heatdrop.ai

The hottest AI & LLM repositories on GitHub — measured, ranked, and explained.

← all repositories
hoophq/hoop

A bouncer that reads your database's mind

hoop is a layer 7 gateway that intercepts wire protocols to mask PII, block destructive commands, and make AI agents ask permission before touching production.

714 stars Go AgentsCoding AssistantsLLMOps · Eval
View on GitHub Homepage
hoop
Velocity · 7d
+0.5
★ / day
Trend
steady
star history

What it does

hoop sits between your team (humans, AI agents, services) and your infrastructure (databases, Kubernetes, SSH, APIs). It parses wire protocols natively — PostgreSQL, MySQL, MongoDB, Kubernetes exec, HTTP/gRPC, MCP — and applies policy inline before anything reaches the target system. No agents on endpoints, no code changes, no schema mapping.

The interesting bit

The ML-powered masking is the detail that matters. It understands context: 555-1234 in a phone column gets masked, BUILD-555-1234 in a CI log does not. One rule covers thousands of resources without regex wrangling. The “under 5ms” latency claim is in the README but not independently verified here.

Key highlights

  • Data masking — ML-based PII/PHI/PCI detection applied to database responses, API payloads, terminal output before bytes leave the gateway
  • Guardrails — Block DROP TABLE, DELETE without WHERE, rm -rf, kubectl delete namespace at the protocol layer, not after the fact
  • Approval workflows — Risky operations route through Slack or Teams for human sign-off, time-bound and logged
  • AI agent governance — Claude Code, Cursor, and MCP clients authenticate as their human user via OAuth 2.1, inherit permissions, and hit the same policy engine; agents wait on approval just like people
  • Session recording — Full replay of SQL, shell, kubectl, HTTP traffic indexed by user, table, query; generates SOC 2/GDPR/PCI DSS/HIPAA evidence

Caveats

  • The “5,000+ databases protected” and “NYSE-listed companies” claims are stated without sourcing or methodology in the README
  • MCP gateway and AI controls are newer features (May 2026); maturity at scale is unclear from the sources
  • Self-hosted only; no managed SaaS option mentioned in the README

Verdict

Worth evaluating if you run production infrastructure accessed by multiple humans or AI agents, especially if compliance audit trails are non-negotiable. Skip if you need a fully managed service or if your threat model is satisfied by basic PAM tools that only log who connected, not what data left the session.

heatdrop uses Google Analytics to see which pages get read — nothing else. Your call. How we handle data.