AI autopilots for business — get the work done, not just the software.
npx great-cto initWebsite · One real run → · Live demo · Discussions · Changelog
Русский · 简体中文 · 繁體中文 · 日本語 · 한국어 · Español · Português · Deutsch · Français
The next wave isn't tools for specialists — it's autopilots that sell the outcome of a service. An autopilot runs a whole business function end to end (intake → process → decide → deliver) and escalates only the judgment calls to a qualified human. Every model improvement makes the service faster and cheaper.
GreatCTO ships those autopilots — each one a flow of agents + tools with a human on the risky steps, a built-in compliance reviewer, and live connectors that run each flow on real data.
| Autopilot | What it does | Market | Who's building it |
|---|---|---|---|
| 🩺 Medical-coding | Clinical notes → clean, compliant claims; a certified coder signs the risky ones | $50–80B | Anterior · CodaMetrix · Fathom |
| 🖥️ Managed-IT | Patches, configs & access across the fleet — staged, reversible, human on big changes | $100B+ | Serval · Edra · Electric AI |
| ⚖️ Legal-document | Drafts & redlines contracts and NDAs; a licensed attorney signs anything that's advice | $20–25B | Crosby · Harvey · Robin AI |
| 📒 Bookkeeping & close | Books, reconciles & closes the month; a controller signs the close | $50–80B | Rillet · Basis · Digits |
| 🧾 Tax-prep | Prepares returns & classifies positions; a credentialed preparer signs before filing | $30–35B | Black Ore · April · Column Tax |
| 🛒 Source-to-pay | Onboards suppliers, matches invoices, releases payments — screened for sanctions & fraud | $200B+ | Tacto · Zip · AskLio |
| ✅ Prior-authorization | Auth request + chart → approval or a clean determination; a medical director signs every denial | $35–56B | Cohere Health · Anterior · Develop Health |
| 🛡️ KYC/AML | Onboards, screens & monitors customers; a BSA Officer signs every SAR | $61B | Diligent AI · Alloy · Sardine |
| 🔐 Managed-SOC | Triages & investigates every alert 24/7; a SOC analyst signs any containment | $4–6B | 7AI · Dropzone · Prophet Security |
| ☂️ Claims & underwriting | Adjudicates claims & prices risk; a licensed adjuster/underwriter signs the call | $36–38B | Shift · Akur8 · Avallon |
| 🏠 Mortgage-underwriting | Processes & underwrites to clear-to-close; a DE underwriter signs | $40B+ | Tidalwave · Zest AI · Blend |
| 🔑 Title & escrow | Title search, escrow & closing; a licensed officer signs the title & the wire | $16.2B | Propy · Qualia · Titl |
| 🪪 Provider-credentialing | Primary-source verifies & enrolls a provider; the committee signs privileging | $1.2B+ | Medallion · Verifiable · CertifyOS |
| 💰 Debt-collection | Compliant outreach & payment plans; a manager signs escalation & settlements | $13.5–16B | CollectWise · InDebted · Tesorio |
| 🚚 Freight-brokerage | Matches loads to vetted carriers & books; a licensed broker signs binding rates | $19–125B | HappyRobot · FleetWorks · Vooma |
| 🧪 Clinical-trial-ops | Screens patients & runs monitoring; the PI / medical monitor signs eligibility | $20–28B | Triomics · QuantHealth · Tempus |
| 🛃 Customs-clearance | Classifies, values & screens imports; a licensed customs broker signs the entry of record | $4.6B | Digicust · Flexport · Avalara |
| 📊 SOX ITGC audit | Tests IT general controls & drafts workpapers; a CPA signs the opinion | $15–25B | Midship · Scytale · AuditBoard |
| 💊 Pharmacovigilance | Processes adverse-event cases; a QPPV / drug-safety physician signs before reporting | $1.65B | ArisGlobal · Indegene · Lifebit |
| 🗽 Immigration | Assembles petitions & checks eligibility; a licensed attorney of record signs before filing (UPL) | $3.2B | Boundless · Lawfully · Docketwise |
| 🏠 Appraisal | Pulls comps & reconciles value; a state-certified appraiser signs every USPAP report (independence) | $9.2B | Clear Capital · Reggora · Class Valuation |
| 💵 Payroll | Computes gross-to-net & tax; a payroll manager (CPP) signs before ACH funding + the 941 deposit | $5.8B | Gusto · Rippling · Deel |
| 🦺 Workers-comp | Determines compensability & benefits; a licensed adjuster signs denials & terminations (bad-faith) | $6.5B | CLARA Analytics · Gradient AI · Sedgwick |
| 📜 Estate | Drafts & assesses wills/trusts; a licensed estate attorney signs before execution (UPL) | $2.4B | Trust & Will · Wealth.com · Vanilla |
| 💡 Patent | Prior-art + patentability; a USPTO-registered practitioner signs before filing (37 CFR 11 / candor) | $5.1B | Solve Intelligence · IPRally · DeepIP |
→ All autopilots · run /flow <vertical> to see any flow in your terminal
Each autopilot keeps a human on the judgment calls — a certified coder, a licensed attorney, a controller, a credentialed preparer. The autopilot does the volume; the human owns the call that carries liability. 22 live connectors run on real data across the 25 verticals — FHIR, ICD-10 (NLM), NCCI/MUE, X12 837P, DocuSign, Plaid, OFAC, staged-rollout, a US federal tax engine, plus medical-necessity criteria, claims fraud-scoring, mortgage AUS (DU/LPA), OIG/SAM exclusion screening, FMCSA carrier-vetting, Reg-F/TCPA outreach guardrails, IOC threat-intel, and FinCEN SAR generation. They're keyless by default (public source or deterministic real generation) and POST to the real provider the moment you add credentials.
→ The buyer-facing story of this surface: greatcto.systems/operate
great-cto board opens the operator console at http://localhost:3141/autopilot.html — the
Operate-mode surface where the autopilot's work lands for a named human. Every case the autopilot
can't auto-clear waits in the inbox with its AI recommendation, confidence, evidence and an SLA
clock; signing executes the irreversible write, rejecting stops it. Nothing irreversible runs without
a signature.
Two surfaces, one engine. The builder board (you) and the operator console (your signers) are separate faces of the same server:
great-cto board # builder: kanban, agents, pipeline — localhost only
great-cto console --port 8788 # operator console ONLY — the dev board does not exist here
great-cto console --bind 0.0.0.0 # hostable (tunnel / console.client.com); invite-only entryOn the console surface there is no local-admin fallback — without a valid invite link the
operator sees an "ask your administrator" screen. An invite token never opens builder routes
(any mode), and an invited operator acts strictly inside their own tenant. Invite links expire
after 7 days (GREAT_CTO_INVITE_TTL_DAYS, 0 = never).
Quick start: onboarding your signers (one npx great-cto install covers both surfaces):
- Admin opens the console → Team panel → picks the operator's role (underwriter, BSA officer, certified coder… — 26 roles) and tenant → Create invite → copies the link (or emails it). The link expires in 7 days.
- Operator opens the link — and is in: role and workspace are baked into the token and can't be changed from the browser. They see only the console (tenant's brand if set), only their tenant's cases.
- Work: cases land in the inbox — started by hand, or pushed by a source system via
POST /api/autopilot/ingest(HMAC-signed withGREAT_CTO_INGEST_SECRET). The operator reads the AI recommendation + evidence and signs or rejects; every decision is recorded with date, time, evidence and confidence in the audit trail. - Revoke: Team → Revoke kills the token instantly.
When binding beyond loopback (--bind), operators are protected by invite tokens; put your
reverse-proxy auth in front for anything admin-grade — full hosted auth ships with the
console package split (P5 in docs/plans/PLAN-ui-split.md).
 Case drawer — the decision criteria (the SOP), the connector evidence, the AI-drafted determination, and the tamper-evident audit trail — everything the signer needs in one panel |
 Ops tab — cost & latency metering, connector health (failure rate + p95), and a dead-letter queue with one-click requeue |
→ The builder-facing story of this surface: greatcto.systems/build
Each autopilot is built and operated by a gated pipeline of specialist agents — architect, 12-angle reviewer, QA, security officer, devops — tuned to your stack and jurisdiction. You make two decisions per feature; everything else runs automatically. Every vertical ships with its own domain compliance reviewer — False Claims Act & NCCI for coding, OFAC & BSA for AML, FDCPA & Reg F for collections, 21 CFR Part 11 for trials, ECOA for lending, ALTA for title, FMCSA for freight — that blocks an unsafe design before it ever runs. Each reviewer is held to an adversarial golden test set in CI before release. The reviewers, signed human gates, audit trail, and live connectors are the trust layer that makes it safe to let the autopilot run.
Recommended companion MCP: Serena (semantic code navigation). On large codebases the code-writing agents (senior-dev, coder) burn context grepping and reading whole files. The Serena MCP gives them symbol-level navigation (find-symbol, references, structure) instead:
claude mcp add serena -- uvx --from git+https://github.com/oraios/serena \
serena start-mcp-server --context ide-assistant --project "$(pwd)"Optional — everything works without it; with it, implementation tasks on big repos use noticeably less context per edit.
The permission is never the wound. Every flow step is tagged reversible or not; the runtime
refuses to execute an irreversible action autonomously — money moves, claim submission, e-signing,
fleet changes and tax filing run only after a named human signs the checkpoint. Each autopilot also
declares an accountable owner — one person answers for what it does. flow-runner.mjs <vertical> --validate enforces the invariant; all twenty-five autopilots ship green.
| One regulated feature, end to end (voice-AI compliance pack, traced) | 1h 26m · $3.40 LLM vs ~$42K / ~6 weeks traditional |
| An earlier CLI-feature run, same pipeline | $2.39 LLM vs ~$5,460 human-equivalent; security caught 2 defects QA had passed |
| Monthly cost (20 pipeline runs) | ~$34 |
| Autopilot verticals | 25 (healthcare · finance · legal · ops — each with a human gate) |
| Specialist agents | 83 |
| Archetypes auto-detected | 26 |
| Jurisdictions | 12 (GDPR · HIPAA · PCI-DSS · SOX · and more) |
→ Full trace with all artefacts
npx great-cto init — scans your stack and README, detects jurisdiction (GDPR? HIPAA? PCI?), writes .great_cto/FLOW.md with the exact agents, gates, and compliance frameworks for your project.
/start "describe the feature" — critics review the architecture and spec before any code is written. You review the plan at gate:plan.
Agents run automatically — senior-dev implements with TDD, 12-angle review, QA, security, devops. You approve ship at gate:ship.
Same command. Output depends on what you're building and where it runs:
| Fintech startup · EU | Healthcare portal · US | CLI tool | |
|---|---|---|---|
| Specialist agents | pci-reviewer · gdpr-reviewer · regulated-reviewer |
fda-reviewer · healthcare-reviewer · security-officer |
cli-reviewer |
| Human gates | gate:gdpr-dpia · gate:plan · gate:ship |
gate:clinical-validation · gate:plan · gate:ship |
gate:plan |
| Compliance | GDPR · PCI-DSS · SOX | HIPAA · HITECH | — |
| Cost / cycle | ~$8–18 | ~$8–18 | ~$0.5–3 |
→ Try the interactive picker: greatcto.systems/#flow-picker
great-cto board opens at http://localhost:3141 — Kanban with realtime SSE, per-agent cost tile, pipeline status, 30-day LLM spend vs human-equivalent baseline.
 Metrics — LLM cost, human-equivalent baseline, savings_x ratio |
 Inbox — pending gates, P0 incidents, blocked tasks, stale in-progress |
 Agents — the fleet with activity, health, retire candidates, and 30-day LLM spend |
 Memory — browsable project memory layers: PROJECT.md, archetypes, skills, lessons |
One builder, many operators. Build is for the one-person engineering org — an indie hacker, solo founder, or technical CTO running the pipeline on Claude Code or OpenAI Codex. Operate is for everyone who signs the work: licensed adjusters, attorneys, controllers, compliance leads — invited into the operator console with scoped, tenant-isolated links. One engineer builds the autopilot; the whole back office runs on it. Not for multi-dev engineering teams — see FAQ.
npx great-cto initRestart your AI host after init. Requires: Node 18.17+ and one of:
| Host | Install flag | Status |
|---|---|---|
| Claude Code | (default) | ✅ full support |
| OpenAI Codex | --host codex |
✅ hooks + MCP + agents |
# Claude Code (default)
npx great-cto init
# OpenAI Codex Desktop / CLI
npx great-cto init --host codexSuperpowers and Beads companion plugins install automatically — no manual setup needed.
📖 Full documentation — two gates · critics · 83 agents · 26 archetypes · 12 jurisdictions · 45+ compliance frameworks · board · cost · MCP
🟡 gate:plan ← you decide here (architecture + tasks + cost)
↓
🤖 senior-dev → 12-angle review → qa-engineer → security-officer → devops
↓
🟢 gate:ship ← you decide here (PR ready, security signed off)
Architects, planners, reviewers, QA, security, DevOps run automatically between those two human checkpoints. Memory persists between sessions: every gate verdict appends to ~/.great_cto/decisions.md, every retrospective appends to per-project lessons.md, and /crystallize promotes high-impact patterns to a global library agents query before re-solving.
The most expensive bugs aren't in the code — they're in decisions made before coding starts. Three critic agents run before the Plan stage, at the three positions where a mistake costs the most:
| Critic | Catches |
|---|---|
| Architecture critic | Coupling that rules out multi-tenancy later · "obvious" O(n²) on real-scale data · circular dependencies between bounded contexts |
| Spec critic | "We solved the wrong problem" — the worst class of bug, because no unit test will catch it · misaligned acceptance criteria · scope that was never agreed on |
| Schema critic | NOT NULL without a default on a 50M-row table (deadlock in 10min after deploy) · missing CONCURRENTLY on index creation · irreversible migrations with no rollback path |
Previously critics only activated starting from Plan. Now the pipeline catches architectural and spec-level mistakes before implementation begins — when reverting costs hours, not days.
| great_cto | Devin | Claude Code (alone) | |
|---|---|---|---|
| Open source | ✅ MIT | ❌ closed | ❌ closed plugin model |
| Self-host | ✅ runs locally | ❌ Cognition cloud | ✅ |
| Host | ✅ Claude Code + Codex | ❌ Cognition cloud | ✅ Claude Code |
| BYOK / multi-model | ✅ Claude Code · Codex | ❌ proprietary | ❌ Anthropic only |
| Specialist agents | 83 (architect · PM · 12-angle review · QA · security · devops · reviewers across archetypes, packs & jurisdictions) | 1 generalist | 1 generalist |
| SDLC orchestration | architect → plan → impl → review → QA → security → devops | one-shot autonomy | edit loop |
| Human gates | ✅ 2 per feature (plan + ship) | ❌ none | ❌ |
| Memory across sessions | ✅ decisions.md + lessons.md + crystallize |
||
| Cost tracking | ✅ per-agent + 30d history + savings_x | ❌ | ❌ |
| Compliance frameworks | ✅ 45+ (PCI · HIPAA · SOX · GDPR · CCPA · DPDPA · EU AI Act · FDA SaMD · COPPA · FERPA · FedRAMP · NAIC · …) | ❌ | ❌ |
| Pricing | free (you pay your LLM provider) | $500/mo | $20/mo |
| Setup | npx great-cto init |
sign up | install CLI |
great_cto is not another coding-agent loop — it's the orchestration layer above the coding agent you already use. Think "specialist team that reviews and gates the work" rather than "another assistant that types code."
npx great-cto init scans three signal sources — README keywords, infra region strings (Terraform, .env AWS_REGION=, docker-compose TZ=), and package.json homepage TLD — and auto-detects which of 12 jurisdictions apply:
| Jurisdiction | Signals (README + infra) | Frameworks | Reviewer |
|---|---|---|---|
eu |
gdpr · eu users · nis2 · eu ai act · eu-west-* · .de TLD |
GDPR · EU AI Act · NIS2 · ePrivacy | gdpr-reviewer |
us-ca |
ccpa · cpra · california residents · do not sell | CCPA / CPRA | us-privacy-reviewer |
uk |
uk gdpr · information commissioner · dpa 2018 | UK GDPR · DPA 2018 | gdpr-reviewer |
in |
dpdpa · india users · rbi data localisation | DPDPA 2023 · RBI | dpdpa-reviewer |
br |
lgpd · anpd · brazil users | LGPD | gdpr-reviewer |
au |
privacy act 1988 · oaic · notifiable data breach | Privacy Act 1988 · CDR | us-privacy-reviewer |
sg |
pdpa · pdpc · mas guidelines · singpass | PDPA · MAS TRM | us-privacy-reviewer |
ca |
pipeda · quebec law 25 · casl · canadian users · ca-central-* |
PIPEDA · Quebec Law 25 · CASL · OSFI B-10 | us-privacy-reviewer |
jp |
appi · japan users · my number · ap-northeast-1 · japaneast |
APPI 2022 · PPC Guidelines · FISC | us-privacy-reviewer |
cn |
pipl · mlps · china users · cn-north-* · cn-east-* |
PIPL 2021 · DSL 2021 · MLPS 2.0 · CBDT | gdpr-reviewer |
kr |
pipa korea · isms-p · kisa · korea users · ap-northeast-2 |
PIPA · ISMS-P · FSC regulations | us-privacy-reviewer |
us |
ftc · us users · virginia cdpa · texas tdpsa | FTC Act · US state privacy laws | us-privacy-reviewer |
Word-boundary matching prevents false positives ("india" doesn't match "indiana"). Detected jurisdiction is written to PROJECT.md as jurisdiction: [eu, us-ca] and gates the appropriate reviewer on every feature. Override manually:
jurisdiction: [eu, us-ca]/start "build a refund endpoint with PCI-DSS scoping"
# → architect → enterprise-saas-reviewer (PCI-DSS auto-loaded)
# → pm → 5 Beads tasks → gate:plan (you approve)
# → senior-dev → 12-angle review → qa → security-officer
# → gate:ship (you approve) → devops → deployed
/inbox
# Pending gates · P0 incidents · blocked tasks · stale in-progress
/digest
# Weekly DORA + delta vs last week + cost-per-feature roll-upPlus: /audit (existing-codebase scan), /cost (LLM router savings), /sec (security umbrella), /oncall, /release, /rfc. Full list: ~/.claude/commands/ after install.
~$34/month for a typical solo-CTO project — 20 pipeline runs/month, indicative.
| Pipeline | Cost/run | Runs/mo | Total |
|---|---|---|---|
| quick (config / typo) | $0.10 | 10 | $1 |
| quick (new endpoint) | $1 | 6 | $6 |
| standard (feature) | $5 | 3 | $15 |
| deep (cross-cutting) | $12 | 1 | $12 |
| ~$34 |
Pay your own Anthropic API tokens. No per-seat fee. No SaaS lock-in. Routine triage auto-routes to Kimi K2 (Sonnet-equivalent at ~5× lower cost) → 60–80% reduction on log clustering.
Each archetype activates its own specialist agents and compliance checklists. Top 7:
| Archetype | Tier | Specialist agents | Compliance |
|---|---|---|---|
enterprise-saas |
deep | enterprise-saas-reviewer | soc2-type-2 · iso27001 · gdpr · ccpa |
agent-product |
deep | ai-prompt-architect · ai-eval · ai-security | eu-ai-act · owasp-llm-top-10 |
fintech |
deep | pci · regulated | pci-dss · sox · kyc-aml · gdpr · dora |
mlops |
deep | mlops-reviewer · ai-eval | eu-ai-act · nist-ai-rmf · iso42001 |
library |
baseline | library-reviewer | openssf · sbom |
cli-tool |
baseline | cli-reviewer | — |
mobile-app |
standard | mobile-store-reviewer | store-policy · gdpr |
defense-govcon |
deep | cmmc-reviewer · gov-reviewer | cmmc-2.0 · nist-800-171 · dfars · itar · section-889 |
Full table (26 archetypes) + how detection works: docs/ARCHETYPES.md.
Deep US coverage — beyond GDPR/PCI/HIPAA, great_cto now reviews against SEC cyber-disclosure (8-K Item 1.05), CMMC 2.0 / NIST 800-171 for defense contractors, US AI governance (NIST AI RMF · Colorado SB 205 · Utah/Texas AI), web-tracking litigation (VPPA · CIPA · Washington MHMDA), and HMDA / SR 11-7 model risk for lending.
Domain packs ride on top of archetypes. Auto-attached when CLI detects pack-specific signals (deps, README terms). Each pack adds its own reviewer(s), threat-model template, EVAL suite, and human gates — independent of base archetype.
| Category | Packs |
|---|---|
| AI verticals | voice-pack · clinical-pack · hr-ai-pack · drug-discovery-pack |
| Digital health | digital-health-pack (wearable telemetry · mental-health AI · nutrition AI · physician HITL) |
| Fintech / regulated | lending-pack · em-fintech-pack |
| High-compliance | clinical-trials-pack · climate-pack |
| Engineering | api-platform-pack · robotics-pack |
| US market | sec-cyber-pack (SEC 8-K disclosure) · adtech-privacy-pack (VPPA · CIPA · MHMDA) · us-ai-pack (NIST AI RMF · Colorado SB 205) |
→ 28 human-gate types + 53 reference EVAL suites + 15 TM templates. Browse all 14 packs with 4-layer journey visualization (archetype → pack → reviewer → gate): greatcto.systems/packs.html.
The canonical receipt: a voice-AI compliance pack (TCPA screening, STIR/SHAKEN, state recording-consent) shipped through the full pipeline in 1h 26m wall-clock for $3.40 in LLM cost — architect → threat model → implementation → 5 reviewers → human gates → merged PR. The traditional path for the same regulated feature: ~170 hours and ~$42K. Every stage timestamped, every artifact links to a public GitHub PR.
An earlier run on a Python CLI feature ($2.39 vs ~$5,460 human-equivalent) showed the review model working: security caught two real defects QA had passed (list(stream_csv()) defeated streaming → 14.5 MB peak RSS on 13 MB input).
Full trace + artefacts: greatcto.systems/proof · raw: docs/qa/runs/2026-05-09/E2E-CLI-PIPELINE.md.
Drop into any GitHub Actions workflow:
- run: npx great-cto@latest ci ./ --sarif results.sarif
- uses: github/codeql-action/upload-sarif@v3
if: always()
with: { sarif_file: results.sarif }great-cto ci auto-detects $GITHUB_ACTIONS and emits ::error file=...,line=N:: annotations inline on PR diffs. Exit codes: 0 clean / 1 findings / 2 setup error.
Layered test suite — structural + state-machine tier runs in <2 min for $0 (node --test tests/*.test.mjs); real-LLM tier (26 archetypes × 4-8 stages + 14 packs + 13 reviewers) runs on-demand via OpenRouter for ~$5–10. Full breakdown: docs/testing/.
Native MCP server — 7 tools callable from Claude Desktop, Codex, or any MCP host. Local (no board needed): detect_archetype · estimate_cost · query_decisions. Board-backed: project_status · cost_summary · pipeline_stages · recent_verdicts.
{ "mcpServers": { "great-cto": { "command": "npx", "args": ["-y", "great-cto@latest", "mcp"] } } }Full setup + internal MCPs (Grafana, LLM router, Beads): docs/MCP.md.
Five things that need you to act in <2h get emailed automatically — even when you're away from the board:
| Trigger | When |
|---|---|
| 🚨 P0 incident | A P0 task opens in any project |
| ⏸️ Gate stale > 2h | A gate:ship is waiting on you for hours |
| 🛡️ Security BLOCKED | security-officer rejected a merge |
| 💸 Budget alert | Monthly LLM spend crosses 80% / 100% of budget |
| 📊 Weekly digest | Friday 09:00 — shipped, spent, savings, QA |
Setup: board → Notifications tab → enter email → enter the 6-digit code we send → pick triggers. No Resend signup, no API keys — delivery routed through greatcto.systems/notify (free, 100 emails/24h per verified email).
- Not for multi-dev engineering teams — one builder is the product; 2+ engineers sharing the pipeline have outgrown it. Operators are unlimited — invite signers and compliance leads to the console freely.
- Not a replacement for senior engineers — codifies process; doesn't make architectural judgement calls without one.
- Not a CI/CD system — gates run locally / in-session. You still need GitHub Actions for actual merge.
- Not certification-audited — PCI/HIPAA/SOC2 archetype scaffolds are starting points, not certifications.
- Not deterministic — LLM-generated outputs. Every gate verdict should be sanity-checked.
Is my source code used to train models? No. Claude API zero-retention by default for paying customers. great_cto adds nothing.
How do you keep token costs down? Haiku-by-default + Kimi K2 router for triage (60–80% savings) + cost-guard hook.
Can I disable hooks? Every hook honors GREAT_CTO_DISABLE_<NAME>=1. Per-file secret-scan opt-out: // great_cto:allow-secrets.
What if I'm not solo? The engineering side is built for one person — if you have 2+ engineers who need shared builder boards, you've outgrown it. The operating side is multi-user by design: invite as many signers and compliance leads to the operator console as your back office needs (scoped invite links, per-tenant isolation).
Full FAQ: docs/FAQ.md.
📚 Full documentation hub → — organized by Diátaxis: Getting Started · How-to guides · Agents & Commands reference · Architecture · FAQ.
The plugin runs inside Claude Code (or any MCP-capable host); 83 agents are markdown specs; tasks live in Beads (dolt, git-native); memory is plain markdown (no vector store). Diagram + stack table: docs/ARCHITECTURE.md.
v2.40–v2.62 (June 2026) — The autopilot pivot: GreatCTO becomes AI autopilots for business — 25 service-autopilot verticals, each a flow with a measured quality scorecard, an accountable owner, and the runtime invariant that an irreversible action never executes without a human signature. 22 live connectors run every vertical on real data. Story: We pivoted →
v2.46–v2.63 (June 2026) — The operator console: durable runs pause at the human gate and wait in an inbox for a named licensed human; signing executes the write. Role-based access, scoped invites, AI-drafted determinations with evidence, QA sampling, SLA clocks, Ops tab (metering · connector health · dead-letter requeue), WCAG 2.2 AA, light/dark. Story: The operator console →
v2.37–v2.65 (June 2026) — Under the hood: the dev board becomes a pult — approving a gate can spawn a live-streamed agent run; prompt self-improvement gated on held-out evals (SIA-inspired); $0 context compression (CI log 31,475 → 155 chars with the FATAL preserved); Fable 5 support. Story: June under the hood →
- Hosted operator console — one-command tunnel + custom domain for
great-cto console, so signers never need localhost - Vertical depth over breadth — push the measured quality scorecard ≥95 on the top-5 autopilots before adding new ones
- SOC 2 evidence pack — export the audit trail + gate history in auditor-ready format
- Multi-model verification — independent second-model review on irreversible-action gates
avelikiy — CTO building AI-native trading and fintech platforms (0→1, 1→N). great_cto is the result of automating my own loops, one agent at a time. Every rule appeared in response to a real problem in a real production system.
| Channel | What |
|---|---|
| 🐛 Issues | Bugs, feature requests, archetype proposals |
| 💡 Discussions | Questions, patterns, show-and-tell |
| 📝 Blog | Receipts, cost breakdowns, architecture deep-dives |
| 🔒 SECURITY.md | Responsible disclosure |
Pull requests welcome — see CONTRIBUTING.md. Good first issues: good-first-issue.
MIT — see LICENSE.
If great_cto saved you time, please star the repo — it helps other solo CTOs find it.
Built by @avelikiy Stop being the only person who can ship.