Labsco
getsentry logo

warden-skill

✓ Official204

by sentry · part of getsentry/dotagents

Guide for using Warden CLI locally to analyze code changes. Use when running warden commands, configuring warden.toml, creating custom skills, understanding…

🔥🔥✓ VerifiedFreeQuick setup
🧩 One of 7 skills in the getsentry/dotagents package — works on its own, and pairs well with its siblings.

Guide for using Warden CLI locally to analyze code changes. Use when running warden commands, configuring warden.toml, creating custom skills, understanding…

Inspect the full instructions your agent will receiveExpand

This is the exact playbook injected into your agent when the skill activates — shown here so you can audit it before installing. You don't need to read it to use the skill.

by sentry

Guide for using Warden CLI locally to analyze code changes. Use when running warden commands, configuring warden.toml, creating custom skills, understanding… npx skills add https://github.com/getsentry/dotagents --skill warden-skill Download ZIPGitHub204

CLI Reference

Copy & paste — that's it
warden [command] [targets...] [options]

Commands:

  • (default) - Run analysis

  • init - Initialize warden.toml and GitHub workflow

  • add [skill] - Add skill trigger to warden.toml

  • sync [repo] - Update cached remote skills to latest

  • setup-app - Create GitHub App via manifest flow

Targets:

  • <files> - Specific files (e.g., src/auth.ts)

  • <glob> - Pattern match (e.g., src/**/*.ts)

  • <git-ref> - Git range (e.g., main..HEAD, HEAD~3)

  • (none) - Uncommitted changes

Key Options:

Option Description --skill <name> Run only this skill --config <path> Path to warden.toml (default: ./warden.toml) -m, --model <model> Model to use --json Output as JSON -o, --output <path> Write output to JSONL file --fail-on <severity> Exit 1 if findings >= severity --comment-on <severity> Show findings >= severity --fix Auto-apply suggested fixes --parallel <n> Concurrent executions (default: 4) --offline Use cached remote skills only -q, --quiet Errors and summary only -v, --verbose Show real-time findings -vv Debug info (tokens, latency)

Severity levels: critical, high, medium, low, info, off

Creating Custom Skills

Skills live in .warden/skills/, .agents/skills/, or .claude/skills/.

Structure:

Copy & paste — that's it
.warden/skills/my-skill/
└── SKILL.md

SKILL.md format:

Copy & paste — that's it
---
name: my-skill
description: What this skill analyzes
allowed-tools: Read Grep Glob
---

[Analysis instructions for the agent]

## What to Look For

- Specific issue type 1
- Specific issue type 2

## Output Format

Report findings with severity, location, and suggested fix.

Available tools: Read, Glob, Grep, WebFetch, WebSearch, Bash, Write, Edit

Remote Skills

Skills can be fetched from GitHub repositories:

Copy & paste — that's it
# Add a remote skill
warden add --remote getsentry/skills --skill security-review

# Add with version pinning (recommended for reproducibility)
warden add --remote getsentry/skills@abc123 --skill security-review

# List skills in a remote repo
warden add --remote getsentry/skills --list

# Update all unpinned remote skills
warden sync

# Update specific repo
warden sync getsentry/skills

# Run with cached skills only (no network)
warden --offline

Remote trigger in warden.toml:

Copy & paste — that's it
[[triggers]]
name = "security-review"
event = "pull_request"
actions = ["opened", "synchronize"]
skill = "security-review"
remote = "getsentry/skills@abc123"

Cache location: ~/.local/warden/skills/ (override with WARDEN_STATE_DIR)

Cache TTL: 24 hours for unpinned refs (override with WARDEN_SKILL_CACHE_TTL in seconds)

Common Patterns

Strict security on critical files:

Copy & paste — that's it
[[triggers]]
name = "auth-security"
event = "pull_request"
actions = ["opened", "synchronize"]
skill = "security-review"
model = "claude-opus-4-20250514"
maxTurns = 100

[triggers.filters]
paths = ["src/auth/**", "src/payments/**"]

[triggers.output]
failOn = "critical"

Skip test files:

Copy & paste — that's it
[triggers.filters]
paths = ["src/**/*.ts"]
ignorePaths = ["**/*.test.ts", "**/*.spec.ts"]

Whole-file analysis for configs:

Copy & paste — that's it
[defaults.chunking.filePatterns]
pattern = "*.config.*"
mode = "whole-file"