justin@scroggins:~
main*
๐Ÿ“ci-cd-control-planes-ai.md
๐Ÿ“…June 29, 2026โ”‚โฑ13 min readโ”‚๐Ÿ“devops

CI/CD Platforms Are Becoming the AI Control Plane

#ci-cd#github-actions#bitbucket#ai-agents#devops#control-plane

CI/CD Platforms Are Becoming the AI Control Plane

For a long time, CI/CD was treated like plumbing.

Push code. Run tests. Build an artifact. Deploy it somewhere. Maybe post a Slack message if it worked. Maybe page someone if it did not.

That mental model is too small now.

In the age of AI-assisted development, CI/CD platforms are becoming something more important:

the operational control plane for software change.

Not just the place where code runs. The place where intent becomes visible, trust is negotiated, policy is enforced, context is assembled, and autonomous systems are allowed to act.

That shift has been showing up in my own work from a few directions at once. I have been building agentic pipelines in Bitbucket. I have been building guardrail systems for coding agents. I have also been spending time with the GH-600 GitHub Actions material, and one idea keeps getting louder:

the platforms that win the AI era will be the ones that treat events as first-class control signals.

Pipelines Were Never Just Build Scripts

A pipeline already knows things most AI tools have to guess.

It knows:

  • which repository changed
  • which branch or pull request triggered the work
  • which commit is under evaluation
  • which actor initiated the change
  • which environment is being targeted
  • which secrets and identity boundaries are available
  • which checks are required before merge or deployment
  • which artifacts were produced
  • which tests passed, failed, or were skipped

That is an enormous amount of operational context.

The mistake is treating all of that as incidental metadata around a shell script.

In an AI-native engineering system, that metadata becomes the substrate. It is how the platform decides whether an agent should run, what context it should receive, what actions it can take, what work must be audited, and whether the result can influence a merge or deployment decision.

CI/CD is already sitting at the choke point where software change becomes real. That makes it the natural place to govern AI-generated and AI-assisted work.

The Control Plane Shape

The control-plane pattern I keep coming back to looks like this:

Loading diagram...

The key is that the AI agent is not the center of the system.

The event is the center.

A pull request opens. A review is requested. A commit is pushed. A workflow completes. A deployment is requested. A manual approval happens. A security scan fails. A test report appears. An external system sends a dispatch event.

Each of those events is a decision point.

The platform can ask:

  • Should anything run?
  • Who or what is allowed to run it?
  • What context should be loaded?
  • Is this read-only, comment-only, or write-capable?
  • What identity should be used?
  • What evidence must be produced?
  • What status should block the next step?

That is control-plane thinking.

Why GitHub Actions Feels So Powerful Here

GitHub Actions is often described as a CI/CD system, but that undersells the design.

The real power is that Actions is deeply event-driven.

Workflows can respond to repository activity like push, pull_request, releases, issues, comments, and reviews. They can respond to manual workflow_dispatch invocations. They can chain from prior workflows with workflow_run. They can also be triggered from outside GitHub through repository_dispatch.

That last category matters a lot.

Once external systems can emit events into the software delivery platform, GitHub stops being only a source-control host. It becomes a programmable coordination layer.

An internal agent platform can say:

on:
  repository_dispatch:
    types: [agent_review_requested]

Now a product tool, incident system, security scanner, release manager, or agent orchestrator can ask GitHub to run a specific workflow for a specific repository event type.

That is not just automation. That is a control signal crossing a boundary.

And because the workflow runs inside GitHub's event model, it inherits the useful operational scaffolding around it: repository context, commit SHA, workflow logs, permissions, environments, checks, artifacts, and identity.

That is why webhooks and event triggers are such a big deal. They are not merely integration features. They are how the platform becomes reactive.

Webhooks Are The Nervous System

Webhooks are easy to underestimate because they look simple: send JSON to a URL when something happens.

But in a platform architecture, webhooks are the nervous system.

They let the system react when:

  • a PR is opened or updated
  • a review is submitted
  • a check run completes
  • a deployment state changes
  • a commit status changes
  • a comment is created or resolved
  • an issue transitions from blocked to unblocked

The old model was polling:

"Has anything changed yet?"

The better model is evented:

"Something changed. Here is the payload. Decide what to do."

That difference matters for agents because agents need timing and context. A good agent should not wake up randomly and wander through a repo. It should wake up because a meaningful event occurred, with a payload that explains what changed and why it matters.

This is where CI/CD platforms start to look less like Jenkins-era build runners and more like operating systems for engineering workflows.

What Bitbucket Forced Me To Build

The Bitbucket work has made this idea much more concrete for me.

Bitbucket has useful primitives: pull requests, Pipelines, merge checks, repository events, Forge, OIDC, deployment workflows, and the Atlassian ecosystem around it. You can absolutely build serious delivery systems there.

But compared with GitHub, it does not yet feel like it has the same native agentic surface area.

GitHub Actions gives you a very broad event model, a massive action ecosystem, reusable workflow patterns, first-class workflow dispatches, repository_dispatch, rich checks, and a culture where automation lives directly beside collaboration. That matters when you start treating CI/CD as a control plane for agents.

In Bitbucket, I found myself building more of that connective tissue by hand.

The missing pieces were not "can I run a script?" Bitbucket can run scripts just fine.

The missing pieces were the higher-level agentic concerns:

  • control API
  • durable run orchestration
  • agent runtime
  • artifacts
  • policy decisions
  • audit events
  • model access
  • idempotent PR comments and statuses
  • comment-only and shadow-mode execution
  • clear separation between CI trigger and long-running AI work

That experience clarified the architecture for me.

keep the native developer workflow close to the developer, but move stateful AI execution into infrastructure built for state, audit, and isolation.

That architecture changes how you think about a pipeline.

The pipeline step should not be a giant blob that runs an LLM, mutates code, talks to every service, and hopes for the best. It should be a narrow bridge.

In that shape, a pipeline step can use OIDC to assume a scoped role, call a control API, create or resume a run, and then let an execution plane handle the long-running work. That gives you better separation:

  • Bitbucket remains the place developers see status and feedback.
  • Infrastructure remains the place durable state and model-touching workloads live.
  • The control API becomes the policy boundary.
  • Audit is append-only and intentional.
  • Side effects like comments and statuses are idempotent by stable keys.

That is the difference between "we put an AI script in CI" and "we built an agentic delivery control plane."

Shadow Mode Is The Right First Step

One of my favorite practical patterns from this work is shadow mode.

In one Bitbucket pipeline, the test-writer agent runs on pull requests in a comment-only mode. It looks at changed backend classes, attempts to generate or improve tests, reruns targeted gates, records coverage deltas and cost, and posts a report back to the PR.

It does not commit.

It does not push.

It does not merge.

That restraint is not a lack of ambition. It is how trust is built.

For AI in CI/CD, shadow mode gives you the learning loop without handing over the steering wheel too early.

You can measure:

  • did the agent pick the right files?
  • did it improve coverage?
  • did it respect guardrails?
  • did it keep costs within budget?
  • did it produce reviewable evidence?
  • did developers find the output useful?

Only after that loop is boringly reliable should the system graduate to stronger permissions.

The future is not "let the agent do everything."

The future is permissioned autonomy that earns its way forward.

The GH-600 Lens

Studying GitHub Actions through the GH-600 lens sharpened this for me.

The certification material is not just about writing YAML. It pushes you to think in terms of triggers, permissions, environments, artifacts, reusable workflows, runners, secrets, and organization-level governance.

That is exactly the vocabulary AI delivery systems need.

An AI-capable CI/CD control plane needs:

  • event triggers so agents wake up for the right reasons
  • scoped permissions so workflows receive only the access they need
  • OIDC so cloud access does not depend on long-lived static secrets
  • environments and approvals so production remains a deliberate boundary
  • artifacts so agent output becomes inspectable evidence
  • reusable workflows so policy is standardized instead of copy-pasted
  • checks and statuses so decisions are visible where developers already work

This is why GitHub Actions feels strategically important.

It is not just popular CI. It is an evented workflow engine embedded inside the software collaboration surface.

That is a very different kind of leverage.

CI/CD Is Where Agent Work Becomes Accountable

Most AI coding demos focus on generation.

The agent writes a feature. The agent fixes a bug. The agent opens a PR.

That is fun, but generation is not the hard part anymore.

The hard part is accountability.

Who asked the agent to act? What permissions did it have? What context did it use? Which files did it inspect? What tests did it run? What did it change? What did it decide not to do? What evidence did it leave behind? What policy allowed the work to proceed?

Those questions sound like governance questions because they are.

And CI/CD platforms are already where engineering organizations answer governance questions.

They already know how to:

  • enforce required checks
  • block merges
  • protect environments
  • store artifacts
  • scope secrets
  • emit audit logs
  • connect identity to execution
  • represent status in the PR
  • create repeatable workflow templates

AI does not make those capabilities less important. It makes them central.

The Bad Version Of This Future

There is a bad version of AI in CI/CD.

It looks like this:

  • install a CLI in a pipeline
  • give it a broad API token
  • let it read the repo
  • let it call a model
  • let it post comments or push commits
  • hope the prompt says the right thing

That will produce some useful demos.

It will also produce a mess.

Agents running in CI need the same discipline as any distributed system:

  • stable IDs
  • idempotency
  • bounded permissions
  • retry semantics
  • durable state
  • clear ownership
  • structured outputs
  • explicit policy
  • observable cost
  • audit trails

The agent should not be a magical sidecar bolted onto the pipeline.

It should be one worker inside a governed delivery system.

The Better Version

The better version looks more like this:

  1. A repository event occurs.
  2. The CI/CD platform captures the event with native context.
  3. A workflow or webhook sends the event to a control API.
  4. The control API validates identity, tenant policy, and idempotency.
  5. The execution plane assembles context and runs the agent with bounded tools.
  6. The agent produces structured findings, artifacts, and recommendations.
  7. The platform posts results back into the PR as comments, checks, or statuses.
  8. Merge checks and deployment gates consume policy decisions.
  9. Every meaningful transition is auditable.

That is boring in the best way.

It gives engineers confidence that the system is not just clever. It is operable.

Why This Matters For Platform Teams

Platform teams should pay attention because AI is going to increase the volume of proposed change.

More branches. More PRs. More generated tests. More suggested fixes. More automated reviews. More dependency updates. More release candidates. More "small" changes that still need to be validated.

The bottleneck will not be producing code.

The bottleneck will be deciding which changes are safe, useful, compliant, and ready.

That is a platform problem.

CI/CD control planes are where platform teams can encode the rules of the road:

  • what must be true before an agent runs
  • which repositories allow comment-only mode
  • which branches allow generated commits
  • which environments require human approval
  • which findings block merge
  • which actions require stronger identity
  • which outputs become permanent audit evidence

This is where "AI strategy" stops being a slide deck and becomes a workflow file, a webhook handler, a policy evaluator, and a set of merge checks developers actually experience.

My Working Thesis

Here is the thesis I would bet on:

AI will not replace CI/CD. AI will make CI/CD more important.

The more autonomous our tools become, the more we need trusted control points around them.

Source control gives us history.

Pull requests give us collaboration.

CI/CD gives us execution and enforcement.

Webhooks give us evented awareness.

OIDC gives us short-lived identity.

Artifacts give us evidence.

Checks give us shared truth at the moment of decision.

Put those together and you get the foundation for agentic software delivery.

Not an agent wandering around with a token.

A control plane.

The Platforms To Watch

GitHub has a huge advantage because Actions is event-driven and deeply embedded in the pull request experience. The fact that workflows can respond to native repository events, manual dispatches, chained workflow completions, and external repository_dispatch calls gives it a powerful event surface.

Bitbucket has a different but very real path, especially in organizations already standardized on Atlassian. Forge, Bitbucket events, merge checks, dynamic pipelines, and OIDC-backed pipeline steps create a strong native surface for enterprise workflows. Pair that with an external execution plane and you can build serious agentic systems without pretending the CI runner should own everything.

The winner is not simply the platform with the nicest YAML.

The winner is the platform that gives teams the best primitives for:

  • event capture
  • identity
  • policy
  • execution
  • feedback
  • audit
  • human approval
  • ecosystem integration

That is the control-plane checklist.

Closing Thought

The first wave of AI developer tooling was about making agents capable.

The next wave is about making them accountable.

CI/CD platforms are where that accountability can become real because they sit at the exact point where intent meets execution. They already understand events, identity, checks, artifacts, environments, approvals, and deployment.

The trick is to stop thinking of CI/CD as a build system.

It is becoming the control plane for software change.

And in the age of AI, that might make it the most important platform surface in the entire engineering stack.

โ†
Previouskimi-k2-max-opencode-local-delegation.md