Originally published at orquesta.live/blog/security-by-default-keeping-code-execution-local-2026-05-19
When we built Orquesta, our primary focus was on security. As developers, we understood the anxiety of sending sensitive code and credentials off to cloud services. We crafted Orquesta to ensure your code never leaves the safety of your infrastructure. Here's why local execution is not just a feature, but a necessity.
Local AI Agents: The Heart of Security
Orquesta runs Claude CLI directly on your machine. This means all code processing happens locally, eliminating risks associated with cloud sandboxes. Your proprietary code, sensitive credentials, and data remain within your own infrastructure, under your control.
Running AI agents locally also ensures compliance with data residency laws and internal policies. Many teams are constrained by regulations that forbid code from traveling beyond geographic boundaries or specific secured networks. By keeping execution local, we adhere to these requirements by default.
AES-256 Encryption for Credentials
Security isn't just about keeping code local—it's also about protecting the secrets that power your applications. Orquesta uses AES-256 encryption to secure credentials. Whether it's API keys, database passwords, or SSH keys, you can trust that your secrets remain confidential, even in the rare event of a breach.
Encryption at this level is virtually unbreakable with today's technology, providing peace of mind that your credentials won't be the weak link in your security chain.
Full Audit Trails for Every Action
Tracking changes and understanding who did what, when, is crucial in any development environment. Orquesta provides a comprehensive audit trail for every action taken by the AI agent. This includes logs of prompts, execution outputs, and diffs for all code changes.
These audit trails not only serve as a security measure but also as a valuable resource for debugging and compliance. They allow you to verify the integrity of agent actions and ensure all changes are accounted for, bolstering both security and accountability.
Quality Gates with Team Sign-off
One of Orquesta's standout features is the concept of quality gates. Before any AI-generated code is merged or deployed, it must pass through a team lead's scrutiny. This manual checkpoint ensures adherence to coding standards and business logic.
Quality gates act as a definitive line of defense against erroneous or malicious code changes. By requiring human oversight before execution, we strike a balance between AI-driven efficiency and human judgment.
The Cost of Cloud Sandboxes
Cloud sandboxes often come with hidden costs—not just financial, but also in terms of security and data integrity. When you send code to a cloud environment, you lose control over its movement and potential exposure. Even if the cloud provider promises security, the added risk of third-party breaches remains.
With Orquesta, you avoid these pitfalls. Your code stays where it belongs: on your machine, within your network, safeguarded by your existing security protocols. This reduces the attack surface and keeps your intellectual property protected.
Not Just About Security
While security is paramount, local execution also enhances performance. Running AI agents locally means faster execution times compared to cloud-based solutions, which often suffer from latency and bandwidth limitations. Our approach ensures your team can work swiftly without compromising on security.
Conclusion: Local is the New Default
In an era where data breaches are commonplace, keeping code execution local is not just a preference—it's a necessity. Orquesta offers a robust platform where security, performance, and compliance converge. We designed it to respect your data boundaries and empower your team with the tools needed to maintain control over their code and credentials. When security is built-in by default, you can focus on what truly matters: building great software.
Top comments (0)