Origin Agent
Origin Agent in CDE — confidential agentic assistance with verifiable runtime and inference, Gateway routing, and ZDR vs TEE models.
Origin Agent is the in-IDE AI assistant in CDE — a confidential agentic surface where the model answers questions, edits files, and runs terminal commands on demand. Inference routes through ORGN Gateway; on cloud worktrees, tool calls execute inside the same TDX sandbox as your code.
CDE fetches your team's Gateway API key automatically after sign-in — you do not paste a key manually.
Runtime vs inference — two separate boundaries
On cloud worktrees, your code and agent tool calls run inside a TDX sandbox. Prompts and completions route out to ORGN Gateway. Those are different confidentiality layers — and each has its own cryptographic proof.
| Runtime (cloud worktree) | Inference (Origin Agent) | |
|---|---|---|
| What is protected | Your code, terminal, tool execution | Your prompts and model outputs |
| Mechanism | Intel TDX Trust Domain — encrypted VM | Depends on model: ZDR policy or TEE hardware |
| Proof | Sandbox attestation | TEE receipt in Scanner (TEE models only) |
| Applies when | Cloud worktree attached | Every message — tier chosen in model picker |
On Open Project (local mode), there is no sandbox attestation, but Origin Agent still routes inference through Gateway with the same model tiers.
Verify your workload
Most AI IDEs ask you to trust a vendor's policy. CDE gives you evidence. Confidentiality as proof, not a policy statement — that is the moat.
Runtime — prove your code and tools ran in hardware isolation
On cloud worktrees, your repository, terminal, and every agent tool call execute inside an Intel TDX Trust Domain. Fetch a sandbox attestation report to prove it:
- Click the TDX shield in the status bar, or
- Run Show TDX Sandbox Attestation from the command palette
The report is a hardware-signed TDX quote bound to your sandbox — proof that your agent acted inside verified confidential compute, not an ordinary shared VM. See Attestation for what the report contains and how to use it in security reviews.
Inference — prove a TEE model call
When you select a TEE model, Gateway produces attestation receipts verifiable in ORGN Scanner. This proves a specific inference request ran in hardware-isolated compute.
Sandbox attestation and inference receipts answer different questions. For a complete security review, you may need both: attestation proves where your agent acted; inference receipts prove where your prompts were processed.
Gateway routing
All Origin Agent inference goes through ORGN Gateway:
https://api.gateway.orgn.com/v1This is an authenticated API endpoint. Opening the URL in a browser without an API key returns an authorization error — that is expected, not a service outage.
CDE uses the OpenAI-compatible /v1/chat/completions endpoint. Model IDs use underscores (for example phala_deepseek_r1, near_qwen3_30b) — not slashes.
For API usage outside the IDE, see Gateway quickstart.
Authentication
CDE does not ask you to paste a Gateway API key manually. After you sign in with id-orgn, CDE fetches a team-scoped Gateway key from the ORGN platform API and injects it into Origin Agent requests.
If your id-orgn session expires, Origin Agent may fail until you sign in again. CDE retries key refresh once on 401 before surfacing an actionable error.
Model selection — ZDR vs TEE
Choose models from the chat model picker. Each model shows a ZDR or TEE badge. When many models are available, use the TEE filter to show only hardware-backed options.
| ZDR | TEE | |
|---|---|---|
| Stands for | Zero Data Retention | Trusted Execution Environment |
| Problem solved | The provider might store or train on your prompts | The provider or host might read inference in memory |
| Mechanism | Routing through Vercel AI Gateway with a no-retention agreement | Hardware-isolated inference (NEAR, Phala) |
| Proof | Contract / policy — no per-request hardware receipt | Cryptographic attestation receipt (verify in Scanner) |
| Model examples | vercel_claude_*, vercel_gemini_* | near_*, phala_* |
| When to pick | Frontier capability with strong data-handling agreements | When you need verifiable confidential inference |
Do not call ZDR "confidential computing." ZDR is policy retention. TEE is hardware isolation.
See Platform trust — execution environments for the full comparison.
Tool use
Origin Agent invokes tools when the task requires it. The model can:
- Read and edit files in the workspace
- Run terminal commands (subject to your approval settings)
- Search the codebase and reference files with
@mentions
Tool calls execute on your local folder in Open Project mode, or inside the remote sandbox on cloud worktrees — the same runtime boundary as your code. Inference for those tool calls still routes through Gateway.
@ file references
Reference workspace files in chat with @:
@file— include a specific file in context@folder— include a directory@codebase— semantic search across the workspace (uses a local embeddings index)
Workspace semantic index
@codebase is backed by a workspace semantic index — separate from ORGN Studio's Repomix code index. CDE builds it in the background when you open a folder or attach to a cloud worktree. Watch indexing progress in the chat status area; once ready, @codebase searches across the current workspace without listing every file manually.
The semantic index reflects files on disk in your open workspace. After large pulls or branch switches, allow indexing to catch up or trigger a rebuild from the command palette if search results look stale.
On cloud worktrees, @file and @folder resolve against the remote file tree in the sandbox.
In ORGN Studio, agents use the project code index (built automatically on import, refreshed manually) plus live file reads from the sandbox.
Starting from a worktree
When you create or open a worktree from the Projects sidebar, CDE can prefill Origin Agent with task context from your Studio task description.
Next steps
- Agents — parallel worktrees and Agent Sessions
- Local vs confidential cloud — when tool calls run in a sandbox
- Gateway quickstart — direct API usage and model catalog
- Attestation — fetch and review sandbox attestation reports
- Scanner — verify inference receipts for TEE model calls