Origin CDE - Desktop App

Origin CDE is available as a native desktop application for macOS. It is the same platform as the browser-based CDE, the same projects, tasks, agents, worktrees, and confidential compute infrastructure, packaged as a native editor that runs directly on your machine.

The desktop app is currently in Alpha and available for Apple Silicon Macs (M1 and later). A Windows build is in progress.

Downloading the App

When you are logged into the browser-based CDE, a prompt will appear inviting you to download the desktop app. Click Download for macOS to get the .zip file.

Once downloaded:

1. Unzip the file
2. Move Origin CDE to your Applications folder
3. Open the app

On first launch, macOS may ask you to confirm opening an app downloaded from the internet. Click Open to proceed.

Getting Started: Connect GitHub and Import a Project

On first launch you will land on the Welcome screen. Before you can open a workspace or run an agent, you need to connect your GitHub account and import a repository into Origin.

Step 1: Connect GitHub

Open Settings inside the app and connect your GitHub account. This gives Origin permission to read your repositories so you can import them as projects.

Step 2: Import a repository

Once GitHub is connected, use Clone Git Repository from the welcome screen to select and import a repository. Origin will create a project-scoped clone, your original repository is never modified unless you explicitly push or open a pull request.

Alternatively, use Generate New Workspace to provision a workspace from an existing Origin project if one has already been set up from the web app.

After importing, your project appears in the Origin Studio panel on the left and is ready to work with.

The Interface

The layout has three areas that stay consistent across all workspaces:

Left Panel: Origin Studio

The left panel is labeled ORIGIN STUDIO: PROJECTS. It shows:

• Projects: your project list as cards, each showing the project name and task count. Click a project card to make it active.
• All Tasks: below the project cards, a full task list for the active project with inline priority badges (Urgent, High, Medium, Low), status indicators, and assignee filters. Use + CREATE TASK to add tasks without leaving the editor.
• Task detail: clicking a task expands it inline in the panel, showing a Worktrees tab (any worktrees running for that task) and a Details tab. From the Worktrees tab you can create a new worktree for the task directly.

This is the same task and worktree system available in the web app under Project → Tasks.

Main Area: Editor and Welcome Screen

When no workspace is open, the main area shows the Welcome screen with quick-access actions:

• New File / Open: standard file operations
• Clone Git Repository: import a new repo as a project
• Connect to...: connect to an existing remote workspace by URL or workspace ID
• Generate New Workspace: provision a new sandbox for the active project

The Recent section shows repositories and paths you have worked in before so you can reopen them in one click.

The Worktrees section lists every worktree across your projects, each entry shows the project name, task title, priority, and assignee. Clicking the external link icon on a worktree entry opens it directly in the editor.

Once a workspace is open, the main area becomes a full code editor.

Right Panel: Chat

The right panel is the agent chat interface. Enter a prompt and the agent executes inside the connected confidential sandbox. You can also use the chat to generate, edit, and refactor code with the Edit in context mode that appears when a workspace is active.

Provisioning a Workspace

When you open or create a worktree, the app provisions a fresh TDX-encrypted sandbox before the editor becomes available. The left panel displays the provisioning progress under the heading BRINGING UP YOUR SECURE SANDBOX:

The steps are:

1. Creating TDX-encrypted sandbox: hardware-isolated compute is being provisioned on Origin's confidential infrastructure
2. Booting isolated workspace: the sandbox environment starts up and the repository is cloned
3. Establishing secure tunnel: the desktop app connects securely to the running sandbox
4. Editor ready: the editor opens and the agent becomes available

This is the same sandbox lifecycle described in Sandboxes. The "local" aspect of the desktop app is the editor UI itself, the sandbox, agent runtime, and all code execution remain on Origin's TDX-backed confidential compute infrastructure.

TDX Sandbox Attestation

One capability the desktop app exposes directly is fetching the TDX Sandbox Attestation record for the current workspace, without needing to visit the OLLM console.

The attestation record confirms that the sandbox your code is running in is a genuine TDX-protected enclave. It includes:

The Measurements section below the summary contains the hardware register values (MRTD, RTMR0–RTMR3) that uniquely identify the enclave configuration. These values can be compared against known-good reference measurements to independently verify the integrity of the execution environment.

The Raw Response section contains the full JSON attestation payload if you need to pass it to an external verification tool or compliance workflow.

Switching Between Desktop and Browser

The desktop app and the browser-based CDE share the same backend. Any workspace open in the desktop app is accessible from the browser at the same time, and vice versa. You can start a task in the browser and continue it in the desktop app, the sandbox, file state, and agent context are preserved.

Closing the desktop app does not stop a running workspace. Workspaces continue until you explicitly archive them from the Sandboxes settings page.

Platform Availability