A recently offboarded contractor left a CI job that automatically generates pull requests using an AI‑driven code‑completion service, and the team quickly realized the lack of an audit trail. The job runs every few minutes, contacts GCP APIs, and pushes changes without any human eyes on the activity. The team discovers a malformed secret in the repository weeks later, and the only clue is a vague log entry from the CI system.
AI coding agents are becoming a regular part of modern development pipelines. They receive prompts, synthesize code, and then invoke cloud services, sometimes creating resources, sometimes reading data. Because the agents act as programs, they typically authenticate with a long‑lived service‑account key that has broad permissions across projects. The key is stored in the CI runner’s environment and never rotates.
In many organizations the audit trail for such activity is limited to the CI system’s console output. The output shows that a script ran, but it does not capture the exact API calls, the data that was read, or the commands that were blocked. When an AI agent makes a mistake, exposing a credential or deleting a database, the lack of a fine‑grained record makes root‑cause analysis expensive and sometimes impossible.
Regulators and internal auditors expect a complete, immutable record of who accessed which resource, what data was returned, and whether any sensitive fields were redacted. Without a reliable audit trail, teams cannot prove compliance, cannot detect malicious misuse, and cannot replay a session to understand the sequence of events.
The core problem is that the request still travels directly from the agent to the GCP service. The identity that the agent presents is valid, the token is accepted, and the service fulfills the request. No gateway intervenes, so there is no place to enforce masking, no point to require a just‑in‑time approval, and no component that records the full conversation for later review.
hoop.dev solves this gap by inserting a Layer 7 gateway between the AI agent and the GCP endpoint. The gateway acts as an identity‑aware proxy: it verifies the OIDC token, checks group membership, and then forwards the request to the target service. Because every packet passes through the gateway, hoop.dev can apply policy at the protocol level.
Setup: identity and least‑privilege grants
First, each AI‑driven job authenticates through an OIDC provider such as Google Workspace or an external IdP. The token contains the service‑account identity and the groups that define its role. The token is short‑lived, reducing the risk of credential leakage. The underlying GCP service‑account key is stored only in the gateway, never exposed to the AI agent.
The data path: hoop.dev as the only enforcement point
All traffic from the AI agent to GCP passes through the gateway. Because hoop.dev sits in the data path, it is the sole place where commands can be inspected, approved, or blocked. The gateway does not alter the target service; it merely mediates the connection, ensuring that no request reaches GCP without first satisfying policy.
Enforcement outcomes delivered by hoop.dev
- hoop.dev records each session, creating a replayable audit trail that captures the full request and response payloads.
- hoop.dev masks sensitive fields, such as API keys or passwords, in real time, so logs never contain raw secrets.
- hoop.dev enforces just‑in‑time approval for high‑risk operations, pausing the request until an authorized human grants permission.
- hoop.dev blocks commands that match a deny list, preventing destructive actions before they hit the cloud service.
- hoop.dev stores the audit records in a persistent store, providing a reliable source of evidence for investigators.
Because the enforcement happens inside the gateway, the AI agent never sees the underlying credential, and the organization retains a complete, searchable record of every interaction. This model satisfies audit‑trail requirements without forcing developers to rewrite their CI pipelines.
Getting started
To try the solution, follow the getting‑started guide. The documentation walks you through deploying the gateway, configuring OIDC, and registering a GCP connection. For deeper policy examples, see the learn section, which covers masking rules, approval workflows, and command‑level blocking.
FAQ
How does hoop.dev capture the audit trail for AI agents?
hoop.dev sits in the protocol layer, so it sees every request and response. It writes a structured log entry for each interaction, preserving timestamps, identities, and payloads. The log is stored outside the agent’s environment, reducing the risk that the AI process could alter the records.
Can hoop.dev work with existing GCP service accounts?
Yes. You register the service account with the gateway and grant it the minimal set of permissions required for the AI job. The gateway then uses that credential on behalf of the agent, keeping the key hidden from the job itself.
Does hoop.dev add latency to API calls?
Because hoop.dev proxies traffic at the wire‑protocol level, the added latency is typically a few milliseconds, far less than the round‑trip time to GCP. The security benefits outweigh the modest performance impact.
Ready to protect your AI‑driven pipelines with a reliable audit trail? Explore the open‑source repository on GitHub and start building a tamper‑proof record of every AI‑initiated action.
