AgentPM™

Introduction#

What is AgentPM™ and how it fits into your agent stack.

What is AgentPM™?#

AgentPM is the package layer for agent systems: a spec, a registry, a CLI, and SDKs that make agent packages and tool packages portable across runtimes and host languages.

  • The spec (agent.json). A single manifest format for both executable tool artifacts and compositional agent artifacts.
  • The package manager & registry. Publish signed package artifacts and install them deterministically with integrity and provenance.
  • The CLI. agentpm init/lint/login/publish/install/whoami; verify and eval coming soon.
  • SDKs (Node & Python). Load tools by name/version, or load installed agents as metadata plus resolved tool refs. Tools execute in a managed subprocess (with timeouts, env, and resource limits), so there’s no lock-in and no in-process dependency tangle.

Why AgentPM?#

Because agent systems need reusable, versioned building blocks they can trust across stacks and languages. AgentPM gives you:

  • tool artifacts for executable capabilities,
  • agent artifacts for portable composition,
  • deterministic installs with provenance, and
  • adapters/SDKs so one package can move across different agent runtimes and host languages without hand-rolled glue.

Key features#

  • agent.json spec for kind: "tool" and kind: "agent".
  • Language-agnostic packaging. Write tools in Node or Python and call them from either SDK.
  • Agent package install + load. Install published agent packages and inspect their resolved tool references from the SDKs.
  • Load → callable. SDKs turn a tool into a function you can hand to your agent (or call directly).
  • Deterministic installs. Versioned artifacts with declared runtime requirements and required environment variables—making agent deployments repeatable.
  • Security & provenance. Checksums and signing surfaced in CLI/registry.
  • Namespaces & scopes. Public and private namespaces with tokens/MFA.
  • Modern search & discovery. Tool pages auto-generate rich docs from the manifest for fast evaluation and adoption.
  • Current dependency model. Tools are the only resolved dependency type today. skills, knowledge, memory, and profiles are reserved for future package kinds.
  • Verify (coming soon). Manifest-driven contract tests (schema conformance, example runs, invariants, portability matrix, and SLOs). Produces a signed report that gates publish.
  • Evals (coming soon). Scenario-level scorecards (accuracy/robustness/latency/cost) that complement verify; results appear on the registry for transparent comparison.

Artifact kinds#

  • Tool artifact. Executable package with entrypoint, runtime, inputs/outputs, and packaged files. Tools are what the SDKs actually invoke.
  • Agent artifact. Composition package that captures tool dependencies, example prompts, and package metadata for a reusable agent definition.
  • Future templates/starter apps. Not first-class artifacts yet. Starter apps and templates are still documentation/examples territory rather than installable package kinds.

Install the CLI#

macOS & Linux#

Homebrew
brew tap agentpm-dev/tap
brew install agentpm

Windows#

Scoop
scoop bucket add agentpm https://github.com/agentpm-dev/scoop-bucket
scoop install agentpm
Open-source first

The core of AgentPM—the spec, CLI, and SDKs—is open source. Many tools will be open source too, but you can also publish closed-source tools to the public registry (users can install and run them) and, soon, to private namespaces for your org. The goal is simple: make trustworthy, reusable tools discoverable—OSS or proprietary.

Getting startedQuickstart