great_cto

v2.32.0 Breaking

This release includes 5 breaking changes for platform teams planning a safe upgrade.

Published 5d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

agentic-coding claude-code-plugin claude-code-skills claude-code-subagents code-review cto

+2 more

multi-agent sdlc

ReleasePort's take

Moderate signal

editorial:auto 5d

AgentShield scanner and its CLI commands have been removed in v2.32.0.

Why it matters: If your workflows rely on great‑cto scan, list‑rules, MCP tools scan/list_rules, or guardrails.yml files, they will break; migrate to alternative tooling immediately.

Summary

AI summary

Removed AgentShield scanner, eliminating its CLI commands, MCP tools, rule files, and config file.

Changes in this release

Type	Severity	Summary	CVE
Breaking	High	Removed AgentShield scanner and its CLI commands. Removed AgentShield scanner and its CLI commands. Source: llm_adapter@2026-05-29 Confidence: high	—
Refactor	Low	Transferred AI-security pattern scanning to ai-security-reviewer agent. Transferred AI-security pattern scanning to ai-security-reviewer agent. Source: granite4.1:30b@2026-05-29-audit Confidence: low	—

Full changelog

Removed: AgentShield scanner

The bundled AgentShield static scanner has been fully removed. It was an
AI-security pattern scanner (OWASP LLM Top 10) that shipped its own CLI
commands, MCP tools, rule files, and SARIF/JUnit output. Pre-implementation
threat modelling is now owned entirely by the ai-security-reviewer agent,
which is a better fit for the gated-pipeline model.

Breaking — removed CLI surface:

great-cto scan command (+ --severity / --scanner flags)
great-cto list-rules command
scan and list_rules MCP tools (MCP now exposes 7 tools:
detect_archetype, estimate_cost, query_decisions, project_status,
cost_summary, pipeline_stages, recent_verdicts)
The ~/.great_cto/guardrails.yml file is no longer created on bootstrap
agentshield-rules/ rule files dropped from the published npm package

great-cto ci survives — the command now runs archetype-drift and
budget checks only (--no-archetype / --no-budget to skip). Existing CI
pipelines keep working but no longer fail on security findings.

Unchanged: the secret-scan pre-commit hook is a separate subsystem and
is unaffected. Per-file opt-out remains // great_cto:allow-secrets; the
whole hook honours GREAT_CTO_DISABLE_SECRET_SCAN=1.

Breaking Changes

Removed `great-cto scan` CLI command and its `--severity` / `--scanner` flags
Removed `great-cto list-rules` CLI command
Removed `scan` and `list_rules` MCP tools (now only 7 tools remain)
No longer creates the `~/.great_cto/guardrails.yml` config file on bootstrap
Dropped `agentshield-rules/` rule files from the npm package

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track great_cto

Get notified when new releases ship.

About great_cto

Engineering-management layer of 34 specialist AI agents covering the full SDLC (architect, PM, senior-dev, reviewer, QA, security, devops, L3-support + 18 archetype-specific reviewers) with auto-detected archetypes and compliance gates (PCI-DSS, HIPAA, FedRAMP, GDPR, EU AI Act). Runs in Claude Code, Cursor, Codex CLI, Aider, and Continue via AGENTS.md + MCP. MIT.

All releases →