Agentic SDLC: the Human-Gated AI Coding Pipeline on Open Source Cloud
An AI agent that triages issues, writes code, and proposes changes. A mandatory review gate that controls what deploys. An authorization model where the deploy token lives on the server and the agent never touches it.
Autonomous AI coding agents can write code faster than most teams can review it. The risk is not the speed. The risk is what happens when the agent also has deploy authority. Agentic SDLC is the answer we built for that problem. An AI agent that triages issues, writes code, and proposes changes in a fully isolated environment. A mandatory review gate that controls what deploys. An authorization model where the deploy token lives on the server and the agent context never touches it. We ran it on our own apps before shipping it to OSC users.
How the pipeline works
When a feature request or issue comes in inside a My App on OSC: 1. An agent reads the ticket and generates a sub-task plan. You approve the plan before the agent executes. 2. Each sub-task runs in its own isolated copy of the codebase, so parallel tasks cannot interfere with each other. 3. The agent writes code and proposes a diff. No production change has happened yet. 4. The diff passes through a review gate: a human reviewer, an automated test suite, or both. The gate is mandatory. There is no shortcut past it. 5. The server releases the deploy authorization only after the gate clears. The agent does not hold the credential and cannot self-authorize. Change tracking runs on Gitea, provisioned per tenant. Every proposed change is a tracked ticket. Every approval is logged. The infrastructure is 100% open source.
BYO Claude or OpenAI API key
You bring your own API key from Anthropic or OpenAI. OSC does not intermediate your AI spend or add a markup. Your cost is billed directly by the provider at their published rates. This means you can switch models without asking us, cap your spend at the provider level, and see exactly what the AI inference costs. The platform cost and the AI inference cost are separate line items.
Why server-held authorization matters
A gated AI coding agent is only as trustworthy as its authorization architecture. If the agent holds the deploy credential, a sufficiently crafted instruction could still cause an unauthorized deploy, whether from a malicious prompt, a hallucinated action, or a misunderstood instruction. Server-held authorization removes that surface. The agent has no deploy credential to misuse. The worst outcome is a proposed change that a reviewer rejects. As Jonas Birmé put it when he shipped the feature: "An agent that goes off-script can at worst propose something that gets rejected. It cannot rewrite your running app."
How to enable Agentic SDLC
Agentic SDLC is available in My Apps on Open Source Cloud today. Go to any My App's settings, enable the feature, and connect your Claude or OpenAI API key. The feature is under active development. We are iterating on the review gate UX, the sub-task isolation behavior, and the Gitea tenant integration. Read the original article by Jonas Birmé: <a href="https://www.linkedin.com/pulse/we-built-ourselves-now-runs-your-app-jonas-birm%C3%A9-xn9nf/?utm_source=osaas-blog&utm_medium=organic&utm_campaign=agentic-sdlc&utm_content=linkedin-source">We built it for ourselves. Now it runs your app.</a>
Frequently Asked Questions
Can the agent deploy to production without a human approving?
No. The deploy authorization is held server-side. The agent cannot self-authorize. Every change must pass through the review gate before the server releases the credential. The worst outcome from an off-script agent is a proposed diff that a reviewer rejects.
Which AI models does Agentic SDLC support?
You can connect your own Anthropic (Claude) or OpenAI API key. OSC does not intermediate your AI spend. Your cost is billed directly by the provider at their published rates, and you can switch models or cap spend at the provider level without asking us.
Where does the code live?
Change tracking runs on Gitea, provisioned per tenant inside your OSC workspace. Every proposed change is a tracked ticket. Every approval is logged. All infrastructure is 100% open source and you can export your data at any time.
Does this lock me in to OSC?
No. Gitea is unmodified open source. The pipeline itself is 100% open source infrastructure. If you stop using OSC, your repos and history export cleanly via standard git tooling.
Related Posts
My Agent Tasks: Close the Loop Between Your Code, Your Services, and Your AI Agents
OSC now lets you create scheduled AI agent tasks that run against your own code and your own unmodified open source services. Your agents work on the same repo that deploys to My Apps, against the same real PostgreSQL, Valkey, and ClickHouse instances, on a cron you control.
From Vibe Coding to Agentic Engineering: What Your Infrastructure Needs to Keep Up
Vibe coding gets you to a working prototype fast. Agentic engineering gets it to production and keeps it there. Here is what the infrastructure gap looks like up close.
Your Vibe-Coded App Deserves Better Than a Credit Tax
Credit-based AI builders charge per generation. When free tiers expire, real costs emerge. Deploy your vibe-coded app on real infrastructure, no credits, no counter.