15 commands · 3 primary + 12 advanced

Commands

Three commands cover the daily flow. Everything else runs on schedule or only when you ask.

Primary the three you use every day

These cover the core loop: describe a feature, review code, check what needs your attention.

/start "<description>"
Runs the full SDLC pipeline — detects archetype, generates architecture doc, implements with TDD, reviews, QA, security, deploys. Gates pause at arch and ship for your approval.
/review
12 independent code-review angles (perf, security, readability, SQL safety, concurrency, API contracts, design system, …). Findings rated P0/P1/P2; P0 blocks the gate.
/inbox
Open gates, blocked tasks, incidents, backlog hygiene, DORA / SLO / security alerts — everything that needs your decision right now, in one view.

Project lifecycle when you reach for them

Health checks, audits, metrics, and the hypothesis-driven PoC mode for early-stage work.

/audit
Existing repo — stack detection, vulnerability scan, outdated dependencies, architectural debt, and a concrete task backlog in Beads. Also runs automatically every Sunday 23:00.
/doctor
Health check. Flags missing artefacts, stale audits, broken Beads, permission denials, drifted configs.
/digest [days] [board]
DORA metrics, cost reconciliation, LLM spend, Dream-Cycle brain update. Add board for a quarterly CEO-ready report. Runs automatically every Monday 9:00.
/poc <hypothesis>
Lightweight PoC mode with forced timebox — skips full pipeline, focuses on learn/kill/keep. See skills/great_cto/references/poc-mode.md.
/promote
Promote a successful PoC into the full pipeline — generates ARCH doc, retrofits tests, routes through gates.

Security unified under /sec

One namespace, five subcommands. Replaces the older /threat-model, /sbom, /security-incident.

/sec [status] [days]
Posture snapshot: CVE MTTR, dependency freshness, threat-model coverage, pentest burn-down, secret rotation.
/sec threat [arch-slug]
STRIDE threat model for a feature (required for security-critical archetypes: ai-system, commerce, web3, iot-embedded, regulated).
/sec sbom [version]
Generate a CycloneDX SBOM for a release — supply-chain audit artefact.
/sec incident "<desc>"
Security-incident workflow — DORA Art. 17-23 / GDPR Art. 33-34 compatible drafting, impact assessment, notification plan.
/sec rotate
Only overdue secret rotations — credential hygiene without noise.

Team & governance conditional — only when relevant

Scales up when you grow past a solo-founder stage. Most have guards (e.g. /rfc warns under team-size 10).

/rfc new|list|close
Cross-team decisions. Guard: team-size < 10 → warns and suggests an ADR instead.
/ownership map|show|set
Service ownership matrix → generates CODEOWNERS. Dependency for /oncall.
/oncall who|schedule|handoff
On-call rotations and shift handoffs. Integrates with l3-support agent for P0 routing.
/release notes|changelog|docs|sync
App Store notes, user-facing changelog, stale-doc detection, version sync across packages.
/burn [service]
Multi-window SLO burn-rate analysis. Only runs if SLOs are configured in PROJECT.md.
/cost [days]
Monthly run-rate, cost-per-deploy, top movers vs monthly-budget. LLM spend + infra combined.

Removed in v1.0.101 (absorbed elsewhere): /triage, /gates, /dora, /investigate, /threat-model, /sbom, /security-incident. Full source in /commands.

← Archetypes ← Agents ← Back to landing