Context
Per the SDK Review and CI standards, SDK repositories SHOULD have Warden configured in CI. Warden runs AI-powered skills against PR diffs to enforce SDK-specific conventions that static linters can't express.
Related sign-off issue: SDK-1131 — Review and CI
What's involved
Only a warden.toml file is needed. The org-wide workflow in getsentry/.github already runs Warden on all repos in the org, and the secrets (WARDEN_ANTHROPIC_API_KEY, WARDEN_APP_ID, WARDEN_PRIVATE_KEY, WARDEN_MODEL, WARDEN_SENTRY_DSN) are configured at the org level. The workflow only does meaningful work when a warden.toml exists in the repo.
Add warden.toml at repo root
Reference: sentry-dotnet/warden.toml
version = 1
[defaults]
failOn = "high"
reportOn = "medium"
[[skills]]
name = "code-review"
remote = "getsentry/skills"
[[skills.triggers]]
type = "pull_request"
actions = ["opened", "synchronize", "reopened"]
[[skills]]
name = "find-bugs"
remote = "getsentry/skills"
[[skills.triggers]]
type = "pull_request"
actions = ["opened", "synchronize", "reopened"]
[[skills]]
name = "security-review"
remote = "getsentry/skills"
[[skills.triggers]]
type = "pull_request"
actions = ["opened", "synchronize", "reopened"]
[[skills]]
name = "gha-security-review"
remote = "getsentry/skills"
[[skills.triggers]]
type = "pull_request"
actions = ["opened", "synchronize", "reopened"]
Optionally update agents.toml
Add warden skills for local agent usage:
[[skills]]
name = "warden"
source = "getsentry/warden"
How the org-wide setup works
The getsentry/.github warden workflow:
- Triggers on
pull_request events (opened, synchronize, reopened) across all org repos
- Uses a GitHub App token (
WARDEN_APP_ID + WARDEN_PRIVATE_KEY) so findings are posted as a branded bot
- Runs
getsentry/warden@v0 which installs Claude Code CLI and executes skills from warden.toml
- Uploads findings to GCS (
warden-logs/) for observability
Repos already using Warden
Documentation
Context
Per the SDK Review and CI standards, SDK repositories SHOULD have Warden configured in CI. Warden runs AI-powered skills against PR diffs to enforce SDK-specific conventions that static linters can't express.
Related sign-off issue: SDK-1131 — Review and CI
What's involved
Only a
warden.tomlfile is needed. The org-wide workflow in getsentry/.github already runs Warden on all repos in the org, and the secrets (WARDEN_ANTHROPIC_API_KEY,WARDEN_APP_ID,WARDEN_PRIVATE_KEY,WARDEN_MODEL,WARDEN_SENTRY_DSN) are configured at the org level. The workflow only does meaningful work when awarden.tomlexists in the repo.Add
warden.tomlat repo rootReference: sentry-dotnet/warden.toml
Optionally update
agents.tomlAdd warden skills for local agent usage:
How the org-wide setup works
The getsentry/.github warden workflow:
pull_requestevents (opened, synchronize, reopened) across all org reposWARDEN_APP_ID+WARDEN_PRIVATE_KEY) so findings are posted as a branded botgetsentry/warden@v0which installs Claude Code CLI and executes skills fromwarden.tomlwarden-logs/) for observabilityRepos already using Warden
warden.toml(4 skills), relies on org workflowDocumentation