provectus-governance

Governed by Design — Provectus Agentic Governance Demo

A workshop demo for CCW NYC (June 16, 2026) showing how a regulated enterprise can safely empower its people with agentic AI — by shipping governance with capability through a private Claude plugin marketplace.

One-line story: Anthropic gives enterprises powerful agents and the primitives to govern them; Provectus encodes its expertise into a private, governed plugin marketplace so a regulated enterprise can safely empower everyone — engineers and business staff alike — and prove it to their CISO.

Two faces of one demo

Face	Surface	What it shows
1 — Engineer cut	Claude Code (CLI)	Hard enforcement — a PreToolUse hook blocks an off-policy action live and audits it (un-bypassable, even in YOLO mode).
2 — Business/Exec cut	Claude Cowork / Desktop	Governance by distribution & design — admin-curated private marketplace, required plugin, opinionated guardrails, OTel audit trail.

Honesty note: PreToolUse hooks are hard-enforced in Claude Code but not in Cowork. This demo is deliberately accurate about where each control lives — that distinction is the consulting expertise on display.

Status

✅ Ready to run. The plugin and marketplace validate clean and the hook tests pass. See REPLICATION.md to reproduce the demo on your own machine in about 5 minutes — no AWS account required.

What's in here

plugins/provectus-governance/    the governance plugin (charter, hooks, skills)
.claude-plugin/marketplace.json  local marketplace catalog that ships the plugin
demo-sandbox/                    a throwaway repo to run the demo against
walkthroughs/                    walkthroughs for the two demo "faces"
REPLICATION.md                   step-by-step to run it yourself

Runs without an AWS account

The live demo is fully local / Anthropic-native. AWS (Bedrock, OTel→SIEM, Cedar/AVP runtime authorization) is the production-scale chapter, shown only on request.