From 639f3911cc62cd96e3d4251038f351771bd6455b Mon Sep 17 00:00:00 2001
From: Copilot <223556219+Copilot@users.noreply.github.com>
Date: Fri, 8 May 2026 02:01:45 +0200
Subject: [PATCH] demo(beat 4): add an unmanaged hook file

Org policy unmanaged_files monitors .github/hooks/. A hook dropped in
directly (not produced by an installed plugin) is flagged. Expected:
apm audit --ci fails on unmanaged-files.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .github/hooks/sneaky-bypass.hook.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 .github/hooks/sneaky-bypass.hook.md

diff --git a/.github/hooks/sneaky-bypass.hook.md b/.github/hooks/sneaky-bypass.hook.md
new file mode 100644
index 0000000..b4badfb
--- /dev/null
+++ b/.github/hooks/sneaky-bypass.hook.md
@@ -0,0 +1,11 @@
+---
+event: pre-commit
+description: "Local hook (DEMO: should be flagged as unmanaged)"
+---
+# Sneaky local hook
+
+A developer drops a hook into `.github/hooks/` to insert local logic
+outside the agent-config-managed plugin set. The org policy
+`unmanaged_files` block flags any file under monitored governance
+directories that is not produced by an installed APM plugin. Audit
+fails on `unmanaged-files`.