The connective layer that snaps SpecLine, ForgeLine, HSF and Prestige together into one spec-to-artifact assembly line. Each module stays independent; factoryline lines them up.
Project description
code-factory
Most CI proves that code passes. Code Factory first proves that its gates reject deliberately sabotaged builds.
60-second first run
Use Code Factory to create an app-shaped starting state, then immediately see which requirements it refuses to certify without real tests:
pip install factoryline-code-factory==0.12.0
factory app from-prompt "Build a simple approval tracker with an audit log" --out approval-tracker --purpose saas
factory coverage --root approval-tracker --json
The last command intentionally exits nonzero on a fresh starter. It reports
"dominant_failure_class": "hollow_coverage" for every product requirement
that lacks a non-hollow test. The scaffold is useful starting state, not
software the factory pretends is ready to ship.
For an existing repository, start with forge adopt <feature> --root .; see
First Use On An Existing Repository.
VS Code integration
The new local VS Code adapter runs an explicit FactoryLine assembly or receipt verification command in the open trusted workspace, then renders local JSON receipts beside the editor. It does not upload code or claim IntelliJ support. See FactoryLine for VS Code for the commands, VSIX install, and scope boundary.
Proof-first architecture
Run factory with no arguments for a compact live view of installed bricks,
local proof counts, and the next valid commands. This agent-first home view
avoids a separate help/discovery turn while keeping --help available everywhere.
flowchart LR
A["Intent / PRD"] --> B["Real build + gates"]
A --> C["Proof-by-sabotage challenges"]
C --> S["Spec mutations"]
C --> F["Empty stubs"]
C --> H["Decision-rule mutations"]
C --> D["Hidden or broken UI"]
C --> I["Trace tampering"]
B --> P["Factory Passport"]
S --> P
F --> P
H --> P
D --> P
I --> P
P --> G["GitHub summary + badge + Mermaid + attestations"]
New: PRD-to-app building. Factoryline can now turn a PRD or prompt into a full-stack starter repo, then hand it to the same gated, receipted factory flow that powers proof-carrying PRs.
A code factory built like Lego. Five small, independent, open-source pieces that snap together into one assembly line: describe a feature in plain language, and the line checks it for ambiguity, builds it, runs a gauntlet of gates, actually runs the finished code to watch it behave, compiles any decision logic into permanent zero-cost code, and ships it — with a receipt at every step.
Each piece is a separate repo you can install and use on its own. This repo is the
baseplate (factory) that lines them up. It depends on none of them.
Five-brick workflow
flowchart LR
A["Plain-language intent"] --> B["1 SpecLine: clarify and lock the spec"]
B --> C["2 ForgeLine: build through gated phases"]
C --> D{"What changed?"}
D -->|"Business decision logic"| E["3 HSF: compile deterministic artifact"]
D -->|"User-facing UI"| F["4 Prestige: design-quality gate"]
E --> G["Receipts and signed artifacts"]
F --> G
C --> G
G --> H["Ship with evidence"]
Use the numbered repos like Lego bricks: start with the baseplate, add the spec brick when intent is fuzzy, add the forge brick when you want a state machine, add the compile brick when decisions must be deterministic, and add the design brick when the shipped thing has a user interface.
intent -> [1-spec] -> spec + strict contract -> handoff
|
[2-forge] <---- tasks / plan <----------+
| architect -> build -> gates -> smoke -> ship
|-> if UI -> [4-design] design-quality gate
+-> if decision table -> [3-compile] -> deterministic artifact
The five pieces
| Repo | pip install | CLI | What it does |
|---|---|---|---|
| code-factory (this) | factoryline-code-factory |
factory |
the baseplate — snaps the bricks together, meters cost |
| code-factory-1-spec | code-factory-1-spec |
specline |
kills ambiguity before the AI writes code (anti-drift input contract) |
| code-factory-2-forge | code-factory-2-forge |
forge |
the assembly line: architect -> build -> gates -> runtime smoke -> ship |
| code-factory-3-compile | code-factory-3-compile |
hsf |
compiles a decision once into boring code that runs forever at zero AI cost |
| code-factory-4-design | code-factory-4-design |
prestige |
design-quality gate, for when what you ship has a face |
Numbered so the assembly order reads at a glance. Install one, some, or all.
The baseplate's PyPI distribution is named factoryline-code-factory because
PyPI reserves the more generic code-factory name. The repository and the
factory command deliberately keep the simpler Code Factory identity.
Enterprise knowledge activation
Code Factory treats agent instructions as Atomic Knowledge Units (AKUs): small, high-density, validated units of institutional knowledge. The goal is to move from "retrieve a long doc and hope the agent interprets it" to "activate the right procedure, tools, governance, and validators at the exact step of work."
See AKU_STANDARD.md for the enterprise schema and how each brick maps to codification, compression, injection, and validation.
Install all five bricks
pip install factoryline-code-factory==0.12.0 code-factory-1-spec==0.5.3 code-factory-2-forge==0.10.4 code-factory-3-compile==0.5.4 code-factory-4-design==0.7.3
factory doctor --strict --json
factory doctor reports two separate facts: installation_ok verifies the
CLIs, versions, and required commands; workflow_ok runs bounded,
non-mutating canaries. The ForgeLine canary exercises an ESM .mjs feature and
requires measured symbols, so an installed but Python-centric QA path cannot
appear healthy. Use factory --version --json (or each brick's equivalent) to
record the package version, source identity when available, build hash, install
origin, runtime, and receipt schema. identity_complete: false is an explicit
provenance limitation; it must not be presented as signer-identity proof.
Identity-signed receipts
Authenticate any existing factory receipt with Sigstore's keyless OIDC flow:
pip install "factoryline-code-factory[sigstore]"
factory receipt sign .factory/receipts/<receipt>.json
factory receipt verify .factory/receipts/<receipt>.json \
--cert-identity "https://github.com/OWNER/REPO/.github/workflows/WORKFLOW.yml@refs/heads/main" \
--cert-oidc-issuer "https://token.actions.githubusercontent.com"
Verification binds the exact receipt bytes to the expected signer identity and
issuer. Unsigned receipts remain readable but report UNSIGNED, never
VERIFIED. See Signed Factory Receipts for the CI
workflow, expected JSON, failure behavior, and honest scope boundary.
Local control-plane foundation
The control-plane surface adds tenant-scoped evidence, explicit role authorization, independent human approvals, and a hash-linked audit stream:
factory control init --db .factory/control.sqlite3
factory control evidence-put receipts/build.json --db .factory/control.sqlite3 `
--tenant acme --subject ci-runner --roles operator
factory control audit-verify --db .factory/control.sqlite3 `
--tenant acme --subject auditor --roles viewer
See docs/CONTROL_PLANE.md for the approval workflow and exact boundary. This is a deterministic local foundation for future hosted SCM, SSO/SCIM, and evidence-store adapters; it does not claim to be a hosted multi-tenant service.
Enterprise Receipt v2 Foundation
The optional enterprise extra adds an offline-verifiable DSSE envelope with an Ed25519 signer identity, signed policy bundles, and signed revocation lists:
pip install "factoryline-code-factory[enterprise]"
factory enterprise keygen --out-dir .factory/keys --keyid ci-main \
--identity "https://github.com/OWNER/REPO/.github/workflows/proof.yml@refs/heads/main" \
--issuer "https://token.actions.githubusercontent.com"
factory enterprise receipt-seal receipt-v2.json \
--private-key .factory/keys/ci-main.private.pem --keyid ci-main \
--identity "https://github.com/OWNER/REPO/.github/workflows/proof.yml@refs/heads/main" \
--issuer "https://token.actions.githubusercontent.com" --out receipt.dsse.json
factory enterprise verify receipt.dsse.json --trust-root .factory/keys/trust-root.json
Verification is local and fail-closed. It checks the DSSE signature, exact
payload digest, trusted key id, identity, issuer, policy digest, and supplied
revocation list without contacting a service. v1 receipts remain readable but
return LEGACY_UNVERIFIED in the enterprise verifier. The local control-plane
foundation is documented above; hosted SCM/SSO adapters, OSCAL packs, BBS
credentials, and zkVM proofs remain future roadmap work; see Enterprise
Receipt v2.
Loop Passport
factory loop makes an autonomous-loop contract reviewable before it runs. The
manifest declares its trigger, workspace scope, named skills/connectors,
allowed actions, hard token/cost/time/iteration limits, required approvals,
validators, and state machine. The generated Passport hash-binds that contract
and includes a first-class Mermaid graph.
factory loop init dependency-audit --owner platform-team --root .
factory loop validate .factory/loops/dependency-audit.loop.json --json
factory loop passport .factory/loops/dependency-audit.loop.json --root . --json
factory loop budget .factory/loops/dependency-audit.loop.json usage.json --root . --json
factory loop verify .factory/loop-passports/dependency-audit.loop-passport.json --json
The budget command writes WITHIN_BUDGET, BUDGET_EXCEEDED, or
MANIFEST_INVALID receipts. It enforces declared ceilings over usage supplied
by a runtime adapter; it does not claim to independently enforce provider
billing, credential injection, host sandboxing, or network egress. Those are
runtime responsibilities that the Passport makes explicit for review.
Existing Repositories And PRs
Start from inherited code with forge adopt <feature> --root .. It writes a
reviewable architecture baseline and, for TypeScript, an explicit mutant
manifest for forge verify-tests-ts. FactoryLine exposes the operational
controls professionals need: factory overhead reports measured per-gate wall
time, factory override writes an owned exception receipt, and factory ci init --feature <feature> writes an opt-in GitHub PR-comment workflow.
factory doctor --strict # versions + required command compatibility
factory plan # print the assembly pipeline
factory init . # lay down the shared workspace
factory assemble my_feature # run the line (skips any missing brick)
factory meter # receipted cost + savings, computed on YOUR runs
factory rollup my_feature # aggregate receipt attribution for debugging
factory trace my_feature # hash-link receipts into a proof bundle
factory verify-trace .factory/traces/my_feature.trace.json
factory replay .factory/traces/my_feature.trace.json --changed smoke/my_feature.json
factory evidence my_feature # public-safe proof for a PR or release note
factory policy # write default policy-as-code thresholds
factory verify-policy --challenge policy.challenge.json # prove every policy rule is enforced
factory optimize-pr --changed specs/my_feature.md --feature my_feature
factory pr-pack my_feature # reviewer-ready PR_EVIDENCE.md
factory app from-prd PRD.md --out my-app --purpose saas
factory challenge my_feature --trace .factory/traces/my_feature.trace.json
factory passport my_feature --trace .factory/traces/my_feature.trace.json --challenge .factory/challenges/factoryline.json
factory assemble is resumable and stops at human-owned authoring and approval
boundaries. Its JSON output names paused_at and the exact next_command; it
does not silently approve architecture or claim unfinished scaffolds are built.
For a concise existing-repository path and a first-run feedback route, see First Use On An Existing Repository. The best contribution right now is a real repo run, including where the workflow helped or failed.
See ProofLab and the Factory Passport for all five challenge commands and the generated Mermaid artifact.
For publication order, GitHub release steps, Claude Code/Codex setup, and launch links, see PUBLICATION_GUIDE.md.
Instant PRD-to-App Builder
factory app is the one-shot app-builder workflow: PRD or prompt in,
full-stack starter out, with gates and evidence hooks already attached.
Treat the output as app-shaped starting state that must still move through
SpecLine, ForgeLine, HSF, Prestige, and Factoryline proof before release.
factory app from-prompt "Build an expense approval app with manager review, audit logs, and policy-based approvals" --out expense-approval
factory app from-prd PRD.md --stack nextjs-fastapi-postgres --purpose healthcare --out prior-auth-portal
It generates app_blueprint.json, PRD.md, frontend/backend/db starter files,
smoke tests, and a workflow guide. The point is not to bypass engineering
judgment; the point is to make the first app-shaped repo appear instantly while
preserving the factory contract.
See docs/APP_BUILDER.md for the visual workflow, illustrative readiness model, generated file tree, and follow-up commands.
PR optimization control plane
Senior review is now a factory surface. factory optimize-pr turns a diff into
a bounded hardening plan: changed paths, invalidated gates, design/release
checks, terminal states, and the no-auto-merge authority boundary. It is
deterministic and safe to run before opening or updating a PR.
factory pr-pack <feature> writes a public-safe reviewer packet from the
hash-linked trace: what changed, which receipts proved it, what the meter can
honestly measure, and which claims remain scoped. factory policy keeps the
team rules visible: hollow-test proof, hollow-validator proof, release
readiness, design purpose, and approval boundaries.
factory verify-policy --challenge policy.challenge.json completes the same
mutation doctrine for policy rules: it deletes or inverts every rule and requires
your evaluator to reject the changed policy. A rule that survives is reported as
HOLLOW_POLICY; see Verify Policy.
Why Lego, not a monolith
- Each brick stands alone. Install only what you need; a missing brick is skipped, not fatal.
- Filesystem interop = maximum portability. Bricks pass work on disk under a shared layout. Any IDE, agent (Codex / Claude Code / Cursor), CI runner, or OS that can run a subprocess drives the factory. No daemon, no network, no lock-in.
- No hidden coupling. The baseplate depends on none of the bricks — it shells out to their CLIs. Upgrade or swap a brick independently.
Honest metering
factory meter makes the "saves time and money" claim yours, computed from your runs:
- With no measured runs, it refuses to print a savings percentage — no number against zero data.
- When modules don't report token usage, it labels the figure a model, not a measurement, and says so.
- It prints the baseline assumption inline, so no number hides what it's compared against.
Wall-clock time is always measured. Projections are always labeled. Nothing is fabricated.
Launch Measurement
Use scripts/capture_launch_metrics.ps1
to save raw PyPI and GitHub traffic observations as JSON receipts. It records
downloads, views, and clones without calling any of them unique users or
attributed conversions; see Launch Measurement.
Proof-carrying PRs
factory trace <feature> writes .factory/traces/<feature>.trace.json: a
deterministic proof bundle over the latest compatible receipts for that feature.
Each trace node records the stage, command, receipt hash, declared artifact
hashes, previous node hash, and attribution summary. The chain head makes receipt
or artifact tampering visible.
factory rollup <feature> is the lower-level receipt attribution view for
debugging failed stages; factory evidence <feature> is the public-safe view for
PRs, release notes, and README claims.
factory trace checkout_flow
factory verify-trace .factory/traces/checkout_flow.trace.json
factory rollup checkout_flow
factory risk-diff --changed smoke/checkout_flow.json
factory replay .factory/traces/checkout_flow.trace.json --changed smoke/checkout_flow.json
factory replay .factory/traces/checkout_flow.trace.json --changed smoke/checkout_flow.json --execute
factory attest .factory/traces/checkout_flow.trace.json
factory evidence checkout_flow
This is the enterprise Lego layer: the factory can say which guarantee a change
invalidates, which minimum stages must rerun, whether the trace still verifies,
and what public evidence can be shown without leaking raw logs. If a smoke check
is hollow, the public evidence can say hollow_test; if the trace was tampered
with, verify-trace fails before anyone trusts the PR. factory attest exports
unsigned in-toto/SLSA-shaped JSON statements for teams that want supply-chain
evidence attached beside a PR, release, or wheel.
Spec validator mutation
The assembly line now validates the spec instrument itself:
specline strict checkout_flow --json
specline verify-validators checkout_flow --json
verify-validators deletes or inverts one requirement at a time and requires
strict lint to kill the mutant. A requirement whose mutant still passes reports
hollow_validator: the spec looked valid, but no validator proved that
requirement mattered. In the default factory chain, this runs after
specline:strict and before spec gate signoff or downstream build stages.
Cross-platform
The baseplate runs on Python 3.10-3.12. The four numbered bricks run on Python 3.11-3.12. Their CI matrices cover Ubuntu, Windows, and macOS.
License
MIT OR Apache-2.0. Free and open source. Each brick carries both license texts. Commercial support and integration services available — see SUPPORT.md.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file factoryline_code_factory-0.12.0.tar.gz.
File metadata
- Download URL: factoryline_code_factory-0.12.0.tar.gz
- Upload date:
- Size: 99.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c652d157f7e62e3d160601a4121027461391767274fc46a7566192a3d232ad2e
|
|
| MD5 |
db6bf7ce7b6bda7608af0b8f4fe2f2c3
|
|
| BLAKE2b-256 |
515cfe23c2ae18d570a23b007f2114f14b90012bc63dd29a96abdebf0209cc86
|
File details
Details for the file factoryline_code_factory-0.12.0-py3-none-any.whl.
File metadata
- Download URL: factoryline_code_factory-0.12.0-py3-none-any.whl
- Upload date:
- Size: 89.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ba05d5dc57e19bff7ca5eeec922cfff9a861f86ecc12ee9e375949e896cf99f4
|
|
| MD5 |
24e69ff43f89dcdb13dafad5c29c6100
|
|
| BLAKE2b-256 |
393542253e7836cd3367a0462ab320141bed6938bb4160deaaeb66e1385ee28b
|