GitHub Integration

Connect your GitHub repositories to Agent Keeper and auto-deploy Claude Code security hooks to every repo your team works in. One click to connect, one PR to protect. Every developer who clones a protected repo gets monitoring automatically, zero configuration on their end.

Why GitHub integration

Manual hook setup doesn't scale. Developers forget, new repos get missed, and API keys end up in Slack messages. The GitHub integration fixes all of that:

Challenge	Without integration	With integration
Onboarding	Each developer manually edits `settings.json`	Clone the repo and hooks are already there
Coverage gaps	New repos start unprotected	Protect a repo in one click from the dashboard
Key rotation	Hunt down every `settings.json` copy	Re-push hooks from the dashboard, new PR
Audit trail	No record of when monitoring was enabled	PR history shows exactly when and by whom
Consistency	Different devs have different hook configs	Single source of truth committed to git

How it works

1. Connect your GitHub account

From the Agent Keeper dashboard, go to Settings or the Claude Code onboarding page and click Connect GitHub. A popup opens to install the Agent Keeper GitHub App on your GitHub organization or personal account.

Select which repositories Agent Keeper can access. You can grant access to all repositories or pick specific ones, you can always change this later in GitHub.

When the popup closes, the dashboard refreshes and shows your connected repositories.

2. Select repositories to protect

The dashboard lists all repositories the GitHub App can access. Each repo shows its name, visibility (public/private), and protection status. Select the repos you want to protect and click Push Hooks.

3. Choose deploy mode

Agent Keeper offers three ways to push the hooks config into your repo:

Mode	How it works	Best for
All branches (default)	Commits `.claude/settings.json` to every branch in the repo. Developers on any branch get hooks on their next `git pull`. Branches that already have the file are skipped.	Maximum coverage, every developer is protected immediately
Main only	Commits directly to the default branch. New branches inherit it; existing branches get it on next merge/rebase from main.	Simpler commit history, still good coverage
Open PR	Creates a `agentkeeper/add-hooks` branch and opens a Pull Request. A team member reviews and merges.	Teams with strict branch protection rules

Select your preferred mode using the toggle above the repo list, then click Enable on each repo.

4. Agent Keeper deploys the hooks

In All branches mode, the file is committed to every branch in the repo. Developers on any branch get protection on their next git pull, no merge from main required.

In Main only mode, the file lands on your default branch. New branches inherit it; existing branches get it when they merge or rebase from main.

In Open PR mode, Agent Keeper creates a new branch and opens a PR that adds a single file:

.claude/settings.json

The PR contains the full hooks configuration with your organization's API key pre-embedded. Here is what the file looks like:

{
  "hooks": {
    "UserPromptSubmit": [
      {
        "matcher": "*",
        "hooks": [
          {
            "type": "http",
            "url": "https://YOUR_AGENTKEEPER_URL/api/v1/claude-code/evaluate",
            "headers": {
              "Authorization": "Bearer ak_live_..."
            },
            "timeout": 10
          }
        ]
      }
    ],
    "PreToolUse": [
      {
        "matcher": "Bash|Edit|Write|Read|Glob|Grep|WebFetch|WebSearch",
        "hooks": [
          {
            "type": "http",
            "url": "https://YOUR_AGENTKEEPER_URL/api/v1/claude-code/evaluate",
            "headers": {
              "Authorization": "Bearer ak_live_..."
            },
            "timeout": 10
          }
        ]
      }
    ],
    "PostToolUse": [
      {
        "matcher": "Bash|Edit|Write|Read|Glob|Grep|WebFetch|WebSearch",
        "hooks": [
          {
            "type": "http",
            "url": "https://YOUR_AGENTKEEPER_URL/api/v1/claude-code/audit",
            "headers": {
              "Authorization": "Bearer ak_live_..."
            },
            "timeout": 10
          }
        ]
      }
    ],
    "SessionStart": [
      {
        "matcher": "*",
        "hooks": [
          {
            "type": "http",
            "url": "https://YOUR_AGENTKEEPER_URL/api/v1/claude-code/checkin",
            "headers": {
              "Authorization": "Bearer ak_live_..."
            },
            "timeout": 10
          }
        ]
      }
    ]
  }
}

5. Developers pull and get protection

From that point forward, every developer who clones (or pulls) the repository gets the hooks configuration automatically. Claude Code reads .claude/settings.json from the repo root on startup, no additional setup required.

Tip: "All branches" mode gives the most complete coverage. For repos with many branches (100+), consider "Main only" to avoid a large batch of commits.

What the hooks do

Each hook fires at a different point in the Claude Code lifecycle:

Hook	When it fires	What it does
UserPromptSubmit	Before every user prompt is submitted	Scans the prompt for injection attempts and dangerous instructions. Can block malicious prompts.
PreToolUse	Before every tool call (Bash, Edit, Write, Read, etc.)	Evaluates the action against 55+ threat patterns. Can block dangerous operations before they execute.
PostToolUse	After every tool call completes	Logs the action to your audit trail. Records tool name, input summary, and outcome.
SessionStart	When a Claude Code session begins	Registers the workstation, reports hostname, Claude Code version, and sandbox status.

All hooks call the Agent Keeper API over HTTPS. They are non-blocking with a 10-second timeout, if the endpoint is unreachable, Claude Code continues normally.

Repository limits by plan

Plan	Protected repos	Price
Free	1	$0
Pro	3	$19/mo
Team	Unlimited	$29/seat/mo (min 3 seats)

Need more repos? Upgrade your plan.

Managing protected repos

Protected badge

Repositories that already have Agent Keeper hooks pushed show a Protected badge in the dashboard. This makes it easy to see at a glance which repos are covered and which still need attention.

Re-pushing hooks

Need to update the hooks configuration? Common reasons include:

API key rotation: you generated a new key and need to update all repos
Hook config changes: Agent Keeper released new hook endpoints or updated matchers
New team members: want to make sure the latest config is in place

Select any protected repo and click Protected to re-push. The selected deploy mode applies, "All branches" updates every branch, "Main only" updates the default branch, and "Open PR" creates a new PR. Branches that already have the identical config are skipped.

Changing repository access

To add or remove repositories from the GitHub App:

Go to Settings in the Agent Keeper dashboard
Click the gear icon next to your GitHub connection
This opens GitHub's installation settings where you can modify repository access
Return to the dashboard, the repo list updates automatically

Security model

Write-only API key

The API key embedded in .claude/settings.json is write-only. It can:

Send security events (tool calls, session check-ins)
Check policies (blocked tools, blocked commands)

It cannot:

Read audit logs or event history
List hosts or workstations
Modify organization settings
Access other API keys

Even if a developer extracts the key from the config file, the worst they can do is send extra events to your dashboard.

Git-native distribution

The hooks configuration lives in the repository alongside your code. This means:

Changes to hook config go through your normal PR review process
Git history provides a full audit trail of when monitoring was enabled or modified
Branch protection rules apply, no one can silently remove hooks from main
.claude/settings.json is visible to the entire team, not hidden in a home directory

Fallback behavior

If PR creation fails (for example, the GitHub App lacks write access to a specific repo), Agent Keeper returns a branch-compare URL instead. You can use this URL to manually create the PR in GitHub. The branch with the hooks config is still pushed, only the PR creation step is skipped.

Connecting from the dashboard

The GitHub connection flow uses a popup window rather than a full-page redirect. This keeps your dashboard context intact. When the popup closes, a focus listener on the dashboard page re-checks the installation status and refreshes the repository list.

If the popup is blocked by your browser, the dashboard shows a direct link to the GitHub App installation page. Complete the installation there, then return to the dashboard and click Refresh.

Frequently asked questions

Does this replace the Agent Keeper plugin? No. The plugin and GitHub integration serve different use cases. The plugin gives individual developers local threat detection and slash commands. GitHub integration gives security teams centralized, git-native hook deployment. See Claude Code Setup for a comparison.

What happens if a developer already has ~/.claude/settings.json? Claude Code merges repo-level .claude/settings.json with the user-level ~/.claude/settings.json. Both sets of hooks run. There is no conflict.

Can I use this with JAMF deployment too? Yes. JAMF deploys hooks to ~/.claude/settings.json (user-level), while GitHub integration deploys to .claude/settings.json (repo-level). They complement each other: JAMF covers repos that aren't connected to GitHub, and GitHub integration covers developers who aren't on managed Macs.

Is the API key safe to commit to a repo? The key is write-only and can only send events. It cannot read data or modify settings. For private repos, this is perfectly safe. For public repos, consider using a dedicated key that you can rotate independently, or use environment variable substitution instead.

What if I remove the GitHub App? Removing the GitHub App from GitHub revokes Agent Keeper's access. Existing .claude/settings.json files in your repos continue to work (the hooks still call the API), but you can no longer push updates from the dashboard. To re-enable, click Connect GitHub again.

How do I disconnect a single repo without removing the app? Modify the GitHub App's repository access in GitHub settings to remove that repo. Alternatively, delete the .claude/settings.json file from the repo via a normal PR.

Next steps

Claude Code Setup, compare plugin vs. repo hooks deployment
Team Policies, enforce blocked tools, commands, and sandbox requirements
JAMF Deployment, deploy hooks across your Mac fleet with MDM
Runtime Shield, real-time threat detection and blocking
Plans & Pricing, full feature comparison across tiers