All posts
June 22, 20263 min read

ISO 27001 for the Claude Agent SDK

When an audit arrives, the auditor receives a complete, verifiable trail that shows exactly which AI‑driven request was made, who authorized it, what data was returned, and how sensitive fields were protected. Iso 27001 expects organizations to demonstrate that every privileged action is traceable, that credentials are never exposed, and that data protection policies are enforced at the point of use. Typical artifacts include: * Identity‑bound access logs that record who initiated a connectio

Free White Paper

ISO 27001 + Open Policy Agent (OPA): The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

When an audit arrives, the auditor receives a complete, verifiable trail that shows exactly which AI‑driven request was made, who authorized it, what data was returned, and how sensitive fields were protected.

Iso 27001 expects organizations to demonstrate that every privileged action is traceable, that credentials are never exposed, and that data protection policies are enforced at the point of use. Typical artifacts include:

  • Identity‑bound access logs that record who initiated a connection.
  • Session recordings that capture every command and response.
  • Approval records for actions that exceed a predefined risk threshold.
  • Masking audit entries that prove sensitive fields were redacted before reaching the caller.
  • Evidence that secret material never left the protected environment.

The Claude Agent SDK runs inside a customer’s network and calls downstream services directly. In a naïve deployment the SDK talks to databases, Kubernetes clusters or HTTP APIs using its own credentials. Those calls bypass any central control plane, leaving no single point where the required artifacts can be collected. The result is a blind spot: auditors cannot answer who accessed what, nor can they verify that masking policies were applied.

hoop.dev solves this blind spot by becoming the mandatory data path between the Claude Agent SDK and every target service. The gateway authenticates the SDK via OIDC, applies just‑in‑time access grants, inspects traffic at the protocol layer, and records the full session. Because the enforcement happens in the gateway, the SDK never sees the underlying credential and never writes raw data to an unprotected location. hoop.dev automatically produces all of the artifacts listed above and stores them outside the agent process, ready for audit.

Evidence that satisfies iso 27001

When an ISO 27001 audit asks for proof of control, hoop.dev provides the following concrete items:

  • Authenticated access logs: hoop.dev tags each connection with the user or service account that presented a valid OIDC token, and it records the timestamp, target resource and the granted scope.
  • Session recordings: hoop.dev captures the full request/response stream for databases, SSH, Kubernetes exec, and HTTP calls. It stores the recordings securely and makes them available for replay to demonstrate exactly what was executed.
  • Approval workflow records: For high‑risk commands such as DROP DATABASE or privileged pod exec, hoop.dev routes the request to a human approver. It stores the approval decision, approver identity and justification alongside the session.
  • Inline masking logs: When a response contains fields marked as sensitive, hoop.dev redacts them before they reach the SDK. It records the original field name, the masking rule applied and the fact that the redacted value never left the gateway.
  • Credential handling proof: Because the gateway holds the target credentials, hoop.dev emits a “credential never exposed” statement signed by the gateway process, showing that the SDK never received raw secrets.

How hoop.dev captures the artifacts

The enforcement chain has three distinct layers:

Continue reading? Get the full guide.

ISO 27001 + Open Policy Agent (OPA): Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.
  1. Setup – identity verification: OIDC or SAML tokens identify the caller. The token determines whether the request is allowed to start, but it does not enforce any policy on its own.
  2. The data path – hoop.dev gateway: hoop.dev forces all traffic from the Claude Agent SDK through the gateway. This is the only place where masking, command blocking, just‑in‑time approval and session recording can occur.
  3. Enforcement outcomes: Because the gateway is the data path, hoop.dev generates audit logs, masks responses, approves or blocks commands, and records sessions. If you remove the gateway, you lose all of those evidentiary artifacts.

This separation guarantees that the evidence remains trustworthy: hoop.dev generates it outside the agent that initiates the request, so the agent cannot tamper with it.

Putting the evidence together for an audit

To present a complete iso 27001 audit package, follow these high‑level steps:

  1. Deploy the hoop.dev gateway using the quick‑start Docker Compose or your preferred orchestration platform. The deployment guide walks you through the process: Getting started with hoop.dev.
  2. Configure OIDC identity providers (Okta, Azure AD, Google Workspace, etc.) so that each Claude Agent SDK instance presents a verifiable token.
  3. Define just‑in‑time access policies for each target service (PostgreSQL, Kubernetes, HTTP API, etc.) in the hoop.dev policy catalog.
  4. Create masking rules for any fields that contain PII, secrets or other regulated data. The Learn section contains examples of common masking patterns.
  5. Enable session recording and approval workflows for high‑risk operations. hoop.dev stores the recorded sessions in a location you control and lets you export them for audit review.
  6. When the audit period ends, extract the logs, recordings and approval records from the gateway. Because the artifacts already include timestamps, user identifiers and resource names, they map directly to iso 27001 control objectives.

You perform these actions once; thereafter hoop.dev continues to generate the required evidence for every subsequent SDK interaction, reducing the operational overhead of manual log collection.

FAQ

Do I need to modify the Claude Agent SDK code to use hoop.dev?

No. The SDK connects to its target service through the standard client libraries (psql, kubectl, http client, etc.). By pointing the client endpoint at the hoop.dev gateway address, all traffic is automatically inspected and recorded.

Can I store the audit artifacts in my existing SIEM?

Yes. hoop.dev can forward logs and recordings to any syslog, HTTP, or cloud‑storage endpoint you configure. The forwarder runs outside the agent, preserving the integrity of the evidence.

Is hoop.dev itself iso 27001 certified?

hoop.dev does not claim certification. It is an open‑source tool that generates the audit‑ready artifacts required by iso 27001, allowing you to demonstrate compliance with your own processes.

Ready to see the source and contribute? View the repository on GitHub.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot