Agent Keeper Docs

Connect one agent, watch the first policy verdict, then decide how broadly you want to enforce. These docs are organized around that path.

Start here

• Try Agent Keeper on one workstation: Installation, then Claude Code Setup.
• Compare supported coding agents: AI Coding Agents.
• Understand what gets blocked: Runtime Shield and Team Policies.
• Roll out through IT or GitHub: Team Deployment, JAMF, Kandji, and GitHub Repo Hooks.
• Protect MCP tools and Cowork: MCP Gateway and Claude Cowork.

Agent setup

• Claude Code: install the plugin, connect the dashboard, and enable full prompt, tool, file, and MCP coverage.
• Cursor: connect Composer hooks for shell, prompt, file, and MCP activity.
• Codex: attach Codex command hooks for shell, patch, prompt, and MCP decisions.
• Gemini CLI: route Gemini command hooks through the same policy engine.
• VS Code Copilot: audit and gate Copilot Agent Mode where hook support is available.
• Windsurf: enforce shell and file-write policies in Cascade sessions.

Team control

• Configuration: hook endpoints, API keys, environment variables, and managed settings.
• Workstations: fleet inventory, session heartbeat, versions, sandbox posture, and limits.
• Agent Skills: discover slash-skills and MCP servers installed across developer machines.
• MCP Skill Monitoring: govern mcp__server__tool calls with allow, warn, and block rules.
• Identity Providers: sync Entra ID, Google Workspace, or Okta groups for policy overrides.
• Telemetry Setup: send Claude Code OpenTelemetry events into Agent Keeper.

Reference

• Plugin Reference: local plugin commands, local detection, and connected mode.
• Dashboard: the core views and event model.
• Plans: current packaging and plan boundaries.
• Uninstall: remove endpoint artifacts cleanly from one machine or a managed fleet.