@sentry/warden 0.3.0 → 0.5.0

package/plugins/warden/skills/warden/references/config-schema.md

@@ -0,0 +1,111 @@
+# warden.toml Configuration Schema
+
+## Top-Level Structure
+
+```toml
+version = 1                    # Required, must be 1
+
+[defaults]                     # Optional, inherited by all skills
+[[skills]]                     # Required, array of skill configs
+```
+
+## Defaults Section
+
+```toml
+[defaults]
+model = "claude-sonnet-4-20250514"    # Default model
+maxTurns = 50                         # Max agentic turns per hunk
+defaultBranch = "main"                # Base branch for comparisons
+failOn = "high"                # Exit 1 if findings >= this severity
+reportOn = "medium"            # Show findings >= this severity
+maxFindings = 50               # Max findings to report (0 = unlimited)
+reportOnSuccess = false        # Post report even with no findings
+paths = ["src/**/*.ts"]        # Include only matching files
+ignorePaths = ["*.test.ts"]    # Exclude matching files
+
+[defaults.chunking]
+enabled = true                 # Enable hunk-based chunking
+
+[defaults.chunking.coalesce]
+enabled = true                 # Merge nearby hunks
+maxGapLines = 30               # Lines between hunks to merge
+maxChunkSize = 8000            # Max chars per chunk
+
+[[defaults.chunking.filePatterns]]
+pattern = "*.config.*"         # Glob pattern
+mode = "whole-file"            # per-hunk | whole-file | skip
+```
+
+## Skills Section
+
+```toml
+[[skills]]
+name = "skill-name"            # Required, unique identifier
+remote = "owner/repo@sha"      # Optional, fetch skill from GitHub repo
+paths = ["src/**"]             # Include only matching files
+ignorePaths = ["**/*.test.ts"] # Exclude matching files
+
+# Optional overrides (inherit from defaults if not set)
+model = "claude-opus-4-20250514"
+maxTurns = 100
+failOn = "critical"
+reportOn = "high"
+maxFindings = 20
+reportOnSuccess = true
+
+[[skills.triggers]]
+type = "pull_request"          # Required: pull_request | local | schedule
+actions = ["opened", "synchronize"]  # Required for pull_request
+
+# Schedule-specific (only for type = "schedule")
+[[skills.triggers]]
+type = "schedule"
+
+[skills.triggers.schedule]
+issueTitle = "Daily Security Review"   # GitHub issue title for tracking
+createFixPR = true                     # Create PR with fixes
+fixBranchPrefix = "security-fix"       # Branch name prefix
+```
+
+**Trigger types:**
+- `pull_request` - Triggers on PR events
+- `local` - Triggers on local CLI runs
+- `schedule` - Triggers on cron schedule (GitHub Action)
+
+**Actions (for pull_request):**
+- `opened`, `synchronize`, `reopened`, `closed`
+
+## Severity Values
+
+Used in `failOn` and `reportOn`:
+- `critical` - Most severe
+- `high`
+- `medium`
+- `low`
+- `info` - Least severe
+- `off` - Disable threshold
+
+## Built-in Skip Patterns
+
+Always skipped (cannot be overridden):
+- Package locks: `pnpm-lock.yaml`, `package-lock.json`, `yarn.lock`, `Cargo.lock`, etc.
+- Minified files: `**/*.min.js`, `**/*.min.css`
+- Build artifacts: `dist/`, `build/`, `node_modules/`, `.next/`, `__pycache__/`
+- Generated code: `*.generated.*`, `*.g.ts`, `__generated__/`
+
+## Environment Variables
+
+| Variable | Purpose |
+|----------|---------|
+| `WARDEN_ANTHROPIC_API_KEY` | Claude API key (required) |
+| `WARDEN_MODEL` | Default model (lowest priority) |
+| `WARDEN_STATE_DIR` | Override cache location (default: `~/.local/warden`) |
+| `WARDEN_SKILL_CACHE_TTL` | Cache TTL in seconds for unpinned remotes (default: 86400) |
+
+## Model Precedence (highest to lowest)
+
+1. Skill-level `model`
+2. `[defaults]` `model`
+3. CLI `--model` flag
+4. `WARDEN_MODEL` env var
+5. SDK default

package/plugins/warden/skills/warden/references/configuration.md

@@ -0,0 +1,108 @@
+# Configuration (warden.toml)
+
+See [config-schema.md](config-schema.md) for the complete schema reference.
+
+## Minimal Example
+
+```toml
+version = 1
+
+[defaults]
+model = "claude-sonnet-4-20250514"
+
+[[skills]]
+name = "find-bugs"
+paths = ["src/**/*.ts"]
+
+[[skills.triggers]]
+type = "pull_request"
+actions = ["opened", "synchronize"]
+```
+
+## Skill Configuration
+
+Skills define what to analyze and when. Each skill requires a name and at least one trigger:
+
+```toml
+[[skills]]
+name = "security-review"
+paths = ["src/auth/**", "src/payments/**"]
+failOn = "critical"
+reportOn = "high"
+maxFindings = 20
+
+[[skills.triggers]]
+type = "pull_request"
+actions = ["opened", "synchronize"]
+```
+
+**Trigger types:** `pull_request`, `local`, `schedule`
+
+**Actions (pull_request):** `opened`, `synchronize`, `reopened`, `closed`
+
+## Common Patterns
+
+**Strict security on critical files:**
+```toml
+[[skills]]
+name = "security-review"
+model = "claude-opus-4-20250514"
+maxTurns = 100
+paths = ["src/auth/**", "src/payments/**"]
+failOn = "critical"
+
+[[skills.triggers]]
+type = "pull_request"
+actions = ["opened", "synchronize"]
+```
+
+**Skip test files:**
+```toml
+[[skills]]
+name = "find-bugs"
+paths = ["src/**/*.ts"]
+ignorePaths = ["**/*.test.ts", "**/*.spec.ts"]
+```
+
+**Whole-file analysis for configs:**
+```toml
+[defaults.chunking.filePatterns]
+pattern = "*.config.*"
+mode = "whole-file"
+```
+
+## Model Precedence
+
+From highest to lowest priority:
+
+1. Skill-level `model`
+2. `[defaults]` `model`
+3. CLI `--model` flag
+4. `WARDEN_MODEL` env var
+5. SDK default
+
+## Environment Variables
+
+| Variable | Purpose |
+|----------|---------|
+| `WARDEN_ANTHROPIC_API_KEY` | Claude API key (required unless using Claude Code subscription) |
+| `WARDEN_MODEL` | Default model (lowest priority) |
+| `WARDEN_STATE_DIR` | Override cache location (default: `~/.local/warden`) |
+| `WARDEN_SKILL_CACHE_TTL` | Cache TTL in seconds for unpinned remotes (default: 86400) |
+
+## Troubleshooting
+
+**No findings reported:**
+- Check `--report-on` threshold (default shows all)
+- Verify skill matches file types in `paths`
+- Use `-v` to see which files are being analyzed
+
+**Files being skipped:**
+- Built-in skip patterns: lock files, minified, `node_modules/`, `dist/`
+- Check `ignorePaths` in config
+- Use `-vv` to see skip reasons
+
+**Token/cost issues:**
+- Reduce `maxTurns` (default: 50)
+- Use chunking settings to control chunk size
+- Filter to relevant files with `paths`

package/plugins/warden/skills/warden/references/creating-skills.md

@@ -0,0 +1,85 @@
+# Creating Skills
+
+Skills are markdown files that tell Warden what to look for. They follow the [agentskills.io](https://agentskills.io) specification.
+
+## Skill Discovery
+
+Warden searches these directories in order (first match wins):
+
+```
+.warden/skills/{name}/SKILL.md   # Warden-specific (highest priority)
+.agents/skills/{name}/SKILL.md   # Shared agent skills
+.claude/skills/{name}/SKILL.md   # Claude Code skills
+```
+
+## SKILL.md Format
+
+```markdown
+---
+name: my-skill
+description: What this skill analyzes
+allowed-tools: Read Grep Glob
+---
+
+[Analysis instructions for the agent]
+
+## What to Look For
+- Specific issue type 1
+- Specific issue type 2
+
+## Output Format
+Report findings with severity, location, and suggested fix.
+```
+
+## Available Tools
+
+`Read`, `Glob`, `Grep`, `WebFetch`, `WebSearch`, `Bash`, `Write`, `Edit`
+
+Most review skills only need `Read`, `Grep`, and `Glob` for exploring context.
+
+## Writing Checklist
+
+- One skill, one concern ("security review" not "code quality")
+- Clear criteria for what counts as an issue and at what severity
+- Actionable findings that include how to fix
+- Examples of good and bad code where helpful
+
+## Remote Skills
+
+Skills can be fetched from GitHub repositories:
+
+```bash
+# Add a remote skill
+warden add --remote getsentry/skills --skill security-review
+
+# Add with version pinning (recommended for reproducibility)
+warden add --remote getsentry/skills@abc123 --skill security-review
+
+# List skills in a remote repo
+warden add --remote getsentry/skills --list
+
+# Update all unpinned remote skills
+warden sync
+
+# Update specific repo
+warden sync getsentry/skills
+
+# Run with cached skills only (no network)
+warden --offline
+```
+
+**Remote skill in warden.toml:**
+
+```toml
+[[skills]]
+name = "security-review"
+remote = "getsentry/skills@abc123"
+
+[[skills.triggers]]
+type = "pull_request"
+actions = ["opened", "synchronize"]
+```
+
+**Cache location:** `~/.local/warden/skills/` (override with `WARDEN_STATE_DIR`)
+
+**Cache TTL:** 24 hours for unpinned refs (override with `WARDEN_SKILL_CACHE_TTL` in seconds)

package/scripts/update-pricing.ts

@@ -0,0 +1,88 @@
+/**
+ * Fetches Anthropic model pricing from pydantic/genai-prices and writes
+ * src/sdk/model-pricing.json. Rerun whenever prices change.
+ *
+ * Usage: pnpm update-pricing
+ */
+
+const SOURCE_URL =
+  'https://raw.githubusercontent.com/pydantic/genai-prices/main/prices/data.json';
+const OUTPUT_PATH = new URL('../src/sdk/model-pricing.json', import.meta.url);
+
+type PriceValue = number | { base: number; tiers: unknown[] };
+
+interface PriceEntry {
+  input_mtok?: PriceValue;
+  output_mtok?: PriceValue;
+  cache_read_mtok?: PriceValue;
+  cache_write_mtok?: PriceValue;
+}
+
+/** Extract the base price from a flat number or tiered pricing object. */
+function basePrice(v: PriceValue | undefined): number {
+  if (v == null) return 0;
+  if (typeof v === 'number') return v;
+  return v.base;
+}
+
+interface ModelEntry {
+  id: string;
+  name: string;
+  prices: PriceEntry;
+}
+
+interface ProviderEntry {
+  id: string;
+  models: ModelEntry[];
+}
+
+interface ModelPricingRecord {
+  inputPerMTok: number;
+  outputPerMTok: number;
+  cacheReadPerMTok: number;
+  cacheWritePerMTok: number;
+}
+
+async function main() {
+  const res = await fetch(SOURCE_URL);
+  if (!res.ok) {
+    throw new Error(`Failed to fetch pricing data: ${res.status} ${res.statusText}`);
+  }
+
+  const providers: ProviderEntry[] = await res.json();
+  const anthropic = providers.find((p) => p.id === 'anthropic');
+  if (!anthropic) {
+    throw new Error('Anthropic provider not found in pricing data');
+  }
+
+  const pricing: Record<string, ModelPricingRecord> = {};
+
+  if (!anthropic.models || !Array.isArray(anthropic.models)) {
+    throw new Error('Anthropic provider has invalid or missing models array');
+  }
+
+  for (const model of anthropic.models) {
+    const p = model.prices;
+    if (!p || typeof p !== 'object') {
+      continue;
+    }
+    pricing[model.id] = {
+      inputPerMTok: basePrice(p.input_mtok),
+      outputPerMTok: basePrice(p.output_mtok),
+      cacheReadPerMTok: basePrice(p.cache_read_mtok),
+      cacheWritePerMTok: basePrice(p.cache_write_mtok),
+    };
+  }
+
+  const { writeFileSync } = await import('node:fs');
+  const { fileURLToPath } = await import('node:url');
+  writeFileSync(fileURLToPath(OUTPUT_PATH), JSON.stringify(pricing, null, 2) + '\n');
+
+  const count = Object.keys(pricing).length;
+  console.log(`Wrote ${count} model(s) to src/sdk/model-pricing.json`);
+}
+
+main().catch((err) => {
+  console.error(err);
+  process.exit(1);
+});