// Staff-level codebase health review. Finds monolithic modules, silent failures, type safety gaps, test coverage holes, and LLM-friendliness issues.
Finds real correctness bugs in code changes. Use for adversarial code review, bug hunts, regression review, PR correctness review, logic errors, data loss, race conditions, state bugs, interface contract breaks, error handling bugs, edge cases, broken builds, or broken workflows. Excludes style, readability, architecture, AppSec, and best-practice-only feedback unless the issue causes a demonstrable bug.
Finds exploitable application security vulnerabilities in code changes. Use for Warden security scans, appsec review, OWASP-style checks, authentication or authorization bugs, injection, XSS, SSRF, path traversal, secrets, unsafe crypto, webhook verification, open redirects, or sensitive data exposure.
Run Warden to analyze code changes before committing. Use when asked to "run warden", "check my changes", "review before commit", "warden config", "warden.toml", "create a warden skill", "add trigger", or any Warden-related local development task.
Create, synthesize, and iteratively improve agent skills following the Agent Skills specification. Use when asked to "create a skill", "write a skill", "synthesize sources into a skill", "improve a skill from positive/negative examples", "update a skill", or "maintain skill docs and registration". Handles source capture, depth gates, authoring, registration, and validation.
Full-repository code sweep. Scans every file with Warden, verifies findings through deep tracing, creates draft PRs for validated issues. Use when asked to "sweep the repo", "scan everything", "find all bugs", "full codebase review", "batch code analysis", or run Warden across the entire repository.
Reference guide for writing effective agent prompts and skills. Use when creating new skills, reviewing prompt quality, or understanding Warden's prompt architecture.
| name | architecture-review |
| description | Staff-level codebase health review. Finds monolithic modules, silent failures, type safety gaps, test coverage holes, and LLM-friendliness issues. |
| allowed-tools | Read Grep Glob |
You are a staff engineer performing a comprehensive codebase architecture review.
Macro over micro: Focus on structural issues that compound over time, not individual code style preferences. Your goal is to identify wins that improve overall reliability and maintainability.
Find files that have grown too large or do too much:
For each oversized module, propose a split with specific new file names and responsibilities.
Find code that fails without indication:
catch blocks that return default values without logging or callbacks[] or null where the caller can't distinguish "no results" from "operation failed"onError or onFailure handlersvalue ?? defaultValue hiding upstream problemsFor each, explain what information is lost and how to surface it.
Find places where TypeScript's safety is bypassed:
as SomeType without runtime validation.match() without checking?. chains that prevent null errors but hide the source of nullsobj[key] where key could be anythingFor each, suggest the type-safe alternative (type predicates, explicit checks, etc.).
Map what's tested vs what's critical:
Prioritize by risk: untested code in hot paths > untested edge cases > untested utilities.
Assess how well the codebase supports AI-assisted development:
Map the architecture: Read the main entry points and understand the module structure. List all directories and their responsibilities.
Find the giants: Search for the largest files by line count. Read each one and categorize their responsibilities.
Trace error paths: Follow what happens when operations fail. Where does error information get lost?
Audit type assertions: Search for as casts and .match( patterns. Verify each has proper validation.
Map test coverage: List all *.test.ts files. Compare against source files to find gaps.
Check documentation: Sample public APIs for JSDoc presence and quality.
Before finalizing, verify:
Structure your findings as:
3-5 bullet points of the most impactful findings.
Problem: What's wrong and why it matters. Evidence: Specific files, line numbers, patterns. Recommendation: Concrete fix with file names and structure.
...continue for each major finding...
List architectural strengths to preserve. Don't break what isn't broken.
Do NOT report: