Catch the bug your
AI agent missed.

AgentNoah is an AI-powered code audit service. Your IDE Agent (Claude Code, Cursor, Copilot) does the inference — AgentNoah brings the methodology: a 3-loop consensus pipeline (parallel security + performance scouts → reconciler → frontier reviewer) that resolves disagreements and filters weak findings. You trigger it from your IDE anytime via MCP. Optional REPLACE add-on enables push-time autonomous audits.

Most code audit tools share the same shape: a separate web dashboard, per-developer subscription pricing that bundles AI inference into the price, finds bugs but doesn't help you fix them or generate new code. AgentNoah is different in five ways: (1) Your AI subscription, our methodology — your IDE's existing LLM (Claude Code, Cursor, VS Code Copilot) does the inference via MCP. We don't markup AI tokens. $39 flat per codebase instead of per-developer-per-month. (2) Cross-audit memory — dismiss a false positive once, gone forever across all future audits. Fixed a bug? If it comes back, it's flagged as a regression automatically. Most tools restart from scratch each scan. (3) IDE-native via MCP — audit and fix happen inside your IDE conversation. No separate dashboard, no context-switching. (4) BUILD methodology (live today — 16-step pipeline) — disciplined steps that bake audit invariants INTO code generation. Most tools audit AFTER you write code; AgentNoah's BUILD integrates audit + tests + review at every step. (5) 8-layer audit in one tool — code security, deploy health, API testing, cloud infrastructure, frontend accessibility, dependency CVEs, secrets detection, container scanning — bundled, not separate products.

The AI models can audit code in any language. We provide dedicated deep analysis (AST or regex-based enrichment) for Python/Django, JavaScript/TypeScript, React/Next.js, and Dart/Flutter. Other languages like Go, Ruby, Java, and Rust get basic structural analysis (function count, TODOs, secrets, file size).

GCP (Cloud Run, Cloud SQL, GCS, Secret Manager — 14 checks) and AWS (ECS, Lambda, RDS, S3, SSL — 11 checks). More cloud providers coming soon.

Your IDE LLM runs three independent passes via MCP: (1) parallel security scout + performance scout audit your code in a blind review, (2) reconciler resolves disagreements, verifies line numbers, and filters false positives, (3) frontier reviewer makes the final call. AgentNoah's MCP server coordinates the loops + persists findings; your LLM does the inference. For quick feedback on a small change, use the single-loop `audit` MCP tool.

When you dismiss a finding as a false positive, AgentNoah remembers permanently. It won't report the same issue again — even if the AI rephrases it. And if you mark something as 'fixed' but it reappears later, it flags it as a regression.

Single-loop audits (changed files only) typically complete in under 2 minutes. Full 3-loop audits take 4-7 minutes depending on codebase size. Wall time depends on your IDE LLM since your AI subscription does the inference. Results stream back into your IDE chat. PR-comment delivery is live today via the REPLACE add-on.

Each audit run counts as one audit toward your monthly limit — whether it's a manual audit (you trigger from your IDE chat), a PR review (single-loop, changed files only), or a REPLACE auto-audit (when REPLACE add-on is toggled on for a repo and a push hits main). A full 3-loop audit and a quick single-loop PR audit both count as one.

Not currently. AgentNoah runs via MCP from your IDE — audits trigger when you ask your IDE agent to run one. Scheduling may return as an MCP nudge ('time for your weekly audit, run it now') in a future release. With the REPLACE add-on, you get auto-audits on every push to main automatically.

$39/month for Pro — single tier. Includes FIND (3-loop audit methodology that runs in your IDE LLM via MCP — live today), FIX (auto-fix PR via your IDE LLM — live today), BUILD (16-step BUILD methodology — live today; cross-audit memory + TDD discipline + audit-aware code generation), MCP integration across 5 IDEs, and 2,000 audits per month across up to 20 repos. 14-day free trial, no credit card. Founding customers lock in $29/mo Pro forever (limited-time pricing — saves $120/yr indefinitely). REPLACE (optional autonomous fix mode for when your IDE is closed) is $3 per fix delivered — billed monthly as one consolidated charge — with 1 free fix per repo and a 300/month hard cap so you never get a surprise bill.

BYOL = Bring Your Own LLM. ALL of AgentNoah's customer-facing LLM work — the BUILD methodology, the 3-loop audit consensus, fix generation, explain — runs INSIDE your IDE using Claude Code, Cursor, or VS Code's built-in AI. You pay your IDE provider (Anthropic, Cursor, GitHub Copilot) for those tokens directly via your existing subscription. AgentNoah's job is the methodology + cross-audit memory + 8-layer static analysis + state persistence around your IDE LLM, not running our own. The only server-side AI usage is Gemini Embedding API (~$0.0075/audit, used for similarity search) and the optional REPLACE add-on (live today; server-side Sonnet 4.6 for autonomous push-time fixes when your IDE is closed). Net result: $39/mo subscription stays $39 — we don't markup your LLM-token inference.

REPLACE is autonomous fix mode for the times your IDE isn't open. Live today — toggle is available per-repo in Settings. AgentNoah audits every push to main and auto-merges fixes that pass trust gates: P0 critical security always alerts a human (never auto-fixed); P3 cleanup fixes auto-merge after ≥1 prior clean merge; P2 unlocks at 5 merges + 7 days; P1 at 20 merges + 30 days + ≥80% merge-success rate. Because the IDE is closed at push time, fix generation runs server-side on Claude Sonnet 4.6 — that's why it's $3 per fix delivered. Billing is monthly: every fix delivered in a calendar month is tallied and you receive ONE consolidated Paddle charge in early next month (one card transaction, one email, one line item — not 50 micro-charges). First fix per repo is free (one-time lifetime trial), hard cap 300/month/account, email warning at 250. Paid customers can flip the toggle on or off anytime from Settings.

Sign up for a Pro trial → go to Settings → 'Connect your IDE' card has copy-pasteable JSON config snippets for 5 IDEs: Claude Code, Claude Desktop (uses the Integrations panel), Cursor, VS Code Copilot, and an 'Other (stdio bridge)' fallback for any MCP-capable client. The primary path is pure HTTP — no install, no Python, no npx. Paste 5 lines, restart your IDE, ask 'what tools do I have from agentnoah?', and you'll see 30 tools (5 audit + 7 build + 18 audit/fix/review/build state machine + discovery + red team). Your API key is the auth — rotate it any time from Settings if you accidentally leak it.

Yes — AgentNoah is LIVE. Free 14-day trial is open (sign in with GitHub, no credit card). Paid Pro checkout is LIVE at $29/mo founding pricing for the first 20 customers (Paddle-enforced cap at the payment-processor layer — the 21st checkout literally won't go through, cohort limit is not just a marketing promise). After the founding-20 fills, standard $39/mo tier opens. No price hikes, no feature takeaways. Start the free trial or upgrade directly to lock founding pricing.

No CI changes needed. The default workflow is: install MCP in your IDE → ask your LLM to 'audit my changes' anytime. With the optional REPLACE add-on (live today), AgentNoah listens to GitHub webhooks and audits + auto-fixes every push to main automatically.

Your raw source code is processed in memory only — never persisted to our database. We retain: audit findings (titles, severity, file paths, line numbers), short code snippets quoted in findings for context (typically 5-20 lines per finding, the part the reviewer references), and derived data (workspace memory, coding-style fingerprint, business context, recommendation embeddings). The Gemini Embedding API processes finding text to generate vectors stored in pgvector for similarity search. Your IDE LLM reads full files locally on your machine via MCP — those reads never touch our servers. Server-side audits (legacy path) fetch source via GitHub API into memory for the duration of the audit only. REPLACE (the optional autonomous fix add-on) also runs server-side because the IDE is closed at push time — same in-memory + finding-only retention policy applies.

Yes. AgentNoah accesses your code via the GitHub API using OAuth authentication you authorize. Private repos are fully supported — your code stays private.

Select any finding and AgentNoah's `explain` MCP tool walks your IDE LLM through a real-world analogy — like explaining a timing attack using a combination lock metaphor. It helps you understand the WHY, not just the fix, so you avoid the same class of bug in the future. Available on all plans — click 'Explain in your IDE' on any finding in the dashboard (opens a Send-to-IDE prompt), or invoke the `explain` tool directly from your IDE chat. Your IDE LLM does the inference, $0 to AgentNoah.

Yes — every Pro signup gets a 14-day free trial. Run real audits against your own code, install MCP in your IDE, kick off a BUILD task — all before any charge. No credit card required.