docs: headless/cluster agent infrastructure challenges

[ifireball]

Adds a section to agent-infrastructure.md on running agents in ephemeral CI/Kubernetes-style environments (privilege vs validation, runner images, async CI latency, workspace handoff, idle capacity). Short pointer from the konflux applied README.

Made with Cursor

[qodo-code-review]

Review Summary by Qodo

Document headless and cluster-hosted agent infrastructure challenges

📝 Documentation

Walkthroughs

Description

• Adds comprehensive section on headless and cluster-hosted agent runtime challenges
• Covers five key tensions: privilege vs validation, monolithic images, CI latency, workspace
  continuity, and idle compute costs
• Links infrastructure challenges to security, repo readiness, and human factors considerations
• Adds cross-reference from Konflux applied documentation to new infrastructure section

Diagram

flowchart LR
  A["Agent Infrastructure Challenges"] --> B["Privilege vs Validation"]
  A --> C["Monolithic Runner Images"]
  A --> D["CI Feedback Latency"]
  A --> E["Workspace Continuity"]
  A --> F["Idle Compute Costs"]
  B --> G["Security Threat Model"]
  D --> H["Repo Readiness"]
  E --> H
  F --> I["Human Factors"]
  A --> J["Konflux Applied Docs"]

Loading

File Changes

1. docs/problems/agent-infrastructure.md 📝 Documentation +16/-1

Add headless runtime challenges documentation

• Adds new "Challenges in headless and cluster-hosted runtimes" section with five subsections
• Discusses privilege escalation risks, image complexity, asynchronous CI latency, workspace state
 management, and idle resource consumption
• Updates "Repo readiness" bullet point to reference feedback latency and workspace handoff costs in
 headless environments
• Adds new open question about preserving inner loop performance while avoiding dangerous privileges
 and idle capacity waste

docs/problems/agent-infrastructure.md

---

2. docs/problems/applied/konflux-ci/README.md 📝 Documentation +4/-0

Link Konflux to agent infrastructure challenges

• Adds new "Agent infrastructure" subsection under evaluation framework discussion
• Provides cross-reference link to the new headless and cluster-hosted runtimes challenges section
 in agent-infrastructure.md
• Contextualizes Konflux as a Kubernetes/Tekton workload environment where these challenges directly
 apply

docs/problems/applied/konflux-ci/README.md

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0) 📐 Spec deviations (0)

Great, no issues found!

Qodo reviewed your code and found no material issues that require review

ⓘ The new review experience is currently in Beta. Learn more

[rh-hemartin]

Overall I agree with the ideas in this PR and I think it is OK to merge.

I also think in a constrained environment we will have difficulties in either direction with the agents: a lot of tools and a bigger container image, or less tools more diffierent containers but smaller? Also some of these could be false dillemmas, but we will be making those tradeoffs at some point.

[ifireball]

LGTM, why can't I add an approving review?

Because I wrote this </smack-forhead>