Introduction
Agent Nine is an AI coding assistant that works alongside you — reading your code, making edits, running commands, and managing your project. Available as a desktop app and a web app.
How It Works
Agent Nine connects to an advanced AI model and uses a set of tools to interact with your codebase:
- You send a message — describe what you want to do
- Agent Nine reads your code — explores files, searches patterns, understands architecture
- Agent Nine makes changes — edits files, runs commands, creates new files
- You review and approve — dangerous operations require your explicit permission
Two Modes
Chat Mode (Cloud)
Best for questions, brainstorming, and tasks that don't need file access:
- Runs on our cloud servers
- No local setup needed
- Supports web browsing and search
- Available from any device
Code Mode (Machine)
Best for actual coding work:
- Runs on your machine through your desktop app process
- Full file system access to your project
- Can run bash/PowerShell commands
- Edits files with undo support
- Git-aware operations
Key Capabilities
| Capability | Description |
|---|---|
| File operations | Read, write, edit any file. Glob search by pattern. Grep search by content. |
| Code execution | Run bash commands (Linux/Mac) or PowerShell (Windows) with security validation. |
| Web access | Fetch URLs, search the web, browse pages with screenshots. |
| Plan mode | Explore and design before implementing — write tools are blocked until plan is approved. |
| Agents | Create background agents for parallel tasks. |
| Memory | Remembers important context throughout your session. |
| Integrations | 10 integrations — GitHub, Google, Slack, Notion, and more. |
| Undo | All file changes can be reverted with one command. |
Security
- In Code mode, Agent Nine reads files locally and sends relevant context to the AI API for processing. Files are not stored on our servers.
- In Chat mode, conversation text is sent to the AI API.
- Agent Nine blocks destructive commands (rm -rf, git force push, DROP TABLE, etc.) before execution.
- Credentials and API keys in files are detected and blocked from being written.
- Every tool call can require permission approval (or use YOLO mode for trusted projects).