CaveStack · v1.0 shipped

Why use many
word when few do?

Skills that think before code.

40 Claude Code skills. Caveman voice. Catch bad work before ship. Savings in characters, not tokens — model-agnostic. Free OSS.

curl -fsSL cavestack.jerkyjesse.com/install | sh
Same /review · same patch · watch difference

Before / After.

Default verbose left. Caveman mode right. Same findings, 82% less prose.

Default verbose 
# patch /review

Analyzing your changes...

I'll review the changes in auth/middleware.ts and provide
comprehensive feedback on the implementation.

## Summary

This pull request modifies the authentication middleware
to add token expiry validation. The changes look generally
good, but I have several observations and recommendations
that I'd like to share with you.

## Detailed Analysis

### Finding 1: Token Expiry Check (Medium)

In auth/middleware.ts:47, the token expiry comparison
uses a strict less-than operator (<) when it should
use less-than-or-equal-to (<=). This means tokens
that expire at exactly the current timestamp will
incorrectly be treated as valid.

Recommendation: Change the comparison operator from
< to <= to ensure tokens are invalidated at exactly
their expiry time.

### Finding 2: Missing Error Context (Low)

The error response at line 52 returns a generic 401
without diagnostic information. Consider adding a
"reason" field to the error response.

## Overall Assessment

The changes demonstrate a solid understanding of the
authentication flow. With the operator fix applied,
this should be ready to merge.
CaveStack · caveman mode 
# patch /review

## Findings: 2

1. auth/middleware.ts:47 — token expiry check
   use < not <=. Token at exact expiry time
   passes validation. Fix:

   - if (token.exp < now) {
   + if (token.exp <= now) {

2. auth/middleware.ts:52 — 401 response
   missing reason field. Add:

   { error: "unauthorized", reason: "token_expired" }

Status: Fix #1, merge.
187 fewer words · 82% less · same findings
40 skills · ship-ready

Workflow you already want.

Each skill: prompt + bash + review logic. Type slash. Get answer. No config.

/ship
PR-ready check. Tests, changelog, version bump, dual review. Open PR when green.
/investigate
Root-cause debug. Hypothesis → evidence → fix. Never guess.
/qa
Headless browser test real site. Find bug before user do.
/review
Code review on diff. Dual voices: Claude + Codex. Mark decisions.
/office-hours
Brainstorm + validate. Challenge premise. Adversarial review. Score 1-10.
/autoplan
Full auto pipeline: CEO → Design → Eng → DX. Write plan + logs to disk.
/design-review
Visual audit + fix loop. Screenshot site. Flag kitsch. Enforce tokens.
/checkpoint
Save progress mid-session. Resume anywhere. Context survive compaction.
/retro
Weekly retro across projects. What shipped. What slipped. What to fix.

+ 31 more. See all 40 skills →

Move cursor slow. Cave wall light up. Old paintings hide in dark.

Deep dive

How it work.

Install, voice, philosophy, troubleshooting

Install

curl -fsSL cavestack.jerkyjesse.com/install | sh

Works on macOS, Linux, Windows (WSL or git bash). Script install skills to ~/.claude/skills/cavestack/. Symlinks them top-level so Claude Code find them as /qa, /ship, rest.

Caveman voice

Every skill speak compressed caveman. Drop articles. Drop filler. Fragments OK. Code, commits, PRs stay normal prose. Levels: /caveman lite, /caveman full, /caveman ultra. Kill per-session: stop caveman.

Philosophy: judgment before code

  • Completeness (P1): no partial work as done.
  • Blast radius (P2): fix at root, not symptom.
  • Pragmatic (P3): ship working, iterate later.
  • DRY (P4): one source of truth.
  • Explicit over clever (P5): no hidden magic.
  • Bias toward action (P6): pick, commit, verify.

Model-agnostic metrics

Savings measured in characters, not tokens. Numbers survive model switch. 2,400-char answer stay 2,400 chars on Opus, Sonnet, Haiku, GPT, Gemini. Token math lie across providers. Character math honest.

What's on disk

~/.claude/skills/cavestack/   # 40 skills
~/.cavestack/projects/<slug>/ # plans, reviews, checkpoints, timeline
~/.cavestack/analytics/       # local-only usage log
~/.cavestack/config.yaml      # prefix, proactive mode, voice

Nothing leave your machine. No telemetry. No calls to cavestack servers. No servers.

Team mode

Install once. Share via ./setup --team. Teammate run same command. Same skills. No vendoring into repo.

Troubleshooting

  • Skill not found: bin/cavestack-relink — rewrite symlinks.
  • Caveman too terse: /caveman lite — keep more prose.
  • Upgrade: /cavestack-upgrade or cd ~/.claude/skills/cavestack && git pull && bun run build.
  • Proactive prompts annoy: bin/cavestack-config set proactive false.

License

MIT. Source: github.com/JerkyJesse/CaveStack. Issues, ideas, PRs welcome.