CDE
ORGN's native desktop IDE — local folders or confidential cloud worktrees, with Origin Agent routed through ORGN Gateway.
CDE is ORGN's native desktop IDE — a VS Code fork for developers who need a daily-driver editor and, when it matters, a way to run code inside hardware-isolated cloud sandboxes.
Run anything. See nothing.
New to CDE? Start with the Quickstart — install, sign in, and open your first cloud worktree in under five minutes.
What problem does CDE solve?
You have proprietary code, regulated data, or procurement requirements that policy promises cannot satisfy. CDE gives you two execution modes:
- Local — open a folder on your machine, standard desktop development
- Cloud — attach to a worktree running inside a TDX Trust Domain (Intel hardware that encrypts VM memory so the cloud operator, hypervisor, and ORGN cannot read your running code)
Origin Agent — the in-IDE AI assistant — is a separate boundary. Your code and tool calls run in the sandbox on cloud worktrees; prompts route through ORGN Gateway unless you pick a TEE model for verifiable confidential inference.
See Local vs confidential cloud for when to use each mode, and Origin Agent for runtime vs inference confidentiality.
What CDE provides
| Capability | Description |
|---|---|
| Native IDE | Full VS Code surface — editor, terminal, Git, debugging — with ORGN worktree and cloud integration |
| Confidential cloud worktrees | SSH attach to TDX sandboxes — not ordinary shared cloud VMs |
| Origin Agent | In-IDE AI with tool use (file edits, terminal commands), routed through ORGN Gateway |
| Sandbox attestation | Fetch a signed TDX report for active cloud worktrees — prove the environment, not just trust our word |
| Parallel workstreams | Separate worktrees (isolated branches + sandboxes) so parallel agents do not collide |
For the full trust stack, see Platform trust.
Two confidentiality layers
| Runtime (cloud worktree) | Inference (Origin Agent) | |
|---|---|---|
| What is protected | Your code, terminal, agent tool execution | Your prompts and model outputs |
| Mechanism | Intel TDX Trust Domain — encrypted VM | Model-dependent: ZDR (policy retention) or TEE (hardware isolation) |
| Proof | Sandbox attestation report | TEE receipt in Scanner (TEE models only) |
| Applies when | Open Cloud Project attached | Every Origin Agent message — tier chosen in model picker |
ZDR (Zero Data Retention) means the provider agrees not to store your prompts — policy trust, not hardware proof. TEE (Trusted Execution Environment) means inference runs in hardware-isolated compute with cryptographic receipts. Do not conflate them.
CDE vs ORGN Studio — where does your work go?
| Question | ORGN Studio (browser) | CDE (desktop) |
|---|---|---|
| Import a repo / create a project | Yes — GitHub import, runtime selection | Must be done from ORGN Studio |
| Task board, milestones, team billing | Yes | Open project settings in browser at cde.orgn.com |
| Daily-driver editor, terminal, Git | Browser Code Mode | Native VS Code fork |
| Create a worktree for a task | Yes | Yes — Projects sidebar |
| Run code in a TDX sandbox | Yes (browser workspace) | Yes — SSH attach to the same sandboxes |
| Origin Agent with tool use | Yes | Yes |
| Sandbox attestation fetch | Yes | Yes |
Studio sets up projects and tasks. CDE is where many developers do the work. Both share the same id-orgn identity and cloud worktrees.
Launching the desktop app directly from a Studio task is marked Soon — today, download CDE and sign in with the same id-orgn session.
Documentation
Install
Download CDE for macOS, Windows, and Linux. In-app updates on macOS and Windows.
Quickstart
Install, sign in, and open your first confidential cloud worktree.
Local vs confidential cloud
When to use Open Project vs Open Cloud Project, and what each mode protects.
Cloud worktrees
Worktrees, SSH attach, Projects sidebar, and recovery.
Origin Agent
Gateway routing, model tiers (ZDR vs TEE), and tool use.
Attestation
Fetch and review TDX sandbox attestation for cloud worktrees.
Agents
Parallel worktrees, Agent Sessions, and Studio agent chats.
Troubleshooting
GitHub App setup, SSH gate errors, and common fixes.
Related
- Gateway quickstart — API keys, models, and inference attestation receipts
- ORGN Studio — browser platform for project import and team workflows
- Platform trust — canonical reference for confidentiality and verification