusable skill, adopted across a large number of agents. APM implements it for its skill primitive.
  • AGENTS.md (agents.md) — the shared convention for the agent instruction file, now maintained as an open community standard (its stewardship moved under the Linux Foundation's Agentic AI Foundation in late 2025; see agents.md). APM builds on it as a foundation.
  • MCP — the Model Context Protocol for tool and data servers (modelcontextprotocol.io). APM declares and governs MCP servers as a primitive rather than reinventing them.
  • OpenAPM v0.1 (the OpenAPM spec) — Microsoft's own broader bid. Where SKILL.md standardizes one primitive, OpenAPM tries to standardize the whole manifest + lockfile + policy triad (apm.yml, apm.lock.yaml, apm-policy.yml), dependency resolution, and the primitive type system. It is an editor's Working Draft with no backward-compat guarantee before v1.0, and — the fact that matters most this chapter — it defines no central registry today; the registry API is on the public roadmap (OpenAPM v0.2).

Hold two distinctions apart, because the rest of the chapter leans on them. First, standard vs. tool: a spec (SKILL.md, OpenAPM) defines a format; a tool (APM, gh skill) implements one. Second, narrow vs. broad: SKILL.md standardizes a single primitive (the skill), while OpenAPM standardizes the packaging system across every primitive. That makes SKILL.md and OpenAPM not rivals for one slot but two live bids at different scopes — a broad spec that can consume the narrow one. The open question is convergence: whether the broad spec absorbs or aligns with the widely adopted narrow one over time. That is something to watch, not to bet on.

The standards layer is also why the properties are possible at all. Shared formats are what make Portability real: a skill written to SKILL.md or an instruction file written to AGENTS.md moves across harnesses because the format is shared, not the tool. OpenAPM extends that same shared-format guarantee to Reproducibility (a normative lockfile) and Governance (a normative policy file). Standards are the substrate; the four properties are what they buy.

In APM

Where APM sits on the map

APM's distinctive position has two halves, and honesty requires stating both. The first half is its strength: among the tools in this space, APM has the broadest primitive coverage — the seven types you met in Chapter 3 (instructions, prompts, skills, agents, plugins, MCP servers, and hooks) — and it ships enterprise governance in apm-policy.yml (Chapter 9), which no skills-only installer offers. In the language of the four properties, APM is the tool that carries all four across all primitive types, not one property over a single slice.

The second half is the gap: APM has no central, searchable registry today. Distribution is git-based — “any git repository is a valid APM package” (What is APM?) — while several narrower rivals already ship a registry or GitHub-backed discovery. The registry HTTP API (publisher identity, search, yank/deprecate) is on the public roadmap (OpenAPM v0.2), and its progress is tracked on microsoft/apm. This is the category's biggest open question for APM, and the book has said so plainly since Chapter 2 — it is not a footnote.

Why the missing registry is not a missing core

Here Chapter 2 pays off. The registry is the most optional part of a package manager; the load-bearing parts are the manifest (declared intent) and the lockfile (a pinned, verified result). npm, pip, and Cargo all resolved git and path sources long before a central index mattered. So git-based APM already delivers all four properties today: a team gets Portability from the manifest, Reproducibility from the lockfile (Chapter 6), Provenance / security from content-hash pinning and install-time scanning (Chapter 8), and Governance from policy (Chapter 9) — none of which needs an index.

The clean line to draw: “no registry” limits discovery, not management. What git-based APM does not yet give you is easy search and browse of third-party packages. That is a real limitation — but it is about the convenience of finding packages, not the ability to declare, pin, verify, and govern them. Conflating the two is the trap; it is the Chapter 2 misconception (“a package manager is basically a downloader with a registry”) in new clothes.

When to use / pitfalls

The tools, side by side

Several tools overlap with APM, and none of them is a strawman. Each is real and actively developed; each optimizes a subset of the four properties over a narrower primitive set. Read the table below as “which properties, over how many primitive types” — not “which install command is shortest.”

Agent-context tools by the four-property axes — manifest, lockfile, registry, primitive coverage, and governance. Versions as of 2026-07-01; every tool is pre-1.0.
Tool (2026-07-01) Owner · language Manifest Lockfile Central registry Primitive coverage Governance / policy
Microsoft APM (this book)
microsoft/apm, apm-cli v0.23.1
Microsoft · Python apm.yml apm.lock.yaml (versions + content hashes) None yet — git-based; registry API on the public roadmap (OpenAPM v0.2) Broadest — all seven: skills, prompts, instructions, agents, plugins, MCP servers, hooks apm-policy.yml, install-time, tighten-only inheritance
gh skill (official GitHub)
GitHub CLI v2.90.0
GitHub · Go none (provenance in SKILL.md) none GitHub-as-registry Skills only none (relies on GitHub supply chain)
orthogonalhq/apm (same CLI name)
github.com/orthogonalhq/apm
Orthogonal (indep.) · Rust + Next.js none apm-lock.json Public, searchable (apm.orthg.nl) Skills only none
TheLarkInn/aipm
github.com/TheLarkInn/aipm
Sean Larkin (independent) · Rust aipm.toml content-addressable store (partial) planned skills, agents, MCP servers, hooks (Claude-focused) none stated
vercel-labs/skills (“npx skills”)
github.com/vercel-labs/skills
Vercel Labs · TypeScript none none git URLs + skills.sh index Skills only (broad agent support, ~72 per its repo) none

Mapped onto the four properties, the table reads cleanly. Every tool delivers some Portability — that is the price of entry — but only APM and aipm carry it across every primitive type. Reproducibility needs a lockfile, which APM, orthogonalhq/apm, and (in plan) aipm have but the two skills-only installers do not. On Provenance / security, gh skill has the cleanest supply-chain story (immutable releases, tree-SHA) via GitHub-as-registry (the gh skill changelog), while APM leans on content-hash pinning plus install-time scanning. And on Governance, APM is effectively alone: no skills-only installer offers an org-level allow/deny gate.

When a narrow installer is enough — and when it isn't

They do not all do the same thing, so “pick the one with the nicest CLI” hides the difference that actually matters. Use the scope of your need to decide:

  • A narrow skill installer is plenty when an individual workflow only needs skills and values a registry or clean provenance todaygh skill for GitHub-native provenance, orthogonalhq/apm for a searchable index, vercel-labs/skills for the widest agent reach. A skills-only tool cannot express a project's prompts, instructions, agents, and MCP servers as one governed, locked dependency graph, but if you never needed that graph, the ceremony would be overkill.
  • You need the full manifest / lockfile / policy / audit story when context is shared, plural, and answerable to someone — a regulated or multi-team context where “which agent configuration was active at release 4.2.1?” must have an answer, and where an organization decides which sources and MCP servers are allowed. That is APM's coverage, and it is the shape Meridian has been building toward for eleven chapters.
  • “Build around” — a thin wrapper or an internal registry proxy (Chapter 11) — is the middle path for a team that wants APM's contract and internal discovery before the official registry lands.

Two more tools are adjacent rather than head-to-head, and worth knowing so you do not miscategorize them: anthropics/skills is the SKILL.md reference implementation and a content library, not a manager; and the MCP Registry and Smithery are MCP-server indexes APM can consume rather than replace.

Worked example

Recap & next

Recap — the whole arc

This book made one wager: agent context is where application code was before npm, pip, and Cargo — scattered, drifting, “works on my machine.” Every chapter added one layer, and each layer protected one of the four properties:

  • Portability — the apm.yml manifest and harness targets (Chapters 45) turned Meridian's four scattered per-harness files into one declared source of truth.
  • Reproducibility — the apm.lock.yaml lockfile (Chapter 6), forced by a CI break, made restores byte-for-byte; Chapter 7 made change deliberate.
  • Provenance / security — install-time scanning and content-hash pinning (Chapter 8) blocked a sketchy transitive MCP server before it touched disk.
  • Governanceapm-policy.yml (Chapter 9) and its warn → block rollout, then fleet-scale ownership and CI gating (Chapter 11), turned rules-in-heads into an enforced, owned contract — after Meridian crossed the ramp to publishing meridian-standards (Chapter 10).

And this chapter turned those four properties into a yardstick: a grounded map of a young category, where APM sits as the broad-coverage, policy-carrying, git-based option among narrower installers — the make-vs-adopt call reframed as scope and governance, not install UX, and the Chapter 2 name collision confirmed as real, not hypothetical.

Open questions

This is the last chapter, so there is no next one — the “next” is yours. The category is still settling, and the honest close is a set of open questions to carry into your own adoption, not a sales pitch:

  • Does the registry land, and when? OpenAPM v0.2 — the registry HTTP API, publisher identity, yank/deprecate — is the roadmap milestone that decides whether discovery stops being APM's rough edge (microsoft/apm).
  • Do the standards converge or fragment? Whether the broad OpenAPM bid aligns with the widely adopted SKILL.md format — or the two drift apart — will shape which packages stay portable across tools.
  • Does the category consolidate? Whether one broad standard emerges or the space splinters across narrower installers is genuinely undecided at v0.23.1 — and everything above is a 2026-07-01 snapshot that will move.

Your move is the one Meridian made: adopt APM for the contract you can rely on now — the manifest, the lockfile, policy, and your own internal packages, delivering all four properties over git today — while you watch the registry and the standards, and guard against installing the wrong “apm.” Start where the drift hurts most (microsoft/apm, the docs), declare one manifest, and carry the open questions above into your own adoption.