GroundControl A curated marketplace of agents, skills and tooling that brings every workstation in your org to a single AI-assisted baseline.
curl -fsSL groundcontrol.fullstack.co.za/install.sh | bash
Detailed per-platform installers are in /portal/install. Comprehensive release history is at /portal/release-notes.
A shared floor for AI-assisted development
across every workstation in your organization.
GroundControl is Full Stack's opinionated baseline for Claude Code. It ships a curated marketplace of agents, skills, installers, safety rails, and observability hooks so that every engineer — regardless of machine, role or seniority — operates from the same validated floor.
A single, upsert-safe baseline
One installer brings any laptop to organization baseline in minutes. Upserts only GroundControl-managed content — your personal agents and skills are preserved, versioned and rollback-ready.
125 agents · 137 skills
Task-specific agents for development, testing, security and multi-model orchestration. Reusable skills for everything from release notes to voice synthesis to Graphviz diagrams — all invokable from Claude Code.
Policy, compliance, audit
OpenClaw detection for prohibited software, license-compliance checking, regulatory guardrails (GDPR, HIPAA, SOC 2, ISO 27001) and an immutable input log — enforced at install and at runtime.
Memory that survives reboots
claude-mem persists cross-session context. Nightly CLAUDE.md backups keep a 30-day rolling history. Remote Control lets you resume a local session from any device — phone, tablet, browser.
One-line install
on the OS you already run.
Every installer is non-destructive. A backup is created before any change and tracked in ~/.groundcontrol/version.json. Rollback is a single flag.
# sign in at groundcontrol.fullstack.co.za first
➜ curl -fsSL groundcontrol.fullstack.co.za/install.sh | bash
✓ uv · bun · claude-code
✓ ollama (0.15) · leann · whisper.cpp
✓ 125 agents · 137 skills copied to ~/.claude
✓ claude-mem installed
✓ nightly backup scheduled · cron 02:00
# ready.
# sign in at groundcontrol.fullstack.co.za first
$ curl -fsSL groundcontrol.fullstack.co.za/install.sh | bash
✓ core deps (python3, node, git, uv)
✓ bun · playwright-mcp
✓ leann semantic index
✓ hydra · tmux multi-user sessions
✓ oh-my-claudecode preset
# pull models later: ./install-unix.sh --with-models
# sign in at groundcontrol.fullstack.co.za first
PS> irm groundcontrol.fullstack.co.za/install.ps1 | iex
✓ winget · bun · claude-code
✓ ollama · whisper.cpp
✓ GroundControl-ClaudeMD-Backup task
✓ OpenClaw scan · clean
# leann: use WSL for native deps
# rollback: -Rollback -BackupId "..."
Agents for every seat in the room.
Each agent is a markdown system prompt with a clear mandate: architect, tester, reviewer, responder. They respect your Claude Code model config via model: inherit, so you pick the brain; GroundControl picks the role.
Skills you can actually type.
Every skill is a slash command. From /release-notes to /runway-video to /akv-bridge, each one bundles prompt, docs and glue code so your team speaks the same commands across repos.
Two directories.
Zero surprises.
GroundControl lives in two predictable places so it's easy to audit, back up, and roll back. Nothing wanders into system paths; nothing rewrites your dotfiles.
The installer only writes into GroundControl-managed paths. Your handcrafted agents, custom CLAUDE.md, and private skills stay exactly where they are.
- 01Upsert, not overwrite. Existing files are preserved. A backup is created before every change.
- 02Version tracked.
version.jsonrecords manifest hash, install time, machine ID. - 03Rollback-ready.
--rollback --backup-idrestores the last good state in under 30 seconds. - 04Nightly CLAUDE.md safety. 30-day rolling copy at
~/.groundcontrol/backups/claude-md/, deduplicated by hash. - 05Observable. An immutable input log means you can always explain what ran, when, and why.
Wire in the tools you already own.
GroundControl is designed to sit between Claude Code and the model fleet, document graph and coworker tooling you already pay for. Defaults are cloud-first; local fallbacks are one env var away.
The right model
for the job at hand.
GroundControl's defaults route every task to the best-suited Ollama cloud model via the shared org account, and fall back to a local model on the same 192.168.0.98 fleet when you're offline.
Lifecycle · qwen3 → qwen3.5 · gemma → gemma3 · use current versions for all new work.
Guardrails at install, at runtime, at review.
GroundControl ships security as first-class deliverables — not afterthoughts. Every layer is observable, every change is reversible, and every restriction is explicit.
OpenClaw Detection
AutoPre- and post-install scanning for prohibited software, with an immutable infection log for audit.
- Runs on every install
- Writes to
OPENCLAW_INFECTION_LOG.MD - Blocks baseline if criteria unmet
Regulatory Coverage
AgentsDedicated agents for GDPR, HIPAA, SOC 2, ISO 27001 and PCI-DSS review flows — scriptable, not bureaucratic.
regulatory-compliance-agentcompliance-auditorlicense-compliance-checker
Secrets & Identity
AKVPull secrets from Azure Key Vault via Scorecards OAuth; set as transient env vars for the session only. Key rotation is a button.
/akv-bridgeakv-key-rotationagent- Azure Entra-aware
Output Quality Gate
0–100Every AI output can be passed through output-quality-scorer — correctness, completeness, security, all scored 0–100 with rationale.
- Runs in CI or pre-merge
- Thresholds per repo
- Feeds
/ai-report
Remote Control
Opt-inContinue a local Claude Code session from phone, tablet, or browser — code execution stays local; only the session UI is exposed.
- Requires Claude Max/Pro
claude --remoteor/remote- Per-session token
Dependency Audit
CVEDeep dependency audit with CVE, license, and supply-chain analysis, with actionable remediation suggestions, not just a wall of CVE IDs.
dependency-auditagent/compliance-docs- SBOM-ready output
Supply Chain Audit
NEWFour-layer post-install audit: SBOM generation, CVE scanning (npm + pip), static analysis for exfiltration patterns, and integrity verification against a known-good allowlist. Scores 0-100 with org-wide visibility via Scorecards.
- Detects network calls, eval/exec, env harvesting
- Flags non-allowlisted URLs in dependencies
- Plugin scanning (claude-mem, MCP servers)
- Runs automatically on every install/update
Settings Integrity
HOOKSValidates that telemetry hooks in settings.json are correctly formatted and complete. Detects PowerShell serialization corruption, duplicate entries, and missing hook events that silently disable usage analytics.
- 4 required hook events validated
- Corrupted string detection
- Automatic repair guidance
A rollout you can actually ship.
GroundControl is designed to be adopted gradually. Start with one team. Measure. Expand. Every step is reversible.
Pilot
Install on 3–5 engineers' workstations. Review generated agents, adjust the CLAUDE.md backup schedule, turn on OpenClaw.
Calibrate
Pick the 10 skills your team will adopt first. Benchmark model choices via /model-benchmark. Tune routing defaults.
Roll out
Install on every workstation. Enable nightly CLAUDE.md backup, Hydra shared sessions, and the immutable audit log.
Govern
Weekly /ai-report. Quarterly brand & policy refresh. Contribution review — your team's agents become the next marketplace.
Short answers, specific machines.
Is GroundControl a fork of Claude Code?
No. GroundControl is a content layer that installs alongside Anthropic's official Claude Code CLI. Claude Code is still the runtime; GroundControl curates the agents, skills and installation scripts that bring a workstation to org baseline.
What happens to my existing agents and skills?
Nothing. The installer runs in upsert mode — only GroundControl-managed files are written, and a timestamped backup is created before every run. Custom content is preserved and a one-flag rollback is always available.
Does this send my code to anyone?
Only as much as your chosen model provider does. GroundControl itself does not exfiltrate data. Remote Control is opt-in and session-scoped. For fully-local work, the Ollama fallbacks run on a LAN fleet you control.
Can I use this without Claude?
Partly. The marketplace format targets Claude Code conventions, but many skills route to Google AI Studio, Runway, ElevenLabs, or local Ollama models. The model-router agent chooses per task based on cost, quality and speed.
Is LEANN available on Windows?
Native LEANN depends on Linux-only packages. On Windows we recommend running it in WSL — the rest of GroundControl installs natively via the PowerShell script.
How do I contribute an agent or skill?
The GroundControl source repository is closed and restricted to Full Stack organisation owners. To propose a new agent or skill, raise the request via this portal, and an owner will review it. Contributions are not accepted from forks of the repository.
What's the licensing?
Fully proprietary. Closed source. GroundControl is licensed exclusively to Full Stack (Pty) Ltd employees, contractors, and authorised agents. The source code is not open and is not distributed under an OSI-approved licence. The licence is personal, non-transferable, and non-sublicensable; it may not be reverse-engineered, redistributed, or used outside Full Stack engagements. See the LICENSE file (only available to authenticated employees) for full terms.
Who pays for Ollama cloud calls?
By default, cloud inference is routed through Full Stack's shared ai@fullstack.co.za Ollama account. Organisations on their own baseline can point OLLAMA_CLOUD_ACCOUNT at their own account.
One installer. A shared floor.
Bring your team to the same baseline this afternoon. Twelve minutes on a clean machine, ninety seconds on update, and fully reversible if you change your mind.