セキュリティファーストデザイン
Factory CLI (Droid) はセキュリティを中核に据えて構築されています。暗号化された認証、厳格な権限管理、エンタープライズグレードの保護により、あなたのコードは安全に保たれます。主要なセキュリティ機能
Secure Authentication
OAuth login with encrypted token storage. Tokens auto-rotate every 30 days and are stored with OS-level file permissions.
Permission Controls
All risky operations require explicit approval. Configure tool permissions from allow/ask/reject per your security needs.
Data Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256 with AWS KMS). Factory never trains on your code.
Local Execution
Shell commands and file edits run locally. Only necessary context and diffs are sent to Factory’s secure cloud.
セキュリティベストプラクティス
基本的なセキュリティガイドライン
Review before approving
Review before approving
Always verify proposed commands and file changes, especially:
- Commands that install packages or modify system files
- Operations involving sensitive data or credentials
- Network requests to external services
- File operations outside your project directory
Use isolated environments
Use isolated environments
Run Droid in containers or VMs when working with:
- Untrusted code repositories
- External APIs or web services
- Experimental or potentially risky operations
- Shared development environments
Manage permissions carefully
Manage permissions carefully
Configure tool permissions to match your security requirements:
- Set high-risk commands to “reject” by default
- Use “ask” for medium-risk operations requiring oversight
- Only “allow” low-risk commands you trust completely
- Review permissions regularly with the Settings menu
Protect sensitive data
Protect sensitive data
Never include secrets in prompts:
- Use environment variables for API keys and tokens
- Store credentials in secure credential managers
- Exclude sensitive files from Droid’s working directory
- Use the FACTORY_TOKEN environment variable for CI/CD
組み込み保護機能
Factory CLI には複数のセキュリティレイヤーが含まれています:- 書き込みアクセス制限: プロジェクトディレクトリとそのサブディレクトリ内のファイルのみ変更可能
- コマンド承認: リスクの高い操作には明示的なユーザー確認が必要
- プロンプトインジェクション検出: 潜在的に有害な指示がないかリクエストを分析
- ネットワークリクエスト制御: Web取得ツールはデフォルトで承認が必要
- 入力サニタイゼーション: コマンドインジェクション攻撃を防止
- セッション分離: 各会話は個別の安全なコンテキストを維持
エンタープライズセキュリティ
SSO & Identity
SAML 2.0 / OIDC single sign-on with SCIM provisioning and role-based access controls.
Data Governance
Zero data retention mode, customer-managed encryption keys (BYOK), and private cloud deployments.
Compliance
SOC 2 Type II certified, GDPR compliant, with regular penetration testing and supply chain security.
Audit & Monitoring
Complete session logging, OpenTelemetry metrics, and enterprise-managed security policies.
サポートが必要ですか?
Security Questions
Email our security team: security@factory.ai
Trust Center
Visit trust.factory.ai for compliance documents, certifications, and security resources.
Report security vulnerabilities through our responsible disclosure program. Contact security@factory.ai for details.