microsoft
diff --git a/‎CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎docs/src/content/docs/consumer/installing-from-marketplaces.md‎
Lines changed: 29 additions & 15 deletions b/‎docs/src/content/docs/consumer/installing-from-marketplaces.md‎
Lines changed: 29 additions & 15 deletions
diff --git a/‎docs/src/content/docs/reference/cli/marketplace.md‎
Lines changed: 23 additions & 12 deletions b/‎docs/src/content/docs/reference/cli/marketplace.md‎
Lines changed: 23 additions & 12 deletions
diff --git a/‎packages/apm-guide/.apm/skills/apm-usage/commands.md‎
Lines changed: 1 addition & 1 deletion b/‎packages/apm-guide/.apm/skills/apm-usage/commands.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/apm_cli/commands/install.py‎
Lines changed: 1 addition & 4 deletions b/‎src/apm_cli/commands/install.py‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎src/apm_cli/commands/marketplace/__init__.py‎
Lines changed: 97 additions & 15 deletions b/‎src/apm_cli/commands/marketplace/__init__.py‎
Lines changed: 97 additions & 15 deletions
@@ -17,6 +17,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   of `~/.hermes/config.yaml` (written atomically with `0o600` perms, preserving
   unrelated config keys and refusing to overwrite a malformed file). `HERMES_HOME`
   overrides the Hermes home directory. See the [Hermes integration guide](https://microsoft.github.io/apm/integrations/hermes/).
+- `apm marketplace add` now accepts Anthropic-compatible git URL `#ref`, local
+  file, and hosted `marketplace.json` sources, recording hosted JSON provenance
+  in the lockfile. (closes #676)
 
 ## [0.19.0] - 2026-06-09
 
 
@@ -65,36 +65,50 @@ reproducible across machines and CI.
 
 ## Local and self-hosted marketplaces
 
-`apm marketplace add` accepts more than GitHub-hosted repos. The same
-register / browse / install / update workflow works against:
+`apm marketplace add` accepts the same source shapes as Anthropic's
+marketplace command. The same register / browse / install / update
+workflow works against:
 
 - **Local filesystem paths** -- `apm marketplace add /srv/marketplaces/agent-forge`
-  (or a relative path, or `~/code/marketplace`). Useful for
-  privacy-sensitive packages, offline workflows, and air-gapped
-  environments. Local marketplaces with relative plugin sources
-  install by copying from disk via `LocalDependencySource`.
+  (or a relative path, `~/code/marketplace`, or a direct
+  `marketplace.json` file). Useful for privacy-sensitive packages,
+  offline workflows, and air-gapped environments. Local marketplaces
+  with relative plugin sources install by copying from disk via
+  `LocalDependencySource`.
 - **`file://` URIs** -- `apm marketplace add file:///srv/marketplaces/agent-forge.git`.
   Behaves the same as a local path.
+- **Git HTTPS URLs with `#ref`** --
+  `apm marketplace add https://gitlab.com/acme/agent-forge.git#v1.0.0`.
+  APM strips the fragment into the stored ref. If you omit `#ref`
+  (or `--ref`), APM warns because the default branch can move.
+- **Hosted `marketplace.json` URLs** --
+  `apm marketplace add https://catalog.example.com/marketplace.json --name catalog`.
+  APM fetches the JSON directly over HTTPS, caches ETag/Last-Modified
+  metadata, and records the source URL plus content digest in the
+  lockfile when packages are installed from it.
 - **Generic git URLs** -- any host APM does not classify as
   GitHub or GitLab family flows through subprocess `git` and
-  `GitCache`. Includes Azure DevOps (auth via `ADO_APM_PAT`),
-  Gitea, Bitbucket Server, and self-hosted git servers.
+  `GitCache`. Includes Azure DevOps, Gitea, Bitbucket Server, and
+  self-hosted git servers.
 - **SSH URLs** -- `git@gitea.example.com:org/repo.git`. The host
-  is extracted, classified, and routed through the matching
-  fetcher.
+  is extracted, classified, and routed through the matching fetcher.
+
+Phase 1 of source parity is public plus local only: direct hosted
+`marketplace.json` URLs use HTTPS without custom auth headers. Private
+URL auth is tracked separately.
 
 For generic-git marketplaces, `marketplace.json` is fetched via a
 sparse-cone clone (only the manifest path is downloaded); APM does
 not forward `GITHUB_APM_PAT` or `GITLAB_APM_TOKEN` to non-GitHub /
-non-GitLab hosts. Authentication falls through to the host's
-`*_APM_PAT` (e.g. `ADO_APM_PAT`) or your local
-`git credential-manager`. See
+non-GitLab hosts. Authentication falls through to the host's local git
+credential helper when one is configured. See
 [Authentication](../authentication/).
 
 **Lockfile note.** Installs from a local marketplace record a
 local-path source in `apm.lock.yaml`. Lockfiles produced this way
-are machine-specific -- do not commit them into a shared repo. See
-[lockfile reference](../../reference/lockfile-spec/).
+are machine-specific -- do not commit them into a shared repo. Remote
+`marketplace.json` installs record `source_url` and `source_digest`
+provenance. See [lockfile reference](../../reference/lockfile-spec/).
 
 ## Where next
 
 
@@ -61,11 +61,16 @@ Register a marketplace from a source reference. Accepted forms:
 - `OWNER/REPO` -- GitHub shorthand (`acme/marketplace`).
 - `HOST/OWNER/.../REPO` -- non-GitHub host shorthand
   (`gitlab.com/team/marketplace`).
-- HTTPS URL -- any git host, including Azure DevOps, GitLab,
-  Gitea, Bitbucket Server, or a self-hosted git server.
+- HTTPS git URL -- any git host, including Azure DevOps, GitLab,
+  Gitea, Bitbucket Server, or a self-hosted git server. Add `#ref`
+  to pin the marketplace, for example
+  `https://gitlab.com/acme/marketplace.git#v1.0.0`.
+- Hosted `marketplace.json` URL --
+  `https://catalog.example.com/marketplace.json`.
 - SSH URL -- `git@host:org/repo.git` style.
 - Local filesystem path -- absolute (`/srv/marketplaces/agent-forge`),
-  relative (`./local-mkt`), or home-based (`~/code/marketplace`).
+  relative (`./local-mkt`), home-based (`~/code/marketplace`), or a
+  direct `marketplace.json` file.
 - `file://` URI -- `file:///srv/marketplaces/agent-forge.git`.
 
 ```bash
@@ -79,14 +84,18 @@ apm marketplace add gitlab.com/my-org/awesome-agents --host gitlab.com
 apm marketplace add https://dev.azure.com/contoso/eng/_git/agent-forge \
     --name agent-forge
 
-# Gitea / Bitbucket Server / self-hosted git
-apm marketplace add https://gitea.example.com/org/repo.git --name custom
+# Gitea / Bitbucket Server / self-hosted git, pinned with #ref
+apm marketplace add https://gitea.example.com/org/repo.git#v1.0.0 --name custom
+
+# Hosted marketplace.json URL
+apm marketplace add https://catalog.example.com/marketplace.json --name catalog
 
 # SSH
 apm marketplace add git@gitea.example.com:org/repo.git --name custom
 
-# Local filesystem (bare repo or working directory)
+# Local filesystem (bare repo, working directory, or marketplace.json file)
 apm marketplace add /srv/marketplaces/agent-forge.git --name agent-forge
+apm marketplace add ./vendor/marketplace.json --name vendor
 
 # file:// URI
 apm marketplace add file:///srv/marketplaces/agent-forge.git --name agent-forge
@@ -95,19 +104,21 @@ apm marketplace add file:///srv/marketplaces/agent-forge.git --name agent-forge
 | Flag | Description |
 |---|---|
 | `--name`, `-n` | Display name. Defaults to the repo name. |
-| `--ref`, `-r` | Git ref (branch, tag, or SHA). Default: `main`. |
+| `--ref`, `-r` | Git ref (branch, tag, or SHA). Default: `main`. For HTTPS git URLs, a `#ref` fragment is equivalent and is stored as the ref. |
 | `--branch`, `-b` | Deprecated alias for `--ref`. |
 | `--host` | Git host FQDN. Default: `github.com`. Ignored when `SOURCE` is a URL or local path. |
 | `--verbose`, `-v` | Show detailed output. |
 
 **Trust boundary.** APM forwards its authentication tokens
 (`GITHUB_APM_PAT`, `GITLAB_APM_PAT`) only when the marketplace
-host is classified as GitHub or GitLab family. For any other host
--- generic HTTPS, SSH, Azure DevOps, self-hosted -- the
+host is classified as GitHub or GitLab family. For any other git
+host -- generic HTTPS, SSH, Azure DevOps, self-hosted -- the
 marketplace is fetched via subprocess `git` through `GitCache`,
-and authentication falls through to the host's APM PAT (e.g.
-`ADO_APM_PAT` for Azure DevOps) or your local
-`git credential-manager`. See
+and authentication falls through to the host's local git credential
+helper. Hosted `marketplace.json` URLs are public HTTPS only in this
+phase; private URL auth is tracked separately. When packages are
+installed from a hosted JSON URL, the lockfile records the source URL
+and fetched content digest. See
 [`getting-started/authentication`](../../../getting-started/authentication/).
 
 **Azure DevOps.** ADO-hosted marketplaces fetch `marketplace.json`
 
@@ -118,7 +118,7 @@ Credentials resolve via `APM_REGISTRY_TOKEN_{NAME}` env var (or `apm config set
 
 | Command | Purpose | Key flags |
 |---------|---------|-----------|
-| `apm marketplace add SOURCE` | Register a marketplace. `SOURCE` accepts `OWNER/REPO`, `HOST/OWNER/REPO`, nested `HOST/group/sub/.../REPO`, HTTPS URL (any git host -- GitHub, GitLab, ADO, Gitea, self-hosted), SSH URL (`git@host:org/repo.git`), local filesystem path, or `file://` URI. | `-n NAME`, `-r REF`, `--host HOST` |
+| `apm marketplace add SOURCE` | Register a marketplace. `SOURCE` accepts `OWNER/REPO`, `HOST/OWNER/REPO`, nested `HOST/group/sub/.../REPO`, HTTPS git URL with optional `#ref`, hosted `marketplace.json` URL, SSH URL (`git@host:org/repo.git`), local directory or file path, or `file://` URI. | `-n NAME`, `-r REF`, `--host HOST` |
 | `apm marketplace list` | List registered marketplaces | -- |
 | `apm marketplace browse NAME` | Browse marketplace plugins | -- |
 | `apm marketplace update [NAME]` | Update marketplace index | -- |
 
@@ -430,10 +430,7 @@ def warning_handler(msg):
                         if logger:
                             logger.validation_fail(package, reason)
                         continue
-                    marketplace_provenance = {
-                        "discovered_via": marketplace_name,
-                        "marketplace_plugin_name": plugin_name,
-                    }
+                    marketplace_provenance = resolution.provenance(marketplace_name, plugin_name)
                     package = canonical_str
                     marketplace_dep_ref = getattr(resolution, "dependency_reference", None)
                 except Exception as mkt_err:
 
@@ -13,6 +13,7 @@
 import sys
 import traceback
 from pathlib import Path
+from urllib.parse import urlsplit, urlunsplit
 
 import click
 import yaml
@@ -524,19 +525,28 @@ def add(source, name, ref, branch, host, verbose):
         from ...marketplace.registry import add_marketplace
         from ...utils.github_host import is_valid_fqdn
 
+        source_arg, fragment_ref = _split_source_fragment_ref(source)
+
         # --ref / --branch reconciliation. --branch stays as a hidden alias
-        # for one release so legacy invocations keep working; passing both
-        # is a hard error so we never silently pick one.
+        # for one release so legacy invocations keep working; passing multiple
+        # ref sources is a hard error so we never silently pick one.
+        explicit_ref = ref is not None or branch is not None
         if ref is not None and branch is not None:
             logger.error(
                 "--ref and --branch are mutually exclusive. Use --ref (--branch is a deprecated alias).",
                 symbol="error",
             )
             sys.exit(1)
-        effective_ref = ref if ref is not None else (branch if branch is not None else "main")
+        if fragment_ref and explicit_ref:
+            logger.error(
+                "Do not combine a git URL #ref with --ref or --branch. Use one ref source.",
+                symbol="error",
+            )
+            sys.exit(1)
+        effective_ref = fragment_ref or ref or branch or "main"
 
         try:
-            url, kind, resolved_host = _parse_marketplace_source(source, host)
+            url, kind, resolved_host = _parse_marketplace_source(source_arg, host)
         except PathTraversalError:
             logger.error(
                 f"Invalid source '{source}': contains a path-traversal sequence. "
@@ -557,6 +567,8 @@ def add(source, name, ref, branch, host, verbose):
         # --host is meaningful only for shorthand OWNER/REPO inputs. For URL
         # / SSH / local-path inputs the host is already embedded; warn that
         # --host is being ignored rather than silently overriding.
+        is_direct_url = _is_remote_marketplace_json_url(url)
+
         if host is not None and kind == "local":
             logger.warning(
                 "--host is ignored when SOURCE is a local filesystem path.",
@@ -566,7 +578,7 @@ def add(source, name, ref, branch, host, verbose):
             host is not None
             and host.strip().lower() != (resolved_host or "").lower()
             and kind in ("git", "github", "gitlab")
-            and (source.startswith(("https://", "git@", "file://")))
+            and (source_arg.startswith(("https://", "git@", "file://")))
         ):
             logger.warning(
                 "--host is ignored when SOURCE is a full URL.",
@@ -607,18 +619,32 @@ def add(source, name, ref, branch, host, verbose):
 
         # Surface progress before the slow probe + fetch (5-30s for generic-git)
         # so the user sees activity instead of staring at a blank terminal.
-        provisional_label = name or _default_alias_from_url(url)
+        provisional_label = name or (
+            _default_alias_from_remote_url(url) if is_direct_url else _default_alias_from_url(url)
+        )
         logger.start(f"Registering marketplace '{provisional_label}'...", symbol="gear")
+        if _should_warn_unpinned_git_url(
+            source_arg, kind, is_direct_url, fragment_ref, explicit_ref
+        ):
+            logger.warning(
+                "Pin this git marketplace with a #ref (for example, "
+                f"{source_arg}#v1.0.0) or --ref to avoid mutable branch updates.",
+                symbol="warning",
+            )
 
         # Probe for marketplace.json location. The probe source's name is a
         # placeholder -- _auto_detect_path only consults url/ref/path/kind.
         probe_name = provisional_label
         probe_source = MarketplaceSource(
             name=probe_name,
             url=url,
-            ref=effective_ref,
+            ref="" if is_direct_url else effective_ref,
+            path="" if is_direct_url else "marketplace.json",
         )
-        detected_path = _auto_detect_path(probe_source)
+        if is_direct_url or _local_source_points_to_file(probe_source):
+            detected_path = ""
+        else:
+            detected_path = _auto_detect_path(probe_source)
 
         if detected_path is None:
             logger.error(
@@ -632,7 +658,7 @@ def add(source, name, ref, branch, host, verbose):
         fetch_source = MarketplaceSource(
             name=probe_name,
             url=url,
-            ref=effective_ref,
+            ref="" if is_direct_url else effective_ref,
             path=detected_path,
         )
         manifest = fetch_marketplace(fetch_source, force_refresh=True)
@@ -663,15 +689,16 @@ def add(source, name, ref, branch, host, verbose):
         )
 
         logger.verbose_detail(f"    Source: {fetch_source.display_source}")
-        logger.verbose_detail(f"    Kind: {kind}")
-        logger.verbose_detail(f"    Ref: {effective_ref}")
+        logger.verbose_detail(f"    Kind: {fetch_source.kind}")
+        if not is_direct_url:
+            logger.verbose_detail(f"    Ref: {effective_ref}")
         logger.verbose_detail(f"    Detected path: {detected_path}")
         logger.verbose_detail(f"    Alias source: {alias_source}")
 
         final_source = MarketplaceSource(
             name=display_name,
             url=url,
-            ref=effective_ref,
+            ref="" if is_direct_url else effective_ref,
             path=detected_path,
         )
         add_marketplace(final_source)
@@ -696,6 +723,61 @@ def add(source, name, ref, branch, host, verbose):
         sys.exit(1)
 
 
+def _split_source_fragment_ref(source: str) -> tuple[str, str]:
+    """Split an HTTPS git URL #ref fragment from the URL stored in the registry."""
+    raw = (source or "").strip()
+    if not raw.lower().startswith("https://"):
+        return raw, ""
+    parsed = urlsplit(raw)
+    if not parsed.fragment:
+        return raw, ""
+    clean_url = urlunsplit((parsed.scheme, parsed.netloc, parsed.path, parsed.query, ""))
+    return clean_url, parsed.fragment
+
+
+def _is_remote_marketplace_json_url(url: str) -> bool:
+    """Return True when *url* names a hosted marketplace.json document."""
+    try:
+        parsed = urlsplit(url)
+    except ValueError:
+        return False
+    path = (parsed.path or "").rstrip("/")
+    return parsed.scheme.lower() == "https" and path.endswith("/marketplace.json")
+
+
+def _should_warn_unpinned_git_url(
+    source: str,
+    kind: str,
+    is_direct_url: bool,
+    fragment_ref: str,
+    explicit_ref: bool,
+) -> bool:
+    """Return True when a git URL source uses the implicit mutable default ref."""
+    if is_direct_url or fragment_ref or explicit_ref:
+        return False
+    return source.lower().startswith("https://") and kind in {"github", "gitlab", "git"}
+
+
+def _local_source_points_to_file(source) -> bool:
+    """Return True when a local marketplace source points directly to a file."""
+    if source.kind != "local":
+        return False
+    try:
+        return Path(source.local_path).expanduser().is_file()
+    except OSError:
+        return False
+
+
+def _default_alias_from_remote_url(url: str) -> str:
+    """Derive a stable default alias for a direct remote marketplace.json URL."""
+    try:
+        parsed = urlsplit(url)
+    except ValueError:
+        return "marketplace"
+    host = (parsed.hostname or "marketplace").lower()
+    return host.split(":", 1)[0]
+
+
 def _default_alias_from_url(url: str) -> str:
     """Derive a default marketplace alias from a parsed URL.
 
@@ -850,7 +932,7 @@ def update(name, verbose):
         if name:
             source = get_marketplace_by_name(name)
             logger.start(f"Refreshing marketplace '{name}'...", symbol="gear")
-            clear_marketplace_cache(name, host=source.host)
+            clear_marketplace_cache(source=source)
             manifest = fetch_marketplace(source, force_refresh=True)
             logger.success(
                 f"Marketplace '{name}' updated ({len(manifest.plugins)} plugins)",
@@ -864,7 +946,7 @@ def update(name, verbose):
             logger.start(f"Refreshing {len(sources)} marketplace(s)...", symbol="gear")
             for s in sources:
                 try:
-                    clear_marketplace_cache(s.name, host=s.host)
+                    clear_marketplace_cache(source=s)
                     manifest = fetch_marketplace(s, force_refresh=True)
                     logger.tree_item(f"  {s.name} ({len(manifest.plugins)} plugins)")
                 except Exception as exc:
@@ -910,7 +992,7 @@ def remove(name, yes, verbose):
                 return
 
         remove_marketplace(name)
-        clear_marketplace_cache(name, host=source.host)
+        clear_marketplace_cache(source=source)
         logger.success(f"Marketplace '{name}' removed", symbol="check")
 
     except Exception as e: