Approval workflows for AI coding agents on GCP

An AI coding agent that writes Terraform modules for a GCP project has just been added to a nightly CI pipeline. The agent pulls a service‑account key from a secret store, generates a plan, and runs gcloud commands against Cloud SQL, GKE, and Cloud Storage without any human eyes on the output.

Because the model can invent resources or misinterpret intent, a single stray command could create an open firewall, delete a production database, or expose private data. Organizations therefore demand approval workflows that force a person to review the exact API call before it reaches GCP, while still preserving the speed of automation.

A common pattern is to place a gate between the AI process and the cloud APIs. The gate inspects each request, matches it against policy, and either forwards it, holds it for review, or rejects it. By centralising this logic the environment gains a single point of control for every operation.

The first responsibility is setup. Engineers provision a service account in GCP with the minimal set of permissions required for the AI agent’s legitimate jobs. That account is then linked to an OIDC identity provider such as Okta or Google Workspace. The identity provider authenticates the AI process, issues a short‑lived token, and the gate validates the token before any traffic is allowed.

Once identity is verified, the request travels through the data path. hoop.dev sits on the network edge, intercepting every API call destined for GCP. Because the gateway controls the wire‑protocol, it is the only place where enforcement can be applied. The request never reaches Cloud SQL, GKE, or any other service until hoop.dev has approved it.

Enforcement outcomes are produced exclusively by hoop.dev. When a request matches a policy that requires human sign‑off, hoop.dev pauses the flow and creates an approval ticket that includes the full command, the originating identity, and contextual metadata. An authorized reviewer can approve or deny the request from the hoop.dev console. While the request is pending, hoop.dev records the session, masks any secret fields in the payload, and logs the decision. Once approved, hoop.dev forwards the request to the target GCP service; if denied, it blocks the call and returns a clear error to the AI process.

Because hoop.dev records each session, organizations gain a complete audit trail that can be replayed for forensic analysis. The inline masking feature ensures that credentials or personally identifiable information never appear in logs or on the screen of the reviewer. All of these outcomes exist only because the gateway sits in the data path; the underlying GCP services remain unaware of the additional controls.

Implementing approval workflows with hoop.dev on GCP

Deploy the gateway using the official Docker Compose quick‑start. The compose file pulls the latest open‑source image, configures OIDC validation, and starts a network‑resident agent that lives close to your GCP resources. Register each GCP target, Cloud SQL, GKE clusters, Cloud Storage buckets, as a connection in the hoop.dev UI. During registration you attach the service‑account credential that the gateway will use, so the AI agent never sees the secret.

Define an approval policy that maps specific API verbs (for example, delete on Cloud SQL instances or set‑iam‑policy on a bucket) to a required reviewer group. The policy is stored in hoop.dev and evaluated on every request that matches the pattern. Reviewers receive a notification with a concise view of the pending operation, can add comments, and then approve or reject with a single click.

After the policy is in place, the AI coding agent continues to run its normal workflow: generate code, compile, and issue gcloud calls. Each call is intercepted, checked against the policy, and either allowed to pass instantly (for low‑risk operations) or held for manual approval (for high‑risk actions). The entire lifecycle, from request creation, through approval, to execution and recording, is visible in the hoop.dev dashboard.

For a step‑by‑step walkthrough, see the getting‑started guide. The learn section provides deeper explanations of approval policies, session replay, and inline masking.

FAQ

Do I need to change my existing CI scripts?

No. The AI agent continues to use standard gcloud or SDK commands. hoop.dev acts as a transparent proxy, so the command line and environment variables remain unchanged.

Can I audit who approved a change?

Yes. hoop.dev records the approving identity, the timestamp, and the exact request that was approved. The audit record is retained within the gateway and can be exported for compliance reporting.

What happens if the gateway is unavailable?

Because all traffic to GCP services must pass through the gateway, an outage blocks both approved and unapproved requests. This fail‑closed behavior is intentional: it prevents accidental changes when the control plane is not enforcing policies.

Explore the source code and contribute on GitHub.