great_cto

Audit an existing codebase. Detects stack, finds gaps, creates tasks, generates PROJECT.md.

SLO burn rate — multi-window alerting that catches budget exhaustion before it happens. Uses .great_cto/slo-burn-history.log written by /digest.

Cost & capacity health — LLM router savings, run-rate, cost-per-deploy, WoW/MoM delta, headroom vs budget, top movers. Pairs with /digest (delivery+DORA) and /burn (reliability).

Promote extracted incident knowledge into global patterns and agent improvements.

Weekly engineering digest. Velocity, incident trend, tech debt, ADR decisions, open gates, and a CTO recommendation. Add 'board' flag for board-report format.

Health check for great_cto. Shows pipeline state, missing artefacts, hook status, last run per agent, and permission-denied tail.

What needs your attention? Shows open gates, recent activity, blocked items, and pending decisions.

Migrate existing PROJECT.md to the latest great_cto schema — appends missing fields without touching existing values.

On-call rotation management. Who's on duty, shift handoff notes, escalation paths. Reads from .great_cto/oncall-schedule.md and OWNERSHIP.md.

Service ownership matrix. Who owns what: team, tech lead, on-call, SLA. Auto-detects from git history. Generates CODEOWNERS.

Start a hypothesis-driven POC with hard timebox. Skips 80% of the production pipeline; forces ship/pivot/kill decision at expiry.

Promote a POC to MVP/production. Runs the full audits that POC-mode skipped. Required before any POC can see production.

Release manager for frontend and mobile. Writes App Store notes, user-facing changelog, flags stale docs and landing copy. Actions: notes | changelog | docs | sync

12-angle code review + skeptical triage (3-round + arbiter) for security/reliability P0/P1 findings, OR traceability tree. Default: review current branch vs main. `--deep`: triage ALL P0/P1 angles (not just security). With `trace <id>`: render REQ → IMPL → TEST tree for impact analysis. Creates or closes gate:code for approval-level: strict.

RFC process for cross-team decisions. Create, track, and close RFCs. Accepted RFCs auto-create ADRs.

Security umbrella: posture metrics, threat model, SBOM, incident workflow. Subcommands: status (default) | threat | sbom | incident | rotate.

Set up a new project. Describe what you're building — agents do the rest.

Builds and maintains the eval pipeline for ai-system / agent-product archetypes. Outputs tests/eval/EVAL-*.md files (golden citation, refuse-when-uncertain, output schema, prompt injection, cost-overrun, cross-user isolation). Runs regression on every prompt or model change. Detects drift.

Designs and versions LLM system prompts for ai-system / agent-product archetypes. Outputs ADR-PROMPT-{name}.md files with sha256-pinned prompt text, jailbreak resistance test cases, and revision history. Pairs with ai-eval-engineer for golden-set scenarios.

AI-specific pre-implementation threat modelling for ai-system / agent-product archetypes. Specialises in OWASP LLM Top 10 (prompt injection, output exfiltration, SSRF in tool layer, supply chain, cost runaway, cross-user isolation, model jailbreak, RAG poisoning). Outputs threat model TM-{slug}.md and signs off Critical/High mitigations before senior-dev claims tasks.

Use when starting any new feature. Creates architecture docs, ADRs, cost estimates, Well-Architected review. Always first in the pipeline.

Database migration safety specialist. Activates when migrations/ files are detected in a PR or feature branch. Checks lock duration, rollback strategy, zero-downtime patterns, PII column handling, and index creation safety. Writes docs/migrations/MIGRATE-{slug}.md. Blocks deploy if no rollback path exists.

Use after gate:ship is approved. Deploys using the method matching the project type.

IoT/embedded specialist pre-implementation reviewer. Specialises in OTA update strategy, ETSI EN 303 645 compliance, secure boot validation, hardware-in-the-loop test design, power profiling, watchdog patterns, RTOS/firmware-specific patterns (Zephyr, ESP-IDF, FreeRTOS, embassy). Outputs threat model TM-{slug}.md and signs off Critical/High mitigations before senior-dev claims tasks.

Production support. Monitors logs, triages incidents, creates Beads tasks. For P0 — immediate investigation + postmortem.

Web3-DeFi specialist pre-implementation reviewer. Specialises in oracle strategy (Chainlink/Pyth/TWAP), MEV protection (sandwich/JIT/flash-loan), upgradeability decision (Immutable/UUPS/Diamond/Beacon), L2 sequencer halts, custody/multisig/timelock, formal verification scope. Outputs threat model TM-{slug}.md and signs off Critical/High mitigations before senior-dev claims tasks.

Commerce-specific pre-implementation reviewer. Specialises in PCI-DSS scope reduction (SAQ-A vs SAQ-D), idempotency proof, webhook signature validation, refund/dispute flow, Strong Customer Authentication (SCA / PSD2 EU), PSP failover. Outputs threat model TM-{slug}.md and signs off scope decisions before senior-dev claims tasks.

Performance specialist. Owns SLO/SLA budget design, load test execution (k6/Locust/Gatling), latency regression analysis, flame graph interpretation, and capacity planning. Runs after senior-dev, before QA. Writes docs/performance/PERF-{slug}.md. Activated when performance-sla is set in PROJECT.md, or archetype is data-platform / enterprise / commerce.

Use after architect produces the ARCH doc. Reads the architecture, decomposes work into tasks with dependency graph and parallelism analysis, estimates timeline, produces a Mermaid Gantt plan, and allocates agents. Creates gate:plan for human approval before any senior-dev starts.

Use for /audit or when no PROJECT.md exists. Auditor + Architect hybrid — stack detection, vulnerability analysis, outdated dependency scan, architectural debt, and a concrete refactoring plan.

Use after senior-dev completes implementation. Analyzes actual code, then runs type-appropriate QA, writes report, files bugs in Beads.

Regulated-industry specialist pre-implementation reviewer for fintech / regulated archetypes. Specialises in DORA ICT risk (Articles 5 & 16), NIS2 Article 21 controls, ISO27001 SoA gap analysis, SOX ITGC (access control, change management, SoD), HIPAA PHI handling + BAA requirements. Outputs threat model TM-{slug}.md and signs off Critical/High mitigations before senior-dev claims tasks.

Use after QA passes. Runs security audit by project type, writes report, controls gate:ship.

Use to implement tasks from Beads backlog. Claims a task, implements with TDD, closes when done. Can run in parallel.

Pre-implementation Web Store policy reviewer for browser-extension archetype. Validates manifest.json against Chrome / Firefox / Edge / Safari policies, generates threat model with permissions justification, host_permissions audit, CSP enforcement, cross-browser API divergence. Outputs TM-extension-{slug}.md and pre-flight checklist.

Reusable reporting contract for any agent that hands work back to the pipeline. Forces ONE of two terminal statuses (DONE or BLOCKED) with a specific evidence shape. Stops vague "probably finished" and "kind of stuck" verdicts.

Use when the CTO describes a feature, task, or project goal. Orchestrates the full SDLC pipeline automatically based on project type.

Reusable 3-round self-challenge + arbiter pattern for filtering false positives from findings/verdicts. Use when the cost of a false-positive gate block exceeds the cost of ~4 extra LLM turns.

7 hooks across 7 events