Governance Just Shipped as a Product Feature. Three Times. In One Week.

In the seven days between April 28 and May 4, 2026, three vendors with no shared roadmap shipped the same idea. Anthropic published the Agent Skills Framework. Figma released the FigJam MCP server with named workflows. Vercel launched Deepsec, an agent-driven security scanner. Different companies, different categories, different audiences. The underlying shape is identical.

Each release takes a domain that used to live in a senior practitioner’s head, encodes it into a structured agent workflow, and adds mandatory verification exits before the work is accepted. Governance stops being a compliance memo. It becomes a product surface, with a SKU and a price.

That is the procurement event. For the first time, governance is comparable on the spreadsheet.

What Each Vendor Actually Shipped

Addy Osmani’s Agent Skills post is the clearest articulation. A skill is a named, scoped procedure that ships with mandatory specs, mandatory tests, and what Osmani calls “anti-rationalization tables” that block the agent from declaring success on partial work. His framing is direct: “A senior engineer’s job is mostly the parts that don’t show up in the diff. Specs. Tests. Reviews. Scope discipline.” The skill makes those invisible parts executable. The verification exit is not a suggestion; the agent cannot continue without it.

Figma’s FigJam MCP server takes the same shape and applies it to the design surface. The figma-use-figjam skill exposes a generate_diagram tool and a generate-project-plan workflow. The recommended sequence is research, collaborate, implement. It runs against Claude Code, Cursor, and Copilot equally. What is interesting is not the diagrams; it is that Figma defined a three-step ritual and made the agent execute it in that order. The ritual is the product.

Vercel’s Deepsec is the third instance, this time in security. It runs Opus 4.7 and GPT-5.5 at maximum reasoning across up to 1,000 concurrent Vercel Sandboxes, with reported false-positive rates around 10 to 20 percent compared with the higher rates that pattern-matching SAST tools produce. One early user describes it as “the first tool that’s surfaced the kind of issues we’d actually want a security engineer to flag.” The verification exit there is the sandboxed reproduction. Deepsec does not just claim a vulnerability. It proves the path.

Three categories. Three vendors. One pattern.

The Pattern Underneath

Strip the marketing and the underlying architecture is consistent. Each product takes domain expertise that used to be tribal, makes it explicit, encodes it as a structured workflow, and refuses to accept agent output without a verification step. We described this shape last month in Skills as Modular Governance and traced its architectural implications in the Perplexity-Osmani debate. What was a thesis then is now a market.

The mechanics are the same across all three:

Named scope. A skill, a workflow, or a scan run is a unit with a name. It is not an open-ended chat. The agent enters a defined surface with defined inputs and defined exits.
Mandatory specs. Before work begins, the constraints are explicit. Skills carry specs. FigJam workflows carry research-first sequencing. Deepsec carries a sandboxed reproduction target.
Verification exits. The agent cannot self-certify completion. Tests must pass, reproductions must succeed, plans must be reviewed. The exit is gated by something the agent does not control.
Anti-rationalization. Osmani names this explicitly; Figma builds it into ritual order; Vercel builds it into sandbox proof. The pattern is the same. The agent is structurally prevented from declaring “good enough” on partial work.

This is what governance looks like when it is product, not policy. Policy says “thou shalt review.” Product says “the workflow refuses to advance until review happens.”

Why This Changes Procurement

Compliance teams have been buying governance for a decade. They have bought policy management software, audit trail vendors, and evidence collection platforms. None of those produced output that engineering or design or security teams used in their daily work. The teams who shipped the actual product treated governance as a separate workstream. Compliance wrote the documents; engineering ignored the documents.

When governance ships inside the agent runtime, that separation collapses. The skill is the workflow. The workflow is the governance. There is no “we will get to compliance later” because the agent will not finish without the verification exit. The procurement question changes from “do you have a governance program” to “which structured workflows do your teams use, and what verification exits do they enforce?”

That second question can go on a spreadsheet. Spreadsheets drive budgets.

A buyer evaluating three vendors can now compare:

Are skills versioned and reviewable, or are they black boxes?
What does the verification exit actually verify, and who defines it?
Can my team author skills, or am I locked into the vendor’s catalog?
What is the audit trail of skill executions, and is it exportable?
How does the skill registry interact with our existing identity layer?

These are the same questions enterprise procurement has asked about every category that grew up: container runtimes, secret managers, identity providers. The answers determine which vendor wins. Governance just joined that list.

The Four-Floor Building, One Floor Up

We argued in the four containment surfaces framework that compute, data, knowledge, and identity were the floors of an agent runtime building. Skills, MCP workflows, and structured scans are not a fifth floor. They are a layer that runs across all four. A Deepsec scan touches compute (sandbox), data (the codebase), knowledge (vulnerability patterns), and identity (who triggered the run). A Figma workflow touches the same surfaces inside the design system, which we already argued was governance infrastructure. A skill execution does the same in the engineering surface.

The four-floor building taught teams where containment lives. Productized governance teaches them how the work that runs inside the building is shaped. One enforces the perimeter. The other enforces the procedure.

What Buyers Should Do This Quarter

The question for any team running agents in production this quarter is whether their workflows have crossed from policy into product. There is a one-page test:

Pick one high-stakes workflow your agents already run. Code review, security triage, design generation, customer support escalation. Anything where wrong output costs money.

Write down the structure. Is the workflow named, scoped, and versioned? Or is it a system prompt and a hope?

Identify the verification exit. What must be true before the workflow accepts completion? Who or what enforces it? If the answer is “the agent decides,” there is no exit.

List the specs. What constraints does the workflow declare upfront? Are they reviewable artifacts, or invisible context?

Count the anti-rationalization checks. Where is the workflow structurally prevented from declaring premature success?

If three or more of those answers are “we don’t have that,” the workflow is policy with a chat interface. If three or more are “yes, here is the artifact,” it is starting to look like product.

The vendors who shipped this week did the work of making the pattern visible. The work for buyers is to ask whether their internal workflows look more like the productized version or the policy version. The first kind compounds. The second kind erodes.

The procurement spreadsheet just got a new column. Teams that wait for the column to settle will find their internal workflows competing with vendor SKUs that ship every week.

This analysis synthesizes Agent Skills (Addy Osmani, May 2026), FigJam Is Now Your Coding Agent’s Whiteboard Too (Figma, April 2026), and Introducing Deepsec (Vercel, May 2026).

Victorino Group helps enterprise teams evaluate productized governance layers and turn them into procurement criteria. Let’s talk.