Allow config overrides e.g. npmrc for built ins

[jamesadevine]

We need to allow users to override specific configurations for runtimes and tools. For example, in an ADO context, the azure devops MCP should only install from internally managed feeds. Teams usually have an npmrc to configure this.

Likewise, a similar runtime for node will have the same need to pull and build only from internally managed feeds.

Different languages have different configurations, but they mostly boil down to a set of url endpoints in a file. The file needs to usually be injected into any commands that would install from a feed, and urls contained in the feed config file would need to be allow listed in the firewall.

Some runtimes pick up configuration automatically, like cargo. Which picks up config.toml from a well understood location (.cargo if I remember correctly). We need to come up with a plan that encompasses all these use cases.

[jamesadevine]

/plan

[github-actions]

✅ Issue Plan Maker completed successfully!

[github-actions]

Implementation Plan: Feed/Registry Config Overrides for Built-ins

Objective

Allow pipeline authors to supply package-registry configuration files (.npmrc, Cargo.toml, pip.conf, NuGet.Config, etc.) from within their repository, so that built-in tools and runtimes use internally managed feeds instead of public registries. The compiler must automatically allowlist the registry URLs found in those config files in the AWF network firewall.

---

Scope

In-scope

• tools.azure-devops — mount .npmrc into the node:20-slim MCP container so npx installs from an internal npm feed
• runtimes.lean — mount/inject a custom elan mirror or toolchain source (lower priority; lean uses a well-known location)
• Future runtimes.node — supply .npmrc for node/npm toolchain installs
• Future runtimes.rust — supply .cargo/config.toml for cargo (cargo already auto-discovers from well-known locations, so this is mostly about surface-area consistency)
• Automatic AWF domain extraction — parse registry config files at compile time and add discovered hostnames to the AWF allowlist
• Sanitization of all new config fields via SanitizeConfig

Out-of-scope (defer)

• pip.conf / NuGet.Config support (no Python or .NET runtimes exist yet)
• Credential injection (PATs/tokens into config files) — the existing permissions.read / env-passthrough mechanism handles this
• Runtime validation that the config file actually exists at compile time (emit a warning, not an error, to allow pipeline-generated configs)

---

Design

Use per-extension registry-config sub-fields on the existing *Options structs rather than a new top-level key. This keeps config co-located with the tool/runtime it affects, is easier to document, and leverages the CompilerExtension trait cleanly.

Front-matter syntax

tools:
  azure-devops:
    npmrc: ".npmrc"                # path relative to repo root (checked out workspace)

runtimes:
  node:                            # (future runtime)
    npmrc: ".npmrc"
  lean:
    toolchain: "leanprover/lean4:v4.29.1"
    # (no registry config needed for lean today)

Compiler behaviour (azure-devops example)

1. At compile time, if npmrc is set:
   a. Read the file at <workspace>/<npmrc-path> and extract registry=... / //host/... lines.
   b. Add extracted hostnames to the AWF --allow-domains list (via required_hosts()).
   c. Emit a compile-time warning (not error) if the file doesn't exist yet (it may be generated by a setup: step).
2. At pipeline runtime (prepare_steps), copy the npmrc into a staging location: $(Agent.TempDirectory)/staging/<tool>-npmrc.
3. In mcpg_servers() for AzureDevOpsExtension, add a Docker mount:
   $(Agent.TempDirectory)/staging/azure-devops-npmrc:/root/.npmrc:ro

---

Work Breakdown

1. AzureDevOpsOptions — add npmrc field (src/compile/types.rs)

• Add pub npmrc: Option<String> to AzureDevOpsOptions
• Derive/implement SanitizeConfig for the new field (path sanitization: no .., no absolute paths, no injection chars)
• Add unit tests for YAML deserialization of the new field

2. AzureDevOpsExtension — wire up mount + domain extraction (src/compile/extensions.rs)

• In prepare_steps(): if npmrc is set, emit a bash step that copies the file to $(Agent.TempDirectory)/staging/azure-devops-npmrc
• In required_hosts(): if npmrc is set and the file exists at compile time, parse it and extract registry hostnames; return them alongside the existing ADO hosts
• In mcpg_servers(): add mounts: Some(vec!["$(Agent.TempDirectory)/staging/azure-devops-npmrc:/root/.npmrc:ro"]) when npmrc is configured
• In validate(): emit a warning if the file path does not exist relative to the compile-time working directory (it may be generated at runtime)

3. Extract registry URL parser helper (src/compile/common.rs or new src/registry_config.rs)

• fn parse_npmrc_hosts(content: &str) -> Vec<String> — extract hostnames from registry=(redacted) and //host/... scoped-registry lines; URL-validate before emitting
• fn parse_cargo_toml_hosts(content: &str) -> Vec<String> — extract replace-with / source....registry URLs (for future Rust runtime)
• Unit tests covering both parsers

4. Path sanitisation (src/sanitize.rs / ado-aw-derive/)

• npmrc field (and future equivalent fields) must reject: absolute paths, .. components, shell metacharacters — implement as a #[sanitize(path)] variant or explicit validator
• Add tests for malicious paths (e.g., ../../etc/passwd, /etc/shadow)

5. Future runtimes.node skeleton (src/runtimes/node.rs)

• Stub out NodeOptions { npmrc: Option<String> } + NodeRuntimeConfig following the LeanRuntimeConfig pattern
• Wire into RuntimesConfig and collect_extensions() in extensions.rs
• CompilerExtension::prepare_steps() copies .npmrc to $HOME/.npmrc before AWF starts
• required_hosts() parses the npmrc as above

6. Documentation updates

• Update AGENTS.md / README sections for tools.azure-devops and runtimes.node with the new npmrc option
• Add an example file under examples/

---

Validation Strategy

• Unit tests: parse_npmrc_hosts with real-world scoped and unscoped registry lines; AzureDevOpsExtension::prepare_steps returns the copy step; mcpg_servers includes the mount entry; sanitisation rejects path traversal.
• Integration tests (tests/): compile a fixture front-matter that sets tools.azure-devops.npmrc: ".npmrc" and assert the generated YAML contains the mount and that the extracted hostname appears in --allow-domains.
• Compile-time warning test: verify a warning (not panic) is emitted when the npmrc file is absent at compile time.
• cargo clippy + cargo test must pass clean.

---

Risks & Mitigations

Risk	Mitigation
Registry URL extraction is incomplete — some .npmrc formats not parsed	Be conservative: only extract well-formed https:// URLs; emit a warning advising the user to add un-parsed hosts manually via network.allowed
Path traversal in npmrc value	Sanitise in SanitizeConfig; reject at compile time with an error (not just a warning) for this one field, since it affects Docker mount paths
AWF mount path contains ADO macro $(...) — volume mount validation may reject it at Docker runtime	Use $(Agent.TempDirectory) which is well-known and safe; test with a real MCPG invocation
Feature scope creep into pip/NuGet configs	Defer via separate issues; stub NodeOptions with only npmrc for now

---

Dependencies & Assumptions

• The .npmrc (or equivalent) file is already committed to the repository or produced by a setup: job / steps: entry before the agent runs.
• MCPG supports Docker volume mounts on the mounts field of a stdio server config — this is already in McpgServerConfig struct (extensions.rs:45).
• The AWF --allow-domains flag accepts any number of hosts; there is no documented upper limit that would be hit by a realistic npmrc.
• The SanitizeConfig derive macro can be extended (or bypassed with a manual impl) to handle path validation — the existing LeanOptions.toolchain field shows the pattern for string fields.

Generated by Issue Plan Maker for issue #253 · ● 974.9K · ◷

[jamesadevine]

/plan revise the plan. I'm not sure we need to copy feed config files around. Doesn't the copilot CLI get invoked at the repository root? /tmp is used for agent configuration purposes. The agent will operate in the same dir as the repository source. Though I suppose if we want to use that config in commands it may be easier to copy config files to a known location.

Ideate on whether we need to support multiple of the same config files. This is where I think a "locally aware" approach would be best. Sometimes dotnet projects use different feed configurations per project. Tell me if I'm chatting rubbish!

There's probably also a difference in project level configurations vs. tool/runtime configuration. We could ignore the former for now.

[github-actions]

✅ Issue Plan Maker completed successfully!

[github-actions]

Revised Implementation Plan: Feed/Registry Config Overrides for Built-ins

Revision addressing: file-copy necessity, multiple config file support, and project-level vs. tool/runtime distinction.

---

Objective

Enable agents to use internally-managed package feeds by:

1. Auto-allowlisting AWF firewall domains found in repo-resident config files (.npmrc, .cargo/config.toml) at compile time — no front-matter required for agent-internal runtimes
2. Staging and mounting config files into isolated MCP containers (which have no workspace access) — requires explicit front-matter for those cases

---

Key Architectural Clarification: When Is Copying Needed?

The pipeline has two distinct execution contexts with different file access:

Context	Workspace visible?	Config strategy
Agent inside AWF (Copilot CLI)	✅ Yes — workspace is bind-mounted via --container-workdir	No copying needed; tools auto-discover repo-resident configs (.npmrc, .cargo/config.toml) naturally
MCP containers (spawned by MCPG as sibling Docker containers)	❌ No — isolated; no workspace mount	Must stage to /tmp/awf-tools/staging/ then volume-mount into the container

So @jamesadevine — you're right that for runtimes the agent is already operating on the repo and picks up standard config files naturally. The missing piece is just AWF domain allowlisting. Copying is only mandatory for MCP containers like the azure-devops one.

---

Scope

In-scope

• Compile-time registry URL extraction from well-known config files: .npmrc, .cargo/config.toml
• Auto-AWF-allowlisting of extracted registry hostnames when the corresponding runtime/tool is enabled (zero front-matter required)
• Explicit npmrc: field on tools.azure-devops for staging into the MCP container

Out-of-scope (deferred)

• Project-level config files (e.g. NuGet.Config per project subdirectory, per-package .npmrc) — these are naturally discovered by tools since the agent runs at workspace root; users add registry URLs via network.allowed manually for now
• Credential injection into config files (the permissions.read + env-passthrough mechanism covers this)
• .npmrc for a future runtimes.node extension (stub the field but don't implement the runtime)

---

Design: Two Tiers

Tier 1 — Agent-internal runtimes (zero config, auto-scan)

When a runtime/tool is enabled, the compiler scans well-known config file locations relative to the compile-time working directory and extracts registry hostnames automatically:

Runtime/tool	Auto-scanned path	Registry pattern parsed
tools.bash with cargo in allow-list	.cargo/config.toml	[source.*].registry / replace-with URLs
tools.azure-devops (for the agent's own npm if needed)	.npmrc in workspace root	registry=, //hostname/ scoped-registry lines

No front-matter required — the compile step silently skips if the file doesn't exist at compile time, emitting a hint if the runtime is enabled but no config was found and registry domains aren't in network.allowed. If the file IS found, its registry hostnames are injected directly into the AWF --allow-domains list.

// In AzureDevOpsExtension::required_hosts()
// + new LeanExtension equivalent if Lean ever uses a private registry
fn required_hosts(&self) -> Vec<String> {
    let mut hosts = mcp_required_hosts("ado")...;
    // Auto-scan compile-time working directory for .npmrc
    if let Ok(content) = std::fs::read_to_string(".npmrc") {
        hosts.extend(parse_npmrc_hosts(&content));
    }
    hosts
}

Tier 2 — MCP containers (explicit field, stage + mount)

The azure-devops MCP runs in node:20-slim and executes npx -y @azure-devops/mcp`` at container startup. This container has no workspace access, so a custom .npmrc must be staged to `/tmp` and volume-mounted.

Front-matter syntax:

tools:
  azure-devops:
    npmrc: ".npmrc"   # path relative to repo root; staged to /tmp and mounted into MCP container

Compiler behaviour:

1. prepare_steps(): emit a bash step copying the file to /tmp/awf-tools/staging/azure-devops-npmrc (or warn if absent at compile time — may be generated by setup:)
2. mcpg_servers(): add mounts: ["/tmp/awf-tools/staging/azure-devops-npmrc:/root/.npmrc:ro"] to the MCPG stdio server config
3. required_hosts(): parse the npmrc file and extend the AWF allowlist with extracted hostnames

---

On Multiple Config Files ("Locally Aware")

You're not chatting rubbish! The "locally aware" insight is correct:

• Project-level configs (e.g. a NuGet.Config in each src/ProjectA/, src/ProjectB/, or .npmrc files in monorepo packages): These are discovered by the tools themselves (NuGet walks parent dirs; npm respects project-level .npmrc). Since the agent operates at the workspace root and traverses the filesystem, these configs are found automatically. No special handling needed for discovery.

• The only remaining gap is AWF allowlisting. For project-level configs, the options are:

  1. Now (deferred): Users manually add registry URLs to network.allowed
  2. Future: Compiler recursively scans all NuGet.Config, .npmrc etc. in the workspace and auto-allowlists all found registries when the corresponding runtime is enabled

For Tier 1 tool/runtime configs (the global config, not per-project): a single path per runtime is sufficient. Cargo's .cargo/config.toml at repo root is already the established pattern. npm similarly supports a single root .npmrc that applies to the entire workspace.

---

Work Breakdown

1. Registry URL parser (src/compile/registry_config.rs — new file)

• pub fn parse_npmrc_hosts(content: &str) -> Vec<String> — extract from registry=(redacted) and //host/ scoped-registry lines; URL-validate before emitting
• pub fn parse_cargo_config_hosts(content: &str) -> Vec<String> — extract [source.*].registry URLs from TOML
• Unit tests: standard .npmrc formats (scoped, unscoped, auth tokens); .cargo/config.toml with replace-with chains; malformed input is silently skipped

2. Auto-scan in AzureDevOpsExtension (src/compile/extensions.rs)

• required_hosts(): if .npmrc exists at compile time in CWD, call parse_npmrc_hosts and append to ADO hosts
• validate(): if tools.azure-devops is enabled and neither .npmrc exists nor registry domains are in network.allowed, emit a hint (not error)

3. Explicit npmrc field for MCP container staging

• Add pub npmrc: Option<String> to AzureDevOpsOptions in src/compile/types.rs
• SanitizeConfig: validate npmrc path — reject .., absolute paths, shell metacharacters (error, not warning, since this affects Docker mount paths)
• AzureDevOpsExtension::prepare_steps(): if npmrc is set, emit a step: cp "{{ working_directory }}/<npmrc>" /tmp/awf-tools/staging/azure-devops-npmrc
• AzureDevOpsExtension::mcpg_servers(): add mounts: Some(vec!["/tmp/awf-tools/staging/azure-devops-npmrc:/root/.npmrc:ro"]) when npmrc is set
• AzureDevOpsExtension::required_hosts(): if npmrc is set and exists, parse it and extend hosts

4. Validation and warnings

• validate(): warn if npmrc path doesn't exist at compile time (may be generated at runtime by setup:)
• validate(): warn if npmrc path contains $(...) ADO macro syntax (not resolvable at compile time)

5. Documentation

• Update AGENTS.md / README tools.azure-devops section with npmrc: option
• Clarify the "project-level configs are naturally discovered" note for users who ask about NuGet/multi-project

---

Validation Strategy

• Unit: parse_npmrc_hosts with scoped + unscoped registries; cargo TOML parser; path sanitisation rejecting traversal
• Integration (tests/): compile a fixture with tools.azure-devops.npmrc: ".npmrc", assert:
  • Generated YAML includes the /tmp/awf-tools/staging/azure-devops-npmrc:/root/.npmrc:ro mount
  • The extracted registry hostname appears in --allow-domains
  • prepare_steps includes the cp step
• Compile-time scan: fixture with a real .npmrc in the test directory; verify auto-extracted hostname appears in allowlist without any front-matter npmrc: field
• cargo clippy + cargo test clean

---

Risks & Mitigations

Risk	Mitigation
Registry URL extraction misses some formats (scoped, @scope:registry=)	Be conservative: only emit well-formed https:// hostnames; warn user to add extras via network.allowed
Path sanitisation in npmrc field — Docker mount path injection	Validate in SanitizeConfig; reject at compile time with an error (not warning) for paths used in Docker mounts
Compile-time auto-scan reads files in CWD that shouldn't be read	Only scan paths explicitly associated with an enabled runtime/tool; never walk directories
Users expect project-level NuGet.Config to "just work" for AWF	Document clearly: project-level configs are auto-discovered by tools (✅) but registry URLs must be in network.allowed for AWF (until future recursive-scan feature)

---

Dependencies & Assumptions

• .npmrc or .cargo/config.toml either already exists at compile time (committed to repo) or is produced by a setup: step; compile-time scan only helps if the file is present at compile time
• MCPG mounts field on stdio servers is already implemented in McpgServerConfig (extensions.rs:44) ✅
• AWF --allow-domains has no practical upper limit for realistic registry lists ✅
• The SanitizeConfig derive macro handles new Option<String> fields with the same sanitize_config() treatment as existing string fields ✅

Generated by Issue Plan Maker for issue #253 · ●

Generated by Issue Plan Maker for issue #253 · ● 752.9K · ◷

[jamesadevine]

/plan we could be missing the fact that installer steps in pipelines often require specific configuration specification e.g. RustInstaller@1 so when runtime support for rust is added, it would be necessary to only consume packages from an internal mirror and the step would need the reference to the rust configuration file. Look at typical installer steps for runtimes such as rust and dotnet and determine if feed configuration files need to be specified in installer steps.

[github-actions]

✅ Issue Plan Maker completed successfully!

[github-actions]

Implementation Plan: Feed Config Injection for Runtime Installer Steps

Refining and extending the earlier plan (see previous plan comment) with specifics about ADO installer step parameters and per-ecosystem config file injection patterns.

---

Objective

When runtimes (Rust, .NET, Node) are added, their installer pipeline steps must be configurable to point at internal package mirrors instead of public registries. The compiler must:

1. Accept a user-supplied feed config path per runtime/tool
2. Inject it into the installer step (as a task parameter or by copying to the well-known location)
3. Extract registry URLs from that file at compile time and add them to the AWF allowlist

---

Scope

In-scope

• CompileContext extension: add compile_dir: PathBuf so extension methods can read workspace files
• General feed-config: sub-field design for all runtimes/tools
• runtimes.rust (new): rustup bash install + .cargo/config.toml injection
• runtimes.dotnet (new): UseDotNet@2 + nugetConfigPath parameter on DotNetCoreCLI@2 / NuGetCommand@2
• tools.azure-devops (exists): .npmrc volume-mount into the node:20-slim MCP container (from previous plan)
• Compile-time URL extraction per format: cargo TOML, NuGet XML, .npmrc key=value
• AWF allowlist auto-population from extracted URLs
• Path sanitization (no .., no absolute paths, no shell metacharacters)

Out-of-scope

• pip.conf / conda mirror config (no Python runtime yet — defer)
• Credential/secret injection into config files (use existing permissions.read + env passthrough)
• Runtime validation that the config file actually exists at compile time (emit warning only — it may be generated by a setup: step)
• Changing existing Lean runtime (no feed config needed)

---

Key Design Decisions

A. Extend CompileContext with compile_dir

required_hosts() needs to read workspace files at compile time. Currently CompileContext only carries agent_name, front_matter, ado_context. Add:

// src/compile/extensions.rs  CompileContext
pub compile_dir: std::path::PathBuf,

Update CompileContext::new(), for_test(), and for_test_with_org(). The compile_dir is already computed in standalone.rs as input_path.parent() — pass it through.

B. Unified feed-config: sub-field pattern

Each runtime/tool options struct gains:

#[serde(default, rename = "feed-config")]
pub feed_config: Option<String>,   // repo-relative path, e.g. ".cargo/config.toml"

Sanitization: reject absolute paths (starts_with('/')) and .. components at compile time with a hard error (not a warning), since this value is used in Docker mount paths and ADO task parameters.

C. Per-ecosystem installer step behaviour

Runtime/Tool	Install mechanism	Config injection method	Config file format
runtimes.rust	bash (rustup)	copy to $HOME/.cargo/config.toml before cargo runs	TOML
runtimes.dotnet	ADO task UseDotNet@2	pass nugetConfigPath to DotNetCoreCLI@2 / NuGetCommand@2	XML
tools.azure-devops	Docker container (node:20-slim)	Docker volume mount → /root/.npmrc	key=value
runtimes.node (future)	bash (nvm/n) or ADO NodeTool@0	copy to $HOME/.npmrc	key=value

---

Work Breakdown

Step 1 — CompileContext gets compile_dir (src/compile/extensions.rs)

• Add compile_dir: std::path::PathBuf field to CompileContext
• Update CompileContext::new() to accept and store compile_dir
• Update for_test() / for_test_with_org() with a sensible default (e.g., PathBuf::from("."))
• Update all callers (standalone.rs, onees.rs) — input_dir is already in scope there

Step 2 — URL extraction helpers (src/compile/common.rs or new src/registry_config.rs)

• fn extract_npmrc_hosts(content: &str) -> Vec<String> — parse registry=(redacted) and //host/... scoped-registry lines; extract valid HTTPS hostnames only
• fn extract_cargo_config_hosts(content: &str) -> Vec<String> — parse [source.*] sections for replace-with chains and registry = "..." / registry.url keys; return hostnames
• fn extract_nuget_config_hosts(content: &str) -> Vec<String> — parse <packageSources> / <add key="..." value="(redacted)"> entries; return hostnames
• Unit tests for each parser with realistic config file snippets (including edge cases: comments, scoped registries, multiple sources)

Step 3 — runtimes.rust skeleton (src/runtimes/rust.rs)

• RustRuntimeConfig enum (bool / WithOptions(RustOptions))
• RustOptions { toolchain: Option<String>, feed_config: Option<String> } with SanitizeConfig derive
• Add rust: Option<RustRuntimeConfig> to RuntimesConfig in src/compile/types.rs
• RustExtension implementing CompilerExtension:
  • prepare_steps(): rustup install bash step; if feed_config is set, add a step that copies the file to $(Agent.TempDirectory)/staging/cargo-config.toml then $HOME/.cargo/config.toml (created before AWF isolation)
  • required_hosts(): always add static.rust-lang.org, sh.rustup.rs; if feed_config is set and the file exists in ctx.compile_dir, call extract_cargo_config_hosts() and extend
  • required_bash_commands(): ["cargo", "rustup", "rustc"]
  • validate(): warn if feed_config path doesn't exist at compile time; error if path is unsafe

Step 4 — runtimes.dotnet skeleton (src/runtimes/dotnet.rs)

• DotNetRuntimeConfig enum + DotNetOptions { version: Option<String>, feed_config: Option<String> }
• Add dotnet: Option<DotNetRuntimeConfig> to RuntimesConfig
• DotNetExtension implementing CompilerExtension:
  • prepare_steps(): emit UseDotNet@2 ADO task YAML step (no bash); if feed_config is set, copy it to $(Agent.TempDirectory)/staging/nuget.config (used by the agent for restore steps)
  • ADO task step format:

    - task: UseDotNet@2
      displayName: "Install .NET SDK"
      inputs:
        version: "8.x"

  • The nugetConfigPath is not on the install step — it is on DotNetCoreCLI@2 restore. Since restore runs inside the agent, the compiler injects the path into the agent prompt (prompt_supplement) so the agent knows to use it.
  • required_hosts(): dotnet.microsoft.com, api.nuget.org (+ extracted NuGet config hosts)
  • required_bash_commands(): ["dotnet"]

Step 5 — tools.azure-devops npmrc support (extends previous plan — src/compile/types.rs + extensions.rs)

• Add npmrc: Option<String> to AzureDevOpsOptions (path sanitized at compile time)
• AzureDevOpsExtension::prepare_steps(): copy npmrc to $(Agent.TempDirectory)/staging/azure-devops-npmrc
• AzureDevOpsExtension::required_hosts(): if file present at compile time, call extract_npmrc_hosts(); append to existing ADO hosts
• AzureDevOpsExtension::mcpg_servers(): add mounts: Some(vec!["$(Agent.TempDirectory)/staging/azure-devops-npmrc:/root/.npmrc:ro"]) when npmrc is set
• validate(): hard error if npmrc path is unsafe; warning if file not present at compile time

Step 6 — Path sanitization (src/sanitize.rs)

• Add validate_feed_config_path(path: &str) -> Result<()> function (or a reusable is_safe_relative_path()): rejects absolute paths, .. components, and shell metacharacters ($, `, ;, |, &, >, <, \n)
• Call this from each options struct sanitizer
• Unit tests for adversarial paths: ../../etc/passwd, /etc/shadow, path;rm -rf /

Step 7 — Wire extensions into collect_extensions() (src/compile/extensions.rs)

• Add Rust(RustExtension) and DotNet(DotNetExtension) variants to Extension enum
• Add Rust/DotNet entries in collect_extensions()
• Update extension_enum! delegation

Step 8 — Integration tests (tests/compiler_tests.rs)

• Fixture: runtimes.rust.feed-config: ".cargo/config.toml" → generated YAML contains copy step AND extracted hostname in --allow-domains
• Fixture: runtimes.dotnet.feed-config: "nuget.config" → generated YAML contains copy step, required_hosts() returns NuGet source hostname
• Fixture: tools.azure-devops.npmrc: ".npmrc" → generated YAML contains Docker mount in MCPG config
• Compile-time warning test: feed config path specified but file absent → warning emitted, not panic
• Sanitization error test: feed-config: "../../etc/passwd" → compilation fails with clear error

Step 9 — Documentation

• Update AGENTS.md runtimes: section: add rust: and dotnet: with feed-config: option
• Update AGENTS.md tools.azure-devops: section: add npmrc: option
• Add examples under examples/ (rust-internal-feed.md, dotnet-internal-feed.md)

---

Validation Strategy

• cargo test — all new unit tests pass
• cargo clippy — zero new warnings
• Integration fixture tests confirm --allow-domains contains extracted host
• Integration fixture tests confirm Docker mount / copy step is present in generated YAML
• Path sanitization tests cover all adversarial inputs
• Manual compile of a fixture with a real .cargo/config.toml pointing at a test hostname and verify it appears in allowed domains

---

Risks & Mitigations

Risk	Mitigation
Config file formats vary widely (scoped registries, TOML source chaining, XML namespaces)	Parse conservatively; extract only well-formed HTTPS URLs; emit a compile-time advisory message recommending users cross-check network.allowed
compile_dir not available to required_hosts() (currently a trait method with no context arg)	Change required_hosts signature to required_hosts(&self, ctx: &CompileContext) -> Vec<String> OR do the file reading in validate() and store extracted hosts on the struct at new() time — prefer storing at construction time for cleaner trait design
Docker volume mount using $(Agent.TempDirectory) — ADO macro not resolved until runtime	This is the same pattern used by MCPG and is already proven in the codebase; no change needed
.cargo/config.toml overrides can contain [target.*] linker flags in addition to [source.*] — unrelated content parsed harmlessly	Parser only looks at [source.*] and registry.url keys; other sections are skipped
nugetConfigPath must be workspace-relative in ADO tasks	Store the file under $(Agent.TempDirectory)/staging/nuget.config and use that absolute path in the agent prompt; the agent passes it as a CLI arg to dotnet restore --configfile

---

Dependencies & Assumptions

• CompileContext change is backward-compatible — adding compile_dir doesn't break existing extension impls since required_hosts() default impl returns vec![]
• The feed config files are either committed to the repo OR generated by a setup: step before the Agent job runs
• McpgServerConfig.mounts is already supported (field exists at extensions.rs:44) — no MCPG changes needed
• Rust and .NET runtimes are new (not yet in RuntimesConfig) — no migration needed for existing pipelines

Generated for issue #253 by Issue Plan Maker

Generated by Issue Plan Maker for issue #253 · ● 874.7K · ◷