// tool reference · Governance & Advisory
Factory Studio Pro
Compose hosted defensive micro-tools from vetted primitives.
What it does
Describe a tool in plain language and the platform builds it — as a declarative Tool Spec executed by a safe interpreter, not as generated code. This is the platform's most distinctive capability and its most deliberate security decision.
When to use it
- You need a small, repeatable transform (extract, classify, score) and do not want to write it.
Inputs
Field names are the actual form parameters, verified against source.
| Field | Type | Required | Notes |
|---|---|---|---|
| (prompt) | textarea | required | What the tool should do. |
What you get back
A working tool with typed inputs and a result pipeline.
Worked example
Input
Extract every IP and CVE from an incident note and flag private ranges
Output (abridged)
{
"key": "ioc_extract",
"title": "IOC Extractor",
"inputs": [ { "name":"text", "type":"textarea", "required":true } ],
"pipeline": [
{ "op":"regex_extract", "preset":"ipv4", "field":"text", "as":"ips", "label":"IPv4" },
{ "op":"regex_extract", "preset":"cve", "field":"text", "as":"cves", "label":"CVEs" }
]
}
How it works
The AI emits a JSON Tool Spec — typed inputs plus a pipeline of whitelisted operations. An interpreter executes it. There is NO eval(), no shell, no file writes, no network access, and no raw regex: patterns come from a vetted ReDoS-safe preset library selected by NAME. AI output is data, never code. Drafts save as .txt in a directory that denies both HTTP access and the PHP handler.
Limits
Read live from the platform configuration.
| Visitor | 1 build |
| Free | 3 builds |
| Pro | 100 builds |
| Spec caps | 6 inputs · 16 pipeline steps · 60,000 chars/field |
| Top-ups | Factory Build Pack |
Privacy
Your prompt is sent to the AI provider. Specs and drafts are stored against your account.
Standards
OWASP LLM Top 10 (LLM02 insecure output handling — mitigated by design)