All posts
June 22, 20264 min read

Policy as Code for the Claude Agent SDK

How can you ensure the Claude Agent SDK respects your organization’s policy as code without exposing secrets? Most teams hand the SDK a static API key and let it call Claude directly. The key lives in source code, CI pipelines, or developer laptops. There is no runtime gate that checks whether a prompt complies with internal data‑handling rules, and there is no audit trail that shows which prompts were sent or what responses were returned. When a developer accidentally includes a customer’s per

Free White Paper

Pulumi Policy as Code + Claude Code Security: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

How can you ensure the Claude Agent SDK respects your organization’s policy as code without exposing secrets?

Most teams hand the SDK a static API key and let it call Claude directly. The key lives in source code, CI pipelines, or developer laptops. There is no runtime gate that checks whether a prompt complies with internal data‑handling rules, and there is no audit trail that shows which prompts were sent or what responses were returned. When a developer accidentally includes a customer’s personal identifier in a prompt, the request sails straight to Claude’s service, the response is streamed back, and the organization has no evidence of the breach.

This unsanitized state is common because the SDK is designed for convenience. It authenticates with a bearer token, opens an HTTPS connection, and returns JSON. The surrounding application code rarely adds a policy‑evaluation layer, and the SDK itself has no built‑in mechanism to enforce “policy as code”. The result is a blind spot: the request reaches the LLM service directly, with no inline masking, no just‑in‑time approval, and no record of what was asked.

What you need is a way to declare the allowed prompt patterns, required redactions, and approval workflows as code, and to have those rules applied automatically every time the SDK talks to Claude. Policy as code can define forbidden keywords, maximum token lengths, and mandatory sanitization of PII. However, even with a policy file in place, the SDK still initiates the connection itself. The request bypasses any enforcement point, meaning the policy never gets enforced, the response is never masked, and there is still no immutable log of the interaction.

Enter hoop.dev. hoop.dev acts as an identity‑aware proxy that sits in the data path between the Claude Agent SDK and the Claude service. By routing all SDK traffic through hoop.dev, you move the enforcement surface out of the client process and into a controlled gateway. hoop.dev validates each request against your policy as code, blocks disallowed prompts, applies real‑time masking to any response that contains sensitive data, and records the full session for replay and audit.

Setup: identity and least‑privilege grants

The first step is to configure an OIDC or SAML identity provider that issues short‑lived tokens for developers and automated agents. These tokens identify who is making the request and what groups they belong to. hoop.dev consumes the token, extracts group membership, and maps it to the policy definitions you have authored. Because the token is short‑lived and scoped, the risk of credential leakage is reduced.

The data path: hoop.dev as the enforcement gateway

When the Claude Agent SDK sends an HTTP request, it is directed to the hoop.dev endpoint instead of Claude’s public API. hoop.dev terminates the TLS connection, inspects the request payload, and evaluates it against the declared policy as code. If the prompt contains a prohibited phrase or exceeds a token limit, hoop.dev rejects the request before it ever reaches Claude. If the request passes, hoop.dev forwards it to Claude, receives the response, and applies any inline masking rules, such as redacting email addresses or credit‑card numbers, before returning the result to the SDK.

Continue reading? Get the full guide.

Pulumi Policy as Code + Claude Code Security: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Enforcement outcomes that only hoop.dev can provide

  • hoop.dev blocks disallowed prompts in real time, ensuring that policy as code is the gatekeeper, not the SDK.
  • hoop.dev masks sensitive fields in Claude’s responses, preventing accidental leakage of PII back to the application.
  • hoop.dev records every request and response, creating a durable audit log that can be used as evidence during compliance reviews and forensic investigations.
  • hoop.dev can trigger a just‑in‑time approval workflow for high‑risk prompts, requiring a human reviewer before the request is forwarded.
  • hoop.dev never exposes the underlying Claude credentials to the SDK; the agent only sees a short‑lived session token.

These outcomes exist because hoop.dev occupies the only point where traffic can be inspected and altered. Without that gateway, the SDK would continue to operate unchecked.

What to watch for when implementing policy as code

Define clear policy boundaries: specify which data elements must be redacted, enumerate forbidden topics, and set limits on prompt length. Keep the policy file versioned in source control so changes are auditable. Test policies in a staging environment before rolling them out to production. Remember that policy enforcement is only as strong as the gateway; ensure hoop.dev is deployed in a network segment that is reachable by all SDK clients but isolated from the internet.

For a step‑by‑step walkthrough of deploying hoop.dev, see the getting started guide. Detailed documentation of policy definition syntax and masking capabilities is available in the learn section. Both resources walk you through configuring the OIDC provider, registering the Claude endpoint, and authoring policy as code.

When the gateway is in place, you gain confidence that every interaction with Claude is governed by code, observable, and reversible. This alignment between development velocity and security compliance is essential for any organization that relies on LLM agents to process sensitive data.

Explore the open‑source implementation on GitHub to see how hoop.dev integrates with the Claude Agent SDK and to contribute improvements.

FAQ

What is policy as code for LLM agents?

Policy as code is a declarative set of rules that define allowed prompt structures, required data sanitization, and approval workflows. It is stored in a version‑controlled file and evaluated automatically at runtime.

How does hoop.dev enforce those rules?

hoop.dev intercepts every HTTP request from the SDK, runs the request body through the policy engine, blocks or modifies the request as needed, and records the outcome.

Does hoop.dev store my Claude API credentials?

No. hoop.dev holds the service credential internally and presents short‑lived session tokens to the SDK, so the agent never sees the raw API key.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot