All posts
June 22, 20264 min read

LangGraph and SOC 2 Compliance

Running LangGraph without runtime guardrails invites audit failures and data leaks. SOC 2 is a set of trust‑service criteria that auditors use to verify that a service provider protects customer data and operates with reliability. For a workflow engine like LangGraph, the standard translates into concrete expectations around access control, change management, logging, and data confidentiality. Auditors will look for evidence that every user who triggers a graph execution is properly authenticat

Free White Paper

SOC 2 Type I & Type II: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

Running LangGraph without runtime guardrails invites audit failures and data leaks.

SOC 2 is a set of trust‑service criteria that auditors use to verify that a service provider protects customer data and operates with reliability. For a workflow engine like LangGraph, the standard translates into concrete expectations around access control, change management, logging, and data confidentiality. Auditors will look for evidence that every user who triggers a graph execution is properly authenticated, that the execution environment cannot be tampered with, and that any sensitive payloads are protected both in‑flight and at rest.

What SOC 2 expects from a runtime platform

The five criteria are Security, Availability, Processing Integrity, Confidentiality, and Privacy. They map to a handful of technical controls for LangGraph:

  • Identity‑based access. Each request to start, pause, or modify a graph must be tied to a unique, verifiable identity. The system should enforce least‑privilege permissions and record the identity of every actor.
  • Immutable audit trail. Every step in a graph, every input, and every output must be logged with timestamps, user identifiers, and success or failure status. The logs must be retained for the audit period.
  • Just‑in‑time approvals. High‑risk operations, such as executing a graph that accesses external APIs or writes to a database, should be gated behind a manual or automated approval workflow.
  • Data masking. When a graph returns personally identifiable information (PII) or secret tokens, the platform should redact those fields before they are stored in logs or displayed to downstream services.
  • Session replay. Auditors often request the ability to reconstruct a graph execution to verify that no unauthorized steps were taken. The platform must capture enough context to replay the session.

Meeting these expectations is not a matter of configuring a single setting; it requires an integrated control surface that can observe every request, enforce policies, and generate the evidence auditors demand.

Where the evidence gaps appear

Many LangGraph deployments rely on static credentials stored in environment variables or secret managers that are read directly by the runtime. This approach satisfies the "credential exists" part of the security criterion but leaves three gaps:

  • The runtime itself sees the secret, so a compromised process can exfiltrate it.
  • There is no central point where approvals can be injected, so risky graph executions happen without oversight.
  • Logs are written by the application code, which may omit user identifiers or fail to mask sensitive fields.

Because the control logic lives inside the same process that executes the graph, auditors cannot trust that the recorded evidence is complete or untampered. The missing piece is a gateway that sits outside the LangGraph process, intercepts traffic, and applies the required safeguards.

How hoop.dev fills the gap

hoop.dev is a Layer 7 gateway that proxies connections to infrastructure, including runtime environments like LangGraph. The gateway is deployed as a network‑resident agent, separate from the LangGraph process, and it becomes the sole path through which all graph‑execution requests travel.

When a user or an automated service initiates a LangGraph run, hoop.dev authenticates the request via OIDC or SAML, extracts the user’s group membership, and evaluates the request against policy. Because the gateway sits in the data path, it can enforce just‑in‑time approvals, block disallowed commands, and mask sensitive fields before they ever reach the LangGraph runtime.

Continue reading? Get the full guide.

SOC 2 Type I & Type II: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Every session that passes through hoop.dev is recorded. The gateway captures the full request and response stream, timestamps each operation, and retains an audit trail that can be reviewed for consistency and integrity. This record includes the caller’s identity, the exact graph definition, input parameters, and any masked output. Auditors can retrieve the session replay to verify that the execution complied with policy.

In addition, hoop.dev’s inline masking capability ensures that any PII or secret returned by a graph is redacted before it is written to logs or forwarded to downstream services. The masking happens at the protocol layer, so the LangGraph process never sees the unmasked value.

Because the gateway holds the credential used to talk to downstream resources, the LangGraph runtime never accesses the secret directly. This separation satisfies the confidentiality criterion of SOC 2 and reduces the blast radius of a compromised runtime.

Key enforcement outcomes for SOC 2

hoop.dev delivers the concrete evidence auditors require:

  • Identity‑bound audit logs. Each log entry includes the authenticated user, satisfying the security and processing‑integrity criteria.
  • Session records retained as an audit trail. The recorded information can be reviewed to confirm consistency and integrity.
  • Just‑in‑time approval workflow. High‑risk graph executions are gated behind an approval step, demonstrating controlled change management.
  • Inline data masking. Sensitive fields are redacted before logging, meeting the confidentiality requirement.
  • Replay capability. Auditors can replay any session to confirm that the execution path matched the approved policy.

All of these outcomes are possible only because hoop.dev occupies the data path between the requester and LangGraph. The setup phase, defining OIDC providers, provisioning service accounts, and configuring policies, establishes who may request access, but the enforcement happens exclusively at the gateway.

Getting started

To put these controls into practice, start with the hoop.dev getting‑started guide. The guide walks you through deploying the gateway, registering a LangGraph endpoint, and defining the policies that enforce SOC 2‑required safeguards. For deeper technical details, explore the hoop.dev learn site, which covers approval workflows, masking rules, and session replay.

FAQ

Does hoop.dev make LangGraph SOC 2 compliant?
No. hoop.dev generates the evidence auditors need, but compliance is a responsibility of the organization that configures the policies and processes.

Can I use hoop.dev with existing LangGraph deployments?
Yes. Because hoop.dev acts as a protocol‑level proxy, you can point your existing LangGraph client to the gateway without changing application code.

What storage does hoop.dev use for audit logs?
The gateway writes audit records to a location you configure; the documentation explains the supported options.

Ready to see the code in action? Explore the open‑source repository on GitHub and start building SOC 2‑ready evidence for your LangGraph workloads.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot