What You’ll Accomplish
AI Session Analyzer is Hoop’s AI-powered risk analysis capability for one-off sessions. It evaluates commands before execution and applies configured policies automatically, so you can:- Detect risky commands in real time before impact
- Block destructive or high-risk operations proactively
- Apply consistent policy decisions across resources
How It Works
Quick Start
Prerequisites
To get the most out of this guide, you will need to:- Either create an account in our managed instance or deploy your own hoop.dev instance
- You must be your account administrator to perform the following actions
- Access to AI Session Analyzer settings in the Web App
- A valid AI provider account and API key
Step 1: Configure the AI Provider
In AI Session Analyzer > Configure:- Select one provider:
- Azure OpenAI
- OpenAI
- Anthropic
- Custom (OpenAI-compatible API)
- Select a model (when applicable)
- Enter the API key
- Click Save
- Required fields cannot be empty
- Credentials are validated before save
Configuration saved.
Step 2: Create the First Rule
In AI Session Analyzer > Rules:- Click to create the first rule
- Add a Name and optional Description
- Configure rule scope (roles and attributes)
- Select risk action behavior (for example, allow or block)
- Save the rule
Step 3: Run a Command in Terminal
Open a terminal session and run a command. The command is evaluated in real time using your configured provider and rules.Step 4: Verify the Result
Confirm the resulting action and risk status in the terminal and in session details.Runtime Analysis Experience
In-Terminal Behavior
When a terminal session starts:- Terminal shows an in-session status card:
AI Session Analyzer is thinking... - Analyzer evaluates activity in real time
- If no rule is violated, show Allowed/success status (non-blocking notification)
- If any configured risk rule is triggered, show Blocked status (prominent restriction notification)
Session Details Review
In the session detailed view:- Top status list includes AI Session Analyzer item
- Item displays action status: Allowed or Blocked
- A dedicated card shows:
- Title plus risk level indicator (Low Risk, Medium Risk, High Risk)
- Action applied by rule (Allowed or Blocked)
Status Types
| Status | Meaning |
|---|---|
| Allowed | Session complies with configured risk rules |
| Blocked | Session violates one or more configured risk rules |
Best Practices
Recommended Risk Evaluation
Use the recommended risk evaluation to apply policies based on each session’s risk profile.
Scope by Role
Apply stricter policies to privileged roles and production-facing resources first.
Review Outcomes Weekly
Audit Allowed/Blocked trends and tune rules for false positives or blind spots.
Troubleshooting
Rules Tab Is Empty
Check:- Configure tab was completed first
- Provider, model, and API key are valid
- Configuration was saved successfully
Save Is Blocked
Check:- All required fields are filled
- API key is valid for selected provider/model
- Custom provider fields are complete (if using OpenAI-compatible API)
Analyzer Not Applying Rules in Session
Check:- At least one rule exists and is active
- Rule scope (roles/attributes) matches the current session
- Commands are running in Web Terminal where analyzer status is shown
Next Steps
Guardrails
Add deterministic query and command controls
Live Data Masking
Protect sensitive output with automatic redaction
Session Recording
Audit command history and investigation trails
Access Requests
Require approvals for sensitive operations