Documentation Index
Fetch the complete documentation index at: https://mintlify.com/getsentry/warden/llms.txt
Use this file to discover all available pages before exploring further.
The Warden GitHub Action can be configured through workflow inputs to control severity thresholds, reporting behavior, and performance.
Basic Configuration
.github/workflows/warden.yml
- uses: getsentry/warden@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
fail-on: high
report-on: medium
max-findings: 50
Severity Thresholds
Control when to fail checks and what to report:
fail-on
Minimum severity level to fail the action. When findings at or above this level are found, the check will fail.
- uses: getsentry/warden@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
fail-on: high # Options: off, critical, high, medium, low, info
critical - Fail only on critical findingshigh - Fail on high or critical (default)medium - Fail on medium, high, or criticallow - Fail on low, medium, high, or criticalinfo - Fail on any findingoff - Never fail (informational only)
The fail-on threshold can be overridden per-skill in warden.toml.
report-on
Minimum severity level to show as code review annotations:
- uses: getsentry/warden@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
report-on: medium # Default: medium
Review Behavior
request-changes
Use REQUEST_CHANGES review event when findings exceed fail-on threshold:
- uses: getsentry/warden@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
fail-on: high
request-changes: true # Default: false
- Creates a blocking review that must be dismissed
- Automatically dismissed when all issues are resolved
- Requires reviewer permissions for the GitHub token
Only enable this if your GitHub token has reviewer permissions. Using GITHUB_TOKEN may not have sufficient permissions.
fail-check
Fail the check run when findings exceed fail-on threshold:
- uses: getsentry/warden@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
fail-on: high
fail-check: false # Default: false
true - Check run fails, blocking PR merge if requiredfalse - Check run passes, findings shown for information only
parallel
Maximum number of concurrent trigger executions:
- uses: getsentry/warden@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
parallel: 5 # Default: 5
- Faster analysis for large changes
- Higher API rate limit usage
- More memory consumption
Lower values:
- Slower but more conservative
- Better for rate limit concerns
This can also be configured in warden.toml under [defaults.runner] or [[skills.runner]].
max-findings
Maximum number of findings to report:
- uses: getsentry/warden@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
max-findings: 50 # Default: 50, 0 = unlimited
Configuration File Path
config-path
Path to warden.toml configuration file (relative to repository root):
- uses: getsentry/warden@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
config-path: .github/warden.toml # Default: warden.toml
- Storing config in
.github/ directory
- Multiple configurations for different workflows
- Monorepo setups
Complete Example
Here’s a production-ready configuration:
.github/workflows/warden.yml
name: Warden
permissions:
contents: write
pull-requests: write
checks: write
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.WARDEN_APP_ID }}
private-key: ${{ secrets.WARDEN_PRIVATE_KEY }}
- uses: getsentry/warden@v1
with:
# Authentication
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
github-token: ${{ steps.app-token.outputs.token }}
# Configuration
config-path: warden.toml
# Severity thresholds
fail-on: high # Fail on high+ severity
report-on: medium # Show medium+ in reviews
# Review behavior
request-changes: true # Block PR on failures
fail-check: true # Fail check run
# Performance
parallel: 5 # Concurrent executions
max-findings: 50 # Limit findings per run
Per-Skill Configuration
Many inputs can be overridden per-skill in warden.toml:
version = 1
[defaults]
failOn = "high"
reportOn = "medium"
[[skills]]
name = "security-audit"
paths = ["src/**/*.ts"]
# Override for this skill only
failOn = "critical" # Only fail on critical security issues
reportOn = "low" # Show all security findings
requestChanges = true # Block PR for security issues
failCheck = true
[[skills.triggers]]
type = "pull_request"
actions = ["opened", "synchronize", "reopened"]
[[skills]]
name = "code-quality"
paths = ["src/**/*.ts"]
# Informational only - don't block PRs
failOn = "off"
reportOn = "medium"
[[skills.triggers]]
type = "pull_request"
actions = ["opened", "synchronize", "reopened"]
Environment Variables
Alternative to workflow inputs:
- uses: getsentry/warden@v1
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
WARDEN_MODEL: claude-sonnet-4-20250514 # Override model
WARDEN_SENTRY_DSN: ${{ secrets.WARDEN_SENTRY_DSN }} # Optional telemetry
Conditional Execution
Run Warden only on specific conditions:
jobs:
review:
runs-on: ubuntu-latest
# Skip for dependabot PRs
if: github.actor != 'dependabot[bot]'
steps:
- uses: actions/checkout@v4
- uses: getsentry/warden@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
on:
pull_request:
paths:
- 'src/**/*.ts'
- 'lib/**/*.js'
Troubleshooting
Authentication Errors
Error: Authentication not found
- Check secret name matches workflow:
ANTHROPIC_API_KEY
- Verify secret is set in repository settings
- Check for typos in the workflow file
Permission Errors
Error: Resource not accessible by integration
permissions:
contents: write # Required
pull-requests: write # Auto via GITHUB_TOKEN
checks: write # Auto via GITHUB_TOKEN
Rate Limiting
Reduce parallel value and enable max-findings:
- uses: getsentry/warden@v1
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
parallel: 3
max-findings: 30
Next Steps
Inputs & Outputs
Complete reference for all inputs and outputs
warden.toml
Configure skills and triggers