Service Organization Control 2 (Trust Services Criteria). Doesn't usually apply to edtech โ but if your specific case touches it, here's how the overlay wires up.
In your edtech project, GreatCTO detects the archetype and overlays the edtech reviewer agent. SOC 2 gates can be attached on demand if your case requires. The reviewer reads the regulation text, your code, your tests, and emits a verdict per requirement โ with a diff if anything's missing.
Stack signals + manifests + README keywords identify edtech as the project type. SOC 2 is opt-in for this archetype.
The reviewer agent prompt encodes each requirement above as a check. When a PR touches relevant code paths, the reviewer fires with the specific check that matters.
Each gate decision is logged to .great_cto/gates.log with timestamp, reviewer, verdict, and rationale. Auditors get a tidy CSV; no scrambling at audit time.
When an auditor flags something in one project, the lesson promotes to ~/.great_cto/decisions.md after the 3rd similar finding. Next project's first run includes the lesson in Step 0.
It does not certify you. SOC 2 compliance requires human accountability โ a CISO sign-off, a DPO review, in some cases an external auditor. GreatCTO ships the evidence; you still own the attestation.
It does not substitute legal review. The reviewer agent encodes commonly accepted readings of the regulation, not your specific jurisdictional interpretation. For high-stakes cases, lawyer involvement is still load-bearing.
It does not eliminate gaps in the requirements list. The list above is the surface area we cover programmatically. SOC 2 has more (Annex II's, sub-clauses, jurisdictional carve-outs). Override the reviewer prompt in agents/edtech-reviewer.md for your specifics.
Every box on the diagram is a clickable link to the agent's source on GitHub.
Voice-AI pack rollout: TCPA + STIR/SHAKEN + state recording consent gates auto-wired. Timeline, costs, artifacts.
The edtech-reviewer prompt is auditable. Read it, override it, fork it.
$ npx great-cto init
Free, MIT, runs locally. The reviewer agent ships with the npm package โ no SaaS portal, no compliance vendor lock-in.