JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 39
  • Score
    100M100P100Q40275F
  • License ISC

Autonomous SRE & Security Orchestration Agent - The Warden of your Codebase

Package Exports

  • @devdonzo/warden
  • @devdonzo/warden/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@devdonzo/warden) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Warden

Autonomous SRE & Security Orchestration Agent

"Who watches the code?"

Warden is a production-grade, self-healing security agent designed to live within your GitHub ecosystem. Functioning as the head of a Council of Agents, Warden autonomously patrols your repositories, identifies vulnerabilities using enterprise tools, generates verified patches, and submits professional Pull Requestsโ€”all without human intervention.

TypeScript License: ISC

The Council of Agents

Warden is not just a script; it is an orchestrated system of specialized agents working in unison:

๐Ÿ‘๏ธ The Watchman (Scanner)

The vigilant observer. The Watchman integrates with tools like Snyk and npm audit to continuously scan your dependencies and containers. It doesn't just find bugs; it understands them.

๐Ÿ‘ท The Engineer (Fixer)

The builder. When a vulnerability is detected, The Engineer spins up an isolated environment, creates a fix branch, and intelligently patches your package.json. It runs your test suite to ensure the fix is safe before it ever leaves the local environment.

๐Ÿค The Diplomat (Reporter)

The communicator. Once a fix is verified, The Diplomat crafts a professional, semantic Pull Request. It explains what went wrong, how it was fixed, and why it matters, assigning the right reviewers and applying the correct security labels.

Key Features

  • Deep Scanning: Integrated with Snyk for dependency and container analysis, with a robust fallback to npm audit
  • Autonomous Diagnosis: Intelligent prioritization of Critical and High-severity vulnerabilities
  • Self-Healing: Automatically creates fix branches and patches package.json with secure versions
  • Verification Pipeline: Every fix is verified via npm install and npm test before a PR is proposed
  • Safeguarded Operations: Operates under a strict "Rules of Engagement" constitution preventing unauthorized merges
  • Remote Patrol: Supports patrolling any public or private GitHub repository

Installation

npm install -g @devdonzo/warden

Quick Start

1. Setup

Run the interactive setup wizard to configure your tokens (GitHub, Snyk) and preferences.

warden setup

2. Scan

Launch Warden to patrol your current repository.

warden scan

3. Validate

Ensure your environment is ready for deployment or scanning.

warden validate

Configuration

Warden can be configured via a .wardenrc.json file in your project root or home directory.

warden config --create

Example configuration:

{
  "scanner": "snyk",
  "minSeverity": "high",
  "autoFix": true,
  "maxFixes": 5,
  "notifications": {
    "slack": "https://hooks.slack.com/..."
  }
}

Rules of Engagement

Warden operates under a strict set of rules to ensure safety:

  1. Do No Harm: Warden will never force push or delete remote branches.
  2. Verify First: No PR is submitted without a passing test suite.
  3. Human in the Loop: Warden proposes fixes but requires human approval (merge) by default.

License

ISC ยฉ DevDonzo