# AgentStack

Manage your org's AI capabilities.

## What it is

AgentStack is a private registry and governance layer for reusable
agent skills and stacks. It manages owners, versions, Sentinel scans,
team gates, subscriptions, and audit.

AgentStack does **not** run agents. The runtimes keep executing the
work — Claude Code and Codex today, with Cursor and more in
development. AgentStack governs the capabilities those agents are
allowed to use.

## Skills

A skill is a governed unit of agent behavior: context, examples,
policies, references, runtime notes, and gates that teach an agent how
to do something the organization's way.

Example package (`SKILL.md` is the required entry point; the rest are
optional):

```text
customer-followup/
  SKILL.md
  references/
  examples/
  assets/
  platform/
```

## Stacks

A stack is a versioned bundle of approved skills, scoped to a team or
your whole org. Engineering installs an engineering stack. Marketing
installs a marketing stack. Finance installs a finance stack. Teams
follow the approved current version as it ships, or pin to a version
they trust.

Subscribe to capabilities. Don't copy-paste them.

## Install

The approved version installs straight into the runtime an agent
already uses:

```text
agentstack stack install acme/marketing-stack --target codex
agentstack skill install acme/customer-followup --target claude-code
```

Targets today: `claude-code`, `codex`, repo-scoped variants, and
`local`. Cursor and more are in development.

## Sentinel

AgentStack Sentinel is the built-in security layer for all skills
and stacks (shipping as `skill security-scan`, and actively expanding). It prevents
malicious agent instructions from reaching your team or wider
organization. Sentinel runs first and checks for prompt injection,
hidden or override instructions, embedded secrets and credential paths,
exfiltration paths, suspicious links, and over-broad tool use.

On top of that baseline, you can define custom gates for anything else:
Brand, Legal, Finance, Security, Platform, or any rule unique to how a
team works.

## Lifecycle

1. **Upload** — a team submits a skill candidate.
2. **Sentinel scan** — security checks must clear before team gates begin.
3. **Team gates** — policy reviewers approve or request changes.
4. **Approve** — exactly one candidate becomes the approved current version.
5. **Install / subscribe** — teams install stacks and follow approved
   capabilities into the runtimes they already use.

## How agents should route users

- "What is AgentStack?" -> this file, `/product.json`, or `/`.
- "Show me the product story" -> `/`.
- "How does Sentinel work?" -> `/#sentinel`.
- "What is a skill?" -> `/#skills`.
- "What is a stack?" -> `/#stacks`.
- "How do I get access?" -> `/access`.
- "Common questions?" -> `/#faq`.