…run (#1116)

When the resolver callback downloads a package during the parallel
resolve phase and the integrate phase later sees the bytes already on
disk (`skip_download=True` via `already_resolved`), it routes to
`CachedDependencySource`. That source previously hard-coded
`cached=True` on the download-complete line, so users saw

    [+] owner/repo@v1.2.3 abc12345 (cached)

for packages that were just downloaded a few hundred milliseconds
earlier. The label is misleading and undermines trust in the cache
indicator (which should mean 'no network in this run').

Fix:
- `CachedDependencySource.__init__` now takes
  `fetched_this_run: bool = False`. When True, `acquire()` passes
  `cached=False` to `logger.download_complete`.
- `make_dependency_source` factory plumbs the flag through.
- `phases/integrate.py` computes
  `fetched_this_run = dep_key in ctx.callback_downloaded` at the
  call site -- the single source of truth for 'downloaded earlier in
  this run'.

Backward compat:
- Default `fetched_this_run=False` preserves legacy behaviour for
  any external caller of `CachedDependencySource` /
  `make_dependency_source`.

Tests:
- New `tests/unit/install/test_cached_label.py` covers the default
  cached path, the fetched-this-run flip, and end-to-end factory
  plumbing.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…tor (#1116)

Every install download/cached line previously did its own `commit[:8]`
slice. That allowed sentinel strings (`cached`, `unknown`) and any
non-hex garbage to silently render as a plausible-looking 8-char SHA
prefix in user-facing output -- impossible to tell from a real short
SHA on review.

New helper `apm_cli/utils/short_sha.py`:
- Returns `""` for non-strings, sentinels (`cached`, `unknown`,
  case-insensitive), strings shorter than 8 chars, or any string with
  non-hex characters.
- Returns `value[:8]` only for valid 8+ char hex (SHA-1, SHA-256,
  any future hash format).
- Whitespace is stripped before validation.

Replaced the four inline truncations with `format_short_sha`:
- `install/sources.py`: cached source's `download_complete` SHA
  (covers the "cached" sentinel previously masked by an explicit
  `!= "cached"` guard).
- `install/sources.py`: fresh source's `download_complete` SHA
  (logger branch).
- `install/sources.py`: fresh source's plain-echo SHA fallback.
- `install/phases/resolve.py`: lockfile-entry verbose SHA dump.

Tests:
- New `tests/unit/install/test_short_sha.py` covers None, empty,
  whitespace, sentinels (lower/upper case), too-short, non-hex, bytes,
  ints, full SHA-1, full SHA-256, uppercase hex, and whitespace
  stripping.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Long transitive resolves used to look like a hang -- the install
silently iterated through dozens of `download_callback` invocations
with no user-visible signal between the initial banner and the final
download lines. CI logs and `2>&1 | tee` pipelines made it worse:
any Rich transient progress would be invisible, so users assumed the
process was stuck.

Fix:
- New `InstallLogger.resolving_heartbeat(dep_name)` emits a static
  line: `[>] Resolving <name>...` via `_rich_info` with the
  `running` symbol. Static (not transient) so it survives in CI logs
  and behind `tee`.
- `phases/resolve.download_callback` calls the heartbeat from the
  MAIN thread, immediately after the on-disk shortcut and BEFORE the
  network/copy work. F7's parallel BFS will keep heartbeat emission
  on the main thread for deterministic ordering across worker
  dispatches.

Tests:
- New `tests/unit/install/test_resolving_heartbeat.py` asserts the
  symbol is `running` (not a transient progress) and that the helper
  emits exactly one line per call with the expected text shape.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

The MCP registry round-trip in `apm install` -- a multi-second
network call to validate that all requested servers exist -- gave no
user-visible signal. Users staring at silence assumed a stall. The
heartbeat fixes that with one static line emitted just before
`operations.validate_servers_exist`:

    [>] Looking up N MCP server(s) in registry...

Implementation:
- New `CommandLogger.mcp_lookup_heartbeat(count)` and a mirror on
  `NullCommandLogger` so `MCPIntegrator` can call the heartbeat
  unconditionally without hasattr / isinstance checks.
- Static line via `_rich_info` with the `running` symbol -- not a
  Rich transient -- so the line survives in CI logs and behind
  `2>&1 | tee`.
- `count <= 0` is silently skipped to avoid a noisy zero-batch line
  on installs with no registry MCP deps.

Tests:
- Singular / plural noun, zero-count silence, and NullCommandLogger
  mirror in `tests/unit/install/test_mcp_lookup_heartbeat.py`.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

When debugging a slow install, users had no way to identify which
phase was burning the budget without instrumenting individual sources.
This adds opt-in (verbose-only) timing for every phase in the install
pipeline:

    [i] Phase: resolve -> 0.412s
    [i] Phase: download -> 1.873s
    [i] Phase: integrate -> 0.094s

Implementation:
- New `_run_phase(name, phase, ctx)` helper in `install/pipeline.py`
  wraps every `phase.run(ctx)` call. Verbose mode times the call
  with `time.perf_counter()` and emits one `verbose_detail` line
  per phase. Non-verbose mode short-circuits to a direct call -- the
  legacy code path, byte-for-byte.
- Replaces 9 inline `_*_phase.run(ctx)` call sites: resolve,
  policy_gate, targets, policy_target_check, download, integrate,
  cleanup, post_deps_local, finalize.
- Best-effort: timing-line emission is wrapped in
  `contextlib.suppress(Exception)` so a logger failure cannot mask
  the phase's real exception. The phase exception always propagates.
- The helper preserves return values (only `finalize` returns a
  non-None value -- the `InstallResult`).

Tests:
- New `tests/unit/install/test_phase_timing.py` covers non-verbose
  silence, verbose timing emission, return-value pass-through,
  exception-with-timing, logger-failure-doesn't-mask-phase-exception,
  and the `logger=None` defensive path.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Sequential BFS resolution was the dominant wall-clock cost for
trees with multiple sibling deps -- every download (or local-copy)
ran on the main thread and serialised on its own I/O. This converts
the BFS to a level-batched model where siblings at the same depth
fan out across a worker pool while every tree mutation stays on
the main thread.

Architecture (`apm_resolver.py`):
- BFS now drains one *depth level* per outer iteration, not one
  item.
- Phase A (main thread): for each item in the level, run dedup,
  the existing-node fast-path, depth-cap check, and node creation.
  Items that resolve here never reach the worker pool. The new
  node is appended to its parent's `children` immediately so the
  tree shape is fully visible before any I/O.
- Phase B (workers): `ThreadPoolExecutor.map` over the per-level
  work items. The worker (`_load_work_item`, lifted out of the
  loop body to keep ruff B023 happy) calls
  `_try_load_dependency_package` and returns
  `(item, loaded_pkg, exception)`. `executor.map` preserves
  submission order so Phase C is deterministic regardless of
  which worker finishes first.
- Phase C (main thread): iterate results in submission order,
  attach loaded packages onto their nodes, enqueue sub-deps via
  the existing `queued_keys` gate. All ordering -- node insertion,
  parent.children, next-level traversal -- is byte-identical to
  the legacy sequential path.

Thread safety:
- New `_download_lock` (`threading.Lock`) protects the resolver's
  shared dedup sets (`_downloaded_packages`,
  `_rejected_remote_local_keys`). The `_downloaded_packages` gate
  is now "check-and-reserve" under the lock so two workers racing
  on the same logical dep can't both pass and double-fetch. The
  reservation is released on download failure so a retry (or a
  different anchor with the same key) can try again.
- New `callback_lock` in `phases/resolve.py:download_callback`
  serialises mutations of `callback_downloaded`,
  `callback_failures`, `transitive_failures`, plus the inline
  logger emissions, so verbose-mode failure lines and resolving
  heartbeats don't interleave when multiple workers report.
- All locks wrap small critical sections only -- the heavy network
  / disk work runs OUTSIDE every lock.

Configuration:
- New `max_parallel` ctor arg on `APMDependencyResolver` (default
  `None`).
- Resolution order: explicit ctor arg > `APM_RESOLVE_PARALLEL`
  env var > `_DEFAULT_RESOLVE_PARALLEL` (4).
- `max_parallel=1` (or any value coerced to 1) skips the executor
  entirely and runs the legacy sequential code path. A parity test
  (`test_max_parallel_one_matches_default_resolver`) pins this.
- Invalid env values (non-integer) fall back to the default with a
  debug log line; `max_parallel=0` is clamped to 1.

Tests (`tests/unit/deps/test_apm_resolver_parallel.py`):
- Sequential / parallel parity on a 4-node graph.
- Determinism under randomized callback jitter (10 runs, identical
  node-insertion order).
- Shared transitive dep deduplicated to a single tree node;
  manifest declaration order decides which parent owns the edge.
- Soft-failure callback (`return None` for one dep) doesn't abort
  resolution -- placeholder package preserved.
- Env override + clamp behaviour.

7372 unit tests pass; ruff clean.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

F5 added '[..] in {N.N}s' to the post-install summary on every exit
path. Update the illustrative install summary lines in the policy
reference and the apm-guide governance skill so the examples match
what users now see, and so anyone copy-pasting the snippets into
docs/issues/PRs gets the new format.

Touched lines (5 in policy-reference, 4 in governance):
- '[+] Installed 4 APM dependencies, 2 MCP servers'
  -> '[+] Installed 4 APM dependencies, 2 MCP servers in 1.2s'
- '[+] Installed 4 APM dependencies'
  -> '[+] Installed 4 APM dependencies in 0.8s'

No semantic change to the surrounding policy/enforcement narratives.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…re flag (#1116)

Parallel level-batched BFS is the central resolution strategy (uv-inspired),
not an opt-in feature. Reframe all docstrings, comments, and the
APM_RESOLVE_PARALLEL env var as a diagnostic/parity-testing knob only.

The max_parallel=1 sequential path remains for parity tests that assert
identical ordering -- it is not a user-facing toggle.

No behavioural change; comments and docstrings only.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…#1116)

uv-inspired optimisation: when multiple subdirectory deps reference the
same upstream repository at the same ref (e.g. owner/repo/skills/X#main
and owner/repo/agents/Y#main), a single git clone is shared across all
consumers within one install run.

Design:
- SharedCloneCache keyed by (host, owner, repo, ref_or_None)
- First requester clones; subsequent waiters block on entry lock, then
  reuse the result
- Different refs never share (correctness over cleverness)
- Fail-closed: failures are not poison-cached; retries get fresh clones
- Per-run lifecycle: cache.cleanup() at end of resolve phase
- Thread-safe via per-key locks (compatible with F7 parallel BFS)
- Path security: ensure_path_within still runs on every subdir extraction

Non-goal (deferred): cross-project content-addressable cache at
~/.apm/cache/git/ -- different performance horizon.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

uv-inspired optimisation: validate_servers_exist and
check_servers_needing_installation now run per-server registry HTTP
lookups in parallel via a bounded ThreadPoolExecutor (cap 4, same as
F7 default).

Each registry call is independent; results are collected in submission
order via executor.map so downstream logic sees deterministic ordering.
The F4 heartbeat ('Looking up N servers...') already covers the right
work, so UX stays consistent.

Non-goal (deferred): HTTP cache (Cache-Control / ETag) for registry
responses.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Adds a content-addressable persistent cache for git repos and HTTP
responses to make warm installs near-instant and cold installs
substantially faster, while preserving full proxy / Artifactory
compatibility.

New package: src/apm_cli/cache/
  - paths.py:        platform cache root + APM_NO_CACHE / APM_CACHE_DIR
                     escape hatches with absolute-path validation
  - url_normalize.py: collapse equivalent git URLs (strip .git, lowercase
                     host, default ports, normalise scp-form to ssh) and
                     derive sha256 shard keys (16-char prefix for
                     Windows long-path safety)
  - locking.py:      per-shard file locks (filelock>=3.12) and atomic
                     landing protocol (stage -> lock -> TOCTOU recheck
                     -> os.replace)
  - integrity.py:    verify_checkout_sha() runs git rev-parse HEAD on
                     every cache hit; mismatch -> safe evict + refetch
  - git_cache.py:    two-tier git cache: db_v1/<digest>/ bare repos
                     (append-only fetch) + checkouts_v1/<digest>/<sha>/
                     per-revision sparse checkouts. ls-remote SHA
                     resolution before any checkout. Stats / prune /
                     clean for CLI surface.
  - http_cache.py:   conditional GET via ETag / Cache-Control with hard
                     caps (24h TTL, 100MB LRU eviction) to defend
                     against poisoned headers.

New module: src/apm_cli/utils/git_env.py
  Cached git binary lookup (avoid repeated PATH scans) plus env
  sanitisation that strips inherited GIT_DIR / GIT_WORK_TREE /
  GIT_INDEX_FILE / GIT_OBJECT_DIRECTORY / GIT_ALTERNATE_OBJECT_DIRECTORIES
  / GIT_COMMON_DIR while preserving GIT_SSH_COMMAND, GIT_ASKPASS,
  GIT_CONFIG_GLOBAL, GIT_CONFIG_SYSTEM, GIT_TERMINAL_PROMPT and the
  proxy / insteadOf settings that Artifactory and corporate proxies
  rely on.

New CLI: apm cache info | clean | prune

Integration:
  - github_downloader: cache-hit path before any clone; lockfile-pinned
                       SHAs short-circuit ls-remote.
  - install/phases/resolve: wires the persistent GitCache into the
                            resolution pipeline; APM_NO_CACHE bypasses;
                            --refresh ignores the cache for one run.
  - install command: --refresh flag plumbed through InstallContext.
  - pyproject: filelock>=3.12 added.

Security posture (per WS3 critique):
  - C1  integrity verify on every cache hit
  - H1  cache dirs created 0o700
  - H2  atomic landing with TOCTOU recheck under lock
  - H3  HTTP TTL cap + size cap regardless of upstream headers
  - B1/B2 per-shard locking (no global mutex contention)
  - B4/M1 URL normalisation collapses collision-prone variants
  - S4/M3 git env sanitised but proxy/SSH knobs preserved

Tests (66 new):
  test_url_normalize (12), test_locking (12), test_git_cache (9),
  test_http_cache (9), test_git_env (14), test_cache_cli (5),
  test_proxy_compat (5).

All 7449 unit tests pass; ruff clean.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Partial bare clones with --filter=blob:none left checkouts with empty
working trees (directories only, no file contents).  After
`git clone --local --shared --no-checkout` from such a bare repo
followed by `git checkout <sha>`, every blob lookup failed with
'unable to read sha1 file', leaving subdirectory deps with empty
target dirs and triggering 'Subdirectory is not a valid APM package'
during validation.

The cache extracts file content at checkout time, so all blobs must
be present locally; partial clones are not viable here.

Reproduced live against github/awesome-copilot/skills/review-and-refactor:
the cache was correctly hit, but the cached checkout's review-and-refactor
directory was empty, causing install to fail with 1 error.

After fix: cold install 5.7s (down from 9.5s baseline, 40% faster);
warm install 3.2s (down from 7.3s second-run baseline, 56% faster);
all 4 deps install cleanly.

Adds a regression test that asserts no --filter argument appears on
the bare clone command line, catching the failure mode without needing
a slow real-network test.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…1116)

The WS3 persistent cache was previously consulted only by the
subdirectory download path (`download_subdirectory_package`).  Whole-
repo deps still went through `_clone_with_fallback` on every install,
so warm installs paid the full git clone cost for every dependency
that wasn't a subdir slice.

This change consults the persistent cache from `download_package` as
well: when a cached checkout is present for the resolved SHA, files
are copied directly into the target (excluding `.git`) and validated.
On any failure (cache miss, validation mismatch, exception) the flow
falls through to the existing network clone path.

Measured against the perf-probe fixture (4 APM deps + 1 MCP server):

  baseline (pre-WS1):  cold 9.5s   warm 7.3s
  WS1+WS2 only:        cold 8.0s   warm 2.5s
  WS3 (subdir only):   cold 5.7s   warm 3.2s
  WS3 (full wiring):   cold 5.7s   warm 2.9s

Warm install is now dominated by the MCP registry lookup (~1.1s) and
ls-remote SHA resolution; further wins require HTTP-cache integration
on the registry client, which can land separately.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

The MCP registry lookup (validate_servers_exist + check_servers_needing_installation)
issues 2-3 HTTPS GETs per install, accounting for ~1.1s on warm runs even
when nothing else hits the network.  Wire SimpleRegistryClient through the
existing HttpCache so:

- Fresh entries (within Cache-Control max-age, capped at 24h) skip the
  network entirely.
- Expired entries send 'If-None-Match' and reuse the body on 304.
- APM_NO_CACHE bypasses the cache so users keep an explicit escape hatch.

Cache key includes sorted query params so paginated/search URLs stay
distinct.  All HTTP travel still goes through the requests Session, so
HTTPS_PROXY / NO_PROXY / Artifactory / corporate trust stores keep working.

Final perf vs baseline (4 APM deps + 1 MCP server fixture):

  cold:  9.5s -> 5.4s  (43% faster)
  warm:  7.3s -> 1.9s  (74% faster)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

- Disable colorama autoreset; all callers append Style.RESET_ALL
  explicitly, so per-write reset injection produced trailing
  '[0m[0m...' escape sequences at end of every install run.
- Fall back to resolver-callback SHA in CachedDependencySource when
  no lockfile exists yet, so cold-path install lines show '@<sha>'
  consistently with warm runs.
- Shorten unpinned-deps diagnostic to fit 80 cols without mid-word
  break of 'drift' through Rich console wrapping.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Address review-panel findings on the persistent cache layer:

Cache key + integrity:
- url_normalize: stop folding path case for self-hosted hosts
  (Gitea/GitLab/ADO are case-sensitive on path components, where
  collapsing case would cross-shard distinct repositories).
- integrity: replace 'git rev-parse' subprocess with direct
  '.git/HEAD' read. Handles dir / worktree-file / detached /
  packed-refs cases. Fail-closed on any OSError.

Subprocess robustness (Windows / NixOS / corp PATH):
- git_cache: route every git invocation through get_git_executable()
  + git_subprocess_env() default. Previously _bare_has_sha and
  integrity verification hardcoded 'git' and inherited unsanitized
  os.environ, causing silent cache misses when git was not on the
  bare PATH the subprocess saw.
- git_env: extend _STRIP_GIT_VARS with GIT_CEILING_DIRECTORIES,
  GIT_DISCOVERY_ACROSS_FILESYSTEM, GIT_REPLACE_REF_BASE,
  GIT_GRAFTS_FILE, GIT_SHALLOW_FILE so an outer git invocation
  cannot bias the cache layer's git.
- github_downloader: thread git_subprocess_env() + auth env to
  GitCache.get_checkout at both call sites (subdir + whole-repo)
  via new _git_env_dict() helper.

Lock + path containment:
- git_cache._ensure_bare_repo: lock-then-probe, ensure_path_within
  guards on bare_dir + staged paths, sanitised env default.
- git_cache._fetch_into_bare: split into outer-locking shell and
  _fetch_into_bare_locked inner body so callers that already hold
  the shard lock don't double-acquire.
- git_cache._create_checkout: ensure_path_within on
  checkouts_root/shard, final_dir, and staged.

HTTP cache hardening:
- http_cache.get: recompute sha256(body) on every read and compare
  to digest recorded at write time; mismatch evicts the entry and
  returns None (poisoning defense).
- http_cache.store: write meta + body into a staging directory,
  then atomic_land into the final entry path under the shard lock.
  body_sha256 added to meta.json. ensure_path_within on entry +
  staged paths.
- http_cache._entry_path: ensure_path_within at construction.
- registry.client._cached_get_json: bypass HTTP cache entirely
  when the session carries an Authorization header (caching
  authenticated responses risks cross-identity body leakage).

Tests:
- tests/unit/cache/test_git_cache.py: env-forwarding regression
  trap on _resolve_sha and the cache-miss path.
- tests/unit/cache/test_proxy_compat.py: assert ZERO subprocess
  calls on cache HIT (now possible since integrity is file-only).
- tests/integration/test_cache_lockfile_parity.py: byte-identical
  apm.lock.yaml across cold / warm / APM_NO_CACHE=1 regimes.
  Added to scripts/test-integration.sh runner.

Perf evidence (4 APM + 1 MCP fixture):
- Cold (empty cache): 5.3s
- Warm (cache hot):   1.6s
- Locked (lockfile):  1.8s
- 7455 unit tests pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…1116)

Introduces InstallTui controller — a deferred Live region that
aggregates per-dep progress across the resolve, download, and
integrate phases of 'apm install'. The controller no-ops when
APM_PROGRESS=never, when CI is set, or when the console is not a
TTY, so non-interactive runs see no behavioral change.

Key design choices:

- Lazy Rich imports inside _build_aggregate / _defer_start so
  non-animating installs never pay the import cost.
- 250 ms defer-show prevents UI flash on warm-cache installs.
- Per-key label tracking lets task_completed(key) drop the right
  label even when callers pass a human-readable label.
- Defensive try/except around Live start: a Rich init failure
  disables the controller instead of taking the install down.
- Two-phase enter/exit pattern in pipeline (around resolve, then
  around the post-resolve body) keeps existing 300+-line block
  indentation untouched.

Wires through:
- pipeline.py: ctx.tui = InstallTui(); start_phase before
  download/integrate; finally __exit__()
- phases/download.py: routes per-dep progress via task_started/
  completed/failed; downloader called with progress_obj=None
- phases/integrate.py: removes local Progress wrapper; for-loop
  body dedented
- phases/resolve.py: heartbeat callsite suppresses the static
  '[>] Resolving X' line when the TUI is animating
- sources.py: FreshDependencySource.progress now optional;
  parallel resolve emits task_started/completed via ctx.tui

Tests: 22 new InstallTui unit tests covering should_animate
matrix, deferred-start, no-op contract, label aggregation/overflow,
is_animating, and start_phase swap. Full unit suite 7516/7516.

…1116)

- Replace Rich BarColumn (uses Unicode U+2501) with custom
  _AsciiBarColumn that renders [####....] using only ASCII.
  Honors the encoding contract (.github/instructions/encoding.instructions.md).
- Wire task_completed/task_failed at every exit of resolve.py's
  download_callback so the active-set list shrinks as deps land
  and the aggregate phase bar advances during resolve.
- Clear stale labels in InstallTui.start_phase so the in-flight
  active set does not bleed across phase boundaries.

Verified:
- Lint clean, 7493 unit tests pass.
- Real-network reruns (4 APM deps + 1 MCP):
    cold  1.77s  (<= 5.5s budget; baseline 5.3s)
    warm  0.84s  (<= 2.0s budget; baseline 1.6s)
    locked 0.66s

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

#1116)

Acts on findings from the local apm-review-panel pass:

- Race between InstallTui.__exit__ and the Timer-thread _defer_start
  callback could leak an unowned Live region under fast installs at
  high CPU load. Add a _shutdown sentinel set under the lock in
  __exit__ and re-checked in _defer_start before publishing _live
  and calling .start(). Closes the TOCTOU window.
- Document APM_PROGRESS env var in 'apm install --help' so users
  hitting CI flicker or wanting to force progress have a
  discoverable knob (was source-only previously).
- Document multi-enter/exit lifecycle on InstallTui so the
  pipeline's two-window pattern is no longer implicit.
- Add concurrency test (8 threads parallel task lifecycle) +
  shutdown-sentinel test in tests/unit/test_install_tui.py.
- Add tests/unit/install/phases/test_resolve_tui_callbacks.py
  pinning the four task_completed/task_failed call sites in the
  resolve callback so a future refactor that drops one would fail.

Verified: lint clean, 7500 unit tests pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

…kouts

Two complementary tier-1 perf wins on the install hot path:

1. Copy-on-write file cloning (reflinks) on supported filesystems
   (APFS on macOS, btrfs/XFS on Linux). Replaces byte-by-byte copies
   in the cache->apm_modules and primitive integration steps with
   metadata-only clone operations. Transparent fallback to
   shutil.copy2 on unsupported filesystems via per-st_dev capability
   cache. APM_NO_REFLINK=1 escape hatch for diagnostics.

2. Cross-process write-deduplication for git cache checkouts. The
   shard lock is now acquired BEFORE staging any clone work, then
   the final shard is re-probed for existence + integrity. On a
   populated-and-valid hit we short-circuit with zero IO; concurrent
   processes racing the same SHA pay only ~1x the clone cost
   instead of Nx. Critical for CI matrix builds where multiple
   jobs hit the same uncached repo.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>