GreatCTO reads your pom.xml / build.gradle and detects spring-boot + iot-embedded archetype from signals: imports, file structure, env vars, README hints.
Attaches the iot-embedded archetype overlay: OTA strategy, secure boot, ETSI EN 303 645 baseline, watchdog patterns. Override if your specifics differ; the defaults are sensible for Spring Boot-style projects.
qa-engineer runs ./gradlew check / SpotBugs / JaCoCo coverage; security-officer scans for deserialization sinks + Spring SpEL injection; performance-engineer profiles JVM + GC patterns.
Bugs you've hit before in other Spring Boot projects (connection-pool exhaustion, ORM N+1 queries, retry storms) β the agent's Step 0 includes the prior detection order. MTTR drops 94 % on second occurrence (methodology).
$ cd my-spring-boot-app && npx great-cto init β scanning manifestsβ¦ found manifest β stack: spring-boot (Java) β archetype: iot-embedded β archetype + stack combo is unusual β review overlay manually β 83 agents ready $ /start "add OTA update endpoint" βΈ architect drafting ARCH-iot-embedded.mdβ¦ βΈ pm decomposing into beads tasksβ¦ β gate:plan β your approval needed
Approve β 3 senior-devs run in parallel worktrees β 5 reviewers fan out in parallel β gate:ship β deploy. One real run walked stage-by-stage: /proof.
This is the shape of what senior-dev drafts for "OTA update endpoint" β auth first, schema validation, and the audit line the iot-embedded reviewer requires before gate:ship opens.
// src/main/java/.../IotEmbeddedController.java β reviewed by 5 agents
@RestController
@RequestMapping("/iot-embedded")
class IotEmbeddedController {
@PostMapping
@PreAuthorize("isAuthenticated()") // security-officer: auth before handler
ResponseEntity<Result> create(@Valid @RequestBody IotEmbeddedRequest req,
Principal user) {
var result = service.handle(req, user); // qa-engineer: bean validation enforced
audit.log(user.getName(), "OTA update endpoint", result.confidence()); // gate:iot-embedded
return ResponseEntity.ok(result);
}
}iot-embedded overlay.Device firmware with secure boot and OTA strategy.
Sensor fleets under ETSI EN 303 645.
RTOS apps (Zephyr / ESP-IDF / embassy) with watchdog patterns.
Spring Boot (Java) is not a typical fit for iot / embedded. The archetype overlay still attaches, but you may want to override defaults more aggressively. Check the iot-embedded archetype page for the typical stack list and decide if your case is the right tool / right archetype.
No black-box "AI does it all" loop. GreatCTO is a deterministic state machine β 8 stages, 22 nodes, 2 human gates. Every node maps to a real agent on GitHub. Inspect the state machine β
$ npx great-cto init
Free, MIT, runs locally. Built as a Claude Code plugin β install with one command.
Eight stages, two human gates, four memory layers. Why this exact shape, and what I tried that didn't work.
One run, one feature, from prompt to merged PR. Time, cost, and gate-by-gate breakdown β no marketing math.
Regex vs LLM-based archetype detection, the false-positive count, and why I keep rejecting the obvious fix.
The bottleneck in agentic SDLC isn't model quality β it's process governance. Here's the state machine that closes the gap.