NSM — package manager for AI agents and skills
Nox Labs · 2026 · Senior Frontend Engineer
- TypeScript
- Turborepo
- Vitest
- Claude Code
- Codex
- Cursor
- OpenClaw
Context
Teams that work with Claude Code, Cursor and other AI tools share agents and skills by copy-pasting them between repositories: no versions, no updates, no way to know which revision of a prompt is actually installed. AI tooling needed what code dependencies got decades ago — a package manager.
What I did
- Designed and built NSM, a CLI where any git repository is a registry: a repo with agents or skills and version tags is installable — no server, no hosted index, no infrastructure to run or pay for.
- Made installs deterministic: a lockfile pins the exact resolved commit and a content hash of what landed on disk, so the same lockfile reproduces the same setup on any machine — including CI.
- Implemented provider-aware installation: one package lands in the right on-disk layout for each supported AI tool — Claude Code, Cursor, Codex, Windsurf and others — automatically.
- Designed the full dependency-manager UX: install, sync, update and outdated workflows, three-way reconciliation between disk, manifest and lockfile, typed errors and a JSON output mode for scripting.
- Built it to be trusted: thorough unit coverage, reproducible builds via Nix and documentation where every described behavior cites its source — a tool that rewrites your repository has no room for surprises.
Outcome
NSM became the delivery mechanism for the company's AI tooling: agents and skills turned from copy-pasted text into versioned, reproducible dependencies. Production codebases pin their AI setup through NSM lockfiles, so every engineer — and every CI run — works with exactly the same toolkit, and a prompt update rolls out like a package release.