Lockfile-based plugin manager for Claude Code (and AI agent tools).

Claude Code's built-in plugin system has no lockfile, no version constraints, no reproducibility. apm fixes that.

apm add figma@claude-plugins-official@^2.1.0
apm add caveman@caveman
git add apm.toml apm.lock

On a new machine:

apm install   # exact same versions, every time

I built this after hitting three problems with Claude Code's native plugin system:

1. No per-project version control. I work across multiple projects that need different plugin versions. Claude Code installs plugins globally with no way to pin versions per repo. One project upgrading figma would silently break another.

2. No visibility into what's installed or where. I had no idea which version of a plugin was active, or where it was installed on disk. apm info <plugin> shows you the exact version, commit SHA, and install path. apm list shows all plugins and their locked versions at a glance.

3. Plugins aren't reproducible across machines. Onboarding a new dev or spinning up CI meant manually reinstalling the same plugins and hoping you picked the right versions. With apm, you commit apm.toml + apm.lock and run apm install — same versions, every time, everywhere.

curl -fsSL https://raw.githubusercontent.com/qwexvf/apm/main/install.sh | sh

Or with Go:

go install github.com/qwexvf/apm@latest

# apm.toml
[plugins]
"figma@claude-plugins-official"     = "^2.1.0"   # semver range
"caveman@caveman"                   = "*"          # latest
"gopls-lsp@claude-plugins-official" = "1.0.0"     # exact
"myplugin@mymarket"                 = "abc123"     # commit SHA

Without a token: 60 API requests/hour. With one: 5,000.

export GITHUB_TOKEN=ghp_...

Only needs public repo read access.

MIT