feat(action): Add sane defaults for failOn and commentOn

action.yml

@@ -21,6 +21,11 @@ inputs:
   fail-on:
     description: 'Minimum severity level to fail the action (critical, high, medium, low, info)'
     required: false
+    default: 'high'
+  comment-on:
+    description: 'Minimum severity level to show annotations in code review (critical, high, medium, low, info)'
+    required: false
+    default: 'medium'
   max-findings:
     description: 'Maximum number of findings to report (0 for unlimited)'
     required: false
@@ -75,6 +80,7 @@ runs:
         INPUT_GITHUB_TOKEN: ${{ inputs.github-token }}
         INPUT_CONFIG_PATH: ${{ inputs.config-path }}
         INPUT_FAIL_ON: ${{ inputs.fail-on }}
+        INPUT_COMMENT_ON: ${{ inputs.comment-on }}
         INPUT_MAX_FINDINGS: ${{ inputs.max-findings }}
         INPUT_PARALLEL: ${{ inputs.parallel }}
         CLAUDE_CODE_PATH: ${{ env.HOME }}/.local/bin/claude

src/action/main.ts

@@ -29,6 +29,7 @@ interface ActionInputs {
   githubToken: string;
   configPath: string;
   failOn?: 'critical' | 'high' | 'medium' | 'low' | 'info';
+  commentOn?: 'critical' | 'high' | 'medium' | 'low' | 'info';
   maxFindings: number;
   /** Max concurrent trigger executions */
   parallel: number;
@@ -59,17 +60,24 @@ function getInputs(): ActionInputs {
     );
   }
 
+  const validSeverities = ['critical', 'high', 'medium', 'low', 'info'] as const;
+
   const failOnInput = getInput('fail-on');
-  const validFailOn = ['critical', 'high', 'medium', 'low', 'info'] as const;
-  const failOn = validFailOn.includes(failOnInput as typeof validFailOn[number])
-    ? (failOnInput as typeof validFailOn[number])
+  const failOn = validSeverities.includes(failOnInput as typeof validSeverities[number])
+    ? (failOnInput as typeof validSeverities[number])
+    : undefined;
+
+  const commentOnInput = getInput('comment-on');
+  const commentOn = validSeverities.includes(commentOnInput as typeof validSeverities[number])
+    ? (commentOnInput as typeof validSeverities[number])
     : undefined;
 
   return {
     anthropicApiKey,
     githubToken: getInput('github-token') || process.env['GITHUB_TOKEN'] || '',
     configPath: getInput('config-path') || 'warden.toml',
     failOn,
+    commentOn,
     maxFindings: parseInt(getInput('max-findings') || '50', 10),
     parallel: parseInt(getInput('parallel') || String(DEFAULT_CONCURRENCY), 10),
   };
@@ -501,7 +509,7 @@ async function run(): Promise<void> {
     }
 
     const failOn = trigger.output.failOn ?? inputs.failOn;
-    const commentOn = trigger.output.commentOn;
+    const commentOn = trigger.output.commentOn ?? inputs.commentOn;
 
     try {
       const skill = await resolveSkillAsync(trigger.skill, repoPath, config.skills);

warden.toml

@@ -1,5 +1,11 @@
 version = 1
 
+[defaults.output]
+# Fail check on high+ severity findings (critical, high)
+failOn = "high"
+# Show annotations for medium+ severity findings
+commentOn = "medium"
+
 [[triggers]]
 name = "security-review"
 event = "pull_request"