Try it on a tiny project first. Nothing to lose.

Five small practice projects you can run on your own computer. Pick the one closest to you, follow along, and watch nanostack plan, check, and finish real work. No risk to anything you care about.

Starter Todo

Tiny app. Default sprint. Local artifacts only.

What this proves

  • The default seven-phase sprint runs end to end on a real app.
  • Each phase writes a structured artifact under .nanostack/.
  • /review and /security run before /qa, so QA exercises a checked build.

What Nanostack checks

  • Plan vs diff scope drift before review approves.
  • Auth, secret, and injection patterns through /security.
  • Real running behavior through /qa with screenshots when relevant.
Open starter-todo on GitHub →
Run it locally
npx create-nanostack

Detects your agent and installs the skills.

/nano-run

Run inside your agent to configure the project.

.nanostack/what each phase saves
think.jsonwedge, user, premise.
plan.jsonfiles, risks, checks.
review.jsonscope drift and structural findings.
security.jsonOWASP/STRIDE findings and grade.
qa.jsonchecks against the running app.
ship.jsonPR, CI state, sprint journal.

Saved locally, resolved through bin/resolve.sh. Runtime path covered by the opt-in E2E workflow.

compliance-release is a custom workflow stack, not an app: three new phases wired in front of /ship with phase_graph. When you are ready to build your own, read the custom stack guide →