Pair Warden with TheAuditor
Provider freedom and serious token economics from Warden. Verified-fact code intelligence from TheAuditor. Why the pairing isn't a coincidence.
Most AI coding agents lock you into two things: a single LLM provider, and a single guessed view of your codebase. Warden gives you provider freedom. TheAuditor gives your agent facts instead of guesses. Pairing them is the rare case where two pre-launch tools were designed, independently, with each other in mind.
What Warden buys you
Warden is a lean, multi-provider, terminal-native LLM coding agent. It is a single-binary CLI, MIT licensed, and it does what every other agent does: builtin tools, a full MCP client and server, session persistence, hooks, permission modes, and a memory walker. Two engineering choices set it apart.
1. Provider freedom
Anthropic, OpenAI, and Gemini are wired today, with more scaffolded behind explicit guards so you can never reach for a half-finished adapter by accident. The same CLI talks to whichever provider is not currently rate-limiting you, mid-task, without you rewriting anything.
2. Serious token economics
This is where Warden’s discipline shows. Prompt caching runs end to end, so stable context is not re-billed every turn. Auto-compaction keeps a long session inside its window without summarizing away the parts that matter. Cost governance is hard, not decorative: exact per-model accounting, a configurable per-session spending cap, and warnings as you approach it, with the running bill shown after every turn. The cost ledger survives a resume, so continuing yesterday’s work does not bill you twice.
Most agents say “we use prompt caching.” Warden shows you the bill.
What TheAuditor buys you
This site is TheAuditor’s. We do the opposite job: we stop the agent from guessing.
Every LLM coding agent has the same failure mode. It reads a couple thousand lines, infers a call graph from indentation and comments, hallucinates a few of the relationships, and writes a “fix” that quietly breaks two other files. TheAuditor replaces that read-and-guess loop with a query. Symbols, callers, callees, data flows, framework boundaries, and security findings are pre-computed, indexed, and returned in well under a millisecond.
The honest pitch: a small token change per call, a large drop in hallucinations. Asking TheAuditor about a file can cost more tokens than reading the file once. What dominates the math is everything you stop paying for: the re-reads, the mis-edits, the “let me just check this neighbouring file too” detours, and the refactors that don’t match how the codebase actually calls into the symbol you are touching.
Two ways to measure the savings
Per call, directly measurable. Across the response types we instrument, the agent receives facts instead of a source dump it has to re-parse, and the payloads come back 35 to 55% smaller than an unoptimized baseline.
Across a debugging session. Eliminated re-reads, prompt-cache hits on stable structural queries, narrower contexts that compact cleaner, and fewer tool-call rounds before the agent reaches the answer all stack on top of the per-call savings. On common investigation flows we model the realistic aggregate at an 85 to 95% token reduction.
Aggregate savings depend on the workflow, the agent’s configuration, prompt-caching support, codebase size, query patterns, and how disciplined the agent is about querying before reading. Treat the upper bound as a model output, not a guarantee. Your mileage will vary, and the direction is what matters.
Coverage
Validated on the OWASP Benchmark and OWASP Juice Shop corpora: 100% true positive rate at a 0% false positive rate on OWASP Java (11 of 11), OWASP Python, and Juice Shop (31 of 31) in our internal runs. Benchmark numbers, not workflow guarantees: your codebase is not the benchmark and we will not pretend it is. We don’t ship risk scores or subjective ratings. We ship facts.
Twelve languages carry the same indexing, taint, call-graph, and rules coverage: Python, TypeScript and JavaScript, Java, Go, Rust, PHP, Bash, Vue, Svelte and SvelteKit, GitHub Actions, Terraform, and AWS CDK.
Why the pairing isn’t a coincidence
Warden was built MCP-first, and TheAuditor exposes its facts over a standard MCP server, so the integration surface is small because the architecture is right on both sides. Both projects were built knowing the other existed.
warden install --with-code-intelpoints Warden at TheAuditor’s MCP server and adds a session hook that refreshes the index in the background, so the model gets current facts on every connect.- Slash commands carry over. TheAuditor’s
/theauditor:planning,/theauditor:security, and/theauditor:impactshow up in Warden with no code changes on either side. - An optional context gate. A pre-edit hook can block
EditandWriteuntil the model has actually asked TheAuditor about the file it is about to change. Warden enforces the policy; you write it.
Set it up in three commands
pip install warden theauditor # both are pip-installable, Python 3.14+
cd your-project
aud full --offline # index: 30s for small projects, 10 min for 100K+ LOC
warden install --with-code-intel # writes .mcp.json + SessionStart hook
Open a Warden session. The model gets TheAuditor’s MCP tools on first use: aud_explain, aud_query,
aud_search, aud_findings, aud_impact, aud_blueprint, aud_session, aud_reindex, and
aud_analytics. Type a prompt, watch the model call aud_explain instead of Read on the file it is
about to edit, and watch your token bill drop.
Honest disclaimers
Both projects are pre-launch. We are not hiding it.
- Warden is pre-alpha (v0.1.0). APIs and on-disk layouts may still shift. Three providers are
fully wired and three are scaffolded. WebSearch is Anthropic-only today. The
--permission-modecommand-line flag is not wired yet, so set the mode with the/plancommand or in settings. - TheAuditor’s binary hasn’t shipped publicly yet. Validation against the OWASP Java, OWASP Python, and OWASP Juice Shop corpora is complete in our internal runs. The public binary lands when the hardening checks on the compiled artifact all pass.
What ships, ships. No vaporware promises.
Read the other side
The Warden team wrote the complementary post from their angle, “TheAuditor + Warden: stop guessing, start querying”, focused on the agent-side integration mechanics.
Subscribe via the signup form on the main site for launch notifications. We’ll only email when there’s something real to share.
Was this useful?