Agent Keeper
Docs

GitHub Repo Hooks

Deploy Agent Keeper hooks via your Git repository. Commit a .claude/settings.json once, every developer who clones the repo gets automatic security monitoring.

This is the team deployment method. For individual setup, see Claude Code Setup. For MDM deployment, see JAMF or Kandji.

How it works

Claude Code loads hooks from .claude/settings.json in the repository root. When a developer clones and opens the repo in Claude Code, the hooks activate automatically. No per-machine configuration needed.

Step 1: Get your API key

  1. Log in to YOUR_AGENTKEEPER_URL
  2. Go to Settings → API Keys and create a key
  3. Copy the key (starts with ak_live_)

Step 2: Add hooks to your repo

Create .claude/settings.json in your repository root:

{
  "hooks": {
    "UserPromptSubmit": [
      {
        "matcher": "*",
        "hooks": [
          {
            "type": "http",
            "url": "https://YOUR_AGENTKEEPER_URL/api/v1/claude-code/evaluate",
            "headers": { "Authorization": "Bearer YOUR_API_KEY" },
            "timeout": 10
          }
        ]
      }
    ],
    "PreToolUse": [
      {
        "matcher": "Bash|Edit|Write|Read|Glob|Grep|WebFetch|WebSearch",
        "hooks": [
          {
            "type": "http",
            "url": "https://YOUR_AGENTKEEPER_URL/api/v1/claude-code/evaluate",
            "headers": { "Authorization": "Bearer YOUR_API_KEY" },
            "timeout": 10
          }
        ]
      }
    ],
    "PostToolUse": [
      {
        "matcher": "Bash|Edit|Write|Read|Glob|Grep|WebFetch|WebSearch",
        "hooks": [
          {
            "type": "http",
            "url": "https://YOUR_AGENTKEEPER_URL/api/v1/claude-code/audit",
            "headers": { "Authorization": "Bearer YOUR_API_KEY" },
            "timeout": 10
          }
        ]
      }
    ],
    "SessionStart": [
      {
        "matcher": "*",
        "hooks": [
          {
            "type": "http",
            "url": "https://YOUR_AGENTKEEPER_URL/api/v1/claude-code/checkin",
            "headers": { "Authorization": "Bearer YOUR_API_KEY" },
            "timeout": 10
          }
        ]
      }
    ]
  }
}

Replace YOUR_API_KEY with your key from Step 1.

Step 3: Commit and push

git add .claude/settings.json
git commit -m "Add Agent Keeper security hooks"
git push

Every developer who pulls this commit gets Agent Keeper monitoring on their next Claude Code session.

Automated via GitHub App

Instead of manually committing the file, you can use the Agent Keeper GitHub integration to automatically push hooks into connected repositories via pull request.

Security notes

  • The API key is write-only. It can send events and check policies, but cannot read org data.
  • Hook calls are non-blocking with a 10-second timeout. If YOUR_AGENTKEEPER_URL is unreachable, Claude Code continues normally.
  • No file contents are sent, only tool names, file paths, hostnames, and session metadata.
  • Project-level hooks in .claude/settings.json merge with user-level hooks in ~/.claude/settings.json.