Originally published at orquesta.live/blog/security-by-default-keeping-code-local-orquesta
Local execution vs. cloud sandboxes is not just a matter of preference; it's a fundamental security strategy. With Orquesta, we ensure that your code remains on your premises, maintaining control and oversight while leveraging powerful AI to automate and streamline your workflows.
The Risks of Cloud Sandboxes
Leveraging cloud sandboxes for executing code can pose significant risks. First and foremost, data sovereignty and privacy concerns are paramount. When you execute code in a cloud environment, you're invariably transferring your intellectual property to a third-party server. Even with encryption and strict privacy policies, this introduces potential vulnerabilities and compliance issues, especially in industries with stringent data protection regulations.
Moreover, cloud sandboxes depend heavily on network stability and can be susceptible to outages or latency, impacting the efficiency of your workflows. These factors make the case for local execution not just compelling but necessary for operations where security and efficiency are non-negotiable.
Local Execution: The Orquesta Approach
At Orquesta, we designed our platform with a clear focus: security by default. Our local AI agent runs on your machine using Claude CLI, ensuring that your code never leaves your local infrastructure. This approach not only enhances security but also aligns with the best practices in software development.
AES-256 Encryption
We employ AES-256 encryption for all credentials, adding a robust layer of security to every transaction and operation. This ensures that sensitive data is protected at rest and in transit, complying with modern encryption standards and safeguarding your information from unauthorized access.
Full Audit Trails
Transparency and accountability are built into Orquesta's core. Every prompt, log, and code change is meticulously tracked, providing a full audit trail. This feature is crucial for teams that need to maintain comprehensive records of their development processes for compliance or internal review.
Here's a basic example of how an audit trail can be structured within Orquesta:
{
"prompt":"Add a new API endpoint",
"user":"jane.doe",
"timestamp":"2023-10-01T15:03:00Z",
"changes":[
{
"file":"src/api/endpoints.js",
"diff":"+ const newEndpoint = () => {...};"
}
],
"status":"approved"
}
This JSON structure allows for straightforward tracking of who did what and when, providing clarity and traceability.
Quality Gates and Team Sign-Offs
Before any code is executed, Orquesta implements quality gates where AI simulates the changes and requires team lead approval. This step is critical in preventing erroneous code from being deployed, ensuring that every change is vetted and meets your organizational standards.
- prompt: "Implement new feature"
simulate: true
approve: "team_lead"
This YAML configuration might be part of your project setup, defining who needs to sign off before actual execution.
Monitoring and Collaboration
Our Agent Grid feature allows teams to monitor dozens of agents from a single screen, complete with live terminal outputs. This centralized view not only enhances oversight but also facilitates collaboration, enabling team members to contribute prompts and insights effectively.
Role-based permissions mean you can control who submits prompts and who oversees execution, maintaining a hierarchical order in your development cycle without sacrificing agility.
Conclusion
Local execution with Orquesta is about more than just keeping code on your machine; it's about establishing a secure, efficient, and collaborative development environment. By prioritizing security with AES-256 encryption, full audit trails, and requiring team sign-offs, Orquesta supports teams in maintaining control over their processes while enjoying the benefits of AI-driven development.
The takeaway is clear: in an era where security is paramount, keeping your code local with Orquesta provides peace of mind and operational integrity without compromising on innovation.
Top comments (0)