Learnings · Concepts · engineering

The agentic SDLC

In an agentic software lifecycle, AI agents do not just autocomplete - they plan, build, test, and hand off finished work across the whole lifecycle. The developer's job moves from writing code to setting intent and verifying results. That single shift moves the bottleneck from coding speed to verification.

Lifecycle phases 5Required capabilities 4New bottleneck verification
Human sets intentagent plans·executes + loopshands off artifacthuman verifies
00

What changes

The agentic SDLC is a delivery practice where AI agents participate meaningfully across the full lifecycle: planning, coding, testing, reviewing, deploying, and operating. The defining trait is autonomy - agents pursue a goal across many steps without a human directing each one. Humans establish intent, agents execute the workflow, and humans review the result. Velocity stops being the hard part; confidence in what was produced becomes the constraint.

5
Lifecycle phases
plan → operate
4
Required capabilities
context · knowledge · collab · governance
→ verify
Bottleneck moves
coding → verification
01

Three operating models

Agentic is not the same as AI-assisted. The difference is who owns execution. Flip between the three models to see where the work sits and where the bottleneck lands.

80% agent-executed20% human-executed
Execution ownershipAgents execute, humans verify
Primary bottleneckVerification, review, governance
How it worksAI plans, executes, evaluates its own output, loops, and hands off a finished artifact.

Developers set intent; agents pursue the goal across many steps without a human directing each one; developers review the result. The work moves from doing to verifying.

WHYAssisted accelerates you; agentic replaces the loop

AI-assisted means the developer is still the executor - the AI just helps faster. Agentic means the AI owns the loop end to end and returns a completed artifact. The work that remains for the human is verification, not authoring.

02

Four required capabilities

An effective agentic SDLC needs all four of these at once - any one missing and autonomy turns into risk. Pick a capability to see what it is, why it matters, and what breaks without it.

Context

Access to the whole operating picture - code, tickets, docs, monitoring, cloud - not a single repository.

Why it matters

An agent reasoning from one file makes locally sensible changes that miss system-wide intent.

Without it

Changes are technically valid but ignore the constraints living in the rest of the org.

03

The agentic lifecycle

The same five phases as ever - but agent autonomy is highest in development and testing, while human involvement climbs back up at review. Walk the phases to watch the bottleneck slide toward verification.

Review

verification load · high
Agent autonomy40%
Human involvement60%
Agent

Generates code faster than teams can verify it; automated review must run at generation speed.

Human

Reconstructs intent across multi-file, multi-iteration changes - harder than reviewing human code.

constraint The verification gap lives here. This is the new bottleneck.
!The verification gap lives at review

Agents generate code faster than teams can verify it, and reconstructing intent across multi-file, multi-iteration changes is harder than reviewing human code. Velocity rises everywhere upstream; the pressure all lands on review.

04

The verification gap

The gap is measurable. Analyzing 470 open-source PRs, agentic code carries more issues than human-only code on every axis. Pick a metric to compare human-only against AI-co-authored output.

Human-only
6.45
AI-co-authored
10.83

AI-co-authored PRs carry roughly 68% more issues than human-only PRs.

Source: CodeRabbit, State of AI vs Human Code Generation - 470 OSS PRs.

The gap shows up as four recurring problems that surface-level tooling does not catch:

Behavioral drift

Individual changes are sensible at each step but collectively introduce subtle behavioural changes.

Standards inconsistency

Different agents apply different interpretations of what good code quality means.

Security opacity

Vulnerabilities in agentic output aren't visible through standard linting or static analysis.

Governance gaps

Engineering leaders have no reliable way to understand what agents shipped.

05

What review must do at agentic speed

Linters and static analysis handle surface-level issues - and that is no longer enough. Review at agentic speed has to do four things that generic tooling cannot.

Codebase context

Evaluate changes against the actual patterns and standards of that specific codebase, not generic best practices.

Consistent standards

Apply the same bar regardless of origin - senior engineer, junior, or agent.

Generation-speed throughput

Run at the speed of generation, not the speed of human attention.

Actionable specificity

Explain each finding with enough detail to be useful, not just flag it.

06

Who does what

The work splits into three lanes. Click a task to see where it belongs and why - the matching lane lights up.

execute

Agents handle

  • Multi-file changes
  • Test loops
  • Refactors
  • Scaffolding
check

Verification at agentic speed

  • Codebase-context checks
  • Standards enforcement
  • Security & style checks
  • Volume management
decide

Humans handle

  • Architecture
  • Design trade-offs
  • System-level decisions
07

Workflows already in production

These are not hypothetical - they are agentic workflows running today, each one a goal pursued across many steps with a human verifying the result.

Debugging

Receives a failing test, traces execution, hypothesizes causes, iterates fixes.

Refactoring

Analyzes architectural problems and proposes restructuring across multiple files.

Security scanning

Searches for vulnerabilities and reports them with actionable context.

Feature development

Completes the full cycle from ticket to pull request.

Incident response

Root-causes production alerts and proposes fixes in the Slack thread.

Documentation

Auto-updates docs from merged pull requests.

08

Putting it to work

Four principles that fall out of ownership, the lifecycle, and the verification gap.

Scope intent precisely

Agents excel where intent is expressed precisely. A vague ticket produces a vague PR regardless of how capable the agent is.

Elevate planning

The cost of unclear intent rises when an agent iterates fifteen times before a human ever looks. Plan more, not less.

Make review the active layer

Automated review runs at generation speed; reserve human review for the decisions that need domain judgement.

Define standards once

One set of guidelines applied in the agent config, the review layer, and CI - so nothing is enforced in only one place.

AgencyCore · Learnings · The agentic SDLCintent · execute · verify