Putting access controls around Devin: production access for AI coding agents (on Azure)

When Devin, your AI coding agent, can run in production without exposing secrets, you get confidence that every command is approved, sensitive data is hidden, and every session is recorded for audit. That is the ideal state of production access for an autonomous coding assistant.

The current reality for AI coding agents

Most teams hand Devin a long‑lived service principal or a static database password and let the agent connect directly to Azure resources. The credential is stored in a secret manager, checked into CI pipelines, or even baked into container images. Because the connection goes straight from the agent to the target, there is no visibility into which SQL statements or kubectl commands are executed. If Devin makes a mistake, the damage can spread before anyone notices, and there is no replayable log to investigate.

Why production access alone isn’t enough

Identity and token provisioning, what we call the setup, determines who Devin pretends to be. An OIDC token or a service‑account role can restrict which Azure subscription the agent may touch, but the token never enforces what the agent does once the network path is open. The request still reaches the database or Kubernetes API directly, bypassing any guardrails, inline masking, or human approval. Without a control point in the data path, you cannot audit individual commands, block dangerous operations, or redact sensitive fields in responses.

Introducing a gateway in the data path

To close the gap, place a Layer 7 gateway between the identity layer and the Azure target. hoop.dev is built exactly for that purpose. The gateway runs as a network‑resident agent near the resource and becomes the sole entry point for every Devin request. Identity is still handled by your existing OIDC or SAML provider, but hoop.dev validates the token, extracts group membership, and then decides whether the request may proceed.

Continue reading? Get the full guide.

AI Model Access Control + Customer Support Access to Production: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

When a request arrives, hoop.dev inspects the wire‑protocol payload, whether it is a PostgreSQL query, an SSH command, or a Kubernetes exec request. Based on policies you define, the gateway can mask columns that contain credit‑card numbers, require a human approver before a destructive command runs, block commands that match a blacklist, and record the entire session for later replay.

Key enforcement capabilities

Inline data masking that redacts sensitive fields before they reach the AI agent.
Just‑in‑time approval workflows that pause risky operations until a reviewer signs off.
Command‑level blocking that prevents destructive statements such as DROP DATABASE or kubectl delete.
Session recording and replay, giving a forensic trail for every production interaction.
Audit logs that tie each action back to the original OIDC identity, supporting compliance evidence.

All of these outcomes exist only because hoop.dev sits in the data path. The setup alone, tokens, roles, or service accounts, cannot provide them.

Common mistakes to avoid

Relying on static credentials. Giving Devin a permanent secret defeats the purpose of just‑in‑time approval and makes revocation hard.
Skipping OIDC verification. If the gateway does not validate the token, an attacker could present a forged JWT and bypass all policies.
Not scoping approvals. Approvers should see the exact command and target; generic “allow all” approvals erase the audit value.
Disabling session recording. Without a recorded stream, you lose the ability to replay incidents and provide evidence for audits.
Assuming the agent can self‑audit. The agent never sees the credential or the policy engine; all enforcement must happen outside the agent process.

Getting started

Deploy the gateway using the getting‑started guide. The quick‑start spins up a Docker Compose stack that includes the gateway, an OIDC verifier, and a sample Azure connection. Register your Azure resource, bind it to a service identity that the gateway will use, and define policies for masking and approvals. For a deeper dive into policy syntax and workflow configuration, explore the learn section of the documentation.

The full open‑source repository is on GitHub. Review the README for deployment options, contribution guidelines, and community support channels.

FAQ

Do I need to change my existing OIDC provider? No. hoop.dev acts as a relying party, consuming tokens from your existing IdP without requiring any modifications.
Can I use hoop.dev with other Azure services besides databases? Yes. The gateway supports any Layer 7 protocol, including SSH, RDP, and Kubernetes exec, as long as the target can be reached from the agent’s network.
What happens if an approval is denied? The gateway aborts the request and returns an error to Devin, preventing the operation from reaching the underlying service.