Your Code Is Under New Management
Define skills in Markdown. Compose them into agents that review every change.
Skills are Markdown
A SKILL.md file tells Warden what to look for. No plugins, no config language. Just prose.
Compose what matters
Stack security, API design, accessibility, or anything else. Each skill owns one concern.
Run anywhere
Locally before you push, or on every PR via GitHub Actions. Same skills, same results.
What's a Skill?
A skill is a Markdown file that tells Warden what to look for. You write prose, not code.
---
name: security-scanning
---
You are a security expert analyzing code changes.
## What to Report
- SQL injection via unsanitized input
- Cross-site scripting (XSS)
- Hardcoded secrets or credentials
- Command injection vulnerabilities
## What NOT to Report
- Code style or formatting
- Performance optimizationsThat's a trivial example, but it's a working skill. No build step. No schema. No SDK.
Real skills can include detailed reference material, code examples, style guides, architectural constraints, or anything else you'd put in a design doc. The prompt is the skill.
Install
Install the CLI globally.
$ npm install -g @sentry/warden Initialize
Scaffold your project with config and GitHub workflow.
$ warden init Created warden.toml Created .github/workflows/warden.yml Next steps: 1. Add a skill: warden add <skill-name> 2. export WARDEN_ANTHROPIC_API_KEY=sk-ant-... 3. Add WARDEN_ANTHROPIC_API_KEY to repository secrets https://github.com/your-org/your-repo/settings/secrets/actions 4. Commit and open a PR to test
Add some skills
Add skills for what matters to your codebase. Local or from any GitHub repo.
$ warden add api-design-review --remote yourcompany/skills Create your own skills or find ones driven by the community at skills.sh.
Run Locally
Catch issues before you push. Multiple skills run together, each covering its own concern.
$ warden Analyzing uncommitted changes... FILES 4 files · 6 chunks ~ src/api/users.ts (2 chunks) ~ src/db/queries.ts (2 chunks) + src/auth/session.ts (1 chunk) ~ src/middleware/cors.ts (1 chunk) ┌─ security-scanning ────────────────────────────────────── 6.1s ─┐ │ 2 findings: ● 1 high ● 1 medium │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ ● SQL injection via unsanitized input │ │ src/db/queries.ts:42 │ │ 42 │ db.query(`SELECT * FROM users WHERE id = ${id}`) │ │ │ │ User input is interpolated directly into a SQL query. │ │ Use parameterized queries instead. │ │ │ │ ● Hardcoded JWT secret │ │ src/auth/session.ts:8 │ │ 8 │ const SECRET = "sk_live_a1b2c3d4e5f6" │ │ │ │ Secrets should be loaded from environment variables, │ │ not committed to source. │ │ │ └─────────────────────────────────────────────────────────────────┘ ┌─ api-design-review ────────────────────────────────────── 4.3s ─┐ │ 1 finding: ● 1 low │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ ● Missing pagination on list endpoint │ │ src/api/users.ts:15 │ │ 15 │ app.get("/users", async (req, res) => { │ │ │ │ Unbounded list endpoints can return excessive data. │ │ Add limit/offset or cursor-based pagination. │ │ │ └─────────────────────────────────────────────────────────────────┘ SUMMARY 3 findings: ● 1 high ● 1 medium ● 1 low Analysis completed in 6.1s
Findings on Every PR
Open a PR and Warden reviews it automatically. Findings appear as suggested changes you can apply with one click.
User input is interpolated directly into a SQL query. Use parameterized queries to prevent SQL injection attacks.
Suggested fix: Use parameterized query