great-cto 2.7.0 → 2.8.1

package/dist/archetypes.js

@@ -180,6 +180,17 @@ const RULES = [
             const stackJoined = d.stack.join(" ").toLowerCase();
             if (/(?:^| )agent[-_](?:runtime|product|loop|kit|sdk)/.test(stackJoined))
                 s += 2;
+            // Voice-AI agent: telephony provider + STT + TTS + LLM = autonomous voice agent
+            const voiceProviders = ["twilio", "vonage", "livekit"];
+            const sttProviders = ["deepgram"];
+            const ttsProviders = ["elevenlabs", "hume"];
+            const hasVoice = voiceProviders.some((s) => d.stack.includes(s));
+            const hasStt = sttProviders.some((s) => d.stack.includes(s));
+            const hasTts = ttsProviders.some((s) => d.stack.includes(s));
+            if (hasVoice && hasLlm && (hasStt || hasTts))
+                s += 7; // strong: full voice-agent stack
+            else if (hasVoice && hasLlm)
+                s += 4; // medium: voice + LLM
             return s;
         },
         reason: (d) => {
@@ -197,7 +208,10 @@ const RULES = [
             const vdb = ["pinecone", "weaviate", "chroma", "qdrant"].filter((s) => d.stack.includes(s));
             if (vdb.length)
                 bits.push(`vector DB (${vdb.join(",")})`);
-            return `agent-product detected — ${bits.join(", ")} — agent-eval + isolation + prompt-injection gates required`;
+            const voice = ["twilio", "vonage", "livekit", "deepgram", "elevenlabs", "hume"].filter((s) => d.stack.includes(s));
+            if (voice.length)
+                bits.push(`voice stack (${voice.join(",")})`);
+            return `agent-product detected — ${bits.join(", ") || "agent signals"} — agent-eval + isolation + prompt-injection gates required`;
         },
     },
     // ── ai-system ────────────────────────────────────
@@ -285,6 +299,15 @@ const RULES = [
                 s += 9;
             if (d.stack.includes("fintech"))
                 s += 7;
+            // Emerging-markets payment providers
+            if (d.stack.includes("razorpay"))
+                s += 9;
+            if (d.stack.includes("paystack"))
+                s += 9;
+            if (d.stack.includes("flutterwave"))
+                s += 9;
+            if (d.stack.includes("mercadopago"))
+                s += 9;
             if (d.readmeKeywords.includes("fintech"))
                 s += 2;
             return s;
@@ -299,6 +322,14 @@ const RULES = [
                 bits.push("Dwolla");
             if (d.stack.includes("teller"))
                 bits.push("Teller");
+            if (d.stack.includes("razorpay"))
+                bits.push("Razorpay (India)");
+            if (d.stack.includes("paystack"))
+                bits.push("Paystack (Nigeria)");
+            if (d.stack.includes("flutterwave"))
+                bits.push("Flutterwave (Africa)");
+            if (d.stack.includes("mercadopago"))
+                bits.push("MercadoPago (LATAM)");
             return `fintech integration: ${bits.join(", ")} — SOX, PCI, KYC/AML compliance gates`;
         },
     },
@@ -1196,3 +1227,100 @@ export function suggestCompliance(d, archetype) {
         c.add("sox");
     return Array.from(c).sort();
 }
+/**
+ * Which review agents fire for each archetype. The reviewer name maps to
+ * `agents/<name>.md` in the great_cto plugin. Naming aliases exist for
+ * historical reasons (pci-reviewer covers fintech, firmware-reviewer
+ * covers iot-embedded, etc.) — documented in
+ * docs/agents/REVIEWER-NAMING.md (gap A2 closure).
+ *
+ * `greenfield` has no reviewers — pipeline runs in nano mode only.
+ */
+export const REVIEWERS_BY_ARCHETYPE = {
+    "web-service": ["security-officer"],
+    "mobile-app": ["mobile-store-reviewer", "security-officer"],
+    "ai-system": ["ai-security-reviewer", "ai-prompt-architect", "ai-eval-engineer"],
+    "agent-product": ["ai-security-reviewer", "ai-prompt-architect", "ai-eval-engineer"],
+    "mlops": ["mlops-reviewer", "ai-security-reviewer"],
+    "data-platform": ["data-platform-reviewer"],
+    "streaming": ["streaming-reviewer"],
+    "infra": ["infra-reviewer"],
+    "library": ["library-reviewer"],
+    "cli-tool": ["cli-reviewer"],
+    "commerce": ["pci-reviewer", "security-officer"],
+    "marketplace": ["marketplace-reviewer", "pci-reviewer"],
+    "fintech": ["pci-reviewer", "regulated-reviewer"],
+    "healthcare": ["healthcare-reviewer", "security-officer"],
+    "web3": ["oracle-reviewer"],
+    "iot-embedded": ["firmware-reviewer"],
+    "regulated": ["regulated-reviewer"],
+    "devtools": ["devtools-reviewer"],
+    "browser-extension": ["web-store-reviewer"],
+    "game": ["game-reviewer"],
+    "cms": ["cms-reviewer"],
+    "enterprise-saas": ["enterprise-saas-reviewer"],
+    "edtech": ["edtech-reviewer"],
+    "gov-public": ["gov-reviewer", "security-officer"],
+    "insurance": ["insurance-reviewer", "regulated-reviewer"],
+    "greenfield": [],
+};
+/**
+ * Which human gates the pipeline opens for each archetype at the medium
+ * project_size. Smaller sizes skip gates (see `gatesFor()` below); larger
+ * sizes may add compliance.
+ *
+ * NOTE: nano → only [plan]. Enterprise → always adds compliance.
+ */
+export const GATES_BY_ARCHETYPE = {
+    "web-service": ["plan", "qa", "ship"],
+    "mobile-app": ["plan", "qa", "ship"],
+    "ai-system": ["plan", "cost", "qa", "security", "ship"],
+    "agent-product": ["plan", "cost", "qa", "security", "ship"],
+    "mlops": ["plan", "cost", "qa", "security", "ship"],
+    "data-platform": ["plan", "qa", "ship"],
+    "streaming": ["plan", "qa", "ship"],
+    "infra": ["plan", "qa", "ship"],
+    "library": ["plan", "qa", "ship"],
+    "cli-tool": ["plan", "qa", "ship"],
+    "commerce": ["plan", "qa", "security", "ship", "compliance"],
+    "marketplace": ["plan", "qa", "security", "ship", "compliance"],
+    "fintech": ["plan", "qa", "security", "ship", "compliance"],
+    "healthcare": ["plan", "qa", "security", "ship", "compliance"],
+    "web3": ["plan", "qa", "oracle-review", "security", "ship"],
+    "iot-embedded": ["plan", "qa", "security", "ship"],
+    "regulated": ["plan", "qa", "security", "ship", "compliance"],
+    "devtools": ["plan", "qa", "ship"],
+    "browser-extension": ["plan", "qa", "ship"],
+    "game": ["plan", "qa", "ship"],
+    "cms": ["plan", "qa", "ship"],
+    "enterprise-saas": ["plan", "qa", "security", "ship", "compliance"],
+    "edtech": ["plan", "qa", "edtech-review", "security", "ship", "compliance"],
+    "gov-public": ["plan", "qa", "gov-review", "security", "ship", "compliance"],
+    "insurance": ["plan", "qa", "insurance-review", "security", "ship", "compliance"],
+    "greenfield": ["plan"],
+};
+/**
+ * Returns the subset of gates the pipeline will actually open for a
+ * given archetype + project_size. Used by the orchestrator before
+ * opening any gate to skip unnecessary human checkpoints on smaller
+ * projects (e.g. nano always skips QA).
+ */
+export function gatesFor(archetype, size) {
+    const all = GATES_BY_ARCHETYPE[archetype] ?? [];
+    if (size === "nano")
+        return all.filter((g) => g === "plan");
+    if (size === "small")
+        return all.filter((g) => g === "plan" || g === "ship");
+    if (size === "medium")
+        return all;
+    // large + enterprise → ensure compliance is included
+    return all.includes("compliance") ? all : [...all, "compliance"];
+}
+/**
+ * Returns the ordered list of reviewers for an archetype. Empty for
+ * `greenfield`. Used by the orchestrator to spawn the right
+ * archetype-specific review stages after senior-dev.
+ */
+export function reviewersFor(archetype) {
+    return REVIEWERS_BY_ARCHETYPE[archetype] ?? [];
+}

package/dist/detect.js

@@ -188,6 +188,23 @@ export function detect(dir) {
                 stack.add("teller");
                 sig("fintech", "teller");
             }
+            // Emerging-markets payment providers (Wave-1 pack signals)
+            if (has("razorpay") || has("razorpay-node")) {
+                stack.add("razorpay");
+                sig("fintech", "razorpay");
+            }
+            if (has("@paystackhq/paystack-node") || has("paystack")) {
+                stack.add("paystack");
+                sig("fintech", "paystack");
+            }
+            if (has("@flutterwave/flutterwave-node-v3") || has("flutterwave")) {
+                stack.add("flutterwave");
+                sig("fintech", "flutterwave");
+            }
+            if (has("mercadopago")) {
+                stack.add("mercadopago");
+                sig("fintech", "mercadopago");
+            }
             // Stripe Connect/Issuing → fintech (not just commerce)
             if (has("stripe") && (pkg.name?.includes("bank") || pkg.name?.includes("card"))) {
                 sig("fintech", "stripe-connect");
@@ -206,6 +223,59 @@ export function detect(dir) {
                 stack.add("hl7");
                 sig("healthcare", "hl7");
             }
+            if (has("dicom-parser") || has("cornerstone-core") || has("dcmjs")) {
+                stack.add("dicom");
+                sig("healthcare", "dicom");
+            }
+            // Voice / telephony (Wave-1 pack signals)
+            if (has("twilio") || has("@twilio/voice-sdk")) {
+                stack.add("twilio");
+                sig("voice", "twilio");
+            }
+            if (has("@vonage/server-sdk") || has("nexmo")) {
+                stack.add("vonage");
+                sig("voice", "vonage");
+            }
+            if (has("livekit-server-sdk") || has("livekit-client")) {
+                stack.add("livekit");
+                sig("voice", "livekit");
+            }
+            if (has("@deepgram/sdk")) {
+                stack.add("deepgram");
+                sig("voice", "deepgram");
+            }
+            if (has("elevenlabs") || has("@elevenlabs/elevenlabs-js")) {
+                stack.add("elevenlabs");
+                sig("voice", "elevenlabs");
+            }
+            if (has("hume") || has("hume-ai")) {
+                stack.add("hume");
+                sig("voice", "hume");
+            }
+            // HR / recruiting (Wave-1 pack signals)
+            if (has("greenhouse-io") || has("@greenhouse/api")) {
+                stack.add("greenhouse");
+                sig("hr", "greenhouse");
+            }
+            if (has("lever-api")) {
+                stack.add("lever");
+                sig("hr", "lever");
+            }
+            if (has("ashby-api")) {
+                stack.add("ashby");
+                sig("hr", "ashby");
+            }
+            // API platform (Wave-1 pack signals)
+            if (has("fastify"))
+                stack.add("fastify");
+            if (has("@trpc/server") || has("@trpc/client"))
+                stack.add("trpc");
+            if (has("@apollo/server") || has("apollo-server"))
+                stack.add("graphql");
+            if (has("graphql") || has("graphql-yoga"))
+                stack.add("graphql");
+            if (has("openapi3-ts") || has("@apidevtools/swagger-parser"))
+                stack.add("openapi");
             // Auth
             if (has("next-auth") || has("@auth/core"))
                 stack.add("auth");
@@ -1043,6 +1113,56 @@ function mineReadmeKeywords(dir) {
         if (terms.some((t) => text.includes(t)))
             kws.add(bucket);
     }
+    // Wave 1-3 pack-trigger raw terms — emitted verbatim so packs.ts
+    // can substring-match them. Keep in sync with packs.ts SIGNALS.keywords.
+    // Single tokens + multi-word phrases supported.
+    const packTerms = [
+        // voice-pack
+        "voice", "telephony", "ivr", "tts", "stt", "speech-to-text", "text-to-speech",
+        "outbound call", "inbound call", "voice agent",
+        // clinical-pack + clinical-trials-pack
+        "clinical", "patient", "ehr", "emr", "phi", "diagnosis", "diagnos", "triage",
+        "radiolog", "patholog", "samd", "scribe", "telehealth-ai", "medical record",
+        "cds", "clinical decision support",
+        "clinical trial", "ctms", "edc", "epro", "econsent", "esource",
+        "randomization", "rtsm", "irt", "decentralized trial", "ind submission",
+        "21 cfr 11", "cdisc", "sdtm", "adam", "irb",
+        // hr-ai-pack
+        "recruit", "hiring", "candidate", "resume", "interview", "ats", "talent acquisition",
+        "performance review", "workforce scheduling", "employee evaluation", "aedt",
+        // api-platform-pack
+        "public api", "partner api", "developer portal", "api key", "webhook", "sdk",
+        "rest api", "graphql api", "openapi",
+        // lending-pack
+        "loan", "lending", "credit decision", "underwrit", "bnpl", "buy now pay later",
+        "buy-now-pay-later", "payroll advance", "ewa", "line of credit", "fico",
+        "credit score", "fcra", "nmls", "financing", "adverse action",
+        // robotics-pack
+        "robot", "cobot", "manipulator", "end-effector", "amr", "agv", "autonomous mobile",
+        "surgical robot", "ros 2", "ros2", "drone", "uav",
+        // em-fintech-pack
+        "india", "nigeria", "brazil", "indonesia", "philippines", "mexico", "kenya",
+        "m-pesa", "mpesa", "upi", "pix", "gcash", "ovo", "dana", "rbi", "cbn", "bsp",
+        "ojk", "mas", "bcb", "condusef", "cross-border", "remittance", "local rails",
+        // climate-pack
+        "carbon", "emission", "ghg", "mrv", "scope 1", "scope 2", "scope 3", "verra",
+        "gold standard", "puro", "sbti", "cdp", "csrd", "cbam", "ghgrp", "offset",
+        "credit retir", "removal", "biogenic",
+        "dna synthesis", "gene synthesis", "oligonucleotide", "protein design",
+        "esm", "alphafold", "rfdiffusion", "pathogen", "select agent", "gain-of-function",
+        "dual-use", "bsl-3", "bsl-4", "biocontainment", "bwc", "p3co", "igsc", "cloud lab",
+        // drug-discovery-pack
+        "drug discovery", "binding affinity", "admet", "toxicity prediction",
+        "generative chem", "generative protein", "antibody design", "mrna design",
+        "virtual screening", "docking", "fep", "chembl", "bindingdb", "pdbbind",
+        "glp", "gmp", "gxp", "preclinical", "lims", "eln", "annex 11", "alcoa",
+        "lab automation", "robotic biology", "liquid handler", "hamilton", "tecan",
+        "beckman", "opentrons", "plate reader", "sequencer", "hplc", "mass spec", "sila",
+    ];
+    for (const term of packTerms) {
+        if (text.includes(term))
+            kws.add(term);
+    }
     return Array.from(kws).sort();
 }
 function safeGlob(dir, pattern, kind = "file") {

package/dist/main.js

@@ -16,7 +16,6 @@ import { pickArchetype, suggestCompliance } from "./archetypes.js";
 import { install, findInstalledVersions } from "./installer.js";
 import { enableGreatCto } from "./settings.js";
 import { bootstrap } from "./bootstrap.js";
-import { resolveTelemetryConsent, sendInstallPing, sendUsagePing } from "./telemetry.js";
 import { shouldUseLlmFallback, suggestArchetypeFromLlm } from "./llm-fallback.js";
 import { readFileSync } from "node:fs";
 import { dirname, join } from "node:path";
@@ -44,9 +43,9 @@ function parseArgs(argv) {
         force: false,
         archetype: null,
         version: null,
-        noTelemetry: false,
         useLlm: false,
         noLlm: false,
+        positional: [],
     };
     const rest = [];
     for (let i = 0; i < argv.length; i++) {
@@ -69,8 +68,6 @@ function parseArgs(argv) {
             args.boardPort = parseInt(argv[++i] ?? "3141", 10);
         else if (a === "--no-open")
             args.boardNoOpen = true;
-        else if (a === "--no-telemetry")
-            args.noTelemetry = true;
         else if (a === "--use-llm")
             args.useLlm = true;
         else if (a === "--no-llm")
@@ -118,6 +115,7 @@ function parseArgs(argv) {
             rest.push(a);
     }
     args.dir = resolve(args.dir);
+    args.positional = rest;
     return args;
 }
 /**
@@ -406,8 +404,6 @@ ${bold("Options:")}
                          even when heuristic confidence is high
       --no-llm           Skip LLM suggestion (run heuristic only)
                          Or set ${cyan("GREATCTO_NO_LLM=1")}
-      --no-telemetry     Skip anonymous install ping
-                         Or set ${cyan("GREATCTO_NO_TELEMETRY=1")}
   -h, --help             Show this help
   -v, --version          Show great-cto CLI version
 
@@ -742,17 +738,6 @@ async function runInit(args) {
     if (!bs.created) {
         log(`  ${dim("PROJECT.md already exists at")} ${bs.projectMdPath} ${dim("— kept as-is")}`);
     }
-    // ── telemetry (opt-in, fire-and-forget) ─────────────────
-    try {
-        const consent = resolveTelemetryConsent(args.noTelemetry);
-        // Don't await — finish CLI banner first; ping flies in background
-        void sendInstallPing({
-            cliVersion: getCliVersion(),
-            archetype: archetype,
-            consent,
-        });
-    }
-    catch { /* never block install on telemetry */ }
     // ── done ─────────────────────────────────────────────────
     log("");
     log(green(bold("✓ great_cto is ready.")));
@@ -768,19 +753,6 @@ async function runInit(args) {
     log("");
     return 0;
 }
-/**
- * Exit with telemetry ping for a subcommand. Fire-and-forget — we wait up
- * to 200ms for the ping to land before exiting so it doesn't get killed by
- * process termination. Honours all telemetry opt-out signals.
- */
-async function exitWithTelemetry(subcommand, code) {
-    try {
-        const promise = sendUsagePing({ cliVersion: getCliVersion(), subcommand, exitCode: code });
-        await Promise.race([promise, new Promise(r => setTimeout(r, 200))]);
-    }
-    catch { /* never block exit */ }
-    process.exit(code);
-}
 async function main() {
     const rawArgv = process.argv.slice(2);
     const args = parseArgs(rawArgv);
@@ -832,7 +804,7 @@ async function main() {
         try {
             const { runCi, parseCiArgs } = await import("./ci.js");
             const code = await runCi(parseCiArgs(rawArgv));
-            await exitWithTelemetry("ci", code);
+            process.exit(code);
         }
         catch (e) {
             error(e.message);
@@ -846,7 +818,7 @@ async function main() {
             const portArg = rawArgv.indexOf("--port");
             const port = portArg >= 0 ? parseInt(rawArgv[portArg + 1] ?? "8765", 10) : 8765;
             const code = await runMcp({ mode: sse ? "sse" : "stdio", port, version: getCliVersion() });
-            await exitWithTelemetry("mcp", code);
+            process.exit(code);
         }
         catch (e) {
             error(e.message);
@@ -868,7 +840,7 @@ async function main() {
                 dryRun: rawArgv.includes("--dry-run"),
                 cwd: args.dir,
             });
-            await exitWithTelemetry("adapt", code);
+            process.exit(code);
         }
         catch (e) {
             error(e.message);
@@ -883,7 +855,7 @@ async function main() {
                 noLog: rawArgv.includes("--no-log"),
                 insecure: rawArgv.includes("--insecure"),
             });
-            await exitWithTelemetry("serve", code);
+            process.exit(code);
         }
         catch (e) {
             error(e.message);
@@ -899,7 +871,7 @@ async function main() {
                 process.exit(2);
             }
             const code = await runWebhookCli(parsed);
-            await exitWithTelemetry("webhook", code);
+            process.exit(code);
         }
         catch (e) {
             error(e.message);
@@ -930,7 +902,7 @@ async function main() {
                 process.exit(2);
             }
             const code = await runReport(parsed);
-            await exitWithTelemetry("report", code);
+            process.exit(code);
         }
         catch (e) {
             error(e.message);

package/dist/packs.js

@@ -0,0 +1,132 @@
+// Domain pack detection — overlay packs that ride on top of base archetypes.
+// Wave 1-3 (2026-05): voice, clinical, hr-ai, api-platform, lending, clinical-trials,
+// robotics, em-fintech, climate, drug-discovery.
+//
+// A pack is a regulatory/domain overlay that triggers one or more specialist
+// reviewers (agents/{name}-reviewer.md) when its signals appear in stack,
+// dependencies, or README keywords. Detection is deliberately broad — the
+// reviewer agents themselves do the final scope decision via their Step 0 grep.
+// Reviewer registry — keep in sync with agents/*-reviewer.md and
+// skills/great_cto/packs/*-pack.md.
+const PACK_REVIEWERS = {
+    "voice-pack": ["voice-ai-reviewer"],
+    "clinical-pack": ["ai-clinical-reviewer", "fda-reviewer"],
+    "hr-ai-pack": ["hr-ai-reviewer"],
+    "api-platform-pack": ["api-platform-reviewer"],
+    "lending-pack": ["lending-credit-reviewer"],
+    "clinical-trials-pack": ["clinical-trials-reviewer", "bio-data-reviewer"],
+    "robotics-pack": ["robotics-safety-reviewer"],
+    "em-fintech-pack": ["emerging-markets-fintech-reviewer"],
+    "climate-pack": ["climate-mrv-reviewer", "biosecurity-reviewer"],
+    "drug-discovery-pack": ["drug-discovery-ml-reviewer", "glp-glab-reviewer", "lab-automation-reviewer"],
+};
+const PACK_GATES = {
+    "voice-pack": ["gate:voice-compliance"],
+    "clinical-pack": ["gate:samd-class", "gate:clinical-validation", "gate:ide-approval"],
+    "hr-ai-pack": ["gate:aedt-audit"],
+    "api-platform-pack": ["gate:api-contract"],
+    "lending-pack": ["gate:fair-lending"],
+    "clinical-trials-pack": ["gate:irb-ready", "gate:part11-validation", "gate:deidentification"],
+    "robotics-pack": ["gate:hara-signoff", "gate:functional-safety-test"],
+    "em-fintech-pack": ["gate:license-strategy"],
+    "climate-pack": ["gate:mrv-methodology", "gate:durc-signoff", "gate:open-weights-release"],
+    "drug-discovery-pack": ["gate:model-card-signoff", "gate:csv-validation", "gate:iq-oq-pq"],
+};
+// Trigger signals — stack tokens OR README keywords.
+const SIGNALS = {
+    "voice-pack": {
+        stack: ["twilio", "vonage", "livekit", "deepgram", "elevenlabs", "whisper", "hume"],
+        keywords: ["voice", "telephony", "ivr", "call-center", "tts", "stt", "speech-to-text", "text-to-speech", "phone", "outbound call", "inbound call", "voice agent"],
+    },
+    "clinical-pack": {
+        stack: ["fhir", "hl7"],
+        keywords: ["clinical", "patient", "ehr", "emr", "phi", "hipaa", "diagnos", "triage", "radiolog", "patholog", "samd", "scribe", "telehealth-ai", "medical record", "cds", "clinical decision support"],
+    },
+    "hr-ai-pack": {
+        stack: ["greenhouse", "lever", "ashby", "workday"],
+        // "candidate" alone is too generic (SaMD/predicate-candidate clash); use compound terms.
+        keywords: ["recruit", "hiring", "candidate screening", "candidate evaluation", "candidate ranking", "resume", "ats", "talent acquisition", "performance review", "workforce scheduling", "employee evaluation", "aedt"],
+    },
+    "api-platform-pack": {
+        stack: ["openapi", "graphql", "grpc", "fastify", "trpc"],
+        keywords: ["public api", "partner api", "developer portal", "api key", "webhook", "sdk", "rest api", "graphql api", "openapi"],
+    },
+    "lending-pack": {
+        stack: ["plaid"],
+        // "ecoa" removed: collides with clinical "eCOA" (Electronic Clinical Outcome Assessment).
+        // Lending-specific signals (loan, fcra, nmls, underwrit, fico, ...) are unambiguous.
+        keywords: ["loan", "lending", "credit decision", "underwrit", "bnpl", "buy now pay later", "buy-now-pay-later", "payroll advance", "ewa", "line of credit", "fico", "credit score", "fcra", "nmls", "financing", "adverse action"],
+    },
+    "clinical-trials-pack": {
+        stack: ["fhir", "hl7", "dicom", "redcap"],
+        // "ecoa" removed: ambiguous with lending ECOA (Reg B). Other clinical-trial
+        // signals (ctms, edc, epro, econsent, cdisc, irb, ...) are unambiguous.
+        keywords: ["clinical trial", "ctms", "edc", "epro", "econsent", "esource", "randomization", "rtsm", "irt", "decentralized trial", "ind submission", "21 cfr 11", "cdisc", "sdtm", "adam", "irb"],
+    },
+    "robotics-pack": {
+        stack: ["ros", "ros2", "moveit", "gazebo", "px4"],
+        keywords: ["robot", "cobot", "manipulator", "end-effector", "amr", "agv", "autonomous mobile", "surgical robot", "ros 2", "drone", "uav"],
+    },
+    "em-fintech-pack": {
+        stack: [],
+        keywords: ["india", "nigeria", "brazil", "indonesia", "philippines", "mexico", "kenya", "m-pesa", "mpesa", "upi", "pix", "gcash", "ovo", "dana", "rbi", "cbn", "bsp", "ojk", "mas", "bcb", "condusef", "cross-border", "remittance", "local rails"],
+    },
+    "climate-pack": {
+        stack: [],
+        keywords: ["carbon", "emission", "ghg", "mrv", "scope 1", "scope 2", "scope 3", "verra", "gold standard", "puro", "sbti", "cdp", "csrd", "cbam", "ghgrp", "offset", "credit retir", "removal", "biogenic",
+            // biosec triggers
+            "dna synthesis", "gene synthesis", "oligonucleotide", "protein design", "esm", "alphafold", "rfdiffusion", "pathogen", "select agent", "gain-of-function", "dual-use", "bsl-3", "bsl-4", "biocontainment", "bwc", "p3co", "igsc", "cloud lab"],
+    },
+    "drug-discovery-pack": {
+        stack: ["rdkit"],
+        keywords: ["drug discovery", "binding affinity", "admet", "toxicity prediction", "generative chem", "generative protein", "antibody design", "mrna design", "virtual screening", "docking", "fep", "alphafold", "rfdiffusion", "chembl", "bindingdb", "pdbbind",
+            // GLP / lab-automation triggers
+            "glp", "gmp", "gxp", "preclinical", "lims", "eln", "annex 11", "alcoa",
+            "lab automation", "cloud lab", "robotic biology", "liquid handler", "hamilton", "tecan", "beckman", "opentrons", "plate reader", "sequencer", "hplc", "mass spec", "sila"],
+    },
+};
+/** Return packs whose signals match the detection result. Deterministic + sorted. */
+export function suggestPacks(d) {
+    const matches = [];
+    const stackLower = new Set(d.stack.map((s) => s.toLowerCase()));
+    const kwLower = d.readmeKeywords.map((k) => k.toLowerCase());
+    for (const pack of Object.keys(SIGNALS)) {
+        const { stack, keywords } = SIGNALS[pack];
+        const matchedStack = stack.filter((s) => stackLower.has(s.toLowerCase()));
+        // Exact-match on README-mined raw tokens. detect.ts emits the same vocabulary,
+        // so kwLower.includes(kw) avoids false-positive substring fuzz
+        // (e.g. "lending" matching pack trigger "ind").
+        const matchedKeywords = keywords.filter((kw) => kwLower.includes(kw));
+        const signals = [...matchedStack, ...matchedKeywords];
+        if (signals.length > 0) {
+            matches.push({
+                pack,
+                reviewers: PACK_REVIEWERS[pack],
+                signals: signals.slice(0, 8), // cap for log readability
+                humanGates: PACK_GATES[pack],
+            });
+        }
+    }
+    matches.sort((a, b) => a.pack.localeCompare(b.pack));
+    return matches;
+}
+/** Convenience — flatten matched packs to reviewer agent names (unique, sorted). */
+export function suggestPackReviewers(d) {
+    const all = new Set();
+    for (const m of suggestPacks(d))
+        for (const r of m.reviewers)
+            all.add(r);
+    return Array.from(all).sort();
+}
+/** Convenience — flatten matched packs to human-gate ids (unique, sorted). */
+export function suggestPackGates(d) {
+    const all = new Set();
+    for (const m of suggestPacks(d))
+        for (const g of m.humanGates)
+            all.add(g);
+    return Array.from(all).sort();
+}
+/** Registry of all known packs — useful for /doctor / introspection. */
+export function listPacks() {
+    return Object.keys(SIGNALS).sort();
+}

package/dist/telemetry.js

@@ -1,34 +1,68 @@
-// Anonymous opt-in telemetry.
+// Anonymous opt-IN telemetry — default OFF.
 //
-// What we send: random install_id (UUID), version, archetype, node version,
-// platform, and timestamp. Nothing personal — no email, paths, code, or repo
-// names. The install_id is generated once and stored in ~/.great_cto/config.json.
+// See docs/PRIVACY.md for the full policy. Short version:
+//   - Default: disabled (opt-in)
+//   - Honors DO_NOT_TRACK=1 (industry standard, https://consoledonottrack.com)
+//   - Skipped automatically in CI environments
+//   - No paths, no code, no PII — just {ts, version, command, archetype, node, os, exit, duration_ms, anon_id}
+//   - anon_id is sha256(user@hostname) truncated to 8 hex chars; not reversible
 //
-// What we DON'T send: project paths, code, file names, environment variables,
-// shell history, IP-derived geolocation (CF only logs country at the edge).
+// Opt-in (any one):
+//   GREAT_CTO_TELEMETRY=on               (env var)
+//   ~/.great_cto/telemetry.json: { "enabled": true }
+//   npx great-cto telemetry on
 //
-// Opt-out:
-//   - GREATCTO_NO_TELEMETRY=1 env var (highest priority)
-//   - --no-telemetry CLI flag
-//   - User declines the first-run prompt
-//   - Manually edit ~/.great_cto/config.json: { "telemetry": false }
+// Opt-out (overrides everything):
+//   DO_NOT_TRACK=1                       (highest priority)
+//   GREAT_CTO_TELEMETRY=off
+//   GREAT_CTO_DISABLE_TELEMETRY=1        (legacy alias from v2.x)
+//   GREATCTO_NO_TELEMETRY=1              (legacy alias from v2.x)
+//   ~/.great_cto/telemetry.json: { "enabled": false }
 //
-// Endpoint: https://greatcto.systems/api/install (Cloudflare Worker → D1)
-// Source:   workers/telemetry/index.js
+// Endpoint:  https://telemetry.greatcto.systems/v1/event  (Cloudflare Worker → D1)
+// Worker:    workers/telemetry/index.ts
+// Schema v1: see docs/PRIVACY.md "What we collect"
 import * as fs from "node:fs";
 import * as path from "node:path";
 import * as os from "node:os";
 import * as crypto from "node:crypto";
-import { dim, log } from "./ui.js";
-const TELEMETRY_ENDPOINT = "https://greatcto.systems/api/install";
-const TELEMETRY_TIMEOUT_MS = 1500;
+const TELEMETRY_ENDPOINT = process.env.GREAT_CTO_TELEMETRY_ENDPOINT
+    || "https://great-cto-telemetry.alexander-velikiy.workers.dev/v1/event";
+// Note: workers.dev URL is the temporary default until telemetry.greatcto.systems
+// custom domain is bound. Override anytime with GREAT_CTO_TELEMETRY_ENDPOINT.
+const TELEMETRY_TIMEOUT_MS = 1000;
+// Allowlist — anything else is dropped client-side and server-side.
+const ALLOWED_COMMANDS = new Set([
+    "init", "scan", "ci", "list-rules", "board", "register",
+    "adapt", "mcp", "report", "serve", "webhook",
+    "version", "help", "telemetry",
+]);
+// Allowlist for archetype field. Match the 25 documented + "none" + "unknown".
+const ALLOWED_ARCHETYPES = new Set([
+    "none", "unknown", "greenfield",
+    "enterprise-saas", "agent-product", "ai-system", "mlops",
+    "cli-tool", "cli", "library", "sdk", "devtools",
+    "fintech", "regulated", "compliance",
+    "iot-embedded", "web3", "marketplace", "cms", "edtech",
+    "gov-public", "insurance", "data-platform", "streaming",
+    "mobile-app", "infra", "web-service", "agent",
+]);
 function configPath() {
+    return path.join(os.homedir(), ".great_cto", "telemetry.json");
+}
+function legacyConfigPath() {
     return path.join(os.homedir(), ".great_cto", "config.json");
 }
 function readConfig() {
+    // Try new file first.
+    try {
+        return JSON.parse(fs.readFileSync(configPath(), "utf8"));
+    }
+    catch { /* fall through */ }
+    // Fall back to legacy config.json (read-only — never write to it).
     try {
-        const raw = fs.readFileSync(configPath(), "utf8");
-        return JSON.parse(raw);
+        const legacy = JSON.parse(fs.readFileSync(legacyConfigPath(), "utf8"));
+        return { enabled: legacy.telemetry, install_id: legacy.install_id };
     }
     catch {
         return {};
@@ -39,121 +73,153 @@ function writeConfig(cfg) {
     fs.mkdirSync(path.dirname(file), { recursive: true });
     fs.writeFileSync(file, JSON.stringify(cfg, null, 2) + "\n");
 }
-function ensureInstallId(cfg) {
-    if (cfg.install_id && /^[0-9a-f-]{36}$/i.test(cfg.install_id))
-        return cfg.install_id;
-    const id = crypto.randomUUID();
-    cfg.install_id = id;
-    writeConfig(cfg);
-    return id;
+/** Detect CI / automation environments — never send from these. */
+function isCI() {
+    const flags = ["CI", "GITHUB_ACTIONS", "GITLAB_CI", "CIRCLECI", "BUILDKITE",
+        "JENKINS_URL", "TF_BUILD", "DRONE", "TRAVIS", "APPVEYOR",
+        "BITBUCKET_BUILD_NUMBER", "TEAMCITY_VERSION", "CODEBUILD_BUILD_ID"];
+    return flags.some(f => process.env[f] != null && process.env[f] !== "");
 }
-/**
- * Decide whether telemetry is enabled for this run. May write to config.json
- * the first time the user is prompted. Pure-read in subsequent runs.
- *
- * Resolution order:
- *  1. GREATCTO_NO_TELEMETRY=1 env var → false
- *  2. --no-telemetry flag (passed in `cliFlag`) → false
- *  3. Stored config.telemetry → that value
- *  4. Default to enabled (true) if non-interactive (e.g. CI), else show notice
- */
-export function resolveTelemetryConsent(cliFlag) {
+/** Compute anon_id deterministically per machine, never reversible. */
+export function computeAnonId() {
+    const seed = `great_cto/${os.userInfo().username || "?"}/${os.hostname() || "?"}`;
+    return crypto.createHash("sha256").update(seed).digest("hex").slice(0, 8);
+}
+/** Resolve telemetry-enabled state. Pure function, no side effects. */
+export function isTelemetryEnabled(cliFlag = false) {
+    // Opt-out wins, in priority order:
+    if (process.env.DO_NOT_TRACK === "1" || process.env.DO_NOT_TRACK === "true")
+        return false;
+    if (process.env.GREAT_CTO_TELEMETRY === "off")
+        return false;
+    if (process.env.GREAT_CTO_DISABLE_TELEMETRY === "1")
+        return false;
     if (process.env.GREATCTO_NO_TELEMETRY === "1")
         return false;
     if (cliFlag)
         return false;
+    if (isCI())
+        return false;
+    // Opt-in checks:
+    if (process.env.GREAT_CTO_TELEMETRY === "on")
+        return true;
     const cfg = readConfig();
-    if (typeof cfg.telemetry === "boolean")
-        return cfg.telemetry;
-    // First-run notice. We default to enabled (privacy-respecting opt-out) but
-    // show a clear notice with how to disable. Kept short; full details in README.
-    log("");
-    log(dim("─ Anonymous telemetry ────────────────────────────────"));
-    log(dim("  great_cto sends one anonymous ping per install:"));
-    log(dim("  install_id, version, archetype, Node version, OS."));
-    log(dim("  No paths, no code, no PII. Disable any time:"));
-    log(dim("    great-cto --no-telemetry  · or set GREATCTO_NO_TELEMETRY=1"));
-    log(dim("    or edit ~/.great_cto/config.json: { \"telemetry\": false }"));
-    log(dim("──────────────────────────────────────────────────────"));
-    log("");
-    cfg.telemetry = true;
-    cfg.telemetry_asked = true;
-    ensureInstallId(cfg);
-    writeConfig(cfg);
-    return true;
+    if (cfg.enabled === true)
+        return true;
+    if (cfg.telemetry === true)
+        return true; // legacy
+    // Default: opt-out.
+    return false;
 }
-/**
- * Best-effort telemetry ping. Non-blocking, fire-and-forget. Never throws.
- * Returns a promise that resolves once the request completes or times out.
- */
-export async function sendInstallPing(opts) {
-    if (!opts.consent)
-        return;
-    const cfg = readConfig();
-    const install_id = ensureInstallId(cfg);
-    const evt = {
-        install_id,
-        cli_version: opts.cliVersion,
-        archetype: opts.archetype,
-        node_version: process.version,
-        platform: process.platform,
-        arch: process.arch,
+function sanitize(opts) {
+    const command = opts.command.toLowerCase();
+    if (!ALLOWED_COMMANDS.has(command))
+        return null;
+    const archetypeRaw = (opts.archetype || "none").toLowerCase().trim();
+    const archetype = ALLOWED_ARCHETYPES.has(archetypeRaw) ? archetypeRaw : "unknown";
+    return {
         ts: new Date().toISOString(),
+        version: opts.cliVersion,
+        command,
+        archetype,
+        node: process.version.replace(/^v/, ""),
+        os: process.platform,
+        exit_code: typeof opts.exitCode === "number" ? opts.exitCode : 0,
+        duration_ms: typeof opts.durationMs === "number" ? Math.max(0, Math.round(opts.durationMs)) : 0,
+        anon_id: computeAnonId(),
     };
+}
+/** Fire-and-forget POST. Never blocks. Never throws. Never logs unless DRYRUN. */
+async function send(evt) {
+    if (process.env.GREAT_CTO_TELEMETRY_DRYRUN === "1") {
+        process.stderr.write(`[telemetry] would-send: ${JSON.stringify(evt)}\n`);
+        return;
+    }
     try {
         const ctrl = new AbortController();
         const timer = setTimeout(() => ctrl.abort(), TELEMETRY_TIMEOUT_MS);
         await fetch(TELEMETRY_ENDPOINT, {
             method: "POST",
-            headers: { "Content-Type": "application/json", "User-Agent": `great-cto-cli/${opts.cliVersion}` },
+            headers: { "Content-Type": "application/json" },
             body: JSON.stringify(evt),
             signal: ctrl.signal,
         }).catch(() => { });
         clearTimeout(timer);
     }
-    catch {
-        // never block install on telemetry failure
-    }
+    catch { /* best-effort */ }
 }
-/**
- * Subcommand-usage ping. Fire-and-forget. Used to track which v2.4+ commands
- * (ci / mcp / adapt / serve / report / webhook) actually get used in the wild.
- *
- * Sends only:
- *   - install_id (random UUID, set on first install)
- *   - cli_version
- *   - subcommand name
- *   - exit code (0 / 1 / 2)
- *
- * No paths, no flags (since flags often contain user input), no archetype.
- * Honours the same opt-out signals as install ping.
- */
+// --- Public API ------------------------------------------------------------
+/** First-run/install ping. Sent only when enabled. Idempotent across runs. */
+export async function sendInstallPing(opts) {
+    if (!opts.consent)
+        return;
+    if (!isTelemetryEnabled())
+        return;
+    const evt = sanitize({ cliVersion: opts.cliVersion, command: "init", archetype: opts.archetype });
+    if (!evt)
+        return;
+    await send(evt);
+}
+/** Per-command usage ping. Sent only when enabled. Fire-and-forget. */
 export async function sendUsagePing(opts) {
-    if (process.env.GREATCTO_NO_TELEMETRY === "1")
+    if (!isTelemetryEnabled())
         return;
-    const cfg = readConfig();
-    if (cfg.telemetry === false)
+    const evt = sanitize({
+        cliVersion: opts.cliVersion,
+        command: opts.subcommand,
+        archetype: opts.archetype,
+        exitCode: opts.exitCode,
+        durationMs: opts.durationMs,
+    });
+    if (!evt)
         return;
-    if (!cfg.install_id)
-        return; // never ping without an established install_id
-    try {
-        const ctrl = new AbortController();
-        const timer = setTimeout(() => ctrl.abort(), TELEMETRY_TIMEOUT_MS);
-        await fetch(`${TELEMETRY_ENDPOINT.replace("/install", "/usage")}`, {
-            method: "POST",
-            headers: { "Content-Type": "application/json", "User-Agent": `great-cto-cli/${opts.cliVersion}` },
-            body: JSON.stringify({
-                install_id: cfg.install_id,
-                cli_version: opts.cliVersion,
-                subcommand: opts.subcommand,
-                exit_code: opts.exitCode,
-                ts: new Date().toISOString(),
-            }),
-            signal: ctrl.signal,
-        }).catch(() => { });
-        clearTimeout(timer);
-    }
-    catch {
-        // best-effort
+    await send(evt);
+}
+/**
+ * Legacy shim — preserved for backwards compatibility with callers in main.ts
+ * that pass `--no-telemetry`. With opt-IN default, consent resolution is
+ * trivial: enabled iff isTelemetryEnabled() returns true.
+ */
+export function resolveTelemetryConsent(cliFlag) {
+    return isTelemetryEnabled(cliFlag);
+}
+// --- `npx great-cto telemetry <on|off|status|whoami>` subcommand -----------
+export function telemetrySubcommand(arg) {
+    const action = (arg || "status").toLowerCase();
+    switch (action) {
+        case "on": {
+            const cfg = readConfig();
+            cfg.enabled = true;
+            writeConfig(cfg);
+            return { exitCode: 0, output: `✓ telemetry enabled (config: ${configPath()})\n` +
+                    `  Anonymous events go to ${TELEMETRY_ENDPOINT}\n` +
+                    `  See docs/PRIVACY.md for the full data schema.\n` };
+        }
+        case "off": {
+            const cfg = readConfig();
+            cfg.enabled = false;
+            writeConfig(cfg);
+            return { exitCode: 0, output: `✓ telemetry disabled (config: ${configPath()})\n` };
+        }
+        case "status": {
+            const enabled = isTelemetryEnabled();
+            const reason = enabled
+                ? "enabled (sending events to " + TELEMETRY_ENDPOINT + ")"
+                : isCI()
+                    ? "disabled (CI environment detected)"
+                    : process.env.DO_NOT_TRACK === "1"
+                        ? "disabled (DO_NOT_TRACK=1)"
+                        : "disabled (default; run 'great-cto telemetry on' to enable)";
+            return { exitCode: 0, output: `telemetry: ${reason}\n` +
+                    `anon_id  : ${computeAnonId()}\n` +
+                    `endpoint : ${TELEMETRY_ENDPOINT}\n` +
+                    `config   : ${configPath()}\n` };
+        }
+        case "whoami": {
+            return { exitCode: 0, output: computeAnonId() + "\n" };
+        }
+        default: {
+            return { exitCode: 2, output: `usage: great-cto telemetry <on|off|status|whoami>\n` };
+        }
     }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "great-cto",
-  "version": "2.7.0",
+  "version": "2.8.1",
   "description": "One command install for the great_cto Claude Code plugin. Auto-detects your stack, picks the right archetype, bootstraps PROJECT.md.",
   "keywords": [
     "claude-code",