# Tank Documentation

> Security-first package manager for AI agent skills. Tank provides lockfiles, install-time integrity verification, permission budgets, and a 6-stage security scanning pipeline to reduce supply chain risk.

Tank is a security-first package manager for AI agent skills. It provides versioned installs, lockfiles, permission budgets, and deep scanning before skills reach agents.

## Key Resources

- [API Reference](https://tankpkg.dev/docs/api): Complete REST API reference for the Tank skill registry — authentication, search, publishing, version management, and security scanning endpoints.
- [Building Multi-Atom Skills](https://tankpkg.dev/docs/atoms): Write one tank.json with 7 atom kinds — instructions, hooks, agents, tools, rules, resources, prompts — and tank build compiles them to native configs for 6 AI coding agent platforms.
- [CI/CD Integration](https://tankpkg.dev/docs/cicd): Automate AI agent skill installation and publishing in CI/CD pipelines — GitHub Actions, GitLab CI, Docker, and the official Tank GitHub Action.
- [CLI Reference](https://tankpkg.dev/docs/cli): Complete reference for all 21 Tank CLI commands — install, publish, search, audit, and manage AI agent skills with security-first design.
- [Contributors](https://tankpkg.dev/docs/contributors): The people who build Tank
- [Getting Started with Tank](https://tankpkg.dev/docs/getting-started): Install the Tank CLI, authenticate with GitHub, and install your first AI agent skill in under 5 minutes — with SHA-512 integrity verification and permission budgets.
- [GitHub Action for Publishing](https://tankpkg.dev/docs/github-action): Automate AI agent skill publishing with Tank's official GitHub Action — security scanning, version validation, and badge generation in your CI/CD pipeline.
- [Installing AI Agent Skills](https://tankpkg.dev/docs/installing): Install, update, remove, and verify AI agent skills with Tank — deterministic lockfiles, SHA-512 integrity checks, dependency resolution, and permission budget enforcement.
- [MCP Server Integration](https://tankpkg.dev/docs/mcp): Use Tank directly from Claude Code, Cursor, VS Code Copilot, Windsurf, and other MCP-compatible AI coding assistants — 17 tools for full skill lifecycle management.
- [Organizations & Teams](https://tankpkg.dev/docs/organizations): Create organizations in Tank to publish scoped AI agent skills, manage team members, and control access with invitations and role-based permissions.
- [Tank Documentation](https://tankpkg.dev/docs/overview): Official documentation for Tank — the security-first package manager for AI agent skills. Install, publish, scan, and manage skills for Claude Code, Cursor, and other AI coding assistants.
- [Permissions & Access Control](https://tankpkg.dev/docs/permissions): Understand Tank's permission model for AI agent skills — declare, enforce, and audit what capabilities your skills can access at install time.
- [Publish Your First Skill](https://tankpkg.dev/docs/publish-first-skill): Step-by-step tutorial to publish your first AI agent skill to the Tank registry in under 10 minutes — with security scanning and permission declarations.
- [Publishing AI Agent Skills](https://tankpkg.dev/docs/publishing): Build, validate, and publish AI agent skills to the Tank registry — with security scanning, permission declarations, and version escalation protection.
- [Releases & Nightly Builds](https://tankpkg.dev/docs/releases): Tank's release channels — stable releases, nightly builds, Docker images, npm packages, and environment wiring.
- [Python SDK](https://tankpkg.dev/docs/sdk-python): Official Python SDK for the Tank registry — search, download, read, and audit AI agent skills programmatically from Python applications.
- [TypeScript SDK](https://tankpkg.dev/docs/sdk): Official TypeScript SDK for the Tank registry — search, download, read, and install AI agent skills programmatically from Node.js applications.
- [Searching for Skills](https://tankpkg.dev/docs/search): Find AI agent skills in the Tank registry using hybrid fuzzy search with typo tolerance, full-text matching, and advanced filters for security score, popularity, and freshness.
- [Secure AI Skills Checklist](https://tankpkg.dev/docs/security-checklist): Security best practices checklist for publishing safe AI agent skills — covering permissions, code security, prompt injection prevention, and dependency management.
- [Security Model](https://tankpkg.dev/docs/security): How Tank's 6-stage security pipeline scans AI agent skills for vulnerabilities, prompt injection, credential theft, and supply chain attacks before they reach your agents.
- [Self-Host in 15 Minutes](https://tankpkg.dev/docs/self-host-quickstart): Get Tank running on your own infrastructure with Docker Compose — automated setup wizard, no manual configuration needed.
- [Self-Hosting Tank](https://tankpkg.dev/docs/self-hosting): Deploy your own Tank registry on-premise — Docker Compose for quick setup, Kubernetes with Helm charts for production, with PostgreSQL, RustFS, and security scanning.
- [Credential Vault](https://tankpkg.dev/docs/vault): Protect API keys and secrets from AI agent exfiltration with Tank's format-preserving tokenization proxy — real credentials never reach the model.

## Optional

- [Skills Registry](https://tankpkg.dev/skills): Browse all published skills
- [Self-Host Guide](https://tankpkg.dev/docs/self-hosting): Deploy on your infrastructure

## Constraints

- All skills require explicit permission declarations
- Security scan required before publish (6-stage pipeline)
- Install verifies SHA-512 integrity
- Runtime sandboxing is not yet the enforcement model in this repo

## Full Export

See [llms-full.txt](https://tankpkg.dev/llms-full.txt) for complete documentation content.