When a former contractor’s CI pipeline still runs Claude‑powered agents against internal services, the organization can unintentionally expose personal data that falls under Brazil’s General Data Protection Law (LGPD). The agent can retrieve customer records, employee identifiers, or health information without any centralized log that shows who asked for the data, when, or what was returned.
What LGPD expects from AI‑driven data access
LGPD requires that any processing of personal data be accompanied by verifiable evidence. Controllers must be able to answer four core audit questions:
- Who accessed the data?
- When did the access occur?
- Which data elements were read or modified?
- What safeguards were applied to limit unnecessary exposure?
Regulators also expect purpose limitation, data minimization, and the ability to reconstruct the exact flow of information for incident response. In practice, that means a system must capture fine‑grained request logs, mask sensitive fields on output, and keep an immutable replay of each interaction.
Why the Claude Agent SDK alone falls short
The Claude Agent SDK is designed for developers to embed large‑language‑model capabilities directly into applications. By default the SDK opens a direct socket to the target service, whether a database, an HTTP API, or a remote shell, using a static credential that is baked into the deployment artifact. This approach has three practical gaps for LGPD compliance:
- No central audit trail. Each agent instance writes its own logs locally, making it impossible to assemble a single, organization‑wide view of who queried what.
- No real‑time data masking. Responses flow back to the caller unchanged, so any personal identifiers are exposed to downstream processes.
- No just‑in‑time approval. The request reaches the target immediately, without an opportunity for a data‑owner to review or deny the operation.
Most teams address the first gap by adding OIDC or SAML tokens, thereby ensuring that the request originates from a non‑human identity with least‑privilege scopes. While this limits who can start a session, it does not change the fact that the request still travels straight to the backend service, bypassing any enforcement point that could record, mask, or approve the query.
How hoop.dev creates LGPD‑ready evidence
hoop.dev is a Layer 7 gateway that sits in the data path between any identity (including the Claude Agent SDK) and the target infrastructure. By proxying the connection, hoop.dev becomes the only place where enforcement can happen. It provides three LGPD‑specific outcomes:
- hoop.dev records each session. Every request and response is captured, timestamped, and linked to the caller’s identity token. This unified log satisfies the “who, when, and what” audit requirements.
- hoop.dev masks sensitive fields in real time. Before a response leaves the gateway, configurable patterns are redacted, ensuring that personal identifiers are never exposed downstream. This directly supports LGPD’s data‑minimization principle.
- hoop.dev routes risky queries for human approval. If a request matches a policy that requires review, such as a bulk export of user records, hoop.dev pauses execution and forwards the request to an approver. Only after explicit consent does the operation continue, providing a purpose‑limitation checkpoint.
Because the gateway runs on a network‑resident agent inside the organization’s perimeter, the underlying service credentials never leave the controlled environment. The Claude Agent SDK simply points its client to the hoop.dev endpoint, preserving the existing development workflow while gaining the compliance guardrails.
Integrating the Claude Agent SDK with hoop.dev
The integration is straightforward: configure the SDK’s connection endpoint to the hoop.dev proxy address, and ensure the SDK presents an OIDC token that hoop.dev validates. From that point on, hoop.dev funnels every LLM‑driven query through the gateway and applies the three enforcement outcomes automatically. No code changes beyond the endpoint URL are required, and the open‑source nature of hoop.dev means the policy engine can be extended to match any organization‑specific LGPD rule set.
Getting started
Start by reviewing the getting‑started guide to deploy the gateway in your environment. The learn section provides deeper coverage of session recording, inline masking, and approval workflows. Both resources walk you through connecting a non‑human identity, registering a target resource, and enabling the LGPD‑focused policies.
FAQ
What audit data does hoop.dev capture for LGPD?
hoop.dev logs the caller’s identity, the exact request payload, the timestamp, and the full response after any masking. hoop.dev stores all entries in a secure log that can be exported for regulator review.
Can hoop.dev mask personal data without changing the Claude Agent SDK?
Yes. Masking rules are defined on the gateway side. The SDK sends its response to hoop.dev, which redacts configured fields before the data reaches the SDK or any downstream process.
Do I need to modify my Claude Agent SDK code to use hoop.dev?
No. The only change is to point the SDK’s connection endpoint to the hoop.dev proxy address and provide a valid OIDC token. All enforcement happens inside the gateway.
Explore the open‑source repository on GitHub to contribute or customize the LGPD policies for your organization.
