Comment by detkin
3 days ago
Hi HN — I'm one of the maintainers.
The short version: sx treats skills, MCP server configs, slash commands, agents, hooks, and rule files as versioned packages. You define them once, push them to a vault (a local folder, a git repo, or our hosted backend), and install them where they belong. There's a lockfile so installs are reproducible, scope levels for org / team / repo / individual, and the CLI translates the same asset into the format each AI client expects.
Supported clients today: Claude Code, Cursor, GitHub Copilot, Cline, Codex, Gemini (CLI / VS Code / JetBrains / Android Studio), Kiro, claude.ai, chatgpt.com. The last two are what let non-engineering teams (marketing, legal, ops) use the same primitive instead of being locked out of the AI-assets ecosystem.
The thing I'd most like feedback on is whether the scope model is the right shape. Org → team → repo → path → individual is what's emerged from talking to ~60 teams over the last six months, but I expect bigger orgs will surface scopes we haven't modeled (sub-team, environment, etc.).
Why this and not just plugins / vendor marketplaces? Claude Code plugins are real and a good step up over raw git-checked-in CLAUDE.md files. The limitations show up at scale: each plugin is scoped to its publishing repo, so teams duplicate skills across plugins, and you're still locked to a single vendor's client. Full writeup with the technical details: https://www.sleuth.io/post/there-s-an-npm-shaped-hole-in-the...
not sure if this premise is valid. In most cases, skills (and other assets) are not independent of each other. Take gstack por example; it would be weird to install skill A without installing skill B. They work together.
So, it is true that some skills are independent, but not all. IN my company, we ship assets by domain and workflows (development, discovery, data science, etc)
We added the idea of dependencies for exactly that reason. However, honestly, I've not see any usage of it in the wild. Seems like most folks are ok with either bundling them and calling it a day or not really worrying about it.
Very interesting about the domain and workflows. Do you think domain could map to a team or is it different?
At your company how are you shipping your assets? How do you do the domain and workflow grouping?
we are shipping as plugins.
we have a internal cli that creates the plugin on the fly after you select the domains you want to work with. This cli is a standalone cli + wizard that does it all. Generally speaking, we have skills that are code related and mostly independent (ex: a skill to teach python how to log in our tech stack). Another type are skills related to our workflow (a skill to plan that outputs a file that is used in the next step "implement", together with a dev agent and so on)
5 replies →
Will there be support for importing other tools that have their own CLIs?
Say more, what kind of tools are you thinking about?
The tool support is certainly one of the key pillars of the project so we're open to any tool additions that will help people get value from the project.
I have a tool that I built in Go[0], so it has its own binary, would this help to facilitate helping people install those? I have seen tools coded in Rust and Go distributed by npm install and it always bothers me, especially with npm repeatedly being a hotbed of hacked accounts.
Tools that come to mind:
RTK (Rust Token Killer since googling the acronym yields terrible results, asking an LLM without spelling it out too)
Beads (what GuardRails was inspired by)
... and an endless list of tools people have made in place of making an MCP.
I too thought about having a "AI Package manager" just found the message I sent a friend several months back.
[0]: https://github.com/Giancarlos/guardrails