Building an Autonomous CI Pipeline with LLM Agents

🧩 Overall Summary

A technical presentation on automating the software development lifecycle using an autonomous CI pipeline with LLM agents. The speaker details a system built on GitLab that uses AI agents for requirement classification, coding, code review, testing, and deployment, with human oversight for production. Key challenges include managing false positives from code review agents, handling agent communication loops, and ensuring security through fine-grained access control. The system has been running for two months, successfully processing 27 out of 68 merge requests with minimal human intervention.

Automating the software development lifecycle with AI agents
Building autonomous CI/CD pipelines using existing enterprise platforms (GitLab)
Managing agent communication, loops, and budget constraints
Balancing automation with human oversight for production deployments
Handling false positives in AI code reviews
Using documentation as shared memory for agents

Autonomous CI Pipeline: A fully automated continuous integration pipeline with no human involvement, processing requirements into deployed products in cycles.
Uses LLM agents for coding, review, testing, and deployment tasks
Includes hard cut-off loops to prevent infinite agent conversations and budget overruns
Orchestrator Agent: An LLM-based classifier that determines if a work item (GitHub issue) is actionable and ready for the coder agent.
Reads issue descriptions and decides if they can be implemented
Posts comments requesting more context if needed
Labels issues as actionable or not
Coder Agent: Implements code based on requirements and opens merge requests.
Works within a limited context window with specific access to project information
Relies on documentation in the codebase as shared memory
Code Review Agent: Reviews merge requests for issues, documentation, and adherence to conventions.
Known for generating false positives, which was a major challenge
Communicates findings via GitLab artifacts and comments
Hard Cut-off Loops: A mechanism to stop agent iterations after two cycles if issues remain unresolved.
Prevents infinite loops and budget waste
Triggers human intervention via email notification

Input: GitHub issues with requirements labeled as "easy" or actionable
Orchestrator: Classifies issues as actionable or not, requests more context if needed
Coder Agent: Implements code and opens merge requests
Standard CI Pipeline: Runs tests, builds Docker containers, deploys to staging
Code Review Agent: Checks documentation and code quality
Fix Agents: Separate agents for fixing failing tests, negative reviews, and deployment scripts
Hard Cut-off: After two failed cycles, stops all agents and notifies a human

Shared Memory: Documentation in the codebase serves as the primary shared memory for agents
GitLab Artifacts: Agents communicate by uploading files and test results
Comments: Human-readable comments left on issues for transparency
No Direct Agent-to-Agent Communication: Agents interact through the codebase and artifacts only

The system processed 27 out of 68 merge requests autonomously, with 14 requiring no human intervention at all
Code review agents generate significant false positives, which was the biggest challenge
Using an existing platform (GitLab) with built-in security and features is more practical than building from scratch
Documentation in the codebase serves as effective shared memory for agents
Two cycles of iteration are sufficient for most issues; more cycles rarely solve deeper problems
The orchestrator agent doesn't need high reasoning capability; a simpler model like Haiku works well for classification
Human involvement shifts from coding to specifying requirements and verifying outcomes

A merge request costing approximately 10 USD in API calls using Claude Opus
27 of 68 merge requests were fully processed by the pipeline
14 of those 27 required no human review beyond a surface check
One merge request was abandoned entirely; the rest were completed with some human intervention
False positives from the code review agent were a recurring issue, often flagging unrelated changes after rebases
The system runs on an on-prem server with fine-grained access tokens for security

Automating routine development tasks to free up developer time for specification and planning
Running the pipeline overnight so developers wake up to completed or nearly-completed work
Using the system for a Java-based web platform with a React frontend
Implementing a "convention update" agent that periodically checks for codebase drift
Creating an "agent lab" or meta-agent to improve the pipeline itself
Applying the same approach to different project types by adjusting documentation and conventions

The system is still experimental and has only been running for two months
Code review agents have high false positive rates, requiring careful prompt engineering
Agent communication is one-sided and limited to codebase artifacts
Rebasing can cause code review agents to flag unrelated changes
The system works best for well-specified, small-to-medium issues
Production deployments remain fully human-controlled
The codebase is relatively small (100 users, low traffic), so scalability is untested
Different models (Opus vs. Sonnet) show different cost-quality trade-offs
Long-term code quality drift is difficult to measure when humans also work on the codebase

Start with a manual workflow using LLM tools before attempting full autonomy
Use existing enterprise platforms (GitLab, GitHub) rather than building from scratch
Implement hard cut-off loops (2 iterations) to prevent infinite agent loops and budget waste
Use documentation in the codebase as shared memory for agents
Separate agents by scope with fine-grained access tokens for security
Expect false positives from code review agents and design around them
Keep production deployments human-controlled
Invest in comprehensive test coverage to catch issues agents might miss
Use simpler models (Haiku) for classification tasks and more capable models (Sonnet/Opus) for coding
Plan for a meta-agent that can improve the pipeline itself over time