C
Craaft
LoginGet Started
Back to Blog
Philosophy2025-01-026 min read

Local-First Development: Why Your Code Should Never Leave Your Machine

In a world of cloud-based tools, we chose to keep everything local. Here's why privacy and security matter more than convenience.

K

Kevin M.

Founder


The Cloud Trap

It's 2025 and everything wants to be in the cloud. Your IDE syncs to the cloud. Your AI assistant proxies through the cloud. Your clipboard syncs to the cloud. Your dotfiles sync to the cloud.

At some point, we stopped asking: "Wait, why does this need my data?"

The Real Cost of Cloud

When you use a cloud-based coding tool, you're implicitly agreeing to:

  • Data exposure: Your code, prompts, and context travel through third-party servers

  • Vendor lock-in: Your history, settings, and workflows are trapped

  • Availability dependency: No internet? No coding assistant.

  • Compliance risk: Many industries have strict data residency requirements

    • What "Local-First" Actually Means

    For Craaft, local-first means:

    Your code never leaves your machine

    When you chat with Claude through Craaft, the flow is:

    Your machine → Claude API (direct)

    Not:

    Your machine → Craaft servers → Claude API

    We don't see your code. We CAN'T see your code. The architecture makes it impossible.

    Your conversations are yours

    AI conversation history? Stored locally. Session data? Local. Prompt history? Local.

    The only thing we store on our servers is your account info (email, subscription status). That's it.

    Offline-capable

    Lose internet? Craaft keeps working for what it can. Your history is still there. Your settings are still there. Obviously the AI needs internet, but the app doesn't crash.

    The Technical Implementation

    Here's how we achieve this:

    The Bridge Architecture

    Craaft has a "Bridge" component that runs on your Mac. It handles:

  • Communication with the Chrome extension

  • Spawning and managing CLI processes

  • File operations and git integration

  • Session management

    • The Bridge talks directly to AI providers using YOUR API key. We never proxy, intercept, or log these calls.

    Licence Verification

    "But you must check licences somehow!"

    Yes, once per session, the Bridge pings our API: "Is this licence valid?" We get back yes/no. That's the only server communication.

    No code. No prompts. No context. Just a licence check.

    Why Others Don't Do This

    Cloud is easier. Proxying requests means:

  • Simpler architecture

  • Usage tracking for billing

  • Data collection for model improvement

  • Easier updates and feature flags

    • We chose the harder path because we believe developer privacy matters.

    Enterprise Implications

    For companies, local-first means:

    ✅ SOC2 compliance is easier (less data in transit)
    ✅ GDPR is simpler (data stays in-region)
    ✅ Security audits are faster (smaller surface area)
    ✅ Air-gapped networks are possible
    ✅ No vendor data breach can expose your code

    The Trade-offs

    Local-first isn't without costs:

  • Initial setup: You need to install the Bridge

  • Updates: You need to update the Bridge periodically

  • Resources: Uses some local CPU/memory

    • We think these trade-offs are worth it. Your code is your most valuable asset. It deserves protection.

    Try Local-First AI Coding

    Experience the difference. Use AI coding assistance without giving up your data.

    Start free trial →

    Share this article

    Ready to try Craaft?

    14 days free. No credit card required.

    Start your free trial