Submitted:
25 May 2026
Posted:
26 May 2026
You are already at the latest version
Abstract
Software delivery is moving from deterministic pipelines toward autonomous environments where AI agents make runtime deployment decisions. Current DevOps governance assumes predictable execution and offers no mechanisms for constraining agents that generate plans on the fly. This leaves critical gaps in trust, accountability, policy enforcement, and failure containment. We present a conceptual architecture for bounded autonomous delivery, in which agents operate within externally enforced operational, security, reliability, and compliance constraints. The architecture separates planning, execution, policy enforcement, runtime verification, and human oversight into composable layers. We propose a taxonomy of autonomy levels and define operational invariants that limit what agents can do at runtime. A recurring scenario (deploying a payment microservice on an e-commerce platform during peak traffic) grounds the concepts in operational practice. The perspective positions governed autonomous delivery as an emerging discipline that demands new assurance models before organizations can trust agents with production systems.
Keywords:
agentic software delivery
; governance
; bounded autonomy
; autonomous DevOps
; runtime governance
; operational invariants
; policy-constrained automation
; human-in-the-loop systems
; verifiable software delivery
Copyright: This open access article is published under a Creative Commons CC BY 4.0 license, which permit the free download, distribution, and reuse, provided that the author and preprint are cited in any reuse.
