Skip to content
Warden
GitHub

Getting started

Overview

Warden reviews TypeScript and JavaScript changes by collecting mechanical evidence first, verifying claims second, and using the model only to triage and phrase what survived.

01 Detectors first

TSC, ESLint, npm audit, OSV, jscpd, leverage, security, and other detectors produce the initial record.

 02 Scoped sub-agents

Review mode adds committability, library leverage, and security triage questions with citation discipline.

 03 Typed output

Every run returns a stable CommentSet for the CLI and future wrappers.
Core rule

The model is a formatter and triage layer. It is not the source of truth for vulnerabilities, library APIs, repository state, or tool output.

Review flow

Section titled “Review flow”
  1. Detect

    Find the repo root, package manager, diff source, and changed files. The diff-level noise filter prunes generated or irrelevant subtrees before runners start.

  2. Run

    Execute deterministic checks: TypeScript, ESLint, Warden-managed security lint, dependency audit, duplication, context selection, leverage, and category-specific detectors.

  3. Triage

    In review mode, cheap-tier sub-agents ask scoped questions for committability, library leverage, and security residue.

  4. Verify

    Check external claims against OSV records, package type definitions, or cited repository snippets. Unsupported sources are removed.

  5. Format

    Ask the model to order, clarify, and write the review from the verified findings. It can also ask a question when intent is unclear.

  6. Return

    Emit a stable CommentSet with comment ids, tiers, categories, confidence, source records, and degraded-worker metadata.

Commands

Section titled “Commands”
Build context indexonce per repo
warden init

Chunks the codebase, embeds supported languages, and stores the content-addressed index in .warden/cache.sqlite.

Deterministic passno LLM
warden check

Runs the mechanical checks and deterministic synthesizer. This is the low-friction CI/pre-commit path.

Full reviewLLM triage
warden review

Adds semantic context selection, scoped sub-agents, verified API-claim lookup, and the cited review synthesizer.

Both check and review accept --json. review also supports --base, --stdin, and --verbose when you need explicit diff control or machine-readable output. See Review pipeline for the current review spine and the deferred deep-security boundary.

Output contract

Section titled “Output contract”
comments[]Stable review comments with ids, file ranges, tiers, categories, claims, suggestions, and verified sources.
degradedWorkers[]Structured notes when a worker is missing context, partially fails, or intentionally refuses a weak finding.
metadataRuntime context such as mode, base branch, cache behavior, and runner phase information.

That contract is why the CLI can stay one-shot while future GitHub, Slack, or ClickUp surfaces render the same result without scraping terminal output.