Django is a Python natural fit for commerce. GreatCTO auto-detects both β adds the commerce archetype overlay, wires commerce-specific gates, and runs 83 specialist agents around your existing Django workflow.
GreatCTO reads your pyproject.toml / requirements.txt and detects django + commerce archetype from signals: imports, file structure, env vars, README hints.
Attaches the commerce archetype overlay: PCI-DSS scope, refund/dispute idempotency, SCA / PSD2 in EU, webhook signature verification. Override if your specifics differ; the defaults are sensible for Django-style projects.
qa-engineer runs mypy / ruff / pytest --cov; security-officer scans for SQL injection patterns common in ORMs (SQLAlchemy, Django ORM); performance-engineer profiles async patterns for I/O contention.
Bugs you've hit before in other Django projects (connection-pool exhaustion, ORM N+1 queries, retry storms) β the agent's Step 0 includes the prior detection order. MTTR drops 94 % on second occurrence (methodology).
$ cd my-django-app && npx great-cto init β scanning manifestsβ¦ found pyproject.toml β stack: django (Python) β archetype: commerce β overlay: applied β 83 agents ready $ /start "add cart + checkout flow" βΈ architect drafting ARCH-commerce.mdβ¦ βΈ pm decomposing into beads tasksβ¦ β gate:plan β your approval needed
Approve β 3 senior-devs run in parallel worktrees β 5 reviewers fan out in parallel β gate:ship β deploy. One real run walked stage-by-stage: /proof.
This is the shape of what senior-dev drafts for "cart + checkout flow" β auth first, schema validation, and the audit line the commerce reviewer requires before gate:ship opens.
# commerce/views.py β drafted by senior-dev, reviewed by 5 agents
from django.contrib.auth.decorators import login_required
from .audit import audit_log # gate:commerce: every decision logged
@login_required # security-officer: auth before handler
def create(request):
form = CommerceForm(request.POST) # qa-engineer: form validation enforced
if form.is_valid():
result = handle(form.cleaned_data, request.user)
audit_log(who=request.user.pk, what="cart + checkout flow", confidence=result.confidence)
return JsonResponse(result.as_dict())commerce overlay.Checkout and cart flows with PCI-DSS scope reduction.
Subscription billing with dunning and refund idempotency.
Marketplace payments with SCA / PSD2 in the EU.
No black-box "AI does it all" loop. GreatCTO is a deterministic state machine β 8 stages, 22 nodes, 2 human gates. Every node maps to a real agent on GitHub. Inspect the state machine β
$ npx great-cto init
Free, MIT, runs locally. Built as a Claude Code plugin β install with one command.
Eight stages, two human gates, four memory layers. Why this exact shape, and what I tried that didn't work.
One run, one feature, from prompt to merged PR. Time, cost, and gate-by-gate breakdown β no marketing math.
Regex vs LLM-based archetype detection, the false-positive count, and why I keep rejecting the obvious fix.
The bottleneck in agentic SDLC isn't model quality β it's process governance. Here's the state machine that closes the gap.