Warden
Warden is an AI-powered code review tool from Sentry. It "watches over your code by running skills against your changes" — analyzing diffs, files, or whole branches for security issues, API problems, performance regressions, and any custom patterns a team cares about. Warden runs both locally (pre-p
Canonical version: Warden.
Warden is an AI-powered code review tool from Sentry. It "watches over your code by running skills against your changes" — analyzing diffs, files, or whole branches for security issues, API problems, performance regressions, and any custom patterns a team cares about. Warden runs both locally (pre-push) and in CI (on pull requests).
It is distributed via npm as @sentry/warden and the source is at getsentry/warden. License: FSL-1.1-ALv2.
The Core Idea: Skills as the Unit of Review
Where a traditional linter has hard-coded rules, Warden review logic is expressed as skills — markdown files following the AI Agent Skills specification (the same spec Claude Code Skills uses). Each skill has YAML frontmatter and a natural-language prompt describing what to look for, success criteria, and concrete examples.
Skills live in conventional directories (.agents/skills/ or .claude/skills/) so they're shared with other agentic tools. Define analysis once, run it via Warden, Claude Code, or any agentskills-compliant runner.
This is the same insight behind AI Skill Composability and AI Skill Portability — review logic is just a skill, and skills compose.
Workflow
- Detect changes — modified files, hunks, or directories
- Match triggers — compare alterations against configured skills
- Run analysis — execute relevant skills, report findings with severity, optionally suggest or auto-apply fixes
Findings appear inline as PR comments on GitHub, or in the terminal locally.
Configuration
warden.toml at the repository root declares:
- Which skills to run (local paths or
getsentry/warden-skills-style remote refs) - Path globs (
paths,ignorePaths) - Severity thresholds (
failOn,reportOn) —critical/high/medium/low/info/off - Triggers (
pull_request,local,schedule) - Defaults (model, max turns per hunk — default 50, auxiliary/synthesis models)
- Chunking strategy (
per-hunk,whole-file,skip)
Comparison with Vercel DeepSec
Both are AI-agent code review tools but target different shapes of work:
| Warden | Vercel DeepSec | |
|---|---|---|
| Built by | Sentry | Vercel Labs |
| Primary scope | Diffs, PRs, pre-commit | Whole-codebase deep audits |
| Speed | Fast, runs on every push | Slow, hours per scan |
| Cost | Per-PR, low | Thousands per scan |
| Pipeline | Single skill per chunk | 5-stage agent pipeline |
| Output | PR comments | Tickets / markdown reports |
In practice they're complementary: DeepSec finds the dormant bugs already in your codebase; Warden keeps new ones from being added.
Authentication
- Local:
claude login(uses your Claude Code subscription) orWARDEN_ANTHROPIC_API_KEY/ANTHROPIC_API_KEY - CI: organization secret
WARDEN_ANTHROPIC_API_KEYplus a custom GitHub App viawarden setup-app
Related Skill Catalog
The companion repo getsentry/warden-skills ships generalized skills (security, performance, API hygiene). Add them with warden add --remote getsentry/warden-skills --skill <skill-name>. Pin to a ref for reproducibility. Update with warden sync getsentry/warden-skills.
References
- https://warden.sentry.dev/
- https://warden.sentry.dev/guide
- https://warden.sentry.dev/config
- https://warden.sentry.dev/skill
- https://github.com/getsentry/warden
- https://github.com/getsentry/warden-skills
Related
- Sentry
- David Cramer
- Warden CLI
- Vercel DeepSec
- Static Application Security Testing (SAST)
- DevSecOps
- Claude Code
- Claude Code Skills
- AI Agent Skills
- AI Skill Composability
- AI Skill Portability
- Skills.sh
- AI Agents
- Functional Source License (FSL)
About Sébastien
I'm Sébastien Dubois, and I'm on a mission to help knowledge workers escape information overload. After 20+ years in IT and seeing too many brilliant minds drowning in digital chaos, I've decided to help people build systems that actually work. Through the Knowii Community, my courses, products & services and my Website/Newsletter, I share practical and battle-tested systems.
I write about Knowledge Work, Personal Knowledge Management, Note-taking, Lifelong Learning, Personal Organization, Productivity, and more. I also craft lovely digital products and tools.
If you want to follow my work, then become a member and join our community.
Ready to get to the next level?
If you're tired of information overwhelm and ready to build a reliable knowledge system:
- 📚 KM for Beginners — 10+ hours of structured video lessons
- 🚀 Obsidian Starter Kit — Ready-made vault with 40+ templates
- 💼 Knowledge Worker Kit — Complete guides + lifetime community
- 🦉 1-on-1 Coaching — Personalized guidance
- 🎯 Join Knowii — Community + ALL courses & tools
Found this valuable? Share it with someone who needs it.