Hoop's MCP admin server: AI agents don’t get a governance exemption

Luis Felipe Dias

11 May 2026 • 3 min read

Admin work is the part of infrastructure engineering nobody talks about loving. Clicking through consoles, approving the same requests over and over, alt-tabbing out of the actual problem to provision yet another connection. It’s the work that pulls you out of flow and into the ticket queue.

The pitch for AI agents was that you’d get some of that time back. And for read-only tasks, it’s mostly working. Your agent can summarize sessions, pull audit logs, list connections. The minute the work requires a write (update a guardrail, approve a review, provision a connection) you’re back in the console clicking buttons by hand.

Two reasons that gap stays open:

Raw admin API tokens route the agent around your governance layer. Reads are fine. Writes don’t land in the same audit log as your humans’. Approval workflows skip the agent entirely. Role boundaries get enforced at the API gateway, not the policy engine.
Human-in-the-loop on every write slows incident response back to ticket speed and stalls the AI productivity story you sold leadership.

Neither is the deal you signed up for.

Today we’re shipping the Hoop MCP admin server, an embedded Model Context Protocol implementation inside the Hoop gateway that closes both gaps.

What does MCP actually solve, and what doesn’t it solve?

Model Context Protocol gives agents a clean, standardized way to call tools. Claude Code, Cursor, and any MCP-compatible client can discover an MCP server, see what it can do, and call into it without bespoke integration work per platform.

What MCP does not do, on its own, is solve the governance problem. The protocol is a transport and a tool-description format. Auth, audit, and approval still live wherever you put them. Most agent admin integrations today put them nowhere.

How Hoop closes it

The MCP server runs at the policy engine, not at the API gateway. Same audit log, same approval gates, same role boundaries. Different transport, identical governance.

Hoop is the open-source access gateway between engineers, AI agents, and infrastructure. We embedded an MCP server inside the gateway itself, mounted at /api/mcp. That one design choice does the work:

The agent connects with a bearer token tied to a Hoop user identity.
Every call passes through the same Gin middleware that protects every other Hoop API route.
AuditMiddleware records the call alongside human admin activity in the same log.
RBAC, ABAC, and access request rules apply automatically. If your policy says engineers cannot delete production connections without approval, the agent inherits that policy the moment it picks up the token.

No parallel agent path. Agents run on the same rails your humans do, with the same boundaries enforced at the policy engine, not the API gateway.

Traditional REST API token vs Hoop MCP server

Traditional REST API token:

Reads and writes hit the API gateway
Audit log separate from human admin actions
Approval workflows bypassed
Role boundaries enforced at the gateway

Hoop MCP server inside the gateway:

Reads and writes hit the policy engine
Same audit log as human admin actions
Approval workflows apply identically
Role boundaries enforced at the policy engine

What this looks like day to day

Mid-incident, your on-call asks Claude Code to add a guardrail blocking DROP TABLE on prod-postgres.

The agent calls the tool, the change hits the policy engine, the audit log records who initiated it and through which client.

A new service needs database access.

Your agent provisions the connection from inside the editor. The access request rule fires. The right reviewer gets pinged.

A teammate is blocked on a review.

Your agent surfaces it. You approve from your terminal. The approval is logged exactly as it would have been from the UI.

Every action runs through your existing auth check, your existing audit log, your existing approval workflow. The agent gets faster. Governance stays the same size it was.

Connect Claude Code

Add this to ~/.claude/settings.json or a project’s .mcp.json:

{
  "mcpServers": {
    "hoop": {
      "type": "http",
      "url": "https:///api/mcp",
      "headers": {
        "Authorization": "Bearer "
      }
    }
  }
}

Restart Claude Code. It discovers the 36 tools. Ask it to “list my connections” or “create a guardrail that blocks DROP TABLE on prod-postgres” and it works. Cursor and other MCP clients connect the same way.

What ships in v1

36 admin tools across 10 resource domains:

Connections (5 tools): list, get, create, update, delete
Guardrails (5): full CRUD on dangerous-command rules
Data masking (5): full CRUD on PII detection rules
User groups (3) and users (2)
Access request rules (5): full CRUD
Reviews (3): list, get, approve/reject/revoke
Runbook rules (5): full CRUD
Sessions (2): list, get details
Server info (1): version, license, uptime

The server uses the official github.com/modelcontextprotocol/go-sdk v1.5.0 over Streamable HTTP.

What’s next

Two more pieces ship in May:

User-facing MCP tools so any developer’s agent can run queries and hit approval gates the same way humans do.
OAuth 2.1 for teams that want short-lived JWTs instead of long-lived bearer tokens.

Both build on the same /api/mcp endpoint.

Run it

Hoop is open source under MIT. The MCP admin server is in the latest gateway release.

curl -sL https://hoop.dev/docker-compose.yml > docker-compose.yml && docker compose up

If your AI agent has more reach than your audit log, your governance has a hole in it. We gave you 36 tools to close it.