apm-cli 0.12.3__tar.gz → 0.13.0__tar.gz

{apm_cli-0.12.3 → apm_cli-0.13.0}/NOTICE

@@ -139,7 +139,7 @@ SOFTWARE.
 
 ## Component. requests
 
-- Version requirement: `>=2.28.0`
+- Version requirement: `>=2.31.0`
 - Upstream: https://github.com/psf/requests
 - SPDX: `Apache-2.0`
 - Notes: Apache-2.0 requires forwarding the upstream NOTICE file verbatim.

{apm_cli-0.12.3/src/apm_cli.egg-info → apm_cli-0.13.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: apm-cli
-Version: 0.12.3
+Version: 0.13.0
 Summary: MCP configuration tool
 Author-email: Daniel Meppiel <user@example.com>
 License: MIT License
@@ -40,7 +40,7 @@ License-File: AUTHORS
 Requires-Dist: click>=8.0.0
 Requires-Dist: colorama>=0.4.6
 Requires-Dist: pyyaml>=6.0.0
-Requires-Dist: requests>=2.28.0
+Requires-Dist: requests>=2.31.0
 Requires-Dist: python-frontmatter>=1.0.0
 Requires-Dist: llm>=0.17.0
 Requires-Dist: llm-github-models>=0.1.0
@@ -56,6 +56,7 @@ Provides-Extra: dev
 Requires-Dist: pytest>=7.0.0; extra == "dev"
 Requires-Dist: pytest-cov>=4.0.0; extra == "dev"
 Requires-Dist: pytest-xdist>=3.0.0; extra == "dev"
+Requires-Dist: pytest-split>=0.9.0; extra == "dev"
 Requires-Dist: ruff>=0.11.0; extra == "dev"
 Requires-Dist: mypy>=1.0.0; extra == "dev"
 Requires-Dist: jsonschema>=4.0.0; extra == "dev"
@@ -133,7 +134,7 @@ One command, no configuration -- VS Code and GitHub Copilot read the file automa
 One `apm.yml` describes every primitive your agents need — instructions, skills, prompts, agents, hooks, plugins, MCP servers — and `apm install` reproduces the exact same setup across every client on every machine. `apm.lock.yaml` pins the resolved tree the way `package-lock.json` does for npm.
 
 - **[One manifest for everything](https://microsoft.github.io/apm/reference/primitive-types/)** — declared once, deployed across Copilot, Claude, Cursor, OpenCode, Codex, Gemini, Windsurf
-- **[Install from anywhere](https://microsoft.github.io/apm/guides/dependencies/)** — GitHub, GitLab, Bitbucket, Azure DevOps, GitHub Enterprise, any git host
+- **[Install from anywhere](https://microsoft.github.io/apm/guides/dependencies/)** — GitHub, GitLab, Bitbucket, Azure DevOps, GitHub Enterprise, Gitea, Gogs, any git host
 - **[Transitive dependencies](https://microsoft.github.io/apm/guides/dependencies/)** — packages can depend on packages; APM resolves the full tree
 - **[Author plugins](https://microsoft.github.io/apm/guides/plugins/)** — build Copilot, Claude, and Cursor plugins with dependency management, then export standard `plugin.json`
 - **[Marketplaces](https://microsoft.github.io/apm/guides/marketplaces/)** — install plugins from curated registries in one command, deployed across all targets and locked

{apm_cli-0.12.3 → apm_cli-0.13.0}/README.md

@@ -68,7 +68,7 @@ One command, no configuration -- VS Code and GitHub Copilot read the file automa
 One `apm.yml` describes every primitive your agents need — instructions, skills, prompts, agents, hooks, plugins, MCP servers — and `apm install` reproduces the exact same setup across every client on every machine. `apm.lock.yaml` pins the resolved tree the way `package-lock.json` does for npm.
 
 - **[One manifest for everything](https://microsoft.github.io/apm/reference/primitive-types/)** — declared once, deployed across Copilot, Claude, Cursor, OpenCode, Codex, Gemini, Windsurf
-- **[Install from anywhere](https://microsoft.github.io/apm/guides/dependencies/)** — GitHub, GitLab, Bitbucket, Azure DevOps, GitHub Enterprise, any git host
+- **[Install from anywhere](https://microsoft.github.io/apm/guides/dependencies/)** — GitHub, GitLab, Bitbucket, Azure DevOps, GitHub Enterprise, Gitea, Gogs, any git host
 - **[Transitive dependencies](https://microsoft.github.io/apm/guides/dependencies/)** — packages can depend on packages; APM resolves the full tree
 - **[Author plugins](https://microsoft.github.io/apm/guides/plugins/)** — build Copilot, Claude, and Cursor plugins with dependency management, then export standard `plugin.json`
 - **[Marketplaces](https://microsoft.github.io/apm/guides/marketplaces/)** — install plugins from curated registries in one command, deployed across all targets and locked

{apm_cli-0.12.3 → apm_cli-0.13.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "apm-cli"
-version = "0.12.3"
+version = "0.13.0"
 description = "MCP configuration tool"
 readme = "README.md"
 requires-python = ">=3.10"
@@ -25,7 +25,7 @@ dependencies = [
     "click>=8.0.0",
     "colorama>=0.4.6",
     "pyyaml>=6.0.0",
-    "requests>=2.28.0",
+    "requests>=2.31.0",
     "python-frontmatter>=1.0.0",
     "llm>=0.17.0",
     "llm-github-models>=0.1.0",
@@ -44,6 +44,7 @@ dev = [
     "pytest>=7.0.0",
     "pytest-cov>=4.0.0",
     "pytest-xdist>=3.0.0",
+    "pytest-split>=0.9.0",
     "ruff>=0.11.0",
     "mypy>=1.0.0",
     "jsonschema>=4.0.0",
@@ -128,11 +129,21 @@ warn_return_any = true
 warn_unused_configs = true
 
 [tool.pytest.ini_options]
-addopts = "-m 'not benchmark'"
+addopts = "-m 'not benchmark and not live'"
 markers = [
     "integration: marks tests as integration tests that may require network access",
     "live: marks tests that hit real GitHub repos (requires network + optional GITHUB_TOKEN)",
     "slow: marks tests as slow running tests",
     "benchmark: marks performance benchmark tests (deselected by default, run with -m benchmark)",
+    "requires_e2e_mode: requires APM_E2E_TESTS=1",
+    "requires_github_token: requires GITHUB_APM_PAT or GITHUB_TOKEN",
+    "requires_ado_pat: requires ADO_APM_PAT",
+    "requires_ado_bearer: requires az CLI logged in + APM_TEST_ADO_BEARER=1",
+    "requires_network_integration: requires APM_RUN_INTEGRATION_TESTS=1",
+    "requires_apm_binary: requires built apm binary on PATH (or APM_BINARY_PATH)",
+    "requires_runtime_codex: requires codex runtime installed",
+    "requires_runtime_copilot: requires GitHub Copilot CLI runtime installed",
+    "requires_runtime_llm: requires llm runtime installed",
+    "requires_inference: requires APM_RUN_INFERENCE_TESTS=1 + model API access",
 ]
 

{apm_cli-0.12.3 → apm_cli-0.13.0}/src/apm_cli/adapters/client/copilot.py

@@ -1208,8 +1208,10 @@ class CopilotClientAdapter(MCPClientAdapter):
     def _is_github_server(self, server_name, url):
         """Securely determine if a server is a GitHub MCP server.
 
-        This method uses proper URL parsing and hostname validation to prevent
-        security vulnerabilities from substring-based checks.
+        Uses proper URL parsing and hostname validation to prevent token
+        injection via poisoned registry entries. Both the server name and
+        the URL hostname must match the GitHub allowlists before a GitHub
+        token is injected.
 
         Args:
             server_name (str): Name of the MCP server.
@@ -1220,7 +1222,6 @@ class CopilotClientAdapter(MCPClientAdapter):
         """
         from urllib.parse import urlparse
 
-        # Check server name against an allowlist of known GitHub MCP servers
         github_server_names = [
             "github-mcp-server",
             "github",
@@ -1228,23 +1229,33 @@ class CopilotClientAdapter(MCPClientAdapter):
             "github-copilot-mcp-server",
         ]
 
-        # Exact match check for server names (case-insensitive)
-        if server_name and server_name.lower() in [name.lower() for name in github_server_names]:
-            return True
-
-        # If URL is provided, validate the hostname
+        def _is_github_mcp_hostname(hostname: str) -> bool:
+            """Check if *hostname* belongs to GitHub (cloud, enterprise, or Copilot API)."""
+            if is_github_hostname(hostname):
+                return True
+            h = hostname.lower()
+            # Subdomains of github.com (e.g. api.github.com)
+            if h.endswith(".github.com"):
+                return True
+            # Copilot API hosts (e.g. api.githubcopilot.com, api.business.githubcopilot.com)
+            return h == "githubcopilot.com" or h.endswith(".githubcopilot.com")
+
+        name_matches = bool(
+            server_name and server_name.lower() in [n.lower() for n in github_server_names]
+        )
+
+        # Parse and validate hostname from URL
+        hostname = None
         if url:
             try:
                 parsed_url = urlparse(url)
+                # Reject non-HTTPS URLs to prevent cleartext token leakage
+                if parsed_url.scheme and parsed_url.scheme.lower() != "https":
+                    return False
                 hostname = parsed_url.hostname
-
-                if hostname:
-                    # Use helper to determine whether hostname is a GitHub host (cloud or enterprise)
-                    if is_github_hostname(hostname):
-                        return True
-
             except Exception:
-                # If URL parsing fails, assume it's not a GitHub server
                 return False
 
-        return False
+        host_matches = bool(hostname and _is_github_mcp_hostname(hostname))
+
+        return name_matches and host_matches

apm_cli-0.13.0/src/apm_cli/adapters/client/cursor.py

@@ -0,0 +1,326 @@
+"""Cursor IDE implementation of MCP client adapter.
+
+Cursor uses the standard ``mcpServers`` JSON format at ``.cursor/mcp.json``
+(repo-local).  Unlike the Copilot adapter, this adapter emits Cursor-native
+transport discriminators (``type: stdio`` / ``type: http``) and omits
+Copilot-only fields (``tools``, ``id``).
+
+APM only writes to ``.cursor/mcp.json`` when the ``.cursor/`` directory
+already exists -- Cursor support is opt-in.
+"""
+
+import json
+import os
+from pathlib import Path
+
+from ...core.docker_args import DockerArgsProcessor
+from ...core.token_manager import GitHubTokenManager
+from .copilot import CopilotClientAdapter
+
+
+class CursorClientAdapter(CopilotClientAdapter):
+    """Cursor IDE MCP client adapter.
+
+    Inherits config-path and read/write logic from
+    :class:`CopilotClientAdapter` but overrides ``_format_server_config`` to
+    emit Cursor-native transport discriminators instead of Copilot-only fields.
+    """
+
+    supports_user_scope: bool = False
+    target_name: str = "cursor"
+    mcp_servers_key: str = "mcpServers"
+
+    # Cursor's mcp.json runtime-substitution support has not yet been
+    # individually audited (see #1152). Pin to the legacy install-time
+    # resolution behaviour so this adapter is unchanged by the Copilot
+    # security fix; revisit in a follow-up.
+    _supports_runtime_env_substitution: bool = False
+
+    # ------------------------------------------------------------------ #
+    # Config path
+    # ------------------------------------------------------------------ #
+
+    def get_config_path(self):
+        """Return the path to ``.cursor/mcp.json`` in the repository root.
+
+        Unlike the Copilot adapter this is a **repo-local** path.  The
+        ``.cursor/`` directory is *not* created automatically -- APM only
+        writes here when the directory already exists.
+        """
+        cursor_dir = self.project_root / ".cursor"
+        return str(cursor_dir / "mcp.json")
+
+    # ------------------------------------------------------------------ #
+    # Config read / write -- override to avoid auto-creating the directory
+    # ------------------------------------------------------------------ #
+
+    def update_config(self, config_updates):
+        """Merge *config_updates* into the ``mcpServers`` section.
+
+        The ``.cursor/`` directory must already exist; if it does not, this
+        method returns silently (opt-in behaviour).
+        """
+        config_path = Path(self.get_config_path())
+
+        # Opt-in: only write when .cursor/ already exists
+        if not config_path.parent.exists():
+            return
+
+        current_config = self.get_current_config()
+        if "mcpServers" not in current_config:
+            current_config["mcpServers"] = {}
+
+        current_config["mcpServers"].update(config_updates)
+
+        with open(config_path, "w", encoding="utf-8") as f:
+            json.dump(current_config, f, indent=2)
+
+    def get_current_config(self):
+        """Read the current ``.cursor/mcp.json`` contents."""
+        config_path = self.get_config_path()
+
+        if not os.path.exists(config_path):
+            return {}
+
+        try:
+            with open(config_path, encoding="utf-8") as f:
+                return json.load(f)
+        except (OSError, json.JSONDecodeError):
+            return {}
+
+    # ------------------------------------------------------------------ #
+    # _format_server_config -- Cursor-native schema
+    # ------------------------------------------------------------------ #
+
+    def _format_server_config(self, server_info, env_overrides=None, runtime_vars=None):
+        """Format server info into Cursor MCP configuration.
+
+        Cursor uses a transport discriminator field ``type`` to determine how
+        to launch an MCP server:
+
+        - ``"type": "stdio"`` for local process servers (raw stdio or packages)
+        - ``"type": "http"`` for remote HTTP/SSE servers
+
+        Copilot-only fields ``tools`` and ``id`` are never emitted.
+
+        Args:
+            server_info: Server information from registry.
+            env_overrides: Pre-collected environment variable overrides.
+            runtime_vars: Pre-collected runtime variable values.
+
+        Returns:
+            dict suitable for writing to ``.cursor/mcp.json``.
+        """
+        if runtime_vars is None:
+            runtime_vars = {}
+
+        config: dict = {}
+
+        # --- raw stdio (self-defined deps) ---
+        raw = server_info.get("_raw_stdio")
+        if raw:
+            config["type"] = "stdio"
+            config["command"] = raw["command"]
+            resolved_env_for_args: dict = {}
+            if raw.get("env"):
+                resolved_env_for_args = self._resolve_environment_variables(
+                    raw["env"], env_overrides=env_overrides
+                )
+                config["env"] = resolved_env_for_args
+                self._warn_input_variables(raw["env"], server_info.get("name", ""), "Cursor")
+            args = raw.get("args") or []
+            config["args"] = [
+                self._resolve_variable_placeholders(arg, resolved_env_for_args, runtime_vars)
+                if isinstance(arg, str)
+                else arg
+                for arg in args
+            ]
+            return config
+
+        # --- remote endpoints ---
+        remotes = server_info.get("remotes", [])
+        if remotes:
+            remote = self._select_remote_with_url(remotes) or remotes[0]
+
+            transport = (remote.get("transport_type") or "").strip()
+            if not transport:
+                transport = "http"
+            elif transport not in ("sse", "http", "streamable-http"):
+                raise ValueError(
+                    f"Unsupported remote transport '{transport}' for Cursor. "
+                    f"Server: {server_info.get('name', 'unknown')}. "
+                    f"Supported transports: http, sse, streamable-http."
+                )
+
+            config["type"] = "http"
+            config["url"] = (remote.get("url") or "").strip()
+
+            # Add authentication headers for GitHub MCP server
+            server_name = server_info.get("name", "")
+            is_github_server = self._is_github_server(server_name, remote.get("url", ""))
+
+            if is_github_server:
+                _tm = GitHubTokenManager()
+                github_token = _tm.get_token_for_purpose("copilot") or os.getenv(
+                    "GITHUB_PERSONAL_ACCESS_TOKEN"
+                )
+                if github_token:
+                    config["headers"] = {"Authorization": f"Bearer {github_token}"}
+
+            # Add any additional headers from registry if present
+            headers = remote.get("headers", [])
+            if headers:
+                if "headers" not in config:
+                    config["headers"] = {}
+                for header in headers:
+                    header_name = header.get("name", "")
+                    header_value = header.get("value", "")
+                    if header_name and header_value:
+                        # Prevent registry-supplied headers from overriding
+                        # the injected GitHub token
+                        if header_name == "Authorization" and is_github_server:
+                            continue
+                        resolved_value = self._resolve_env_variable(
+                            header_name, header_value, env_overrides
+                        )
+                        config["headers"][header_name] = resolved_value
+
+            # Warn about unresolvable ${input:...} references in headers
+            if config.get("headers"):
+                self._warn_input_variables(config["headers"], server_info.get("name", ""), "Cursor")
+
+            return config
+
+        # --- local packages ---
+        packages = server_info.get("packages", [])
+
+        if not packages and not remotes:
+            raise ValueError(
+                f"MCP server has incomplete configuration in registry - "
+                f"no package information or remote endpoints available. "
+                f"This appears to be a temporary registry issue. "
+                f"Server: {server_info.get('name', 'unknown')}"
+            )
+
+        if packages:
+            package = self._select_best_package(packages)
+
+            if package:
+                registry_name = self._infer_registry_name(package)
+                package_name = package.get("name", "")
+                runtime_hint = package.get("runtime_hint", "")
+                runtime_arguments = package.get("runtime_arguments", [])
+                package_arguments = package.get("package_arguments", [])
+                env_vars = package.get("environment_variables", [])
+
+                resolved_env = self._resolve_environment_variables(env_vars, env_overrides)
+                processed_runtime_args = self._process_arguments(
+                    runtime_arguments, resolved_env, runtime_vars
+                )
+                processed_package_args = self._process_arguments(
+                    package_arguments, resolved_env, runtime_vars
+                )
+
+                config["type"] = "stdio"
+
+                if registry_name == "npm":
+                    config["command"] = runtime_hint or "npx"
+                    config["args"] = (
+                        ["-y", package_name] + processed_runtime_args + processed_package_args  # noqa: RUF005
+                    )
+                    if resolved_env:
+                        config["env"] = resolved_env
+                elif registry_name == "docker":
+                    config["command"] = "docker"
+                    if processed_runtime_args:
+                        config["args"] = self._inject_env_vars_into_docker_args(
+                            processed_runtime_args, resolved_env
+                        )
+                    else:
+                        config["args"] = DockerArgsProcessor.process_docker_args(
+                            ["run", "-i", "--rm", package_name], resolved_env
+                        )
+                elif registry_name == "pypi":
+                    config["command"] = runtime_hint or "uvx"
+                    config["args"] = (
+                        [package_name] + processed_runtime_args + processed_package_args  # noqa: RUF005
+                    )
+                    if resolved_env:
+                        config["env"] = resolved_env
+                elif registry_name == "homebrew":
+                    config["command"] = (
+                        package_name.split("/")[-1] if "/" in package_name else package_name
+                    )
+                    config["args"] = processed_runtime_args + processed_package_args
+                    if resolved_env:
+                        config["env"] = resolved_env
+                else:
+                    config["command"] = runtime_hint or package_name
+                    config["args"] = processed_runtime_args + processed_package_args
+                    if resolved_env:
+                        config["env"] = resolved_env
+            else:
+                raise ValueError(
+                    f"No supported package type found for Cursor. "
+                    f"Server: {server_info.get('name', 'unknown')}. "
+                    f"Available packages: "
+                    f"{[p.get('registry_name', 'unknown') for p in packages]}."
+                )
+
+        return config
+
+    # ------------------------------------------------------------------ #
+    # configure_mcp_server -- thin override for the print label
+    # ------------------------------------------------------------------ #
+
+    def configure_mcp_server(
+        self,
+        server_url,
+        server_name=None,
+        enabled=True,
+        env_overrides=None,
+        server_info_cache=None,
+        runtime_vars=None,
+    ):
+        """Configure an MCP server in Cursor's ``.cursor/mcp.json``.
+
+        Delegates entirely to the parent implementation but prints a
+        Cursor-specific success message.
+        """
+        if not server_url:
+            print("Error: server_url cannot be empty")
+            return False
+
+        # Opt-in: skip silently when .cursor/ does not exist
+        cursor_dir = self.project_root / ".cursor"
+        if not cursor_dir.exists():
+            return True  # nothing to do, not an error
+
+        try:
+            # Use cached server info if available, otherwise fetch from registry
+            if server_info_cache and server_url in server_info_cache:
+                server_info = server_info_cache[server_url]
+            else:
+                server_info = self.registry_client.find_server_by_reference(server_url)
+
+            if not server_info:
+                print(f"Error: MCP server '{server_url}' not found in registry")
+                return False
+
+            # Determine config key
+            if server_name:
+                config_key = server_name
+            elif "/" in server_url:
+                config_key = server_url.split("/")[-1]
+            else:
+                config_key = server_url
+
+            server_config = self._format_server_config(server_info, env_overrides, runtime_vars)
+            self.update_config({config_key: server_config})
+
+            print(f"Successfully configured MCP server '{config_key}' for Cursor")
+            return True
+
+        except Exception as e:
+            print(f"Error configuring MCP server: {e}")
+            return False

{apm_cli-0.12.3 → apm_cli-0.13.0}/src/apm_cli/bundle/local_bundle.py

@@ -152,10 +152,21 @@ def _looks_like_legacy_apm_bundle(path: Path) -> bool:
             for member in tar.getmembers():
                 if member.issym() or member.islnk():
                     return False
+                name = member.name
+                if (
+                    name.startswith("/")
+                    or PureWindowsPath(name).drive
+                    or PureWindowsPath(name).is_absolute()
+                ):
+                    return False
+                try:
+                    validate_path_segments(name, context="tar member")
+                except PathTraversalError:
+                    return False
             if sys.version_info >= (3, 12):
                 tar.extractall(tmp, filter="data")
             else:
-                tar.extractall(tmp)  # noqa: S202
+                tar.extractall(tmp)  # noqa: S202 -- validated above
         # Locate the inner directory (apm pack uses arcname=<bundle-name>)
         root = tmp
         children = [p for p in tmp.iterdir() if p.is_dir()]
@@ -365,6 +376,7 @@ def check_target_mismatch(
     Returns ``None`` when:
 
     - ``bundle_targets`` is empty (pre-constraint bundle, no metadata), OR
+    - ``bundle_targets`` contains ``"all"`` (target-agnostic bundle), OR
     - ``install_targets`` is a superset of ``bundle_targets``.
 
     Otherwise returns a human-readable warning naming the missing targets.
@@ -372,6 +384,11 @@ def check_target_mismatch(
     if not bundle_targets:
         return None
     bundle_set = {t.strip() for t in bundle_targets if t and t.strip()}
+    # Issue #1207: ``"all"`` (or empty after stripping) means target-agnostic.
+    # Such bundles cover any install target, so no mismatch warning is
+    # appropriate.
+    if "all" in bundle_set:
+        return None
     install_set = {t.strip() for t in install_targets if t and t.strip()}
     missing = sorted(bundle_set - install_set)
     if not missing:

{apm_cli-0.12.3 → apm_cli-0.13.0}/src/apm_cli/bundle/plugin_exporter.py

@@ -636,10 +636,17 @@ def export_plugin_bundle(
             if rel == "apm.lock.yaml":
                 continue
             bundle_files[rel] = hashlib.sha256(fp.read_bytes()).hexdigest()
+        # Issue #1207 D1: do NOT silently substitute ``"copilot"`` when
+        # ``target`` is missing.  Bundles are target-agnostic at install
+        # time; ``pack.target`` is recorded as informational metadata only.
+        # Falling back to ``"all"`` preserves the lockfile-filter shape
+        # (which uses target prefixes to narrow each dep's deployed_files
+        # list to the union of supported targets) without locking the
+        # bundle to a single client.
         enriched_yaml = enrich_lockfile_for_pack(
             lockfile,
             "plugin",
-            target or "copilot",
+            target or "all",
             bundle_files=bundle_files,
         )
         (bundle_dir / "apm.lock.yaml").write_text(enriched_yaml, encoding="utf-8")

{apm_cli-0.12.3 → apm_cli-0.13.0}/src/apm_cli/bundle/unpacker.py

@@ -5,10 +5,11 @@ import sys
 import tarfile
 import tempfile
 from dataclasses import dataclass, field
-from pathlib import Path
+from pathlib import Path, PureWindowsPath
 from typing import Dict, List  # noqa: F401, UP035
 
 from ..deps.lockfile import LEGACY_LOCKFILE_NAME, LOCKFILE_NAME, LockFile
+from ..utils.path_security import PathTraversalError, validate_path_segments
 
 
 @dataclass
@@ -64,10 +65,21 @@ def unpack_bundle(
             with tarfile.open(bundle_path, "r:gz") as tar:
                 # Security: prevent path traversal and special entries
                 for member in tar.getmembers():
-                    if member.name.startswith("/") or ".." in member.name:
-                        raise ValueError(f"Refusing to extract path-traversal entry: {member.name}")
+                    name = member.name
+                    if (
+                        name.startswith("/")
+                        or PureWindowsPath(name).drive
+                        or PureWindowsPath(name).is_absolute()
+                    ):
+                        raise ValueError(f"Refusing to extract path-traversal entry: {name}")
+                    try:
+                        validate_path_segments(name, context="tar member")
+                    except PathTraversalError:
+                        raise ValueError(
+                            f"Refusing to extract path-traversal entry: {name}"
+                        ) from None
                     if member.issym() or member.islnk():
-                        raise ValueError(f"Refusing to extract symlink/hardlink: {member.name}")
+                        raise ValueError(f"Refusing to extract symlink/hardlink: {name}")
                 # filter="data" was added in Python 3.12; use it when available
                 if sys.version_info >= (3, 12):
                     tar.extractall(temp_dir, filter="data")

{apm_cli-0.12.3 → apm_cli-0.13.0}/src/apm_cli/cache/git_cache.py

@@ -158,6 +158,9 @@ class GitCache:
         from ..utils.git_env import get_git_executable, git_subprocess_env
 
         git_exe = get_git_executable()
+        # auth-delegated: cache-layer ref resolution runs after lockfile
+        # already pinned the commit; no PAT->bearer fallback applies here
+        # (env is sanitized, no embedded creds).
         cmd = [git_exe, "ls-remote", url]
         if ref:
             cmd.append(ref)

{apm_cli-0.12.3 → apm_cli-0.13.0}/src/apm_cli/cli.py

@@ -35,6 +35,7 @@ from apm_cli.commands.policy import policy
 from apm_cli.commands.prune import prune
 from apm_cli.commands.run import preview, run
 from apm_cli.commands.runtime import runtime
+from apm_cli.commands.self_update import self_update
 from apm_cli.commands.targets import targets
 from apm_cli.commands.uninstall import uninstall
 from apm_cli.commands.update import update
@@ -90,6 +91,7 @@ cli.add_command(install)
 cli.add_command(uninstall)
 cli.add_command(prune)
 cli.add_command(update)
+cli.add_command(self_update)
 cli.add_command(compile_cmd, name="compile")
 cli.add_command(run)
 cli.add_command(preview)

{apm_cli-0.12.3 → apm_cli-0.13.0}/src/apm_cli/commands/_apm_yml_writer.py

@@ -25,7 +25,18 @@ def set_skill_subset_for_entry(
     Returns True if file was modified.
     """
     data = load_yaml(manifest_path) or {}
-    deps_section = data.get("dependencies", {})
+    deps_section = data.get("dependencies")
+    if deps_section is None:
+        deps_section = {}
+    if not isinstance(deps_section, dict):
+        raise ValueError(
+            f"Invalid 'dependencies' in {manifest_path}: expected a mapping "
+            f"with 'apm:' key, got {type(deps_section).__name__}. "
+            "Use the structured format:\n"
+            "  dependencies:\n"
+            "    apm:\n"
+            "      - owner/repo"
+        )
     apm_deps = deps_section.get("apm", [])
     if not apm_deps:
         return False

{apm_cli-0.12.3 → apm_cli-0.13.0}/src/apm_cli/commands/config.py

@@ -53,7 +53,12 @@ def _get_config_getters():
 
 def _valid_config_keys() -> str:
     """Return valid config keys for messages."""
-    return ", ".join(["auto-integrate", "temp-dir", "copilot-cowork-skills-dir"])
+    from ..core.experimental import is_enabled
+
+    keys = ["auto-integrate", "temp-dir"]
+    if is_enabled("copilot_cowork"):
+        keys.append("copilot-cowork-skills-dir")
+    return ", ".join(keys)
 
 
 @click.group(help="Configure APM CLI", invoke_without_command=True)