Many assume that AI coding assistants such as Cursor automatically log every change they make, but they do not; session recording is not built in. In reality, without an explicit gateway, no session data is captured, leaving teams blind to what the model actually executed on their code base. This gap is especially risky on-prem environments where the AI agent runs against internal repositories that are not exposed to a cloud-managed audit service.
When a developer enables Cursor on a self-hosted development server, the agent typically authenticates with a static service account and opens a direct TCP stream to the local file system or git daemon. The connection carries the model’s prompts and the resulting file writes, yet there is no record of who triggered the action, what was changed, or whether a policy was violated. The result is a black-box interaction that cannot be reviewed after the fact.
Why session recording matters for on-prem Cursor deployments
The immediate need is to capture a complete, immutable log of every AI-driven edit. Session recording provides three core benefits: forensic visibility, compliance evidence, and a replay capability for debugging unexpected changes. Without it, a security audit cannot prove that an AI assistant behaved within approved boundaries, and incident response teams must rely on indirect clues such as file timestamps.
Even when the organization enforces least-privilege service accounts (the Setup phase), the request still reaches the target repository directly. The Setup decides who may start the request, but it does not enforce what the request can do, nor does it retain a trustworthy audit trail. Those enforcement responsibilities belong to the data path that sits between the AI agent and the internal resource.
Placing hoop.dev in the data path
hoop.dev acts as a Layer 7 gateway that proxies the Cursor connection. The agent authenticates to hoop.dev using OIDC or SAML, so the identity check happens before any traffic reaches the repository. Once the identity is verified, hoop.dev forwards the request to the on-prem resource while inspecting the protocol payload. Because the gateway sits in the data path, it can apply session recording, inline masking, and just-in-time approval before the underlying system ever sees the command.
From an enforcement standpoint, hoop.dev records each interaction in a replayable session log. The log includes timestamps, the originating identity, and the exact data exchanged between Cursor and the repository. hoop.dev ensures the logs cannot be tampered with by the agent’s process.
How the architecture satisfies the required controls
- Setup: Non-human identities for Cursor are provisioned in the identity provider. Tokens are short-lived and scoped to the hoop.dev gateway, ensuring that only the gateway can act on behalf of the agent.
- The data path: All Cursor traffic is forced through hoop.dev. This single control surface is the only place where policy checks occur, guaranteeing that every request is subject to the same guardrails.
- Enforcement outcomes: hoop.dev records each session, provides replay for auditors, and can block commands that violate policy before they reach the repository. It also supports just-in-time approval workflows, so a privileged engineer can approve a risky edit in real time.
Because the gateway holds the credential needed to talk to the repository, the Cursor agent never sees the underlying secret. This separation eliminates the risk of credential leakage and ensures that every edit is traceable to a verified identity.
Getting started
To add session recording for Cursor on-prem, deploy the hoop.dev gateway using the Docker Compose quick-start, configure the Cursor connection in the portal, and enable the recording guardrail. The official getting-started guide walks through the deployment steps, while the learn section explains how to tune guardrails and view recorded sessions.
Visit the open-source repository on GitHub to explore the code and contribute improvements: https://github.com/hoophq/hoop.
FAQ
What does session recording capture for an AI coding agent?
hoop.dev records the full request and response stream between Cursor and the target repository, along with the identity that initiated the session and the exact timestamps of each operation.
Will inserting a gateway increase latency for Cursor?
Because hoop.dev operates at the protocol layer and runs on the same network segment as the repository, added latency is typically negligible compared with the time the AI model spends generating suggestions.
How are recorded logs protected?
Logs are stored by hoop.dev in a location that is isolated from the AI agent’s runtime. Access to the logs is governed by the same identity checks that protect the gateway, ensuring that only authorized auditors can retrieve them.
