warden-sweep_skill

Overview

This skill performs a full-repository code sweep using Warden. It scans every tracked source file, deep-verifies each finding with trace-based subagents, and opens draft PRs for validated fixes. Outputs are stored under .warden/sweeps/<run-id>/ with machine-readable reports and per-finding artifacts.

How this skill works

The sweep enumerates tracked source files, runs warden on each file to capture raw findings, then normalizes and assigns stable IDs. Each finding is sent to a Task subagent for deep tracing to verify true issues vs false positives. Verified findings are fixed in isolated git worktrees, tests are added, and draft GitHub PRs are created; security findings are tagged and aggregated into a security index.

When to use it

• You want a complete, repeatable scan of the entire repository
• You need verified, repeatable evidence for code issues before making changes
• You want automated creation of draft fixes and PRs for batch triage
• You need a security-focused view of verified findings
• You require pause/resume capability for long-running audits

Best practices

• Run from the repository root so paths and worktrees are consistent
• Ensure warden, gh, git, jq, python3 (uv) are installed and authenticated for gh operations
• Start with a dry run on a small subset to tune ignorePaths and min-confidence workflow
• Review verify output (data/verify) before trusting automated fixes
• Limit parallelism in verification to keep trace context readable and incremental

Example use cases

• Quarterly full-code audit to generate a prioritized backlog of vetted fixes
• Automated sweep after a risky dependency upgrade to find newly exposed issues
• Security team runs targeted sweeps to collect high-confidence security findings and open labeled PRs
• Onboarding: run a sweep to create starter issues and example fixes for new contributors
• CI-adjacent job that periodically runs and publishes a machine-readable report for downstream tooling