Example

From idea to shipped code in 4 commands

A full sprint in 4 commands. The agent pushes back, scopes down and ships what matters.

nanostack sprint

you

I need Stripe payments. Users should subscribe to a monthly plan.

❯ /think

agent

A full billing system (plans, invoices, failed payments, customer portal) is a 2-week project. A Checkout link with one webhook ships today.

How many users do you have? If pre-launch, validate willingness to pay first.

you

200 active users. Some asked about a pro plan.

agent

Real demand. Ship: Checkout + webhook that flips is_pro. Cancellations come free with Stripe. Build invoices and plan switching after 50 subscribers.

Scope: REDUCE.

you

Checkout + webhook. Let's go.

plan❯ /nano4 steps, 3 files. Checkout + webhook + access gate.

review❯ /reviewStructural clean. Webhook signature missing. Auto-fixed.

security❯ /securityWebhook verified. No secrets in code. Grade: A.

ship❯ /shipPR #18 created. CI passing. Journal saved.

See full examples → · How each phase works →

nanostack is an open-source engineering framework for AI coding agents. Out of the box, it runs a full sprint: scope, plan, build, review, test, audit, ship. Every phase produces an artifact that the next one reads. Create your own skills, add phases, run parallel sprints across agents.

The architecture

Skills that talk to each other

Each step saves what it found as an artifact — a JSON file with findings, decisions and context. The next step reads it. If the agent modified files that weren't in the plan, that's scope drift, and /review catches it.

Memory across sprints

Every sprint makes the next one faster. /compound saves what broke, what worked and how to prevent it. Solutions evolve: validated ones rank higher, each application adds to the evidence trail. /nano and /review search past solutions automatically, ranked by proven value.

Know where your tokens go

token-report.sh reads your Claude Code session logs and shows cost per session, per subagent, with cache-aware pricing and anomaly detection for runaway agents. See token usage →

Build on top

Create custom skills, add phases to the sprint, or change the default stack. nanostack is a framework, not a fixed pipeline. Create a skill →

Workflow

The sprint

A sprint is the full sequence: think, plan, build, review, test, audit, ship. Each phase produces a result that the next phase reads. At the end you have reviewed, audited, tested code ready to merge.

Under 15 minutes from idea to merged PR.

This is the default sprint. Add your own phases or create custom skills to change it.

/think→/nano→build→/review→/qa→/security→/ship

The sprint

skill	role	what they do
/think	Founder	Challenge the scope before building. Three thinking modes (Founder / Startup / Builder). Six diagnostic questions per mode.
/nano	Eng Manager	Plan the implementation. Auto-classifies scope (S/M/L). Generates product spec, tech spec, implementation plan. Searches past solutions before planning.
build	Developer	Agent implements. You review before shipping.
/review	Staff Eng	Two-pass code review. Scope drift detection (compares plan vs actual git diff). Cross-references /security findings.
/qa	QA Lead	Test it. Playwright for browser, curl for APIs, direct execution for CLIs. WTF-likelihood heuristic stops before making things worse.
/security	Sec Eng	OWASP Top 10 + STRIDE audit. Auto-detects stack. Graded A-F. By oktsec.
/ship	Release Eng	Create PR, verify CI, generate sprint journal. Shows how to see the result and suggests next features.

/review, /qa and /security support --quick, --standard, --thorough. Quick requires 9/10 confidence. Thorough flags at 3/10. All commands →

Safety

Guard

Security by oktsec

When an AI agent runs code in your project, it can make destructive mistakes. Guard catches them before they execute, suggests a safer alternative, and the agent retries automatically.

BLOCKED [G-007]

Category: history-destruction
Command: git push --force origin main

RESOLVED

Alternative: git push --force-with-lease
Fails if remote has changed since last fetch.

33 block rules (sample)

G-001rm -rf /mass-deletionG-007git push --forcehistory-destructionG-014DROP TABLEdatabase-destructionG-017kubectl deleteinfra-destructionG-023curl | shremote-code-executionG-026chmod 777security-degradationG-027--no-verifysafety-bypass

7 of 33. Plus 9 warn rules. Full list →

Four tiers (evaluated in order)

1.Allowlistgit status, ls, cat, jq → skip all checks

2.In-projectFiles inside current git repo → version control is the safety net

3.Phase-awareBlocks writes during read-only phases (parallel review, QA, security)

4.Pattern match33 block + 9 warn rules → deny-and-continue with safer alternative

Setup

Install

Sets up nanostack in your AI coding agent. Then run /nano-run to configure your project.

Does not modify your code.

Works with Claude Code · Cursor · Codex · Gemini CLI · Amp · Cline · OpenCode · Antigravity.

Alternative for Gemini CLI users

Options (for advanced users)

--host <agent>Target: claude, codex, cursor, opencode, gemini, auto--localProject-scoped install--renameAvoid naming collisions--listShow installed skills

Update

/nano-update

Requires: macOS, Linux, or Windows (Git Bash / WSL). No npm dependencies. Requires git and jq.

See it in action before installing →

Your turn.

Start with the default sprint. Build from there.

See full examples →View on GitHub