gstack is an open-source (MIT) skill pack for agentic development, maintained at github.com/garrytan/gstack. It ships many slash-command workflows (e.g. /office-hours, /plan-ceo-review, /plan-eng-review, /review, /qa, /cso, /ship) designed to run a sprint in order: think → plan → build → review → test → ship → reflect. The upstream README is the source of the exact list of commands, which can change with releases.

Does gstack only work with Claude Code?

No. A setup script can install the same skills into multiple host environments, including OpenAI Codex CLI, Cursor, OpenCode, Factory Droid, Slate, Kiro, Hermes, and GBrain, under each product’s skills directory. See docs/ADDING_A_HOST.md in the repository.

What is OpenClaw’s relationship to gstack?

OpenClaw can spawn Claude Code sessions that already have gstack installed, so the same slash skills apply. The repo also documents ClawHub-native skills for a subset of methodology (office hours, CEO review, investigate, retro) for agents that do not use a Claude Code session. See docs/OPENCLAW.md.

How is gstack different from the ExplainX skills directory?

gstack is one opinionated monorepo and process; ExplainX is a directory of many skills from many authors. The underlying pattern is the same—structured, reusable agent instructions. Browse gstack-tagged skills at explainx.ai/skills/gstack, and see /blog/what-are-agent-skills-complete-guide for how skills work in general.

What about privacy and security?

The README states telemetry is opt-in and off by default, with anonymous metadata only if enabled, and that prompts and code are not sent. For browser automation, the project documents layered prompt-injection defenses in ARCHITECTURE.md; you must evaluate risk before use on untrusted pages or in regulated orgs—this blog is not a security audit.

gstack: Garry Tan’s open-source “software factory” for Claude Code (and nine other agents) | explainx.ai Blog

gstack is Garry Tan’s public release of a large, Claude Code-centric, multi-host skill stack: on the order of 23 specialist slash workflows, eight “power” tools, MIT license, no paywall. The README leads with a reproducible take on “logical” change and line counts (On the LOC Controversy) and with GitHub contribution density (2026 vs 2013) on the author’s own repositories—then argues for gstack as the sprint process he uses in the open.

This ExplainX note is a map, not a replacement for upstream docs. github.com/garrytan/gstack is canonical for install commands, slash names, and per-release features (for example the v0.19 CLIs mentioned in the README). Browse gstack on ExplainX: explainx.ai/skills/gstack (pre-filtered skills registry view).

The thesis

Turn a long chat into a repeatable sprint where the output of one slash skill feeds the next: think → plan → build → review → test → ship → reflect.

Upstream frames that as a process, not a grab bag of prompts. It overlaps the “skills compound if you chain them” idea in our agent skills guide, at YC-style cadence.

The skill map (at a glance)

Archetype	Examples (see latest README)
Product and planning	`/office-hours`, `/plan-ceo-review`, `/plan-eng-review`, `/plan-design-review`, `/plan-devex-review`, `/autoplan`
Design	`/design-consultation`, `/design-shotgun` → `/design-html` (Pretext-style responsive layout, framework detection—see docs)
Code quality	`/review` (Claude), `/codex` (OpenAI Codex CLI “second opinion” with multiple modes), `/investigate`
Runtime truth	`/qa` / `/qa-only`, `/browse`, `/open-gstack-browser`, `/setup-browser-cookies`
Security	`/cso` (OWASP + STRIDE, per upstream copy)
Release	`/ship`, `/land-and-deploy`, `/canary`, `/benchmark`, `/document-release`
Meta	`/retro`, `/learn`, optional checkpoint mode with `/context-restore`, `/gstack-upgrade`
Safety	`/careful`, `/freeze`, `/guard`, `/unfreeze`
Multi-agent	`/pair-agent` (shared GStack Browser with tab isolation, optional remote use—see docs)

Philosophy per skill: docs/skills.md. Builder framing: ETHOS.md.

How you install it

Solo — shallow clone into ~/.claude/skills/gstack, run ./setup, add a CLAUDE.md gstack block that (a) routes web work through /browse and (b) lists slash commands. The long canonical list is only in the upstream README; do not copy stale lists from blogs.
Team — gstack-team-init in required or optional mode commits .claude/ metadata so peers auto-install; setup --team plus silent hourly update checks.
OpenClaw — spawn Claude Code with gstack loaded, or use ClawHub “native” skills for a subset. See docs/OPENCLAW.md.
Other coding agents — ./setup --host <name> to install under paths such as ~/.codex/skills/, ~/.cursor/skills/, and others listed in the README. Extending a host: docs/ADDING_A_HOST.md.

Requirements (per README): Claude Code, Git, Bun 1+; Windows also Node (Playwright + Bun pipe issue—upstream documents fallback to Node).

Design, browser automation, and security

Shotgun → HTML — variant mockups (the README cites GPT Image-class generation in places), a browser comparison board, and gstack-taste-update to persist what you keep vs reject.
Browse stack — GStack Browser with a sidebar mini-agent, $B handoff for MFA or CAPTCHAs, and a substantial prompt-injection story (classifiers, canary tokens, optional heavier ensemble, kill-switch env vars).

Before you aim this at untrusted pages or a compliance boundary, read ARCHITECTURE.md and BROWSER.md. This post is not a security audit.

Parallel sprints, CLIs, and ecosystem

Conductor and the README’s “10–15 parallel sprints” are presented as a human coordination layer on many isolated Claude Code sessions: process tames agent proliferation, not the reverse.
CLIs (the README cites v0.19+): gstack-model-benchmark (Claude, GPT, Gemini; --dry-run to validate), gstack-taste-update (persist design shotgun taste).
/codex is a cross-model second opinion on the same diffs as /review, with overlap/unique-finding analysis when both have run.
Checkpoint mode (opt-in) auto-commits WIP with structured [gstack-context]; /ship is documented to squash or filter WIP commits in a bisect-safe way (see the README).

Privacy and telemetry (per README)

Default off; first run asks. If enabled, only skill name, duration, success, version, OS.
Never (claimed in README): code, file paths, prompts, branch names.
Supabase + edge functions; schema in supabase/migrations/. Local gstack-analytics on JSONL.

A minimal “try it” path

Install per Install — 30 seconds.
Run /office-hours on a real user pain, not a feature wish list.
Run /review on a real branch.
If it clicks, add /qa on a staging URL, then /ship.

Hiring (upstream README): Y Combinator — software (not affiliated with ExplainX; listed for completeness).

gstack: Garry Tan’s open-source “software factory” for Claude Code (and nine other agents)

The thesis

The skill map (at a glance)

How you install it

Design, browser automation, and security

Parallel sprints, CLIs, and ecosystem

Privacy and telemetry (per README)

A minimal “try it” path

Read next (ExplainX)

Related posts

Claude Code /ultrareview: a cloud “bug-hunting fleet” before you merge (research preview)

When Claude Code wobbles on Pro: what a 2026 pricing test says about token limits and the cost of building with AI

Interpretability, monitoring, and what teams can do without solving alignment