All posts
June 22, 20264 min read

LGPD for Agent Runtimes

A contractor who was off‑boarded last month still has a CI pipeline that spins up a Python agent runtime to pull data from internal services. The team never rotated the token used by that job, and the team stores the logs on a shared file share without any access controls. When the contractor’s account is eventually disabled, the pipeline continues to run, silently exfiltrating personal data that falls under Brazil’s General Data Protection Law, LGPD. LGPD obliges organizations to protect perso

Free White Paper

Open Policy Agent (OPA) + LGPD (Brazil): The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

A contractor who was off‑boarded last month still has a CI pipeline that spins up a Python agent runtime to pull data from internal services. The team never rotated the token used by that job, and the team stores the logs on a shared file share without any access controls. When the contractor’s account is eventually disabled, the pipeline continues to run, silently exfiltrating personal data that falls under Brazil’s General Data Protection Law, LGPD.

LGPD obliges organizations to protect personal data throughout its lifecycle, to keep detailed records of who accessed what, and to demonstrate that any processing was authorized and limited to the purpose for which consent was given. For agent runtimes that execute code on behalf of users or services, the law expects three concrete capabilities: a verifiable identity for every request, real‑time enforcement that can block or mask data that should not be disclosed, and a tamper‑evident log that can be presented to regulators.

Many teams rely on an identity provider such as Okta or Azure AD to issue short‑lived tokens to their agents. The token proves who started the session, but the enforcement point usually lives inside the agent itself. Because the agent runs on the same host that holds the credentials, the team can reconfigure it, the team can alter the logs, and the agent can emit sensitive fields unfiltered. In other words, the setup decides who may start a connection, but it does not guarantee that every command is inspected or that a complete, tamper‑evident record exists.

hoop.dev inserts a Layer 7 gateway between the identity layer and the target resource. The gateway runs as a network‑resident agent and proxies all traffic from the user or service to the underlying database, Kubernetes cluster, SSH host, or HTTP API. Because the proxy sits in the data path, hoop.dev enforces policies that the original agent cannot. hoop.dev records every session, masks fields that match privacy rules, requires just‑in‑time approval for risky commands, and stores an immutable audit log that can be exported for LGPD audits. The identity provider still determines who may request access, but hoop.dev is the only place where the law‑required enforcement outcomes are realized.

What LGPD expects from agent runtimes

LGPD defines personal data as any information that can identify an individual, directly or indirectly. For an agent runtime that processes requests, the regulation requires:

  • Purpose limitation: each execution must be tied to a legitimate business purpose and documented.
  • Data minimisation: only the data necessary for that purpose may be returned.
  • Accountability: organizations must keep records of who accessed which data, when, and under what justification.
  • Security of processing: technical measures must prevent unauthorized disclosure, alteration, or loss of personal data.

When an agent runtime connects to a database or an internal API, the runtime itself often has full visibility into query results. Without a transparent enforcement layer, it can inadvertently return more columns than needed, or a mis‑configured job can dump entire tables. LGPD therefore expects a mechanism that inspects the payload, applies masking rules, and logs the interaction in a way that prevents later tampering.

How hoop.dev creates the required evidence

Because hoop.dev proxies the connection, it can apply policy at the protocol level. The platform offers three evidence‑generating capabilities that map directly to LGPD requirements:

Continue reading? Get the full guide.

Open Policy Agent (OPA) + LGPD (Brazil): Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.
  • Session recording: hoop.dev captures the full request‑response stream for every agent runtime session. The recordings reside outside the host that runs the agent, providing a tamper‑evident log that auditors can replay to verify purpose limitation and data minimisation.
  • Inline data masking: administrators define patterns or column names that contain personal data. hoop.dev redacts those fields in real time before they reach the downstream system or before they are written to logs, ensuring that only authorised data is processed.
  • Just‑in‑time approval: for commands that request large result sets or access sensitive tables, hoop.dev pauses the request and routes it to a human reviewer. The approval decision records alongside the session, giving concrete evidence that the access was authorised.

Policies stored in hoop.dev trigger all three actions, so even if the runtime is compromised, the enforcement layer remains intact, satisfying LGPD’s security‑of‑processing clause.

To get started, teams can follow the getting‑started guide which walks through deploying the gateway, registering an agent runtime, and defining masking rules. Detailed policy syntax and best‑practice examples are available in the feature documentation. Because hoop.dev is open source, the audit trail can be exported to any downstream SIEM or compliance platform, giving organizations full control over how they present evidence to regulators.

Putting the pieces together

The compliance journey begins with a strong identity provider that issues short‑lived tokens to each agent runtime. Those tokens present themselves to hoop.dev, which validates them and extracts group membership. Next, hoop.dev sits in the data path, applying masking, approval, and recording policies before the request ever reaches the target service. Finally, hoop.dev archives the immutable session logs for the retention period required by LGPD, and teams can query them during an audit.

This layered approach satisfies the law’s three pillars, purpose, minimisation, and accountability, while keeping the runtime itself simple and focused on business logic. Organizations can therefore scale agent‑driven automation without fearing that hidden data flows will escape regulatory oversight.

FAQ

Does hoop.dev replace my existing identity provider?
No. hoop.dev consumes tokens from your IdP to decide who may start a session. The gateway adds enforcement on top of that identity decision.

Can I use hoop.dev with any programming language?
Yes. The gateway works at the protocol level, so any client that speaks PostgreSQL, MySQL, SSH, or HTTP can be proxied without code changes.

How long are the audit logs retained?
Retention is configurable. Because hoop.dev stores the logs outside the agent host, you can align the period with LGPD’s requirements, typically five years.

Explore the open‑source repository on GitHub to see the implementation details and contribute improvements.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot