CTO Chief
The CTO your AI never had.
CTO Chief is a Claude Code plugin that turns AI coding from "generate and pray" into disciplined engineering. Every feature follows a 16-step Iron Loop — plan before code, test before ship, secure before deploy. 86 specialist agents handle everything from TDD to security scanning while 4 human gates ensure you approve every decision. The result: AI that writes production-quality code on the first try.
/plugin marketplace add https://github.com/robotijn/ctoc
/plugin install ctoc
Tip
Enable auto-update: /plugin → Marketplaces tab → robotijn → Enable auto-update
1. Start Claude Code:
claude2. Open the dashboard:
/ctoc
That's it. CTO Chief detects your stack and shows a dashboard.
3. Tell Claude what you want to build:
I want a SaaS product with AI to help creative writers when they get stuck
CTO Chief starts with ideation — agents explore your idea with you, ask clarifying questions, and shape it into actionable plans. Steps 1-7 are collaborative: agents ask, you decide. Steps 8-16 are automated: agents execute, you review the result. Use numbered menus ([1], [2], [3]) to navigate.
Already know exactly what you want? Just be specific: "Add a /health endpoint returning 200 OK" — CTO Chief skips ideation and goes straight to planning.
Note
CTO Chief is open source and actively developed. Issues, PRs, and skill improvement suggestions are welcome.
Tip
For autonomous agent workflows, use claude --dangerously-skip-permissions to avoid repeated tool-call prompts. This is safe on feature branches where git can revert changes. Add --continue to resume a previous session.
To set up CTO Chief methodology on an existing project:
ctoc init
This runs an interactive setup that:
- Detects your stack — scans for languages (12), frameworks (20+), and tools (linters, test runners, bundlers)
- Generates a tailored
CLAUDE.md— project-specific instructions including detected tools, quality commands, and Iron Loop steps - Configures
.ctoc/settings.yaml— quality gates, enforcement mode, and agent settings tuned to your stack - Creates
plans/directory structure —vision/,functional/,implementation/,todo/,review/,done/ - Initializes Iron Loop state in
.ctoc/state/
The generated CLAUDE.md becomes the single source of truth for how Claude works in your project — CTO persona, planning pipeline, test commands, and quality standards.
Tip
You don't need to run ctoc init manually. If you just start talking to Claude with CTO Chief installed, it will guide you. ctoc init is useful when you want to pre-configure a project or customize the generated CLAUDE.md.
Without CTO Chief — AI writes code immediately, skips tests, ignores security. You spend hours debugging, refactoring, and adding missing error handling.
With CTO Chief — You start with an idea. A product-owner agent explores it with you, asks the right questions, and shapes it into a plan. Only then does AI write code — tests first, security scanned, with your approval at every checkpoint.
| Without | With CTO Chief | |
|---|---|---|
| Ideation | None — AI guesses what you want | Product-owner agent explores your idea, asks questions, shapes the plan |
| Planning | None — straight to code | Functional + implementation plan, reviewed by you |
| Testing | "I'll add tests later" | TDD — tests written before code (Step 8) |
| Security | Hope for the best | Shift-left scanning (Step 9) + full audit (Step 13) |
| Your control | Watch and hope | 4 approval gates — nothing ships without you |
| Quality | Manual review only | Automated: lint, typecheck, tests, 80%+ coverage |
| CTO Chief | Cursor Rules | Raw Claude Code | GitHub Copilot | |
|---|---|---|---|---|
| Ideation with product owner | AI explores your idea before planning | None | None | None |
| Planning before coding | 6-step plan with adversarial review | Manual rules file | None | None |
| TDD enforcement | Automatic (Step 8) | Manual | Manual | None |
| Security scanning | Built-in (Steps 9, 13) | Manual | Manual | None |
| Human approval gates | 4 mandatory checkpoints | None | None | None |
| Quality verification | Automated gate (Step 14) | Manual | Manual | None |
| Specialist agents | 85 across 19 categories | None | DIY | None |
You: I want a SaaS product with AI to help creative writers when they get stuck
╭─ IDEATION ─────────────────────────────────────────────────╮
│ Product-owner agent explores your idea: │
│ │
│ "What kind of stuck? Writer's block, plot holes, or │
│ character development? Who's the target — novelists, │
│ screenwriters, bloggers? Free tier or paid only?" │
│ │
│ You discuss back and forth. The agent shapes your idea │
│ into 3 plans: │
│ Plan 1: AI prompt generator for writer's block │
│ Plan 2: Character voice coach │
│ Plan 3: Plot continuity checker │
│ │
│ [1] Start with Plan 1 (Recommended) │
│ [2] Start with Plan 2 │
│ [3] Start with Plan 3 │
╰────────────────────────────────────────────────────────────╯
You: 1
╭─ FUNCTIONAL PLANNING (Steps 2-4) ─────────────────────────╮
│ Product-owner agent writes BDD scenarios WITH you: │
│ │
│ "Should the AI suggest full paragraphs or just prompts? │
│ What if the writer rejects the suggestion — retry or │
│ offer alternatives?" │
│ │
│ Scenario: Writer requests help │
│ Given a writer is stuck on chapter 3 │
│ When they describe their block │
│ Then AI generates 3 creative prompts │
│ │
│ GATE 1: [1] Approve plan [2] Discuss [0] Cancel │
╰────────────────────────────────────────────────────────────╯
You: 1
╭─ TECHNICAL PLANNING (Steps 5-7) ─────────────────────────╮
│ Implementation-planner agent designs the architecture: │
│ │
│ "Next.js frontend, FastAPI backend, Claude API for │
│ generation. 4 files to create, 1 to modify." │
│ │
│ Integrator+Critic refine the plan (10 rounds)... │
│ │
│ GATE 2: [1] Approve approach [2] Discuss [0] Cancel │
╰────────────────────────────────────────────────────────────╯
You: 1
╭─ IMPLEMENTATION (Steps 8-16, automated) ──────────────────╮
│ Agents execute without interruption: │
│ │
│ Step 8: ✓ Tests written (TDD red) │
│ Step 9: ✓ Dependencies installed, shift-left scan clean │
│ Step 10: ✓ Code implemented (TDD green) │
│ Step 11: ✓ Self-review passed │
│ Step 12: ✓ Optimized │
│ Step 13: ✓ Security scan clean │
│ Step 14: ✓ All tests pass, 91% coverage │
│ Step 15: ✓ Docs updated │
│ Step 16: Ready for your review │
│ │
│ GATE 3: [1] Approve and commit [2] Changes [0] Cancel │
╰────────────────────────────────────────────────────────────╯
You: 1
✓ Committed and pushed. Plan 1 done — 2 more plans queued.
Three approvals per plan. Steps 1-7: agents ask, you decide. Steps 8-16: agents execute, you review.
Tip
Ideation is optional. If you already know exactly what you want, say it directly (e.g., "Add a /health endpoint returning 200 OK") and CTO Chief skips to planning. Ideation is most valuable when you have a broad idea that needs shaping — like building a full SaaS product from a single sentence.
- Ideation-first workflow — Product-owner agent explores your idea, asks questions, and shapes it into plans before any code is written
- Collaborative planning, automated execution — Steps 1-7: agents ask questions and you decide. Steps 8-16: agents execute and you review the result.
- 86 specialist agents across 19 categories — testing, security, quality, infrastructure, and more
- 360 expert skills — 50 languages, 85 web frameworks, 44 AI/ML, 52 data, 15 DevOps, 15 mobile, and more
- Iron Loop methodology — 16 steps across 4 phases with 4 human gates
- Interactive dashboard — Numbered menus, plan pipeline, progress tracking
- Deployment pipeline — Configurable dev → staging → production promotion triggered automatically after Gate 3 approval
- Smart quality gates — Background checks that don't block commits, block pushes
- Stack detection — Auto-detects your languages, frameworks, and tools
- On-demand loading — Skills load only when needed; you only pay for what you use
16 steps, 4 phases, 4 human gates — full methodology →
COLLABORATIVE (Steps 1-7) — agents ask questions, you decide
──────────────────────────────────────────────────────────────
Step 1: IDEATION
IDEATE — product-owner agent explores your idea with you
Gate 0: You approve the idea to explore
Steps 2-4: FUNCTIONAL PLANNING
ASSESS → ALIGN → CAPTURE — agents ask what to build, you approve
Gate 1: You approve what to build
Steps 5-7: IMPLEMENTATION PLANNING
PLAN → DESIGN → SPEC — agents ask how to build it, you approve
Gate 2: You approve how to build it
AUTOMATED (Steps 8-16) — agents execute, you review
──────────────────────────────────────────────────────────────
Steps 8-16: IMPLEMENTATION
TEST → PREPARE → IMPLEMENT → REVIEW → OPTIMIZE → SECURE → VERIFY → DOCUMENT → FINAL-REVIEW
Gate 3: You approve the result
Steps 1-7 are collaborative. Agents don't just generate — they ask questions, present options with pros and cons, and wait for your decision. The product-owner agent shapes your idea; the implementation-planner designs the architecture. You are always in control.
Steps 8-16 are automated. Once you approve the plan, agents execute all 9 steps without interruption: write tests, implement code, review, optimize, scan for vulnerabilities, verify quality, update docs. You review the final result at Gate 3.
Why start with ideation? Without it, Claude will try to jump straight to code. The ideation phase forces the AI to understand your intent before planning begins. This is what prevents hooks and gates from being bypassed — the AI has a structured path to follow instead of guessing.
Enforcement — Hooks block premature code edits (before planning) and premature commits (before verification). Escape phrases: "skip planning", "skip iron loop", "quick fix", "trivial fix", "trivial change", "hotfix", "urgent".
86 specialist agents across 19 categories — browse all →
Full agent list
Agents spawn conditionally based on your project and current Iron Loop step.
360 expert skills for instant domain knowledge — browse all →
Full skill breakdown
| Type | # | Examples |
|---|---|---|
| Languages | 50 | Python, TypeScript, Go, Rust, Java, C#, Swift, Kotlin, Ruby, PHP |
| Web | 85 | React, Next.js, Vue, Django, FastAPI, Rails, Spring Boot, Express |
| AI/ML | 44 | PyTorch, LangChain, Hugging Face, MLflow, TensorFlow |
| Data | 52 | MongoDB, Redis, Kafka, Spark, Elasticsearch, DuckDB |
| DevOps | 15 | Docker, Kubernetes, Helm, Ansible, Pulumi |
| Mobile | 15 | React Native, Flutter, SwiftUI, Jetpack Compose |
| Testing | 15 | Playwright, coverage tools, test patterns | | Security | 5 | OWASP, input validation, secrets management | | Architecture | 7 | Patterns, dependency analysis, design | | Complexity | 3 | Metrics, limits, refactoring patterns | | Quality | 2 | Quality metrics and scoring | | Quality Configs | 61 | Per-language lint, format, and test configs | | Core | 6 | CTO Persona, Iron Loop, Quality Standards, Enforcement |
Stack detected automatically from your project files. Skills load on-demand — you only pay for what you use.
The /ctoc command opens an interactive dashboard with 8 tabs:
| Tab | Purpose |
|---|---|
| Pipeline | Plan counts per stage, navigate to any stage |
| Vision | Start here — dump ideas, explore, decompose into plans |
| Functional | Product owner refines ideas into BDD specs |
| Implementation | Technical approach and architecture |
| Review | Review completed implementations |
| Todo | FIFO queue for agent work |
| Progress | In-progress and finished items |
| Tools | Release, Doctor, Update, Settings |
Plan pipeline (directories under plans/):
vision → functional → implementation → todo → [in-progress] → review → done
in-progress is a state tracked in plan YAML frontmatter, not a separate directory.
4 human gates — transitions that require your explicit approval: 0. Vision → Functional (approve the idea to explore)
- Functional → Implementation (approve what to build)
- Implementation → Todo (approve how to build it)
- Review → Done (approve the result)
Navigate with numbers: [1] [2] [3]... [0] for back. Or just talk naturally.
CTO Chief blocks premature actions with hooks:
| Action | Blocked Until | Escape Phrases |
|---|---|---|
| Edit/Write code | Planning complete (Step 8+) | "skip planning", "skip iron loop", "quick fix", "trivial fix", "trivial change", "hotfix", "urgent" |
| Git commit | Documentation complete (Step 15+) | "hotfix", "urgent" |
Config and CTOC files are whitelisted and never blocked: .ctoc/**, .local/**, plans/*.md, .gitignore, .gitattributes.
Background quality agent runs checks without blocking your workflow:
git commit → background agent runs: lint, typecheck, tests, security
│
┌─────┴─────┐
▼ ▼
PASS FAIL
│ │
auto-push "Fix: ..."
| Tier | When | Checks | Blocking? |
|---|---|---|---|
| 1 | Every commit | lint, typecheck, affected tests, secrets, critical CVEs | Yes (blocks push) |
| 2 | Every commit | coverage, complexity, duplication, medium CVEs | No (warnings) |
| 3 | Stage transitions | docs, circular deps, bundle size, benchmarks | At transition |
| 4 | CI only | full tests, e2e, mutation, memory, license | CI |
After Gate 3 approval (review → done), CTO Chief can automatically promote your code through environments:
Gate 3 approved → development → staging → production
│ │ │
git-branch git-branch git-branch
git-tag webhook script
webhook script docker
script docker ssh
docker ssh
ssh
Configurable per environment — choose a deployment strategy (git-branch, git-tag, webhook, script, docker, ssh), set approval mode (auto or manual), and enable auto-rollback on failure. Any environment can be skipped.
Setup — run the deployment-setup agent for an interactive walkthrough, or configure directly in .ctoc/settings.yaml:
deployment:
enabled: true
environments:
- name: staging
enabled: true
strategy: git-branch
branch: deploy/staging
- name: production
enabled: true
strategy: git-branch
branch: deploy/production
approval:
staging: auto
production: manual # pause and ask before production
rollback:
auto_rollback: true
keep_history: 10Status tracking — deployment history and latest status are stored in .ctoc/deployments/. Each entry records environment, status (success/failed/rolled-back), timestamp, commit, and plan name.
You ──── /ctoc ────► Dashboard
│
┌─────┴─────┐
▼ ▼
Plan Pipeline Tools
│
┌───────────────┼────────────────┐──────────────┐
▼ ▼ ▼ ▼
Phase 1 Phase 2 Phase 3 Phase 4
(Ideation) (What) (How) (Build)
Step 1 (opt) Steps 2-4 Steps 5-7 Steps 8-16
│ │ │ │
│ [GATE 1] [GATE 2] [GATE 3]
└──► skip You approve You approve You approve
Priority: security > correctness > performance > cleverness.
Slash commands (typed in Claude Code):
| Command | Description |
|---|---|
/ctoc |
Interactive dashboard with 8 tabs |
/ctoc:update |
Update to latest version |
/ctoc:push |
Quality checks + push |
/ctoc:quality |
Run quality checks on changed files |
/ctoc:vision |
Vision pipeline — explore and decompose ideas |
Conversational commands (said to Claude):
| Command | Description |
|---|---|
ctoc init |
Initialize a project with CTOC methodology |
ctoc doctor |
Health check for your CTOC setup |
/ctoc:update
Then restart Claude Code to load the new version.
Note
This is a workaround for a Claude Code bug (#21995) where /plugin update doesn't refresh the cache. /ctoc:update fetches latest, clears cache, and updates the registry.
Troubleshooting
Plugin not found:
/plugin marketplace add https://github.com/robotijn/ctoc
/plugin install ctoc
Plugin stale after update:
/ctoc:update
Then restart Claude Code.
"Edit blocked" or "planning incomplete" error: CTO Chief blocks code edits until planning is done (Step 8+). This is intentional. Options:
- Complete the planning steps first (recommended)
- Say "quick fix" or "trivial change" to bypass for small edits
- Set enforcement to
softin.ctoc/settings.yamlfor warnings instead of blocks
Dashboard shows no plans: Start by describing what you want to build. CTO Chief creates the plan for you.
Health check (say to Claude):
ctoc doctor
For developers
Requirements: Claude Code >= 1.0.0, Node.js >= 18.0.0
See CLAUDE.md for full contributor instructions and IRON_LOOP.md for methodology details.
Run tests:
node --test tests/*.test.jsVersion management:
const { release, getVersion, syncAll, checkForUpdates } = require('./src/lib/version');
getVersion() // → '6.1.36'
release() // → bumps patch, syncs all files
release('minor') // → bumps minor
release('major') // → bumps majorFiles synced by release(): VERSION (source of truth), .claude-plugin/marketplace.json, .claude-plugin/plugin.json, README.md
Project structure:
ctoc/
├── docs/ IRON_LOOP.md, CONTRIBUTING.md, CODE_OF_CONDUCT.md
├── src/
│ ├── commands/ 8 slash commands
│ ├── hooks/ 10 Claude Code hooks
│ ├── lib/ 71 JS modules
│ ├── tabs/ 8 dashboard tabs
│ ├── scripts/ Build utilities
│ └── data/ Static data files
├── agents/ 85 agent definitions (19 categories)
├── skills/ 360 language & framework skills
├── tests/ 40 test files
├── .ctoc/ Config, templates, operations
└── .claude-plugin/ Plugin metadata
PolyForm Shield 1.0.0 — See LICENSE
Use CTOC freely for any project. You may not offer CTOC itself or a derivative as a competing product or service without permission. For commercial licensing inquiries, contact the licensor.
Repository · Issues · Discussions
6.1.36 · Built by @robotijn
"Excellence is not an act, but a habit."