All posts
June 18, 20263 min read

Implementing Session Recording for Devin

When a developer runs a command on a production system without session recording, the organization often discovers the error only after a customer complaint or a cascade of downstream failures. The hidden cost includes hours of firefighting, lost revenue, and a dent in trust. Without a reliable log of exactly what was typed and what the target returned, root‑cause analysis turns into a guessing game. Most teams already enforce identity at the perimeter: users authenticate through an OIDC or SAM

Free White Paper

SSH Session Recording: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

When a developer runs a command on a production system without session recording, the organization often discovers the error only after a customer complaint or a cascade of downstream failures. The hidden cost includes hours of firefighting, lost revenue, and a dent in trust. Without a reliable log of exactly what was typed and what the target returned, root‑cause analysis turns into a guessing game.

Most teams already enforce identity at the perimeter: users authenticate through an OIDC or SAML provider, receive a short‑lived token, and are allowed to open a connection to the target resource. That step ensures that only authorized identities can start a session, but it does not capture what happens once the session is live. The request still reaches the database, Kubernetes pod, or SSH host directly, leaving the organization without visibility, without the ability to mask sensitive fields, and without a way to replay the interaction for later review.

Why session recording matters for Devin

To turn the perimeter into a true control surface, the system that sits between the identity token and the target must observe every byte that flows through it. When hoop.dev occupies that layer‑7 gateway position, it becomes the only place where enforcement can happen. It records each command, each response, and the exact timing of the exchange. Because the recording lives outside the target process, the agent that runs inside the network never sees the raw credentials, and the recorded data cannot be altered by the user who initiated the session.

Recording every session gives three concrete outcomes:

  • Audit evidence: hoop.dev records a replay that shows who did what, when, and against which resource.
  • Forensic speed: When an incident is reported, investigators jump straight to the relevant session instead of reconstructing events from scattered logs.
  • Deterrence: Knowing that every command is captured discourages reckless actions and reduces the likelihood of accidental data exposure.

These outcomes exist only because hoop.dev sits in the data path. The identity provider supplies a token, but the gateway decides whether a command proceeds, whether a response should be masked, and whether the entire interaction persists for later replay.

How session recording works at a high level

When an engineer launches a client such as psql or kubectl against a target, the gateway intercepts the request first. The gateway validates the OIDC token, extracts group membership, and checks the policy attached to that identity. If the policy permits the operation, the gateway forwards the request to the target while simultaneously writing the request and the target’s response to a secure audit store. The store appends each record, ensuring that the stream cannot be overwritten.

Continue reading? Get the full guide.

SSH Session Recording: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Because the gateway operates at the protocol layer, it also applies inline masking to any fields marked as sensitive, for example, credit‑card numbers in a database response. The masking happens before the data reaches the client, so the engineer never sees the raw value, yet the full, unmasked record remains available for audit purposes.

Getting started with session recording

Deploying the gateway requires a single step for most environments. The getting‑started guide walks you through a Docker Compose launch that includes OIDC authentication, a network‑resident agent, and the default session‑recording policy. After the gateway is running, register each target, PostgreSQL, SSH host, Kubernetes cluster, and others, in the configuration UI. The policy engine then lets you toggle session recording on or off per target, per group, or per individual user.

All configuration details, including how to define masking rules and how to retrieve recorded sessions, appear in the feature overview. The open‑source repository contains the full source code and example manifests, so teams can audit the implementation themselves.

FAQ

Q: Does session recording add latency to my connections?
A: The gateway processes traffic at the wire‑protocol level and adds only a few milliseconds of overhead, which is negligible for most interactive workloads.

Q: Can I retrieve a recording after the fact?
A: Yes. Recorded sessions store in an append‑only log and can be queried through the UI or API for any time window you need.

Q: What happens if a user tries to delete a recording?
A: Because the recording lives outside the target and the gateway manages the storage layer, the user never has direct access to delete it. The gateway blocks any deletion attempt.

For a deeper dive into the implementation and to contribute, visit the GitHub repository.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot