AI Agent

Automation you opt into. Not magic you're stuck with.

A lightweight daemon on your machine passes feedback context to your coding assistant, which proposes a fix on its own branch. Your pre-commit hooks, your linting rules, your test suite all still run. Note8 never sees your code.

The Feedback-to-Fix Pipeline

From screenshot to PR in minutes

1

Feedback Arrives

Stakeholder reports a bug via screenshot + annotation or voice note. Agent daemon polls for new feedback.

2

Agent Spawns

Daemon creates an isolated worktree, spawns your coding assistant (Claude/Codex/Gemini) with feedback context.

3

Fix Generated

Agent reads the code, creates a fix on its own branch, runs your pre-commit hooks and tests.

4

PR Created

Agent pushes the branch, creates a PR, merges into review branch for live preview. You approve or reject.

Core Features

Built for developer control

Git-Safe Branching

Every fix lives on its own branch. Nothing touches main until you approve. Full audit trail.

Review Sites

Preview AI-generated fixes on a live URL before merging. Stakeholders verify the fix in real-time.

Uses Your Tools

Runs Claude Code, Codex, or Gemini with your API keys. Your pre-commit hooks, linting rules, and test suite all still run.

Local Execution

Agent daemon runs on your machine. Note8 never sees your code. You control the budget caps and daily limits.

Workflow Strategies

Four strategies that balance isolation, visibility, and control

Default
review-branch

Review all fixes together before merging

Each fix gets its own branch and worktree. All fixes merge into a shared review branch for preview on a live review site.

  • Per-fix worktree in /tmp
  • Review worktree with dev server
  • Live preview on *.preview.note8.dev
  • Approve/reject each fix individually
  • Safe for maxConcurrent > 1
Default workflow for teams
collaborative

Pair programming mode — see changes in real-time

Agent works directly in your repository on your current branch. You see changes appear in your editor as the agent works.

  • No worktrees or branches
  • Edits files on your current branch
  • Proxies your running dev server
  • Changes appear in your editor instantly
  • Forced to maxConcurrent = 1
High-trust, rapid iteration
isolated

Full control — cherry-pick fixes at will

Same isolation as review-branch, but no review site. Each fix stays on its own branch and you merge manually.

  • Per-fix worktree in /tmp
  • No review site or dev server
  • Creates PR for each fix
  • Manual merge control
  • Safe for maxConcurrent > 1
Maximum control over merges
direct

Quick fixes, high trust

Agent commits directly to the current branch with no isolation. No worktrees, no branches, no PRs.

  • Works in project directory
  • Commits to current branch
  • No PRs or branches
  • Immediate changes
  • Forced to maxConcurrent = 1
Prototyping, solo projects

Security

7-layer prompt injection defense

When auto-queue is enabled, feedback flows directly into AI agent prompts. A malicious actor could craft feedback containing prompt injection payloads. Note8 uses defense-in-depth to prevent hijacking.

1

Input Validation

Zod schemas bound all loose fields at the API boundary. Comment: 3,000 chars. Metadata: 20 keys, 10KB. Attributes: 30 entries, 5KB.

2

Heuristic Injection Detection

Fast regex-based pre-filter checks for instruction override, role reassignment, system tags, command execution, exfiltration, secret access, base64 payloads.

3

AI Content Scanner

Claude Haiku classifies feedback as genuine or injected. User content XML-escaped and wrapped in boundary tags. Fail-closed on errors.

4

Sanitization Functions

Strips invisible chars, zero-width spaces, RTL/LTR overrides, ASCII control chars. Escapes XML entities. Truncates at word boundaries.

5

Prompt Construction Hardening

Security preamble with highest-priority rules. All user fields wrapped in <user_content> tags. Closing boundary before system instructions.

6

Output Validation

Analyzes git diff before pushing. Blocks changes to .env, credentials, CI/CD workflows. Warns on eval(), exec(), network requests in new code.

7

PR Body Sanitization

sanitizeForMarkdown() applied to all PR content. User comment wrapped in <details> block. URL protocol validated.

Defense-in-depth architecture

Each layer independently prevents injection. If one layer fails, the next catches it. Feedback never reaches the agent without passing all 7 layers.

Configuration

Simple JSON config, per-project overrides

~/.note8/config.json
{
  "version": 2,
  "pat": "your-personal-access-token",
  "agent": {
    "workflowStrategy": "review-branch",
    "branchTemplate": "note8/fb-{shortId}",
    "autoCommit": true,
    "autoPush": false,
    "autoCreatePr": true,
    "maxConcurrent": 1,
    "dailyCap": 50,
    "toolPreference": ["claude", "codex", "gemini"]
  }
}

Global defaults

Set once in ~/.note8/config.json, applies to all projects

Per-project overrides

Override strategy, concurrency, or daily cap for specific projects

Feedback flows in. Fixes are ready by morning.

No tickets to create, no status columns to manage, no sprint ceremonies. A local agent uses your coding assistant and proposes fixes while you stay focused.

Join WaitlistRead Agent Docs