CI Workflows
GitHub Actions
CI workflow and build-gating with AgentPrey exit codes.
Why It Is CI-Friendly
agentprey returns stable exit codes, so you can gate pull requests and deploys directly on process status.
Exit Codes
0: all secure1: vulnerabilities found2: scan/runtime error
HTTP Workflow Example
yaml
name: AgentPrey Scanon: pull_request: workflow_dispatch:jobs: security-scan: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Install Rust toolchain uses: dtolnay/rust-toolchain@stable - name: Install agentprey run: cargo install agentprey --locked - name: Run scan and gate build env: TARGET_URL: ${{ secrets.AGENTPREY_TARGET_URL }} run: | set +e agentprey scan --target "$TARGET_URL" --category prompt-injection exit_code=$? set -e if [ "$exit_code" -eq 1 ]; then echo "agentprey found vulnerabilities" exit 1 fi if [ "$exit_code" -eq 2 ]; then echo "agentprey scan/runtime error" fi exit "$exit_code"OpenClaw Workflow Example
The OpenClaw target must be a checked-out local project path in the CI workspace, not a URL.
yaml
name: AgentPrey OpenClaw Scanon: pull_request: workflow_dispatch:jobs: openclaw-scan: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Install Rust toolchain uses: dtolnay/rust-toolchain@stable - name: Install agentprey run: cargo install agentprey --locked - name: Run local-path OpenClaw scan run: | set +e agentprey scan --type openclaw --target ./path/to/openclaw-project exit_code=$? set -e if [ "$exit_code" -eq 1 ]; then echo "agentprey found vulnerabilities" exit 1 fi exit "$exit_code"How To Gate Builds
Treat exit code 1 as a policy failure and fail CI. Treat exit code 2 as a runtime/scan failure and fail CI for investigation.