GitHub Repo Hooks & CI Verification

Keep AgentKeeper hook configuration in source control and fail CI when a repo drifts away from the approved setup.

API Key Setup

Create a repo-scoped API key

Go to Settings → API Keys and create a key for the repository or CI environment. Copy it immediately; it starts with ak_live_.

Push hooks through GitHub

Connect the GitHub app, select the repositories you want covered, and let AgentKeeper open pull requests that add the approved hook configuration. See GitHub Integration docs and GitHub Repo Hooks docs for the full setup path.

GitHub Actions Guardrail

Fail CI when hook config is missing

Add a lightweight workflow that verifies the repo still contains the AgentKeeper hook configuration. This catches accidental deletes, branch drift, and incomplete repo onboarding.

.github/workflows/agentkeeper-hooks.yml

name: AgentKeeper Hook Drift

on:
  pull_request:
  push:
    branches: [main]

jobs:
  verify-agentkeeper-hooks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Verify Claude Code hooks
        run: |
          test -f .claude/settings.json
          grep -q "agentkeeper" .claude/settings.json

      - name: Verify dashboard health
        run: curl -fsS https://www.agentkeeper.dev/api/health

Protect the hook files

Use CODEOWNERS to require security-team review for .claude/settings.json, Cursor hook config, Windsurf hook config, and Copilot hook config.

Review activity in AgentKeeper

Once the hook PR merges, developer sessions and agent actions appear in Activity, Security, and Investigations. CI verifies the configuration; the runtime hooks enforce policy when agents actually run.

Automate these checks with AgentKeeper

One setup flow connects your agent fleet and starts enforcing policy.