Many teams assume that an AI coding agent such as Claude can be given unrestricted database access because the model only generates queries when asked. The reality is that an unconstrained connection gives the agent the same privileges as any human user, exposing production data and creating a blind spot for compliance.
Claude runs inside a Kubernetes pod, often alongside other services that already have network reach to internal databases. When the pod is granted a static credential or a broad service‑account role, every query it issues is executed directly against the database engine. If the model misinterprets a prompt, it can issue destructive statements, exfiltrate sensitive rows, or bypass row‑level security without any audit trail. The lack of visibility also makes it impossible to prove that the agent complied with data‑handling policies.
Organizations typically solve the identity problem by issuing short‑lived OIDC tokens or by scoping the service account to the minimal set of tables. Those steps determine *who* can start a connection, but they do not control *what* the request does once it reaches the database. The traffic still flows straight from the pod to the DB, meaning there is no inline masking, no just‑in‑time approval workflow, and no recording of the session for later review. In short, the request reaches the target directly, with no audit, no masking, and no way to block dangerous commands.
hoop.dev addresses this gap by inserting a Layer 7 gateway between Claude’s pod and the database. The gateway becomes the only place where enforcement can happen, turning the data path into a policy enforcement point.
Setup: identity and least‑privilege grants
The first layer of defense is still the identity system. Claude’s pod authenticates to the gateway using an OIDC token issued by the organization’s IdP. The token carries group membership and any custom attributes that define the agent’s role. The gateway validates the token, extracts the identity, and maps it to a set of allowed actions. This setup decides who may initiate a connection, but it does not by itself enforce query‑level policies.
Data path: the gateway as the enforcement boundary
When the request leaves the pod, it is routed through hoop.dev’s gateway. The gateway terminates the client protocol, inspects each statement, and then forwards it to the database only after applying the configured policies. Because all traffic passes through this point, the gateway can enforce controls that would be impossible to guarantee on the client side.
Enforcement outcomes for database access
- hoop.dev masks sensitive columns in query results, ensuring that downstream logs or UI displays never expose PII.
- It requires just‑in‑time approval for high‑risk statements such as DROP TABLE or bulk deletes, routing those commands to an authorized reviewer before they are executed.
- It blocks commands that match a deny list, preventing accidental or malicious data loss.
- It records every session, including the full request and response stream, so auditors can replay exactly what Claude queried.
- It isolates the credential in the gateway, so the Claude pod never sees the database password or IAM role.
These outcomes exist only because the gateway sits in the data path; without it, the same identity and role configuration would leave the database exposed to unchecked queries.
Getting started with hoop.dev
To protect Claude’s database access, deploy the gateway alongside your Kubernetes cluster. The open‑source repository provides a Docker Compose quick‑start that includes OIDC authentication, default masking policies, and approval hooks. Detailed guidance is available in the getting‑started guide and the broader learn section. Follow the documentation to register the target database, define the masking rules for sensitive columns, and configure the approval workflow that matches your organization’s risk tolerance.
FAQ
Will the gateway add noticeable latency to Claude’s queries?
Because hoop.dev operates at the protocol layer, the additional round‑trip is limited to the inspection and policy evaluation steps. In most workloads the latency is measured in milliseconds and is outweighed by the security benefits.
Can I still use existing database client libraries inside the Claude pod?
Yes. The pod connects to the gateway using the same connection string it would use for the database. The gateway presents a compatible endpoint, so no code changes are required.
How does this help with compliance audits?
hoop.dev generates a complete audit trail of every query, who initiated it, and any masking or approval actions applied. Auditors can retrieve session recordings to demonstrate adherence to data‑handling policies without needing to instrument the application code.
Explore the source code, contribute improvements, and see the full feature set on GitHub.
