registry  /  factory-ai  /  1.6.0

factory-ai@1.6.0

Deploy a private autonomous coding-agent factory on Azure: isolated builders, testers, security reviewers, durable orchestration, multi-model routing, memory, cost controls, and gated GitHub pull requests.

AI Security Review

scanned 47m ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
Explicit `factory` deployment/workspace commands or installed package-owned systemd services
Impact
A trusted operator can authorize autonomous coding-agent actions and runtime persistence on the deployment VM; this is a meaningful dual-use capability, not a confirmed malicious chain.
Mechanism
Operator-controlled Azure deployment, workspace templating, and credentialed agent-container execution
Rationale
Source inspection finds no concrete malicious behavior, but the package deliberately provides high-impact autonomous-agent deployment and execution capabilities. Flag as a warning for dangerous dual-use operation rather than block as malware.
Evidence
package.jsonbin/factorysrc/container-runner.jssrc/project-init.jssrc/workspace-catalog.jssrc/extension-manifest.jssrc/updater.jsbootstrap/setup.shbootstrap/auto-update.sh
Network endpoints4
registry.npmjs.org/factory-ai/latestapi.telegram.org/bot${token}/${method}management.azure.com${scope}/providers/Microsoft.CostManagement/query?api-version=2025-03-01api.ipify.org

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/factory` explicitly invokes remote Azure VM commands and deployment actions.
  • `src/container-runner.js` starts task containers and passes configured cloud-model credentials via stdin.
  • `src/project-init.js` writes `AGENTS.md` and `.agent-factory/` only during explicit workspace import/init.
  • `bootstrap/setup.sh` installs package-owned systemd services when explicitly run as deployment bootstrap.
Evidence against
  • `package.json` has no preinstall, install, postinstall, prepare, or uninstall lifecycle hook.
  • No import-time entrypoint performs installation, persistence, or network activity without a CLI/service trigger.
  • `src/project-init.js` restricts template writes to the chosen project and rejects symlink traversal.
  • `src/extension-manifest.js` requires signed artifacts and explicit HTTPS destinations.
  • `bootstrap/auto-update.sh` checks matching git commit, release state, CI, provenance, tests, audit, Bicep, shell syntax, and secret scanning before deployment.
  • No source evidence of credential harvesting or exfiltration to an attacker-controlled endpoint.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 59 file(s), 198 KB of source, external domains: 127.0.0.1, api.ipify.org, api.telegram.org, github.com, management.azure.com, registry.npmjs.org

Source & flagged code

2 flagged · loading source
src/workspace-catalog.jsView file
65L66: async import(source, options = {}) { return this.withLock(() => this.importUnlocked(source, options)); } L67:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

src/workspace-catalog.jsView on unpkg · L65
bootstrap/setup.shView file
path = bootstrap/setup.sh kind = build_helper sizeBytes = 11100 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bootstrap/setup.shView on unpkg

Findings

5 Medium4 Low
MediumDynamic Requiresrc/workspace-catalog.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbootstrap/setup.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings