All posts
June 22, 20263 min read

Non-Human Identities in ReAct, Explained

An automated CI pipeline runs a nightly build that pushes a new Docker image, then triggers a ReAct‑driven job using a non-human identity. The job runs under a service account whose credentials were copied from a shared credentials file and never rotated. In many organisations, that is exactly how non-human identities are used today. Engineers create a long‑lived API token, embed it in a configuration repository, and hand the same token to every automation script that needs to talk to ReAct. Th

Free White Paper

Human-in-the-Loop Approvals + Non-Human Identity Management: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

An automated CI pipeline runs a nightly build that pushes a new Docker image, then triggers a ReAct‑driven job using a non-human identity. The job runs under a service account whose credentials were copied from a shared credentials file and never rotated.

In many organisations, that is exactly how non-human identities are used today. Engineers create a long‑lived API token, embed it in a configuration repository, and hand the same token to every automation script that needs to talk to ReAct. The token carries broad privileges – it can read, write, and delete data across multiple environments – and there is no central log of which script issued which request. When a bug in the automation code runs, the damage spreads quickly and the forensic trail is a mess.

This pattern satisfies the immediate need for a machine identity that can act without a human present, but it leaves three critical gaps. First, the identity is static; rotation is manual and infrequent. Second, the privilege set is coarse; the token is often over‑scoped for the specific task. Third, there is no visibility into the exact commands that the non-human entity issued, nor any way to block a dangerous operation before it reaches the target system.

Why a dedicated gateway matters for non-human identity

Non-human identity, by definition, is an identity that is not tied to a human user – service accounts, CI jobs, bots, and AI agents are all examples. The security model for these identities must enforce least‑privilege, provide just‑in‑time (JIT) access, and generate immutable evidence of every interaction. Those controls cannot be reliably applied at the identity provider alone; the provider decides *who* can start a request, but it does not sit in the data path where the request actually reaches the ReAct backend.

Enter hoop.dev. It is a Layer 7 gateway that sits between the non-human identity and the ReAct service. The gateway receives the OIDC token that represents the service account, validates it, and then proxies the protocol‑level traffic to ReAct. Because hoop.dev is the only point where the request passes before reaching the backend, it can enforce the missing controls.

Once the request is inside the data path, hoop.dev records the entire session, masks any sensitive fields that appear in responses, and can require a human approver for high‑risk commands. If a command is deemed unsafe, hoop.dev blocks it before it is executed. All of these enforcement outcomes are possible only because hoop.dev is the active component in the data path; without it, the service account would talk directly to ReAct with no guardrails.

Continue reading? Get the full guide.

Human-in-the-Loop Approvals + Non-Human Identity Management: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

The setup phase remains unchanged: you still configure OIDC or SAML with your identity provider, assign the service account to the appropriate groups, and register the ReAct endpoint as a connection in hoop.dev. Those steps decide *who* the request is, but they do not enforce *what* the request may do. hoop.dev provides the enforcement layer that turns a static, over‑scoped token into a controlled, auditable, JIT‑enabled non-human identity.

With hoop.dev in place, every interaction from a CI job or an AI‑driven automation is captured as a replayable session. Sensitive columns such as passwords or personal data can be redacted in real time, satisfying compliance and privacy requirements. Approvers can be notified automatically when a script attempts a schema change, and the request can be halted until an authorized human signs off. The result is a non-human identity that is both powerful enough to drive automation and safe enough to prevent accidental or malicious misuse.

For a quick start, see the getting‑started guide. Detailed feature documentation, including how masking and approval workflows work, is available in the learn section.

FAQ

Does hoop.dev replace my existing CI credentials? No. hoop.dev consumes the existing OIDC token that represents your service account. It does not generate new credentials for the CI job; it simply routes the traffic through a controlled gateway.

Can I still use ReAct’s native client libraries? Yes. The client libraries connect to the hoop.dev endpoint just like they would connect directly to ReAct. The gateway is transparent to the application code.

What evidence does hoop.dev provide for audits? hoop.dev records each session, stores masked responses, and can export the logs to your SIEM or audit platform, so it provides a complete, tamper‑evident trail of every non‑human interaction.

Explore the source code and contribute on GitHub.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot