General Data Protection Regulation (EU). Doesn't usually apply to web3 / defi — but if your specific case touches it, here's how the overlay wires up.
In your web3 / defi project, GreatCTO detects the archetype and overlays the web3 reviewer agent. GDPR gates can be attached on demand if your case requires. The reviewer reads the regulation text, your code, your tests, and emits a verdict per requirement — with a diff if anything's missing.
Stack signals + manifests + README keywords identify web3 as the project type. GDPR is opt-in for this archetype.
The reviewer agent prompt encodes each requirement above as a check. When a PR touches relevant code paths, the reviewer fires with the specific check that matters.
Each gate decision is logged to .great_cto/gates.log with timestamp, reviewer, verdict, and rationale. Auditors get a tidy CSV; no scrambling at audit time.
When an auditor flags something in one project, the lesson promotes to ~/.great_cto/decisions.md after the 3rd similar finding. Next project's first run includes the lesson in Step 0.
It does not certify you. GDPR compliance requires human accountability — a CISO sign-off, a DPO review, in some cases an external auditor. GreatCTO ships the evidence; you still own the attestation.
It does not substitute legal review. The reviewer agent encodes commonly accepted readings of the regulation, not your specific jurisdictional interpretation. For high-stakes cases, lawyer involvement is still load-bearing.
It does not eliminate gaps in the requirements list. The list above is the surface area we cover programmatically. GDPR has more (Annex II's, sub-clauses, jurisdictional carve-outs). Override the reviewer prompt in agents/web3-reviewer.md for your specifics.
Every box on the diagram is a clickable link to the agent's source on GitHub.
Voice-AI pack rollout: TCPA + STIR/SHAKEN + state recording consent gates auto-wired. Timeline, costs, artifacts.
The web3-reviewer prompt is auditable. Read it, override it, fork it.
$ npx great-cto init
Free, MIT, runs locally. The reviewer agent ships with the npm package — no SaaS portal, no compliance vendor lock-in.