From c06e9e1fcc73ecc0cf49ccb6b28417d05ab7f630 Mon Sep 17 00:00:00 2001 From: Greg Pstrucha <875316+gricha@users.noreply.github.com> Date: Fri, 13 Feb 2026 22:01:25 -0800 Subject: [PATCH 1/3] ci: Set up Warden PR review Add GitHub Actions workflow and update warden.toml to use the current skills schema. Configures notseer and security-review skills on PR events targeting src/**/*.ts. warden-lint-judge is commented out pending getsentry/warden#144. Co-Authored-By: Claude --- .github/workflows/warden.yml | 28 ++++++++++++++++++++++++++++ warden.toml | 35 +++++++++++++++++++++++++++++------ 2 files changed, 57 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/warden.yml diff --git a/.github/workflows/warden.yml b/.github/workflows/warden.yml new file mode 100644 index 0000000..2bbd52e --- /dev/null +++ b/.github/workflows/warden.yml @@ -0,0 +1,28 @@ +name: Warden + +permissions: + contents: write + pull-requests: write + +on: + pull_request: + types: [opened, synchronize, reopened] + +jobs: + review: + runs-on: ubuntu-latest + env: + WARDEN_MODEL: ${{ secrets.WARDEN_MODEL }} + WARDEN_SENTRY_DSN: ${{ secrets.WARDEN_SENTRY_DSN }} + steps: + - uses: actions/checkout@v4 + + - uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.WARDEN_APP_ID }} + private-key: ${{ secrets.WARDEN_PRIVATE_KEY }} + + - uses: getsentry/warden@v1 + with: + github-token: ${{ steps.app-token.outputs.token }} diff --git a/warden.toml b/warden.toml index e49f255..04c64aa 100644 --- a/warden.toml +++ b/warden.toml @@ -1,12 +1,35 @@ version = 1 -[defaults.output] +[defaults] failOn = "high" -commentOn = "medium" +reportOn = "medium" +ignorePaths = ["dist/**"] -[[triggers]] -name = "find-bugs" -event = "pull_request" +[[skills]] +name = "notseer" +paths = ["src/**/*.ts"] +ignorePaths = ["src/**/*.test.ts"] + +[[skills.triggers]] +type = "pull_request" actions = ["opened", "synchronize", "reopened"] -skill = "find-bugs" + +[[skills]] +name = "security-review" remote = "getsentry/sentry-skills" +paths = ["src/**/*.ts"] +ignorePaths = ["src/**/*.test.ts"] + +[[skills.triggers]] +type = "pull_request" +actions = ["opened", "synchronize", "reopened"] + +# TODO: enable once getsentry/warden#144 lands +# [[skills]] +# name = "warden-lint-judge" +# remote = "getsentry/skills" +# scope = "report" +# +# [[skills.triggers]] +# type = "pull_request" +# actions = ["opened", "synchronize", "reopened"] From 4a2526d3585de5c2e82a45b77dc68bb288dc066d Mon Sep 17 00:00:00 2001 From: Greg Pstrucha <875316+gricha@users.noreply.github.com> Date: Fri, 13 Feb 2026 22:04:22 -0800 Subject: [PATCH 2/3] fix(ci): Use warden@v0 (v1 not yet available) Co-Authored-By: Claude --- .github/workflows/warden.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/warden.yml b/.github/workflows/warden.yml index 2bbd52e..a0918e2 100644 --- a/.github/workflows/warden.yml +++ b/.github/workflows/warden.yml @@ -23,6 +23,6 @@ jobs: app-id: ${{ secrets.WARDEN_APP_ID }} private-key: ${{ secrets.WARDEN_PRIVATE_KEY }} - - uses: getsentry/warden@v1 + - uses: getsentry/warden@v0 with: github-token: ${{ steps.app-token.outputs.token }} From b06b883ec21647a1cce2e71f6ee0b2229e9a9af2 Mon Sep 17 00:00:00 2001 From: Greg Pstrucha <875316+gricha@users.noreply.github.com> Date: Fri, 13 Feb 2026 22:09:20 -0800 Subject: [PATCH 3/3] fix(ci): Pass WARDEN_ANTHROPIC_API_KEY to warden action Co-Authored-By: Claude --- .github/workflows/warden.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/warden.yml b/.github/workflows/warden.yml index a0918e2..89f9837 100644 --- a/.github/workflows/warden.yml +++ b/.github/workflows/warden.yml @@ -25,4 +25,5 @@ jobs: - uses: getsentry/warden@v0 with: + anthropic-api-key: ${{ secrets.WARDEN_ANTHROPIC_API_KEY }} github-token: ${{ steps.app-token.outputs.token }}