{"id":40340690,"url":"https://github.com/5dlabs/cto","last_synced_at":"2026-01-23T19:01:09.280Z","repository":{"id":333499504,"uuid":"1012684520","full_name":"5dlabs/cto","owner":"5dlabs","description":"Cognitive Task Orchestrator - GitOps on Bare Metal or Cloud for AI Agents","archived":false,"fork":false,"pushed_at":"2026-01-20T07:38:17.000Z","size":37555,"stargazers_count":1,"open_issues_count":15,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-20T16:43:38.689Z","etag":null,"topics":["ai-agents","ai-powered-development","autonomous-development","code-generation","devops-automation","github-automation","kubernetes-operator","mcp-protocol","rust"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/5dlabs.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yaml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null},"funding":{"github":["5dlabs"],"patreon":null,"open_collective":"5dlabs","ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":["https://5dlabs.com/sponsor"]}},"created_at":"2025-07-02T18:02:19.000Z","updated_at":"2026-01-20T07:38:19.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/5dlabs/cto","commit_stats":null,"previous_names":["5dlabs/cto"],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/5dlabs/cto","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5dlabs%2Fcto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5dlabs%2Fcto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5dlabs%2Fcto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5dlabs%2Fcto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/5dlabs","download_url":"https://codeload.github.com/5dlabs/cto/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5dlabs%2Fcto/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28698343,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-23T17:25:48.045Z","status":"ssl_error","status_checked_at":"2026-01-23T17:25:47.153Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","ai-powered-development","autonomous-development","code-generation","devops-automation","github-automation","kubernetes-operator","mcp-protocol","rust"],"created_at":"2026-01-20T09:02:28.929Z","updated_at":"2026-01-23T19:01:09.269Z","avatar_url":"https://github.com/5dlabs.png","language":"Rust","readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"assets/46de8cb0-c4ee-4982-94c4-180f5da96bc4.jpg\" alt=\"5D Labs Logo\" width=\"400px\"\u003e\n\n# **Cognitive Task Orchestrator**\n## **AI Engineering Team + Open Source Bare Metal Infrastructure** 🚀\n\n[![GitHub Stars](https://img.shields.io/github/stars/5dlabs/cto?style=for-the-badge\u0026logo=github\u0026logoColor=white\u0026labelColor=24292e\u0026color=0969da)](https://github.com/5dlabs/cto)\n[![Discord](https://img.shields.io/badge/Discord-5dlabs.ai-5865F2?style=for-the-badge\u0026logo=discord\u0026logoColor=white)](https://discord.gg/A6yydvjZKY)\n[![License](https://img.shields.io/badge/License-AGPL--3.0-blue?style=for-the-badge\u0026logo=gnu\u0026logoColor=white)](LICENSE)\n[![Kubernetes](https://img.shields.io/badge/Kubernetes-1.19+-326CE5?style=for-the-badge\u0026logo=kubernetes\u0026logoColor=white)](https://kubernetes.io/)\n\n### **💎 Self-Hosted AI Development Platform • Bare-Metal Ready • MCP Native 💎**\n*Deploy an autonomous engineering team on your own infrastructure—ship production code while slashing cloud \u0026 staffing costs*\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n## **💰 Why CTO?**\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\n### **🏗️ Full Engineering Team**\n13 specialized AI agents covering backend, frontend, QA, security, and DevOps—working 24/7\n\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\n### **🔧 Self-Hosted \u0026 Bare-Metal**\nDeploy on your own infrastructure: bare-metal servers, on-prem, or any cloud—no vendor lock-in\n\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\n### **💸 Massive Cost Savings**\nCut cloud bills with bare-metal deployment + reduce engineering headcount for routine tasks\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### **💵 Cost Comparison**\n\n| Traditional Approach | With CTO |\n|---------------------|----------|\n| $150k-250k/yr per engineer × 5-10 | **~$500-2k/mo** model usage (or self-host for near-zero) |\n| $5k-50k/mo managed cloud services | **60-80% savings** on bare-metal |\n| 24/7 on-call rotation costs | **Automated** self-healing |\n| Weeks to onboard new team members | **Instant** agent deployment |\n\n**Local Model Support**: Run Ollama, vLLM, or other local inference—bring your own GPUs and pay only for electricity.\n\n### **🔐 Bring Your Own Keys (BYOK)**\n\n- **Your API keys** — Anthropic, OpenAI, Google, etc. stored securely in your infrastructure\n- **Your infrastructure credentials** — Cloud (AWS, GCP, Azure) or bare-metal (Latitude, Hetzner) keys never leave your cluster\n- **Secret management with OpenBao** — Open-source HashiCorp Vault fork for enterprise-grade secrets\n- **Zero vendor lock-in** — Switch providers anytime, no data hostage situations\n\n### **🌐 Zero-Trust Networking**\n\n| Feature | Technology | What It Does |\n|---------|------------|--------------|\n| **Cloudflare Tunnels** | `cloudflared` | Expose services publicly without opening firewall ports — no public IPs needed, automatic TLS, global edge CDN |\n| **Kilo VPN** | WireGuard | Secure mesh VPN for remote cluster access — connect from anywhere with encrypted tunnels |\n| **OpenBao** | Vault fork | Centralized secrets management with dynamic credentials and audit logging |\n\nYour entire platform can run on air-gapped infrastructure while still being accessible from anywhere. No ingress controllers, no load balancers, no exposed ports—just secure outbound tunnels.\n\n### **🏭 Infrastructure Operators (Managed by Bolt)**\n\nReplace expensive managed cloud services with open-source Kubernetes operators:\n\n| Operator | Replaces | Savings | License |\n|----------|----------|---------|---------|\n| **CloudNative-PG** | AWS RDS PostgreSQL, Cloud SQL, Azure PostgreSQL | ~70-80% | Apache 2.0 |\n| **Percona MySQL** | AWS RDS MySQL, Aurora, Cloud SQL MySQL | ~70-80% | Apache 2.0 |\n| **Percona MongoDB** | MongoDB Atlas, DocumentDB | ~60-70% | Apache 2.0 |\n| **Strimzi Kafka** | AWS MSK, Confluent Cloud | ~60-70% | Apache 2.0 |\n| **RabbitMQ** | Amazon MQ, CloudAMQP | ~70-80% | MPL 2.0 |\n| **NATS** | AWS SNS/SQS, GCP Pub/Sub | ~80-90% | Apache 2.0 |\n| **SeaweedFS** | AWS S3, GCS, Azure Blob | ~80-90% | Apache 2.0 |\n| **Redis Operator** | ElastiCache, Memorystore | ~70-80% | Apache 2.0 |\n| **OpenSearch** | AWS OpenSearch, Elastic Cloud | ~60-70% | Apache 2.0 |\n| **ClickHouse** | BigQuery, Redshift, Snowflake | ~70-80% | Apache 2.0 |\n| **QuestDB** | TimescaleDB Cloud, InfluxDB Cloud | ~70-80% | Apache 2.0 |\n| **Keycloak** | AWS Cognito, Auth0, Okta | ~90%+ | Apache 2.0 |\n| **Temporal** | AWS Step Functions, Azure Logic Apps | ~80-90% | Apache 2.0 |\n| **ScyllaDB** | AWS DynamoDB, Cassandra Managed | ~70-80% | Apache 2.0 |\n\n**Bolt** automatically deploys, monitors, and maintains these operators—giving you managed-service reliability at self-hosted prices.\n\n### **🌐 Supported Infrastructure Providers**\n\nDeploy CTO on any infrastructure—bare-metal, on-premises, or cloud:\n\n#### **Bare-Metal Providers**\n\n| Provider | Description | Regions |\n|----------|-------------|---------|\n| **Latitude.sh** | Global bare-metal cloud with Gen4 10G+ networking | Americas, Europe, Asia-Pacific |\n| **Hetzner** | European dedicated servers with excellent price/performance | Germany, Finland |\n| **OVH** | European cloud \u0026 bare-metal with global reach | Europe, Americas, Asia-Pacific |\n| **Vultr** | Global bare-metal \u0026 cloud with simple pricing | 25+ locations worldwide |\n| **Scaleway** | European cloud provider with ARM \u0026 x86 options | France, Netherlands, Poland |\n| **Cherry Servers** | European bare-metal with high-performance networking | Lithuania, Netherlands |\n| **DigitalOcean** | Developer-friendly bare-metal droplets | Americas, Europe, Asia-Pacific |\n| **On-Premises** | Your own hardware with Talos Linux | Anywhere |\n\n#### **Cloud Providers**\n\n| Provider | Services | Description |\n|----------|----------|-------------|\n| **AWS** | EC2, EKS | Full AWS integration for hybrid deployments |\n| **Azure** | VMs, AKS | Microsoft Azure support for enterprise environments |\n| **GCP** | GCE, GKE | Google Cloud Platform integration |\n\nAll providers are managed through the `cto-metal` CLI with unified provisioning workflows.\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n## **🚧 Development Status**\n\n**Stay tuned for the official release!** 🚀\n\nThe platform is under active development.\n\n**Current Status:**\n✅ Core platform architecture implemented  \n✅ MCP server with dynamic tool registration  \n✅ Kubernetes controllers with self-healing  \n✅ GitHub Apps + Linear integration  \n✅ Bare-metal deployment (Latitude, Hetzner, OVH, Vultr, Scaleway, Cherry, DigitalOcean)  \n✅ Cloudflare Tunnels for public access without exposed interfaces  \n✅ Infrastructure operators (PostgreSQL, MySQL, MongoDB, Kafka, RabbitMQ, NATS, Redis, SeaweedFS, OpenSearch, ClickHouse, QuestDB, Keycloak, Temporal, ScyllaDB)  \n✅ Long-term memory with OpenMemory  \n✅ Parallel task batching for faster development  \n🔄 Documentation and onboarding improvements  \n🔄 Automatic agent provisioning (including GitHub App creation)  \n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n## **Meet Your AI Engineering Team**\n\n*Thirteen specialized agents with distinct personalities working together 24/7—your full-stack engineering department in a box*\n\n\u003cdiv align=\"center\"\u003e\n\n### **🎯 Project Management \u0026 Architecture**\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" width=\"100%\"\u003e\n\n### **Morgan**\n#### *The Technical Program Manager*\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"assets/morgan-avatar-512.png\" width=\"180\" height=\"180\" alt=\"Morgan Avatar\"\u003e\n\u003c/div\u003e\n\n🐕 **Personality:** Articulate \u0026 organized  \n📋 **Superpower:** Turns chaos into actionable roadmaps  \n💬 **Motto:** *\"A plan without tasks is just a wish.\"*\n\n**Morgan orchestrates project lifecycles—syncing GitHub Issues with Linear roadmaps, decomposing PRDs into sprint-ready tasks, and keeping stakeholders aligned through `intake()` MCP calls.**\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### **🦀 Backend Engineering Squad**\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"33%\"\u003e\n\n### **Rex**\n#### *The Rust Architect*\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"assets/rex-avatar-512.png\" width=\"180\" height=\"180\" alt=\"Rex Avatar\"\u003e\n\u003c/div\u003e\n\n🦀 **Stack:** Rust, Tokio, Axum  \n⚡ **Superpower:** Zero-cost abstractions at scale  \n💬 **Motto:** *\"If it compiles, it ships.\"*\n\n**Rex builds high-performance APIs, real-time services, and systems-level infrastructure. When microseconds matter, Rex delivers.**\n\n\u003c/td\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"33%\"\u003e\n\n### **Grizz**\n#### *The Go Specialist*\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"assets/grizz-avatar-512.png\" width=\"180\" height=\"180\" alt=\"Grizz Avatar\"\u003e\n\u003c/div\u003e\n\n🐻 **Stack:** Go, gRPC, PostgreSQL  \n🛠️ **Superpower:** Ships bulletproof services under pressure  \n💬 **Motto:** *\"Simple scales.\"*\n\n**Grizz builds backend services, REST/gRPC APIs, CLI tools, and Kubernetes operators. From simple CRUD to distributed systems—battle-tested reliability is his signature.**\n\n\u003c/td\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"33%\"\u003e\n\n### **Nova**\n#### *The Node.js Engineer*\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"assets/nova-avatar-512.png\" width=\"180\" height=\"180\" alt=\"Nova Avatar\"\u003e\n\u003c/div\u003e\n\n✨ **Stack:** Node.js, TypeScript, Fastify  \n🌌 **Superpower:** Rapid API development \u0026 integrations  \n💬 **Motto:** *\"Move fast, type safe.\"*\n\n**Nova builds REST/GraphQL APIs, serverless functions, and third-party integrations. Speed-to-market is her specialty.**\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### **🎨 Frontend Engineering Squad**\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"33%\"\u003e\n\n### **Blaze**\n#### *The Web App Developer*\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"assets/blaze-avatar-512.png\" width=\"180\" height=\"180\" alt=\"Blaze Avatar\"\u003e\n\u003c/div\u003e\n\n🎨 **Stack:** React, Next.js, shadcn/ui  \n✨ **Superpower:** Pixel-perfect responsive interfaces  \n💬 **Motto:** *\"Great UX is invisible.\"*\n\n**Blaze creates stunning web applications with modern component libraries. From dashboards to marketing sites, she delivers polished experiences.**\n\n\u003c/td\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"33%\"\u003e\n\n### **Tap**\n#### *The Mobile Developer*\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"assets/tap-avatar-512.png\" width=\"180\" height=\"180\" alt=\"Tap Avatar\"\u003e\n\u003c/div\u003e\n\n📱 **Stack:** Expo, React Native, NativeWind  \n🎯 **Superpower:** Cross-platform mobile excellence  \n💬 **Motto:** *\"One codebase, every pocket.\"*\n\n**Tap builds native-quality iOS and Android apps from a single TypeScript codebase. App Store ready, always.**\n\n\u003c/td\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"33%\"\u003e\n\n### **Spark**\n#### *The Desktop Developer*\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"assets/spark-avatar-512.png\" width=\"180\" height=\"180\" alt=\"Spark Avatar\"\u003e\n\u003c/div\u003e\n\n⚡ **Stack:** Electron, Tauri, React  \n🖥️ **Superpower:** Native desktop apps that feel right  \n💬 **Motto:** *\"Desktop isn't dead—it's evolved.\"*\n\n**Spark crafts cross-platform desktop applications with native integrations, system tray support, and offline-first architectures.**\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### **🛡️ Quality \u0026 Security Squad**\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"33%\"\u003e\n\n### **Cleo**\n#### *The Quality Guardian*\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"assets/cleo-avatar-512.png\" width=\"180\" height=\"180\" alt=\"Cleo Avatar\"\u003e\n\u003c/div\u003e\n\n🔍 **Personality:** Meticulous \u0026 wise  \n✨ **Superpower:** Spots code smells instantly  \n💬 **Motto:** *\"Excellence isn't negotiable.\"*\n\n**Cleo refactors for maintainability, enforces patterns, and ensures enterprise-grade code quality across every PR.**\n\n\u003c/td\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"33%\"\u003e\n\n### **Cipher**\n#### *The Security Sentinel*\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"assets/cipher-avatar-512.png\" width=\"180\" height=\"180\" alt=\"Cipher Avatar\"\u003e\n\u003c/div\u003e\n\n🛡️ **Personality:** Vigilant \u0026 protective  \n🔒 **Superpower:** Finds vulnerabilities before attackers  \n💬 **Motto:** *\"Trust nothing, verify everything.\"*\n\n**Cipher runs security audits, dependency scans, and ensures OWASP compliance across all workflows.**\n\n\u003c/td\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"33%\"\u003e\n\n### **Tess**\n#### *The Testing Genius*\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"assets/tess-avatar-512.png\" width=\"180\" height=\"180\" alt=\"Tess Avatar\"\u003e\n\u003c/div\u003e\n\n🕵️ **Personality:** Curious \u0026 thorough  \n🎪 **Superpower:** Finds edge cases others miss  \n💬 **Motto:** *\"If it can break, I'll find it first!\"*\n\n**Tess creates comprehensive test suites—unit, integration, and e2e—ensuring reliability before every merge.**\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### **🚀 Operations Squad**\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"33%\"\u003e\n\n### **Stitch**\n#### *The Automated Code Reviewer*\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"assets/stitch-avatar-512.png\" width=\"180\" height=\"180\" alt=\"Stitch Avatar\"\u003e\n\u003c/div\u003e\n\n🧵 **Personality:** Meticulous \u0026 tireless  \n🔎 **Superpower:** Reviews every PR with surgical precision  \n💬 **Motto:** *\"No loose threads.\"*\n\n**Stitch provides automated code review on every pull request—catches bugs, suggests improvements, and ensures consistency across your entire codebase.**\n\n\u003c/td\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"33%\"\u003e\n\n### **Atlas**\n#### *The Integration Master*\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"assets/atlas-avatar-512.png\" width=\"180\" height=\"180\" alt=\"Atlas Avatar\"\u003e\n\u003c/div\u003e\n\n🔗 **Personality:** Systematic \u0026 reliable  \n🌉 **Superpower:** Resolves merge conflicts automatically  \n💬 **Motto:** *\"Every branch finds its way home.\"*\n\n**Atlas manages PR merges, rebases stale branches, and ensures clean integration with trunk-based development.**\n\n\u003c/td\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"33%\"\u003e\n\n### **Bolt**\n#### *The Deployment Specialist*\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"assets/bolt-avatar-512.png\" width=\"180\" height=\"180\" alt=\"Bolt Avatar\"\u003e\n\u003c/div\u003e\n\n⚡ **Personality:** Fast \u0026 action-oriented  \n🚀 **Superpower:** Zero-downtime deployments  \n💬 **Motto:** *\"Ship it fast, ship it right!\"*\n\n**Bolt handles GitOps deployments, monitors rollouts, and ensures production health with automated rollbacks.**\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n\u003c/div\u003e\n\n---\n\n\u003c/div\u003e\n\n### 🌟 **The Magic: How Your AI Team Collaborates**\n\n\u003cdiv align=\"center\"\u003e\n\n**Watch the magic happen when they work together:**\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" width=\"20%\"\u003e\n\n**📚 Phase 1**  \n**Morgan** documents  \nrequirements \u0026 architecture\n\n*via `intake()`*\n\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"20%\"\u003e\n\n**⚡ Phase 2**  \n**Rex \u0026 Blaze** build  \nbackend + frontend\n\n*via `play()`*\n\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"20%\"\u003e\n\n**🛡️ Phase 3**  \n**Cleo, Tess, Cipher**  \nquality, testing, security\n\n*via `play()`*\n\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"20%\"\u003e\n\n**🔗 Phase 4**  \n**Stitch \u0026 Atlas**  \nreview, merge \u0026 integrate\n\n*via `play()`*\n\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"20%\"\u003e\n\n**🚀 Phase 5**  \n**Bolt** deploys  \nand distributes\n\n*via `play()`*\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n**💡 Project Flexibility:**\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" width=\"50%\"\u003e\n**🦀 Backend Projects**\u003cbr/\u003e\nRex (Rust) • Grizz (Go) • Nova (Node.js)\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"50%\"\u003e\n**🎨 Frontend Projects**\u003cbr/\u003e\nBlaze (Web/shadcn) • Tap (Mobile/Expo) • Spark (Desktop/Electron)\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" width=\"50%\"\u003e\n**🚀 Full-Stack Projects**\u003cbr/\u003e\nMix backend + frontend agents seamlessly\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"50%\"\u003e\n**🛡️ Quality Always**\u003cbr/\u003e\nCleo reviews • Tess tests • Cipher secures • Stitch code-reviews\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### **🎯 Result: Production-Ready Code**\n*Fast • Elegant • Tested • Documented • Secure*\n\n**It's like having a senior development team that never sleeps, never argues, and always delivers!** 🎭\n\n\u003c/div\u003e\n\n---\n\n## **⚡ What CTO Does**\n\nThe Cognitive Task Orchestrator provides a complete AI engineering platform:\n\n### **🚀 Unified Project Intake (`intake()`)**\n**Morgan** processes PRDs, generates tasks, and syncs with your project management tools.\n\n- Parses PRD and generates structured task breakdown\n- **Linear Integration**: Two-way sync with Linear roadmaps and sprints\n- **GitHub Projects**: Auto-creates issues and project boards\n- Enriches context via Firecrawl (auto-scrapes referenced URLs)\n- Creates comprehensive documentation (task.md, prompt.md, acceptance-criteria.md)\n- **XML Prompts**: Structured prompts optimized for AI agent consumption\n- Agent routing: automatically assigns frontend/backend/mobile tasks\n- Works with any supported model (Claude, GPT, Gemini, local models)\n\n### **🎮 Multi-Agent Play Workflows (`play()`)**\n**The entire team** orchestrates complex multi-agent workflows with event-driven coordination.\n\n- **Phase 1 - Intake**: Morgan documents requirements and architecture\n- **Phase 2 - Implementation**: Backend (Rex/Grizz/Nova) or Frontend (Blaze/Tap/Spark)\n- **Phase 3 - Quality**: Cleo reviews, Tess tests, Cipher secures\n- **Phase 4 - Integration**: Stitch code-reviews, Atlas merges and rebases\n- **Phase 5 - Deployment**: Bolt deploys and distributes\n- **Event-Driven Coordination**: Automatic handoffs between phases\n- **GitHub Integration**: Each phase submits detailed PRs\n- **Auto-Resume**: Continues from where you left off (task_id optional)\n\n### **🔧 Workflow Management**\nControl and monitor your AI development workflows:\n\n- **`jobs()`** - List all running workflows with status\n- **`stop_job()`** - Stop any running workflow gracefully\n- **`addTool()`** - Dynamically register new MCP tools at runtime\n\n### **🔄 Self-Healing Infrastructure**\nThe platform includes comprehensive self-healing capabilities:\n\n- **Platform Self-Healing**: Monitors CTO's own health—detects stuck workflows, pod failures, step timeouts, and auto-remediates\n- **Application Self-Healing**: Extends healing to your deployed apps—CI failures, silent errors, stale progress alerts\n- **Alert Types**: Comment order issues, silent failures, approval loops, post-Tess CI failures, pod failures, step timeouts, stuck CodeRuns\n- **Automated Remediation**: Spawns healing agents to diagnose and fix issues automatically\n\nAll operations run as **Kubernetes jobs** with enhanced reliability through TTL-safe reconciliation, preventing infinite loops and ensuring proper resource cleanup.\n\n---\n\n## **🚀 Getting Started**\n\n### Prerequisites\n- Access to any AI coding assistant (Claude Code, Cursor, Factory, Codex, OpenCode, etc.)\n- GitHub repository for your project\n\n---\n\n## **🏗️ Platform Architecture**\n\nThis is an integrated platform with crystal-clear data flow:\n\n### **🖥️ Supported AI CLIs**\n\nCTO works with your favorite AI coding assistant:\n\n| CLI | Description | Status |\n|-----|-------------|--------|\n| **Claude Code** | Anthropic's official CLI | ✅ Full support |\n| **Cursor** | AI-first code editor | ✅ Full support |\n| **Codex** | OpenAI's coding assistant | ✅ Full support |\n| **Factory** | Code Factory CLI | ✅ Full support |\n| **Gemini** | Google's AI assistant | ✅ Full support |\n| **OpenCode** | Open-source alternative | ✅ Full support |\n| **Dexter** | Lightweight AI CLI | ✅ Full support |\n\n### **🔧 Integrated Tools Library**\n\nDynamic MCP tool registration with 60+ pre-configured tools:\n\n| Category | Tools |\n|----------|-------|\n| **Kubernetes** | Pod logs, exec, resource CRUD, events, metrics, Helm operations |\n| **ArgoCD** | Application sync, logs, events, GitOps management |\n| **GitHub** | PRs, issues, code scanning, secret scanning, repository management |\n| **Context7** | Library documentation lookup and code examples |\n| **OpenMemory** | Persistent memory across agent sessions |\n\n**Frontend Stack Options**: Blaze supports two frontend philosophies:\n- **shadcn Stack** (default): Next.js App Router + shadcn/ui + Server Actions + React Query\n- **TanStack Stack**: TanStack Router + DB + Query + Table + Form + Virtual for client-first, reactive UIs\n\nConfigure via `frontendStack: \"shadcn\" | \"tanstack\"` in Blaze's agent config or let Morgan auto-detect based on PRD keywords\n\n**Component Architecture:**\n- **MCP Server (`cto-mcp`)**: Handles MCP protocol calls from any CLI with dynamic tool registration\n- **Controller Service**: Kubernetes controller that manages CodeRun CRDs via Argo Workflows\n- **Healer Service**: Self-healing daemon monitoring platform and application health\n- **Argo Workflows**: Orchestrates agent deployment through workflow templates\n- **CodeRun Controller**: Reconciles CodeRun resources with TTL-safe job management\n- **Agent Workspaces**: Isolated persistent volumes for each service with session continuity\n- **GitHub Apps + Linear**: Secure authentication and project management integration\n- **Cloudflare Tunnels**: Expose services publicly without opening firewall ports\n\n### **🌐 Cloudflare Tunnels**\n\nAccess your services from anywhere without exposing your infrastructure:\n\n- **Zero External Interface**: No public IPs or open firewall ports required\n- **Automatic TLS**: End-to-end encryption via Cloudflare\n- **Global Edge**: Low-latency access from anywhere in the world\n- **Secure by Default**: Traffic routes through Cloudflare's network\n\n**Data Flow:**\n1. Any CLI calls MCP tools (`intake()`, `play()`, etc.) via MCP protocol\n2. MCP server loads configuration from your MCP config and applies defaults\n3. MCP server submits workflow to Argo with all required parameters\n4. Argo Workflows creates CodeRun custom resources\n5. CodeRun controller reconciles CRDs with idempotent job management\n6. Controller deploys configured CLI agents as Jobs with workspace isolation\n7. Agents authenticate via GitHub Apps and complete work\n8. Agents submit GitHub PRs with automatic cleanup\n9. Healer monitors for issues and auto-remediates failures\n\n---\n\n## **📦 Installation**\n\n### **🔧 Deployment Options**\n\nCTO runs anywhere you have Kubernetes—from bare-metal servers to managed cloud:\n\n| Deployment Type | Providers | Best For |\n|-----------------|-----------|----------|\n| **Bare-Metal** | Latitude, Hetzner, OVH, Vultr, Scaleway, Cherry, DigitalOcean | Maximum cost savings, data sovereignty |\n| **On-Premises** | Any server with Talos Linux | Air-gapped environments, full control |\n| **Cloud** | AWS, Azure, GCP | Existing cloud infrastructure |\n\n### Deploy on Bare-Metal (Recommended)\n\nSave 60-80% vs cloud by running on dedicated servers:\n\n```bash\n# Bootstrap a Talos cluster on bare-metal (Latitude example)\ncto-metal init --provider latitude --region MIA --plan c3-large-x86 --nodes 3\n\n# Or use your own hardware\ncto-metal init --provider onprem --config ./my-servers.yaml\n\n# Deploy CTO platform\nhelm repo add 5dlabs https://5dlabs.github.io/cto\nhelm install cto 5dlabs/cto --namespace cto --create-namespace\n```\n\n**Supported Bare-Metal Providers:**\n- **Latitude.sh** - Global bare-metal cloud\n- **Hetzner** - European dedicated servers\n- **OVH** - European cloud \u0026 bare-metal\n- **Vultr** - Global bare-metal \u0026 cloud\n- **Scaleway** - European cloud provider\n- **Cherry Servers** - European bare-metal\n- **DigitalOcean** - Droplets \u0026 bare-metal\n\n### Deploy on Existing Kubernetes\n\n```bash\n# Add the 5dlabs Helm repository\nhelm repo add 5dlabs https://5dlabs.github.io/cto\nhelm repo update\n\n# Install Custom Resource Definitions (CRDs) first\nkubectl apply -f https://raw.githubusercontent.com/5dlabs/cto/main/infra/charts/cto/crds/platform-crds.yaml\n\n# Install the cto\nhelm install cto 5dlabs/cto --namespace cto --create-namespace\n\n# Setup agent secrets (interactive)\nwget https://raw.githubusercontent.com/5dlabs/cto/main/infra/scripts/setup-agent-secrets.sh\nchmod +x setup-agent-secrets.sh\n./setup-agent-secrets.sh --help\n```\n\n**Requirements:**\n- Kubernetes 1.19+\n- Helm 3.2.0+\n- GitHub Personal Access Token (or GitHub App)\n- API key for your preferred model provider (Anthropic, OpenAI, Google, or local)\n\n**What you get:**\n- Complete CTO platform deployed to Kubernetes\n- Self-healing infrastructure monitoring\n- CodeRun controller with TTL-safe reconciliation\n- Agent workspace management and isolation with persistent volumes\n- Automatic resource cleanup and job lifecycle management\n- MCP tools with dynamic registration\n- Cloudflare Tunnels for secure public access\n\n### Remote Cluster Access with Kilo VPN\n\nKilo is an open-source WireGuard-based VPN that provides secure access to cluster services. It's deployed automatically via ArgoCD.\n\n**Client Setup:**\n\n1. Install WireGuard and kgctl:\n```bash\n# macOS\nbrew install wireguard-tools\ngo install github.com/squat/kilo/cmd/kgctl@latest\n\n# Linux\nsudo apt install wireguard-tools\ngo install github.com/squat/kilo/cmd/kgctl@latest\n```\n\n2. Generate your WireGuard keys and create a Peer resource (see `docs/vpn/kilo-client-setup.md`)\n\n3. Connect to access cluster services:\n```bash\nsudo wg-quick up ~/.wireguard/kilo.conf\n```\n\nThis enables direct access to:\n- ClusterIPs (e.g., `curl http://10.x.x.x:port`)\n- Service DNS (e.g., `curl http://service.namespace.svc.cluster.local`)\n\nSee `docs/vpn/kilo-client-setup.md` for full setup instructions.\n\n### Install MCP Server\n\nFor CLI integration (Cursor, Claude Code, etc.), install the MCP server:\n\n```bash\n# One-liner installer (Linux/macOS)\ncurl --proto '=https' --tlsv1.2 -LsSf https://github.com/5dlabs/cto/releases/download/v0.2.0/tools-installer.sh | sh\n\n# Verify installation\ncto-mcp --help   # MCP server for any CLI\n```\n\n**What you get:**\n- `cto-mcp` - MCP server that integrates with any CLI\n- Multi-platform support (Linux x64/ARM64, macOS Intel/Apple Silicon)\n- Automatic installation to system PATH\n\n---\n\n## **⚙️ Configuration**\n\nCTO uses a **two-file configuration approach** for maximum compatibility across all AI coding assistants:\n\n1. **MCP Server Registration** (`.cursor/mcp.json`) — Minimal config to register the MCP server with your CLI\n2. **CTO Configuration** (`cto-config.json`) — Full platform configuration auto-detected from your project\n\n### Step 1: Register the MCP Server\n\nCreate `.cursor/mcp.json` (or equivalent for your CLI) with the minimal MCP server registration:\n\n```json\n{\n  \"mcpServers\": {\n    \"cto-mcp\": {\n      \"command\": \"cto-mcp\",\n      \"args\": []\n    }\n  }\n}\n```\n\nThat's it! The MCP server will **auto-detect** your `cto-config.json` from the current working directory.\n\n\u003e **Note**: Cursor's MCP protocol only supports `command`, `args`, `env`, and `envFile` fields. The `cto-mcp` server handles all CTO-specific configuration via a separate config file for maximum compatibility.\n\n### Step 2: Create Your CTO Configuration\n\nCreate `cto-config.json` in your project root (or `~/.config/cto/config.json` for global defaults):\n\n```json\n{\n  \"version\": \"1.0\",\n  \"defaults\": {\n    \"docs\": {\n      \"model\": \"your-docs-model\",\n      \"githubApp\": \"5DLabs-Morgan\",\n      \"includeCodebase\": false,\n      \"sourceBranch\": \"main\"\n    },\n    \"intake\": {\n      \"githubApp\": \"5DLabs-Morgan\",\n      \"primary\": { \"model\": \"opus\", \"provider\": \"claude-code\" },\n      \"research\": { \"model\": \"opus\", \"provider\": \"claude-code\" },\n      \"fallback\": { \"model\": \"gpt-5\", \"provider\": \"openai\" }\n    },\n    \"play\": {\n      \"model\": \"your-play-model\",\n      \"cli\": \"factory\",\n      \"implementationAgent\": \"5DLabs-Rex\",\n      \"frontendAgent\": \"5DLabs-Blaze\",\n      \"qualityAgent\": \"5DLabs-Cleo\",\n      \"securityAgent\": \"5DLabs-Cipher\",\n      \"testingAgent\": \"5DLabs-Tess\",\n      \"repository\": \"your-org/your-repo\",\n      \"service\": \"your-service\",\n      \"docsRepository\": \"your-org/your-docs-repo\",\n      \"docsProjectDirectory\": \"docs\",\n      \"workingDirectory\": \".\",\n      \"maxRetries\": 10,\n      \"autoMerge\": true,\n      \"parallelExecution\": true\n    }\n  },\n  \"agents\": {\n    \"morgan\": {\n      \"githubApp\": \"5DLabs-Morgan\",\n      \"cli\": \"claude\",\n      \"model\": \"your-model\",\n      \"maxTokens\": 8192,\n      \"temperature\": 0.8,\n      \"modelRotation\": {\n        \"enabled\": true,\n        \"models\": [\"model-a\", \"model-b\"]\n      },\n      \"tools\": {\n        \"remote\": [\n          \"brave_search_brave_web_search\",\n          \"openmemory_openmemory_query\",\n          \"openmemory_openmemory_store\",\n          \"github_search_issues\",\n          \"github_create_issue\"\n        ],\n        \"localServers\": {}\n      }\n    },\n    \"rex\": {\n      \"githubApp\": \"5DLabs-Rex\",\n      \"cli\": \"factory\",\n      \"model\": \"your-model\",\n      \"maxTokens\": 64000,\n      \"temperature\": 0.7,\n      \"reasoningEffort\": \"high\",\n      \"modelRotation\": {\n        \"enabled\": true,\n        \"models\": [\"model-a\", \"model-b\", \"model-c\"]\n      },\n      \"tools\": {\n        \"remote\": [\n          \"brave_search_brave_web_search\",\n          \"context7_resolve_library_id\",\n          \"context7_get_library_docs\",\n          \"github_create_pull_request\",\n          \"github_push_files\",\n          \"openmemory_openmemory_query\"\n        ],\n        \"localServers\": {}\n      }\n    },\n    \"blaze\": {\n      \"githubApp\": \"5DLabs-Blaze\",\n      \"cli\": \"factory\",\n      \"model\": \"your-model\",\n      \"maxTokens\": 64000,\n      \"temperature\": 0.6,\n      \"reasoningEffort\": \"high\",\n      \"modelRotation\": {\n        \"enabled\": true,\n        \"models\": [\"model-a\", \"model-b\"]\n      },\n      \"tools\": {\n        \"remote\": [\n          \"context7_resolve_library_id\",\n          \"context7_get_library_docs\",\n          \"shadcn_list_components\",\n          \"shadcn_get_component\",\n          \"ai_elements_get_ai_elements_components\",\n          \"github_create_pull_request\"\n        ],\n        \"localServers\": {}\n      }\n    },\n    \"cleo\": {\n      \"githubApp\": \"5DLabs-Cleo\",\n      \"cli\": \"claude\",\n      \"model\": \"your-model\",\n      \"maxTokens\": 2048,\n      \"temperature\": 0.3,\n      \"modelRotation\": { \"enabled\": true, \"models\": [\"model-a\", \"model-b\"] },\n      \"tools\": {\n        \"remote\": [\n          \"github_get_pull_request\",\n          \"github_get_pull_request_files\",\n          \"github_create_pull_request_review\"\n        ],\n        \"localServers\": {}\n      }\n    },\n    \"cipher\": {\n      \"githubApp\": \"5DLabs-Cipher\",\n      \"cli\": \"cursor\",\n      \"model\": \"your-model\",\n      \"maxTokens\": 200000,\n      \"reasoningEffort\": \"high\",\n      \"role\": \"Security Agent\",\n      \"modelRotation\": { \"enabled\": true, \"models\": [\"model-a\", \"model-b\"] },\n      \"tools\": {\n        \"remote\": [\n          \"github_list_code_scanning_alerts\",\n          \"github_list_secret_scanning_alerts\",\n          \"hexstrike_trivy_scan\",\n          \"hexstrike_kube_bench_check\",\n          \"hexstrike_gitleaks_scan\"\n        ],\n        \"localServers\": {}\n      }\n    },\n    \"tess\": {\n      \"githubApp\": \"5DLabs-Tess\",\n      \"cli\": \"claude\",\n      \"model\": \"your-model\",\n      \"maxTokens\": 4096,\n      \"temperature\": 0.7,\n      \"modelRotation\": { \"enabled\": true, \"models\": [\"model-a\", \"model-b\"] },\n      \"tools\": {\n        \"remote\": [\n          \"kubernetes_listResources\",\n          \"kubernetes_getPodsLogs\",\n          \"github_get_pull_request_status\"\n        ],\n        \"localServers\": {}\n      }\n    },\n    \"atlas\": {\n      \"githubApp\": \"5DLabs-Atlas\",\n      \"cli\": \"claude\",\n      \"model\": \"your-model\",\n      \"modelRotation\": { \"enabled\": false, \"models\": [] },\n      \"tools\": {\n        \"remote\": [\n          \"github_create_pull_request\",\n          \"github_push_files\",\n          \"github_create_branch\"\n        ],\n        \"localServers\": {}\n      }\n    },\n    \"bolt\": {\n      \"githubApp\": \"5DLabs-Bolt\",\n      \"cli\": \"claude\",\n      \"model\": \"your-model\",\n      \"modelRotation\": { \"enabled\": true, \"models\": [\"model-a\", \"model-b\"] },\n      \"tools\": {\n        \"remote\": [\n          \"kubernetes_listResources\",\n          \"kubernetes_helmInstall\",\n          \"kubernetes_helmUpgrade\",\n          \"github_merge_pull_request\"\n        ],\n        \"localServers\": {}\n      }\n    }\n  }\n}\n```\n\n### Config File Auto-Detection\n\nThe `cto-mcp` server automatically searches for configuration in this order:\n\n1. `./cto-config.json` — Current working directory (project-specific)\n2. `./.cursor/cto-config.json` — Cursor config directory\n3. `~/.config/cto/config.json` — User global config (fallback)\n\nThis allows you to:\n- **Per-project configs**: Different settings for different repositories\n- **Global defaults**: Fall back to user-wide defaults when no project config exists\n- **Override hierarchy**: Project configs override global configs\n\n### Configuration Reference\n\n**Key Features:**\n- **CLI \u0026 Model Rotation**: Configure different CLIs and models per agent—rotate between providers for cost optimization or capability matching\n- **Automatic ArgoCD Management**: Platform manages ArgoCD applications and GitOps deployments automatically\n- **Parallel Execution**: Run multiple agents simultaneously for faster development cycles\n- **Tool Profiles**: Fine-grained control over which tools each agent can access\n- **Security Scanning**: Integrated Hexstrike tools for vulnerability scanning, secret detection, and compliance checks\n\n**Agent Configuration Fields:**\n- **`githubApp`**: GitHub App name for authentication\n- **`cli`**: Which CLI to use (`claude`, `cursor`, `codex`, `opencode`, `factory`)\n- **`model`**: Model identifier for the CLI\n- **`maxTokens`**: Maximum tokens for agent responses\n- **`temperature`**: Model temperature (creativity vs determinism)\n- **`reasoningEffort`**: Reasoning effort level (`low`, `medium`, `high`)\n- **`modelRotation`**: Enable automatic model rotation for resilience and cost optimization\n- **`frontendStack`** (Blaze only): Frontend stack choice - `\"shadcn\"` (default) or `\"tanstack\"`\n- **`tools.remote`**: Array of remote MCP tool names\n- **`tools.localServers`**: Local MCP server configurations\n\n**Usage:**\n1. Register `cto-mcp` in your CLI's MCP config (`.cursor/mcp.json`)\n2. Create `cto-config.json` in your project root with your settings\n3. Restart your CLI to load the MCP server\n4. All MCP tools will be available with your configured defaults\n\n---\n\n## **🎨 Multi-CLI Support**\n\nThe platform supports multiple AI coding assistants with the same unified architecture. Choose the CLI that best fits your workflow:\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" width=\"20%\"\u003e\n\n### **Claude Code**\nOfficial Anthropic CLI\n- **Native Integration**\n- Best for Claude models\n- Enterprise-ready\n\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"20%\"\u003e\n\n### **Cursor**\nPopular AI editor\n- **VS Code-based**\n- Rich IDE features\n- Excellent UX\n\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"20%\"\u003e\n\n### **Codex**\nMulti-model support\n- **Provider Agnostic**\n- Flexible configuration\n- OpenAI, Anthropic, more\n\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"20%\"\u003e\n\n### **OpenCode**\nOpen-source CLI\n- **Community Driven**\n- Extensible architecture\n- Full transparency\n\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"20%\"\u003e\n\n### **Factory**\nAutonomous AI CLI\n- **Auto-Run Mode**\n- Unattended execution\n- CI/CD optimized\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n**How It Works:**\n- Each agent in your MCP config specifies its `cli` and `model`\n- Controllers automatically use the correct CLI for each agent\n- All CLIs follow the same template structure\n- Seamless switching between CLIs per-agent\n\n**Example Multi-CLI Configuration:**\n```json\n{\n  \"agents\": {\n    \"morgan\": {\n      \"githubApp\": \"5DLabs-Morgan\",\n      \"cli\": \"claude\",\n      \"model\": \"claude-opus-4-20250514\",\n      \"tools\": {\n        \"remote\": [\"brave_search_brave_web_search\"]\n      }\n    },\n    \"rex\": {\n      \"githubApp\": \"5DLabs-Rex\",\n      \"cli\": \"factory\",\n      \"model\": \"gpt-5-factory-high\",\n      \"tools\": {\n        \"remote\": [\"memory_create_entities\"]\n      }\n    },\n    \"blaze\": {\n      \"githubApp\": \"5DLabs-Blaze\",\n      \"cli\": \"opencode\",\n      \"model\": \"claude-sonnet-4-20250514\",\n      \"tools\": {\n        \"remote\": [\"brave_search_brave_web_search\"]\n      }\n    },\n    \"cleo\": {\n      \"githubApp\": \"5DLabs-Cleo\",\n      \"cli\": \"cursor\",\n      \"model\": \"claude-sonnet-4-20250514\",\n      \"tools\": {\n        \"localServers\": {\n          \"filesystem\": {\"enabled\": true, \"tools\": [\"read_file\", \"write_file\"]}\n        }\n      }\n    },\n    \"tess\": {\n      \"githubApp\": \"5DLabs-Tess\",\n      \"cli\": \"codex\",\n      \"model\": \"gpt-4o\",\n      \"tools\": {\n        \"remote\": [\"memory_add_observations\"]\n      }\n    }\n  }\n}\n```\n\nEach agent independently configured with its own CLI, model, and tool access.\n\n---\n\n## **🔧 MCP Tools (Model Context Protocol)**\n\nThe platform includes built-in MCP tools for project management, workflow orchestration, and infrastructure provisioning:\n\n### **🎯 Project \u0026 Workflow Tools**\n\n- **`intake()`** — Project onboarding — parses PRDs, generates tasks, and creates documentation\n- **`play()`** — Full orchestration — coordinates the entire team through build/test/deploy phases\n- **`play_status()`** — Query workflow progress — shows active workflows, next tasks, and blocked tasks\n- **`jobs()`** — List running workflows — view all active Argo workflows with status\n- **`stop_job()`** — Stop workflows — gracefully terminate running workflows\n- **`input()`** — Send messages — communicate with running agent jobs in real-time\n\n### **🔌 MCP Server Management**\n\n- **`add_mcp_server()`** — Add MCP servers — install new MCP servers from GitHub repos with auto-PR and merge\n- **`remove_mcp_server()`** — Remove MCP servers — uninstall MCP servers with auto-cleanup\n- **`update_mcp_server()`** — Update MCP servers — refresh server configs from upstream repos\n\n### **🖥️ CLI Tools**\n\n| Tool | Description |\n|------|-------------|\n| **`cto-mcp`** | MCP server that integrates with any AI coding CLI (Claude, Cursor, Codex, Factory, etc.) |\n| **`cto-metal`** | Bare-metal provisioning CLI for Talos Linux clusters on any provider |\n| **`cto-installer`** | Platform installation and validation tool |\n\n### **🔧 Integrated MCP Servers**\n\nThe platform includes 17 pre-configured MCP servers proxied through the tools service:\n\n| Server | Description | Transport |\n|--------|-------------|-----------|\n| **OpenMemory** | Long-term memory system for AI agents | HTTP |\n| **Context7** | Up-to-date library documentation and code examples | stdio |\n| **Docker** | Docker container management | stdio |\n| **Kubernetes** | Kubernetes cluster management with Helm support | stdio |\n| **Terraform** | Terraform Registry API integration | stdio |\n| **GitHub** | GitHub API operations for repos, issues, PRs, and code scanning | stdio |\n| **shadcn/ui** | Official shadcn/ui MCP server - browse, search, and install components | stdio |\n| **AI Elements** | AI-native UI component library for chat interfaces and streaming UIs | HTTP |\n| **Playwright** | Headless browser automation for visual testing - navigate, interact, screenshot | stdio |\n| **PostgreSQL AI Guide** | AI-optimized PostgreSQL expertise with semantic search over official docs | HTTP |\n| **Solana** | Solana blockchain development tools | HTTP |\n| **Firecrawl** | Web scraping, crawling, and content extraction with search capabilities | stdio |\n| **Grafana** | Dashboards, alerts, Prometheus/Loki queries, and incident management | stdio |\n| **Loki** | Query and analyze Grafana Loki logs with LogQL | stdio |\n| **Prometheus** | Query and analyze Prometheus metrics with PromQL | stdio |\n| **Cloudflare** | Workers, DNS, security, and edge computing management | HTTP |\n| **Rust Tools** | Rust analyzer integration (local, runs in agent containers) | stdio |\n\n### **📚 Available Tool Categories**\n\n#### **Context7** — Library Documentation\n- `resolve_library_id` — Find library IDs for documentation lookup\n- `get_library_docs` — Get up-to-date docs and code examples\n\n#### **Kubernetes** — Cluster Management\n- **Pods**: `pods_log`, `pods_exec`, `pods_list`, `pods_get`\n- **Resources**: `listResources`, `getResource`, `describeResource`, `createResource`\n- **Monitoring**: `getEvents`, `getPodsLogs`, `getPodMetrics`, `getNodeMetrics`, `getAPIResources`\n- **Helm**: `helmList`, `helmGet`, `helmHistory`, `helmInstall`, `helmUpgrade`, `helmRollback`, `helmUninstall`, `helmRepoAdd`, `helmRepoList`\n\n#### **ArgoCD** — GitOps Management\n- `get_application` — Get application details and status\n- `sync_application` — Trigger application sync\n- `get_application_workload_logs` — View workload logs\n- `get_application_events` — View application events\n\n#### **GitHub** — Repository \u0026 Code Management\n- **Repositories**: `search_repositories`, `create_repository`, `get_file_contents`\n- **Pull Requests**: `create_pull_request`, `get_pull_request`, `update_pull_request`, `list_pull_requests`, `merge_pull_request`, `get_pull_request_status`, `get_pull_request_files`, `get_pull_request_comments`, `add_pull_request_review_comment`, `create_pull_request_review`\n- **Issues**: `search_issues`, `create_issue`, `get_issue`, `list_issues`, `update_issue`, `add_issue_comment`\n- **Code**: `push_files`, `create_or_update_file`, `create_branch`, `list_commits`, `search_code`\n- **Security**: `list_code_scanning_alerts`, `get_code_scanning_alert`, `list_secret_scanning_alerts`, `get_secret_scanning_alert`\n\n#### **OpenMemory** — Agent Memory\n- `openmemory_query` — Search memories by context\n- `openmemory_store` — Store new memories\n- `openmemory_list` — List all memories\n- `openmemory_reinforce` — Strengthen memory associations\n- `openmemory_get` — Retrieve specific memories\n\n#### **Firecrawl** — Web Scraping\n- `scrape` — Scrape content from a single URL\n- `crawl` — Crawl a website and extract content from multiple pages\n- `search` — Search the web and extract content from results\n- `map` — Discover all URLs on a website\n\n#### **Playwright** — Browser Automation\n- `navigate` — Navigate to a URL\n- `screenshot` — Take screenshots of pages\n- `click` — Click on elements\n- `fill` — Fill form fields\n- `evaluate` — Execute JavaScript in the browser\n\n#### **Terraform** — Infrastructure as Code\n- Registry API for provider and module documentation\n\n#### **shadcn/ui** — Component Library\n- `list_components` — List available shadcn/ui components\n- `get_component` — Get component source code and demos\n- `install_component` — Install components to your project\n\n#### **AI Elements** — UI Components\n- `get_ai_elements_components` — Browse AI-native UI components for chat and streaming interfaces\n\n#### **PostgreSQL AI Guide** — Database Expertise\n- Semantic search over PostgreSQL documentation and best practices\n\n#### **Solana** — Blockchain Development\n- Solana blockchain tools for Web3 development\n\n#### **Grafana** — Observability \u0026 Dashboards\n- `search_dashboards` — Find dashboards by title\n- `get_dashboard_by_uid` — Retrieve full dashboard details\n- `query_prometheus` — Execute PromQL queries\n- `query_loki_logs` — Run LogQL queries\n- `list_alert_rules` — View alert rules and statuses\n- `list_incidents` — Search and manage incidents\n- `list_datasources` — View configured datasources\n\n#### **Loki** — Log Aggregation\n- `loki_query` — Query logs with LogQL\n- Supports time ranges, limits, and multi-tenant org IDs\n\n#### **Prometheus** — Metrics \u0026 Monitoring\n- `execute_query` — Execute instant PromQL queries\n- `execute_range_query` — Execute range queries with step intervals\n- `list_metrics` — List available metrics with filtering\n- `get_metric_metadata` — Get metadata for specific metrics\n- `get_targets` — View all scrape targets\n\n#### **Cloudflare** — Edge \u0026 CDN\n- Workers development and deployment\n- DNS management and analytics\n- Security configuration\n- Edge computing primitives\n\n### Detailed Tool Reference\n\n### 1. **`intake()` - Unified Project Intake** ⭐ NEW\nProcess PRDs, generate tasks, and create comprehensive documentation in one operation.\n\n```javascript\n// Minimal call - handles everything\nintake({\n  project_name: \"my-awesome-app\"\n});\n\n// Customize with options\nintake({\n  project_name: \"my-awesome-app\",\n  enrich_context: true,        // Auto-scrape URLs via Firecrawl\n  include_codebase: false,     // Include existing code context\n  model: \"your-preferred-model\" // Any supported model\n});\n```\n\n**What unified intake does:**\n✅ Parses PRD and generates structured task breakdown  \n✅ Enriches context by scraping URLs found in PRD (via Firecrawl)  \n✅ Creates comprehensive documentation (task.md, prompt.md, acceptance-criteria.md)  \n✅ **XML Prompts**: Generates task.xml with structured prompts optimized for AI agents  \n✅ Adds agent routing hints for frontend/backend task assignment  \n✅ Submits single PR with complete project structure  \n✅ Works with any supported model provider\n\n### 2. **`play()` - Multi-Agent Orchestration**\nExecutes complex multi-agent workflows with event-driven coordination.\n\n```javascript\n// Minimal call - auto-resumes from where you left off\nplay();\n\n// Or specify a task\nplay({\n  task_id: 1  // optional - auto-detects if omitted\n});\n\n// Customize agent assignments\nplay({\n  implementation_agent: \"rex\",\n  quality_agent: \"cleo\",\n  repository: \"myorg/my-project\"\n});\n```\n\n**What the team does:**\n✅ **Phase 1 - Intake**: Morgan documents requirements and architecture  \n✅ **Phase 2 - Implementation**: Backend (Rex/Grizz/Nova) or Frontend (Blaze/Tap/Spark) builds the feature  \n✅ **Phase 3 - Quality**: Cleo reviews, Tess tests, Cipher secures  \n✅ **Phase 4 - Integration**: Stitch code-reviews, Atlas merges and rebases  \n✅ **Phase 5 - Deployment**: Bolt deploys and distributes  \n✅ **Parallel Task Batching**: Run multiple tasks simultaneously for faster development  \n✅ **Automatic Integration \u0026 Testing**: CI runs automatically, agents fix failures  \n✅ **Long-Term Memory**: OpenMemory persists context across sessions and agents  \n✅ **Event-Driven**: Automatic phase transitions  \n✅ **Auto-Resume**: Continues from where you left off\n\n### 3. **`jobs()` - Workflow Status**\nList all running Argo workflows with simplified status info.\n\n```javascript\n// List all workflows\njobs();\n\n// Filter by type\njobs({\n  include: [\"play\", \"intake\"]\n});\n\n// Specify namespace\njobs({\n  namespace: \"cto\"\n});\n```\n\n**Returns:** List of active workflows with type, name, phase, and status\n\n### 4. **`stop_job()` - Workflow Control**\nStop any running Argo workflow gracefully.\n\n```javascript\n// Stop a specific workflow\nstop_job({\n  job_type: \"play\",\n  name: \"play-workflow-abc123\"\n});\n\n// Stop with explicit namespace\nstop_job({\n  job_type: \"intake\",\n  name: \"intake-workflow-xyz789\",\n  namespace: \"cto\"\n});\n```\n\n**Workflow types:** `intake`, `play`, `workflow`\n\n---\n\n## **📋 Complete MCP Tool Parameters**\n\n### `docs` Tool Parameters\n\n**Required:**\n- `working_directory` - Working directory for the project (e.g., `\"projects/simple-api\"`)\n\n**Optional (with config defaults):**\n- `agent` - Agent name to use (defaults to `defaults.docs.githubApp` mapping)\n- `model` - Model to use for the docs agent (defaults to `defaults.docs.model`)\n- `source_branch` - Source branch to work from (defaults to `defaults.docs.sourceBranch`)\n- `include_codebase` - Include existing codebase as context (defaults to `defaults.docs.includeCodebase`)\n\n### `play` Tool Parameters\n\n**All parameters are optional** — the platform auto-resumes from where you left off:\n\n- `task_id` - Task ID to implement (auto-detected if omitted)\n\n**Optional (with config defaults):**\n- `repository` - Target repository URL (e.g., `\"5dlabs/cto\"`) (defaults to `defaults.play.repository`)\n- `service` - Service identifier for persistent workspace (defaults to `defaults.play.service`)\n- `docs_repository` - Documentation repository URL (defaults to `defaults.play.docsRepository`)\n- `docs_project_directory` - Project directory within docs repository (defaults to `defaults.play.docsProjectDirectory`)\n- `implementation_agent` - Agent for implementation work (defaults to `defaults.play.implementationAgent`)\n- `quality_agent` - Agent for quality assurance (defaults to `defaults.play.qualityAgent`)\n- `testing_agent` - Agent for testing and validation (defaults to `defaults.play.testingAgent`)\n- `model` - Model to use for play-phase agents (defaults to `defaults.play.model`)\n\n---\n\n## **🎨 Template Customization**\n\nThe platform uses a template system to customize agent behavior, settings, and prompts. Templates are Handlebars (`.hbs`) files rendered with task-specific data at runtime. Multi-CLI support lives alongside these templates so Claude, Codex, and future CLIs follow the same structure.\n\n**Model Defaults**: Models are configured through your MCP config defaults (and can be overridden via MCP parameters). Any supported model for a CLI can be supplied via configuration.\n\n### Template Architecture\n\nAll templates live under `templates/` with agent and CLI-specific subdirectories:\n\n**Agent Templates**\n\nEach agent has flat job-type templates in `templates/agents/{agent}/`:\n\n- **System Prompts**: `templates/agents/{agent}/{job}.md.hbs`\n- **Container Scripts**: Use shared `templates/_shared/container.sh.hbs` (except `morgan/intake.sh.hbs`)\n\nExamples:\n- Morgan intake: `templates/agents/morgan/intake.md.hbs` (+ `intake.sh.hbs`)\n- Rex coder: `templates/agents/rex/coder.md.hbs`\n- Blaze coder: `templates/agents/blaze/coder.md.hbs`\n\n**CLI Templates**\n\nEach CLI has an invoke script in `templates/clis/` (flat structure: `{cli}.sh.hbs`):\n\n- **Claude**: `templates/clis/claude.sh.hbs`\n- **Code (Every Code)**: `templates/clis/code.sh.hbs`\n- **Codex**: `templates/clis/codex.sh.hbs`\n- **Cursor**: `templates/clis/cursor.sh.hbs`\n- **Dexter**: `templates/clis/dexter.sh.hbs`\n- **Factory**: `templates/clis/factory.sh.hbs`\n- **Gemini**: `templates/clis/gemini.sh.hbs`\n- **OpenCode**: `templates/clis/opencode.sh.hbs`\n\n**Shared Templates**\n\nShared partials and utilities in `templates/_shared/`:\n- Container base: `templates/_shared/container.sh.hbs`\n- Partials: `templates/_shared/partials/` (git-setup, tools-config, etc.)\n\n**Play Workflow Orchestration**\n\n- **Workflow Template**: `play-workflow-template.yaml` defines the multi-phase workflow\n- **Phase Coordination**: Each phase triggers the next phase automatically\n- **Agent Handoffs**: Seamless transitions between implementation → QA → security → testing → integration → deployment\n\n### How to Customize\n\n#### 1. Changing Agent Settings\n\nEdit the settings template files for your chosen CLI:\n\n```bash\n# For Morgan intake agent (flat structure: {job}.md.hbs)\nvim templates/agents/morgan/intake.md.hbs\n\n# For Rex coder agent\nvim templates/agents/rex/coder.md.hbs\n\n# For Blaze coder agent\nvim templates/agents/blaze/coder.md.hbs\n\n# For CLI invoke scripts (flat structure: {cli}.sh.hbs)\nvim templates/clis/claude.sh.hbs\nvim templates/clis/factory.sh.hbs\n```\n\nSettings control:\n- Model selection (CLI-specific model identifiers)\n- Tool permissions and access\n- MCP tool configuration\n- CLI-specific settings (permissions, hooks, etc.)\n\nRefer to your CLI's documentation for complete configuration options:\n- [Claude Code](https://docs.anthropic.com/en/docs/claude-code/settings)\n- [Cursor](https://docs.cursor.com)\n- [Codex (OpenAI)](https://platform.openai.com/docs/guides/code)\n- [Factory](https://docs.factory.ai)\n- [Gemini CLI](https://ai.google.dev/gemini-api/docs)\n- [OpenCode](https://github.com/opencode-ai/opencode)\n\n#### 2. Updating Prompts\n\n**For intake templates** (affects project onboarding — `intake()` handles all documentation):\n\n```bash\n# Edit the intake system prompt template (flat structure: {job}.md.hbs)\nvim templates/agents/morgan/intake.md.hbs\n\n# Edit shared partials used across templates\nvim templates/_shared/partials/git-setup.sh.hbs\nvim templates/_shared/partials/tools-config.sh.hbs\n```\n\n**For play templates** (affects task implementation via `play()`):\n\n```bash\n# Edit task-specific files in your docs repository\nvim {docs_project_directory}/tasks/task-{id}/prompt.md\nvim {docs_project_directory}/tasks/task-{id}/task.md\nvim {docs_project_directory}/tasks/task-{id}/acceptance-criteria.md\n```\n\n#### 3. Customizing Play Workflows\n\n**For play workflow orchestration** (affects multi-agent coordination):\n\n```bash\n# Edit the play workflow template\nvim infra/charts/cto/templates/controller/workflow-rbac.yaml\n```\n\nThe play workflow template controls:\n- Phase sequencing and dependencies\n- Agent assignments for each phase\n- Event triggers between phases\n- Parameter passing between phases\n\n#### 4. Deploying Template Changes\n\nAfter editing any template files, redeploy the cto:\n\n```bash\n# Deploy template changes\nhelm upgrade cto infra/charts/cto -n cto\n\n# Verify ConfigMap was updated\nkubectl get configmap cto-controller-agent-templates -n cto -o yaml\n```\n\n**Important**: Template changes only affect new agent jobs. Running jobs continue with their original templates.\n\n### Template Variables\n\nCommon variables available in templates:\n- `{{task_id}}` - Task ID for code tasks\n- `{{service_name}}` - Target service name\n- `{{github_user}}` - GitHub username\n- `{{repository_url}}` - Target repository URL\n- `{{working_directory}}` - Working directory path\n- `{{model}}` - Model name\n- `{{docs_repository_url}}` - Documentation repository URL\n\n---\n\n## **💡 Best Practices**\n\n1. **Configure your MCP config first** to set up your agents, models, tool profiles, and repository defaults\n2. **Use `intake()` for new projects** to parse PRD, generate tasks, and create documentation in one operation\n3. **Choose the right tool for the job**:\n   - Use `intake()` for new project setup from PRDs (handles docs automatically)\n   - Use `play()` for full-cycle development (implementation → QA → testing)\n   - Use `jobs()` / `stop_job()` for workflow management\n4. **Mix and match CLIs** - assign the best CLI to each agent based on task requirements\n5. **Customize tool access** - use the `tools` configuration to control agent capabilities\n6. **Use minimal MCP calls** - let configuration defaults handle most parameters\n7. **Review GitHub PRs promptly** - agents provide detailed logs and explanations\n8. **Update config file** when adding new agents, tools, or changing project structure\n\n---\n\n## **🛠️ Building from Source (Development)**\n\n```bash\n# Build from source\ngit clone https://github.com/5dlabs/cto.git\ncd cto/controller\n\n# Build MCP server\ncargo build --release --bin cto-mcp\n\n# Verify the build\n./target/release/cto-mcp --help   # MCP server\n\n# Install to your system (optional)\ncp target/release/cto-mcp /usr/local/bin/\n```\n\n---\n\n## **🆘 Support**\n\n- Check GitHub PRs for detailed agent logs and explanations\n- Verify MCP configuration and GitHub Apps authentication setup\n- Ensure Argo Workflows are properly deployed and accessible\n\n---\n\n## **📄 License**\n\nThis project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0). This means:\n\n- You can use, modify, and distribute this software freely\n- You can use it for commercial purposes\n- ⚠️ If you deploy a modified version on a network server, you must provide source code access to users\n- ⚠️ Any derivative works must also be licensed under AGPL-3.0\n\nThe AGPL license is specifically designed for server-side software to ensure that improvements to the codebase remain open source, even when deployed as a service. This protects the open source nature of the project while allowing commercial use.\n\n**Source Code Access**: Since this platform operates as a network service, users interacting with it have the right to access the source code under AGPL-3.0. The complete source code is available at this repository, ensuring full compliance with AGPL-3.0's network clause.\n\nFor more details, see the [LICENSE](LICENSE) file.\n\n---\n\n## **🛠️ Tech Stack**\n\n| Category | Technologies |\n|----------|-------------|\n| **Platform** | Kubernetes, Helm, ArgoCD, Argo Workflows |\n| **Language** | Rust (Tokio, Axum, Serde) |\n| **AI/ML** | Claude, GPT, Gemini, Ollama, vLLM |\n| **MCP Servers** | OpenMemory, Context7, GitHub, Kubernetes, Terraform, Playwright, Firecrawl, Grafana, Loki, Prometheus, Cloudflare, PostgreSQL AI Guide, Solana, shadcn/ui, AI Elements |\n| **Frontend** | React, Next.js, shadcn/ui, Tailwind CSS, Expo, Electron |\n| **Backend** | Rust, Go, Node.js, TypeScript |\n| **Databases** | PostgreSQL (CloudNative-PG), Redis, ClickHouse, QuestDB, OpenSearch |\n| **Messaging** | Kafka (Strimzi) |\n| **Storage** | SeaweedFS (S3-compatible, Apache 2.0) |\n| **Secrets** | OpenBao (Vault fork) |\n| **Networking** | Cloudflare Tunnels, Kilo VPN (WireGuard) |\n| **CI/CD** | GitHub Actions, ArgoCD Image Updater, Self-hosted Arc Runners (Rust-optimized) |\n| **Observability** | Prometheus, Grafana, Loki |\n| **Security** | Trivy, Kube-bench, Gitleaks, Falco |\n| **Bare-Metal** | Talos Linux, Latitude, Hetzner, OVH, Vultr, Scaleway, Cherry, DigitalOcean |\n| **Cloud** | AWS, Azure, GCP |\n| **Agent Runtime** | Custom container image with multi-CLI support, Git, and development tooling |\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n### **🌟 Join the AI Development Revolution**\n\n| | | | |\n|:---:|:---:|:---:|:---:|\n| [**⭐ Star**](https://github.com/5dlabs/cto)\u003cbr/\u003eSupport project | [**🍴 Fork**](https://github.com/5dlabs/cto/fork)\u003cbr/\u003eBuild with us | [**💬 Discord**](https://discord.gg/A6yydvjZKY)\u003cbr/\u003eJoin community | [**🐦 X**](https://x.com/5dlabs)\u003cbr/\u003eGet updates |\n| [**📺 YouTube**](https://www.youtube.com/@5DLabs)\u003cbr/\u003eWatch tutorials | [**📖 Docs**](https://docs.5dlabs.com)\u003cbr/\u003eLearn more | [**🐛 Issues**](https://github.com/5dlabs/cto/issues)\u003cbr/\u003eReport bugs | [**💡 Discuss**](https://github.com/orgs/5dlabs/discussions)\u003cbr/\u003eShare ideas |\n\n**Built with ❤️ and 🤖 by the 5D Labs Team**\n\n---\n\n*The platform runs on Kubernetes and automatically manages multi-CLI agent deployments, workspace isolation, and GitHub integration. All you need to do is call the MCP tools and review the resulting PRs.*\n\n\u003c/div\u003e\n\n","funding_links":["https://github.com/sponsors/5dlabs","https://opencollective.com/5dlabs","https://5dlabs.com/sponsor"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F5dlabs%2Fcto","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F5dlabs%2Fcto","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F5dlabs%2Fcto/lists"}