End-to-end walkthroughs
Quick prompts get you started. These two walkthroughs show what a typical AUDIT and BUILD session actually feels like from start to finish.
Run your first audit (FIND + FIX)
Goal: Audit your repo, find the highest-severity bug, fix it, merge the fix.
Sign in
(90 sec)- Open
agentnoah.dev - Click Start free trial
- Click Sign in with GitHub
- GitHub asks you to authorize the AgentNoah app (read repos + open PRs). Click Authorize.
- You land on the dashboard.
Connect your first repo
(60 sec)- Click Settings in the dashboard sidebar
- Under Connected Repositories, click Connect a new repo
- Select your repo from the GitHub list. Click Connect.
- AgentNoah auto-registers a webhook on the repo so it can audit future PRs.
Install MCP in your IDE
(3 min)- In Settings, scroll to Connect your IDE
- Click the tab for your IDE (Claude Code / Cursor / VS Code / etc.)
- Click Copy on the config snippet
- Open your IDE's MCP config file (path shown above the snippet)
- Paste, save, restart your IDE
Full snippets are on the Install page.
Run the audit
(4-7 min)- In your IDE's chat, type:
Run an AgentNoah full audit on owner/repo - Your IDE's AI calls the
audittool - You'll see progress: "Loop 1 scout (security) starting..." → "Loop 2 reconciler..." → "Loop 3 frontier review..." → "Audit complete: 12 findings"
Review findings on the dashboard
(3 min)- Open
agentnoah.dev/dashboard/findings - You'll see a list sorted by severity: 1 P0 · 3 P1 · 5 P2 · 3 P3
- Click the P0 finding to see:
- File + line:
src/auth.py:42 - Title: SQL Injection in login query
- Description: plain-English explanation
- Suggested fix: parameterized query example
- File + line:
Fix the bug in your IDE
(2 min)- On the finding detail page, click Fix in your IDE
- A modal opens with a pre-built prompt that references the audit ID + file + line + suggested fix
- Copy the prompt and paste it into your IDE's AI (Claude Code, Cursor, or VS Code Copilot)
- Your IDE's AI uses AgentNoah's MCP tools (BYOL — $0 to AgentNoah) to read the finding, write the fix, and open a PR on your GitHub repo
- The PR is titled
fix: SQL Injection in src/auth.py [AgentNoah BUILD]with the audit ID + a short explanation in the body
Review + merge
(90 sec)- Open the PR on GitHub
- The diff shows the old code → parameterized query
- A label
agentnoah: cleanappears (because AgentNoah's auto-PR-review found no new issues in the fix) - Click Merge pull request
- AgentNoah marks the finding as
mergedautomatically - (REPLACE add-on only) — if you have REPLACE enabled, your trust counter increments toward higher auto-merge ceilings (P3 → P2 → P1)
Build a new feature end-to-end (BUILD)
Goal: Add a /farewellAPI endpoint to an existing Python repo. Watch the 16-step methodology execute end-to-end (DEBUG fires only on test failures — you'll see it skipped in this clean run).
Pre-flight: You've already done Walkthrough A (signed in + connected repo + IDE installed).
Describe what you want
(15 sec)In your IDE's chat:
/farewell POST endpoint to my Flask app. It takes a JSON body with {"name": "Ed"} and returns {"message": "Goodbye, Ed!"}. Match the style of the existing /hello endpoint.Your IDE's AI calls the start_byol_build tool with the spec.
BRAINSTORM phase
(30 sec)AgentNoah asks clarifying questions:
- Should
/farewellrequire authentication like/hellodoes? - What should happen if the JSON body is missing
name? (400 error vs default "World") - Should the response status code be 200 or 201?
RECALL phase (automatic, silent)
(10 sec)AgentNoah retrieves:
- Your workspace memory (knows you're a Flask app, Python 3.13, uses Flask-RESTful)
- 5 similar past features from the pgvector memory (the
/helloendpoint structure) - Known-fixed bugs (you previously had a P1 input-validation issue — AgentNoah will make sure /farewell doesn't repeat it)
You don't see this happen — it's prompt context fed silently to your IDE's AI.
PLAN phase
(15 sec)- Add
FarewellResourceclass tosrc/routes/farewell.py(new file) - Register route in
src/app.py - Add unit tests in
tests/test_farewell.py
Confirm? (y/n)
WORKTREE phase
(5 sec)AgentNoah picks a branch name: agentnoah/build/farewell-endpoint-a3f7c9 (6-hex random suffix via secrets.token_hex(3) — avoids collision on retries).
TDD-RED phase
(20 sec)Tests get written FIRST and committed. CI runs and FAILS(expected — implementation doesn't exist yet).
GENERATE phase
(40 sec)Implementation code gets written. The FarewellResource class is created. Route is registered.
TDD-GREEN phase
(30 sec)Code gets committed to the same branch. CI re-runs. This time it PASSES.
SELF-AUDIT phase
(45 sec)The new code gets audited by your IDE's AI for security/performance/quality issues. Output: "Zero findings — clean."
If findings WERE found, the FIX phase would auto-correct them in-place before opening the PR.
REVIEW phase
(45 sec)A second-pass review focused on edge cases: "What if name is 200 chars? What if it contains HTML? What if it's null?" The AI confirms the input validation handles all 3.
TDD-REFACTOR phase
(15 sec)Final cleanup pass — variable naming, function decomposition. Output: "No changes needed — code is already clean."
BRANCH-FINISH phase
(10 sec)Your IDE's AI drafts a PR title + body in your codebase's voice (it knows you're casual + use bullet points from workspace memory).
PR phase
(5 sec)AgentNoah opens the PR on your GitHub:
- Title:
feat: add /farewell endpoint with input validation [AgentNoah BUILD] - Body:250 chars of description + audit trail + "Generated with AgentNoah BUILD using your IDE LLM"
- 3 commits visible: tests (TDD-RED), implementation (GENERATE), route registration
- Labels:
agentnoah: clean
LEARN phase (automatic)
(5 sec)The feature spec gets embedded into the pgvector memory. Next time someone says "build an endpoint like /farewell," AgentNoah pulls this as similar-feature context.
You review + merge
(60 sec)- Open the PR on GitHub
- Diff shows:
+farewell.py (12 lines) +test_farewell.py (28 lines) +app.py (1 line) - All checks green
- Click Merge pull request
Total time:4-6 minutes from "build me a /farewell endpoint" to merged PR. Your only inputs: the spec + 3 brainstorm answers + click merge.
Total LLM cost to AgentNoah: $0 (all done via your IDE's AI subscription).
The same workflow scales: smaller feature (add a /ping endpoint): 30 seconds end-to-end. Larger feature (add stripe payment integration with webhook handler): 8-12 minutes, may surface 1-2 brainstorm rounds + 1 self-audit fix iteration.
Pro tip — Talk to AgentNoah naturally
You don't need to memorize tool names. Phrases like these all work:
- Audit this repo
- What bugs has AgentNoah found?
- Build a contact form endpoint
- Fix all P0 findings
- What's the health score?
- Why is this code flagged as P1?
- Open a PR with bcrypt instead of MD5
Your IDE's AI is smart enough to figure out which AgentNoah tool to call. The tools have descriptive names + clear schemas, so the AI rarely picks wrong.
Common questions
"Do I need to know how to code to use AgentNoah?"
Yes — AgentNoah is a tool for developers. If you don't write code yourself, you'd hire a developer who could use AgentNoah on your project.
"What if I don't have Cursor or Claude Code?"
We support 5 IDEs at launch: Claude Code, Claude Desktop, Cursor, VS Code with GitHub Copilot, and an "Other-via-stdio-bridge" option for any IDE that supports MCP. If you have any of those, you're set.
"Does AgentNoah store my code?"
For FIND, FIX, and BUILD: no. AgentNoah orchestrates your IDE's AI to read your code — code stays in your IDE's connection to your AI provider. We only store findings (bug descriptions, severity, file:line locations) so we can show them on the dashboard and remember them between audits. The optional REPLACE add-on is the exception — when enabled, our server reads the diff to generate the fix. See /privacy for full details.
"What if AgentNoah misses a bug?"
It will sometimes. No tool catches everything. But the 3-loop method (security scout + performance scout + reconciler + frontier reviewer) gives much better coverage than asking a single AI to find bugs once. REPLACE's trust compounding unlocks higher-severity auto-merge as your merge history grows (P3 first, then P2 + P1). The separate cross-audit memory feature is what learns your codebase-specific patterns over time.
"What if I want my money back?"
Pro and Founding-20 are month-to-month. Cancel anytime; you keep access until the end of the current billing period. No refunds on partial months, but no long-term lock-in either.
"Is this an AI replacing my job?"
No. AgentNoah is a tool that makes you faster + safer at the job you already do. It's the equivalent of having a senior engineer on speed dial — you still write the code, you still make the decisions, you still review every change. AgentNoah just gives you better information to make those decisions with.
Ready to try AgentNoah?
Free trial is open today — sign in with GitHub, no credit card. Or upgrade directly to lock $29/mo founding pricing forever (first 20 customers, Paddle-enforced cap — checkout LIVE now; standard $39/mo opens after founding-20 fills).
Reserve your founding slot →