factoryline-code-factory 0.6.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- factoryline_code_factory-0.6.0/LICENSE +17 -0
- factoryline_code_factory-0.6.0/LICENSE-APACHE +19 -0
- factoryline_code_factory-0.6.0/LICENSE-MIT +22 -0
- factoryline_code_factory-0.6.0/NOTICE +7 -0
- factoryline_code_factory-0.6.0/PKG-INFO +258 -0
- factoryline_code_factory-0.6.0/README.md +240 -0
- factoryline_code_factory-0.6.0/factoryline/__init__.py +1 -0
- factoryline_code_factory-0.6.0/factoryline/app_builder.py +493 -0
- factoryline_code_factory-0.6.0/factoryline/assembly.py +263 -0
- factoryline_code_factory-0.6.0/factoryline/attribution.py +113 -0
- factoryline_code_factory-0.6.0/factoryline/boundary.py +23 -0
- factoryline_code_factory-0.6.0/factoryline/challenge.py +53 -0
- factoryline_code_factory-0.6.0/factoryline/cli.py +477 -0
- factoryline_code_factory-0.6.0/factoryline/contract.py +169 -0
- factoryline_code_factory-0.6.0/factoryline/coverage.py +76 -0
- factoryline_code_factory-0.6.0/factoryline/meter.py +160 -0
- factoryline_code_factory-0.6.0/factoryline/optimizer.py +152 -0
- factoryline_code_factory-0.6.0/factoryline/passport.py +148 -0
- factoryline_code_factory-0.6.0/factoryline/proof.py +546 -0
- factoryline_code_factory-0.6.0/factoryline/protocol.py +74 -0
- factoryline_code_factory-0.6.0/factoryline/refinement.py +81 -0
- factoryline_code_factory-0.6.0/factoryline_code_factory.egg-info/PKG-INFO +258 -0
- factoryline_code_factory-0.6.0/factoryline_code_factory.egg-info/SOURCES.txt +28 -0
- factoryline_code_factory-0.6.0/factoryline_code_factory.egg-info/dependency_links.txt +1 -0
- factoryline_code_factory-0.6.0/factoryline_code_factory.egg-info/entry_points.txt +2 -0
- factoryline_code_factory-0.6.0/factoryline_code_factory.egg-info/requires.txt +3 -0
- factoryline_code_factory-0.6.0/factoryline_code_factory.egg-info/top_level.txt +1 -0
- factoryline_code_factory-0.6.0/pyproject.toml +25 -0
- factoryline_code_factory-0.6.0/setup.cfg +4 -0
- factoryline_code_factory-0.6.0/tests/test_factoryline.py +587 -0
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
Apache License
|
|
2
|
+
Version 2.0, January 2004
|
|
3
|
+
http://www.apache.org/licenses/
|
|
4
|
+
|
|
5
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
you may not use this file except in compliance with the License.
|
|
7
|
+
You may obtain a copy of the License at
|
|
8
|
+
|
|
9
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
|
|
11
|
+
Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
See the License for the specific language governing permissions and
|
|
15
|
+
limitations under the License.
|
|
16
|
+
|
|
17
|
+
Full text: http://www.apache.org/licenses/LICENSE-2.0
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
Apache License
|
|
2
|
+
Version 2.0, January 2004
|
|
3
|
+
http://www.apache.org/licenses/
|
|
4
|
+
|
|
5
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
you may not use this file except in compliance with the License.
|
|
7
|
+
You may obtain a copy of the License at
|
|
8
|
+
|
|
9
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
|
|
11
|
+
Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
See the License for the specific language governing permissions and
|
|
15
|
+
limitations under the License.
|
|
16
|
+
|
|
17
|
+
Full license text: http://www.apache.org/licenses/LICENSE-2.0.txt
|
|
18
|
+
Copyright 2026 WizeMe.APP
|
|
19
|
+
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 WizeMe.APP
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
22
|
+
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
ForgeLine — autonomous software factory outer loop
|
|
2
|
+
Copyright 2026 WizeMe.APP
|
|
3
|
+
|
|
4
|
+
Dual-licensed under either of Apache License 2.0 or MIT license at your option.
|
|
5
|
+
Concepts drawn from the Agentic SDLC / Spec-Driven Engineering literature
|
|
6
|
+
(SSAT, adversarial review, architecture-as-CI-gate, skill memory).
|
|
7
|
+
|
|
@@ -0,0 +1,258 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: factoryline-code-factory
|
|
3
|
+
Version: 0.6.0
|
|
4
|
+
Summary: The connective layer that snaps SpecLine, ForgeLine, HSF and Prestige together into one spec-to-artifact assembly line. Each module stays independent; factoryline lines them up.
|
|
5
|
+
License-Expression: MIT OR Apache-2.0
|
|
6
|
+
Project-URL: Homepage, https://github.com/zrk222/code-factory
|
|
7
|
+
Project-URL: Documentation, https://github.com/zrk222/code-factory#readme
|
|
8
|
+
Project-URL: Issues, https://github.com/zrk222/code-factory/issues
|
|
9
|
+
Requires-Python: >=3.10
|
|
10
|
+
Description-Content-Type: text/markdown
|
|
11
|
+
License-File: LICENSE
|
|
12
|
+
License-File: LICENSE-APACHE
|
|
13
|
+
License-File: LICENSE-MIT
|
|
14
|
+
License-File: NOTICE
|
|
15
|
+
Provides-Extra: dev
|
|
16
|
+
Requires-Dist: pytest>=8.0; extra == "dev"
|
|
17
|
+
Dynamic: license-file
|
|
18
|
+
|
|
19
|
+
# code-factory
|
|
20
|
+
|
|
21
|
+
[](https://github.com/zrk222/code-factory/actions/workflows/ci.yml)
|
|
22
|
+
[](https://pypi.org/project/factoryline-code-factory/)
|
|
23
|
+
[](https://pypi.org/project/factoryline-code-factory/)
|
|
24
|
+
|
|
25
|
+
> Most CI proves that code passes. Code Factory first proves that its gates
|
|
26
|
+
> reject deliberately sabotaged builds.
|
|
27
|
+
|
|
28
|
+
Run `factory` with no arguments for a compact live view of installed bricks,
|
|
29
|
+
local proof counts, and the next valid commands. This agent-first home view
|
|
30
|
+
avoids a separate help/discovery turn while keeping `--help` available everywhere.
|
|
31
|
+
|
|
32
|
+
```mermaid
|
|
33
|
+
flowchart LR
|
|
34
|
+
A["Intent / PRD"] --> B["Real build + gates"]
|
|
35
|
+
A --> C["Proof-by-sabotage challenges"]
|
|
36
|
+
C --> S["Spec mutations"]
|
|
37
|
+
C --> F["Empty stubs"]
|
|
38
|
+
C --> H["Decision-rule mutations"]
|
|
39
|
+
C --> D["Hidden or broken UI"]
|
|
40
|
+
C --> I["Trace tampering"]
|
|
41
|
+
B --> P["Factory Passport"]
|
|
42
|
+
S --> P
|
|
43
|
+
F --> P
|
|
44
|
+
H --> P
|
|
45
|
+
D --> P
|
|
46
|
+
I --> P
|
|
47
|
+
P --> G["GitHub summary + badge + Mermaid + attestations"]
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
> New: PRD-to-app building. Factoryline can now turn a PRD or prompt into a
|
|
51
|
+
> full-stack starter repo, then hand it to the same gated, receipted factory
|
|
52
|
+
> flow that powers proof-carrying PRs.
|
|
53
|
+
|
|
54
|
+

|
|
55
|
+
|
|
56
|
+
**A code factory built like Lego.** Five small, independent, open-source pieces that
|
|
57
|
+
snap together into one assembly line: describe a feature in plain language, and the
|
|
58
|
+
line checks it for ambiguity, builds it, runs a gauntlet of gates, actually *runs*
|
|
59
|
+
the finished code to watch it behave, compiles any decision logic into permanent
|
|
60
|
+
zero-cost code, and ships it — with a receipt at every step.
|
|
61
|
+
|
|
62
|
+
Each piece is a separate repo you can install and use on its own. This repo is the
|
|
63
|
+
**baseplate** (`factory`) that lines them up. It depends on none of them.
|
|
64
|
+
|
|
65
|
+
## Workflow at a glance
|
|
66
|
+
|
|
67
|
+
```mermaid
|
|
68
|
+
flowchart LR
|
|
69
|
+
A["Plain-language intent"] --> B["1 SpecLine: clarify and lock the spec"]
|
|
70
|
+
B --> C["2 ForgeLine: build through gated phases"]
|
|
71
|
+
C --> D{"What changed?"}
|
|
72
|
+
D -->|"Business decision logic"| E["3 HSF: compile deterministic artifact"]
|
|
73
|
+
D -->|"User-facing UI"| F["4 Prestige: design-quality gate"]
|
|
74
|
+
E --> G["Receipts and signed artifacts"]
|
|
75
|
+
F --> G
|
|
76
|
+
C --> G
|
|
77
|
+
G --> H["Ship with evidence"]
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
Use the numbered repos like Lego bricks: start with the baseplate, add the spec
|
|
81
|
+
brick when intent is fuzzy, add the forge brick when you want a state machine,
|
|
82
|
+
add the compile brick when decisions must be deterministic, and add the design
|
|
83
|
+
brick when the shipped thing has a user interface.
|
|
84
|
+
|
|
85
|
+
```
|
|
86
|
+
intent -> [1-spec] -> spec + strict contract -> handoff
|
|
87
|
+
|
|
|
88
|
+
[2-forge] <---- tasks / plan <----------+
|
|
89
|
+
| architect -> build -> gates -> smoke -> ship
|
|
90
|
+
|-> if UI -> [4-design] design-quality gate
|
|
91
|
+
+-> if decision table -> [3-compile] -> deterministic artifact
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
## The five pieces
|
|
95
|
+
|
|
96
|
+
| Repo | pip install | CLI | What it does |
|
|
97
|
+
|---|---|---|---|
|
|
98
|
+
| **code-factory** (this) | `factoryline-code-factory` | `factory` | the baseplate — snaps the bricks together, meters cost |
|
|
99
|
+
| **code-factory-1-spec** | `code-factory-1-spec` | `specline` | kills ambiguity *before* the AI writes code (anti-drift input contract) |
|
|
100
|
+
| **code-factory-2-forge** | `code-factory-2-forge` | `forge` | the assembly line: architect -> build -> gates -> **runtime smoke** -> ship |
|
|
101
|
+
| **code-factory-3-compile** | `code-factory-3-compile` | `hsf` | compiles a decision *once* into boring code that runs forever at zero AI cost |
|
|
102
|
+
| **code-factory-4-design** | `code-factory-4-design` | `prestige` | design-quality gate, for when what you ship has a face |
|
|
103
|
+
|
|
104
|
+
Numbered so the assembly order reads at a glance. Install one, some, or all.
|
|
105
|
+
|
|
106
|
+
The baseplate's PyPI distribution is named `factoryline-code-factory` because
|
|
107
|
+
PyPI reserves the more generic `code-factory` name. The repository and the
|
|
108
|
+
`factory` command deliberately keep the simpler Code Factory identity.
|
|
109
|
+
|
|
110
|
+
## Enterprise knowledge activation
|
|
111
|
+
|
|
112
|
+
Code Factory treats agent instructions as **Atomic Knowledge Units (AKUs)**:
|
|
113
|
+
small, high-density, validated units of institutional knowledge. The goal is to
|
|
114
|
+
move from "retrieve a long doc and hope the agent interprets it" to "activate the
|
|
115
|
+
right procedure, tools, governance, and validators at the exact step of work."
|
|
116
|
+
|
|
117
|
+
See [AKU_STANDARD.md](AKU_STANDARD.md) for the enterprise schema and how each
|
|
118
|
+
brick maps to codification, compression, injection, and validation.
|
|
119
|
+
|
|
120
|
+
## Quick start
|
|
121
|
+
|
|
122
|
+
```bash
|
|
123
|
+
pip install factoryline-code-factory==0.6.0 code-factory-1-spec==0.5.0 code-factory-2-forge==0.8.0 code-factory-3-compile==0.5.1 code-factory-4-design==0.6.0
|
|
124
|
+
|
|
125
|
+
factory doctor --strict # versions + required command compatibility
|
|
126
|
+
factory plan # print the assembly pipeline
|
|
127
|
+
factory init . # lay down the shared workspace
|
|
128
|
+
factory assemble my_feature # run the line (skips any missing brick)
|
|
129
|
+
factory meter # receipted cost + savings, computed on YOUR runs
|
|
130
|
+
factory rollup my_feature # aggregate receipt attribution for debugging
|
|
131
|
+
factory trace my_feature # hash-link receipts into a proof bundle
|
|
132
|
+
factory verify-trace .factory/traces/my_feature.trace.json
|
|
133
|
+
factory replay .factory/traces/my_feature.trace.json --changed smoke/my_feature.json
|
|
134
|
+
factory evidence my_feature # public-safe proof for a PR or release note
|
|
135
|
+
factory policy # write default policy-as-code thresholds
|
|
136
|
+
factory optimize-pr --changed specs/my_feature.md --feature my_feature
|
|
137
|
+
factory pr-pack my_feature # reviewer-ready PR_EVIDENCE.md
|
|
138
|
+
factory app from-prd PRD.md --out my-app --purpose saas
|
|
139
|
+
factory challenge my_feature --trace .factory/traces/my_feature.trace.json
|
|
140
|
+
factory passport my_feature --trace .factory/traces/my_feature.trace.json --challenge .factory/challenges/factoryline.json
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
`factory assemble` is resumable and stops at human-owned authoring and approval
|
|
144
|
+
boundaries. Its JSON output names `paused_at` and the exact `next_command`; it
|
|
145
|
+
does not silently approve architecture or claim unfinished scaffolds are built.
|
|
146
|
+
|
|
147
|
+
See [ProofLab and the Factory Passport](docs/PROOFLAB.md) for all five challenge
|
|
148
|
+
commands and the generated Mermaid artifact.
|
|
149
|
+
|
|
150
|
+
For publication order, GitHub release steps, Claude Code/Codex setup, and
|
|
151
|
+
launch links, see [PUBLICATION_GUIDE.md](PUBLICATION_GUIDE.md).
|
|
152
|
+
|
|
153
|
+
## Instant PRD-to-App Builder
|
|
154
|
+
|
|
155
|
+
`factory app` is the one-shot app-builder workflow: PRD or prompt in,
|
|
156
|
+
full-stack starter out, with gates and evidence hooks already attached.
|
|
157
|
+
Treat the output as app-shaped starting state that must still move through
|
|
158
|
+
SpecLine, ForgeLine, HSF, Prestige, and Factoryline proof before release.
|
|
159
|
+
|
|
160
|
+
```bash
|
|
161
|
+
factory app from-prompt "Build an expense approval app with manager review, audit logs, and policy-based approvals" --out expense-approval
|
|
162
|
+
factory app from-prd PRD.md --stack nextjs-fastapi-postgres --purpose healthcare --out prior-auth-portal
|
|
163
|
+
```
|
|
164
|
+
|
|
165
|
+
It generates `app_blueprint.json`, `PRD.md`, frontend/backend/db starter files,
|
|
166
|
+
smoke tests, and a workflow guide. The point is not to bypass engineering
|
|
167
|
+
judgment; the point is to make the first app-shaped repo appear instantly while
|
|
168
|
+
preserving the factory contract.
|
|
169
|
+
|
|
170
|
+
See [docs/APP_BUILDER.md](docs/APP_BUILDER.md) for the visual workflow,
|
|
171
|
+
illustrative readiness model, generated file tree, and follow-up commands.
|
|
172
|
+
|
|
173
|
+
## PR optimization control plane
|
|
174
|
+
|
|
175
|
+
Senior review is now a factory surface. `factory optimize-pr` turns a diff into
|
|
176
|
+
a bounded hardening plan: changed paths, invalidated gates, design/release
|
|
177
|
+
checks, terminal states, and the no-auto-merge authority boundary. It is
|
|
178
|
+
deterministic and safe to run before opening or updating a PR.
|
|
179
|
+
|
|
180
|
+
`factory pr-pack <feature>` writes a public-safe reviewer packet from the
|
|
181
|
+
hash-linked trace: what changed, which receipts proved it, what the meter can
|
|
182
|
+
honestly measure, and which claims remain scoped. `factory policy` keeps the
|
|
183
|
+
team rules visible: hollow-test proof, hollow-validator proof, release
|
|
184
|
+
readiness, design purpose, and approval boundaries.
|
|
185
|
+
|
|
186
|
+
## Why Lego, not a monolith
|
|
187
|
+
|
|
188
|
+
- **Each brick stands alone.** Install only what you need; a missing brick is skipped, not fatal.
|
|
189
|
+
- **Filesystem interop = maximum portability.** Bricks pass work on disk under a shared
|
|
190
|
+
layout. Any IDE, agent (Codex / Claude Code / Cursor), CI runner, or OS that can run a
|
|
191
|
+
subprocess drives the factory. No daemon, no network, no lock-in.
|
|
192
|
+
- **No hidden coupling.** The baseplate depends on none of the bricks — it shells out to
|
|
193
|
+
their CLIs. Upgrade or swap a brick independently.
|
|
194
|
+
|
|
195
|
+
## Honest metering
|
|
196
|
+
|
|
197
|
+
`factory meter` makes the "saves time and money" claim *yours*, computed from your runs:
|
|
198
|
+
|
|
199
|
+
- With **no measured runs**, it refuses to print a savings percentage — no number against zero data.
|
|
200
|
+
- When modules don't report token usage, it labels the figure a **model**, not a measurement, and says so.
|
|
201
|
+
- It prints the **baseline assumption** inline, so no number hides what it's compared against.
|
|
202
|
+
|
|
203
|
+
Wall-clock time is always measured. Projections are always labeled. Nothing is fabricated.
|
|
204
|
+
|
|
205
|
+
## Proof-carrying PRs
|
|
206
|
+
|
|
207
|
+
`factory trace <feature>` writes `.factory/traces/<feature>.trace.json`: a
|
|
208
|
+
deterministic proof bundle over the latest compatible receipts for that feature.
|
|
209
|
+
Each trace node records the stage, command, receipt hash, declared artifact
|
|
210
|
+
hashes, previous node hash, and attribution summary. The chain head makes receipt
|
|
211
|
+
or artifact tampering visible.
|
|
212
|
+
`factory rollup <feature>` is the lower-level receipt attribution view for
|
|
213
|
+
debugging failed stages; `factory evidence <feature>` is the public-safe view for
|
|
214
|
+
PRs, release notes, and README claims.
|
|
215
|
+
|
|
216
|
+
```bash
|
|
217
|
+
factory trace checkout_flow
|
|
218
|
+
factory verify-trace .factory/traces/checkout_flow.trace.json
|
|
219
|
+
factory rollup checkout_flow
|
|
220
|
+
factory risk-diff --changed smoke/checkout_flow.json
|
|
221
|
+
factory replay .factory/traces/checkout_flow.trace.json --changed smoke/checkout_flow.json
|
|
222
|
+
factory replay .factory/traces/checkout_flow.trace.json --changed smoke/checkout_flow.json --execute
|
|
223
|
+
factory attest .factory/traces/checkout_flow.trace.json
|
|
224
|
+
factory evidence checkout_flow
|
|
225
|
+
```
|
|
226
|
+
|
|
227
|
+
This is the enterprise Lego layer: the factory can say which guarantee a change
|
|
228
|
+
invalidates, which minimum stages must rerun, whether the trace still verifies,
|
|
229
|
+
and what public evidence can be shown without leaking raw logs. If a smoke check
|
|
230
|
+
is hollow, the public evidence can say `hollow_test`; if the trace was tampered
|
|
231
|
+
with, `verify-trace` fails before anyone trusts the PR. `factory attest` exports
|
|
232
|
+
unsigned in-toto/SLSA-shaped JSON statements for teams that want supply-chain
|
|
233
|
+
evidence attached beside a PR, release, or wheel.
|
|
234
|
+
|
|
235
|
+
## Spec validator mutation
|
|
236
|
+
|
|
237
|
+
The assembly line now validates the spec instrument itself:
|
|
238
|
+
|
|
239
|
+
```bash
|
|
240
|
+
specline strict checkout_flow --json
|
|
241
|
+
specline verify-validators checkout_flow --json
|
|
242
|
+
```
|
|
243
|
+
|
|
244
|
+
`verify-validators` deletes or inverts one requirement at a time and requires
|
|
245
|
+
strict lint to kill the mutant. A requirement whose mutant still passes reports
|
|
246
|
+
`hollow_validator`: the spec looked valid, but no validator proved that
|
|
247
|
+
requirement mattered. In the default factory chain, this runs after
|
|
248
|
+
`specline:strict` and before spec gate signoff or downstream build stages.
|
|
249
|
+
|
|
250
|
+
## Cross-platform
|
|
251
|
+
|
|
252
|
+
The baseplate runs on Python 3.10-3.12. The four numbered bricks run on Python
|
|
253
|
+
3.11-3.12. Their CI matrices cover Ubuntu, Windows, and macOS.
|
|
254
|
+
|
|
255
|
+
## License
|
|
256
|
+
|
|
257
|
+
MIT OR Apache-2.0. Free and open source. Each brick carries both license texts.
|
|
258
|
+
Commercial support and integration services available — see [SUPPORT.md](SUPPORT.md).
|
|
@@ -0,0 +1,240 @@
|
|
|
1
|
+
# code-factory
|
|
2
|
+
|
|
3
|
+
[](https://github.com/zrk222/code-factory/actions/workflows/ci.yml)
|
|
4
|
+
[](https://pypi.org/project/factoryline-code-factory/)
|
|
5
|
+
[](https://pypi.org/project/factoryline-code-factory/)
|
|
6
|
+
|
|
7
|
+
> Most CI proves that code passes. Code Factory first proves that its gates
|
|
8
|
+
> reject deliberately sabotaged builds.
|
|
9
|
+
|
|
10
|
+
Run `factory` with no arguments for a compact live view of installed bricks,
|
|
11
|
+
local proof counts, and the next valid commands. This agent-first home view
|
|
12
|
+
avoids a separate help/discovery turn while keeping `--help` available everywhere.
|
|
13
|
+
|
|
14
|
+
```mermaid
|
|
15
|
+
flowchart LR
|
|
16
|
+
A["Intent / PRD"] --> B["Real build + gates"]
|
|
17
|
+
A --> C["Proof-by-sabotage challenges"]
|
|
18
|
+
C --> S["Spec mutations"]
|
|
19
|
+
C --> F["Empty stubs"]
|
|
20
|
+
C --> H["Decision-rule mutations"]
|
|
21
|
+
C --> D["Hidden or broken UI"]
|
|
22
|
+
C --> I["Trace tampering"]
|
|
23
|
+
B --> P["Factory Passport"]
|
|
24
|
+
S --> P
|
|
25
|
+
F --> P
|
|
26
|
+
H --> P
|
|
27
|
+
D --> P
|
|
28
|
+
I --> P
|
|
29
|
+
P --> G["GitHub summary + badge + Mermaid + attestations"]
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
> New: PRD-to-app building. Factoryline can now turn a PRD or prompt into a
|
|
33
|
+
> full-stack starter repo, then hand it to the same gated, receipted factory
|
|
34
|
+
> flow that powers proof-carrying PRs.
|
|
35
|
+
|
|
36
|
+

|
|
37
|
+
|
|
38
|
+
**A code factory built like Lego.** Five small, independent, open-source pieces that
|
|
39
|
+
snap together into one assembly line: describe a feature in plain language, and the
|
|
40
|
+
line checks it for ambiguity, builds it, runs a gauntlet of gates, actually *runs*
|
|
41
|
+
the finished code to watch it behave, compiles any decision logic into permanent
|
|
42
|
+
zero-cost code, and ships it — with a receipt at every step.
|
|
43
|
+
|
|
44
|
+
Each piece is a separate repo you can install and use on its own. This repo is the
|
|
45
|
+
**baseplate** (`factory`) that lines them up. It depends on none of them.
|
|
46
|
+
|
|
47
|
+
## Workflow at a glance
|
|
48
|
+
|
|
49
|
+
```mermaid
|
|
50
|
+
flowchart LR
|
|
51
|
+
A["Plain-language intent"] --> B["1 SpecLine: clarify and lock the spec"]
|
|
52
|
+
B --> C["2 ForgeLine: build through gated phases"]
|
|
53
|
+
C --> D{"What changed?"}
|
|
54
|
+
D -->|"Business decision logic"| E["3 HSF: compile deterministic artifact"]
|
|
55
|
+
D -->|"User-facing UI"| F["4 Prestige: design-quality gate"]
|
|
56
|
+
E --> G["Receipts and signed artifacts"]
|
|
57
|
+
F --> G
|
|
58
|
+
C --> G
|
|
59
|
+
G --> H["Ship with evidence"]
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
Use the numbered repos like Lego bricks: start with the baseplate, add the spec
|
|
63
|
+
brick when intent is fuzzy, add the forge brick when you want a state machine,
|
|
64
|
+
add the compile brick when decisions must be deterministic, and add the design
|
|
65
|
+
brick when the shipped thing has a user interface.
|
|
66
|
+
|
|
67
|
+
```
|
|
68
|
+
intent -> [1-spec] -> spec + strict contract -> handoff
|
|
69
|
+
|
|
|
70
|
+
[2-forge] <---- tasks / plan <----------+
|
|
71
|
+
| architect -> build -> gates -> smoke -> ship
|
|
72
|
+
|-> if UI -> [4-design] design-quality gate
|
|
73
|
+
+-> if decision table -> [3-compile] -> deterministic artifact
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
## The five pieces
|
|
77
|
+
|
|
78
|
+
| Repo | pip install | CLI | What it does |
|
|
79
|
+
|---|---|---|---|
|
|
80
|
+
| **code-factory** (this) | `factoryline-code-factory` | `factory` | the baseplate — snaps the bricks together, meters cost |
|
|
81
|
+
| **code-factory-1-spec** | `code-factory-1-spec` | `specline` | kills ambiguity *before* the AI writes code (anti-drift input contract) |
|
|
82
|
+
| **code-factory-2-forge** | `code-factory-2-forge` | `forge` | the assembly line: architect -> build -> gates -> **runtime smoke** -> ship |
|
|
83
|
+
| **code-factory-3-compile** | `code-factory-3-compile` | `hsf` | compiles a decision *once* into boring code that runs forever at zero AI cost |
|
|
84
|
+
| **code-factory-4-design** | `code-factory-4-design` | `prestige` | design-quality gate, for when what you ship has a face |
|
|
85
|
+
|
|
86
|
+
Numbered so the assembly order reads at a glance. Install one, some, or all.
|
|
87
|
+
|
|
88
|
+
The baseplate's PyPI distribution is named `factoryline-code-factory` because
|
|
89
|
+
PyPI reserves the more generic `code-factory` name. The repository and the
|
|
90
|
+
`factory` command deliberately keep the simpler Code Factory identity.
|
|
91
|
+
|
|
92
|
+
## Enterprise knowledge activation
|
|
93
|
+
|
|
94
|
+
Code Factory treats agent instructions as **Atomic Knowledge Units (AKUs)**:
|
|
95
|
+
small, high-density, validated units of institutional knowledge. The goal is to
|
|
96
|
+
move from "retrieve a long doc and hope the agent interprets it" to "activate the
|
|
97
|
+
right procedure, tools, governance, and validators at the exact step of work."
|
|
98
|
+
|
|
99
|
+
See [AKU_STANDARD.md](AKU_STANDARD.md) for the enterprise schema and how each
|
|
100
|
+
brick maps to codification, compression, injection, and validation.
|
|
101
|
+
|
|
102
|
+
## Quick start
|
|
103
|
+
|
|
104
|
+
```bash
|
|
105
|
+
pip install factoryline-code-factory==0.6.0 code-factory-1-spec==0.5.0 code-factory-2-forge==0.8.0 code-factory-3-compile==0.5.1 code-factory-4-design==0.6.0
|
|
106
|
+
|
|
107
|
+
factory doctor --strict # versions + required command compatibility
|
|
108
|
+
factory plan # print the assembly pipeline
|
|
109
|
+
factory init . # lay down the shared workspace
|
|
110
|
+
factory assemble my_feature # run the line (skips any missing brick)
|
|
111
|
+
factory meter # receipted cost + savings, computed on YOUR runs
|
|
112
|
+
factory rollup my_feature # aggregate receipt attribution for debugging
|
|
113
|
+
factory trace my_feature # hash-link receipts into a proof bundle
|
|
114
|
+
factory verify-trace .factory/traces/my_feature.trace.json
|
|
115
|
+
factory replay .factory/traces/my_feature.trace.json --changed smoke/my_feature.json
|
|
116
|
+
factory evidence my_feature # public-safe proof for a PR or release note
|
|
117
|
+
factory policy # write default policy-as-code thresholds
|
|
118
|
+
factory optimize-pr --changed specs/my_feature.md --feature my_feature
|
|
119
|
+
factory pr-pack my_feature # reviewer-ready PR_EVIDENCE.md
|
|
120
|
+
factory app from-prd PRD.md --out my-app --purpose saas
|
|
121
|
+
factory challenge my_feature --trace .factory/traces/my_feature.trace.json
|
|
122
|
+
factory passport my_feature --trace .factory/traces/my_feature.trace.json --challenge .factory/challenges/factoryline.json
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
`factory assemble` is resumable and stops at human-owned authoring and approval
|
|
126
|
+
boundaries. Its JSON output names `paused_at` and the exact `next_command`; it
|
|
127
|
+
does not silently approve architecture or claim unfinished scaffolds are built.
|
|
128
|
+
|
|
129
|
+
See [ProofLab and the Factory Passport](docs/PROOFLAB.md) for all five challenge
|
|
130
|
+
commands and the generated Mermaid artifact.
|
|
131
|
+
|
|
132
|
+
For publication order, GitHub release steps, Claude Code/Codex setup, and
|
|
133
|
+
launch links, see [PUBLICATION_GUIDE.md](PUBLICATION_GUIDE.md).
|
|
134
|
+
|
|
135
|
+
## Instant PRD-to-App Builder
|
|
136
|
+
|
|
137
|
+
`factory app` is the one-shot app-builder workflow: PRD or prompt in,
|
|
138
|
+
full-stack starter out, with gates and evidence hooks already attached.
|
|
139
|
+
Treat the output as app-shaped starting state that must still move through
|
|
140
|
+
SpecLine, ForgeLine, HSF, Prestige, and Factoryline proof before release.
|
|
141
|
+
|
|
142
|
+
```bash
|
|
143
|
+
factory app from-prompt "Build an expense approval app with manager review, audit logs, and policy-based approvals" --out expense-approval
|
|
144
|
+
factory app from-prd PRD.md --stack nextjs-fastapi-postgres --purpose healthcare --out prior-auth-portal
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
It generates `app_blueprint.json`, `PRD.md`, frontend/backend/db starter files,
|
|
148
|
+
smoke tests, and a workflow guide. The point is not to bypass engineering
|
|
149
|
+
judgment; the point is to make the first app-shaped repo appear instantly while
|
|
150
|
+
preserving the factory contract.
|
|
151
|
+
|
|
152
|
+
See [docs/APP_BUILDER.md](docs/APP_BUILDER.md) for the visual workflow,
|
|
153
|
+
illustrative readiness model, generated file tree, and follow-up commands.
|
|
154
|
+
|
|
155
|
+
## PR optimization control plane
|
|
156
|
+
|
|
157
|
+
Senior review is now a factory surface. `factory optimize-pr` turns a diff into
|
|
158
|
+
a bounded hardening plan: changed paths, invalidated gates, design/release
|
|
159
|
+
checks, terminal states, and the no-auto-merge authority boundary. It is
|
|
160
|
+
deterministic and safe to run before opening or updating a PR.
|
|
161
|
+
|
|
162
|
+
`factory pr-pack <feature>` writes a public-safe reviewer packet from the
|
|
163
|
+
hash-linked trace: what changed, which receipts proved it, what the meter can
|
|
164
|
+
honestly measure, and which claims remain scoped. `factory policy` keeps the
|
|
165
|
+
team rules visible: hollow-test proof, hollow-validator proof, release
|
|
166
|
+
readiness, design purpose, and approval boundaries.
|
|
167
|
+
|
|
168
|
+
## Why Lego, not a monolith
|
|
169
|
+
|
|
170
|
+
- **Each brick stands alone.** Install only what you need; a missing brick is skipped, not fatal.
|
|
171
|
+
- **Filesystem interop = maximum portability.** Bricks pass work on disk under a shared
|
|
172
|
+
layout. Any IDE, agent (Codex / Claude Code / Cursor), CI runner, or OS that can run a
|
|
173
|
+
subprocess drives the factory. No daemon, no network, no lock-in.
|
|
174
|
+
- **No hidden coupling.** The baseplate depends on none of the bricks — it shells out to
|
|
175
|
+
their CLIs. Upgrade or swap a brick independently.
|
|
176
|
+
|
|
177
|
+
## Honest metering
|
|
178
|
+
|
|
179
|
+
`factory meter` makes the "saves time and money" claim *yours*, computed from your runs:
|
|
180
|
+
|
|
181
|
+
- With **no measured runs**, it refuses to print a savings percentage — no number against zero data.
|
|
182
|
+
- When modules don't report token usage, it labels the figure a **model**, not a measurement, and says so.
|
|
183
|
+
- It prints the **baseline assumption** inline, so no number hides what it's compared against.
|
|
184
|
+
|
|
185
|
+
Wall-clock time is always measured. Projections are always labeled. Nothing is fabricated.
|
|
186
|
+
|
|
187
|
+
## Proof-carrying PRs
|
|
188
|
+
|
|
189
|
+
`factory trace <feature>` writes `.factory/traces/<feature>.trace.json`: a
|
|
190
|
+
deterministic proof bundle over the latest compatible receipts for that feature.
|
|
191
|
+
Each trace node records the stage, command, receipt hash, declared artifact
|
|
192
|
+
hashes, previous node hash, and attribution summary. The chain head makes receipt
|
|
193
|
+
or artifact tampering visible.
|
|
194
|
+
`factory rollup <feature>` is the lower-level receipt attribution view for
|
|
195
|
+
debugging failed stages; `factory evidence <feature>` is the public-safe view for
|
|
196
|
+
PRs, release notes, and README claims.
|
|
197
|
+
|
|
198
|
+
```bash
|
|
199
|
+
factory trace checkout_flow
|
|
200
|
+
factory verify-trace .factory/traces/checkout_flow.trace.json
|
|
201
|
+
factory rollup checkout_flow
|
|
202
|
+
factory risk-diff --changed smoke/checkout_flow.json
|
|
203
|
+
factory replay .factory/traces/checkout_flow.trace.json --changed smoke/checkout_flow.json
|
|
204
|
+
factory replay .factory/traces/checkout_flow.trace.json --changed smoke/checkout_flow.json --execute
|
|
205
|
+
factory attest .factory/traces/checkout_flow.trace.json
|
|
206
|
+
factory evidence checkout_flow
|
|
207
|
+
```
|
|
208
|
+
|
|
209
|
+
This is the enterprise Lego layer: the factory can say which guarantee a change
|
|
210
|
+
invalidates, which minimum stages must rerun, whether the trace still verifies,
|
|
211
|
+
and what public evidence can be shown without leaking raw logs. If a smoke check
|
|
212
|
+
is hollow, the public evidence can say `hollow_test`; if the trace was tampered
|
|
213
|
+
with, `verify-trace` fails before anyone trusts the PR. `factory attest` exports
|
|
214
|
+
unsigned in-toto/SLSA-shaped JSON statements for teams that want supply-chain
|
|
215
|
+
evidence attached beside a PR, release, or wheel.
|
|
216
|
+
|
|
217
|
+
## Spec validator mutation
|
|
218
|
+
|
|
219
|
+
The assembly line now validates the spec instrument itself:
|
|
220
|
+
|
|
221
|
+
```bash
|
|
222
|
+
specline strict checkout_flow --json
|
|
223
|
+
specline verify-validators checkout_flow --json
|
|
224
|
+
```
|
|
225
|
+
|
|
226
|
+
`verify-validators` deletes or inverts one requirement at a time and requires
|
|
227
|
+
strict lint to kill the mutant. A requirement whose mutant still passes reports
|
|
228
|
+
`hollow_validator`: the spec looked valid, but no validator proved that
|
|
229
|
+
requirement mattered. In the default factory chain, this runs after
|
|
230
|
+
`specline:strict` and before spec gate signoff or downstream build stages.
|
|
231
|
+
|
|
232
|
+
## Cross-platform
|
|
233
|
+
|
|
234
|
+
The baseplate runs on Python 3.10-3.12. The four numbered bricks run on Python
|
|
235
|
+
3.11-3.12. Their CI matrices cover Ubuntu, Windows, and macOS.
|
|
236
|
+
|
|
237
|
+
## License
|
|
238
|
+
|
|
239
|
+
MIT OR Apache-2.0. Free and open source. Each brick carries both license texts.
|
|
240
|
+
Commercial support and integration services available — see [SUPPORT.md](SUPPORT.md).
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
__version__ = "0.4.1"
|