TEP-0164: Agent-Native Workflows

[waveywaves]

Summary

This TEP proposes making Tekton an agent-native workflow engine by introducing AgentRun and AgentConfig CRDs that orchestrate AI agent execution with security and provenance controls.

Rather than rebuilding the agent stack inside Tekton, this TEP takes a composition-first approach:

• Agent runtime: Delegates to kagent — a Kubernetes-native agent framework with 8 LLM providers, MCP tool protocol, and Python/Go ADKs
• Pipeline orchestration: Uses Tekton Pipelines for pre/post hooks around agent execution
• Security & trust (this TEP's contribution): Adds per-run RBAC scoping, NetworkPolicy generation, OPA-based policy enforcement, and provenance recording for Tekton Chains

/kind tep

Motivation

AI agents are already appearing in CI/CD pipelines as opaque Python scripts inside container steps. A real-world comparison of a Jira-driven test lifecycle pipeline with and without agents shows:

• Agents replace template-based test scaffolding with actual code generation
• Agents replace manual test authoring bottlenecks with review checkpoints
• Agents add intelligent failure triage and reporting

But Tekton cannot see inside these agent steps — no visibility into models, tools, tokens, or policy compliance.

Meanwhile, kagent already solves the agent runtime problem with CRDs for model configuration, MCP tool servers, agent deployment, and memory. But kagent doesn't provide pipeline orchestration, supply-chain provenance, or per-execution security controls.

This TEP bridges the gap: Tekton orchestrates when/how agents run. kagent handles what agents do. AgentRun adds the security and trust layer.

Key Design Decisions

• Dynamic client integration: Interacts with kagent CRDs via k8s.io/client-go/dynamic — no Go module dependency, no version coupling
• Ephemeral kagent Agents: Each AgentRun creates and tears down a dedicated kagent Agent CR with owner references for cleanup
• Per-run security: RBAC, NetworkPolicy, and OPA policy scoped to individual executions — kagent uses pre-created ServiceAccounts, this TEP generates ephemeral ones
• Optional Tekton dependency: Works with kagent alone; Tekton Pipelines adds pre/post hook pipelines

PoC

Working proof-of-concept at waveywaves/tekton-agentrun — successfully runs end-to-end in a Kind cluster with mock agent provider.

Related

• kagent — Kubernetes-native agent framework (agent runtime backend)
• waveywaves/tekton-agentrun — PoC implementation
• Jira test lifecycle pipeline comparison — Evidence motivating this TEP

/cc @anithapriyanatarajan

[tekton-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign pradeepitm12 after the PR has been reviewed.
You can assign the PR to them by writing /assign @pradeepitm12 in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• teps/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[waveywaves]

[Anitha] We need to set some boundaries for the agents. If it works for too long there needs to be manual way for human intervention.

A workflow that would be good for QE would be to generate good test cases. SLSA is something we can actively participate in for this. Streaming logs for streaming the logs from Claude. We need to orchestrate the agents in a controlled way or a Kubernetes native way.