Your Code Is Under New Management
Define skills in Markdown. Compose them into agents that review every change.
Every Pull Request
Open a PR and Warden reviews it automatically. Findings appear as suggested changes you can apply with one click.
User input is interpolated directly into a SQL query. Use parameterized queries to prevent SQL injection attacks.
Suggested fix: Use parameterized query
Warden ensures issues missed locally are still caught during review.
Its Just Skills
The PR feedback above comes from skills. Skills are a known standard: a SKILL.md file tells Warden what to look for.
---
name: security-scanning
---
You are a security expert analyzing code changes.
## What to Report
- SQL injection via unsanitized input
- Cross-site scripting (XSS)
- Hardcoded secrets or credentials
- Command injection vulnerabilities
## What NOT to Report
- Code style or formatting
- Performance optimizationsThat's a trivial example, but it's a working skill. No build step. No schema. No SDK.
Real skills can include detailed reference material, code examples, style guides, architectural constraints, or anything else you'd put in a design doc. The prompt is the skill.
Install Warden
Install the CLI globally.
$ npm install -g @sentry/warden Wire It In
Scaffold your project with config and GitHub workflow.
$ warden init Created warden.toml Created .github/workflows/warden.yml Next steps: 1. Add a skill: warden add <skill-name> 2. export WARDEN_ANTHROPIC_API_KEY=sk-ant-... 3. Add WARDEN_ANTHROPIC_API_KEY to repository secrets https://github.com/your-org/your-repo/settings/secrets/actions 4. Commit and open a PR to test
Load Skills
Add skills for what matters to your codebase. Local or from any GitHub repo.
$ warden add api-design-review --remote yourcompany/skills Create your own skills or find ones driven by the community at skills.sh.
Run Before You Push
Catch issues before you push. Multiple skills run together, each covering its own concern.
$ warden Analyzing uncommitted changes... FILES 4 files · 6 chunks ~ src/api/users.ts (2 chunks) ~ src/db/queries.ts (2 chunks) + src/auth/session.ts (1 chunk) ~ src/middleware/cors.ts (1 chunk) ┌─ security-scanning ────────────────────────────────────── 6.1s ─┐ │ 2 findings: ● 1 high ● 1 medium │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ ● SQL injection via unsanitized input │ │ src/db/queries.ts:42 │ │ 42 │ db.query(`SELECT * FROM users WHERE id = ${id}`) │ │ │ │ User input is interpolated directly into a SQL query. │ │ Use parameterized queries instead. │ │ │ │ ● Hardcoded JWT secret │ │ src/auth/session.ts:8 │ │ 8 │ const SECRET = "sk_live_a1b2c3d4e5f6" │ │ │ │ Secrets should be loaded from environment variables, │ │ not committed to source. │ │ │ └─────────────────────────────────────────────────────────────────┘ ┌─ api-design-review ────────────────────────────────────── 4.3s ─┐ │ 1 finding: ● 1 low │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ ● Missing pagination on list endpoint │ │ src/api/users.ts:15 │ │ 15 │ app.get("/users", async (req, res) => { │ │ │ │ Unbounded list endpoints can return excessive data. │ │ Add limit/offset or cursor-based pagination. │ │ │ └─────────────────────────────────────────────────────────────────┘ SUMMARY 3 findings: ● 1 high ● 1 medium ● 1 low Analysis completed in 6.1s