How to read this book

Chapters build in order, concept before command. Every APM feature is introduced as the implementation of one of four properties — Portability Reproducibility Security Governance.

For developers

Follow the body and the worked examples end to end.

Start reading

For engineering leaders

Skim the For engineering leaders asides for the risk, ROI, onboarding, and governance story.

Start with Chapter 1

A recurring Meridian marker tracks what one team does next, chapter by chapter.

The reading path

Twelve chapters, six parts

Chapters resolve in order — each one depends on the ones before it, like a dependency graph. Read straight through, or jump to the part you need.

Part I

Why context needs a manifest

  1. ch01

    The Context Problem

    Articulate why agent context needs a package manager and name the four properties APM is designed to protect.

    • apm.yml
    • apm.lock.yaml
    • apm-policy.yml
    • apm install
    • supported harnesses
  2. ch02

    Lessons from Package Managers

    Map package-manager concepts onto agent context so APM feels familiar rather than novel.

    • apm.yml
    • apm.lock.yaml
    • version pinning
    • git sources
    • apm update
    • +2 more
  3. ch03

    Primitives & Harnesses

    Know the vocabulary of what APM manages and how those primitives relate to agent harnesses.

    • skills
    • prompts
    • instructions
    • agents
    • plugins
    • +4 more
Part II

Portable by manifest

  1. ch04

    The Manifest: apm.yml

    Author a valid apm.yml that declares Meridian's first shared agent-context dependencies.

    • apm.yml
    • dependencies
    • git sources
    • version pinning
    • scripts
    • harness targets
  2. ch05

    Install & Restore

    Install and restore a project's agent context with the daily APM consumer loop.

    • apm init
    • apm install <pkg>
    • apm install
    • apm run <script>
    • harness targets
Part III

Reproducible by lockfile

  1. ch06

    The Lockfile & Reproducibility

    Reproduce an APM setup exactly and explain how the lockfile supports that guarantee.

    • apm.lock.yaml
    • exact versions
    • content hashes
    • byte-for-byte restore
    • apm install
  2. ch07

    Lifecycle

    Keep APM dependencies current while detecting drift and risk deliberately.

    • apm outdated
    • apm update
    • apm audit
    • apm.yml
    • apm.lock.yaml
Part IV

Secure & governed

  1. ch08

    Security by Default

    Understand and rely on APM's install-time security checks without confusing them with runtime sandboxing.

    • hidden-Unicode scanning
    • content-hash pinning
    • transitive MCP blocking
    • apm install
    • apm.lock.yaml
    • apm-policy.yml
  2. ch09

    Governance & Policy

    Write and pilot an apm-policy.yml that enforces agent-package rules at install time.

    • apm-policy.yml
    • install-time enforcement
    • transitive MCP governance
    • tighten-only inheritance
    • warn mode
    • block mode
Part V

Producing & sharing

  1. ch10

    Becoming a Producer

    Package and publish reusable APM primitives so other teams can consume them through the normal install loop.

    • producer package shape
    • skills
    • prompts
    • plugins
    • apm pack
    • +3 more
Part VI

At scale & ahead

  1. ch11

    Enterprise at Fleet Scale

    Gate and govern APM usage across an organization without turning developer setup into a bottleneck.

    • apm audit --ci
    • CI gating
    • registry proxy
    • air-gapped environments
    • adoption playbook
    • +2 more
  2. ch12

    The Landscape & What's Next

    Place APM in the market and standards landscape, then decide what to adopt, watch, or build around.

    • OpenAPM v0.1
    • SKILL.md
    • AGENTS.md
    • MCP
    • supported harnesses
    • +3 more