All posts
June 18, 20264 min read

Putting access controls around Devin: audit trails for AI coding agents (on AWS)

How can you be sure every request made by an AI coding agent is recorded and inspected, and that audit trails exist for every action? Organizations that let an autonomous coder such as Devin run against internal services often hand the agent a static API key or a long‑lived service account. The key is checked into CI pipelines, copied between environments, and rarely rotated. When Devin writes code, pushes a change, or queries a database, the action happens behind a wall of trust that no one wa

Free White Paper

AI Audit Trails + AWS Control Tower: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

How can you be sure every request made by an AI coding agent is recorded and inspected, and that audit trails exist for every action?

Organizations that let an autonomous coder such as Devin run against internal services often hand the agent a static API key or a long‑lived service account. The key is checked into CI pipelines, copied between environments, and rarely rotated. When Devin writes code, pushes a change, or queries a database, the action happens behind a wall of trust that no one watches. If a bug or malicious prompt causes the agent to leak credentials, delete resources, or exfiltrate data, there is no reliable log to point at later.

That lack of visibility is the core of the audit‑trail problem. Even when teams add an identity provider and require the agent to authenticate with OIDC, the request still travels directly to the target service. The identity check tells you *who* made the call, but it does not capture *what* was sent, *when* it happened, or *whether* the response contained sensitive information. The result is a false sense of security: you know the agent is authorized, yet you have no evidence of the actual commands or data it touched.

Why audit trails matter for Devin

Audit trails give you a forensic record that can be replayed, reviewed, and correlated with other security events. For an AI coding agent, the benefits are concrete:

  • Detect accidental data exposure when the agent returns secrets in a log or API response.
  • Identify malicious behavior triggered by a crafted prompt that attempts privilege escalation.
  • Provide regulators or auditors with a clear chain of custody for code changes made by autonomous tools.
  • Enable post‑mortem analysis that distinguishes a bug in the agent from a compromised credential.

Without an audit trail, every misstep remains invisible, and remediation becomes guesswork.

The missing piece in current AI agent deployments

Most teams start with a setup that includes:

  • Creating a service account in AWS and granting it a broad IAM role.
  • Configuring Devin to obtain an OIDC token from the corporate IdP.
  • Embedding the token in the agent’s runtime environment.

This setup decides who the request is, but it does not enforce any policy on the data path. The request still reaches the target service directly, bypassing any point where you could inspect the payload or enforce masking. The result is that you still lack audit trails, inline masking, and just‑in‑time approval for risky operations.

Introducing hoop.dev as the enforcement layer

hoop.dev is a Layer 7 gateway that sits between identities and infrastructure. It is the only place where enforcement can happen. By placing hoop.dev on the data path, you gain three essential capabilities:

  • hoop.dev records each session, creating a complete audit trail that captures every command, query, and response that flows through the gateway.
  • hoop.dev masks sensitive fields in real time, ensuring that secrets never appear in logs or downstream services.
  • hoop.dev enforces just‑in‑time approval for high‑risk actions, blocking them until a human reviewer signs off.

All of these outcomes exist only because hoop.dev sits in the data path. The earlier setup still determines the identity of the caller, but the gateway is the point where policy is applied and evidence is generated.

Continue reading? Get the full guide.

AI Audit Trails + AWS Control Tower: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

How the architecture works for Devin on AWS

1. Identity verification: Devin obtains an OIDC token from the corporate IdP. hoop.dev, acting as the relying party, validates the token and extracts group membership or role claims.

2. Gateway mediation: The validated request is handed to hoop.dev. The gateway holds the AWS credential needed to reach internal services, so the agent never sees the secret.

3. Policy enforcement: Before forwarding the request, hoop.dev applies the configured policies – it may mask fields in the response, pause execution for approval, or reject the command outright.

4. Audit trail generation: hoop.dev logs the full request and response, timestamps, and the identity that initiated it. The log is stored outside the agent’s process, providing evidence that auditors can rely on.

This flow satisfies the requirement that the enforcement point be outside the agent’s runtime, guaranteeing that even a compromised Devin cannot bypass the controls.

Benefits of audit trails with hoop.dev

  • Full visibility into every AI‑driven change, enabling rapid detection of anomalies.
  • Regulatory readiness: the generated audit trail can be presented as evidence for SOC 2, ISO 27001, or internal compliance programs.
  • Reduced blast radius: risky commands are blocked or require approval before they can affect production resources.
  • Operational confidence: teams can grant Devin just‑in‑time access without fearing unrecorded activity.

Getting started

To protect Devin with audit trails, begin with the getting‑started guide. It walks you through deploying the gateway, configuring OIDC authentication, and registering the AWS connection that Devin will use. The guide also shows how to define masking rules and approval workflows.

For deeper technical details, explore the learn section, which covers policy design, session replay, and best practices for AI agents.

When you are ready to see the implementation, view the open‑source repository on GitHub. The repository contains the Docker Compose file, Helm charts, and example configurations you can adapt for your environment.

FAQ

Does hoop.dev store the AWS credentials?

Yes. The gateway holds the credential in its own runtime, keeping it away from the AI agent. This isolation ensures the agent never sees the secret, and the credential can be rotated centrally.

Can I retroactively add audit trails to an existing Devin deployment?

Absolutely. By inserting hoop.dev between Devin and the target services, all subsequent traffic is recorded. Past traffic that bypassed the gateway cannot be reconstructed, which is why you should adopt the gateway before production use.

What happens if an approval request is denied?

hoop.dev blocks the command and returns a clear error to the agent. The blocked attempt is still logged, providing evidence that a risky operation was attempted and rejected.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot