All posts
June 18, 20263 min read

Putting access controls around Cursor: session recording for AI coding agents (on Snowflake)

Why session recording matters for Cursor Allowing an AI coding assistant to run queries against Snowflake without a recorded trail creates an invisible attack surface. In many organizations the Cursor agent is given a long‑lived service account, the credentials are baked into CI pipelines, and the agent talks directly to Snowflake. No one sees which statements the model generated, which rows were returned, or whether a query inadvertently leaked sensitive data. If a breach occurs, the forensic

Free White Paper

AI Session Recording + Cursor / AI IDE Security: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

Why session recording matters for Cursor

Allowing an AI coding assistant to run queries against Snowflake without a recorded trail creates an invisible attack surface. In many organizations the Cursor agent is given a long‑lived service account, the credentials are baked into CI pipelines, and the agent talks directly to Snowflake. No one sees which statements the model generated, which rows were returned, or whether a query inadvertently leaked sensitive data. If a breach occurs, the forensic path is missing, compliance audits cannot be satisfied, and the organization cannot prove that AI‑generated code behaved as intended.

Security teams therefore start by moving the identity of the AI workload into an OIDC‑based service principal. The principal is granted the minimum set of Snowflake roles needed for the workload, and token‑based authentication replaces static passwords. This step limits the blast radius of a compromised secret, but it does not close the audit gap. The request still flows straight to Snowflake, the gateway is the Snowflake server itself, and no component on the path records the interaction.

Implementing session recording with hoop.dev

hoop.dev provides the missing data‑path enforcement point. It is a Layer 7 gateway that sits between the Cursor client and the Snowflake endpoint. The gateway authenticates the OIDC token, validates the group membership, and then proxies the wire‑protocol traffic. While proxying, hoop.dev records every request and response, timestamps each packet, and stores a replay‑able session log. Because the gateway is the only place where traffic is inspected, the session recording capability exists solely because hoop.dev occupies the data path.

Key architectural steps are:

  • Deploy the hoop.dev gateway in the same network segment as the Snowflake instance. The quick‑start guide shows how to launch it with Docker Compose.
  • Register Snowflake as a connection inside hoop.dev, supplying the host, port, and the service account that the gateway will use. The gateway holds the credential; the Cursor process never sees it.
  • Configure Cursor to point at the gateway’s address instead of the raw Snowflake endpoint. From the agent’s perspective nothing changes – it still uses its standard Snowflake client library.
  • When a query is issued, hoop.dev forwards the wire‑protocol packets to Snowflake, captures the full round‑trip, and writes a session record to its persistent store.

Because hoop.dev is the sole enforcement point, the recorded session can be replayed in a sandbox, searched for specific statements, or exported for audit purposes. The recorded data includes the exact SQL generated by the AI model, the parameters used, and the result set size, giving teams full visibility into what the AI did.

Continue reading? Get the full guide.

AI Session Recording + Cursor / AI IDE Security: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Benefits of session recording for AI coding agents

  • Forensic completeness: Every AI‑generated query is archived, enabling post‑incident analysis without relying on Snowflake’s own query logs.
  • Compliance readiness: Auditors can request a replay of a specific session, proving that the organization exercised control over AI‑driven data access.
  • Risk mitigation: If a model starts producing unexpected statements, the recorded session can be reviewed and the underlying prompt refined before further damage occurs.
  • Policy enforcement foundation: While the primary focus here is session recording, the same gateway can also block dangerous commands or require human approval for high‑impact operations.

All of these outcomes are possible only because hoop.dev sits in the data path and performs the recording. The identity system alone cannot provide a replayable audit trail; it merely tells the gateway who is making the request.

Getting started

To add session recording for Cursor, start with the getting‑started guide, which walks you through deploying the gateway, registering a Snowflake connection, and pointing your AI agent at the proxy endpoint. Detailed feature explanations are available in the learn section, where you can explore how session logs are stored and accessed.

For the full source code, contribution guidelines, and issue tracker, visit the GitHub repository.

FAQ

Why is session recording necessary for AI agents like Cursor?

AI agents generate code on the fly, often without human review. Session recording captures exactly what the model executed, providing a verifiable trail that can be examined for errors, policy violations, or data leakage.

Can I retrieve recorded sessions after the fact?

Yes. hoop.dev stores each session in a durable backend. You can search by user, time range, or Snowflake object, and replay the full interaction through the UI or API for audit or debugging purposes.

Explore the source and contribute at https://github.com/hoophq/hoop.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot