Skip to content
/
Tier A A11 Governance

GreatCTO

greatcto · avelikiy/great_cto · ★ 32 · last commit 2026-05-26

Full SDLC pipeline (57 specialist agents, 2 human gates, 12 jurisdiction detectors, 33+ compliance frameworks) for solo founders — architect/critics/reviewers/QA/security/devops run automatically; human decides at plan and ship.

Best whenThe most expensive bugs are in architecture and spec decisions made before coding starts — three critic agents must run before gate:plan, and domain-speciali…
Skip ifGeneral-purpose agents reviewing compliance-sensitive code, Coding before critics review architecture and spec
vs seeds
GreatCTO is the only framework in the batch or seeds with jurisdiction-aware pipeline adaptation (12 regions, 33+ compliance frame…
Primitive shape 119 total
Commands 39 Skills 13 Subagents 57 Hooks 9 MCP tools 1
00

Summary

GreatCTO — Summary

Slug: greatcto
GitHub: https://github.com/avelikiy/great_cto
Stars: 32
License: MIT
Language: JavaScript/TypeScript (Node.js 18.17+)
Version: 2.22.1
Status: Active (last commit 2026-05-26)

What It Is

GreatCTO is a Claude Code plugin that provides a full SDLC pipeline with 57 specialist agents, two human approval gates, compliance-aware jurisdiction detection, and a local Kanban dashboard. It targets solo founders and small engineering teams (up to 50 engineers).

Core pitch: "You make two decisions per feature. Everything else runs automatically."

Two-Gate Pipeline

/start "describe the feature"
     ↓
Critics (architecture + spec + schema critics run first)
     ↓
gate:plan  ← Human approval (architecture + tasks + cost)
     ↓
senior-dev → 12-angle review → qa-engineer → security-officer → devops
     ↓
gate:ship  ← Human approval (PR ready, security signed off)
     ↓
Deployed

By the Numbers

  • 57 specialist agents (architect, PM, senior-dev, QA, security, devops, 30 archetype-specific reviewers, 16 domain/compliance packs)
  • 39 commands
  • 13 skill areas
  • 25 archetypes auto-detected from PROJECT.md
  • 12 jurisdictions (GDPR, HIPAA, PCI-DSS, SOX, DPDPA, etc.)
  • 33+ compliance frameworks
  • 7 hook event types (full Claude Code hooks coverage)

Dependencies

  • superpowers (superpowers-marketplace)
  • beads (local) — task tracking (bd CLI)

Cost Claim

  • One real feature traced: $2.39 LLM cost vs ~$5,460 human-equivalent
  • Monthly estimate: ~$34 for 20 pipeline runs
  • 2 defects caught that QA had missed
01

Overview

GreatCTO — Overview

Origin and Positioning

Created by avelikiy. Website: https://greatcto.systems

Target: "The engineering process for solo founders and teams up to 50 engineers — without the overhead."

The positioning is explicitly NOT a general coding agent loop, but the orchestration layer above the coding agent: "Think 'specialist team that reviews and gates the work' rather than 'another assistant that types code.'"

README explicitly disclaims team use: "Built for the one-person engineering org." FAQ has a dedicated entry: "Not for teams."

Comparative Claim

great_cto Devin Claude Code alone
Specialist agents 57 1 generalist 1 generalist
SDLC orchestration architect → plan → impl → review → QA → security → devops one-shot autonomy edit loop
Human gates 2 per feature none none
Memory across sessions decisions.md + lessons.md + crystallize thread only thread only
Compliance frameworks 33+ none none
Pricing free (BYOK) $500/month $20/month

Philosophy

Three core beliefs:

  1. Critics before code — architecture, spec, and schema critics run before implementation, when reverting is cheap
  2. Specialist vs generalist — routing to domain-specific agents (pci-reviewer, gdpr-reviewer, fda-reviewer) catches domain-specific bugs that a generalist misses
  3. Two human gates — operators decide at plan (architecture + tasks) and ship (PR ready, security), not at every intermediate step

Pipeline Logic

The core pipeline (architect → pm → gate:plan → senior-dev → review → qa → security → devops → gate:ship) adapts per project:

  • Fintech EU: adds pci-reviewer, gdpr-reviewer, regulated-reviewer; extra gates for GDPR DPIA and PCI audit
  • Healthcare US: adds fda-reviewer, healthcare-reviewer, security-officer; adds clinical-validation gate
  • CLI tool: adds cli-reviewer; gate:plan is the only human gate

Multi-language Docs

README translated to: Russian, Simplified Chinese, Traditional Chinese, Japanese, Korean, Spanish, Portuguese, German, French.

02

Architecture

GreatCTO — Architecture

Distribution

  • Install: npx great-cto init
  • npm package: great-cto
  • Type: Claude Code plugin (plugin.json)
  • Plugin ID: great_cto

Repo Structure

great_cto/
├── .claude-plugin/
│   ├── plugin.json        # Plugin registration (hooks, MCP servers, metadata)
│   └── settings.example.json
├── agents/
│   ├── _shared/           # Shared agent contracts (artifact-summary, verdict-format, etc.)
│   ├── architect.md       # claude-opus-4-7, 30 maxTurns, 1200s timeout
│   ├── pm.md
│   ├── senior-dev.md
│   ├── qa-engineer.md
│   ├── security-officer.md
│   ├── devops.md
│   ├── l3-support.md
│   ├── project-auditor.md
│   ├── performance-engineer.md
│   ├── continuous-learner.md
│   ├── knowledge-extractor.md
│   ├── decision-scorer.md
│   └── [30+ domain/compliance reviewer agents]
├── commands/              # 39 Claude Code slash commands
├── skills/
│   ├── great_cto/         # Main skill (SKILL.md routing table, ARCHETYPES.md, TYPE_MAP.md)
│   ├── anti-patterns/
│   ├── archetype-review-base/
│   ├── cost-model/
│   ├── crystallize/
│   ├── decision-eval/
│   ├── discovery/
│   ├── done-blocked/
│   ├── pm-planning/
│   ├── pre-mortem/
│   ├── prose-style/
│   ├── skeptical-triage/
│   └── well-architected/
├── mcp-servers/
│   └── llm-router/
│       └── server.py      # Python MCP: great_cto_llm_router (OpenRouter)
├── packages/
│   └── board/
│       └── server.mjs     # Zero-dependency Node.js board server (localhost:3141)
├── scripts/
│   └── hooks/             # Hook implementations (secret-scan.mjs, format-check.mjs, etc.)
├── .beads                 # Beads task tracking integration
└── CLAUDE.md              # Agent instructions for contributors

State Files

File Scope Purpose
~/.great_cto/decisions.md User-global Cross-project architectural decisions (11 memory layers)
~/.great_cto/preferences.md User-global User preferences injected at SessionStart
.great_cto/PROJECT.md Project-local Project archetype, phase, jurisdiction, stack
.great_cto/HANDOFF.md Project-local Auto-saved at PreCompact — open gates, tasks, git status
.great_cto/FLOW.md Project-local Generated by npx great-cto init — agent/gate pipeline for this project
.great_cto/brain.md Project-local Current synthesis of project knowledge
.great_cto/CODEBASE.md Project-local Codebase summary
.great_cto/lessons.md Project-local Per-project retrospective learnings
~/.great_cto/global-patterns/GP-*.md User-global Crystallized incident patterns (built by /crystallize)
.great_cto/agent-writes.log Project-local PostToolUse Write/Edit audit log
.great_cto/permission-denied.log Project-local PermissionDenied events
.great_cto/verdicts/*.log Project-local Per-agent verdict logs

MCP Server

"great_cto_llm_router": {
  "command": "python3",
  "args": ["${CLAUDE_PLUGIN_ROOT}/mcp-servers/llm-router/server.py"],
  "env": {
    "OPENROUTER_API_KEY": "${OPENROUTER_API_KEY}",
    "GREAT_CTO_ROUTER_MODEL": "...",
    "GREAT_CTO_ROUTER_MAX_TOKENS": "...",
    "GREAT_CTO_ROUTER_TIMEOUT": "..."
  }
}

Provides mcp__great_cto_llm_router__ask_kimi tool used by the architect agent for external model consultation.

Plugin Dependencies

  • superpowers@superpowers-marketplace — writing-plans, requesting-code-review skills
  • beads@localbd CLI for Beads task tracking (board UI, gate management)
03

Components

GreatCTO — Components

Commands (39 slash commands)

Category Commands
Core workflow /start, /audit, /inbox, /board, /digest, /review
Project management /ownership, /oncall, /rfc, /release, /doctor, /burn, /cost
Security /sec, /poc, /promote
Knowledge management /crystallize, /migrate, /resume, /save, /learn
Agent management /agent-review, /agent-retire, /help
Compliance packs /voice-compliance, /clinical-compliance, /samd-classify, /aedt-bias-audit
Review tools /api-contract-review, /fair-lending-audit, /part11-audit, /biodata-conformance
Domain-specific /hara, /em-fintech-review, /carbon-mrv, /dna-screen, /drug-ml-review
Lab/pharma /glp-audit, /iq-oq-pq

Agents (57 specialists)

Core Pipeline Agents

Agent Model Role
architect claude-opus-4-7 Architecture docs, ADRs, cost estimates, Well-Architected review
pm claude-opus-4-7 (inferred) Task decomposition, Beads task creation, dependency graph
senior-dev sonnet (inferred) TDD implementation
qa-engineer sonnet (inferred) QA reports, coverage, acceptance tests
security-officer sonnet (inferred) Security review
devops sonnet (inferred) Deploy, canary, rollback, SLO
l3-support sonnet (inferred) Production incident triage, P0 postmortem
project-auditor sonnet (inferred) Architecture audit
performance-engineer sonnet (inferred) Hot path, p99 budgets
continuous-learner sonnet (inferred) Pattern extraction → lessons.md
knowledge-extractor sonnet (inferred) Crystallize sessions → global patterns
decision-scorer sonnet (inferred) Gate verdict scoring
ai-prompt-architect sonnet (inferred) LLM prompt design
ai-eval-engineer sonnet (inferred) Eval suites, golden-citation tests
ai-security-reviewer sonnet (inferred) AI/prompt injection review

Domain Compliance Reviewers

pci-reviewer, gdpr-reviewer, us-privacy-reviewer, dpdpa-reviewer, fda-reviewer, healthcare-reviewer, ai-clinical-reviewer, clinical-trials-reviewer, digital-health-reviewer, bio-data-reviewer, drug-discovery-ml-reviewer, glp-glab-reviewer, lab-automation-reviewer, biosecurity-reviewer, robotics-safety-reviewer, hr-ai-reviewer, edtech-reviewer, gov-reviewer, game-reviewer, enterprise-saas-reviewer, insurance-reviewer, lending-credit-reviewer, emerging-markets-fintech-reviewer, climate-mrv-reviewer, voice-ai-reviewer

Technical Reviewers

db-migration-reviewer, infra-reviewer, cli-reviewer, web-store-reviewer, mobile-store-reviewer, library-reviewer, api-platform-reviewer, mlops-reviewer, data-platform-reviewer, streaming-reviewer, marketplace-reviewer, cms-reviewer, firmware-reviewer, oracle-reviewer, regulated-reviewer, devtools-reviewer

Skills (13)

Skill Purpose
great_cto Main orchestrator skill (SKILL.md routing table, 50-agent dispatch)
anti-patterns Known architectural anti-patterns
archetype-review-base Base review criteria for all archetypes
cost-model Cost estimation for architectural decisions
crystallize Session → global pattern extraction
decision-eval Gate verdict evaluation criteria
discovery Codebase discovery and analysis
done-blocked Done/blocked state tracking
pm-planning Project management and task planning
pre-mortem Failure mode analysis before implementation
prose-style Output prose style enforcement
skeptical-triage Critical analysis of proposed solutions
well-architected AWS Well-Architected / reliability review

Hooks (7 event types)

Hook Event Triggers Action
SessionStart Every session Load PROJECT.md, preferences, brain, handoff; inject full context; clean stale commands; sync agent files; show open gates/P0 alerts
PreCompact Before context compact Save HANDOFF.md with git status + open gates + tasks; save session log
SubagentStart Each subagent launch Inject PROJECT.md, brain (current synthesis), HANDOFF.md
PreToolUse/Bash Before every Bash call Block dangerous commands (rm -rf, git push --force, DROP TABLE, etc.)
PreToolUse/Write|Edit|MultiEdit Before file writes Secret scan (secret-scan.mjs)
PostToolUse/Write|Edit|MultiEdit After file writes Log to agent-writes.log; format-check.mjs; summary-enforce.mjs
SessionEnd Session end session-end.mjs: save session summary
UserPromptSubmit Each user prompt cost-guard.mjs (budget check); user-prompt-submit.py
PermissionDenied Tool permission denied Log to permission-denied.log; alert if Bash/Write

Beads Integration (bd CLI)

Beads is the task tracking backend. Commands used:

  • bd prime — cache task state
  • bd list --label gate --status open — list open gates
  • bd list --status open — list open tasks
  • bd ready — show ready tasks

Gates are tracked as Beads items with --label gate.

05

Prompts

GreatCTO — Prompts and Key Artifacts

SKILL.md Routing Table (excerpt, verbatim)

| Trigger (file pattern OR topic) | Use `subagent_type:` |
|---|---|
| `migrations/`, `schema.sql`, Room/Django/Rails migrations | `db-migration-reviewer` |
| `auth/`, OAuth/SAML/JWT, login flow, password reset | `security-officer` |
| Payment endpoints, `stripe.`, webhooks, refund flow, PCI scope | `pci-reviewer` |
| GDPR, EU AI Act, NIS2, EU data residency | `gdpr-reviewer` |
| Clinical / SaMD / FDA / FHIR / PHI / HIPAA | `ai-clinical-reviewer`, `fda-reviewer` |
| Lending, ECOA, FCRA, NMLS, adverse action | `lending-credit-reviewer` |
| New feature implementation (TDD: RED → GREEN) | `senior-dev` |
| Architecture decisions, ADRs, scaling questions | `architect` |
| Decompose feature into tasks, dependency graph, Beads | `pm` |
| QA report after impl, coverage + acceptance | `qa-engineer` |

Architect Agent Frontmatter (verbatim)

---
name: architect
description: Use when starting any new feature. Creates architecture docs, ADRs, cost estimates, Well-Architected review. Always first in the pipeline.
model: claude-opus-4-7
tools: Read, Write, Glob, Grep, WebFetch, WebSearch, Bash(git:*), Bash(bd:*), Bash(ls:*), Bash(cat:*), Bash(find:*), Bash(node:*), ...
maxTurns: 30
timeout: 1200
effort: HIGH
memory: project
color: yellow
skills:
  - decision-eval
  - superpowers:writing-plans
  - superpowers:requesting-code-review
  - anthropic-skills:system-architect
  - anthropic-skills:adr
  - beads
  - skeptical-triage
  - done-blocked
  - well-architected
  - discovery
---

/start Command Frontmatter (verbatim)

---
description: "Set up a new project. Describe what you're building — agents do the rest."
argument-hint: "[free-form project description]"
user-invocable: true
allowed-tools: Read, Write, Bash, Glob, Grep, Agent
model: sonnet
---

/board Command (localhost:3141, verbatim)

---
description: "Open the great_cto admin board at http://localhost:3141 (Kanban, cost, pipeline, inbox, memory). Starts it in background if not running."
argument-hint: "[--port N] [--no-open] [--restart]"
user-invocable: true
allowed-tools: Read, Bash, Glob
model: haiku
---

SessionStart Hook (behavior summary)

At every session start, the hook:

  1. Copies all managed commands (/start, /audit, /inbox, /board, etc.) to ~/.claude/commands/
  2. Copies all 57 agents to ~/.claude/agents/great_cto-<name>.md
  3. Loads ~/.great_cto/preferences.md (global user preferences)
  4. Loads .great_cto/PROJECT.md (phase, archetype, jurisdiction, stack)
  5. Shows open gates count, open tasks count, current branch, last agent
  6. Emits P0 alert if any P0-labeled Beads items are open
  7. Loads latest HANDOFF.md (from PreCompact)
  8. Background clones anthropic-skills and personal-skills repos if not cached
  9. Runs skill-discover.sh to update skills-registry.json
  10. Shows active global patterns matching current archetype

PreCompact Hook Output (HANDOFF.md)

# Auto-Handoff — 2026-05-26 10:00

> Auto-saved by PreCompact hook. Next session: read this, then /inbox.

## Git
- Branch: `feat/refund-endpoint` | Last commit: `feat: add refund validation` | Uncommitted: 2 files

## Open Gates
gate:plan (ID: abc123)

## Open Tasks
senior-dev: implement refund endpoint

## Last Agent Verdict
2026-05-26 qa-engineer PASS coverage=94%

## Latest Docs
- Arch: docs/architecture/ARCH-20260526.md
- QA: docs/qa-reports/QA-20260526.md
- Security: docs/security/CSO-20260526.md

## Resume
Run `/inbox` to see pending gates, then continue pipeline.

SubagentStart Hook Injection

Each subagent receives on start:

  1. .great_cto/PROJECT.md (first 15 lines)
  2. .great_cto/brain.md current synthesis section (first 40 lines)
  3. .great_cto/HANDOFF.md (first 20 lines)
09

Uniqueness

GreatCTO — Uniqueness and Positioning

Differs from Seeds

GreatCTO is the most compliance-aware framework in this batch or the seeds. No other framework has 33+ compliance frameworks, 12 jurisdiction detectors, or domain-specific agents for FDA SaMD review, AEDT bias audit, GLP audit, or biosafety.

Versus superpowers (GreatCTO's primary dependency): Superpowers provides writing-plans and code-review skills. GreatCTO builds a complete opinionated SDLC pipeline on top.

Versus bernstein (also has compliance focus): Bernstein's compliance angle is audit trail (HMAC-SHA256, JWS, EU AI Act, SOC2 readiness) — it's about proving what happened. GreatCTO's compliance angle is agent routing — dispatching the right regulatory reviewer (fda-reviewer, pci-reviewer, gdpr-reviewer) before code is merged. Different layers of compliance.

Versus taskmaster-ai (task decomposition): Taskmaster decomposes tasks but doesn't execute them or gate them with specialist review. GreatCTO executes the full pipeline.

Versus claude-flow (parallel swarm): claude-flow uses a homogeneous worker pool with LLM coordination. GreatCTO uses named specialists with deterministic routing tables.

Distinctive Features

  1. 57 specialist agents — the largest named agent catalog in this batch. No other framework reviewed has more than 15 named subagents.

  2. Jurisdiction auto-detectionnpx great-cto init reads README + infra files to detect applicable regulations (GDPR, HIPAA, PCI-DSS, DPDPA, etc.) and generates a project-specific pipeline. No other framework does regulatory-aware pipeline generation.

  3. 12-angle code review — the specialist auto-attach pattern routes each PR diff to the appropriate domain reviewer(s) based on file patterns. A payment endpoint gets pci-reviewer. A migration gets db-migration-reviewer. A prompt file gets ai-security-reviewer. All automatically.

  4. Critics before plan — three critic agents (architecture, spec, schema) run before the plan gate, catching the most expensive bugs before code is written. This "adversarial pre-plan" pattern is unique.

  5. 11-layer memory with /crystallize — the global pattern library (GP-*.md files built from session incidents) gives agents actionable patterns before they re-solve known problems. The memory architecture is the most elaborate of any framework in this batch.

  6. Zero-dependency board serverpackages/board/server.mjs is explicitly a zero-dependency Node.js server with SSE. This ensures the dashboard works without npm install in CI/CD environments.

  7. Explicit "not for teams" positioning — actively discourages the product from being used by large teams, avoiding feature bloat. Most frameworks position for scale; GreatCTO positions for solo/small.

Observable Failure Modes

  1. Plugin dependency chain: requires superpowers + beads to be functional. If either dependency has an issue, the pipeline breaks.
  2. SessionStart hook complexity: the hook is 100+ lines of shell commands. A failure in early parts (e.g., plugin dir not found) silently degrades context injection.
  3. Specialist routing false negatives: SKILL.md routing covers ~40 patterns, but an unusual file path or unfamiliar framework won't trigger specialist routing — falls back to general-purpose.
  4. Cost visibility lag: cost tracking requires reading Claude Code's token usage; if the API changes, cost-guard.mjs may report inaccurately.
  5. 32 stars: very small community. Active maintainer but limited external vetting.
04

Workflow

GreatCTO — Workflow

Standard SDLC Pipeline

User: /start "build a refund endpoint with PCI-DSS scoping"
          ↓
[Critics phase — runs before gate:plan]
  ├── Architecture critic (coupling, scalability, circular deps)
  ├── Spec critic (wrong problem, misaligned criteria, ungreed scope)
  └── Schema critic (NOT NULL + no default, missing CONCURRENTLY, irreversible migrations)
          ↓
[Planning phase]
  ├── architect (claude-opus-4-7): architecture docs, ADRs, cost estimates, Well-Architected review
  ├── pm: decompose into Beads tasks, dependency graph
  └── auto-attach reviewers: pci-reviewer, enterprise-saas-reviewer (from file/topic routing)
          ↓
[GATE: gate:plan] ← Human approves architecture + tasks + cost
          ↓
[Implementation phase]
  ├── senior-dev: TDD implementation (RED → GREEN)
  ├── 12-angle review: pattern-matched specialist agents
  │     └── pci-reviewer, db-migration-reviewer, security-officer, etc.
  ├── qa-engineer: QA report, coverage, acceptance criteria
  └── security-officer: security review, CSO report
          ↓
[GATE: gate:ship] ← Human approves PR ready + security signed off
          ↓
[Release phase]
  └── devops: deploy, canary, rollback, SLO

Jurisdiction-Adaptive Pipelines

npx great-cto init scans README + infra files and writes .great_cto/FLOW.md:

Project Type Extra Agents Extra Gates Cost/cycle
Fintech EU pci-reviewer, gdpr-reviewer, regulated-reviewer gate:gdpr-dpia, gate:plan, gate:ship ~$8–18
Healthcare US fda-reviewer, healthcare-reviewer, security-officer gate:clinical-validation, gate:plan, gate:ship ~$8–18
CLI tool cli-reviewer gate:plan only ~$0.5–3

Phase Map

Phase Agent(s) Artifact Gate?
Critics Architecture critic, Spec critic, Schema critic Critic reports No
Architecture architect ARCH-*.md in docs/architecture/ No
Planning pm Beads tasks (bd create), FLOW.md No
Plan review N/A gate:plan created as Beads item YES — gate:plan
Implementation senior-dev Code + tests (TDD) No
Code review Specialist reviewers (12-angle) Verdict logs in .great_cto/verdicts/ No
QA qa-engineer QA-*.md in docs/qa-reports/ No
Security security-officer CSO-*.md in docs/security/ No
Ship review N/A gate:ship created as Beads item YES — gate:ship
Deploy devops Deploy artifacts No

Daily Commands

/inbox     # Pending gates · P0 incidents · blocked tasks · stale in-progress
/digest    # Weekly DORA + delta vs last week + cost-per-feature roll-up
/board     # Open Kanban dashboard at localhost:3141

Memory Loop

Session 1: /start + pipeline runs → gate verdicts → lessons.md
Session 2: SessionStart loads HANDOFF.md → architect sees previous decisions
Session N: /crystallize → global-patterns/GP-*.md (crystallized incident patterns)
Agent query: SKILL.md routing checks active patterns matching archetype before dispatch

Cost Governance

UserPromptSubmit hook runs cost-guard.mjs on each prompt — monitors accumulated LLM spend. Dashboard shows 30-day LLM cost vs human-equivalent baseline and savings_x ratio.

06

Memory Context

GreatCTO — Memory and Context

11 Memory Layers

Layer Location Scope What's Stored
1 ~/.great_cto/decisions.md User-global Cross-project architectural decisions + gate verdicts
2 ~/.great_cto/preferences.md User-global CTO preferences (style, tech stack, risk tolerance)
3 ~/.great_cto/global-patterns/GP-*.md User-global Crystallized incident patterns (built by /crystallize)
4 .great_cto/PROJECT.md Project-local Project phase, archetype, jurisdiction, stack
5 .great_cto/FLOW.md Project-local Generated pipeline for this project
6 .great_cto/brain.md Project-local Running synthesis of project context
7 .great_cto/CODEBASE.md Project-local Codebase summary
8 .great_cto/lessons.md Project-local Retrospective learnings from this project
9 .great_cto/HANDOFF.md Project-local Auto-saved pre-compact handoff state
10 .great_cto/verdicts/*.log Project-local Per-agent verdict logs
11 .great_cto/agent-writes.log Project-local Audit log of all file writes by agents

Crystallize Pattern

The /crystallize command extracts patterns from session history into permanent global patterns:

Session incidents → continuous-learner agent → knowledge-extractor agent
                                                       ↓
                                    ~/.great_cto/global-patterns/GP-*.md
                                    (archetype, symptom, detection_order, hits counter)

At SessionStart, active patterns matching the current project archetype are shown:

GP-001 (hits=3): Missing CONCURRENTLY index on auth_tokens
  → Check first: schema migration file

Cross-Session Handoff

PreCompact hook triggers automatically before context window compaction:

  • Saves git state (branch, last commit, uncommitted files)
  • Saves open gates and tasks
  • Saves last agent verdict
  • Saves paths to latest arch/QA/security docs
  • Writes to .great_cto/HANDOFF.md

On next session, SessionStart hook reads HANDOFF.md and injects it as context.

Skill Discovery Cache

Background process on SessionStart:

  • ~/.great_cto/catalog — git clone of claude-code-templates (depth=1, refreshed weekly)
  • ~/.great_cto/anthropic-skills — git clone of anthropic/skills (refreshed weekly)
  • ~/.great_cto/personal-skills — git clone of avelikiy/ai-agent-skills (refreshed daily)
  • ~/.great_cto/skills-registry.json — discovered skills index (refreshed daily)

Agent Context Injection

Three-layer context injection for subagents (SubagentStart hook):

  1. PROJECT.md (first 15 lines) — archetype, phase, jurisdiction, current sprint
  2. brain.md current synthesis — running project knowledge summary
  3. HANDOFF.md (first 20 lines) — open gates, recent commits, last agent

Memory Scope Note

decisions.md is user-global — architectural decisions accumulate across ALL projects. This is intentional: an architect making a schema decision in project B can be informed by what worked in project A.

07

Orchestration

GreatCTO — Orchestration

Pattern

Hierarchical sequential pipeline with specialist agent routing. One orchestrator skill (SKILL.md) dispatches named subagents sequentially through SDLC phases, with two human gates enforced via Beads tasks.

Orchestration Model

great_cto skill (orchestrator)
     │
     ├── Phase detection (PROJECT.md phase field)
     ├── Route to correct pipeline stage
     └── Dispatch Agent tool with specific subagent_type:
           ├── architect (planning phase)
           ├── pm (task decomposition)
           ├── senior-dev (implementation)
           ├── qa-engineer (testing)
           ├── security-officer (security)
           ├── devops (release)
           └── [specialist reviewers auto-attached by file pattern]

Agent Routing (SKILL.md)

Routing is deterministic — file patterns and topic keywords map to specific agent types. The SKILL.md routing table has ~40 rows. Key principle: "If a file pattern OR topic in the user's request matches one of the rows, dispatch that specialist first. Reach for general-purpose only when nothing matches."

When uncertain: "run two agents in parallel."

Specialist Auto-Attach

scripts/hooks/auto-attach-reviewers.mjs runs at SessionStart and after agent completion. It scans the current task/PR diff for file patterns and automatically queues additional specialist reviewers (e.g., if stripe. appears in a changed file → pci-reviewer is attached).

Multi-Model Support

  • architect uses claude-opus-4-7 explicitly (high-stakes architecture decisions)
  • Most agents use sonnet (inferred — cost balance for implementation/review)
  • board command uses haiku (minimal reasoning needed for dashboard ops)
  • MCP server great_cto_llm_router provides OpenRouter access → architect can call ask_kimi tool for external model consultation

Consensus Mechanism

None formal. The two-gate model provides human consensus at plan and ship. Agent verdicts (in .great_cto/verdicts/*.log) are inspected by the human at gate time.

Three critic agents (architecture, spec, schema) serve as an adversarial check before the plan gate — not consensus, but sequential pre-gate review.

Concurrent Agents

Limited concurrency. The primary pipeline is sequential. The SKILL.md routing note says "run two agents in parallel" when uncertain — this uses Claude Code's Agent tool with parallel dispatch. Beads manages task status to prevent duplicate work.

Approval Gates

2 mandatory human gates per feature:

Gate Trigger Human Decision What to Check
gate:plan After architect + pm complete Approve/reject architecture + task list + cost estimate ARCH doc, task list, cost tile on board
gate:ship After QA + security complete Approve/reject PR QA report, CSO report, test coverage

Jurisdiction-specific projects add extra gates (e.g., gate:gdpr-dpia, gate:clinical-validation).

Gates are tracked as Beads items:

bd list --label gate --status open  # Shows pending gates

Audit Trail

  • .great_cto/verdicts/*.log — per-agent verdict files
  • .great_cto/agent-writes.log — every file write with timestamp and tool
  • .great_cto/permission-denied.log — permission denial events
  • docs/architecture/ARCH-*.md — architecture decision artifacts
  • docs/qa-reports/QA-*.md — QA reports
  • docs/security/CSO-*.md — security officer reports
08

Ui Cli Surface

GreatCTO — UI and CLI Surface

Install

npx great-cto init

Restart Claude Code after init. Superpowers and Beads are installed automatically as plugin dependencies.

Slash Commands (39)

All commands are available after init via the Claude Code / prefix.

Most-used daily commands:

/start "describe the feature"  # Begin new feature pipeline
/inbox                          # Pending gates, P0, blocked tasks, stale
/board                          # Open Kanban dashboard
/digest                         # Weekly DORA + cost roll-up
/review                         # Trigger 12-angle code review
/audit                          # Run project audit
/cost                           # Show per-agent cost breakdown
/crystallize                    # Extract patterns from sessions

Web Dashboard: great-cto board / localhost:3141

Feature Detail
URL http://localhost:3141
Start /board command starts server in background if not running
Tech Zero-dependency Node.js server (packages/board/server.mjs) + SSE for real-time updates
Auth Local-only

Dashboard Sections

Section Content
Kanban Pipeline stages with real-time SSE updates; each card shows agent, status, cost
Inbox Pending gates, P0 incidents, blocked tasks, stale in-progress
Agents 57 specialist agents with last-used timestamp and run counts
Memory 11 memory layers visualization + crystallized global patterns
Metrics LLM cost over 30 days, human-equivalent baseline, savings_x ratio
Cost tile Per-agent cost breakdown for current feature

Dashboard Screenshots Available

  • Board (Kanban with SSE)
  • Metrics (cost, velocity, savings_x)
  • Inbox (gates, P0, blocked, stale)
  • Agents (57 specialists with run counts)
  • Memory (11 layers + crystallized patterns)

Plugin.json Registration

{
  "name": "great_cto",
  "id": "great_cto",
  "version": "2.22.1",
  "description": "Engineering process for solo founders and teams up to 50 engineers. Agents do architecture, code review, QA, and security. You make two decisions per feature.",
  "dependencies": ["superpowers@superpowers-marketplace", "beads@local"],
  "mcpServers": { "great_cto_llm_router": {...} },
  "hooks": { ... }
}

CLAUDE.md (repo-level agent instructions)

Key rules:

  • Never mention private project names in any committed artifact
  • Use <private-project> placeholder
  • No hardcoded local paths
  • Zero telemetry (privacy policy enforced)
  • ESM modules only, TypeScript strict, Node >= 20
  • Commit format: <type>: <description>

Beads CLI (bd)

Installed automatically via beads@local dependency. Used throughout for task tracking:

bd list --label gate --status open  # List pending human gates
bd list --status open               # List all open tasks
bd prime                            # Cache task state for speed
bd ready                            # Show ready (unblocked) tasks

Related frameworks

same archetype · same primary tool · same memory type

OpenHarness ★ 13k
A11 Governance

Open-source Python agent runtime providing complete harness infrastructure: tools, memory, governance, swarm coordination, and…

Trae Agent ★ 12k
A11 Governance

Research-friendly open-source CLI coding agent by ByteDance, designed for academic ablation studies and modular LLM provider…

Sweep AI ★ 7.7k
A11 Governance

Autonomous GitHub bot that converts issues to pull requests using a sequential multi-agent pipeline.

Agent Governance Toolkit (microsoft) ★ 2.3k
A11 Governance

Enterprise-grade AI agent governance: YAML policy enforcement, 12-vector prompt injection defense, zero-trust identity,…

TDD Guard ★ 2.1k
A11 Governance

Mechanically enforces the Red-Green-Refactor TDD cycle by blocking file writes that violate TDD principles via a PreToolUse hook…

Agentic Coding Flywheel Setup (ACFS) ★ 1.5k
A11 Governance

Take a complete beginner from laptop to three AI coding agents running on a VPS in 30 minutes via an idempotent manifest-driven…