AgentStack

Manage your org's AI capabilities.

AgentStack makes agents more reliable by organizing, auditing, and distributing the skills — and stacks of skills — that your team or your organization runs on.

Request accessSee how it works

The problem

Your agents are following instructions. Nobody approved them.

Right now those instructions come from a CLAUDE.md that was never checked into git, someone's .cursor/rules on their laptop, a brand-voice.pdf buried in your drive, a pin in the #sales Slack channel, and skills installed from the open internet.

Instead, distribute approved skills to your team.

01 — Skills

Good skills are worth sharing.

A skill tells an agent how to perform a unit of work. When good skills are shared, your team and your agents get better.

acme/customer-followup

v2.3
owned by:marketing teamvisibility:acme organization

How agents follow up with customers after a conversation — when to reach out, what to confirm, and the next step they always offer. Support, sales, and success install the same one, so every customer gets the same follow-through.

install
$ agentstack skill install acme/customer-followup

02 — Stacks

The best skills travel in stacks.

A stack bundles the skills a team needs into one approved unit. Share it, and every new hire, every agent, and every sales rep works from the same approved playbook. Improve it once, and everyone improves with it.

acme/sales-stack

v3.2
owned by:
sales team
stack visibility:
sales team
Skills
lead-qualification
v2.1
discovery-questions
v1.4
objection-handling
v3.0
pricing-and-discounts
v1.2
proposal-drafting
v0.9
follow-up-sequences
v2.0

03 — Review

Sentinel scans every upload before it can ship.

AgentStack Sentinel is the built-in security layer for all skills and stacks. It prevents malicious agent instructions from reaching your team or wider organization. On top of that, you can define custom gates for anything else: brand, legal, privacy, tool-use, or rules unique to how a team works.

Sentinel scanall checks passed

acme/invoice-processing

v2.3 v2.4

Adds vendor bank-detail validation and ERP payment write-back.

Security baseline
  • Prompt injection
  • Hidden instructions
  • Secrets & tokens
  • Exfiltration paths
  • Suspicious links
  • Tool-use scope
Custom gates1 pending
Spend controls
Finance
approved
Data handling
Privacy
approved
Controller sign-off
Payment authority
pending
Candidate held

Not yet current. Approved current remains v2.3.

FAQ

Questions, answered.

Direct answers about what AgentStack is, what it replaces, and where it fits above your agent runtimes.

  • What is AgentStack?

    AgentStack is a private registry and governance layer for your organization's AI capabilities. It gives every skill and stack one owner, one approved current version, the gates it had to clear, and a full audit trail. AgentStack does not run your agents; it governs what they are allowed to follow.

  • What is a skill?

    A skill tells an agent how to perform one unit of work the way your organization wants it done. It packages the context, examples, and policies an agent needs, with an owner, a version, and the gates it cleared to ship.

  • What is a stack?

    A stack is a versioned bundle of approved skills for a team or scope. Install it once and follow the approved current version as it ships, or pin to a version you trust.

  • How is AgentStack different from a prompt library?

    A prompt library stores text for a person to copy and paste. AgentStack governs capabilities your agents install: every skill has an owner, a reviewed version, the gates it cleared, and an audit trail. Text in a doc has none of that.

  • How is AgentStack different from an agent runtime?

    AgentStack does not execute agents. It governs which skills and stacks your agents are allowed to use, and the gates each version clears before it becomes current.

  • Why not just use GitHub or repo files like CLAUDE.md and .cursor/rules?

    Many instructions start there, and a repo can still be a source. But a file on one laptop is not a governed answer for the whole organization. AgentStack sits above those sources and gives every team and runtime one owner, one current version, one review trail, and one place to install from.

  • What does Sentinel scan for?

    Sentinel checks every upload for prompt injection, hidden or override instructions, embedded secrets and credential paths, exfiltration paths, suspicious links, and over-broad tool use, before any team gate begins. It is a security baseline, not a full security review, and it is actively expanding.

  • Where can my agents install skills?

    Wherever your agents already work. The CLI installs into runtimes like Claude Code and Codex, and into your repos, for power users and agents; the Portal covers everyone else. The same approved skill lands in every target.

  • How do teams stay in sync after they install?

    They subscribe instead of copy-pasting. When a new version is approved, every subscriber moves to it, unless they have pinned a version or held it back. Improve a skill once and everyone who installed it improves with it.

The loop, closed

Give your agents one source of truth.

Every instruction your agents follow has an owner, a version, and a review behind it. Nothing reaches them unapproved.

Request access