NewNo coding experience? Start here →

For people building with AI who aren't engineers

Build with AI. Know it's actually good.

Your AI agent writes the code. Nanostack runs the checks a real team would: is the plan right, is the code solid, is it safe, does it actually work. Then it tells you the answer in plain words. You stay in control without reading a line of code.

GitHub
/think

you   users keep missing replies. I need notifications.

agent One question first: how do they cope today?

you   they open the app 3-4 times a day to check.

agent So they already come back. Two ways to attack this:

a) full notification system, weeks of work

b) a red dot that says "something new", ships today

recommendation: ship the dot, measure, then decide.

✓ brief saved · /nano reads it next

  • Free and open source
  • Runs on your computer
  • Works with the AI agent you have
  • No Nanostack cloud

Works with the AI coding agents you already use: Claude Code · Cursor · OpenAI Codex · OpenCode · Gemini CLI.
Those five have a verified adapter in this repo. The skills are plain text, so other agents can load them too.

What it does for you

Your AI can write the code. Knowing it's good is the hard part.

When a company ships software, it is never one person. Someone decides what is worth building, someone reviews the work, someone makes sure it is safe, someone tests it. On your own with AI, you skip all of that. Nanostack puts it back: it runs those same checks and tells you the result in plain words, so you decide what happens next.

It plans before it builds

Before writing anything, your AI questions the idea and finds the smallest version worth building. So you do not spend a week on the wrong thing.

It checks its own work

A review for mistakes, a safety check, and a real test that uses the thing. Each step leaves a short note you can read, not a wall of code.

You stay in control

Everything is saved as plain files on your computer, and nothing about your work leaves it. You read a short summary at each step and decide what is next. Building something custom? See the framework →

See it work

Watch an idea become finished, checked work.

One request, from idea to pull request. Each phase saves what it found, and the next phase reads it.

This is the default sprint. Add your own phases or create custom skills to extend it.

Product discovery

It asks before it plans.

You describe what you want in your own words. The agent asks one question at a time and narrows the request to the smallest version worth shipping.

/think

youI need Stripe payments. Monthly plans.

agentOne question first: is this your first revenue?

youyes. a few people asked for it.

agentThen skip the billing system. Checkout plus one webhook ships this week.

brief saved · /nano reads it next

/review, /security and /qa support --quick, --standard, --thorough. All commands → · See full examples →

Safety

Guard catches risky actions before they run.

Security by oktsec

Guard evaluates commands before the agent executes them. Block rules run before the allowlist, so a safe binary with a dangerous argument still gets stopped.

guard

$ git push --force origin main

BLOCKED [G-007] history destruction on a protected branch

safer: git push --force-with-lease

$ git push --force-with-lease

Everything up-to-date

guard/rules.json5 of the block rules
rm -rf /Mass deletion of root or wide paths.
git push --forceHistory destruction on protected branches.
DROP TABLEDatabase destruction without an explicit WHERE guard.
curl | shRemote code execution through pipe-to-shell.
--no-verifySafety bypass on commit and push hooks.

Full block and warn rules →

guard · try it

These are the 36 block and 9 warn patterns from guard/rules.json, evaluated in your browser in the product's order: block, allowlist, warn.

Same patterns, same order as the real hook. The difference: here the verdict is a demo; on your machine, on hosts with hook support, it fires before the command executes.

Six tiers, evaluated in order
1.Block rulesMass deletion, history destruction, database drops, remote code execution, secret reads, safety bypasses.
2.AllowlistSafe commands such as git status, ls, cat, and jq continue only after block rules clear.
3.In-projectRepo-local changes stay inside the project boundary.
4.Phase-aware concurrencyRead-only phases block writes, including registered custom phases.
5.Phase gateCommit and push wait for fresh review, security, and qa artifacts where host enforcement supports it.
6.Budget gateOptional sprint budget stops non-allowlisted work when the threshold is reached.

File writes go through their own hook: protected paths, credential files, and system secret directories are blocked after resolving symlinks. Safe templates such as .env.example stay usable.

Hard blocking depends on the host. Claude Code can enforce through hooks. Other verified adapters may run the same workflow as guided instructions or reported checks, depending on their capability file. The source of truth is adapters/<host>.json in the repo.

Architecture

Evidence moves the sprint forward.

Each phase writes a structured artifact. The next phase reads it through the resolver. New artifacts carry an integrity hash, so strict consumers can refuse to read a corrupted upstream.

Structured artifacts

Every phase writes JSON under .nanostack/. New artifacts carry a SHA-256 integrity field. Schemas catch malformed outputs before downstream phases depend on them.

Trust-aware reads

find-artifact.sh can verify integrity, and strict consumers can require it with --require-integrity. Legacy artifacts are marked instead of silently pretending to be structured evidence.

Resolver as the context gateway

Every skill starts with resolve.sh. It returns upstream artifacts, past solutions, config, phase_context, routing.trust, and upstream_status in one JSON object.

Graph-aware custom phases

Custom phases declare dependencies in phase_graph. Session state, next-step output, conductor scheduling, guard concurrency, journals, analytics, and discard all read the same graph.

Local memory across sprints

/compound and sprint journals turn solved problems into reusable knowledge, still stored locally under .nanostack/. /nano and /review search past solutions before planning.

Framework

Build your own workflow stack.

Nanostack is not only the default sprint. It is a framework for adding phases that match how your team ships.

Start with one custom skill
bin/create-skill.sh license-audit --concurrency read --depends-on build
bin/check-custom-skill.sh .nanostack/skills/license-audit

The skill can save artifacts, read upstream context, appear in journals and analytics, and be scheduled by the conductor. resolve.sh returns phase_kind: "custom", and upstream artifacts are driven by depends_on or phase_graph.

Then wire multiple skills into a stack

The compliance-release example adds /license-audit, /privacy-check, and /release-readiness before /ship. It is not a certification product. It is a worked example of a domain workflow with contract checks and runtime E2E coverage.

49 static contract checks. A 15-cell, 51-assertion runtime harness in the opt-in E2E workflow.

Framework overview → · Create your first skill → · EXTENDING.md →

Try it free

Start on a tiny project. Nothing to lose.

Each example runs the default sprint on a tiny app. Start with what you know, then move up.

examplebest forwhat it proves
starter-todoif you're brand newA full run on a tiny to-do app. The gentlest start.
cli-notesif you like the terminalPlan, test, review, and ship a small command-line tool.
api-healthcheckif you build backendsChecks a real web service and confirms it answers.
static-landingif you build websitesReviews a landing page and confirms it still looks right.
compliance-releasefor developersA custom workflow with license, privacy, and release checks. Advanced, not a starter app.

starter-todo

Best for
if you're brand new
What it proves
A full run on a tiny to-do app. The gentlest start.

cli-notes

Best for
if you like the terminal
What it proves
Plan, test, review, and ship a small command-line tool.

api-healthcheck

Best for
if you build backends
What it proves
Checks a real web service and confirms it answers.

static-landing

Best for
if you build websites
What it proves
Reviews a landing page and confirms it still looks right.

compliance-release

Best for
for developers
What it proves
A custom workflow with license, privacy, and release checks. Advanced, not a starter app.

See full examples →

Setup

Install

Install

Detects your agents, installs the skills, and runs setup. Then run /nano-run in your agent to configure the project.

Does not modify your code.

Targets: claude, codex, cursor, opencode, gemini, auto.

Alternative for Gemini CLI users
Options (for advanced users)
--host <agent>Pick a specific target: claude, codex, cursor, opencode, gemini, auto.--localProject-scoped install.--renameAvoid naming collisions with existing skills.--listShow installed skills.
Update
/nano-update

Requires macOS, Linux, or Windows through Git Bash or WSL. Requires git and jq. The installer itself is run through npx.

See it in action before installing →

Privacy

No Nanostack cloud.

By default, sprint artifacts, plans, journals, and know-how stay under .nanostack/ on your machine. Nanostack does not send your code, prompts, project names, or file paths to a Nanostack server.

Your AI agent provider may still process the context you give it. Use your provider's privacy settings and your own data policies for sensitive work.

/think supports local_only, private, and public search modes, so sensitive ideas do not require public web search.

Telemetry is opt-in and limited to aggregate usage events. If enabled, it is documented in TELEMETRY.md.

This applies to the Nanostack tool. This website itself loads standard analytics and web fonts.

Start building with a safety net.

One command, 30 seconds. Works with the AI agent you already use.

View on GitHub See examples →EXTENDING.md →
copied!