Hoop parses wire protocols in real time. It masks sensitive data before it reaches the client, blocks dangerous commands before they execute, and records every session. One gateway covers databases, Kubernetes, SSH, AI agents, and MCP servers.
Website · Docs · Discussions · Open Source
Hoop is an open-source gateway that sits between users (engineers, AI agents, service accounts) and infrastructure (databases, Kubernetes clusters, servers, APIs). Every query and command passes through the gateway at the wire protocol level, where you can:
- Mask sensitive data in responses before it reaches the client (ML-powered, not regex)
- Block dangerous commands before they execute (
DROP TABLE,rm -rf,DELETEwithoutWHERE) - Require human approval for risky operations via Slack or Teams
- Record every session with full replay for compliance and incident review
- Govern AI agent access to production infrastructure with the same controls
No agents on endpoints. No schema discovery. No code changes. Deploy the gateway, connect your identity provider, define your rules.
Teams where engineers or AI agents access production infrastructure that contains sensitive data. If your developers run queries against databases with customer PII, execute commands on production Kubernetes clusters, or use Claude Code / Cursor against real systems, Hoop gives you visibility and control over what happens inside those sessions.
Used by NYSE-listed companies in production. 5,000+ databases protected through a single deployment.
Debugging a production issue...
SELECT * FROM users WHERE id = 42;
| id | name | email | ssn | card_number |
|----|---------------|--------------------|-------------|------------------|
| 42 | Jane Thompson | jane@example.com | 123-45-6789 | 4532-XXXX-XXXX |
You screenshot the result for Slack. SSNs, emails, and card numbers are now in your team chat.
Same query through Hoop:
SELECT * FROM users WHERE id = 42;
| id | name | email | ssn | card_number |
|----|------|----------------|-------------|------------------|
| 42 | J*** | j***@*****.com | ***-**-6789 | ****-****-**** |
Safe to share. No configuration required. The ML model detected the sensitive fields automatically.
AI agent fixing a bug at 3AM:
> claude-code: DROP TABLE orders;
>
> Query OK, 47,291,834 rows affected 💀
Same agent, same intent, through the gateway:
> claude-code: DROP TABLE orders;
>
> ⛔ Blocked by guardrail: "Prevent destructive DDL in production"
> Event logged. Security team notified.
The command never reached the database.
# create a jwt secret for auth
echo "JWT_SECRET_KEY=$(openssl rand -hex 32)" >> .env
# download and run
curl -sL https://hoop.dev/docker-compose.yml > docker-compose.yml && \
docker compose upGateway running on :8009. OIDC connected. Masking and guardrails active.
Engineers / AI Agents / Service Accounts
│
▼
┌────────────────┐
│ Hoop Gateway │ ← Parses wire protocols in real time
│ │
│ • Masks PII │ (ML-powered, <5ms latency)
│ • Blocks cmds │ (DROP, DELETE, rm -rf)
│ • Approvals │ (Slack / Teams)
│ • Records all │ (full session replay)
│ • AI controls │ (per-action governance)
└────────────────┘
│
▼
Your Infrastructure
(Databases, K8s, SSH, APIs, MCP servers)
The gateway parses wire protocols natively: PostgreSQL, MySQL, MSSQL, MongoDB, Kubernetes, SSH, HTTP/gRPC, RDP, and more. Your tools connect through the gateway without knowing it's there. No SDKs, no plugins, no browser extensions.
ML-powered detection of PII, PHI, PCI data, and credentials inside database responses, API payloads, and terminal output. Not regex. The model understands context: 555-1234 in a phone column is a phone number, BUILD-555-1234 in a CI log is a build ID. One rule covers thousands of resources. No schema mapping required.
Define dangerous operations and block them at the protocol layer before they reach the target system. DROP TABLE, DELETE without WHERE, kubectl delete namespace, rm -rf, and any custom pattern. Prevention, not detection.
Route risky operations (production writes, schema changes, config mutations) for human approval via Slack or Teams. One command, one decision. The operation waits until approved, denied, or scheduled for a maintenance window.
Claude Code, Cursor, and autonomous agents connect to your infrastructure through the gateway. Agents read freely (with masked responses). Agents write with approval. Destructive operations are blocked outright. Every agent action is logged, risk-scored, and replayable.
Not just a proxy. Hoop inspects MCP payloads, masks PII in JSON responses before they reach the agent, blocks dangerous operations, and federates identity so developers never touch real credentials. Auto-generates a sensitive data catalog from MCP traffic.
Full session capture with replay. Every command, every response, every approval and denial. Generates compliance evidence for SOC 2, GDPR, PCI DSS, and HIPAA automatically.
Parameterized templates stored in Git. Your team executes common operations with validated inputs. Guardrails, masking, and approval workflows apply automatically to every run.
SSO is included in the open-source license. Connect Okta, JumpCloud, Azure AD, Google Workspace, or any OIDC/SAML provider. For free. Identity is a security primitive, not a revenue lever.
touch .env && \
curl -sL https://hoop.dev/docker-compose.yml > docker-compose.yml && \
docker compose upSee Docker Compose documentation →
See Kubernetes deployment documentation →
See AWS deploy & host documentation →
| Category | Protocols |
|---|---|
| Databases | PostgreSQL, MySQL, MSSQL, MongoDB |
| Infrastructure | Kubernetes (exec, port-forward), SSH, RDP |
| APIs | HTTP, gRPC |
| AI | Claude Code, Cursor, MCP servers |
| Runtimes | Rails, Django, Elixir IEx, PHP |
| Cloud | AWS SSM, custom CLIs |
We welcome contributions. Protocol parsers, masking patterns, guardrail rules, runbook templates, integrations, and documentation improvements. Check out our Development Documentation to get started.
Join our Discussions to ask questions, share ideas, and connect with other users.
MIT. The code that touches your data is code you can read.
hoop.dev · Data security in transit. One gateway, every protocol.