Putting access controls around Claude: data masking for AI coding agents (on internal SaaS)

When an internal Claude instance reads source files, any accidental exposure of API keys, passwords, or proprietary algorithms can cost a company millions in intellectual‑property loss and regulatory fines. The damage is amplified because developers often feed entire codebases to the model, trusting that the service will keep the content private. If the AI returns snippets that contain secrets, downstream tools or logs may capture them, creating a persistent leakage vector. In short, without a guardrail, data masking failures turn a productivity boost into a compliance nightmare.

Why data masking matters for Claude

Claude, like other LLM‑powered coding assistants, processes raw text and emits it verbatim. When a developer asks the model to refactor a function that contains a hard‑coded credential, the response may include that credential in clear text. If that output is stored in version control, shared in chat, or logged by CI pipelines, the secret is exposed to anyone with read access. Data masking prevents such leakage by stripping or redacting sensitive patterns before they leave the model.

Current practice: unrestricted direct access

Most teams grant developers a static API token that the Claude service trusts. The token is embedded in CI scripts, local IDE plugins, and sometimes shared across the organization. The connection goes straight from the developer's machine to the Claude endpoint. There is no intermediate checkpoint that can inspect the payload, enforce redaction, or record what was asked. As a result, teams have no visibility into which code fragments were sent, nor any way to block a response that contains a secret. The setup satisfies the need for quick access but leaves the data path wide open.

What the precondition fixes – and what it still leaves exposed

Introducing a policy that requires data masking is a step forward. The policy can be expressed in an internal security guideline that says, “All Claude queries must have secrets redacted before they leave the model.” However, if the request still travels directly to Claude, the guideline is unenforced. The request reaches the model unmediated, the response is returned unchanged, and no audit trail exists. The missing piece is a control point that sits between the caller and Claude, capable of applying the mask in real time and recording the interaction.

hoop.dev as the data‑path enforcement point

hoop.dev provides a Layer 7 gateway that sits exactly where the control is needed. Identity is handled through OIDC or SAML, so only authenticated users can initiate a Claude session. The gateway holds the service credential, keeping it out of developers' hands. When a request arrives, hoop.dev forwards it to Claude, monitors the response stream, and applies inline data masking based on configurable patterns. The gateway also records the full session for replay, enabling post‑incident review.

Setup – establishing who may talk to Claude

The first step is to provision a non‑human identity for the Claude service in your identity provider. Assign the minimal set of groups that represent developers who are allowed to use the AI assistant. hoop.dev verifies the presented token, extracts group membership, and maps it to a Just‑In‑Time access grant. No standing credential is ever exposed to the end user.

The data path – where enforcement lives

All traffic to Claude passes through the hoop.dev gateway. Because the gateway is the only point that sees the clear‑text payload, it is the sole place where masking can be enforced. hoop.dev inspects each response, redacts any pattern that matches a secret‑type rule, and then forwards the sanitized output to the client. Because the gateway sits in the data path, it can also reject commands that violate policy before they reach Claude.

Enforcement outcomes – what hoop.dev guarantees

• hoop.dev masks sensitive fields in every Claude response, ensuring that secrets never leave the controlled boundary.
• hoop.dev records each session, providing a complete audit trail for compliance and forensic analysis.
• hoop.dev can require a human approver for queries that match high‑risk patterns, adding a manual checkpoint before the model processes potentially dangerous code.
• hoop.dev never exposes the Claude service credential to the developer, eliminating credential sprawl.

These outcomes are possible only because hoop.dev resides in the data path; the same setup without the gateway would leave the request unfiltered and unrecorded.

Getting started

To implement data masking for Claude, follow the getting‑started guide to deploy the gateway and register a Claude connection. The learn section contains detailed explanations of masking rule configuration and session‑recording options. The repository on GitHub provides the Docker Compose file and Helm chart for quick deployment.

FAQ

Does hoop.dev store any of my code?

No. The gateway only proxies traffic and records metadata about the session. Full payloads are retained only for the duration needed to apply masking and are then discarded according to your retention policy.

Can I customize which patterns get masked?

Yes. hoop.dev lets you define regex‑based rules that target API keys, passwords, or any custom secret format. These rules are evaluated in real time on every Claude response.

What happens if a developer tries to bypass the gateway?

Because the Claude service credential is stored exclusively in the gateway, any direct call without a valid OIDC token will be rejected. The only way to reach Claude is through hoop.dev, guaranteeing that masking and logging are always applied.

Explore the open‑source repository on GitHub to get the code, contribute improvements, and see the full feature set: hoop.dev on GitHub.