apm-cli 0.9.3__tar.gz → 0.9.4__tar.gz

{apm_cli-0.9.3/src/apm_cli.egg-info → apm_cli-0.9.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: apm-cli
-Version: 0.9.3
+Version: 0.9.4
 Summary: MCP configuration tool
 Author-email: Daniel Meppiel <user@example.com>
 License: MIT License

{apm_cli-0.9.3 → apm_cli-0.9.4}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "apm-cli"
-version = "0.9.3"
+version = "0.9.4"
 description = "MCP configuration tool"
 readme = "README.md"
 requires-python = ">=3.10"
@@ -74,6 +74,7 @@ warn_unused_configs = true
 addopts = "-m 'not benchmark'"
 markers = [
     "integration: marks tests as integration tests that may require network access",
+    "live: marks tests that hit real GitHub repos (requires network + optional GITHUB_TOKEN)",
     "slow: marks tests as slow running tests",
     "benchmark: marks performance benchmark tests (deselected by default, run with -m benchmark)",
 ]

apm_cli-0.9.4/src/apm_cli/commands/_apm_yml_writer.py

@@ -0,0 +1,81 @@
+"""Write-back helper for persisting skill subset selection in apm.yml.
+
+Single helper ``set_skill_subset_for_entry`` is the one source of truth
+for promoting entries to dict form and setting/clearing the ``skills:``
+field.  Keeps write-back logic isolated and unit-testable.
+"""
+
+from pathlib import Path
+from typing import List, Optional
+
+from ..models.dependency.reference import DependencyReference
+from ..utils.yaml_io import dump_yaml, load_yaml
+
+
+def set_skill_subset_for_entry(
+    manifest_path: Path,
+    repo_url: str,
+    subset: Optional[List[str]],
+) -> bool:
+    """Promote entry to dict form and set/clear skills: field.
+
+    subset=None or empty list -> remove skills: from entry (reset to all).
+    subset=[...] -> set skills: to sorted+deduped list.
+
+    Returns True if file was modified.
+    """
+    data = load_yaml(manifest_path) or {}
+    deps_section = data.get("dependencies", {})
+    apm_deps = deps_section.get("apm", [])
+    if not apm_deps:
+        return False
+
+    modified = False
+    new_deps = []
+
+    for entry in apm_deps:
+        if _entry_matches(entry, repo_url):
+            entry = _apply_subset(entry, subset)
+            modified = True
+        new_deps.append(entry)
+
+    if not modified:
+        return False
+
+    deps_section["apm"] = new_deps
+    data["dependencies"] = deps_section
+    dump_yaml(data, manifest_path)
+    return True
+
+
+def _entry_matches(entry, repo_url: str) -> bool:
+    """Check if an apm.yml entry matches the given repo_url."""
+    try:
+        if isinstance(entry, str):
+            ref = DependencyReference.parse(entry)
+        elif isinstance(entry, dict):
+            ref = DependencyReference.parse_from_dict(entry)
+        else:
+            return False
+        return ref.repo_url == repo_url
+    except (ValueError, TypeError, AttributeError, KeyError):
+        return False
+
+
+def _apply_subset(entry, subset: Optional[List[str]]):
+    """Apply skill subset to an entry, promoting to dict form if needed."""
+    # Parse current entry to get canonical info
+    if isinstance(entry, str):
+        ref = DependencyReference.parse(entry)
+    elif isinstance(entry, dict):
+        ref = DependencyReference.parse_from_dict(entry)
+    else:
+        return entry
+
+    # Determine if we should set or clear
+    if subset:
+        ref.skill_subset = sorted(set(subset))
+    else:
+        ref.skill_subset = None
+
+    return ref.to_apm_yml_entry()

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/commands/experimental.py

@@ -140,7 +140,6 @@ def _handle_unknown_flag(name: str, logger: CommandLogger) -> None:
 @click.group(
     help="Manage experimental feature flags",
     invoke_without_command=True,
-    context_settings={"allow_interspersed_args": True, "ignore_unknown_options": True},
 )
 @click.option("--verbose", "-v", is_flag=True, default=False, help="Show verbose output")
 @click.pass_context

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/commands/install.py

@@ -1050,43 +1050,29 @@ def _run_mcp_install(
         "or a stdio command (self-defined entries)."
     ),
 )
-@click.option(
-    "--no-policy",
-    "no_policy",
-    is_flag=True,
-    default=False,
-    help="Skip org policy enforcement for this invocation. Loudly logged. Does NOT bypass apm audit --ci.",
-)
+@click.option("--skill", "skill_names", multiple=True, metavar="NAME", help="Install only named skill(s) from a SKILL_BUNDLE. Repeatable. Persisted in apm.yml and apm.lock so bare 'apm install' is deterministic. Use --skill '*' to reset to all skills.")
+@click.option("--no-policy", "no_policy", is_flag=True, default=False, help="Skip org policy enforcement for this invocation. Does NOT bypass apm audit --ci.")
 @click.pass_context
-def install(ctx, packages, runtime, exclude, only, update, dry_run, force, verbose, trust_transitive_mcp, parallel_downloads, dev, target, allow_insecure, allow_insecure_hosts, global_, use_ssh, use_https, allow_protocol_fallback, mcp_name, transport, url, env_pairs, header_pairs, mcp_version, registry_url, no_policy):
+def install(ctx, packages, runtime, exclude, only, update, dry_run, force, verbose, trust_transitive_mcp, parallel_downloads, dev, target, allow_insecure, allow_insecure_hosts, global_, use_ssh, use_https, allow_protocol_fallback, mcp_name, transport, url, env_pairs, header_pairs, mcp_version, registry_url, skill_names, no_policy):
     """Install APM and MCP dependencies from apm.yml (like npm install).
 
     Detects AI runtimes from your apm.yml scripts and installs MCP servers for
     all detected runtimes; also installs APM package dependencies from GitHub.
     --only filters by type (apm or mcp).
 
-    HTTP dependencies require `allow_insecure: true` in apm.yml and
-    `--allow-insecure` on the install command. Transitive HTTP dependencies are
-    allowed automatically when they stay on the same host as a direct HTTP
-    dependency, or explicitly with `--allow-insecure-host <hostname>`.
-
     Examples:
         apm install                             # Install existing deps from apm.yml
         apm install org/pkg1                    # Add package to apm.yml and install
-        apm install org/pkg1 org/pkg2           # Add multiple packages and install
         apm install --exclude codex             # Install for all except Codex CLI
         apm install --only=apm                  # Install only APM dependencies
-        apm install --only=mcp                  # Install only MCP dependencies
         apm install --update                    # Update dependencies to latest Git refs
         apm install --dry-run                   # Show what would be installed
         apm install -g org/pkg1                 # Install to user scope (~/.apm/)
-        apm install --allow-insecure http://my-server.example.com/owner/repo  # Install from HTTP URL with allow_insecure
-        apm install --allow-insecure-host mirror.example.com                  # Allow transitive HTTP dependencies from mirror.example.com
-
-    MCP servers (also: 'apm mcp install'):
-        apm install --mcp io.github.github/github-mcp-server                  # registry shorthand
-        apm install --mcp api --url https://example.com/mcp                   # remote http/sse
-        apm install --mcp fetch -- npx -y @modelcontextprotocol/server-fetch  # stdio (post-- argv)
+        apm install --allow-insecure http://...  # HTTP URL (needs allow_insecure)
+        apm install --skill my-skill org/bundle  # Install one skill from bundle
+        apm install --mcp io.github.github/github-mcp-server   # MCP registry
+        apm install --mcp api --url https://example.com/mcp    # MCP remote
+        apm install --mcp fetch -- npx -y @mcp/server-fetch    # MCP stdio
     """
     # C1 #856: defaults BEFORE try so the finally clause never sees an
     # UnboundLocalError if InstallLogger(...) raises during construction.
@@ -1149,6 +1135,14 @@ def install(ctx, packages, runtime, exclude, only, update, dry_run, force, verbo
             registry_url=validated_registry_url,
         )
 
+        # Normalize --skill: '*' means all (same as absent). Reject with --mcp.
+        _skill_subset = None
+        if skill_names:
+            if mcp_name is not None:
+                raise click.UsageError("--skill cannot be combined with --mcp.")
+            if not any(s == "*" for s in skill_names):
+                _skill_subset = builtins.tuple(skill_names)
+
         if mcp_name is not None:
             # MCP install routing block. This branch has accreted
             # significantly (--mcp / --registry / --transport / --env /
@@ -1463,11 +1457,41 @@ def install(ctx, packages, runtime, exclude, only, update, dry_run, force, verbo
                     protocol_pref=protocol_pref,
                     allow_protocol_fallback=allow_protocol_fallback,
                     no_policy=no_policy,
+                    skill_subset=_skill_subset,
+                    skill_subset_from_cli=bool(skill_names),
                 )
                 apm_count = install_result.installed_count
                 prompt_count = install_result.prompts_integrated
                 agent_count = install_result.agents_integrated
                 apm_diagnostics = install_result.diagnostics
+
+                # -- Skill subset write-back (Phase 11) --
+                # When CLI provided --skill on a SKILL_BUNDLE package, persist
+                # the subset selection in apm.yml so bare `apm install` is
+                # deterministic.
+                if skill_names and packages:
+                    from ._apm_yml_writer import set_skill_subset_for_entry
+
+                    _star_sentinel = any(s == "*" for s in skill_names)
+                    for dep_key, pkg_type in install_result.package_types.items():
+                        if pkg_type == "skill_bundle":
+                            if _star_sentinel:
+                                # Explicit-all: REMOVE any persisted skills:
+                                if set_skill_subset_for_entry(manifest_path, dep_key, None):
+                                    logger.success(f"Cleared skill subset for {dep_key}")
+                            else:
+                                subset_list = sorted(builtins.set(_skill_subset))
+                                if set_skill_subset_for_entry(manifest_path, dep_key, subset_list):
+                                    logger.success(
+                                        f"Persisted skill subset for {dep_key}: "
+                                        f"[{', '.join(subset_list)}]"
+                                    )
+                        elif pkg_type != "skill_bundle" and not _star_sentinel:
+                            # Non-bundle: warn but do NOT persist
+                            logger.warning(
+                                f"--skill ignored for {dep_key} "
+                                f"(package type: {pkg_type}, not a skill bundle)"
+                            )
             except InsecureDependencyPolicyError:
                 _maybe_rollback_manifest(_snapshot_manifest_path, _manifest_snapshot, logger)
                 sys.exit(1)
@@ -1664,6 +1688,8 @@ def _install_apm_dependencies(
     protocol_pref=None,
     allow_protocol_fallback: "Optional[bool]" = None,
     no_policy: bool = False,
+    skill_subset: "Optional[builtins.tuple]" = None,
+    skill_subset_from_cli: bool = False,
 ):
     """Thin wrapper -- builds an :class:`InstallRequest` and delegates to
     :class:`apm_cli.install.service.InstallService`.
@@ -1696,5 +1722,7 @@ def _install_apm_dependencies(
         protocol_pref=protocol_pref,
         allow_protocol_fallback=allow_protocol_fallback,
         no_policy=no_policy,
+        skill_subset=skill_subset,
+        skill_subset_from_cli=skill_subset_from_cli,
     )
     return InstallService().run(request)

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/commands/mcp.py

@@ -83,9 +83,20 @@ def mcp():
         "  apm mcp install fetch -- npx -y @modelcontextprotocol/server-fetch\n\n"
         "  apm mcp install api --transport http --url https://example.com/mcp"
     ),
+    epilog=(
+        "Common options (see `apm install --mcp --help` for full list):\n"
+        "  --transport [stdio|http|sse|streamable-http]\n"
+        "  --url URL           Server URL for remote transports\n"
+        "  --env KEY=VALUE     Environment variable (repeatable)\n"
+        "  --header KEY=VALUE  HTTP header (repeatable)\n"
+        "  --registry URL      Custom registry URL\n"
+        "  --mcp-version VER    Pin registry entry to a specific version\n"
+        "  --dev / --dry-run / --force / --verbose / --no-policy\n"
+    ),
 )
+@click.argument("name", required=True)
 @click.pass_context
-def mcp_install(ctx):
+def mcp_install(ctx, name):
     """Forward all args to 'apm install --mcp ...'.
 
     Examples:
@@ -106,9 +117,9 @@ def mcp_install(ctx):
     _, post_dd = _split_argv_at_double_dash(_get_invocation_argv())
     if post_dd:
         pre_args = ctx.args[: len(ctx.args) - len(post_dd)]
-        forwarded = ["install", "--mcp", *pre_args, "--", *post_dd]
+        forwarded = ["install", "--mcp", name, *pre_args, "--", *post_dd]
     else:
-        forwarded = ["install", "--mcp", *ctx.args]
+        forwarded = ["install", "--mcp", name, *ctx.args]
 
     try:
         cli.main(args=forwarded, standalone_mode=False)

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/commands/outdated.py

@@ -225,7 +225,7 @@ def _check_one_dep(dep, downloader, verbose):
 @click.option("--parallel-checks", "-j", type=int, default=4,
               help="Max concurrent remote checks (default: 4, 0 = sequential)")
 def outdated(global_, verbose, parallel_checks):
-    """Show outdated locked dependencies.
+    """Show outdated locked dependencies
 
     Compares each locked dependency against the remote to detect staleness.
     Tag-pinned deps use semver comparison; branch-pinned deps compare commit SHAs.

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/commands/pack.py

@@ -17,25 +17,25 @@ from ..core.target_detection import TargetParamType
     "fmt",
     type=click.Choice(["apm", "plugin"]),
     default="apm",
-    help="Bundle format.",
+    help="Bundle format",
 )
 @click.option(
     "--target",
     "-t",
     type=TargetParamType(),
     default=None,
-    help="Target platform (comma-separated for multiple, e.g. claude,copilot). Use 'all' for every target. Auto-detects if not specified.",
+    help="Target platform (comma-separated for multiple, e.g. claude,copilot). Use 'all' for every target. Auto-detects if not specified",
 )
-@click.option("--archive", is_flag=True, default=False, help="Produce a .tar.gz archive.")
+@click.option("--archive", is_flag=True, default=False, help="Produce a .tar.gz archive")
 @click.option(
     "-o",
     "--output",
     type=click.Path(),
     default="./build",
-    help="Output directory (default: ./build).",
+    help="Output directory (default: ./build)",
 )
-@click.option("--dry-run", is_flag=True, default=False, help="Show what would be packed without writing.")
-@click.option("--force", is_flag=True, default=False, help="On collision, last writer wins.")
+@click.option("--dry-run", is_flag=True, default=False, help="Show what would be packed without writing")
+@click.option("--force", is_flag=True, default=False, help="On collision, last writer wins")
 @click.option("--verbose", "-v", is_flag=True, help="Show detailed packing information")
 @click.pass_context
 def pack_cmd(ctx, fmt, target, archive, output, dry_run, force, verbose):
@@ -107,7 +107,7 @@ def pack_cmd(ctx, fmt, target, archive, output, dry_run, force, verbose):
     help="Target directory (default: current directory).",
 )
 @click.option("--skip-verify", is_flag=True, default=False, help="Skip bundle completeness check.")
-@click.option("--dry-run", is_flag=True, default=False, help="Show what would be unpacked without writing.")
+@click.option("--dry-run", is_flag=True, default=False, help="Show what would be unpacked without writing")
 @click.option("--force", is_flag=True, default=False, help="Deploy despite critical hidden-character findings.")
 @click.option("--verbose", "-v", is_flag=True, help="Show detailed unpacking information")
 @click.pass_context

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/commands/runtime.py

@@ -124,7 +124,7 @@ def list():
 
 @runtime.command(help="Remove an installed runtime")
 @click.argument("runtime_name", type=click.Choice(["copilot", "codex", "llm", "gemini"]))
-@click.confirmation_option(prompt="Are you sure you want to remove this runtime?", help="Confirm the action without prompting")
+@click.confirmation_option("--yes", "-y", prompt="Are you sure you want to remove this runtime?", help="Confirm the action without prompting")
 def remove(runtime_name):
     """Remove an installed runtime from APM management."""
     logger = CommandLogger("runtime remove")

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/deps/lockfile.py

@@ -44,6 +44,7 @@ class LockedDependency:
     marketplace_plugin_name: Optional[str] = None  # Plugin name in marketplace
     is_insecure: bool = False  # True when the locked source was http://
     allow_insecure: bool = False  # True when the manifest explicitly allowed HTTP
+    skill_subset: List[str] = field(default_factory=list)  # Sorted skill names for SKILL_BUNDLE
 
     def get_unique_key(self) -> str:
         """Returns unique key for this dependency."""
@@ -100,6 +101,8 @@ class LockedDependency:
             result["is_insecure"] = True
         if self.allow_insecure:
             result["allow_insecure"] = True
+        if self.skill_subset:
+            result["skill_subset"] = sorted(self.skill_subset)
         return result
 
     @classmethod
@@ -153,6 +156,7 @@ class LockedDependency:
             marketplace_plugin_name=data.get("marketplace_plugin_name"),
             is_insecure=data.get("is_insecure", False),
             allow_insecure=data.get("allow_insecure", False),
+            skill_subset=list(data.get("skill_subset") or []),
         )
 
     @classmethod
@@ -201,6 +205,7 @@ class LockedDependency:
             is_dev=is_dev,
             is_insecure=dep_ref.is_insecure,
             allow_insecure=dep_ref.allow_insecure,
+            skill_subset=sorted(dep_ref.skill_subset) if isinstance(getattr(dep_ref, "skill_subset", None), list) else [],
         )
 
     def to_dependency_ref(self) -> DependencyReference:

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/install/context.py

@@ -123,6 +123,8 @@ class InstallContext:
     policy_fetch: Any = None  # Optional[PolicyFetchResult] from discovery
     policy_enforcement_active: bool = False
     no_policy: bool = False  # W2-escape-hatch will wire --no-policy here
+    skill_subset: Optional[Tuple[str, ...]] = None  # --skill filter for SKILL_BUNDLE packages
+    skill_subset_from_cli: bool = False  # True when user passed --skill (even --skill '*')
     direct_mcp_deps: Optional[List[Any]] = None  # Direct MCP deps from apm.yml for policy gate
 
     # ------------------------------------------------------------------

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/install/phases/finalize.py

@@ -52,4 +52,4 @@ def run(ctx: "InstallContext") -> "InstallResult":
             f"-- pin with #tag or #sha to prevent drift"
         )
 
-    return InstallResult(ctx.installed_count, ctx.total_prompts_integrated, ctx.total_agents_integrated, ctx.diagnostics)
+    return InstallResult(ctx.installed_count, ctx.total_prompts_integrated, ctx.total_agents_integrated, ctx.diagnostics, package_types=dict(ctx.package_types))

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/install/phases/lockfile.py

@@ -77,6 +77,8 @@ class LockfileBuilder:
             # Attach deployed_files and package_type to each LockedDependency
             self._attach_deployed_files(lockfile)
             self._attach_package_types(lockfile)
+            # Apply CLI --skill override to lockfile entries (skill_bundle only)
+            self._attach_skill_subset_override(lockfile)
             # Attach content hashes captured at download/verify time
             self._attach_content_hashes(lockfile)
             # Attach marketplace provenance if available
@@ -124,6 +126,20 @@ class LockfileBuilder:
             if dep_key in lockfile.dependencies:
                 lockfile.dependencies[dep_key].package_type = pkg_type
 
+    def _attach_skill_subset_override(self, lockfile: LockFile) -> None:
+        """Apply CLI --skill override to lockfile skill_bundle entries.
+
+        When the user runs `apm install bundle --skill foo`, the CLI
+        skill_subset takes precedence over the per-entry skill_subset
+        from the manifest for this invocation's lockfile.
+        """
+        if not self.ctx.skill_subset:
+            return  # No CLI override; dep_ref.skill_subset already flows through
+        effective = sorted(set(self.ctx.skill_subset))
+        for dep_key, locked_dep in lockfile.dependencies.items():
+            if locked_dep.package_type == "skill_bundle":
+                locked_dep.skill_subset = effective
+
     def _attach_content_hashes(self, lockfile: LockFile) -> None:
         for dep_key, locked_dep in lockfile.dependencies.items():
             if dep_key in self.ctx.package_hashes:

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/install/pipeline.py

@@ -28,6 +28,7 @@ from typing import TYPE_CHECKING, List, Optional
 from ..models.results import InstallResult
 from ..utils.console import _rich_error
 from ..utils.diagnostics import DiagnosticCollector
+from ..utils.path_security import PathTraversalError
 from .errors import DirectDependencyError, PolicyViolationError
 
 if TYPE_CHECKING:
@@ -60,6 +61,8 @@ def run_install_pipeline(
     protocol_pref=None,
     allow_protocol_fallback: "Optional[bool]" = None,
     no_policy: bool = False,
+    skill_subset: "Optional[tuple]" = None,
+    skill_subset_from_cli: bool = False,
 ):
     """Install APM package dependencies.
 
@@ -152,6 +155,8 @@ def run_install_pipeline(
         root_has_local_primitives=_root_has_local_primitives,
         old_local_deployed=_old_local_deployed,
         no_policy=no_policy,
+        skill_subset=skill_subset,
+        skill_subset_from_cli=skill_subset_from_cli,
     )
 
     # ------------------------------------------------------------------
@@ -381,5 +386,9 @@ def run_install_pipeline(
         # #946: same pattern -- surface the message as-is instead of
         # double-wrapping it through the generic RuntimeError below.
         raise
+    except PathTraversalError:
+        # Path-safety violation in SKILL_BUNDLE or other nested
+        # resolution -- surface as-is for actionable user guidance.
+        raise
     except Exception as e:
         raise RuntimeError(f"Failed to resolve APM dependencies: {e}")

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/install/request.py

@@ -42,3 +42,5 @@ class InstallRequest:
     protocol_pref: Any = None  # ProtocolPreference (NONE/SSH/HTTPS) for shorthand transport
     allow_protocol_fallback: Optional[bool] = None  # None => read APM_ALLOW_PROTOCOL_FALLBACK env
     no_policy: bool = False  # W2-escape-hatch: skip org policy enforcement
+    skill_subset: Optional[Tuple[str, ...]] = None  # --skill filter for SKILL_BUNDLE packages
+    skill_subset_from_cli: bool = False  # True when user passed --skill (even --skill '*')

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/install/service.py

@@ -77,4 +77,6 @@ class InstallService:
             protocol_pref=request.protocol_pref,
             allow_protocol_fallback=request.allow_protocol_fallback,
             no_policy=request.no_policy,
+            skill_subset=request.skill_subset,
+            skill_subset_from_cli=request.skill_subset_from_cli,
         )

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/install/services.py

@@ -54,6 +54,7 @@ def integrate_package_primitives(
     package_name: str = "",
     logger: Optional["InstallLogger"] = None,
     scope: Optional["InstallScope"] = None,
+    skill_subset: "Optional[tuple]" = None,
 ) -> dict:
     """Run the full integration pipeline for a single package.
 
@@ -141,7 +142,7 @@ def integrate_package_primitives(
     skill_result = skill_integrator.integrate_package_skill(
         package_info, project_root,
         diagnostics=diagnostics, managed_files=managed_files, force=force,
-        targets=targets,
+        targets=targets, skill_subset=skill_subset,
     )
     _skill_target_dirs: set = builtins.set()
     for tp in skill_result.target_paths:

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/install/sources.py

@@ -58,6 +58,7 @@ def _format_package_type_label(pkg_type) -> Optional[str]:
         PackageType.HYBRID: "Hybrid (apm.yml + SKILL.md)",
         PackageType.APM_PACKAGE: "APM Package (apm.yml)",
         PackageType.HOOK_PACKAGE: "Hook Package (hooks/*.json only)",
+        PackageType.SKILL_BUNDLE: "Skill Bundle (skills/<name>/SKILL.md)",
     }.get(pkg_type)
 
 

{apm_cli-0.9.3 → apm_cli-0.9.4}/src/apm_cli/install/template.py

@@ -86,6 +86,18 @@ def _integrate_materialization(
             package_name=dep_key,
             logger=logger,
             scope=ctx.scope,
+            # Per-package effective subset: CLI --skill overrides per-entry
+            # apm.yml skills:. When CLI is absent (bare reinstall), fall back
+            # to the dep_ref's persisted skill_subset.
+            # When CLI explicitly provided (even --skill '*'), use ctx value
+            # (which is None for '*' = install all).
+            skill_subset=(
+                ctx.skill_subset
+                if ctx.skill_subset_from_cli
+                else (
+                    tuple(dep_ref.skill_subset) if dep_ref.skill_subset else None
+                )
+            ),
         )
         for k in (
             "prompts", "agents", "skills", "sub_skills",