Putting access controls around Cursor: session recording for AI coding agents (on Postgres)

When a contract developer leaves a project, the AI coding assistant Cursor often inherits their credentials to keep generating queries against the production PostgreSQL database. The assistant can read tables, suggest schema changes, and write test data, all without a human watching. In that situation the organization loses visibility into what the model is doing, and any accidental data leak or malicious query goes unnoticed. A reliable session recording capability is the only way to retain a complete, replayable history of every request and response.

Most teams rely on an OIDC identity provider to issue short‑lived tokens for Cursor. The token proves who the agent is, and the database accepts the connection. That setup satisfies authentication, but it does not place any guard on the traffic itself. The request still travels straight to PostgreSQL, the database processes the command, and there is no independent record of the interaction. Without an audit trail, compliance checks, forensic investigations, and real‑time alerts become guesswork.

hoop.dev solves this gap by inserting a Layer 7 gateway between the AI agent and the database. The gateway becomes the sole data path for the connection, allowing it to capture every query and response, enforce policies, and store a session log. Because hoop.dev sits in the data path, the enforcement outcomes, session recording, inline masking, just‑in‑time approval, are guaranteed to happen regardless of what the client or the database tries to do.

Why session recording matters for AI coding agents

AI assistants generate code at speed, but they also generate noise. A single mis‑prompt can cause a cascade of INSERTs, updates, or schema migrations that affect production data. Session recording provides three critical benefits:

• Forensic traceability: Every SQL statement and its result set are stored, enabling a replay of the exact sequence that led to an unexpected state.
• Compliance evidence: Auditors can verify that only authorized identities accessed the database and that no sensitive columns were exposed without masking.
• Operational insight: Engineers can review AI‑generated workloads to fine‑tune prompts, reduce unnecessary queries, and improve cost efficiency.

Architectural pattern for recording Cursor access

Setup: identity and provisioning

First, configure an OIDC or SAML provider (Okta, Azure AD, Google Workspace, etc.) to issue tokens for the Cursor service account. The token contains group membership that reflects the level of access the AI agent should have, read‑only, read‑write, or admin. This step decides who the request is and whether it may start, but it does not enforce any guard on the database traffic itself.

Data path: hoop.dev gateway

Next, deploy the hoop.dev gateway inside the same network segment as the PostgreSQL instance. The gateway runs an agent that holds the database credentials; the Cursor process never sees them. All client connections are routed through the gateway, which terminates the protocol, inspects the payload, and forwards it to PostgreSQL. Because the gateway is the only point where traffic passes, it can apply session recording consistently.

Enforcement outcomes: session recording

hoop.dev records each session from start to finish. The record includes the raw SQL command, timestamps, the authenticated identity, and the full response. The log is written to a storage backend that is separate from the database, making it difficult for the database to alter the recorded data. When a replay is requested, hoop.dev streams the original request‑response pairs, allowing auditors to see exactly what the AI agent did.

Because hoop.dev is the active subject of the recording operation, removing the gateway would immediately eliminate the session logs. This confirms that the enforcement outcome exists only because hoop.dev sits in the data path.

Getting started

To try this pattern, follow the hoop.dev getting started guide. The documentation walks you through deploying the gateway with Docker Compose, registering a PostgreSQL connection, and configuring OIDC authentication for Cursor. All of the detailed steps are covered in the docs, so you can focus on policy design rather than low‑level plumbing.

For deeper insight into masking, approval workflows, and replay features, explore the feature documentation. These pages show how to combine session recording with other guardrails to build a comprehensive defense‑in‑depth strategy for AI‑driven development.

FAQ

Does session recording add latency to database queries?

hoop.dev records the traffic inline as it passes through the gateway. The additional processing time is minimal and predictable, and it is outweighed by the security and compliance benefits of having a complete audit trail.

Can I mask sensitive columns while still recording the session?

Yes. The gateway can apply inline masking to response fields before they are stored in the session log, ensuring that protected data never leaves the controlled environment while still preserving a full operational record.

Is the session log tamper‑proof?

The log is written to a storage location that the database cannot reach. While hoop.dev does not claim cryptographic immutability, the separation of duties makes unauthorized alteration highly unlikely. Auditors can rely on the log as credible evidence of what transpired.

Ready to see the implementation in action? Explore the open‑source repository on GitHub and start protecting your AI‑driven PostgreSQL workloads today.