CLI

warden

warden [target] [options]

Run code analysis on the specified target. If no target is given, analyzes uncommitted changes.

target - Files, directories, or git refs to analyze (optional)

warden                     # Analyze uncommitted changes (default)
warden src/auth.ts         # Analyze specific file
warden src/api/            # Analyze a directory
warden HEAD~3..HEAD        # Analyze changes in a git range

warden init

warden init [options]

Initialize Warden in your project. Creates a configuration file and GitHub workflow.

-f, --force - Overwrite existing files

warden init            # Interactive setup
warden init --force    # Overwrite existing files

warden add

warden add [skill-name] [options]

Add a skill trigger to your configuration. Run without arguments for interactive mode.

skill-name - Name of the skill to add (optional, interactive if omitted)
--remote <owner/repo[@sha]> - Install skill from a GitHub repository
--list - List available skills

warden add                     # Interactive mode
warden add security-review     # Add local skill
warden add --list              # List available skills

# Remote skills from GitHub repositories
warden add --remote getsentry/warden-skills --skill security-review
warden add --remote getsentry/warden-skills@abc123 --skill api-review  # Pinned to commit

warden sync

warden sync [remote]

Update cached remote skills. Refreshes unpinned skills to their latest versions.

remote - Specific remote to sync (e.g., owner/repo). If omitted, syncs all.

warden sync                    # Update all remote skills
warden sync getsentry/warden-skills  # Update specific remote

warden setup-app

warden setup-app [options]

Create a GitHub App for Warden. This gives you a custom bot identity instead of the generic "github-actions" user.

--org <name> - Create the app for an organization instead of your personal account
--port <number> - Local server port (default: 3000)
--timeout <sec> - Callback timeout in seconds (default: 300)
--name <string> - Custom app name (default: Warden)
--no-open - Print URL instead of opening browser

warden setup-app               # For a personal account
warden setup-app --org my-org  # For an organization

Global Options

--skill <name-or-path> - Run a specific skill by name or path (see Skill References)
--fix - Automatically apply suggested fixes
--json - Output results as JSON
--fail-on <level> - Exit with error code if findings meet severity: critical, high, medium, low
--config <path> - Path to config file (default: warden.toml)
--verbose - Show detailed output
-m, --model <model> - Model to use (fallback when not set in config)
-o, --output <path> - Write full run output to a JSONL file
--comment-on <severity> - Only show findings at or above this severity in output
--parallel <n> - Max concurrent trigger/skill executions (default: 4)
--quiet - Errors and final summary only
-vv - Show debug info (token counts, latencies)
--color / --no-color - Override color detection
--offline - Use cached remote skills only, skip network fetches
--help - Show help message
--version - Show version number

Skill References

The --skill option accepts multiple formats:

# By name (resolved from .warden/skills/, .agents/skills/, .claude/skills/)
warden --skill security-review

# Relative path
warden --skill ./skills/custom-review

# Absolute path
warden --skill /shared/skills/company-review

# Home directory expansion
warden --skill ~/my-skills/security

Resolution order:

Remote repository (if remote is specified in trigger config)
Direct path (if contains /, \, or starts with .)
Conventional directories: .warden/skills/, .agents/skills/, .claude/skills/

Environment Variables

WARDEN_ANTHROPIC_API_KEY: Anthropic API key. Required for CI/CD. For local use, Warden can use your Claude Code subscription instead (run claude login).
ANTHROPIC_API_KEY: Fallback if WARDEN_ANTHROPIC_API_KEY is not set
WARDEN_SKILL_CACHE_TTL: Cache duration for unpinned remote skills. Default: 24h