LIVE · PATCHY v2.0 AGENTS ONLINE

Ship code.
Patchy ships
the security.

A swarm of AI agents lives inside your GitHub — scanning every push, writing surgical patches, and answering questions in-thread. Zero config. Zero context switching.

INSTALL ON GITHUB play_arrow WATCH 30-SEC DEMO
verified SOC 2 aligned lock Code never trained on bolt < 12s first scan
patchy@agent-01 ~ scanning
more_horiz
$ patchy scan --repo acme/api
→ cloning acme/api@main ... ok
→ spawning 4 agents ... ok
→ running semgrep + LLM triage ...
[WARN] SQL injection · handlers/user.go:42
[WARN] Hardcoded secret · .env.example:3
[ OK ] patch drafted · PR #247
$

SECURING PRs AT TEAMS LIKE

VERCELLINEARSTRIPESUPABASERAYCASTNOTION
0
VULNS PATCHED
0
REPOS GUARDED
0
AUTO-MERGE RATE
0
MEDIAN SCAN
// CAPABILITIES

A team of agents,
not a single model.

Each agent specializes. They hand off context. You get fixes, not tickets.

radar

Scanner Agent

Static analysis + semantic reasoning on every push. Finds injection flaws, secrets, insecure deps, and logic bugs Semgrep misses.

HIGHauth.js:88SQLi
MEDapi.py:12CSRF
LOWutils.ts:5Weak RNG
build

Patcher Agent

Writes minimal, reviewable diffs. Preserves style. Adds tests when possible.

forum

Responder Agent

@mention in any issue or PR. Explains CVEs, justifies fixes, suggests alternatives.

filter_alt

Triager Agent

Ranks every finding by exploitability in *your* codebase. No noise. No 200-item dashboards. Only what actually matters this sprint.

blast_radius: HIGH
reachability: CONFIRMED
exploit_public: YES
priority_score: 9.4 / 10
// WORKFLOW

From push to patch in seconds.

01

You push

Commit to any branch. Webhook fires.

02

Agents swarm

Scanner + Triager + Patcher spin up in parallel.

03

PR appears

Ready-to-merge patch with tests and rationale.

// SEE IT

Patchy in a pull request.

lock github.com/acme/api · PR #247
OPEN
smart_toy
PATCHY · PATCHER AGENT2s ago

Detected SQL Injection in handlers/user.go:42. Fix uses parameterized query — no behavior change, no new deps.

- query := fmt.Sprintf("SELECT * FROM users WHERE id = %s", id)
+ query := "SELECT * FROM users WHERE id = ?"
+ rows, err := db.Query(query, id)
JM
@jmillerjust now

@patchy why not use a prepared statement cache here?

smart_toy
PATCHY · RESPONDER AGENTnow

Good call. `database/sql` already caches prepared statements per-connection. Adding an explicit `db.Prepare` cache buys <1ms here and adds lifecycle complexity. Want me to benchmark both?

// STACK

Plays nice with your tools.

codeGitHub
hubSemgrep
psychologyCerebras
forumSlack
assignmentLinear
shieldSnyk
// FAQ

Things devs ask first.

Does Patchy train on my code?+

No. Your code is never used for training. Scans run ephemerally and logs auto-purge in 7 days.

Which languages?+

Go, Python, TypeScript/JS, Java, Ruby, Rust, PHP, C#. More shipping weekly.

How is this different from Dependabot or Snyk?+

Those flag. Patchy flags, fixes, explains, and merges. Agents handle the full loop.

Self-hosted?+

Yes — Docker or K8s. Bring your own LLM endpoint.

Your next PR deserves
an agent on it.

Free for public repos. 2-click install. Zero config.

INSTALL FREE READ DOCS