The DevOps Agent — Code Commit to Running in Production
How Datarim's DevOps agent owns the build-ship-run pipeline: CI/CD design, Dockerfile authoring, secret management, and build optimization from plan to deployment.
A feature is not finished when the last test passes. It is finished when it runs in production, reproducibly, without leaking secrets or silently differing between environments. The DevOps agent owns that second half of the journey.
Its scope is the build-ship-run pipeline: everything from a code commit landing in version control to a container running in production with verified configuration. This includes the pipelines, the images, the environment wiring, and the artifact stores that connect them.
What it does
The agent designs and implements CI/CD pipelines — primarily GitHub Actions, but the same reasoning applies to GitLab CI and similar systems. Each pipeline step is treated as a contract: inputs, outputs, and failure modes are explicit rather than implied.
Dockerfile authoring follows a set of fixed principles. Base images are minimal. Build stages are layered so that cache stays valid across most changes. No secret value ever appears in a layer — secrets flow in through environment variables, a vault, or CI-managed secrets, never hardcoded. The same image that passes staging is the one deployed to production; environment parity is not optional.
Build optimization
Slow pipelines erode discipline — developers start skipping steps. The DevOps agent treats build time as a first-class constraint. Parallel steps run where dependencies allow. Cache keys are constructed so that only genuinely changed layers are rebuilt. Artifacts are stored once and promoted across stages rather than rebuilt per environment.
A concrete example: a Node.js service that previously rebuilt its node_modules layer on every push can be restructured so that the dependency layer rebuilds only when package-lock.json changes. The application layer rebuilds on every push, but that layer is thin.
Where it sits in the pipeline
The DevOps agent is active at /dr-plan for infrastructure design decisions, at /dr-do for writing Dockerfiles and CI configuration, and at /dr-compliance for CI/CD impact analysis before a task is closed. Infrastructure-as-Code guidance — Terraform, Pulumi, Ansible — is part of its scope when the plan calls for it.
See the full reference on the DevOps agent card, or read what Datarim is for context on how agents fit together.