GitHub Repo Hooks & CI Verification

Keep Agent Keeper hook configuration in source control and fail CI when a repo drifts away from the approved setup.

API Key Setup

Create a repo-scoped API key

Go to Settings → API Keys and create a key for the repository or CI environment. Copy it immediately; it starts with ak_live_.

Push hooks through GitHub

Connect the GitHub app, select the repositories you want covered, and let Agent Keeper open pull requests that add the approved hook configuration. See GitHub Integration and GitHub Repo Hooks for the full setup path.

GitHub Actions Guardrail

Fail CI when hook config is missing

Add a lightweight workflow that verifies the repo still contains the Agent Keeper hook configuration. This catches accidental deletes, branch drift, and incomplete repo onboarding.

.github/workflows/agentkeeper-hooks.yml

name: Agent Keeper Hook Drift

on:
  pull_request:
  push:
    branches: [main]

jobs:
  verify-agentkeeper-hooks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Verify Claude Code hooks
        run: |
          test -f .claude/settings.json
          grep -q "agentkeeper" .claude/settings.json

      - name: Verify dashboard health
        run: curl -fsS https://www.agentkeeper.dev/api/health

Protect the hook files

Use CODEOWNERS to require security-team review for .claude/settings.json, Cursor hook config, Windsurf hook config, and Copilot hook config.

Review activity in Agent Keeper

Once the hook PR merges, developer sessions and agent actions appear in Activity, Security, and Investigations. CI verifies the configuration; the runtime hooks enforce policy when agents actually run.

Automate these checks with Agent Keeper

One setup flow connects your agent fleet and starts enforcing policy.