Skip to main content
  1. Posts/

AI Agents in Your CI/CD: Why GitHub Rulesets Matter Now More Than Ever

·714 words·4 mins
github ai ci-cd devops security github actions rulesets automation claude code review
Daniel Ancuta
Author
Daniel Ancuta
Backend team lead, with 19 years of hands-on experience with modern technologies, as well as 7 years of experience in leading of development teams. Let us get in touch!
Table of Contents

AI agents are getting scary good. Tools like clawbot can understand your codebase, write features, fix bugs, and commit changes - all without much human input.

But that doesn’t mean you should let them run wild.

AI Agents Sound Great Until They’re Not #

AI agents in your CI/CD pipeline can boost productivity. They review pull requests, fix bugs automatically, update dependencies, write tests, and deploy changes.

Why wait for humans when AI handles it instantly, right?

Except when things break, they break fast. And automated checks won’t catch everything.

Why You Still Need Humans #

An AI agent can make a perfectly logical decision and still wreck production. It passes all tests but misses a security flaw. It force-pushes because the branch looks “clean” to it.

AI agents don’t understand business context, politics, or the edge cases you forgot to document. They’re powerful tools, but they operate on incomplete information.

Humans catch what automated checks miss. But you need a way to enforce that oversight - and that’s where GitHub Rulesets come in.

GitHub Rulesets: Your Safety Net #

If you’re using GitHub, you already have access to a powerful protection mechanism: GitHub Rulesets.

Rulesets let you define policies that protect your repositories from accidental (or malicious) actions. Think of them as automated bouncers for your branches - they enforce the rules you set, no exceptions.

For teams using GitHub Enterprise, rulesets can be enforced across your entire organization, making sure every repo follows the same security standards. You can also export and import rulesets, which is perfect for multi-organization setups or version-controlling your policies.

Rulesets That Protect Your AI Pipeline #

When it comes to AI agents, a few rulesets matter most:

Required Approvals - No matter how confident the AI is, a human must approve before merging. This single rule prevents most disasters.

Dismiss Stale Approvals When New Commits Are Pushed - If an AI agent adds new commits after approval, the approval gets revoked. This prevents a scenario where questionable code slips in after review.

Block Force Pushes - Stops AI agents from rewriting commit history or overwriting important work, even if they think they’re “fixing” something.

Require Code Scanning Results - Your security tools get a vote too, not just the AI agent.

There are several other rulesets you should configure (like restricting deletions, requiring signed commits, and requiring conversation resolution). For more details on these protections, check out my article: GitHub Rulesets: Your Safeguard for Your Repositories.

Speed vs. Safety (You Need Both) #

Look, I get it. The whole point of AI agents is to move faster. Adding approval gates feels like it defeats the purpose.

But moving fast without safeguards isn’t agile - it’s reckless. You’re not saving time if you’re constantly rolling back bad deployments or explaining to your CEO why customer data got exposed.

GitHub Rulesets enforce what security folks call “human-in-the-loop” - AI can do the heavy lifting (analyzing code, suggesting fixes, even generating features), but humans approve before anything ships. This isn’t about distrusting AI. AI doesn’t know what it doesn’t know. It can’t assess business risk or predict political fallout. It operates on whatever data you fed it, which is probably incomplete.

Rulesets automate the boring safety checks, catch mistakes before they become incidents, and enforce consistency across your org. Required approvals make sure a human reviews the AI’s work before it hits production.

You’re not slowing down - you’re avoiding the disasters that actually slow you down.

Final Thoughts #

AI agents in CI/CD aren’t going away. They’re getting more capable - tools like clawbot are just the start. More autonomy, more automation, more AI-made decisions.

That’s exciting, but it means you need better guardrails.

GitHub Rulesets don’t slow down your AI agents. They keep you in control while you move fast. Configure them on your main branches now, before you’re woken up at 2am to fix production because something merged that shouldn’t have.

Your future self will appreciate it.

That’s it! If you need help setting up GitHub Rulesets or want to discuss security strategies for AI-driven workflows, feel free to get in touch.

Note: This article was written with assistance from Claude (Anthropic). The experiences, code, and opinions are my own, but AI helped structure and articulate them.