For your engineering team
Codebase security
Dessn takes the security of your code very seriously. We require read-only access to your codebase because we genuinely believe that this is the best way to solve the problem.
How we handle your codebase
Scoped access
When you connect a repository, Dessn's control plane requests only the scoped access you approve (usually read-only). That token is stored securely and can be revoked by you at any time.
Isolated microVMs
For each project or session, Dessn launches an isolated microVM. This VM receives a short-lived credential and performs the entire workflow inside that sandbox: cloning your repo, installing dependencies, running setup, and compiling.
Zero data retention
When the agent needs reasoning help, the VM sends only the minimal code snippets or context required to the Amazon Bedrock API, which is configured for zero data retention. No full repo is ever transmitted.
Metadata only
As the VM works, it sends back derived metadata only (like component structures and prototype definitions) to the Dessn control plane. Your raw code never leaves the VM.
This setup ensures your repository remains isolated, access is scoped and controlled, and no persistent copy of your code exists anywhere outside the ephemeral VM.
FAQs for devs
We request read-only access to your repository. We never write, modify, or push code back to your repo.
No. To compile your codebase, we run it in a sandbox VM (similar to GitHub Actions).
Yes. When installing the GitHub App, you can grant access to only the specific repos you want Dessn to pull from.
We identify design system components like buttons and others. These can run without backend dependencies which lets us create prototypes directly with them. For more complex components, we mock the data (similar to unit tests). As you can imagine, setting up a full codebase with all dependencies can be tough. This approach lets us run localhost with no dependencies.
We solve what we call 'the localhost problem'. Most non-technical teammates can't (and shouldn't) manage IDE setup, DB access, env vars, and dev servers. With Dessn, they'll get access to the same source of truth as you, without the pains.
No. Everything is read-only and executed in a branched VM. There is zero risk of anything going back into the codebase.
Under the growth plan, Dessn won't train on your data. We use LLM providers that guarantee no training and zero-day retention.
No. Our compiler is not running constantly to keep Dessn and prod in sync. We use a snapshot of prod when you install us to build the Dessn experience. After that we re-compile on a monthly basis to keep it up to date - we can run this more frequently, you just have to ask. Compiling is a very compute-intensive process so it helps keeps costs lower for now.
We are fully SOC 2 Type II compliant. Access our report here.
Ready to give your team superpowers?
Let your designers and PMs work in production, safely.