The Garry Tan Stack: A Definitive Guide to gstack

TL;DR: gstack is Garry Tan’s open-source collection of 23+ Claude Code skills that turns one person into a virtual engineering team — think, plan, build, review, test, ship, reflect. Tan used it to write 600,000 lines of production code in 60 days while running YC full-time. It now has 65K+ GitHub stars and I’ve been using it myself; the /cso security skill alone found three real vulnerabilities in my codebase in 20 minutes.

Garry Tan is the CEO of Y Combinator — the startup accelerator that launched Airbnb, Dropbox, Stripe, Coinbase, and hundreds of the biggest tech companies in the world. He’s not a typical CEO. He was an early designer and engineering manager at Palantir, co-founded the blogging startup Posterous (sold to Twitter), and in 2013 single-handedly built Bookface, YC’s internal social network.

In March 2026, he open-sourced something that broke the internet: gstack.

In 60 days, using the system he was about to share publicly, Garry had written over 600,000 lines of production code — 35% tests — while holding down the full-time job of running the world’s most powerful startup accelerator. His last 7-day retro clocked 140,751 lines added, 362 commits, ~115,000 net lines. Not by a team. By one person, part-time.

One CTO texted him after installing it: “Your gstack is crazy. This is like god mode. Your eng review discovered a subtle cross-site scripting attack that I don’t even think my team is aware of.”

At SXSW 2026, Tan told the audience he had “cyber psychosis” and was barely sleeping. “I don’t need modafinil with this revolution. I’m up. I slept at 4am. I woke up at 8am. I wanted to sleep more, but I couldn’t because: Let’s see what’s going on with the 10 workers.”

This is the definitive breakdown of what gstack is, how it works, and why it matters for founders. Updated April 2026 to reflect major changes since launch.

What gstack Has Become Since Launch

When this article first ran in March 2026, gstack had 34,000 stars and 21 skills. Six weeks later: 65,000+ stars, 8,900+ forks, and 23+ skills. The project is moving fast.

Here’s what’s new since we wrote this:

Team mode (v0.15.7) — gstack now has a proper shared-repo install. Every developer installs globally, and updates propagate automatically with no vendored files and no version drift. gstack-team-init detects and removes any accidental vendored copies. This was the missing piece for engineering teams, not just solo founders.

Native OpenClaw integration (v0.15.9-10) — Four methodology skills now live directly in OpenClaw: gstack-openclaw-office-hours, gstack-openclaw-ceo-review, gstack-openclaw-investigate, and gstack-openclaw-retro. No Claude Code session required. You talk to your agent and it runs gstack workflows conversationally. Install from ClawHub:

clawhub install gstack-openclaw-office-hours gstack-openclaw-ceo-review gstack-openclaw-investigate gstack-openclaw-retro

/ship re-run verification (v0.15.10) — /ship now re-executes all verification checks when re-run. The release cycle tightened.

Security wave (v0.15.7-13) — 14+ security fixes across multiple PRs, 8 contributors, OWASP-class fixes. Ironic given gstack’s /cso skill exists to catch this stuff, but also proof the open-source community is taking it seriously.

Multi-agent platform expansion (v0.15.5) — gstack now supports 8 coding agents: Claude Code, Codex CLI, OpenCode, Cursor, Factory Droid, Slate, Kiro, and more via ./setup --host auto. The SKILL.md standard is becoming a genuine cross-agent format.

/learn — persistent memory — New skill that manages what gstack learned across sessions. Patterns, pitfalls, and preferences compound over time. gstack gets smarter on your specific codebase the longer you use it.

I’ve Been Using It Too

I’m Cat. I run BestSelf Co and Little Might. I started using gstack shortly after this piece ran, and I’m a convert.

My take after six weeks: the /cso security skill alone is worth the install. I ran it on a project I’d been building for two months and it found three real issues in 20 minutes. Not theoretical — actual OWASP-class findings with concrete exploit scenarios.

The other thing that surprised me: /retro global across all my AI tools. I didn’t realize how much I was paying for in parallel Claude and Codex sessions until I saw it laid out as a weekly line item.

Cat's tweet about gstack — obsessed with it

My tweet from April 2, 2026 — yes, I’m genuinely using this.

What Is gstack?

gstack is an open-source collection of 23+ Claude Code skills — structured slash commands — that turn a single AI coding session into a virtual engineering team you actually manage.

Not a copilot. Not autocomplete. A team.

Here’s the full breakdown (updated to current):

Skill	Role	What They Do
`/office-hours`	YC Office Hours	Reframes your product before you write a line of code
`/plan-ceo-review`	CEO / Founder	Finds the 10-star product hiding inside your feature request
`/plan-eng-review`	Eng Manager	ASCII diagrams, data flow, edge cases, test matrix
`/plan-design-review`	Senior Designer	Rates design 0-10, edits the plan to hit 10
`/plan-devex-review`	DX Lead	Interactive DX audit — 20-45 forcing questions on developer experience
`/design-consultation`	Design Partner	Full design system from scratch, mockups, DESIGN.md
`/design-shotgun`	Design Explorer	Multiple visual variants, comparison board in browser
`/design-html`	Design Engineer	Production-quality HTML with Pretext — text actually reflows
`/autoplan`	Review Pipeline	One command: CEO → design → eng review automatically
`/review`	Staff Engineer	Catches bugs that pass CI but blow up in production
`/investigate`	Debugger	Root-cause analysis, iron law: no fixes without investigation
`/design-review`	Designer Who Codes	Audits design, commits fixes, before/after screenshots
`/devex-review`	DX Tester	Live DX audit — tests your actual onboarding, times TTHW
`/qa`	QA Lead	Opens a real browser, clicks through your app, fixes bugs
`/qa-only`	QA Reporter	Bug report only, no code changes
`/cso`	Chief Security Officer	OWASP Top 10 + STRIDE threat model, 8/10+ confidence gate
`/ship`	Release Engineer	Sync main, run tests, push, open PR — one command
`/land-and-deploy`	Release Engineer	Merge PR, wait for CI, verify production health
`/canary`	SRE	Post-deploy monitoring for console errors and regressions
`/benchmark`	Performance Engineer	Page load, Core Web Vitals, before/after comparison
`/document-release`	Technical Writer	Updates all docs to match what you just shipped
`/retro`	Eng Manager	Weekly retro with per-person stats, trends, `/retro global` across all AI tools
`/browse`	QA Engineer	Real Chromium browser, real clicks, real screenshots
`/setup-browser-cookies`	Session Manager	Import cookies for authenticated testing
`/learn`	Memory	Manages cross-session learnings — gstack gets smarter on your codebase
`/codex`	Second Opinion	Independent review from OpenAI Codex CLI, cross-model analysis
`/careful`	Safety Guardrails	Warns before destructive commands
`/freeze`	Edit Lock	Restrict file edits to one directory while debugging
`/guard`	Full Safety	`/careful` + `/freeze` in one command

The Philosophy: A Sprint, Not a Pile of Commands

gstack isn’t just a collection of prompts. It’s a process — ordered the way a real sprint runs:

Think → Plan → Build → Review → Test → Ship → Reflect

Each step feeds the next. /office-hours writes a design doc that /plan-ceo-review reads. /plan-eng-review writes a test plan that /qa picks up. /review catches bugs that /ship verifies are fixed. Nothing falls through because every skill knows what came before it.

The real unlock: once you have the process, you can run 10-15 of these sprints in parallel — different features, different branches, different agents — all at once. That’s how Tan ships 10,000+ lines per day while being a CEO.

The Numbers That Made Everyone Stop

People dismissed AI coding assistants as fancy autocomplete. Then Garry showed his GitHub contribution graph.

2026 (with gstack): 1,237 contributions in under 90 days.
2013 (building Bookface solo): 772 contributions, full year.

Same person. Same skills. The difference is the tooling.

The math is blunt: 600,000 lines in 60 days = 10,000 lines per day, part-time, while running YC. His previous best (building Bookface in 2013) was with full focus and a full team.

And in the six weeks since launch: 65,270 stars and 8,922 forks. Engineers don’t star repos they don’t find useful.

The `/office-hours` Moment — Why This Is Different

Most coding tools start with code. gstack starts with the problem.

/office-hours asks six forcing questions: what’s the actual pain (specific examples, not hypotheticals)? Who loses? Why hasn’t this been built? What’s the smallest version that proves it works?

When Tan demoed it at SXSW, the example was a user who said: “I want to build a daily briefing app for my calendar.”

The agent’s response:

“I’m going to push back on the framing. You said ‘daily briefing app.’ But what you actually described is a personal chief of staff AI.”

It then extracted 5 capabilities the user didn’t realize they were describing, challenged 4 premises, generated 3 implementation approaches with effort estimates, and recommended shipping the narrowest wedge first.

That’s not autocomplete. That’s a cofounder who isn’t afraid to tell you you’re building the wrong thing.

The Controversy

Not everyone loved it. TechCrunch noted the backlash from developers who argued it was “vibe coding at scale” — the risk of shipping 600,000 lines you don’t fully understand.

The criticism is real. AI-generated code at velocity means bugs that pass CI can still blow up in production. The XSS attack the CTO’s team didn’t know about — gstack found it, but it existed in their repo presumably because of fast AI coding in the first place.

Tan’s answer to this is baked into the system: /review specifically hunts for production-class bugs that automated tests miss. /careful and /guard add safety rails before destructive commands. And /ship bootstraps test frameworks and runs coverage audits — enforcing the rule that 35% of Tan’s 600k lines were tests.

The community security wave (v0.15.7-13) shows the project taking this seriously: 14+ security fixes merged in a single week, with 8 external contributors finding and fixing issues. The tool that finds your security bugs now has its own security bugs found and fixed by the community.

The philosophy: don’t slow down, but build in the QA discipline that makes speed safe. Structure replaces supervision.

The SKILL.md Standard — Now Running on 8 Agents

One underrated aspect of gstack: it’s not Claude-only, and it’s getting less Claude-specific every week.

The skills are built on the SKILL.md standard — a portable format that works across 8 AI coding agents:

Agent	Flag	Skills install to
Claude Code	(default)	`~/.claude/skills/gstack-*/`
OpenAI Codex CLI	`--host codex`	`~/.codex/skills/gstack-*/`
OpenCode	`--host opencode`	`~/.config/opencode/skills/gstack-*/`
Cursor	`--host cursor`	`~/.cursor/skills/gstack-*/`
Factory Droid	`--host factory`	`~/.factory/skills/gstack-*/`
Slate	`--host slate`	`~/.slate/skills/gstack-*/`
Kiro	`--host kiro`	`~/.kiro/skills/gstack-*/`
OpenClaw	via ClawHub	conversational, no Claude Code session needed

# Auto-detect which agents you have
git clone --single-branch --depth 1 https://github.com/garrytan/gstack.git ~/gstack
cd ~/gstack && ./setup

This matters for founders running multi-agent setups. The same sprint workflow runs on whichever agent is best for the job.

How to Install gstack in 30 Seconds

Requirements: Claude Code, Git, Bun v1.0+, Node.js (Windows only)

Individual install

Open Claude Code and paste this — Claude does the rest:

Install gstack: run git clone --single-branch --depth 1 https://github.com/garrytan/gstack.git ~/.claude/skills/gstack && cd ~/.claude/skills/gstack && ./setup then add a “gstack” section to CLAUDE.md that lists the available skills.

Team mode (recommended for shared repos)

# Each developer installs globally:
cd ~/.claude/skills/gstack && ./setup --team

# Bootstrap your repo once so teammates get it automatically:
cd <your-repo>
~/.claude/skills/gstack/bin/gstack-team-init required
git add .claude/ CLAUDE.md && git commit -m "require gstack for AI-assisted work"

No vendored files in your repo, no version drift, auto-updates every session.

Start here: /office-hours — describe what you’re building. Don’t touch code yet. Let it reframe the problem first.

What It Means for Founders

Garry Tan isn’t a solo developer playing around. He’s the CEO of an institution that has shaped the modern startup economy — and he’s using this to ship production code, in parallel, as a side activity to his actual job.

The implications:

The 10-person startup is compressing to 1-2. Garry’s explicit claim: “I was able to re-create my startup that took $10 million in VC capital and 10 people.” That cost compression isn’t incremental.
Velocity advantage is now a skill. Founders who can work this way will outship their competitors without proportionally more people. The bottleneck shifts from “can we build this” to “can we decide what to build.”
The SKILL.md ecosystem is emerging. gstack is one implementation, but the standard it uses is becoming a platform. Agent-native tools, workflows, and shared skill libraries are the new app stores.
YC’s bar is about to rise. When the CEO of YC can personally validate that a startup’s tech approach is sound by running /review on their repo, the bar for “we have engineers” is changing.
Teams aren’t exempt. Team mode wasn’t in the original launch. It’s here now because solo founders who got hooked brought gstack to their teams. The skills are already in engineering org CLAUDE.md files at real companies.

The GitHub Repo

→ garrytan/gstack (65,000+ stars, MIT license, free)

65,270 stars and counting as of April 6, 2026. 8,922 forks. 23+ skills. A community security wave that merged 14 fixes in a week.

The README is one of the best pieces of founder writing from 2026. Worth reading in full even if you never install the tool — it’s a vision statement for where software development is going.

What is Claude Code? — The foundation. gstack runs on top of Claude Code, so start here if you’re new.
Claude Code Skills — The SKILL.md standard gstack is built on, explained.
AI Agent Use Cases for Founders — If gstack’s use cases resonate, this is the next read.

Garry Tan is President & CEO of Y Combinator. gstack is open source, MIT license, available free at github.com/garrytan/gstack. Originally published March 21, 2026, updated April 6, 2026.