Versioned bundles for agent behavior.
Package agent skills, prompts, rules, and configs into immutable, versioned collections. Publish once, install into any harness with one command.
Purpose-built for AI agent components. Not repurposed npm or git submodules.
$ musher load musher/code-review Works with Claude Code, Codex, OpenCode, Cursor, and more.
What goes in a bundle
Six asset types cover every kind of agent component. Each asset is text-based, typed, and SHA-256 verified.
Agent Spec
Agent personas with role, instructions, and tool permissions.
agents/code-reviewer.mdSkill
Composable skill definitions with supporting files.
skills/code-review/SKILL.mdToolset
Tool policies and MCP server configurations.
tools/mcp-servers.jsonPrompt Template
System instructions, guidelines, and rule files.
prompts/review-checklist.mdConfiguration
Tool settings, schemas, and operational parameters.
config/settings.ymlOther
Templates, documentation, examples, and anything else.
docs/README.mdFrom creation to installation
Publish once. Install everywhere. Every version is immutable and verified.
Create a bundle
Initialize a bundle under your namespace. Add skills, prompts, configs, and other text assets — each classified by type.
$ musher init acme/my-toolkitPublish a version
Publish an immutable snapshot. Every asset gets a SHA-256 hash and the version is pushed to the OCI registry.
$ musher publish 1.0.0Resolve and verify
The CLI resolves your bundle reference to an exact OCI digest. Every asset is hash-verified on download.
$ musher load acme/my-toolkitInstall into any harness
Assets land where Claude Code, Codex, OpenCode, or your custom tooling picks them up. Same bundle, every environment.
$ musher install acme/my-toolkitPurpose-built beats repurposed
Package managers were designed for code. Bundles were designed for agent behavior.
Git submodules
- Versioning
- Git tags (manual)
- Discovery
- Know the repo URL
- Integrity
- Git hash (transport only)
- Agent-aware
- No — treats files as opaque blobs
- Collaboration
- PRs on config repo
npm / pip
- Versioning
- SemVer (for code packages)
- Discovery
- npmjs.com / PyPI
- Integrity
- Package hash
- Agent-aware
- No — designed for code dependencies
- Collaboration
- Org scopes (no agent semantics)
Raw OCI
- Versioning
- Tags (manual push)
- Discovery
- Registry UI (if any)
- Integrity
- Digest check
- Agent-aware
- No — generic artifact format
- Collaboration
- No built-in collaboration
Musher
- Versioning
- SemVer with immutable manifests
- Discovery
- Hub catalog with search and filtering
- Integrity
- SHA-256 per asset, verified on download
- Agent-aware
- Yes — 6 typed asset categories
- Collaboration
- Org namespaces, RBAC, visibility
Works with your stack
CLI for installing bundles. SDKs for programmatic access. Hub for discovery.
Musher CLI
Load and install bundles into any project. The CLI writes assets where agent harnesses pick them up automatically.
Local dev, CI pipelines
$ musher load musher/openapi-governance TypeScript SDK
Pull bundle metadata and assets programmatically. Resolve versions, access typed handles, verify integrity.
App code, custom tooling
$ npm install @musher-dev/musher-sdk Python SDK
Same capabilities as the TypeScript SDK. Sync and async clients, typed handles, full verification.
Python apps, CI policy gates
$ pip install musher-sdk Musher Hub
Browse, search, and evaluate community bundles. See asset contents, version history, and publisher profiles.
Discovery, evaluation
hub.musher.dev Trust built into every layer
Immutability, cryptographic verification, and access control — not afterthoughts.
Immutable versions
Published versions are append-only. Content cannot be modified after publishing. Broken versions are yanked, not overwritten.
SHA-256 per asset
Every asset is individually hashed at publish time. Downloads are verified against the stored hash — tampering is detected.
Yank with audit trail
Broken versions can be yanked with a reason. The audit trail records who yanked, when, and why — nothing is silently deleted.
Namespace RBAC
Bundles are scoped to organization namespaces. Only authorized members can publish. Consumers trust namespace ownership.
Frequently asked questions
Bundles support six asset types: agent_spec, skill, toolset, prompt, config, and other. All assets are text-based with a maximum size of 512 KB per asset and 200 assets per bundle.
Bundles use semantic versioning. When you publish a version, a snapshot of all current assets is pushed to an OCI registry as an immutable artifact. Published versions cannot be modified — only yanked with a reason and audit trail. Resolving a version always returns the same content.
Package managers like npm and pip are designed for code dependencies with complex dependency trees. Bundles are purpose-built for text-based agent components — assets are typed, versions are immutable, and the Hub provides agent-specific discovery. No package.json or setup.py needed.
Only authenticated users with organization membership can create, update, or publish bundles in that namespace. Runner credentials can resolve and download public bundles without namespace access.
Yanking marks a version with a reason and full audit trail — who yanked it, when, and why. Yanked versions are excluded from resolution but remain visible for audit. You can unyank a version to restore it.
Start distributing agent behavior today.
Free to use. One command to install any public bundle.
$ curl -fsSL https://get.musher.dev | sh