Procurement & risk review

Trust & security overview

BenchCode is designed for self-hosted operation: your teams run the application, database, and inference services inside infrastructure you control. This page summarizes typical deployment boundaries, data flows, retention expectations, backup posture, and optional third-party touchpoints—aligned with our operations runbooks.

Not legal advice. Details depend on your configuration, contracts, and jurisdictions. Use this as a starting brief for security and procurement questionnaires.

Request a questionnaire walkthrough HA & backups runbook (markdown)
Architecture Data flows Retention Backups Subprocessors

Reference architecture

A common split is Laravel (web app, auth, governance, streaming orchestration), your database, and a Python inference service reachable at PYTHON_SERVICE_URL. Git repositories remain authoritative in GitHub (or your Git host); BenchCode coordinates OAuth, branches, and PR workflows over HTTPS when you enable those features.

Logical deployment (self-hosted)
BenchCode reference architecture Browser users connect to Laravel; Laravel uses a database and calls a Python inference service. Optional connections go to GitHub and external model APIs. YOUR NETWORK / VPC Browsers HTTPS Laravel (BenchCode) Auth · governance · streaming /up · admin · audits Database Metadata · chats · settings Python inference Generation & streaming API GET …/health GitHub OAuth · repos · PRs optional LLM endpoints Cloud / local APIs if configured
Monitor Laravel /up, database health and disk, Python /health, and—when used—GitHub availability. See the runbook for degraded-mode controls.

Data flows (typical)

  1. 1

    Interactive sessions

    End users send prompts and attachments from the browser to your Laravel origin. Prompts and streamed completions traverse your Laravel layer and inference stack; content is not routed through a BenchCode-operated SaaS control plane.

  2. 2

    Repository context

    When GitHub integration is enabled, OAuth tokens and repository metadata are stored and used according to your deployment—operators scope which organizations and repos appear in pickers. Raw Git objects remain in GitHub unless you mirror elsewhere outside BenchCode.

  3. 3

    Optional external models

    If administrators configure non-local model endpoints, prompts and completions may leave your network to those providers—subject to your firewall routes and data-processing agreements. Local inference (for example Ollama-compatible endpoints on your LAN) keeps tokens entirely inside your footprint.

  4. 4

    Identity (optional)

    OIDC sign-in and SCIM directory sync exchange identity attributes with your IdP over HTTPS. Configure tokens and endpoints per your security standards.

Retention & lifecycle

Application data (accounts, chats, governance settings, audits, and related tables) lives in your database. Retention policies—backup schedules, row purge, environment teardown—are yours to define and automate.

Source code remains in Git. BenchCode does not replace Git hosting; it orchestrates reads and writes you authorize (branches, commits, PRs) via GitHub’s APIs when connected.

Artifacts such as encrypted metadata backups are files your operators generate (for example under storage/app/metadata/ by default). Treat them like other confidential backups: vault keys, access controls, and destruction timelines follow your records-management policy.

Backups & recovery posture

BenchCode ships encrypted governance metadata exports—teams, budgets, routing rules, settings, audits, chats, and optionally messages—not a replacement for Git or database volume backups. Operators set BENCHCODE_BACKUP_KEY and run Artisan commands such as benchcode:backup-metadata. Restore targets staging or disposable databases only; production restores require your change process.

  • Pair backups with standard DB snapshots and infrastructure DR for the Laravel app and inference tier.
  • Scheduled upstream health probes and optional degraded mode reduce blast radius when inference endpoints fail—see the HA runbook.
  • Exercise restores quarterly in a non-production environment.

Detailed operator steps: high-availability-and-backups.md · Repository reference: docs/runbooks/high-availability-and-backups.md

Subprocessors & optional integrations

For a self-hosted BenchCode deployment, Advantage AI Engineering does not operate a multi-tenant SaaS application that processes your prompts on our servers. Your organization selects which external services—if any—receive traffic from your deployment.

Integration Typical purpose Who operates it
BenchCode application Web UI, APIs, governance You (your infra)
Database Persistence You
Inference service Model inference You (same VPC / cluster)
GitHub OAuth, repos, PR workflows GitHub, Inc. — if you enable integration
Identity provider OIDC / SCIM Your IdP vendor — if configured
External LLM APIs Cloud model endpoints Provider(s) you approve — if configured
Email (SMTP) Transactional mail Your SMTP relay or provider — if configured

Map this table to your vendor questionnaire: unchecked integrations imply no data path to that party from BenchCode.

Need a deeper dive?

We can align this overview with your architecture review, DPIA, or vendor checklist.

Email inquiries