From Assistance to Agency: Rethinking Autonomy and Control in CI/CD Pipelines
This paper provides a conceptual framework and research agenda for the emerging field of AI agents in CI/CD, which is important for practitioners and researchers designing autonomous systems in software engineering.
The paper argues that the central challenge in agentic CI/CD is not task performance but authority transfer, distinguishing between data-plane and control-plane authority. It identifies that current systems operate mainly at the data plane under bounded autonomy, with safety achieved through external governance, and proposes a research agenda focusing on control-plane safety and governance.
AI agents are assuming active roles in Continuous Integration and Continuous Deployment (CI/CD) workflows, yet the research community lacks a shared vocabulary for describing what it means for CI/CD to be agentic, how much decision authority is delegated, and where control should reside. This paper presents a vision of agentic CI/CD in which the central challenge is not improving task performance but designing authority transfer, defined as the delegation of operational decisions from human-controlled pipelines to agent systems under specified constraints and recourse mechanisms. To structure this argument, we introduce a distinction between data-plane authority (localized interventions such as patch generation and test reruns) and control-plane authority (modifications to pipeline configuration, deployment policies, and approval gates). Drawing on research prototypes and industrial platforms, we show that current systems operate mainly at the data plane under bounded autonomy, with safety achieved through surrounding governance infrastructure rather than intrinsic agent guarantees. We identify three recurring patterns: constrained autonomy as the dominant design, external governance as the primary safety mechanism, and a widening gap between deployment momentum and evaluation methodology. We propose a research agenda in which control-plane safety and governance mechanisms represent the most urgent open problem, followed by formalization of autonomy boundaries, evaluation frameworks, and human--agent coordination.