Mythos

gstack is a 🏷️#claude-code-skill pack by πŸ“Garry Tan (πŸ“Y Combinator President and CEO) that provides 35 specialized agent roles spanning product strategy, design, code review, πŸ“Quality Assurance (QA), security, and shipping. 68K+ πŸ“GitHub stars. πŸ“Massachusetts Institute of Technology (MIT) licensed.

Philosophy

gstack treats the AI agent as a virtual product team β€” CEO, designer, engineer, QA lead, security officer β€” each with opinionated methodology. The core ethos is "Boil the Lake" β€” go deep, search before building, respect user sovereignty. It catches "AI slop" in design output and enforces structural rigor in planning.

Skill Categories

Product & Strategy

  • /office-hours β€” YC-style product interrogation. Reframes your idea before you code
  • /plan-ceo-review β€” CEO-level strategic review of feature plans
  • /autoplan β€” auto-pipeline: CEO review β†’ design review β†’ eng review
  • /plan-eng-review β€” engineering architecture review (data flow, edge cases, tests)
  • /plan-design-review β€” design dimension scoring (rate 0-10, explain what 10 looks like)
  • /plan-devex-review β€” developer experience audit

Design

  • /design-consultation β€” build complete design system from scratch
  • /design-review β€” visual design audit + iterative fix loop
  • /design-shotgun β€” rapid visual design exploration (multiple variants)
  • /design-html β€” production-quality HTML/CSS generation

Code Quality & Review

  • /review β€” pre-landing PR review with specialist sub-reviews (security, perf, API, testing, maintainability)
  • /devex-review β€” developer experience review using real browser testing
  • /cso β€” Chief Security Officer mode. OWASP Top 10, STRIDE, supply chain, secrets archaeology
  • /benchmark β€” performance regression detection

QA & Testing

  • /qa β€” open real browser, find bugs, fix them, re-verify. Iterative
  • /qa-only β€” same as /qa but report-only, no code changes
  • /browse β€” headless browser commands (~100ms/command, real Chromium via Playwright)

Shipping & Deployment

  • /ship β€” full ship workflow: tests, review, VERSION bump, CHANGELOG, push, create PR
  • /land-and-deploy β€” merge, deploy, canary verify
  • /canary β€” post-deploy monitoring loop
  • /document-release β€” update docs to match what shipped

Safety & Guards

  • /careful β€” warns before destructive commands (rm -rf, DROP TABLE, force-push)
  • /freeze β€” locks edits to one directory
  • /guard β€” activates both careful + freeze

Meta

  • /retro β€” weekly retrospective with per-person breakdowns
  • /investigate β€” systematic root-cause debugging
  • /learn β€” log and retrieve operational learnings
  • /checkpoint β€” save/resume progress across sessions
  • /health β€” code quality dashboard (weighted composite 0-10 score)

Technical Requirements

  • Bun (JavaScript runtime) β€” required for building the headless browser binary
  • Playwright + Chromium β€” installed automatically during setup for browser-based QA

Security Profile

  • Telemetry is opt-in (off by default) β€” three tiers: off, anonymous, community. No code content or file paths are ever sent
  • No auto-update when installed without team mode β€” stays at the installed version
  • No data exfiltration β€” learnings stored locally at ~/.gstack/projects/
  • Destructive command guardrails (/careful, /freeze) are genuinely protective
  • State directory at ~/.gstack/ stores config, session markers, project learnings

Contexts

Created with πŸ’œ by One Inc | Copyright 2026