Conversation
Add GitHub Actions workflow and update warden.toml to use the current skills schema. Configures notseer and security-review skills on PR events targeting src/**/*.ts. warden-lint-judge is commented out pending getsentry/warden#144. Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Claude <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| name: Warden | ||
|
|
||
| permissions: | ||
| contents: write |
There was a problem hiding this comment.
Workflow grants unnecessary contents: write permission
Medium Severity
The workflow declares contents: write at the top level, but a PR review workflow only needs to read repository contents and post review comments. Granting contents: write allows the workflow (and any actions it invokes, including the third-party getsentry/warden action) to push commits, create/delete branches, and modify repository contents. Narrowing this to contents: read follows the principle of least privilege and limits blast radius if any action is compromised.
1 participant
Add Warden automated code review for pull requests.
Rewrites
warden.tomlfrom the old[[triggers]]format to the current[[skills]]schema and adds a GitHub Actions workflow that runsgetsentry/warden@v1with the org GitHub App token for branded review comments.Skills configured:
src/**/*.ts(excluding tests)getsentry/sentry-skillsscope = "report")Relies on org-level secrets:
WARDEN_APP_ID,WARDEN_PRIVATE_KEY,WARDEN_ANTHROPIC_API_KEY(via the app token flow), and optionalWARDEN_MODEL/WARDEN_SENTRY_DSN.