Maybe I misunderstood you but basically checkmk monitor itself out of the box. I recommend to open a dedicated thread to discuss. Possibly the community can help to find a solution for you.
I agree to that.
In several domains we are hardly missing CI/QA. The testing of the code is a real burden to us.
The attempt to make the agent highly secure failed because it introduced other security risks.
See also:
At least because of that we have to go on with the legacy agent. Hopefully it will be supported in future versions.
It depends on how your change management process and your organization looks like. We have segregated the duty between monitoring architecture/development and monitoring run team and with help of change management we have any deployment documented. I can understand that this may different at different customers. If you want to discuss in detail I recommend a dedicated thread.
Yes that’s the part about transparency.