Hooking OPA into Coding Agents

Your developers are using AI coding agents. Maybe it’s sanctioned, maybe it’s shadow IT, but it’s happening. And if you’ve spent years building guardrails around your CI/CD pipelines, your infrastructure provisioning, and your deployment processes, you’re probably asking the same question we were: how do we apply policy-as-code to this?

The challenge is that coding agents operate differently than traditional automation. They’re non-deterministic. You can tell an agent “don’t touch production configs” in a system prompt, but that’s a suggestion, not an actual rule. Prompts can be ignored, forgotten over long contexts, or creatively reinterpreted. For compliance and security teams, “the AI usually follows instructions” isn’t a satisfying answer.

This is where Anthropic’s Hooks feature comes in. Released earlier this year for Claude Code, and now adopted by every serious coding agent (Cursor, Factory AI, OpenCode, etc), Hooks let you inject deterministic checkpoints into the agent’s workflow. You can intercept tool calls before they execute, inspect file modifications before or after they happen, and enforce hard blocks that the model cannot override.

If you’ve worked with OPA (Open Policy Agent), this should sound familiar. Hooks give you the integration point; OPA gives you the policy engine. Together, they let you bring the same governance model you use for Kubernetes admission control or Terraform plans to your AI coding agents.

In this post, we’ll walk through how to wire up Claude Code Hooks to OPA, covering:

  • The Hooks lifecycle and where policy enforcement fits
  • Writing Rego policies for common agent governance scenarios
  • Blocking sensitive file access, enforcing code review workflows, and audit logging
  • Patterns for rolling this out across engineering teams

Let’s dig in.

First Rego Policy

Let’s block the agent from reading or writing .env files. When Claude Code tries to read a file, it produces a hook event like:

{
  "session_id": "abc123",
  "transcript_path": "/Users/you/.claude/projects/.../session.jsonl",
  "cwd": "/Users/you/my-project",
  "permission_mode": "default",
  "hook_event_name": "PreToolUse",
  "tool_name": "Read",
  "tool_input": {
    "file_path": "/Users/you/my-project/.env"
  },
  "tool_use_id": "toolu_01ABC123..."
}

We’re going to write our first policy. Hooking OPA into a coding agent like Claude Code where it can serve as an intervention point between the hook and the required agent action requires certain serialization. Cupcake is an open source Apache 2 licensed capability that does this for you.

More coming soon…