10 archetypes · auto-detected

Archetypes

great_cto reads your repo's stack and picks one of 10 archetypes. Each archetype sets a default security tier — the floor, not the cap. Signals during implementation (new payment deps, auth changes, PII fields, IAM diffs) can upgrade the tier at runtime.

Tier floors: baseline CVE + secret scan (~2 min) · standard + threat model + compliance · deep + pentest review
web-service baseline
REST, GraphQL, SSR, SPA, full-stack apps. Upgrades to standard on auth/PII signals.
mobile-app baseline
iOS, Android, Electron, browser extensions. Upgrades on payment/auth signals.
ai-system standard
Agents, RAG, MCP servers, LLM ops, ML, voice. Upgrades to deep on MCP/tool-use.
data-platform baseline
ETL/ELT pipelines, warehouses, analytics. Upgrades to standard on PII columns.
infra standard
IaC, Kubernetes, platform engineering, migrations. Owns IAM/perimeter — floors at standard.
library baseline
SDKs, CLIs, compilers, plugins, games. Supply-chain floor for published artefacts.
commerce standard
E-commerce, payments, SaaS billing. Upgrades to deep when PCI dependency detected.
web3 deep
Smart contracts, DeFi, custody, trading bots. Deep by default — funds at risk.
iot-embedded deep
IoT devices, firmware, hardware drivers. Deep by default — physical world.
regulated deep
GxP, financial services, ISO 27001 scope. Deep by default — audit-ready.

Domain packs add depth for specialised archetypes: ai-pack · web3-pack · enterprise-pack · data-pack. Full tier model and signal matrix in security-tiers.md.

See the 7 agents → See the 15 commands → ← Back to landing