FDA Electronic Records & Electronic Signatures. Doesn't usually apply to insurance / insurtech — but if your specific case touches it, here's how the overlay wires up.
In your insurance / insurtech project, GreatCTO detects the archetype and overlays the insurance reviewer agent. 21 CFR Part 11 gates can be attached on demand if your case requires. The reviewer reads the regulation text, your code, your tests, and emits a verdict per requirement — with a diff if anything's missing.
Stack signals + manifests + README keywords identify insurance as the project type. 21 CFR Part 11 is opt-in for this archetype.
The reviewer agent prompt encodes each requirement above as a check. When a PR touches relevant code paths, the reviewer fires with the specific check that matters.
Each gate decision is logged to .great_cto/gates.log with timestamp, reviewer, verdict, and rationale. Auditors get a tidy CSV; no scrambling at audit time.
When an auditor flags something in one project, the lesson promotes to ~/.great_cto/decisions.md after the 3rd similar finding. Next project's first run includes the lesson in Step 0.
It does not certify you. 21 CFR Part 11 compliance requires human accountability — a CISO sign-off, a DPO review, in some cases an external auditor. GreatCTO ships the evidence; you still own the attestation.
It does not substitute legal review. The reviewer agent encodes commonly accepted readings of the regulation, not your specific jurisdictional interpretation. For high-stakes cases, lawyer involvement is still load-bearing.
It does not eliminate gaps in the requirements list. The list above is the surface area we cover programmatically. 21 CFR Part 11 has more (Annex II's, sub-clauses, jurisdictional carve-outs). Override the reviewer prompt in agents/insurance-reviewer.md for your specifics.
Every box on the diagram is a clickable link to the agent's source on GitHub.
Voice-AI pack rollout: TCPA + STIR/SHAKEN + state recording consent gates auto-wired. Timeline, costs, artifacts.
The insurance-reviewer prompt is auditable. Read it, override it, fork it.
$ npx great-cto init
Free, MIT, runs locally. The reviewer agent ships with the npm package — no SaaS portal, no compliance vendor lock-in.