Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/DevDonzo/warden/llms.txt

Use this file to discover all available pages before exploring further.

Warden ships as a single npm package — @devdonzo/warden — and exposes a warden binary. You can install it globally to use as a standalone CLI from any directory, or install it locally in a project for pinned version control and CI reproducibility. This page covers both paths, walks through environment variable configuration, and shows how to verify a working installation.
Warden requires Node.js 18.0.0 or later. Earlier versions are not supported. Verify your version before installing:
node --version
# v18.x.x or later required
If you need to upgrade Node.js, use nvm or download from nodejs.org.

Install Options

npm install -g @devdonzo/warden
After a global install, the warden command is available system-wide. After a local build, use node dist/index.js or npm link to expose the warden binary from your shell.

Environment Variables

Warden reads environment variables from your shell or from a .env file in the project root. Three variables cover the core functionality:
VariableRequiredPurpose
GITHUB_TOKENRequired for PR creationEnables branch push and pull request automation via the GitHub API
SNYK_TOKENOptional but recommendedAuthenticates against Snyk for dependency scans; Warden falls back to npm-audit without it
RESEND_API_KEYOptionalEnables email notifications when notifications.enabled: true in .wardenrc.json

Create a .env file

Create a .env file in the root of the repository you want to scan. Warden loads it automatically on startup via dotenv:
.env
GITHUB_TOKEN=your_github_token
GITHUB_OWNER=your_github_username_or_org
GITHUB_REPO=the-sentinel
GITHUB_ASSIGNEE=your_github_username
SNYK_TOKEN=your_snyk_token
OPENAI_API_KEY=your_openai_key_if_needed
ANTHROPIC_API_KEY=your_anthropic_key_if_needed
GITHUB_OWNER and GITHUB_REPO are optional — if not set, Warden attempts to detect them from the git remote configuration of the target repository. OPENAI_API_KEY and ANTHROPIC_API_KEY are placeholders for future agentic integrations.
Add .env to your .gitignore before committing. Never commit tokens or API keys to source control. In CI, inject secrets via your provider’s secret management (e.g., GitHub Actions secrets).

Post-Install Verification

Quick test

Confirm the binary is reachable and the correct version is installed: 
warden --version
warden --help

Validate your environment

Run the full pre-flight check to confirm all required tools and credentials are present: 
warden validate
warden validate checks four areas in sequence: environment variables (GITHUB_TOKEN, SNYK_TOKEN), system dependencies (git, node, npm, snyk, pip-audit, gh), Git repository state (.git directory, configured remotes), and project manifest (package.json or requirements.txt). It exits 0 on success and 1 on failure, printing a clear list of errors and warnings.

Diagnose issues

For a more detailed diagnostic that also checks Node.js version, Git, npm, Snyk CLI, and token status individually: 
warden doctor
warden doctor reports each check with a pass/fail indicator and prints the total count of issues at the end. Use it when warden validate surfaces an error that needs more context.

Optional Tools

Some Warden capabilities require additional tools installed on the system:
ToolInstallRequired for
Snyk CLInpm install -g snyk--scanner snyk dependency scanning
NmapOS package manager (e.g., brew install nmap)warden dast infrastructure scanning
Metasploit Frameworkmetasploit.com/get-startedwarden dast exploit-module advisory runs
Warden detects whether these tools are present at runtime. If Snyk is unavailable, it falls back to npm-audit automatically. DAST scans require both a valid dast section in .wardenrc.json and the corresponding tool installed. Run warden doctor after installing any optional tool to confirm it is detected correctly.
Run warden bootstrap-ci inside any repository to generate a ready-to-use GitHub Actions workflow at .github/workflows/warden.yml. The generated workflow installs Warden via npx, runs a CI-mode scan on every pull request and push to main, and uploads all scan-results/ artifacts automatically.

Build docs developers (and LLMs) love

Get started for freeTalk to us