BY HOOP.DEV / OPEN SOURCE

Know what your AI agents
are actually touching

One command scans your AI session logs locally, surfacing security risks, PII exposure, and unauthorized access before they become incidents. For free.

Prebuilt, no compile step. macOS (arm64, x64) and Linux (x64, arm64).Or install globally: npm i -g @hoophq/rs && rsOpen source: github.com/hoophq/rs

Open SourceRuns LocallyNo SignupFree
01

Install & Run

One command. Works on any hoop session export.

02

Get your score

Security score from 0–100 with breakdown by risk category.

03

Understand your exposure

PII types, access patterns, and risk events surfaced in seconds.

Sample report output

AI Risk Summary
Agent session analysis · 250 sessions scanned over 30 days, no content sent to the gateway
Claude Code 143Cursor 91OpenCode 16
250
sessions
Sessions by risk
64/100Security Score
250 sessions3 of 3 tools with sessions
Sessions scanned
250
9,847 messages analyzed
Critical sessions
10
4% of all sessions
PII findings
1,617
188 high severity · 8 entity types
Guardrail violations
137
94 output · 43 input
PII Detection
1,617 findings · 8 entity types · 188 high severity
EMAIL_ADDRESS
Contact · medium severity
487
71 sess
PERSON
Identity · medium severity
412
63 sess
PHONE_NUMBER
Contact · medium severity
256
44 sess
IP_ADDRESS
Network · low severity
198
52 sess
US_SSN
Gov ID · high severity
84
19 sess
LOCATION
Identity · low severity
76
38 sess
CREDIT_CARD
Financial · high severity
63
15 sess
API_KEY
Secret · high severity
41
13 sess

Fully offline

Scans run on your machine. No session content ever leaves your environment.

Open source

Non-commercial license. Inspect every line of code before running it.

Minimal telemetry

We only know the tool ran. Not what it found. Not who ran it.

You just saw what your agents touched last month. But this is just a snapshot.

hoop.dev sits in every session recording it, controlling access and redacting PII before it ever leaks. No exports, no separate tool.