warden
warden [target] [options]
Run code analysis on the specified target. If no target is given, analyzes uncommitted changes.
target- Files, directories, or git refs to analyze (optional)
warden # Analyze uncommitted changes (default)
warden src/auth.ts # Analyze specific file
warden src/api/ # Analyze a directory
warden HEAD~3..HEAD # Analyze changes in a git rangewarden init
warden init [options]
Initialize Warden in your project. Creates a configuration file and GitHub workflow.
-f, --force- Overwrite existing files
warden init # Interactive setup
warden init --force # Overwrite existing fileswarden add
warden add [skill-name] [options]
Add a skill trigger to your configuration. Run without arguments for interactive mode.
skill-name- Name of the skill to add (optional, interactive if omitted)--remote <owner/repo[@sha]>- Install skill from a GitHub repository--list- List available skills
warden add # Interactive mode
warden add security-review # Add local skill
warden add --list # List available skills
# Remote skills from GitHub repositories
warden add --remote getsentry/warden-skills --skill security-review
warden add --remote getsentry/warden-skills@abc123 --skill api-review # Pinned to commitwarden sync
warden sync [remote]
Update cached remote skills. Refreshes unpinned skills to their latest versions.
remote- Specific remote to sync (e.g.,owner/repo). If omitted, syncs all.
warden sync # Update all remote skills
warden sync getsentry/warden-skills # Update specific remotewarden setup-app
warden setup-app [options]
Create a GitHub App for Warden. This gives you a custom bot identity instead of the generic "github-actions" user.
--org <name>- Create the app for an organization instead of your personal account--port <number>- Local server port (default: 3000)--timeout <sec>- Callback timeout in seconds (default: 300)--name <string>- Custom app name (default: Warden)--no-open- Print URL instead of opening browser
warden setup-app # For a personal account
warden setup-app --org my-org # For an organizationGlobal Options
--skill <name-or-path>- Run a specific skill by name or path (see Skill References)--fix- Automatically apply suggested fixes--json- Output results as JSON--fail-on <level>- Exit with error code if findings meet severity:critical,high,medium,low--config <path>- Path to config file (default:warden.toml)--verbose- Show detailed output-m, --model <model>- Model to use (fallback when not set in config)-o, --output <path>- Write full run output to a JSONL file--report-on <severity>- Only show findings at or above this severity in output--parallel <n>- Max concurrent trigger/skill executions (default: 4)--quiet- Errors and final summary only-vv- Show debug info (token counts, latencies)--color / --no-color- Override color detection--git- Treat ambiguous targets as git refs instead of file paths--log- Non-TTY output with timestamps--debug- Debug-level output (implies verbose)--offline- Use cached remote skills only, skip network fetches--help- Show help message--version- Show version number
Skill References
The --skill option accepts multiple formats:
# By name (resolved from .agents/skills/ or .claude/skills/)
warden --skill security-review
# Relative path
warden --skill ./skills/custom-review
# Absolute path
warden --skill /shared/skills/company-review
# Home directory expansion
warden --skill ~/my-skills/securityResolution order:
- Remote repository (if
remoteis specified in trigger config) - Direct path (if contains
/,\, or starts with.) - Conventional directories:
.agents/skills/,.claude/skills/
Environment Variables
- WARDEN_ANTHROPIC_API_KEY
- Anthropic API key. Required for CI/CD. For local use, Warden can use your Claude Code subscription instead (run
claude login). - ANTHROPIC_API_KEY
- Fallback if
WARDEN_ANTHROPIC_API_KEYis not set - WARDEN_SKILL_CACHE_TTL
- Cache duration for unpinned remote skills. Default: 24h