Skip to main content

Overview

Droid (Factory CLI) is a Bun-based coding agent with interactive TUI, headless exec mode, and risk-tiered autonomy levels.
Binary path: ~/.local/bin/droid
Config: ~/.factory/
License: Proprietary (Factory AI)

Sandbox Profile

(allow file-read* file-write*
    (home-prefix "/.local/bin/droid")
    (home-subpath "/.factory")
)

Running in Safehouse

# Interactive mode
safehouse --enable=network --add-dirs="$PWD" -- droid

# Headless exec mode
safehouse --enable=network --add-dirs="$PWD" -- droid exec "query"

Autonomy Levels

LevelCapabilities
DefaultRead-only: file reads, git diffs, ls, git status
Auto Low+ File edits, formatters, read-only commands
Auto Medium+ Package installs, builds, local git commits
Auto High+ Git push, deploys, docker, migrations
--skip-permissions-unsafeALL operations (no guardrails)

Droid Shield (Secret Scanning)

Standard:
  • Pattern-based API key/token detection
  • Scans git commit/git push diffs
  • Blocks if secrets detected
Shield Plus (Enterprise):
  • Palo Alto Prisma AIRS AI scanning
  • Prompt injection detection
  • PII/financial data scanning
  • Toxic content detection

Hook System

EventWhenCan Block?
PreToolUseBefore tool executionYes
PostToolUseAfter completionFeedback only
UserPromptSubmitBefore prompt processingYes
StopDroid finishesYes (force continue)
SessionStartSession start/resumeContext injection

Plugin Architecture

  • Skills~/.factory/skills/, .factory/skills/
  • Custom droids~/.factory/droids/, .factory/droids/
  • Commands~/.factory/commands/ (legacy)
  • MCP serversmcp.json config

Enterprise Features

  • SOC 2 Type II certified
  • SAML 2.0 / OIDC SSO
  • RBAC (Owner, Admin, User)
  • Zero data retention mode
  • Customer-managed encryption (BYOK)

Build docs developers (and LLMs) love

Get started for freeTalk to us