Putting access controls around Devin: audit trails for AI coding agents (on BigQuery)

When Devin runs queries against BigQuery, every request, response, and approval is captured in a reliable audit trail that can be replayed on demand. Teams can answer compliance questions, investigate anomalies, and prove that AI‑generated data accesses were authorized, all without slowing down the developer workflow.

AI coding agents like Devin are attractive because they can write and execute SQL on behalf of engineers in seconds. The trade‑off is that they often operate under a single service account that has broad read and write permissions. Without a dedicated control point, every query is indistinguishable from a human‑initiated request, and no reliable record exists of who triggered it, what data was returned, or whether an approval step was required.

Common mistakes amplify this risk. First, teams reuse the same credential for all AI agents, assuming that limiting network access is sufficient. Second, they rely on BigQuery’s native audit logs, which capture only high‑level events and omit the actual query text, making it impossible to trace the exact data flow. Third, they forget to mask sensitive columns, so downstream analysts can inadvertently see PII or secret keys returned by an AI‑generated query.

Why a non‑human identity alone is not enough

Moving Devin to a dedicated service account or a short‑lived OIDC token is a step in the right direction. It tells the identity provider who is making the request, and it can enforce least‑privilege scopes. However, the request still travels directly to BigQuery, bypassing any enforcement layer that could log the full query, mask protected fields, or pause execution for a human approval. In that configuration the audit trail is either missing or incomplete, and the organization cannot guarantee that every data access was reviewed.

Introducing a gateway as the enforcement point

hoop.dev provides a Layer 7 gateway that sits between Devin and BigQuery. The gateway receives the OIDC‑issued token, validates the identity, and then proxies the connection to the database. Because the gateway is the only path the traffic can take, it can record each session, apply inline masking, and route risky queries to an approval workflow before they reach BigQuery. In practice, hoop.dev creates the audit trails that were missing in the direct‑connect model.

When Devin initiates a query, hoop.dev captures the full SQL statement, the request timestamp, and the identity that presented the token. It streams the response back to Devin while simultaneously writing a detailed log entry. Those entries form a searchable, replayable audit trail that can be exported to SIEMs or retained for compliance reporting. Because the gateway holds the database credentials, the AI agent never sees them, reducing credential sprawl.

Continue reading? Get the full guide.

AI Audit Trails + Single Sign-On (SSO): Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

High‑level steps to get audit trails for Devin

Deploy the hoop.dev gateway close to the BigQuery endpoint, using the provided Docker Compose quick‑start or a Kubernetes manifest.
Register a BigQuery connection in the gateway configuration, supplying the host information and a service‑level credential that the gateway will use.
Configure Devin to obtain an OIDC token from your identity provider (Okta, Azure AD, Google Workspace, etc.) and present that token when connecting through the gateway.
Enable the audit‑trail feature in the gateway’s policy settings. This tells hoop.dev to record every request and response, mask any fields you flag as sensitive, and optionally require human approval for queries that match a risk profile.
Review the generated audit logs through the built‑in UI or export them via the learning portal for downstream analysis.

All of these actions are described in the official getting‑started guide and the learning center, which walk you through the necessary configuration files and UI screens without exposing any command‑line snippets.

What you gain

With hoop.dev in place, you obtain a complete audit trail for every AI‑driven query. The trail includes who initiated the request, the exact SQL text, any masking that was applied, and the final result set. Because the gateway can pause execution, you can enforce just‑in‑time approvals for queries that touch high‑value tables. The combination of session recording and inline masking also protects sensitive data from accidental exposure.

Beyond compliance, the audit trail becomes a valuable debugging tool. If a downstream data pipeline fails, you can replay the exact query that Devin issued, see the raw response, and understand whether the failure originated in the AI agent or the downstream system.

Frequently asked questions

How does hoop.dev handle long‑running queries?

hoop.dev streams the result set back to the client while continuing to write the audit record. The session remains replayable, and any masking rules are applied in real time, ensuring that even partial results are protected.

Where are the audit trails stored?

hoop.dev persists each session record in its configured audit store, ensuring the data remains available for later review.

Can I query the audit trails after the fact?

Yes. hoop.dev indexes each session entry, allowing you to search by identity, time range, or affected table. Exported logs can be fed into SIEM platforms for long‑term retention and correlation with other security events.

Ready to add reliable audit trails for Devin’s BigQuery access? Follow the getting‑started guide and explore the feature documentation on the learn portal. For the full source code and contribution guidelines, visit the GitHub repository.