SOC 2 Compliance for Tool-Using Agents

Tool‑using agents that act on production systems without proper oversight expose your organization to audit failure.

SOC 2 auditors expect concrete evidence that every privileged operation is traceable, that access is granted only for the minimum time needed, and that sensitive data never leaves the environment unprotected. The evidence package typically includes session recordings, request‑and‑approval logs, identity verification records, and any data‑masking decisions applied during the interaction.

When an automated script, CI job, or AI‑assisted assistant connects directly to a database, Kubernetes cluster, or SSH host, the organization often relies on the script’s own logging. Those logs are scattered, lack tamper evidence, and rarely capture the exact commands that were run. Moreover, the script’s credentials are often stored in long‑lived secrets, making it impossible to prove that a particular user authorized the action at the moment it occurred.

To satisfy SOC 2, the control model must address three gaps:

• Identity provenance: The system must prove which human or service identity initiated the request.
• Just‑in‑time authorization: Access should be granted for a single session and must be approved when the operation is risky.
• Full‑session audit: Every command and response must be recorded in a tamper‑evident manner for later review.

Those requirements can be met only when the enforcement point sits on the data path, not in the surrounding identity provider or in the agent’s own process. The identity provider (Okta, Azure AD, Google Workspace, etc.) can verify who the caller is, but it cannot inspect the payload of a PostgreSQL query or the keystrokes of an SSH session. Likewise, a CI runner can hold a short‑lived token, yet it cannot block a dangerous command before it reaches the target.

SOC 2 audit evidence generated by hoop.dev

hoop.dev is a Layer 7 gateway that lives between identities and infrastructure. Because it proxies the traffic, hoop.dev can apply the controls required by SOC 2 directly on the connection. The gateway records each session, stores the raw command stream, and timestamps every line of output. When a request matches a policy that requires human review, such as a DROP DATABASE command or a privileged Kubernetes exec, hoop.dev pauses the flow and routes the request to an approver. The approval decision, the approver’s identity, and the time of the decision are all persisted alongside the session record.

In addition to logging, hoop.dev can mask fields that contain personally identifiable information or secret keys. The masking decision is recorded so that auditors can see that the data was protected without exposing the original values. Because the gateway holds the target credentials, the downstream system never sees the user’s secret, eliminating credential leakage from the audit trail.

All of these artifacts are produced because hoop.dev sits in the data path. The setup, OIDC or SAML authentication, role‑based groups, and short‑lived service accounts, determines who may start a connection, but the enforcement outcomes (audit logs, approvals, masking, session replay) exist only because hoop.dev intercepts the traffic.

Key SOC 2 artifacts

• Session logs that capture every request and response and cannot be altered.
• Just‑in‑time approval records with approver identity and timestamps.
• Inline masking actions with a record of which fields were redacted.
• Credential isolation so that the downstream service never sees the caller’s secret.
• Replay capability that lets auditors view the exact sequence of commands.

By centralising these artifacts, hoop.dev gives auditors a single source of truth for the entire lifecycle of a tool‑using agent’s activity.

Getting started with hoop.dev

Deploy the gateway using the Docker Compose quick‑start or the Kubernetes manifests described in the getting‑started guide. Configure a connection for the target system, whether it is a PostgreSQL database, a Kubernetes cluster, or an SSH host, by supplying the host details and the service credential that hoop.dev will use. Identity is handled via OIDC or SAML; the gateway validates the token and extracts group membership to drive policy decisions.

Once the gateway is running, agents and automated tools connect through it using their normal client binaries (psql, kubectl, ssh, etc.). The gateway then enforces the SOC 2 controls described above without any code changes in the agents.

FAQ

Do I need to change my existing scripts?

No. Scripts continue to use their standard client binaries; they only point to the gateway’s address instead of the raw target. The gateway handles authentication and policy enforcement transparently.

How does hoop.dev ensure logs cannot be altered?

Because the gateway writes logs as the data flows through the proxy, the records cannot be changed after the session ends, giving auditors confidence in their integrity.

Can I use hoop.dev with multiple identity providers?

Yes. hoop.dev acts as a relying party for any OIDC or SAML provider, allowing you to federate users from Okta, Azure AD, Google Workspace, or other IdPs while keeping the enforcement point consistent.

For a deeper dive into the feature set, explore the learn page. The source code and contribution guidelines are available on GitHub.