Local execution
Air-gapped by design
Combining happens on-device, which removes the default risk of uploading proprietary code to a third-party service.
Security
A trust model built around local execution and reviewable exports
The original Stitch messaging puts privacy at the center. This page makes that positioning explicit so the product reads as something teams can adopt without compromising IP boundaries.
Trust pillars
Why the privacy posture matters
Security here is framed as workflow design: where files are processed, how outputs are reviewed, and what assumptions the product avoids.
Review controls
Secrets stay visible
Preflight metrics and exclusion rules make it easier to inspect what leaves your repo before anything becomes prompt input.
Operational trust
No hidden telemetry
The product messaging is intentionally privacy-first so engineering teams can adopt it without changing internal data policies.
Operational checklist
What this workflow optimizes for
- No cloud processing path in the default workflow
- Local-only file handling and export generation
- Reviewable metrics before every combine action
- Built for teams that care about IP boundaries
Local first
Code in, export out, nothing in between
Instead of treating privacy as an enterprise upsell, the product story treats it as the default path. That stance is one of the clearest differentiators in the Stitch concept.
Ready for better context
Private context should be the default
Explore how the aggregation pipeline works, or compare CombineCodes against the copy-paste workflows most teams still use today.