All posts
June 18, 20263 min read

Audit logging for AI coding agents on Postgres

When an AI coding agent queries a production PostgreSQL instance without visibility, the lack of audit logging means a single stray SELECT can expose thousands of records and leave no trace for investigators. The cost of that blind exposure includes regulatory penalties, loss of customer trust, and wasted engineering time chasing an unknown source. Most teams hand the agent a static database user and password, store that secret in a CI pipeline, and let the model run unrestricted queries. The c

Free White Paper

K8s Audit Logging + AI Audit Trails: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

When an AI coding agent queries a production PostgreSQL instance without visibility, the lack of audit logging means a single stray SELECT can expose thousands of records and leave no trace for investigators. The cost of that blind exposure includes regulatory penalties, loss of customer trust, and wasted engineering time chasing an unknown source.

Most teams hand the agent a static database user and password, store that secret in a CI pipeline, and let the model run unrestricted queries. The connection bypasses any centralized control, so the organization cannot tell who asked for what, cannot enforce column‑level redaction, and cannot stop destructive statements before they hit the database.

Why audit logging matters for AI coding agents

Audit logging is the only reliable way to answer three questions after the fact: which identity invoked a query, what exact SQL statement was executed, and what data was returned. Without those logs, a security team is forced to guess whether a data leak originated from a human mistake, a mis‑configured service, or an autonomous agent. In environments where compliance frameworks demand query‑level evidence, the absence of audit logging is a hard failure.

The immediate fix is to require that every request from the AI agent travel through a component that can observe and record the traffic. However, simply adding a proxy does not automatically give you the full set of enforcement outcomes you need. The request still reaches PostgreSQL directly, the proxy might not have the authority to mask or block, and the logs could be stored on the same host that the agent controls, making them easy to tamper with.

How hoop.dev provides audit logging for Postgres

hoop.dev inserts a Layer 7 gateway between the AI agent and the PostgreSQL server. The gateway becomes the sole data path, so every wire‑protocol packet passes through it before reaching the database. This placement satisfies the architectural requirement that enforcement happen where the agent cannot reconfigure the policy.

Setup: identity and just‑in‑time scope

Users and agents authenticate to hoop.dev with an OIDC or SAML token issued by the organization’s identity provider. The token conveys the caller’s group membership and any time‑bound attributes that define the permitted scope. hoop.dev validates the token, extracts the identity, and then creates a short‑lived session that maps the caller to a specific PostgreSQL role. The database credential itself lives inside the gateway; the AI agent never sees it.

Continue reading? Get the full guide.

K8s Audit Logging + AI Audit Trails: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

The data path: inspection and recording

Because the gateway terminates the PostgreSQL wire protocol, hoop.dev can parse each statement in real time. It records the full SQL text, the caller’s identity, and a timestamp. The audit record is written to a store that resides outside the agent’s host, providing separation that helps preserve log integrity.

Enforcement outcomes

  • hoop.dev captures every query, providing complete audit logging for all AI‑driven activity.
  • hoop.dev can redact sensitive columns before the result set reaches the agent, protecting PII without changing application code.
  • hoop.dev blocks statements that match a policy, such as DROP TABLE or ALTER USER, preventing accidental or malicious schema changes.
  • hoop.dev records the entire session for replay, allowing investigators to reconstruct exactly what the agent saw.

All of these outcomes exist only because hoop.dev sits in the data path; the setup alone does not guarantee them.

Getting started

To enable audit logging for an AI coding agent, deploy the hoop.dev gateway using the Docker Compose quick‑start, configure a PostgreSQL connection, and point the agent’s client to the gateway address. Detailed steps are covered in the getting‑started guide and the broader learn section. The repository contains the full source code and examples for self‑hosting.

FAQ

Do I need to modify my existing PostgreSQL client?

No. The client continues to use its standard connection string; the only change is the host and port, which now point at the hoop.dev gateway instead of the database directly.

Can I retain existing role‑based permissions inside PostgreSQL?

Yes. hoop.dev maps the caller’s identity to a PostgreSQL role that you define, so existing GRANT statements remain effective.

What happens if the gateway goes down?

Because all traffic must pass through the gateway, a failure results in a temporary loss of access rather than silent bypass. This behavior is intentional: it forces you to address the outage before any queries can be issued, preserving the audit logging guarantee.

Explore the source code, contribute improvements, and see the full feature set on GitHub: https://github.com/hoophq/hoop.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot