Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/getsentry/warden/llms.txt

Use this file to discover all available pages before exploring further.

Reference documentation for all Warden GitHub Action inputs and outputs.

Inputs

All inputs are configured in your workflow file under with:: 
- uses: getsentry/warden@v1
  with:
    anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
    fail-on: high

anthropic-api-key

anthropic-api-key
string
Anthropic API key (sk-ant-...) or OAuth token (sk-ant-oat-...).Can also be set via environment variables:
  • WARDEN_ANTHROPIC_API_KEY
  • ANTHROPIC_API_KEY
  • CLAUDE_CODE_OAUTH_TOKEN (for OAuth)
Required: One authentication method must be provided.
# Via input
- uses: getsentry/warden@v1
  with:
    anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}

# Via environment variable
- uses: getsentry/warden@v1
  env:
    ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

github-token

github-token
string
default:"${{ github.token }}"
GitHub token for API access. Defaults to the automatic GITHUB_TOKEN.Use a GitHub App token for better review thread management:
- uses: actions/create-github-app-token@v1
  id: app-token
  with:
    app-id: ${{ secrets.WARDEN_APP_ID }}
    private-key: ${{ secrets.WARDEN_PRIVATE_KEY }}

- uses: getsentry/warden@v1
  with:
    github-token: ${{ steps.app-token.outputs.token }}

config-path

config-path
string
default:"warden.toml"
Path to warden.toml configuration file, relative to repository root.
- uses: getsentry/warden@v1
  with:
    config-path: .github/warden.toml

fail-on

fail-on
string
default:"high"
Minimum severity level to fail the action.Options: off, critical, high, medium, low, infoWhen findings at or above this severity are found:
  • Action fails if fail-check is true
  • Review is REQUEST_CHANGES if request-changes is true
Use off to never fail (informational mode).
- uses: getsentry/warden@v1
  with:
    fail-on: critical  # Only fail on critical issues

report-on

report-on
string
default:"medium"
Minimum severity level to show annotations in code review.Options: off, critical, high, medium, low, infoFindings below this threshold are counted but not posted as comments. Use off to disable all review comments.
- uses: getsentry/warden@v1
  with:
    report-on: low  # Show all findings in review

max-findings

max-findings
number
default:"50"
Maximum number of findings to report. Use 0 for unlimited.Higher severity findings are prioritized when limit is reached.
- uses: getsentry/warden@v1
  with:
    max-findings: 100  # Allow up to 100 findings

request-changes

request-changes
boolean
default:"false"
Whether to use REQUEST_CHANGES review event when findings exceed fail-on threshold.When true:
  • Creates a blocking review that requires dismissal
  • Automatically dismissed when all issues are resolved
  • Requires GitHub token with reviewer permissions
- uses: getsentry/warden@v1
  with:
    fail-on: high
    request-changes: true  # Block PR merge

fail-check

fail-check
boolean
default:"false"
Whether to fail the check run when findings exceed fail-on threshold.When true:
  • Check run status is “failure”
  • Blocks PR merge if check is required
When false:
  • Check run always passes
  • Findings shown for information only
- uses: getsentry/warden@v1
  with:
    fail-check: true  # Fail check on high+ severity

parallel

parallel
number
default:"5"
Maximum number of concurrent trigger executions.Higher values:
  • Faster analysis for large changes
  • Higher API usage and memory
Lower values:
  • Slower but more conservative
  • Better for rate limit management
- uses: getsentry/warden@v1
  with:
    parallel: 10  # Analyze 10 files concurrently

Outputs

Access outputs in subsequent workflow steps: 
- uses: getsentry/warden@v1
  id: warden
  with:
    anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}

- name: Check results
  run: |
    echo "Found ${{ steps.warden.outputs.findings-count }} issues"
    echo "High severity: ${{ steps.warden.outputs.high-count }}"

findings-count

findings-count
number
Total number of findings across all triggers and severity levels.Includes all findings regardless of report-on threshold.
- name: Post results to Slack
  if: steps.warden.outputs.findings-count > 0
  run: |
    curl -X POST ${{ secrets.SLACK_WEBHOOK }} \
      -d '{"text": "Warden found ${{ steps.warden.outputs.findings-count }} issues"}'

high-count

high-count
number
Number of high severity findings.Useful for tracking critical issues separately.
- name: Fail on critical issues
  if: steps.warden.outputs.high-count > 5
  run: exit 1

summary

summary
string
Human-readable summary of the analysis.Example: "Found 3 issues: 1 high, 2 medium"
- name: Comment summary
  uses: actions/github-script@v7
  with:
    script: |
      github.rest.issues.createComment({
        issue_number: context.issue.number,
        owner: context.repo.owner,
        repo: context.repo.repo,
        body: 'Warden: ${{ steps.warden.outputs.summary }}'
      })

findings-file

findings-file
string
Path to structured JSON findings file.Always written, even when no findings are found. Use for:
  • Uploading to cloud storage (GCS, S3)
  • Custom processing pipelines
  • Archiving results
Format: See Findings Schema
- name: Upload findings
  uses: actions/upload-artifact@v4
  with:
    name: warden-findings
    path: ${{ steps.warden.outputs.findings-file }}

- name: Upload to GCS
  run: |
    gsutil cp ${{ steps.warden.outputs.findings-file }} \
      gs://my-bucket/warden/${{ github.sha }}.json

Findings Schema

The JSON file referenced by findings-file has this structure: 
{
  "event": {
    "type": "pull_request",
    "action": "opened",
    "repository": {
      "owner": "getsentry",
      "name": "warden",
      "fullName": "getsentry/warden"
    },
    "pullRequest": {
      "number": 123,
      "baseBranch": "main",
      "headBranch": "feature/fix",
      "baseSha": "abc123",
      "headSha": "def456"
    }
  },
  "reports": [
    {
      "skill": "security-audit",
      "findings": [
        {
          "id": "sec-001",
          "severity": "high",
          "confidence": "high",
          "title": "SQL Injection Risk",
          "message": "User input is directly interpolated into SQL query",
          "path": "src/db/users.ts",
          "line": 42,
          "suggestion": "Use parameterized queries instead"
        }
      ],
      "duration": 1234,
      "usage": {
        "inputTokens": 5000,
        "outputTokens": 1000,
        "costUSD": 0.05
      }
    }
  ],
  "summary": {
    "totalFindings": 5,
    "bySeverity": {
      "critical": 0,
      "high": 1,
      "medium": 3,
      "low": 1,
      "info": 0
    },
    "totalCostUSD": 0.15,
    "totalDurationMs": 3500
  }
}

Usage Examples

Conditional Workflows

Run different checks based on findings: 
jobs:
  warden:
    runs-on: ubuntu-latest
    outputs:
      has-findings: ${{ steps.warden.outputs.findings-count > 0 }}
      high-count: ${{ steps.warden.outputs.high-count }}
    steps:
      - uses: actions/checkout@v4
      - uses: getsentry/warden@v1
        id: warden
        with:
          anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
  
  notify:
    needs: warden
    if: needs.warden.outputs.has-findings == 'true'
    runs-on: ubuntu-latest
    steps:
      - name: Notify team
        run: echo "Found issues, notifying team..."
  
  security-review:
    needs: warden
    if: needs.warden.outputs.high-count > 0
    runs-on: ubuntu-latest
    steps:
      - name: Request security review
        run: echo "High severity issues found, requesting security review..."

Upload Findings to Cloud Storage

- uses: getsentry/warden@v1
  id: warden
  with:
    anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}

- name: Upload to S3
  if: always()
  env:
    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
  run: |
    aws s3 cp ${{ steps.warden.outputs.findings-file }} \
      s3://my-warden-reports/${{ github.repository }}/${{ github.sha }}.json

Custom Summary Comment

- uses: getsentry/warden@v1
  id: warden
  with:
    anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}

- name: Post custom summary
  if: always()
  uses: actions/github-script@v7
  with:
    script: |
      const summary = `## Warden Analysis
      
      ${{ steps.warden.outputs.summary }}
      
      - Total findings: ${{ steps.warden.outputs.findings-count }}
      - High severity: ${{ steps.warden.outputs.high-count }}
      
      [View detailed findings](${{ steps.warden.outputs.findings-file }})`;
      
      github.rest.issues.createComment({
        issue_number: context.issue.number,
        owner: context.repo.owner,
        repo: context.repo.repo,
        body: summary
      });

Matrix Testing

Run Warden with different configurations: 
jobs:
  warden:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        config:
          - { fail-on: 'critical', name: 'Critical Only' }
          - { fail-on: 'high', name: 'High+' }
          - { fail-on: 'medium', name: 'Medium+' }
    steps:
      - uses: actions/checkout@v4
      - uses: getsentry/warden@v1
        with:
          anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
          fail-on: ${{ matrix.config.fail-on }}
          fail-check: false  # Don't block, just report

Next Steps

Setup

Get started with GitHub Action setup

Configuration

Learn about advanced configuration options