Hono is a TypeScript natural fit for agent product. GreatCTO auto-detects both β adds the agent-product archetype overlay, wires agent-product-specific gates, and runs 83 specialist agents around your existing Hono workflow.
GreatCTO reads your package.json and detects hono + agent-product archetype from signals: imports, file structure, env vars, README hints.
Attaches the agent-product archetype overlay: OWASP LLM Top-10 evals, prompt-injection review, EU AI Act high-risk classification. Override if your specifics differ; the defaults are sensible for Hono-style projects.
qa-engineer runs tsc --strict / eslint / vitest --coverage; security-officer checks for prototype pollution + XSS sinks; performance-engineer reviews bundle size + cold-start times.
Bugs you've hit before in other Hono projects (connection-pool exhaustion, ORM N+1 queries, retry storms) β the agent's Step 0 includes the prior detection order. MTTR drops 94 % on second occurrence (methodology).
$ cd my-hono-app && npx great-cto init β scanning manifestsβ¦ found package.json β stack: hono (TypeScript) β archetype: agent-product β overlay: applied β 83 agents ready $ /start "add tool-calling endpoint for the agent loop" βΈ architect drafting ARCH-agent-product.mdβ¦ βΈ pm decomposing into beads tasksβ¦ β gate:plan β your approval needed
Approve β 3 senior-devs run in parallel worktrees β 5 reviewers fan out in parallel β gate:ship β deploy. One real run walked stage-by-stage: /proof.
This is the shape of what senior-dev drafts for "tool-calling endpoint for the agent loop" β auth first, schema validation, and the audit line the agent-product reviewer requires before gate:ship opens.
// src/routes/agent-product.ts β drafted by senior-dev, reviewed by 5 agents
import { Hono } from 'hono';
import { requireAuth } from '../middleware/auth'; // security-officer: auth first
import { auditLog } from '../lib/audit'; // gate:agent-product: every decision logged
const app = new Hono();
app.post('/agent-product', requireAuth, async (c) => {
const body = schema.parse(await c.req.json()); // qa-engineer: zod enforced
const result = await handle(body, c.get('user'));
await auditLog({ who: c.get('user').id, what: 'tool-calling endpoint for the agent loop', confidence: result.confidence });
return c.json(result);
});agent-product overlay.Customer-support agents with tool-calling and human escalation.
Research / browsing agents with cost-runaway protection.
Workflow copilots embedded in existing SaaS products.
No black-box "AI does it all" loop. GreatCTO is a deterministic state machine β 8 stages, 22 nodes, 2 human gates. Every node maps to a real agent on GitHub. Inspect the state machine β
$ npx great-cto init
Free, MIT, runs locally. Built as a Claude Code plugin β install with one command.
Eight stages, two human gates, four memory layers. Why this exact shape, and what I tried that didn't work.
One run, one feature, from prompt to merged PR. Time, cost, and gate-by-gate breakdown β no marketing math.
Regex vs LLM-based archetype detection, the false-positive count, and why I keep rejecting the obvious fix.
The bottleneck in agentic SDLC isn't model quality β it's process governance. Here's the state machine that closes the gap.