Microsoft APM 0.9.2: reproducible AI agent configs in 15 min

What you will ship

By the end of this guide you will have Microsoft APM v0.9.2 installed, an apm.yml manifest checked into a repo, and a fresh git clone && apm install that configures Claude Code">Claude Code, GitHub Copilot, and Cursor with the same skills, prompts, and MCP servers — no copy-pasting from a private Notion. APM is the first cross-client manifest for agent context; think package.json, but for the CLAUDE.md, .github/copilot-instructions.md, and .cursor/rules/ files that today drift across every teammate's laptop. The project hit 2,000 stars this week and Microsoft just cut v0.9.2 on Apr 23, 2026 with Azure DevOps AAD auth and a hardened audit check.

Prerequisites: macOS or Linux (Windows PowerShell works too), Python 3.11+ only if you install via pip, and one of Claude Code, GitHub Copilot CLI, Cursor, OpenCode, or Codex installed locally. No paid account required — apm itself is MIT-licensed and the CLI is free forever.

Step-by-step build

1. Install the CLI

curl -sSL https://aka.ms/apm-unix | sh
apm --version   # expect: 0.9.2

Homebrew (brew install microsoft/apm/apm) and pip install apm-cli are both supported. Windows users run irm https://aka.ms/apm-windows | iex. The apm update command reuses the same platform installer so you avoid version drift across a team.

2. Initialize a manifest in your repo

cd your-project
apm init

This drops an apm.yml scaffold in the repo root. Open it and declare the exact agent context your team ships with:

name: your-project
version: 1.0.0
target: [claude, copilot, cursor]
dependencies:
  apm:
    - anthropics/skills/skills/frontend-design
    - github/awesome-copilot/plugins/context-engineering
    - microsoft/apm-sample-package#v1.0.0
  mcp:
    - name: io.github.github/github-mcp-server
      transport: http

The target list landed in v0.9.0 and lets one manifest feed multiple agent runtimes. Each dependency resolves transitively — if apm-sample-package pulls in more skills, they are fetched and pinned in apm.lock.yaml, mirroring how package-lock.json works for npm.

3. Install and commit the lockfile

apm install
git add apm.yml apm.lock.yaml
git commit -m "chore(apm): pin agent context"

APM writes the resolved tree and content hashes to apm.lock.yaml, then compiles primitives into each detected client's native location: CLAUDE.md for Claude Code, .github/prompts/ for Copilot, .cursor/rules/ for Cursor. Hand-edits to these files are detected later by apm audit so drift does not silently enter your repo.

4. Add an MCP server without editing three config files

v0.9.0 shipped a first-class MCP workflow. One command writes the server to the manifest and reinstalls into every target client:

apm install --mcp io.github.github/github-mcp-server \
  --transport http \
  --header "Authorization: Bearer $GITHUB_TOKEN"

Transitive MCP servers now require explicit consent; you will be prompted before APM trusts a package that pulls in a new stdio server. In CI, pass --force and gate the build with apm audit --ci. Custom enterprise registries work via MCP_REGISTRY_URL.

5. Wire the team install into onboarding

Replace three wiki pages of setup with one line in your README:

git clone [email protected]:org/your-project.git
cd your-project && apm install

New hires now get Claude Code, Copilot, and Cursor preconfigured in under a minute — identical primitives, pinned versions, the same MCP allowlist. Document the bypass path (APM_POLICY_DISABLE=1) only for emergencies so your security team can still audit it.

Test it works

apm audit --ci

Expected output: a table listing every deployed primitive with its source and an ok status column. Any hand-edit to .apm/ or a pulled plugin file surfaces as drift and the command exits non-zero. v0.9.2 hardened this check to detect local-content tampering, not just installed packages — wire it into your merge gate and config drift stops at the PR.

Common gotchas

Git protocol surprises. v0.9.0 is strict-by-default: ssh:// and https:// URLs no longer silently cross-fall back. If your mirror rejects SSH, export APM_GIT_PROTOCOL=https or pass --https on the command line. The legacy chain is still reachable with APM_ALLOW_PROTOCOL_FALLBACK=1 but will emit a one-shot warning so you cannot forget it is on.

Enterprise policy blocking installs. If your org ships an apm-policy.yml with enforcement: block (new in v0.9.1), a previously green install can now fail. Preview the verdict with apm install --dry-run and run apm policy status --json to see exactly which package or MCP server violated which rule before you open a support ticket.

MCP name validation. Names must match ^[a-zA-Z0-9@_][a-zA-Z0-9._@/:=-]{0,127}$. A URL in the command: field of a stdio MCP entry is rejected at parse time, as is any whitespace-wrapped binary path without explicit args:. The error message prints a valid positive example so the fix is usually obvious.

Ship it this week

Drop an apm.yml into the next repo you spin up today, pin one frontend-design skill, and watch a new teammate clone-and-run without opening your Notion. For teams already on Claude Code, pair APM with the /advisor multi-model workflow to stabilize agent behavior at 80% lower cost. If you are still shopping Coding Agents in 2026: A Fullstack Engineer's Recap">coding agents, our 2026 Cursor alternatives rundown pairs cleanly with APM's target: list. And if Python is your agent runtime, see how OpenAI Agents SDK 0.14 composes with APM-distributed skills. The repo and docs live at github.com/microsoft/apm — star it, then run apm init before lunch.