Why we built a local-first desktop app for Flutter security auditing (instead of a cloud SaaS)

Hey DEV community! 👋

I just finished shipping the native macOS and Windows desktop builds for my project, Sentinel AI, and the journey made me realize something: we might be over-relying on the cloud for everything.
When building a security auditor specifically for Flutter and Dart codebases, the standard path would have been to spin up a web app, have users authenticate and upload their repository to our servers to run the checks.
But as a developer two things always bugged me about that approach:

1. IP & Privacy: Code is a company's crown jewel. Many teams (and solo founders, like myself) don't want to pipe their proprietary source code to a third-party cloud server. just to check for a hardcoded API key or an insecure storage implementation.
2. Performance lag: Waiting on clud queues and network latency ruins a fast coding workflow. We decided to take a differnt path and build a local-first desktop tool. The 3-Pass Local Architecture ** To make it work without the cloud, we designed a **3-Pass Security Orchestration Pipeline that runs completely locally on your machine. Your source code never leaves your desktop. Pass 1 (Static Analysis): Instantly scans the Dart code structure for immediate syntax risks, loose CORS policies, and hardcoded credentials.

Pass 2 (Contextual Mapping): Maps out how data flows through the Flutter components to find deeper configuration gaps.

Pass 3 (Local AI Orchestration): Uses a local LLM orchestration pipeline to evaluate nuanced logic flaws without sending data to an external API.

What I Learned Shipping Cross-Platform Desktop
Building for both macOS and Windows simultaneously using a unified codebase comes with its own set of UI and ecosystem challenges, but the performance payoff of a native desktop build vs. a web wrapper has been massive.

We are currently giving away 25 free trial keys to Flutter developers to get some raw, honest feedback on the local pipeline performance. If you want to put it through its paces on your codebase, drop a comment below and I'll send a key your way!

I'd love to hear your thoughts: For your daily development tools, do you prefer a web-based SaaS or a snappy, privacy-first desktop application?