How to Choose gstack Slash Commands by Team Size in Claude Code — Startup 5-Command & Enterprise Layered CLAUDE.md Practical Templates

Garry Tan — early investor in Airbnb and Stripe, and CEO of Y Combinator — has open-sourced his actual development workflow. This slash command pack, called gstack, surpassed 10,000 stars within 48 hours of going public on GitHub and currently holds over 50,000 stars as of April 2026. The developer community's explosive response was driven by the ability to summon 28 roles — CEO, designer, senior engineer, security officer, QA lead, and more — with a single /command.

There is a problem, however. gstack originated from a solo developer's workflow, and the number of commands rapidly grew from 9 to 28. If a 3-person startup and a 200-person enterprise both install and use it the same way, confusion comes before efficiency. This article is aimed at developers already using Claude Code or considering adoption, and provides guidance on selecting gstack command subsets by team size along with CLAUDE.md design strategies, complete with practical templates.

If you're new to Claude Code, reading the Claude Code official documentation first will help you gain a deeper understanding of the content in this article.

What Is gstack, and Why Should You Use It Alongside CLAUDE.md?

gstack: A Slash Command Pack That Summons a Role-Based Virtual Team

gstack is a role-based slash command pack defined as markdown files in Claude Code's .claude/commands/ directory. When you enter /command, the prompt from that file is automatically injected into Claude, instantly transforming a single AI assistant into a CEO, senior engineer, or security officer.

Below is a list of the most frequently used representative commands from the full set of 28, organized by category. The full list can be found in the official skills.md.

Note: /codex is a command for codebase analysis. It shares its name with OpenAI's Codex service but is entirely unrelated. To avoid confusion within the team, it's a good idea to leave a one-line note in comments or the team wiki.

Slash Command: A shorthand command starting with / in Claude Code. It is defined as a markdown file in the .claude/commands/ directory, and when called, the prompt from that file is automatically injected into Claude.

CLAUDE.md: The Configuration File That Unlocks gstack's True Power

The true power of gstack lies not in the slash commands themselves but in the combination with CLAUDE.md. CLAUDE.md is a markdown configuration file that Claude Code automatically reads when starting a project, and it permanently injects coding conventions, forbidden patterns, build commands, role instructions, and more throughout the session.

# CLAUDE.md 기본 구조 예시
# Project Context
Stack: Next.js 15 + Supabase
Team: 5 engineers
 
# Commands
- Build: pnpm build
- Test: pnpm test
 
# Conventions
- English variable names only
- Prefer small PRs (<400 LOC)
 
# Guardrails
- NEVER commit .env files
- Ask before touching auth/ directory

As of 2026, managing CLAUDE.md in a three-tier hierarchical structure has become the industry standard.

Context Length Note: Community experiments have observed a tendency for Claude to ignore content in the latter half of a CLAUDE.md file when it exceeds 200 lines (this is an experimentally observed tendency, not a constraint officially documented by Anthropic). Modularizing with the @filepath import pattern is effective at circumventing this issue and is a widely used pattern in the community.

gstack's Position in the Claude Code Ecosystem

Several frameworks are competing alongside gstack, and the right choice depends on your team's character.

Practical Configuration by Team Size: Startup, Mid-Size, and Enterprise

Example 1: Startup Team (1–10 People) — Speed-First Lean Subset

Introducing all 28 commands to a startup only increases cognitive load. Choosing just 5–7 core commands for the entire team to master is far more effective. Garry Tan himself maintained 10,000 LOC and 100 PRs per week for 50 days with gstack — a result of repeated mastery of a lean subset, not the full command set.

Recommended Command Subset — Starting with 5:

/plan-ceo-review  # 기능 스코프 검토 — 빌드 시작 전 활용
/review           # PR 병합 전 코드 리뷰
/ship             # 자동 PR 생성·머지
/qa               # 실제 브라우저 E2E 테스트
/retro            # 스프린트 종료 회고

Why these 5 were chosen: /review and /qa deliver immediate, measurable ROI in PR quality and bug prevention. /plan-ceo-review prevents the waste of building in the wrong direction.

CLAUDE.md Template for Startups:

# Project Context
Stack: Next.js 15 + Supabase + Vercel
Team: 3 engineers, move fast, ship weekly
 
# Commands
- Build: pnpm build
- Test: pnpm test
- Deploy: git push origin main (auto-deploys)
 
# Conventions
- English variable names, comments in any language
- No premature abstraction — 3 instances before extracting
- Prefer small PRs (<400 LOC)
 
# Active gstack Commands
- /plan-ceo-review → scope check before build
- /review          → pre-merge review
- /ship            → PR creation and merge
- /qa              → E2E browser test
- /retro           → sprint retrospective
 
# Guardrails
- NEVER drop database tables without /guard approval
- NEVER commit .env files
- Ask before touching auth/ directory

Example 2: Mid-Size Team (10–50 People) — Hybrid Strategy

Mid-size teams need both the speed of a startup and the safety nets of an enterprise. Add /freeze and /guard as mandatory, while keeping CLAUDE.md as a single file for now — this is best for reducing management overhead.

# [MID-TEAM] CLAUDE.md
Stack: React + Node.js + PostgreSQL
Team: 25 engineers, 4 squads
 
# Active gstack Commands
- /guard            → Required: block destructive commands
- /freeze           → Required: deployment freeze before release
- /plan-eng-review  → Use for architecture changes
- /review           → Pre-merge code review
- /ship             → PR creation and merge
- /qa               → E2E testing
- /retro            → Biweekly sprint retrospective
 
# Guardrails
- DB migrations: /guard approval required
- auth/, payments/ directories: senior review required
- No production deployments after 3 PM on Fridays

Example 3: Enterprise Team (50+ People) — Governance-First Layered Structure

Managing 50+ people with a single CLAUDE.md in an enterprise setting leads to rule conflicts and governance issues. Layered separation and the @import pattern are the key solutions.

Governance Principle — Who Manages CLAUDE.md:

The first practical question that arises during enterprise adoption is "who can change the root CLAUDE.md?" The recommended approach is as follows.

Directory Structure:

.claude/
  CLAUDE.md          # 팀 공용 (git commit)
  CLAUDE.local.md    # 개인 오버라이드 (.gitignore)
docs/
  conventions.md     # 언어별 코딩 스타일
  security-policy.md # OWASP 체크리스트
  deploy-rules.md    # 배포 금지 시간대·절차

Root CLAUDE.md Template for Enterprise:

# [ENTERPRISE] Root CLAUDE.md
# Governance: Changes require PR review from Engineering Manager
# Last updated: 2026-04-17
 
# 모듈화 임포트 (community-supported pattern)
@./docs/conventions.md
@./docs/security-policy.md
@./docs/deploy-rules.md
 
# Team Context
Org: 200-person eng team
Compliance: SOC2 Type II, GDPR
Oncall rotation: PagerDuty (see #oncall Slack)
 
# Active gstack Commands
- /guard            → destructive command pre-check
- /freeze           → deployment freeze before release cut
- /plan-eng-review  → architecture change review
- /document-release → automated release notes
- /codex            → legacy codebase analysis
- /investigate      → incident RCA
 
# Non-negotiables (hooks enforced)
- No secrets in code (enforced by pre-commit hook)
- All DB migrations require /guard sign-off
- /freeze active during release windows
 
# MCP Servers
- mcp__jira: ticket creation and status lookup
- mcp__datadog: incident lookup and alert history
- mcp__slack: #incidents channel notification

Example docs/security-policy.md (a starting point — it is recommended to expand this with your security team before actual use):

# Security Policy
# NOTE: This is a starting template. Expand with your security team.
 
## OWASP Top 10 Checklist (Abbreviated)
- SQL Injection: parameterized queries required
- XSS: use DOMPurify or framework-native escaping
- Broken Auth: JWT expiry <= 24h
 
## Access Control
- RBAC changes require /guard approval
- All DB write operations must have audit logging
- API endpoints require authentication unless explicitly marked public

MCP (Model Context Protocol): A standard protocol that allows Claude to communicate with external tools such as Jira, Slack, and Datadog. Since early 2026, it has been combined with multi-agent orchestration in Claude Code, enabling enterprise workflow automation.

Pros and Cons Analysis

Advantages

Disadvantages and Caveats

OWASP (Open Web Application Security Project): The international standard benchmark for web application security, forming the basis of the security audit checklist in the /guard command. For more information, see owasp.org.

The Most Common Mistakes in Practice

1. Introducing all commands at once: Adopting all 28 commands before the team has learned their roles compounds confusion. It is safer to start with a subset sized for your team and expand incrementally.
2. Indefinitely growing CLAUDE.md as a single file: Claude tends not to read the latter half when it exceeds 200 lines. It is better to separate content using the @import pattern and keep the root file limited to core rules only.
3. Using gstack for enterprise deployments without /guard: /guard serves as a preemptive blocker for destructive commands. For mid-size teams and above, it is recommended to enforce /guard and /freeze as team policy.

Closing Thoughts

gstack becomes a truly productive tool when the right command subset for your team's size and maturity is combined with a well-designed, layered CLAUDE.md.

Three steps you can take right now:

1. Install gstack and start by defining a command subset appropriate for your team size. Clone the official repository, then try starting with the 5 commands /plan-ceo-review, /review, /ship, /qa, and /retro for startups, or adding /guard and /freeze on top of those for mid-size and enterprise teams.
2. It is recommended to create .claude/CLAUDE.md in your project root and modify the templates above to fit your team's stack. Keeping it under 200 lines and separating security policies or conventions into sub-files under docs/ linked via @import is advantageous for long-term maintenance.
3. For the first week, try using just two commands — /review and /qa — on actual PRs. You can immediately feel the effect on PR quality and bug prevention, making it the best starting point for building team-wide adoption. Once comfortable, you can expand step by step in the order of /ship, /guard, and /investigate.

Next article: A practical guide to building an enterprise workflow with Claude Code Hooks and MCP servers — automating everything from Jira ticket creation to Datadog incident lookups.

References

• garrytan/gstack Official GitHub Repository
• gstack/CLAUDE.md Official Template
• gstack/docs/skills.md Full Command List
• GStack Tutorial: 10K LOC/Week Development Workflow | SitePoint
• GStack vs Superpowers vs Hermes Comparison | MindStudio
• Is gstack only for solo developers, or is it effective for enterprise too? | BSWEN
• CLAUDE.md Guide for Enterprise Teams | Big Hat Group
• CLAUDE.md Best Practices | ClaudeCodeLab
• Claude Code Best Practices Official Documentation
• How to Run Superpowers + gstack + GSD Together | DEV Community
• awesome-claude-code Community Collection