01 — Tech Stack
There is essentially no source code shipping at runtime — the artifacts are markdown and JSON/YAML manifests interpreted by Claude Code / Cowork / the Managed Agents API. The languages below are for the tooling that builds, validates, and deploys those manifests.
Languages
| Language | Where it shows up | Why this choice |
|---|---|---|
| Markdown | All system prompts (agents/<slug>.md), all skill bodies (skills/*/SKILL.md), all slash commands (commands/*.md), all docs |
Markdown is Claude's instruction format; the file is the prompt. No build step. |
| YAML | managed-agent-cookbooks/*/agent.yaml and subagents/*.yaml |
Human-friendly manifest with ${ENV_VAR} substitution; the deploy script transcodes to JSON before posting. |
| JSON | marketplace.json, plugin.json, steering-examples.json, .mcp.json |
Plugin/marketplace registration formats fixed by Claude Code. |
| Python 3 | scripts/check.py, scripts/validate.py, scripts/orchestrate.py, scripts/sync-agent-skills.py |
Lightweight glue for linting, schema validation, the reference event loop, and skill-bundle sync. |
| Bash | scripts/deploy-managed-agent.sh, scripts/test-cookbooks.sh |
A pipeline of curl / jq / python3 -c calls — Bash is enough; no need for a heavier orchestrator. |
| Node.js (mjs) | claude-for-msft-365-install/scripts/build-manifest.mjs (140 lines) |
The Microsoft 365 add-in toolchain expects the Office manifest builder; this is a thin wrapper. |
| YAML frontmatter inside .md | The first 3-4 lines of every agent and skill markdown file | Standard Claude Code skill/agent metadata format — name, description, optional tools list. |
Key dependencies
Python (used by scripts/)
pyyaml # YAML loading for manifests + frontmatter (check.py:21, deploy-managed-agent.sh:35, validate.py:18)
jsonschema # Schema validation in orchestrate.py + validate.py (orchestrate.py:21, validate.py:14)
anthropic # SDK for the Managed Agents preview endpoint (orchestrate.py:20)
There is no requirements.txt at repo root; the scripts assert imports inline and exit with an actionable error (check.py:19-23):
try:
import yaml
except ImportError:
print("ERROR: requires pyyaml (pip install pyyaml)", file=sys.stderr)
sys.exit(2)One skill (
plugins/agent-plugins/pitch-agent/skills/dcf-model/) carries its ownrequirements.txtandscripts/recalc.py— that's runtime support for headless.xlsxrecalculation via LibreOffice (referenced inSKILL.md:801-841). It is Claude's runtime, not the deploy pipeline's.
Bash / shell tools
scripts/deploy-managed-agent.sh:34-35 asserts jq and python3 + pyyaml. The script also uses curl, zip, and standard POSIX utilities. The CI (.github/workflows/secret-scan.yml) installs gitleaks v8.28.0 with a pinned SHA-256.
Claude / Anthropic platform
The repo runs on top of three Anthropic APIs / surfaces:
| Surface | API path / mechanism | Beta header | Used by |
|---|---|---|---|
| Claude Code / Cowork plugins | Local marketplace install | n/a | marketplace.json + every .claude-plugin/plugin.json |
| Managed Agents | POST /v1/agents, POST /v1/agents/sessions/.../steer, SSE stream |
managed-agents-2026-04-01 |
scripts/deploy-managed-agent.sh:29, scripts/orchestrate.py:68-82 |
| Skills upload | POST /v1/skills (multipart) |
skills-2025-10-02 |
scripts/deploy-managed-agent.sh:73 |
| MCP (Model Context Protocol) | HTTP endpoints | per-server | plugins/vertical-plugins/financial-analysis/.mcp.json, partner manifests |
MCP connectors (data plane)
The financial-analysis vertical centralizes 11 third-party MCP servers in one .mcp.json. Quoted from plugins/vertical-plugins/financial-analysis/.mcp.json:
| Provider | URL |
|---|---|
| Daloopa | https://mcp.daloopa.com/server/mcp |
| Morningstar | https://mcp.morningstar.com/mcp |
| S&P Global / Kensho | https://kfinance.kensho.com/integrations/mcp |
| FactSet | https://mcp.factset.com/mcp |
| Moody's | https://api.moodys.com/genai-ready-data/m1/mcp |
| MT Newswires | https://vast-mcp.blueskyapi.com/mtnewswires |
| Aiera | https://mcp-pub.aiera.com |
| LSEG | https://api.analytics.lseg.com/lfa/mcp |
| PitchBook | https://premium.mcp.pitchbook.com/mcp |
| Chronograph | https://ai.chronograph.pe/mcp |
| Egnyte | https://mcp-server.egnyte.com/mcp |
The managed-agent variant injects MCP URLs from environment variables (agent.yaml has ${CAPIQ_MCP_URL}, ${DALOOPA_MCP_URL}, etc.) so different deployments can point at different vendors or internal proxies. scripts/deploy-managed-agent.sh:43-51 whitelists ${VAR} values to [A-Za-z0-9._/:@-] to prevent shell-injection from a hostile env value.
Why these choices (where it's apparent)
- No build step. "Everything is file-based — markdown and JSON, no build step." (
README.md:99). The repo is editable in any text editor and ships as-is to the marketplace. - YAML for manifests, JSON for outputs. YAML is human-friendly and supports comments + env-var substitution. JSON is what
POST /v1/agentsconsumes. The deploy script bridges withpython3 -c 'import yaml,json; json.dump(yaml.safe_load(...))'(deploy-managed-agent.sh:36-52). - Bash +
jqinstead of a Python deploy CLI. The script is a series of curl-and-transform steps, naturally expressed as a pipeline. It would be longer in Python without being clearer. pyyaml+jsonschemaonly. Validation is a CI tier-zero concern —check.pyblocks merges;orchestrate.pyandvalidate.pyre-use the same schemas at runtime.anthropicSDK inorchestrate.py— usesclient.beta.agents.sessions.stream(...)and.steer(...)with a# type: ignore[attr-defined](orchestrate.py:68,79) because the Managed Agents endpoint is preview and the SDK type stubs lag.
Repo-wide invariants
These are mechanically enforced:
| Invariant | Enforced by |
|---|---|
| Every YAML manifest parses | check.py:41-47 |
| Every JSON manifest parses | check.py:49-61 |
Every agent-plugins/<slug>/agents/<slug>.md has frontmatter with name + description |
check.py:64-77 |
Every system.file, skills.path, callable_agents.manifest resolves to a real file |
check.py:81-112 |
Every bundled skill in agent-plugins/<slug>/skills/ matches its source in vertical-plugins/<vertical>/skills/ byte-for-byte |
check.py:114-131 (filecmp.dircmp) |
Every agent.md reference to a back-tick-skill-name is bundled |
check.py:134-143 (regex r"([a-z0-9]+(?:-[a-z0-9]+)+)") |
Marketplace source paths point at directories with a real plugin.json |
check.py:146-150 |
Every cookbook directory has the three required files (agent.yaml, README.md, steering-examples.json) |
check.py:153-158 |
| No internal Anthropic references in committed files | .github/workflows/secret-scan.yml:25-32 |
| No leaked secrets | .github/workflows/secret-scan.yml:18-24 (gitleaks) |
Resolved POST bodies are well-formed, depth-1, non-empty system, no output_schema leaks |
scripts/test-cookbooks.sh |
This level of structural enforcement is unusual for a content-only repo — it's there because the failure mode of a stale skill bundle isn't a build error, it's an agent silently using outdated guidance in production.