> We don't have E2EE yet (it's on the roadmap), so some level of trust in Omnara is required today. All repo operations happen locally on your machine. For messages/chat history: we store those encrypted at rest because we need access to sync across devices, send notifications, and resume agents. Cloud sandboxing is opt-in and would require syncing codebase state.
Does your service require access to the code? Could you explain what trust specifically is required - is there anything else besides messages / chat history that you store and how long you retain those?
Sandboxing, which is an optional, opt-in feature, requires persistent access to the code via our github integration + us syncing certain refs to our backend.
However, even if you don't opt into syncing, tool calls will end up sending pieces of code from your codebase to our backend. That's just the nature of how we handle persistence of chats. Though messages/chats are retained until you delete them.
> We don't have E2EE yet (it's on the roadmap), so some level of trust in Omnara is required today. All repo operations happen locally on your machine. For messages/chat history: we store those encrypted at rest because we need access to sync across devices, send notifications, and resume agents. Cloud sandboxing is opt-in and would require syncing codebase state.