CodeDocs Vault

00 — Purpose, Problem, Target

What this project is

claude-for-financial-services is a reference catalogue of LLM agents, skills, slash commands, and data connectors targeted at financial-services workflows (investment banking, equity research, private equity, wealth management, fund admin, KYC operations).

It is not a runtime. Nothing here is a daemon, web service, or model. It is a content distribution repo — markdown system prompts, JSON manifests, YAML deploy templates, and a handful of Python/Bash glue scripts — that ships into two distinct execution environments from a single source of truth.

The README states the thesis directly (README.md:5):

Everything here is available two ways from one source: install it as a Claude Cowork plugin, or deploy it through the Claude Managed Agents API behind your own workflow engine. Same system prompt, same skills — you choose where it runs.

Problems it solves

  1. Bespoke FSI workflows are usually re-implemented per firm. Every investment bank has its own DCF template, every fund admin has its own break-tracing playbook. The repo offers vetted starting points (system prompt + skill methodology + connectors) so a firm doesn't begin from a blank canvas.
  2. Two delivery surfaces, one definition. Claude Cowork (interactive, per-user IDE-style sessions) and Claude Managed Agents (POST /v1/agents, headless, orchestrated by the firm's workflow engine) both consume the same files. Drift between the two is enforced by scripts/check.py:114-131 and scripts/sync-agent-skills.py.
  3. Skill reuse without copy-paste rot. Skills are authored once under plugins/vertical-plugins/<vertical>/skills/<skill>/ and synced into agent plugins under plugins/agent-plugins/<slug>/skills/<skill>/. Drift is a CI failure (scripts/check.py:127-131).
  4. A defensible default for prompt-injection-prone workflows. Several agents read counterparty/onboarding/transcript documents authored by outsiders. The repo's managed-agent split (untrusted-reader, trusted-orchestrator, write-only-resolver) is the recommended template for that risk, with example schemas and an external validator (scripts/validate.py).
  5. A reference event loop for cross-agent handoffs. scripts/orchestrate.py is a 90-line example showing how handoff_request blobs in agent output become steering events to other deployed agents — including the security argument for why allowlisting and schema validation are mandatory at that boundary.
  6. An admin tool for the Microsoft 365 add-in. claude-for-msft-365-install/ is a separate side-tool that wires the Claude Office add-in to a tenant's own LLM cloud (Vertex / Bedrock / Foundry / gateway).

Who it's for

Three intersecting audiences:

Audience What they take from the repo
FSI firms (banks, asset managers, fund admins) evaluating Claude as a workflow primitive A library of starting agents to fork: DCF/LBO modeling, KYC, GL reconciliation, LP statements, pitch books, equity research notes
Platform/infra teams deploying agents headlessly The managed-agent-cookbooks/ tier — per-agent agent.yaml, leaf-worker subagents, security tier table, handoff protocol, and a deploy harness
IT admins rolling out the Claude Office add-in claude-for-msft-365-install/ — Vertex/Bedrock/Foundry/gateway provisioning, Entra admin consent, manifest generation, per-user config via Microsoft Graph

What's in the repo

plugins/
  agent-plugins/                # 10 self-contained workflow agents (Cowork plugins + Managed-Agent sources)
  vertical-plugins/             # 7 verticals — skill source-of-truth, slash commands, MCP connectors
  partner-built/                # 2 partner plugins (LSEG, S&P Global)
managed-agent-cookbooks/        # 10 cookbooks — agent.yaml + subagents/*.yaml + steering examples + README
claude-for-msft-365-install/    # 6 commands wizarding the Office add-in setup
scripts/                        # check.py, validate.py, orchestrate.py, sync-agent-skills.py, deploy-managed-agent.sh, test-cookbooks.sh
.claude-plugin/marketplace.json # Marketplace registration for all the above plugins
.github/workflows/              # Secret + internal-reference scan

Important framing — what these agents don't do

The README opens with a hard scope statement (README.md:7-8):

Nothing in this repository constitutes investment, legal, tax, or accounting advice. These agents draft analyst work product — models, memos, research notes, reconciliations — for review by a qualified professional. They do not make investment recommendations, execute transactions, bind risk, post to a ledger, or approve onboarding; every output is staged for human sign-off.

This shows up everywhere as a design constraint: agent system prompts say "stop and surface for review", "no ledger posting", "this agent recommends, the compliance officer decides" — see plugins/agent-plugins/kyc-screener/agents/kyc-screener.md:25-28 and plugins/agent-plugins/gl-reconciler/agents/gl-reconciler.md:27-29.

The repo is, in effect, an opinion about where in the regulated workflow Claude should sit: draft, never decide.