Uninstall Agent Keeper

One non-interactive command. Removes every endpoint artifact Agent Keeper places on a machine:

• LaunchAgent / systemd timer + running agentkeeper.sh processes
• Legacy CLI binary (~/.local/bin/agentkeeper.sh) and the gum helper if present
• Claude Code hooks in ~/.claude/settings.json (leaves other vendors' hooks untouched)
• Claude Code plugin cache + installed_plugins.json entries
• Cursor / Copilot / Windsurf adapter hooks in the current project
• Cowork MCP registration
• State directories (~/.agentkeeper, ~/.agentkeeper-plugin)
• Shell profile PATH entries added by the installer
• macOS Keychain entries (best-effort)

It's idempotent, safe to run twice, and writes a timestamped backup of ~/.claude/settings.json before modifying it.

One-liner (individual machine)

curl -fsSL https://YOUR_AGENTKEEPER_URL/uninstall.sh | bash

Preview what would be removed without changing anything:

curl -fsSL https://YOUR_AGENTKEEPER_URL/uninstall.sh | bash -s -- --dry-run

Keep your local config/api-key (useful if you plan to reinstall):

curl -fsSL https://YOUR_AGENTKEEPER_URL/uninstall.sh | bash -s -- --keep-data

Quiet mode for MDM log readability:

curl -fsSL https://YOUR_AGENTKEEPER_URL/uninstall.sh | bash -s -- --quiet

Kandji, one-button Self Service

Deploy as a Self Service item so users can uninstall themselves, or as an on-demand Library Item for helpdesk-triggered cleanup.

Option A: Self Service (recommended)

1. In Kandji, go to Library → Add New → Custom Script.

2. Name: Uninstall Agent Keeper

3. Execution Frequency: Run on-demand (Self Service) or Audit & Enforce if you want to force-remove at scale.

4. Run as: Logged-in user, this ensures $HOME resolves to the real user's directory.

5. Audit Script (leave empty, or paste a one-line check such as test -f "$HOME/.agentkeeper/config/api_key").

6. Remediation Script: paste:

   #!/bin/bash
   /bin/bash -c "$(curl -fsSL https://YOUR_AGENTKEEPER_URL/uninstall.sh)" -- --quiet
   

7. Assign to the Blueprint(s) that target the devices you want to clean.

8. Save. Users will see "Uninstall Agent Keeper" in Self Service, one button, runs silently, reports success/failure to Kandji.

Option B: Run as root (if your Library Item requires it)

If you can't set "Run as Logged-in user," wrap the curl to resolve the console user first:

#!/bin/bash
CONSOLE_USER=$(stat -f %Su /dev/console)
su - "$CONSOLE_USER" -c "curl -fsSL https://YOUR_AGENTKEEPER_URL/uninstall.sh | bash -s -- --quiet"

Jamf Pro

Same script, different library type:

1. Computers → Management Settings → Scripts → New.
2. Paste the script from Option A above.
3. Create a Policy with this script, scoped to the target smart group, trigger = Self Service (or Recurring Check-in for forced removal).

Intune (Windows/macOS)

macOS: add as a Shell Script under Devices → macOS → Shell scripts. Set "Run script as signed-in user" to Yes.

Manual / offline use

If you can't curl from the endpoint, save the script locally and run it. The script is self-contained, no runtime dependencies beyond bash, python3, and standard POSIX utilities, all of which are on macOS and most Linux distros by default.

What gets preserved

• Repo-level hooks committed in a project's .claude/settings.json. The uninstaller only touches user-scoped settings (~/.claude/settings.json). Repo hooks have to be removed from the repo itself.
• The agentkeeper-security connector if you added it at the Claude Enterprise org level. That's a web console setting, not an endpoint artifact.
• Your device record in the Agent Keeper dashboard. Revoke it manually at YOUR_AGENTKEEPER_URL/hosts when you're ready.

Exit codes

• 0, success (including "nothing to remove").
• 1, could not determine target user (happens only when running as root with no logged-in console user and no SUDO_USER set).

Source

The script is open and available at /uninstall.sh. Review it before deploying to a fleet.