Origin Docs
Getting Started

Stack Overview

The four-layer ORGN stack — CDE, Studio, Gateway, and Scanner — and how they compose a verifiable confidential development platform.

ORGN is a confidential agentic development platform composed of four products. Each layer has a distinct job. Together they replace the "trust our policy" model with verifiable isolation where the architecture supports it.

┌─────────────────────────────────────────────────────────┐
│  ORGN CDE          Native IDE (VS Code fork)            │
│  Local folders or cloud worktrees in TDX sandboxes      │
├─────────────────────────────────────────────────────────┤
│  ORGN Studio       Web platform — projects, tasks,      │
│  agents, repository-backed confidential workspaces      │
├─────────────────────────────────────────────────────────┤
│  ORGN Gateway      OpenAI-compatible inference API        │
│  TEE models (hardware proof) + ZDR models (frontier)    │
├─────────────────────────────────────────────────────────┤
│  ORGN Scanner      Attestation audit explorer           │
│  Verify inference receipts and sandbox evidence         │
└─────────────────────────────────────────────────────────┘
         ▲                           ▲
         │                           │
    id-orgn SSO              api.gateway.orgn.com
  (shared identity)           (inference API)

Layer 1 — ORGN CDE

What it is: The desktop Confidential Development Environment — a VS Code fork (vscode-cde) branded as CDE.

What it does:

  • Open Project for local folders, or Open Cloud Project for TDX sandbox worktrees
  • Continue with id-orgn on first launch
  • Git worktree isolation for parallel agents
  • Origin Agent with Gateway-backed inference (ZDR or TEE models)

Start here if: You want a daily-driver IDE with confidential compute, or you prefer local development with optional cloud project sync.

CDE Quickstart

Layer 2 — ORGN Studio

What it is: The browser-based platform at cde.orgn.com for provisioning and managing confidential development projects.

What it does:

  • Import Git repositories or templates into TDX workspaces
  • Task and milestone management with agent-driven worktrees at /chat/:id
  • Repository indexing for AI context
  • Shannon code security scanning (vulnerability assessment — not Scanner)
  • Team collaboration, secrets, and sandbox configuration

Start here if: You need to import a repo, deploy a confidential workspace, and collaborate with agents and teammates without installing desktop software.

Studio Quickstart

Layer 3 — ORGN Gateway

What it is: The confidential AI inference gateway — OpenAI-compatible API at api.gateway.orgn.com/v1.

What it does:

  • Routes 95+ models across three provider classes:
    • TEE — NEAR AI and Phala (Intel TDX + GPU attestation, cryptographic receipts)
    • ZDR — Vercel AI Gateway (contractual zero data retention, frontier models)
  • API key management via gateway.orgn.com
  • Model IDs use underscores (phala_deepseek_r1, vercel_claude_sonnet_4_6)

Start here if: You are integrating AI inference into an application, CI pipeline, or agent — and need to choose between hardware proof and frontier model access.

Gateway Quickstart

Layer 4 — ORGN Scanner

What it is: The attestation and audit explorer at scanner.orgn.com.

What it does:

  • Visual Explorer grid of inference activity
  • Messages and Requests views for searchable audit trails
  • Independent attestation verification for TEE inference receipts
  • Sandbox monitoring for confidential compute environments

Scanner shows metadata and cryptographic evidence. It never shows prompt contents or model outputs.

Start here if: You are a security engineer, compliance reviewer, or procurement stakeholder who needs to verify that inference ran inside a genuine Trust Domain.

Scanner Quickstart

Cross-cutting platform services

These span all four layers:

ServiceURLRole
id-orgnid.orgn.comSSO identity for CDE, Studio, Gateway console, Scanner
Attestationattest.daytona.orgn.comTDX attestation for cloud sandboxes
Documentationdocs.orgn.comThis site

See Platform trust model for the canonical security narrative and SSO for identity setup.

Choose your path

I want to…Start with
Install the desktop IDECDE Install
Import a repo and start coding in the browserStudio Quickstart
Call an AI model from my appGateway Quickstart
Verify an attestation receiptScanner Verify
Understand the trust model for procurementPlatform Trust
Scan my codebase for vulnerabilitiesStudio Code Security

Choose your path for persona-based routing.

Design principle

Not through policy. Through math.

Each layer exposes what it can prove cryptographically (TEE attestation, Trust Domain isolation) and what it handles through explicit contractual boundaries (ZDR models, control-plane metadata). The Glossary defines terms like Trust Domain, worktree, session, TEE, and ZDR so security reviewers and developers share the same vocabulary.

Choose Your Path

Persona-based routing for ORGN — developers (CDE/Studio), integrators (Gateway API), and compliance evaluators (trust + Scanner verification).

CDE

ORGN's native desktop IDE — local folders or confidential cloud worktrees, with Origin Agent routed through ORGN Gateway.

On this page

Layer 1 — ORGN CDELayer 2 — ORGN StudioLayer 3 — ORGN GatewayLayer 4 — ORGN ScannerCross-cutting platform servicesChoose your pathDesign principle