Laravel is a PHP workable choice for regulated industry. GreatCTO auto-detects both β adds the regulated archetype overlay, wires regulated-specific gates, and runs 83 specialist agents around your existing Laravel workflow.
GreatCTO reads your composer.json and detects laravel + regulated archetype from signals: imports, file structure, env vars, README hints.
Attaches the regulated archetype overlay: archetype-specific reviewer + compliance gates. Override if your specifics differ; the defaults are sensible for Laravel-style projects.
qa-engineer runs phpstan / phpunit / psalm; security-officer checks SQL injection + Laravel CSRF; performance-engineer reviews query N+1 + Redis cache patterns.
Bugs you've hit before in other Laravel projects (connection-pool exhaustion, ORM N+1 queries, retry storms) β the agent's Step 0 includes the prior detection order. MTTR drops 94 % on second occurrence (methodology).
$ cd my-laravel-app && npx great-cto init β scanning manifestsβ¦ found manifest β stack: laravel (PHP) β archetype: regulated β archetype + stack combo is unusual β review overlay manually β 83 agents ready $ /start "add regulated feature" βΈ architect drafting ARCH-regulated.mdβ¦ βΈ pm decomposing into beads tasksβ¦ β gate:plan β your approval needed
Approve β 3 senior-devs run in parallel worktrees β 5 reviewers fan out in parallel β gate:ship β deploy. One real run walked stage-by-stage: /proof.
This is the shape of what senior-dev drafts for "regulated feature" β auth first, schema validation, and the audit line the regulated reviewer requires before gate:ship opens.
// app/Http/Controllers/RegulatedController.php β reviewed by 5 agents
class RegulatedController extends Controller
{
public function __construct() {
$this->middleware('auth'); // security-officer: auth before handler
}
public function store(StoreRegulatedRequest $request) {
$result = $this->service->handle($request->validated(), $request->user());
AuditLog::record($request->user()->id, 'regulated feature',
$result->confidence); // gate:regulated: every decision logged
return response()->json($result);
}
}regulated overlay.SOX-scoped systems with ITGC change management.
DORA / NIS2-covered services with ICT risk evidence.
ISO 27001 environments with SoA gap tracking.
Laravel (PHP) is not a typical fit for regulated industry. The archetype overlay still attaches, but you may want to override defaults more aggressively. Check the regulated archetype page for the typical stack list and decide if your case is the right tool / right archetype.
No black-box "AI does it all" loop. GreatCTO is a deterministic state machine β 8 stages, 22 nodes, 2 human gates. Every node maps to a real agent on GitHub. Inspect the state machine β
$ npx great-cto init
Free, MIT, runs locally. Built as a Claude Code plugin β install with one command.
Eight stages, two human gates, four memory layers. Why this exact shape, and what I tried that didn't work.
One run, one feature, from prompt to merged PR. Time, cost, and gate-by-gate breakdown β no marketing math.
Regex vs LLM-based archetype detection, the false-positive count, and why I keep rejecting the obvious fix.
The bottleneck in agentic SDLC isn't model quality β it's process governance. Here's the state machine that closes the gap.