diff --git a/README.md b/README.md
index ef36799..19a1b4c 100644
--- a/README.md
+++ b/README.md
@@ -44,18 +44,30 @@ The rendered reference reflects the default values in `helm/values.yaml`, so opt
 
 For fast validation while wiring up infrastructure, use these tools together:
 
-- `helm lint ./helm`
-- `helm template agentguard-ci ./helm`
-- `helm template agentguard-ci ./helm | kubectl apply --dry-run=client -f -`
-- `helm template agentguard-ci ./helm | kubectl apply --dry-run=server -f -`
-- `argo lint rendered.yaml`
+- `./scripts/check-chart.sh`
+- `RUN_KUBECTL_CLIENT_CHECK=1 ./scripts/check-chart.sh`
+- `RUN_KUBECTL_SERVER_CHECK=1 ./scripts/check-chart.sh`
+
+What each mode does:
+
+- `./scripts/check-chart.sh` runs the fast offline checks used by the repo-managed pre-commit hook: `helm lint`, `helm template`, and `argo lint --offline`.
+- `RUN_KUBECTL_CLIENT_CHECK=1 ./scripts/check-chart.sh` adds a client-side `kubectl` dry-run. This is optional because CRD-heavy manifests can still be environment-sensitive here.
+- `RUN_KUBECTL_SERVER_CHECK=1 ./scripts/check-chart.sh` adds a server-side dry-run against your current cluster context, which is the strongest validation once the Argo and Infisical CRDs are installed.
+
+Install the shared git hook once per clone:
+
+```bash
+git config core.hooksPath .githooks
+```
 
 Notes:
 
 - `helm lint` catches Helm chart problems.
-- `kubectl --dry-run=client` catches basic Kubernetes schema issues without talking to the cluster.
-- `kubectl --dry-run=server` is better once the cluster already has the Argo and Infisical CRDs installed.
-- `argo lint` is the most useful Argo-specific check once you have the Argo CLI installed.
+- `helm template` proves the chart renders successfully with the current values.
+- `argo lint --offline` is the most useful Argo-specific local check because it validates the rendered `ClusterWorkflowTemplate` without needing cluster access.
+- `kubectl --dry-run=client` is weaker for CRDs than Argo lint, so it is included as an optional extra check instead of the default hook behavior.
+- `kubectl --dry-run=server` is best once the cluster already has the Argo and Infisical CRDs installed.
+- CI should still rerun the same baseline checks even if pre-commit already passed, because hooks are local and bypassable. The usual CI extra is the server-side `kubectl` dry-run once a cluster with the needed CRDs is available.
 
 ## Installation