Skip to main content

Plug Mankinds into your CI/CD

Block a pull request when your AI system regresses. The Mankinds CI integration lets a pipeline trigger an evaluation, wait for the result, and exit with a non-zero status when the quality gate fails.

push -> CI build -> deploy preprod -> Mankinds eval gate -> merge or rollback

The same primitive works with GitHub Actions, GitLab CI, Bitbucket Pipelines, CircleCI, Jenkins, and any other runner: trigger one agent run, wait for the gate result, propagate the exit code.

How it works

  1. You configure a quality gate on your existing Mankinds agent.
  2. Your CI runner triggers the agent via POST /api/v1/agents/{agent_id}/runs with your API key.
  3. The runner polls GET /api/v1/agents/{agent_id}/runs/{run_id} until completion.
  4. The runner reads results.gate.passed: true exits 0, false exits 1.
  5. Mankinds keeps the run visible in the agent dashboard with the CI metadata sent by the runner.

The pass/fail rule lives on the agent, and the tested endpoint lives on the attached system. The CI file only needs the agent UUID and an API key.

Prerequisites

  • An active Mankinds agent (Guardian or Red Team) attached to your target system.
  • A quality gate configured on the agent. See Quality gate configuration.
  • An API key created with CI access in Settings → API Keys.
  • A pre-production environment reachable by Mankinds. Configure the endpoint once on the system.

5-minute quickstart (GitHub Actions)

If you already have an agent and an API key, copy-paste the snippet below into your repo:

  1. Settings → Secrets and variables → Actions → New repository secret: name MANKINDS_API_KEY, paste your key.

  2. Create .github/workflows/mankinds-ci.yml:

    name: Mankinds quality gate
    on:
    pull_request:
    branches: [main]
    jobs:
    eval:
    runs-on: ubuntu-latest
    steps:
    - uses: mankinds/cli@v1
    with:
    agent: 00000000-0000-4000-8000-000000000000
    api-key: ${{ secrets.MANKINDS_API_KEY }}
  3. Push, open a PR. The workflow triggers the agent and fails the check if the gate fails.

Other CI providers? See GitLab CI, Other providers.

Frequently asked questions

Does the runner need access to my repo source code?

No. The runner sends CI metadata such as commit SHA, branch, PR number, repo and actor. Your code, models, prompts and datasets do not leave your runner.

What URL is actually evaluated?

The agent is attached to a Mankinds system, which carries the endpoint of your AI service. The CI snippet references the agent, not the URL, so the workflow file stays stable when the system endpoint changes.

How long does a run take?

It depends on the agent profile and test plan size. The CI runner waits until the run completes or reaches its timeout.

Can I run the same eval locally before pushing?

Yes, with the Mankinds CI runner image published on GHCR:

docker run --rm \
-e MANKINDS_API_KEY=$MANKINDS_API_KEY \
ghcr.io/mankinds/ci:v1 \
--agent 00000000-0000-4000-8000-000000000000

The image is ghcr.io/mankinds/ci; it exposes the mankinds-ci command used by the provider-specific examples.

Next steps