Putting access controls around GitHub Copilot: audit trails for AI coding agents (on BigQuery)

Imagine a development floor where every line of code suggested by GitHub Copilot is automatically recorded, tied to the engineer who invoked it, and safely stored in BigQuery for later review. Creating reliable audit trails for each suggestion is the first step toward governance. In that world, compliance teams can answer who generated a secret, security auditors can trace the lineage of a vulnerability, and managers can demonstrate that AI‑assisted coding is governed without slowing down innovation.

When a team adopts Copilot, the typical workflow looks like this: a developer installs the extension, authenticates once, and the extension talks directly to GitHub’s backend. The request contains the current file context, the model returns a snippet, and the snippet is inserted. Behind the scenes, the same credential is used for every request, often stored in a plain‑text configuration file. Because the request never traverses a control point, there is no place to enforce policies such as masking of detected secrets, requiring a human approval for risky suggestions, or logging the full request‑response cycle.

Current state: unrestricted AI coding without visibility

When a developer invokes Copilot, the request passes straight through to GitHub with a shared API token. No central log captures the interaction, and any accidental leakage of credentials or proprietary logic disappears into the ether.

This lack of a gate leaves three gaps. First, there is no audit trail that ties a suggestion to a user or a time. Second, any sensitive data that the model inadvertently returns, API keys, passwords, or proprietary algorithms, appears in the developer’s editor without being scrubbed. Third, the organization cannot enforce just‑in‑time approvals for high‑risk code generation, because the request never pauses for a policy check.

What we need: audit trails without sacrificing workflow

The immediate fix is to capture an audit trail for every Copilot interaction. That means logging who invoked the model, what code context was supplied, and what snippet was returned. However, simply adding a logger on the client side does not solve the deeper problem. The request still travels directly to GitHub, bypassing any enforcement point where the organization could mask secrets, block dangerous suggestions, or require an approval workflow. In other words, the audit trail would exist, but the organization would still have no control over the content of the suggestion before it reaches the developer.

To close this gap, the control must sit on the data path, the exact point where the request leaves the developer’s environment and heads toward the AI service. Only a gateway that can inspect the protocol, apply policies, and then forward the request can guarantee both visibility and enforcement.

Introducing hoop.dev as the audit‑trail gateway

hoop.dev provides a Layer 7 gateway that sits between the Copilot client and GitHub’s backend. By routing all Copilot traffic through hoop.dev, the organization gains a single, identity‑aware proxy that can enforce the missing controls.

Setup. Engineers authenticate to hoop.dev using an OIDC provider such as Okta or Azure AD. The provider issues a token that encodes the user’s group membership and least‑privilege attributes. hoop.dev validates the token and maps the identity to a policy that defines which developers may invoke Copilot and under what conditions.

The data path. Once authenticated, the request is handed to the hoop.dev gateway. The gateway acts as the only point of egress for Copilot traffic, inspecting the request payload before it reaches GitHub. Because hoop.dev sits on the wire, it can apply inline masking to any detected secrets, route high‑risk suggestions to a human approver, and enforce just‑in‑time access limits based on the user’s role.

Enforcement outcomes. For every Copilot interaction, hoop.dev records a full session record that includes the user identity, timestamp, request context, and the model’s response. Those records are streamed to BigQuery, where they are stored as audit trails that satisfy compliance and forensic needs. The gateway also ensures that the AI service never sees the raw credential; hoop.dev holds the credential and presents a short‑lived token to GitHub, so the secret never leaves the controlled environment.

Because hoop.dev is open source, teams can self‑host the gateway in their own network, keeping audit data behind their firewalls while still benefiting from the rich policy engine. The architecture aligns with the principle of “policy at the edge”: the only place where a request can be altered or blocked is the gateway itself.

Getting started

To adopt this pattern, begin with the official getting‑started guide. It walks you through deploying the hoop.dev gateway, configuring OIDC authentication, and defining a policy that captures Copilot traffic. The learn section provides deeper insight into masking rules, approval workflows, and how to stream audit records into BigQuery.

All of the configuration details, including how to register the Copilot endpoint as a connection and how to map identity attributes to policy decisions, are documented in the repository. The source code and example deployment manifests are available on GitHub.

Explore the open‑source repository on GitHub to see the full implementation and contribute improvements.

FAQ

Do I need to change my existing Copilot integration?

No. hoop.dev works as a transparent proxy, so the Copilot client continues to use the same API endpoint. You only redirect the endpoint to the gateway, which then forwards the request on your behalf.

Can hoop.dev mask secrets that the model returns?

Yes. The gateway inspects the response payload in real time and applies configurable masking rules before the snippet reaches the developer’s editor.

How are audit trails stored securely?

hoop.dev streams each session record to BigQuery, where you can enforce column‑level encryption, access controls, and retention policies that meet your organization’s compliance requirements.