This work addresses the absence of a unified conceptual framework for describing the autonomy of AI agents and the allocation of decision-making authority in contemporary CI/CD pipelines. It introduces the notion of “authority transfer” to systematically delineate the boundaries of agent autonomy, distinguishing between decision rights in the data plane and the control plane, and identifies governance of the control plane as a critical research direction. Through architectural abstraction, pattern identification, and governance mechanism design—supported by prototype implementation and analysis of industrial platforms—the study reveals three prevalent patterns: constrained autonomy, externally dominated governance, and delayed evaluation. These findings establish a theoretical foundation and outline a research agenda for developing safe, controllable, and highly autonomous CI/CD systems.

AI agents are assuming active roles in Continuous Integration and Continuous Deployment (CI/CD) workflows, yet the research community lacks a shared vocabulary for describing what it means for CI/CD to be agentic, how much decision authority is delegated, and where control should reside. This paper presents a vision of agentic CI/CD in which the central challenge is not improving task performance but designing authority transfer, defined as the delegation of operational decisions from human-controlled pipelines to agent systems under specified constraints and recourse mechanisms. To structure this argument, we introduce a distinction between data-plane authority (localized interventions such as patch generation and test reruns) and control-plane authority (modifications to pipeline configuration, deployment policies, and approval gates). Drawing on research prototypes and industrial platforms, we show that current systems operate mainly at the data plane under bounded autonomy, with safety achieved through surrounding governance infrastructure rather than intrinsic agent guarantees. We identify three recurring patterns: constrained autonomy as the dominant design, external governance as the primary safety mechanism, and a widening gap between deployment momentum and evaluation methodology. We propose a research agenda in which control-plane safety and governance mechanisms represent the most urgent open problem, followed by formalization of autonomy boundaries, evaluation frameworks, and human--agent coordination.