Agent CI/CD in 2026 requires five evaluation gates that don’t exist in traditional pipelines: golden dataset offline eval, regression blocks, cost gates, shadow evaluation against production traces, and canary rollout with auto-rollback. If you’re shipping agent updates against only lint and unit tests, you’re shipping blind — 89% of production agent teams run observability but only 52% run evals, and that 37-point gap is where quality silently decays (LangChain State of Agent Engineering Survey, 2026).

Why Agent CI/CD Is Different From Traditional CI/CD

Traditional CI/CD gates lint, type-check, run unit tests, verify integration contracts, and build artifacts. Agent behavior is shaped by prompts, model checkpoints, tool definitions, retrieval configs, and guardrails — not just application code. A prompt change that passes every conventional test can tank agent task completion by 20 points in production because the model responds to subtle phrasing differences that no linter catches.

The core shift: agent CI/CD must evaluate what the agent does, not just what the code looks like. That means running the agent against representative tasks, scoring the outputs, and blocking deploys when scores regress.

What Does an Agent-Native CI/CD Pipeline Look Like?

A complete agent CI/CD pipeline adds five gates on top of conventional test infrastructure:

GateWhat It CatchesWhen It Runs
Golden dataset offline evalTask completion, rubric quality, hallucinationEvery PR
Regression blocksMetric deltas exceeding thresholdEvery PR
Cost gateToken/API cost spikes from degraded efficiencyEvery PR
Shadow evalTrajectory differences vs production baselinePre-deploy (replayed traffic)
Canary rollout with auto-rollbackProduction behavior divergenceGraduated (5% → 25% → 100%)

Most teams in 2026 adopt a 3-tier architecture: cheap deterministic tests on every commit, LLM-as-judge scoring on a nightly schedule, and continuous production monitoring with error budgets.

Tier 1 — PR Tier (minutes, cheap)

Deterministic tool-call tests against recorded cassettes. No live model API calls, sub-second execution, no API keys needed. These catch tool selection and argument regressions — the most common agent failure mode in production. Record the agent’s tool calls during a known-good run, store the cassette alongside the test, and replay on every PR to verify the same tools get called with structurally valid arguments.

# tests/agent_tool_regression.py — example using recorded cassettes
def test_agent_tool_calls_unchanged():
    cassette = load_cassette("golden/ticket_resolution_flow.json")
    result = replay_agent_with_cassette(cassette)
    assert result.tool_sequence == cassette.expected_tool_sequence
    assert all(
        validate_schema(call.tool_name, call.arguments)
        for call in result.tool_calls
    )

Tier 2 — Nightly Tier (hours, moderate cost)

Full behavioral evaluation using an LLM-as-judge scorer. Run 300+ golden tasks stratified by difficulty and category, score with G-Eval or rubric-based judges, and gate on:

  • Task completion rate ≥ 85%
  • Hallucination rate < 5%
  • Policy violations = 0
  • p95 latency < 4000ms

The cost matters. A 20-test suite with 5 runs using GPT-4o runs $3-8 per PR (~$150-400/month at 50 PRs). Mitigations: run expensive judges only on the nightly schedule, use deterministic tests on every commit, and restrict LLM-judge execution to paths that actually changed agent behavior (agent/prompts/, agent/tools/, agent/config/).

# .github/workflows/agent-evals-nightly.yml
name: Agent Nightly Evals
on:
  schedule:
    - cron: '0 6 * * *'  # 06:00 UTC daily
  workflow_dispatch:

jobs:
  behavioral-eval:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.12'
      - run: pip install deepeval
      - run: deepeval test run tests/behavioral/ --output junit
      - name: Check eval thresholds
        run: python .ci/check_eval_thresholds.py

Tier 3 — Production Tier (continuous)

Sample live production traces, score online with a lightweight judge, and enforce error budgets before promoting canary traffic. When the online score drops below the error budget threshold, the deployment is automatically rolled back.

The Five CI/CD Gates Explained

Gate 1 — Golden Dataset Offline Evaluation

Your golden dataset is the single most important asset in the pipeline. It must be version-controlled alongside agent code, have a named owner, undergo quarterly coverage audits, and include a drift detection process.

A production-quality golden dataset includes:

  • 200-500 tasks covering the agent’s complete behavioral surface
  • Stratification by task type, difficulty, and edge case category
  • Covers routine operations (50%), edge cases (30%), and safety/sensitive inputs (20%)
  • Recorded tool-call ground truth for deterministic regression testing

The baseline policy is critical. Baselining should advance only when a green run on main shows non-trivial improvement — completion rate up ≥ 1 point or cost median down ≥ 10%. Never auto-advance on every green run. That causes slow-cooking regressions where quality degrades across 10-20 small changes that each pass individually.

Gate 2 — Regression Blocks

Every metric gets a threshold. Hard blocks stop the pipeline immediately:

  • Completion rate drop > 5 points on smoke eval or > 2 points on full eval
  • p95 latency exceeding absolute SLO
  • Any guardrail-violation count > 0 on safety-set run
  • Any unit or contract test failure

Soft warnings surface in PR comments but don’t block:

  • Cost median up > 10%
  • Quality rubric mean drop of 0.1-0.2 points
  • Retry rate increase
  • Any tagged category regressed by 3+ points

Gate 3 — Cost Gate

Agent cost regressions are invisible to traditional CI/CD. A prompt that makes the agent loop on tool calls can triple token spend without anyone noticing until the AWS bill arrives. The cost gate measures median token consumption per task and blocks if it exceeds a 15% increase over the running baseline.

This catches:

  • Agent looping on retries that used to succeed on first attempt
  • Context window inflation from verbose system prompts
  • Model downgrades that produce longer reasoning traces

Gate 4 — Shadow Evaluation

Before deploying to production, replay 1% of real production traffic (last 24-72h) through the candidate agent and diff trajectories against the production baseline. This catches failures that offline datasets miss because no test suite can anticipate every production input.

Shadow evaluation requires trace replay infrastructure. Tools like Langfuse and LangSmith can export production traces and replay them through a new agent version. The key metric is trajectory divergence rate — what percentage of tasks took a meaningfully different path and did that path degrade quality.

Gate 5 — Canary Rollout With Auto-Rollback

Graduated deployment with automated rollback triggers at every step: 5% traffic for 6-24 hours, expand to 25% on green monitoring, then 50% and 100%. Each expansion waits for the production-tier error budget to show no degradation.

How to Structure Eval Thresholds

The thresholds depend on your domain, but here are numbers that work across most production agent systems (adapted from the evaluation testing methodology used across multiple 2026 production deployments):

MetricCI Gate ThresholdProduction SLO
Task completion rate> 85%> 90%
Hallucination rate< 5%< 3%
Grounded response rate> 95%> 98%
Policy violations00
p95 latency< 4000ms< 3000ms
Regression delta0.05 toleranceN/A
Cost regressionBlock > 15% increaseAlert > 10% increase

Closed-Loop Feedback: The Compounding Value

The eval pipeline compounds in value when production traces feed back into offline datasets. The loop:

  1. Offline eval dataset defined and versioned
  2. CI gate scores every PR against the dataset
  3. Production trace eval scores live traffic in real-time
  4. Error feed clusters failing online traces
  5. Failing traces auto-promote into the offline eval set
  6. Dataset expansion triggers next scheduled optimization
  7. Agent-opt (Bayesian, Tree-structured, or PromptWizard optimizers) runs against expanded dataset
  8. CI gate catches the next PR against an improved baseline

The architectural prerequisite: use the same data layer for production traces and offline eval datasets. When they share a layer, the failing online scorer automatically promotes offending traces into your eval set without manual curation. This is the difference between a static test suite that decays and a living evaluation corpus that grows with your users.

Eval Framework Options for CI/CD Integration

The 2026 eval framework landscape breaks into three tiers:

FrameworkCI IntegrationKey Strengths
DeepEvalGitHub Actions, pytest-native, JUnit output50+ metrics, @observe tracing, Ollama local evals
BraintrustPrompt playground → immutable experiments → CI automationOnline scoring, experiment management
LangSmithControl Plane API for preview deploymentsLangChain ecosystem, webhook-driven triggers
PromptfooDeterministic prompt evals, LLM-rubric scoringLatency tracking, fast iteration
AgentClashCI manifest-driven, baseline comparison, PR commentsRegression suites, zero config

For most teams starting out, DeepEval hits the sweet spot: pytest-native means your eval tests live in tests/ alongside application code, the GitHub Action works out of the box, and you can run against a local Ollama model for $0 on the PR tier. My guide on DeepEval in production covers the full setup.

For a broader comparison of open-source eval harnesses and their trade-offs, see the open-source agent eval harness comparison.

Maturity Model for Agent CI/CD

Most teams I talk to land at Level 2 on this scale. The jump from Level 1 to Level 2 is the highest ROI move you can make.

LevelPatternKey Practice
1Manual eval on releaseAd-hoc, skipped under deadline
2CI eval gate on every PRAutomated golden dataset run, threshold blocking
3Tiered eval (PR + nightly)Deterministic cheap tests per-commit, LLM-judge on schedule
4Production feedback loopOnline scoring, trace→dataset promotion, error feed
5Continuous optimizationAutomated prompt/model optimization from eval scores

Level 1 is where most teams who “know they should test” sit. Someone runs a manual eval before a release, and when the deadline hits, the eval gets skipped. The agent degrades and nobody notices until users complain.

Level 2 is non-negotiable. Every PR against agent configuration triggers an automated eval run against a golden dataset. The PR is blocked if scores drop below threshold. This catches regressions before they reach staging.

Level 3 adds tiering — cheap deterministic tests run on every commit (sub-second, no API calls), LLM-as-judge scorers run on a nightly schedule or before merge. The cost savings are substantial: you’re not paying GPT-4o to score “did the tool call schema stay the same” when a sub-second cassette replay answers that.

Level 4 closes the loop. Production traces that fail online scoring automatically promote into the offline eval dataset. Your test suite grows from real user behavior.

Level 5 is aspirational for most teams in 2026. The eval scores drive automated optimization — changing prompts, adjusting model selection, tuning retrieval parameters — all within a bounded optimization loop.

For a deeper look at the evaluation metrics and framework design behind agent testing, see the AI Agent Testing Guide, which covers trajectory evaluation and the five-layer evaluation framework that feeds into these CI/CD gates.

GitHub Actions Workflow: Full Example

Here is a complete GitHub Actions workflow that implements PR-tier and nightly-tier eval:

# .github/workflows/agent-evals.yml
name: Agent Eval Pipeline
on:
  pull_request:
    paths:
      - 'agent/**'
      - 'prompts/**'
      - 'tools/**'
      - 'config/**'
  schedule:
    - cron: '0 6 * * *'

env:
  OPENAI_API_KEY: ${{ secrets.EVAL_JUDGE_KEY }}

jobs:
  pr-eval:
    if: github.event_name == 'pull_request'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with: { python-version: '3.12' }
      - run: pip install deepeval
      - run: deepeval test run tests/agent/smoke/ --junit-xml smoke.xml
        continue-on-error: true
      - run: python .ci/check_smoke_thresholds.py smoke.xml

  nightly-eval:
    if: github.event_name == 'schedule'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with: { python-version: '3.12' }
      - run: pip install deepeval
      - run: deepeval test run tests/agent/behavioral/ --junit-xml behavioral.xml
      - run: python .ci/check_behavioral_thresholds.py behavioral.xml

FAQ

What’s the minimum viable agent CI/CD for a team just starting out?

Run a deterministic tool-call regression suite on every PR (recorded cassettes, sub-second, no API calls) and a 50-task golden dataset eval once per day with an LLM judge scoring task completion. That catches 80% of regressions for under $100/month.

How do I prevent golden datasets from going stale?

Assign a named owner per dataset, run quarterly coverage audits that compare dataset distribution to production traffic distribution, and implement a drift detection process that alerts when production inputs diverge from your eval distribution by more than 10%.

Should I use the same LLM as the judge and the agent?

No. Using the judge and the agent from the same model family introduces correlated error — the judge shares the same blind spots as the agent. Use a different provider (e.g., Claude as agent, GPT-4o as judge) or at minimum a different model size (e.g., Sonnet as agent, Opus as judge).

How many eval tasks do I need in my golden dataset?

Start with 50-100 tasks covering the most common input types. Grow to 200-500 as you add edge cases from production traces. Beyond 500 tasks, the marginal ROI drops sharply — you get better coverage from rotating in recent production failures than from adding more hand-crafted tests.

Can I run agent evals offline without API keys?

Yes. For deterministic tool-call regression (cassette replay) you need no API keys — that’s the fastest, cheapest test tier. For LLM-as-judge scoring, you can run against a local Ollama model. DeepEval and Promptfoo both support local judge models, though judge quality drops with smaller models.