Security by Default: Keeping Code Execution Local

Originally published at orquesta.live/blog/security-by-default-keeping-code-execution-local-2026-05-17

In the realm of software development, security isn't just a feature—it's a fundamental requirement. Choosing where and how your code runs can dramatically impact the security of your entire development process. At Orquesta, we believe that keeping code execution local provides unparalleled advantages over cloud-based sandboxes in terms of security, transparency, and control.

The Risks of Cloud Sandboxes

Cloud-based sandboxes have become a popular solution for running code in isolated environments. However, this approach introduces significant security risks:

• Data Exposure: Code and associated data leave your infrastructure, making them vulnerable to interception.
• Compliance Issues: Many industries have strict regulations about where data can reside, which cloud solutions often complicate.
• Dependency on External Providers: Your security depends on the cloud provider's security measures, which may not align with your standards.

These risks emphasize the need for a more secure alternative. That's where local execution comes into play.

Why Local Execution?

Running code locally, as facilitated by Orquesta, ensures that your data and intellectual property are secure.

AES-256 Encryption

We utilize AES-256 encryption for credentials, ensuring that sensitive information remains secure at all times. Even if unauthorized access occurs, the encryption ensures that your credentials are unreadable without the proper decryption key.

Code Never Leaves Your Machine

With Orquesta's local AI agent running Claude CLI on your machine, your code stays within your secure environment. This eliminates the risks associated with sending data to external servers and aligns with best practices for data residency.

Full Audit Trails

Orquesta provides comprehensive audit trails of every action performed by the AI agent, from prompts to execution logs. This transparency is crucial for diagnosing issues, conducting security audits, and ensuring compliance with internal and external regulations.

{
  "agent": "Claude CLI",
  "action": "Execute",
  "timestamp": "2023-10-15T12:00:00Z",
  "details": "Executed deployment script"
}

Quality Gates with Team Sign-Off

Before any changes are made to your codebase, Orquesta's quality gates simulate the changes and require a team lead's approval. This process not only ensures code quality but also serves as a security checkpoint, preventing unauthorized or erroneous changes.

Orquesta's Security Model in Action

Let's consider a scenario where a team is deploying a new feature to a production environment. With Orquesta, this process is secure and controlled:

1. Prompt Submission: A team member submits a deployment prompt via Orquesta's web interface or Telegram bot.
2. Local Execution: The AI agent, running locally, interprets the prompt and simulates the deployment.
3. Quality Gate: A team lead reviews the simulated changes and signs off.
4. Commit and Deploy: Upon approval, real git commits are made, and the deployment occurs.
5. Audit Trail Capture: Every step is logged, providing a detailed audit trail.

This workflow ensures that security is maintained at every step, with no data ever leaving your secure perimeter.

Conclusion

In an era where data breaches and security incidents are all too common, the choice of execution environment can be the difference between a secure workflow and a vulnerable one. By keeping code execution local, Orquesta empowers teams to maintain control over their data and processes, offering a security-first approach that is vital in today's development landscape.

For teams that prioritize security and compliance, local execution with Orquesta is not just an option—it's a necessity.