83
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill getsentry/warden --skill find-warden-bugs- SKILL.md16.3 KB
Overview
This skill detects Warden-specific recurring bugs by inspecting code changes against historical fault patterns. It focuses on the architectural seams where bugs repeat: SDK IPC, dual report paths, config threading, concurrent execution, and output rendering. The analysis is deterministic and only reports issues provable from the provided code chunk.
How this skill works
You feed scoped diffs from Warden's pipeline into the skill. It classifies the touched zone(s) (SDK, CLI, Config, Output, Types, Action, Triggers) and runs zone-relevant checks derived from 40+ historical fixes. Findings are emitted only at HIGH or MEDIUM confidence when code demonstrates a provable pattern; vague matches are ignored until more context is available.
When to use it
- Pull requests that change SDK response handling, IPC, or usage aggregation
- Refactors touching CLI rendering, runPool/semaphore code, or Ink callbacks
- Schema or defaults changes in config that must thread through resolveSkillConfigs()
- Any change to report assembly paths (runSkill vs runSkillTask) or SkillReport shape
- Modifications to output serialization, JSON/JSONL, or GitHub check assembly
Best practices
- Classify the code to limit checks to relevant architectural zones before running inspections
- Report only provable issues; when confidence is LOW, fetch more files or skip
- Prefer shared utilities for report assembly and config resolution to avoid dual-path drift
- Use nullish checks (??) for config merging and explicit null handling for SDK usage fields
- Guard concurrent callbacks with semaphore patterns and check shouldAbort() after acquire
- Separate machine output generation from display-level filters to preserve full findings
Example use cases
- Detecting access of response.content[0] without length/type checks in SDK handlers
- Finding added SkillReport fields updated in only one of the two report assembly paths
- Flagging config defaults that were not threaded through resolveSkillConfigs() into runners
- Catching mutations of shared state inside runPool workers or Ink render callbacks
- Spotting display-level severity filtering applied before JSON/JSONL serialization
FAQ
Findings are calibrated: HIGH when the pattern is directly provable from code, MEDIUM when context may mitigate and more files are needed, and LOW matches are not reported.
Will this skill guess or produce false positives?
No guessing. It only reports issues with code evidence. If the pattern is ambiguous, it will request more context rather than report a low-confidence issue.