CTO Toolkit
The ultimate Claude Code plugin for engineering leadership — 54 skills, 6 autonomous agents, 9 automation scripts, 9 intelligent hooks, and workflow orchestrators covering the full software engineering lifecycle. Now with declarative skill activation, model routing, and continuous learning.
Built for CTOs, VPs of Engineering, Staff Engineers, and Tech Leads who ship production software.
What's New in v3.1
- Declarative Skill Activation — All 54 skills now declare triggers in YAML frontmatter (frameworks, anti-patterns, score thresholds, file patterns, domains, dimension thresholds). Skills self-activate based on project context
- Model Routing — Skills and agents declare preferred model tier (haiku/sonnet/opus) with dynamic escalation. Security-critical tasks auto-upgrade to opus; quick scans use haiku for 10x cost savings
- Continuous Learning — New
session-learning.sh Stop hook tracks session patterns (languages, tests, security activity) and generates improvement insights every 10 sessions
- Auto-Activation — New
SessionStart hook scans the project, detects frameworks/file patterns, and suggests relevant skills automatically at the start of each session
- Model Routing Advisory — New
PostToolUse hook detects when security-critical or financial files are edited and suggests deeper analysis with opus-tier models
- Deploy Safety Guard — New
PreToolUse hook intercepts production deployment commands and verifies safety (explicit env, no --force, dry-run first)
- Agent Model Upgrades — adversarial-reviewer, architecture-reviewer, security-auditor, and release-readiness agents upgraded to opus by default with escalation rules
- Dependency Graph — Skills declare
depends-on for optimal execution ordering via topological sort
What's New in v3.0
- 12 New Skills — vendor-evaluation, engineering-budget, on-call-design, tech-debt-prioritization, api-gateway-patterns, multi-tenancy, feature-flags, domain-modeling, architecture-review-board, C#/.NET review, Swift/iOS review, Elixir/Phoenix review
- 22 New Reference Files — deep-dive docs for security (OWASP, JWT, RBAC), observability (OTEL, SLOs), database (PostgreSQL, N+1), incident response, pentest, Flutter, Kubernetes, and LGPD compliance
- 8 Automation Scripts — architecture lint, dependency audit, migration check, DORA metrics, compliance scan, dead code finder, test coverage gate, API breaking changes detector
- 4 New Hooks — Dockerfile security, SQL migration validation, test quality check, destructive command blocker
- Project Infrastructure — CONTRIBUTING.md, CHANGELOG.md, sync-skills.sh for multi-project synchronization
- Total: 42 reference files across 13 skills with actionable patterns and templates
Agents
Autonomous subagents that scan your codebase and produce comprehensive reports without manual guidance. Agents now declare model-routing with escalation rules — they start at a cost-efficient tier and upgrade to opus when critical findings are detected.
| Agent | Model | What it does |
|---|
architecture-reviewer | sonnet → opus | Scans the entire codebase and produces an Architecture Health Report with scores by dimension |
security-auditor | opus | Full security audit — secrets, OWASP Top 10, auth, injection, dependencies |
adversarial-reviewer | opus | Challenges architectural decisions — stress-tests ADRs, finds hidden risks, devil's advocate |
tech-debt-analyzer | sonnet → opus | Inventories all tech debt, prioritizes by ROI, produces a sprint reduction plan |
onboarding-guide | sonnet → opus | Explores the project and generates a complete Developer Onboarding Guide |
release-readiness | sonnet → opus | Evaluates production readiness — Go/No-Go report across 7 dimensions |
Workflow Orchestrators
| Skill | What it does |
|---|
full-review | Orchestrates code review + security + performance + database + architecture + testing into one consolidated report |
health-check | Runs architecture, tech debt, and security analysis to produce a Project Health Dashboard with scores and roadmap |
Skills (54 total)
Code Review (12 skills)
camilooscargbaptista