gstack Mastery Guide

This is where every new idea should start. gstack asks you 6 forcing questions designed to cut through vague thinking and expose whether your idea has real demand. It has two modes:

Startup mode — challenges you on demand reality, the status quo your users tolerate, how desperate users are for a solution, the narrowest possible wedge to start with, observations others have missed, and future-fit.

Builder mode — for side projects, hackathons, and learning. More exploratory, less pressure-testing.

Thinks like a product leader: "What's the 10-star version hiding inside this request?" Has 4 modes:

Expansion — go bigger, find the hidden opportunity
Selective Expansion — expand some parts, hold others
Hold Scope — keep it exactly as specified
Reduction — cut it down to the absolute minimum viable version

Outputs a Markdown plan document that becomes the source of truth for what gets built.

Locks down the technical architecture: data models, API structure, file organization, edge cases, error handling, and what tests need to be written. Produces architecture diagrams and a technical spec.

This is what prevents the "I built it but it's a mess" problem. The eng review creates a blueprint that the build phase follows.

Opens your live site and audits it the way a Stripe or Linear designer would — with immediate, opinionated visual reactions. Covers an 80-item checklist across 10 categories: typography, spacing, hierarchy, color, responsive design, interaction states, motion, content quality, and AI Slop Detection.

Outputs two headline scores: Design Score and AI Slop Score (letter grades A–F). Also extracts your Inferred Design System from the live CSS — fonts, colors, spacing scale — and can save it as DESIGN.md.

Report only — never touches your code. Use /qa-design-review when you want it to fix what it finds.

Reviews your plan through a developer experience lens: API ergonomics, onboarding friction, documentation needs, tooling setup, and local dev workflow. Has multiple interactive modes to target specific DX concerns.

Catches problems that will slow down future developers (including yourself) before you've built the wrong thing.

Chains CEO Review → Design Review → Eng Review automatically. Pauses at key decision points for your approval, so you stay in control without manually calling each command.

This is the "I trust the process, just run it" button for planning.

Builds your design system from scratch: researches the competitive space, proposes a visual direction, defines typography, colors, spacing, component patterns, and creative risks. Outputs a DESIGN.md file that becomes your design source of truth.

Generates multiple visual variants side-by-side so you can compare directions. Instead of getting one design and tweaking it 50 times, you see 3-4 options at once and pick the best one.

Takes approved mockups, CEO plans, design reviews, or a from-scratch brief and generates production-quality Pretext-native HTML. Text reflows on resize, heights adjust to content, and the skill auto-routes to the right API per design type.

Includes framework detection — if your project is React, Svelte, or Vue, it emits idiomatic component code instead of raw HTML.

Live-site visual audit + fix loop. Runs the same 80-item audit as /plan-design-review (typography, spacing, hierarchy, color, AI Slop Detection), then enters a fix loop: locates the source file for each finding, makes the minimal CSS change, and commits with style(design): FINDING-NNN.

One commit per fix, before/after screenshots, fully bisectable. CSS-only changes get a free pass; component JSX edits count against a self-regulation risk budget (hard cap 30 fixes).

Note: the current upstream skill that fixes design issues. The older /qa-design-review name is the legacy alias — both folders may co-exist transitionally.

A thorough code review that looks for bugs, security issues, performance problems, edge cases, and style inconsistencies. It doesn't just point things out — it catches bugs that /ship then verifies are fixed.

Think of it as the "experienced developer looking over the junior developer's shoulder" step.

Runs a threat model on your code: injection attacks, authentication holes, data exposure, CSRF, XSS, and more. Thinks like a hacker trying to break your app.

An overall code quality health check. Scans the codebase for technical debt, code smells, outdated dependencies, missing tests, and structural issues. Think of it as a routine checkup rather than a targeted review of recent changes.

A live developer experience audit — runs real tests of your local dev setup, CLI tools, build process, and onboarding flow. Unlike /plan-devex-review (which reviews plans), this reviews actual running code and tools.

Tests the "getting started" journey from scratch, identifies friction points a new developer would hit, and suggests concrete fixes.

The breakthrough skill. /qa opens a real Chromium browser, navigates to your app, takes screenshots, clicks buttons, fills forms, and verifies things actually work. When it finds a bug, it doesn't just report it — it fixes the code, writes a regression test, and verifies the fix.

This was Garry Tan's "massive unlock" — Claude saying "I SEE THE ISSUE" and then actually fixing it live.

Same as /qa but only reports issues without fixing them. Use this when you want a clean bug report without Claude modifying your code.

Runs the same 80-item visual audit as /plan-design-review, then fixes what it finds. For each design finding it locates the source file, makes the minimal CSS/styling change, commits with style(design): FINDING-NNN, re-navigates to verify, and takes before/after screenshots. One atomic commit per fix — fully bisectable.

CSS-only changes get a free pass. Changes to component JSX/TSX count against a risk budget. Hard cap at 30 fixes; if risk score exceeds 20% it stops and asks.

Performance testing — measures load times, response times, memory usage, and identifies bottlenecks.

Pushes your code as a pull request. Handles git operations, commit messages, PR descriptions. Verifies that review issues were actually fixed before allowing the push.

Merges the PR and deploys to production. Handles the actual deployment pipeline.

Monitors the deployment for errors after it goes live. Watches logs, error rates, and performance metrics to catch problems early.

One-time deployment pipeline configuration. Sets up the connection between your repository and your hosting platform so that /ship and /land-and-deploy work correctly for your project.

Guides you through selecting your hosting provider, configuring environment variables, and verifying the deploy pipeline end-to-end.

Read-only snapshot of the workspace-aware ship queue. Shows which version slots are claimed and which sibling workspaces have WIP — critical when running 5–10 Conductor workspaces in parallel and you don't want two of them claiming the same version number.

Doesn't modify anything. Pure visibility into "who is shipping what right now" across the whole cluster.

Runs a retrospective on what just happened: what went well, what didn't, what to change. Stores learnings so future sessions benefit.

Generates release notes, changelogs, and documentation for what was shipped. Keeps your project's documentation up to date automatically.

One command from zero to "GBrain is running and my agent can call it." Detects current state, asks at most three questions, walks through install, init, MCP registration for Claude Code, and per-repo trust policy.

Per-remote trust triad: every repo gets a policy — read-write (search + write back), read-only (search but never contaminate), or deny. Set once per repo, sticky across worktrees and branches. Critical for multi-client consultants who don't want Client A's code leaking into Client B's brain.

Sub-flags: --switch (migrate PGLite ↔ Supabase, lossless), --repo (re-prompt trust policy for current repo), --cleanup-orphans (delete abandoned Supabase projects), --resume-provision <ref> (recover from interrupted provision).

Terminal-level controls for syncing your ~/.gstack/ state (learnings, plans, retros, design docs, developer profile) to a private git repo. Different from GBrain itself — this is the gstack memory layer that becomes indexable by GBrain when both are on.

gstack-brain-init — turns ~/.gstack/ into a git repo, pushes initial commit, writes the URL-only marker file (safe to copy between machines).

gstack-brain-restore — on a new machine, after copying ~/.gstack-brain-remote.txt over, this clones and rehydrates everything.

gstack-brain-sync --status — last successful push, pending queue depth, sync blocks, current privacy mode.

gstack-brain-uninstall — removes .git and .brain-* config; never touches your learnings, plans, or retros. Add --delete-remote to also delete the private GitHub repo.

Privacy modes: off, artifacts-only (plans + designs + retros + learnings, skip behavioral data), full (everything in the allowlist). Set with gstack-config set gbrain_sync_mode <mode>.

Secret protection: every commit is scanned before leaving your machine — AWS keys, GitHub tokens, OpenAI keys, PEM blocks, JWTs, and bearer tokens are all blocked. If a scan hits, sync stops and the queue is preserved.

Refreshes GBrain against the current repo's code and teaches the agent when to prefer gbrain search / code-def over Grep. Idempotent — safe to re-run anytime.

Without this, GBrain's index drifts behind your code and the agent falls back to slow grep when a fast semantic search exists. Run after big merges, refactors, or whenever search results feel stale.

Activates warnings before any destructive operation: rm -rf (delete everything), DROP TABLE (destroy database), git reset --hard (lose all changes), force-push (overwrite remote code). Claude will stop and ask you to confirm before running these.

Restricts all file edits to a single directory. If Claude tries to edit files outside that boundary, it's blocked. Essential when debugging — prevents Claude from "fixing" unrelated code while investigating a specific module.

Combo command that turns on both safety guardrails at once. Maximum protection.

Removes the directory lock so Claude can edit files anywhere again.

Opens a persistent, high-performance Chromium session (~100-200ms per command). Claude can navigate pages, take screenshots, verify layouts, check console errors, and interact with web pages. Used by /qa under the hood.

Launches gstack's AI-controlled Chromium browser with a visible sidebar agent. Unlike /browse (which is headless), this opens a browser window you can see — with Claude's controls visible in a sidebar next to the page.

Supports anti-bot stealth mode and can import cookies from your existing browser for authenticated sessions.

Auto-detects installed Chromium browsers (Chrome, Arc, Brave, Edge), decrypts cookies via the macOS Keychain, and loads them into the Playwright session. Interactive picker UI lets you choose which domains to import — cookie values never displayed. Or skip the UI by passing a domain directly.

Pull structured data from a web page. First call prototypes the extraction interactively via the $B browser primitive — Claude figures out the selectors and shape live. Subsequent calls matching the same intent run a codified browser-skill in ~200ms.

The two-phase flow turns one-off scraping into reusable, fast pipelines: prototype once, run forever.

Walks back through your conversation, finds the most recent /scrape prototype, and synthesizes a script + test + fixture. Runs the test to verify, then asks before committing.

This is how exploratory browser work becomes durable infrastructure. After /skillify, the same scrape runs in milliseconds without an LLM in the loop.

Manage what gstack has learned across sessions. You can:

Review — see all stored patterns
Search — find specific learnings
Prune — remove outdated or wrong learnings
Export — save your learnings to share with others

This is how gstack avoids making the same mistake twice. Every other skill auto-searches your learnings before recommending — when a past insight applies, it surfaces as "Prior learning applied". After /retro captures learnings, /learn lets you manage them.

Saves the working context — git state, decisions made, remaining work — so a future session can resume from the same point. Not just a TODO list: captures the why behind in-progress choices so the next session doesn't have to re-derive them.

Resumes from a saved context — even across Conductor workspace handoffs. Pairs with /context-save to make multi-session work feel continuous instead of starting cold each time.

Self-tunes the sensitivity of AskUserQuestion prompts across all plan/review skills. Mark questions as never-ask (you've decided), always-ask (high-stakes, never auto-resolve), or only-for-one-way (only interrupt for irreversible decisions).

This is the lever for prompt fatigue. Run after /autoplan if it's stopping you on the same questions over and over.

Independent review from OpenAI Codex CLI. Runs against the same diff that /review saw, but with a different training distribution — catches what Claude misses. Three modes:

Review — codex review against current diff; classifies findings P1/P2/P3; any P1 = FAIL. Fully independent (Codex doesn't see Claude's review).
Challenge — adversarial mode at maximum reasoning effort (xhigh); pen-tests your logic.
Consult — open conversation with session continuity for follow-ups.

Cross-model analysis: when both /review and /codex have run, shows overlap (high confidence), unique-to-Codex, and unique-to-Claude — "two doctors, same patient."

Upgrades gstack to the latest version. Fetches updates from the official repository, applies them to your local install, and reports what changed.

Run this periodically to get new skills, bug fixes, and improvements as the project evolves.

Side-by-side cross-model benchmark for skills — Claude vs GPT vs Gemini on the same prompt. Measures latency, tokens, and cost; optionally adds an LLM-judged quality score.

Distinct from /benchmark (which measures site performance). This is for deciding which model to route a skill to, or for evaluating a new model release before swapping defaults.

Turn any markdown file into a publication-quality PDF — proper margins, page numbers, cover pages, clickable table of contents. Pairs naturally with the markdown artifacts gstack produces (retros, design docs, learning exports, release notes).

Deep-dive investigation into a specific issue or module. Automatically freezes to the module being investigated so Claude doesn't accidentally change unrelated code while digging into a problem.

Saves the current state of your work so you can safely pause and resume later. Documents what's been completed, what's in progress, and what comes next — giving the next session full context to pick up exactly where you left off.

Enables cross-vendor browser sharing — lets multiple AI agents (Claude, GPT-4, Gemini, etc.) share the same browser session. One agent can hand off a browser context to another without losing state.

Powers advanced multi-agent workflows where different AI models collaborate on the same task, each contributing what they're best at.