Known Limitations · v0.15 / v0.16

What the factory cannot yet do fully.

Honesty over marketing: this page collects the current limitations in one place. It complements the feature pages and is updated with every release. What has already shipped is in the changelog.

named honestly as of v0.16 roadmap open

Why this page

The platform moves fast, and some building blocks are implemented but not yet conclusively verified in every scenario. Instead of scattering such points across many pages, this page lists them in a consolidated, plain-spoken form — so you can make a sound operational decision.

1. Cloud gateways are experimental

Alongside the official vendor APIs there are adapters for the cloud gateways AWS Bedrock, Google Vertex AI and Azure OpenAI. These are implemented but not yet live end-to-end tested.

  • Production use of a gateway should happen only after customer-side verification with real cloud credentials.
  • The direct vendor APIs (Anthropic, OpenAI, Google Gemini) and on-prem operation via Ollama/vLLM are not affected.

2. Multi-tenancy: foundations in place, full audit-grade separation to come

The tenant foundations are in place: project-boundary isolation, role-based access control (RBAC) and SSO federation (OIDC).

  • Full audit-grade multi-tenancy (separate policy, audit, cost and export per tenant) is coming in a later release.
  • Until then: one instance per tenant is recommended where hard, auditable separation is required.

3. Execution of generated code — isolated environment recommended

Build runs execute agent-generated code (e.g. mvn verify, npm run build). Such code should always be treated as untrusted.

  • Run build runs on an isolated or trusted environment, not on a host with sensitive access.
  • The platform offers a container sandbox per run (execution.sandbox.variant=container, with network, CPU and memory limits). Further sandbox hardening is in progress.

4. Compliance profiles & policy-as-code — enforcement being completed

Policies and compliance profiles are versioned, signed and attested (Ed25519). Provability is therefore in place.

  • Hard enforcement of gate strictness and mandatory attestation is being completed in v0.16.
  • Until then, attestation and signing are reliable; for enforcing controls also rely on the configured quality-gate modes.
What has already shipped is documented release by release in the changelog / news section. Operational questions are answered in the FAQ, deeper architecture on the architecture page.