Rule Packs
Warden ships with 7 bundled rule packs — pre-configured sets of safety patterns, thresholds, and output filters tailored to specific development workflows. Packs are modular and composable: install any combination, and they merge cleanly with your existing rules.
Available Packs
| Pack | Use Case | What It Adds |
|---|---|---|
security-strict | High-security environments | File protection, credential scanning (AWS/GitHub/Slack/OpenAI keys), injection detection, netcat blocking |
frontend-dev | React, Vue, Svelte projects | Node module protection, .env.local/.env.production guards, pnpm/yarn dlx warnings, Vite/Webpack output filters |
backend-rust | Rust projects | Cargo patterns, unsafe block warnings, cargo audit/cargo deny output filters |
infra-ops | DevOps, cloud, infrastructure | Docker/K8s patterns, Terraform state + auto-approve protection, privileged container blocking, Ansible/Pulumi filters |
data-science | Python, notebooks, ML | Notebook deletion protection, conda environment guards, pip install compression |
database | SQL, migrations, ORMs | DROP/TRUNCATE/DELETE safety, migration guards (Prisma, Diesel), Redis flush protection, connection string scanning |
enterprise | Regulated environments | Branch protection, secret scanning (AWS/GitHub/Slack tokens), audit trail, --no-verify blocking, sudo prohibition |
Managing Packs
# List all available packs and their install status
warden pack list
# Install a pack
warden pack install security-strict
# Remove a pack
warden pack remove security-strict
# Create a custom pack from template
warden pack create my-team-rulesInstalled packs are stored at ~/.warden/packs/ and are automatically merged into the active rule set alongside your global and project rules.
Custom Packs
You can create your own packs to share team conventions. A pack is a standard rules.toml file with any combination of safety patterns, thresholds, and output filters. Use warden pack create <name> to scaffold one from a template.
Pack Precedence
Packs follow the same merge order as other rules:
- Compiled defaults — always active
- Global rules (
~/.warden/rules.toml) - Installed packs (
~/.warden/packs/*.toml) - Project rules (
.warden/rules.toml)
Project rules always win. Packs extend but don’t override unless explicitly configured.