メインコンテンツへスキップ
Factory’s enterprise story is built on a single, predictable settings hierarchy. Instead of ad‑hoc per‑machine configuration, orgs express policy once and have it apply consistently across laptops, CI, VMs, and airgapped environments. This page explains how the hierarchy works and how to use it to govern models, tools, safety policies, and telemetry.

The four levels

Settings are defined in .factory/ folders with a consistent structure at four levels: 
Org         → Central `.factory/` bundle (or config endpoint)
Folder      → <git-root>/.../subfolder/.factory/
Project     → <git-root>/.factory/
User        → ~/.factory/
Each .factory/ folder can contain:
  • settings.json – general settings (models, safety, preferences, telemetry).
  • mcp.json – MCP server configurations.
  • droids/ – droid definitions.
  • commands/ – custom commands.
  • hooks/ – hook definitions.
  • skills/ – skill definitions.
The same schema applies at every level. What changes is precedence.

Settings JSON schema

Below is the full schema for org-managed settings. These are configured by org admins through the Enterprise Controls page in the Factory app. Every property is optional — omit any field you do not need to set.
sessionDefaultSettings
object
Session default preferences.
maxAutonomyLevel
string
Maximum autonomy level any user or project can set. One of off, low, medium, high.
cloudSessionSync
boolean
Whether sessions are synced to the cloud.
includeCoAuthoredByDroid
boolean
Include a Co-authored-by: Droid trailer in git commits.
enableDroidShield
boolean
Enable Droid Shield safety checks.
ideAutoConnect
boolean
Automatically connect to the IDE on session start.
commandAllowlist
string[]
Shell command patterns that are always allowed (accumulated across levels).
commandDenylist
string[]
Shell command patterns that are always denied (accumulated across levels).
customModels
object[]
Org-provisioned custom model definitions.
modelPolicy
object
Org-level model access control.
userModelPolicies
object
Per-user model overrides. Map of user ID to policy object.
enabledPlugins
object
Map of plugin name in plugin@marketplace format to true (enabled) or false (disabled). Plugins set to true are automatically installed on CLI startup once their marketplace is available.
extraKnownMarketplaces
object
Additional plugin marketplaces. Map of marketplace name to a source object. Marketplaces listed here are automatically cloned and registered on CLI startup.
strictKnownMarketplaces
object[]
Marketplace sources that are strictly enforced. Each entry is a source object directly (e.g. { "source": "github", "repo": "owner/repo" }), not wrapped in a source key like extraKnownMarketplaces values.

Supported model IDs

The following model identifiers can be used in allowedModelIds and blockedModelIds:
ProviderModel IDs
Anthropicclaude-sonnet-4-5-20250929, claude-sonnet-4-6, claude-opus-4-5-20251101, claude-opus-4-6, claude-opus-4-6-fast, claude-haiku-4-5-20251001
OpenAIgpt-5.1, gpt-5.1-codex, gpt-5.1-codex-max, gpt-5.2, gpt-5.2-codex, gpt-5.3-codex
Googlegemini-3-pro-preview, gemini-3-flash-preview, gemini-3.1-pro-preview
XAIgrok-code-fast-1
Open sourceglm-4.7, glm-5, kimi-k2.5, minimax-m2.5

Extension‑only semantics

Factory uses extension‑only semantics instead of traditional “override” behavior.
  • Higher levels (org, project) cannot be overridden by lower levels.
  • Lower levels (folder, user) can only add to what higher levels define when those fields are unset.
  • This ensures org policies remain intact even as projects and users customize their experience.
There are three merge modes depending on the data type.

1. Simple values – first wins

For simple scalar values (strings, numbers, booleans):
  • The first level that sets a value “wins.”
  • Lower levels cannot change or remove that value.
Examples:
  • sessionDefaultSettings.model
  • sessionDefaultSettings.autonomyMode
  • maxAutonomyLevel
This guarantees that org decisions (such as which models or autonomy levels are allowed) remain authoritative.

2. Arrays – union, cannot remove

Array fields accumulate across levels:
  • Org entries are always present and cannot be removed.
  • Project and folder levels can add more entries.
  • User level can add more entries but cannot remove or weaken higher‑level entries.
Examples:
  • Command allow lists and deny lists.
  • Lists of enabled hooks or features.
This pattern is ideal for policies like “these commands are always denied” or “these hooks are always enabled,” while still allowing teams to extend the list.

3. Objects – keys are locked per level

For object fields:
  • Keys defined at a higher level are locked; their contents cannot be changed by lower levels.
  • Lower levels can add new keys but not modify or delete existing ones.
Examples:
  • customModels – org defines claude-enterprise; projects can add payments-gpt, users can add personal-experimental, but none can change or remove claude-enterprise.
  • MCP server definitions – org defines which servers exist and how they connect; projects decide which to use.
This keeps critical configuration (like model endpoints and MCP servers) under centralized control.

Org configuration

Large organizations typically manage an org‑level .factory bundle or config endpoint that:
  • Specifies allowed models, gateways, and BYOK policies.
  • Defines global command allow/deny lists.
  • Sets defaults for autonomy, reasoning effort, and safety features like Droid Shield.
  • Configures OTEL defaults (endpoints, sampling, and attributes).
  • Publishes org‑standard droids, commands, and hooks.
This bundle is distributed to all environments where Droid runs—developer machines, CI, VMs, and airgapped clusters. Org policy is the foundation; projects and users build on top of it.

Project and folder configuration

Projects and folders use .factory/ directories checked into version control to specialize org policy for particular codebases and teams. Common responsibilities include:
  • Adding project‑specific models and gateways within the allowed set.
  • Defining project‑specific droids (for example, /migrate-service, /refactor-module).
  • Configuring hooks that know about the project’s tests, linters, and deployment processes.
  • Tightening safety controls for high‑risk repositories.
Folder‑level .factory/ directories are useful in monorepos where different subsystems have different policies.

User configuration

Developers can configure ~/.factory/ for personal preferences only where higher levels are silent. Examples:
  • Choosing a preferred model from the allowed set.
  • Setting default behavior for display options and minor UX preferences.
  • Enabling additional hooks or tools that do not conflict with org policy.
Because of extension‑only semantics, users cannot:
  • Re‑enable models or tools that org or project settings have disallowed.
  • Loosen command allow/deny lists.
  • Reduce autonomy or safety requirements set by org or project.

Example: enforcing a model policy

Suppose your org wants to:
  • Allow only approved enterprise models.
  • Disallow user‑supplied API keys.
  • Force all prompts through a particular LLM gateway.
You would:
  1. Define the allowed models and gateway endpoints in the org .factory/settings.json.
  2. Set a policy flag to disable user BYOK entirely.
  3. Configure hooks to verify that any model selection or endpoint use matches the org‑approved set.
Projects and users can still choose which of the approved models to use for different tasks, but cannot break these guarantees.

Example: environment‑specific autonomy

Consider an org that wants to:
  • Allow high autonomy in CI and sandboxed containers.
  • Limit autonomy on developer laptops.
You could:
  1. At org level, set maxAutonomyLevel to high.
  2. In project settings, define environment‑aware hooks that:
    • Inspect environment tags (for example, environment.type=local|ci|sandbox).
    • Downgrade or block autonomy levels above medium when running on laptops.
  3. Optionally, define stricter folder‑level policies for particularly sensitive repos.
Again, users cannot override these rules; they can only choose safer personal defaults within the allowed space.

Example: full org-managed settings

{
  "sessionDefaultSettings": {
    "model": "claude-opus-4-6",
    "reasoningEffort": "high",
    "interactionMode": "auto",
    "autonomyMode": "auto-medium",
    "specModeModel": "claude-sonnet-4-6",
    "specModeReasoningEffort": "medium"
  },
  "maxAutonomyLevel": "high",
  "cloudSessionSync": true,
  "includeCoAuthoredByDroid": true,
  "enableDroidShield": true,
  "ideAutoConnect": true,
  "commandAllowlist": ["npm *", "yarn *", "pnpm *", "make *"],
  "commandDenylist": ["rm -rf /", "sudo *"],
  "customModels": [
    {
      "model": "my-internal-model",
      "id": "custom:my-internal-model-v1",
      "index": 0,
      "baseUrl": "https://llm-gateway.internal.example.com/v1",
      "apiKey": "${INTERNAL_MODEL_API_KEY}",
      "provider": "generic-chat-completion-api",
      "displayName": "Internal Model v1",
      "maxContextLimit": 128000,
      "enableThinking": true,
      "thinkingMaxTokens": 8192,
      "maxOutputTokens": 16384,
      "extraHeaders": {
        "X-Team": "platform"
      },
      "extraArgs": {},
      "noImageSupport": false
    }
  ],
  "modelPolicy": {
    "allowedModelIds": ["claude-opus-4-6", "claude-sonnet-4-6", "gpt-5.3-codex"],
    "blockedModelIds": [],
    "allowCustomModels": true,
    "allowedBaseUrls": ["https://llm-gateway.internal.example.com/v1"],
    "allowAllFactoryModels": false
  },
  "userModelPolicies": {
    "user-abc-123": {
      "allowedModelIds": ["claude-opus-4-6"],
      "blockedModelIds": []
    }
  },
  "enabledPlugins": {
    "my-org-plugin@internal-marketplace": true,
    "experimental-plugin@internal-marketplace": false
  },
  "extraKnownMarketplaces": {
    "internal-marketplace": {
      "source": {
        "source": "github",
        "repo": "my-org/factory-plugins"
      }
    }
  },
  "strictKnownMarketplaces": [
    {
      "source": "github",
      "repo": "my-org/factory-plugins"
    }
  ]
}

Putting it all together

The hierarchical settings system underpins everything described in the other enterprise pages: By expressing policy once at the right level, you can run Droid across cloud, hybrid, and airgapped environments without per‑machine drift or one‑off configuration.