All posts
June 18, 20263 min read

Configuring autonomous agents access to BigQuery with session recording

Unrecorded queries from autonomous agents give you a blind spot that can hide data leaks, compliance failures, and costly mistakes. Without session recording you cannot prove which statements ran, who triggered them, or what data was returned. Most teams let a service account key sit in a shared location so that bots, CI pipelines, or AI‑driven assistants can run BigQuery jobs without human interaction. The key is typically a static Google service‑account credential that every process reads fro

Free White Paper

SSH Session Recording + Session Binding to Device: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

Unrecorded queries from autonomous agents give you a blind spot that can hide data leaks, compliance failures, and costly mistakes. Without session recording you cannot prove which statements ran, who triggered them, or what data was returned.

Most teams let a service account key sit in a shared location so that bots, CI pipelines, or AI‑driven assistants can run BigQuery jobs without human interaction. The key is typically a static Google service‑account credential that every process reads from the same file. Because the credential is shared, the platform cannot attribute a particular query to a specific identity, nor can it prove that a query was actually executed. If a rogue script runs a massive export, the organization has no forensic trail to pinpoint the source.

Switching to per‑user OAuth tokens improves identity granularity: each agent can obtain a token tied to a service‑account impersonation or a GCP IAM federation identity. However, the request still travels straight to BigQuery. The data path remains a direct client‑to‑service connection, so there is still no built‑in mechanism to capture the full request‑response exchange, replay it later, or enforce real‑time guardrails.

Session recording for BigQuery agents

hoop.dev solves this gap by sitting in the data path as an identity‑aware proxy. When an autonomous agent initiates a BigQuery job, it authenticates to hoop.dev using its OIDC token. hoop.dev validates the token, extracts the user or service identity, and then forwards the request to BigQuery on behalf of the agent. The gateway holds the underlying credential, so the agent never sees it.

Because the connection passes through hoop.dev, the platform can record every query, the full response payload, and any error information. hoop.dev records each session, timestamps every statement, and stores the audit logs according to the deployment’s retention policy. The recorded session can be replayed in a sandbox for forensic analysis or compliance review.

Continue reading? Get the full guide.

SSH Session Recording + Session Binding to Device: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

How the recording works

  • Authentication is performed once at the gateway using standard OIDC or SAML providers (Okta, Azure AD, Google Workspace, etc.).
  • The gateway maps the verified identity to a set of policies that dictate which BigQuery datasets are reachable.
  • When the agent issues a SQL statement, hoop.dev inspects the wire‑level protocol, logs the statement, and streams the response back to the agent while simultaneously persisting the full exchange.
  • All logs are tagged with the originating identity, the target dataset, and the request timestamp, enabling precise audit trails.

Enforcement outcomes enabled by the gateway

Because hoop.dev is the only point where traffic is observable, it can enforce additional controls beyond recording. For example, it can block statements that match a deny list, require a human approver for queries that exceed a cost threshold, or mask sensitive columns in the response before they reach the agent. Each of these outcomes is possible only because hoop.dev sits in the data path.

Getting started with session recording for BigQuery

To add session recording to your autonomous agents, follow the getting‑started guide. The guide walks you through deploying the gateway, registering a BigQuery connection, and configuring OIDC authentication. Detailed feature explanations are available in the learn section, where you can explore policy definitions, retention settings, and replay tools.

All of the configuration steps are documented in the repository, which you can clone from GitHub. Explore the source code on GitHub to see the implementation details and contribute improvements.

FAQ

Do I need to change my existing BigQuery service account?

No. hoop.dev can continue using the existing credential for the connection. The gateway isolates the credential from the agents, and you can optionally switch to per‑user OAuth for finer‑grained identity without breaking the recording capability.

Can I replay a recorded session without affecting production data?

Yes. hoop.dev stores the raw request and response streams, which can be replayed in an isolated environment. This lets you investigate suspicious activity without re‑executing queries against live datasets.

Is session recording compatible with existing CI/CD pipelines?

Absolutely. Because the gateway presents a standard BigQuery endpoint, any client that can talk to BigQuery, whether a CI job, a Python script, or an AI‑driven agent, can route through hoop.dev without code changes. The recording happens automatically for every request.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot