feat(compile): native ADO pipeline IR

.gitattributes

@@ -1,5 +1,15 @@
 .github/workflows/*.lock.yml linguist-generated=true merge=ours
+
+# Install scripts must always be LF (executed on Linux/macOS via curl|sh).
+scripts/install/*.sh text eol=lf
+scripts/install/*.ps1 text eol=lf
 # BEGIN ado-aw managed (do not edit)
+tests/fixtures/job-agent.lock.yml linguist-generated=true merge=ours text eol=lf
+tests/fixtures/runtime_imports_author_marker_job.lock.yml linguist-generated=true merge=ours text eol=lf
+tests/fixtures/runtime_imports_author_marker_stage.lock.yml linguist-generated=true merge=ours text eol=lf
+tests/fixtures/runtime_imports_job.lock.yml linguist-generated=true merge=ours text eol=lf
+tests/fixtures/runtime_imports_stage.lock.yml linguist-generated=true merge=ours text eol=lf
+tests/fixtures/stage-agent.lock.yml linguist-generated=true merge=ours text eol=lf
 tests/safe-outputs/add-build-tag.lock.yml linguist-generated=true merge=ours text eol=lf
 tests/safe-outputs/add-pr-comment.lock.yml linguist-generated=true merge=ours text eol=lf
 tests/safe-outputs/azure-cli.lock.yml linguist-generated=true merge=ours text eol=lf
@@ -28,7 +38,3 @@ tests/safe-outputs/upload-build-attachment.lock.yml linguist-generated=true merg
 tests/safe-outputs/upload-pipeline-artifact.lock.yml linguist-generated=true merge=ours text eol=lf
 tests/safe-outputs/upload-workitem-attachment.lock.yml linguist-generated=true merge=ours text eol=lf
 # END ado-aw managed
-
-# Install scripts must always be LF (executed on Linux/macOS via curl|sh).
-scripts/install/*.sh text eol=lf
-scripts/install/*.ps1 text eol=lf

AGENTS.md

@@ -162,10 +162,6 @@ Every compiled pipeline runs as three sequential jobs:
 │   │       ├── mod.rs    # Config types, install/auth helpers
 │   │       └── extension.rs # CompilerExtension impl
 │   ├── data/
-│   │   ├── base.yml          # Base pipeline template for standalone
-│   │   ├── 1es-base.yml      # Base pipeline template for 1ES target
-│   │   ├── job-base.yml      # Job-level ADO template for target: job
-│   │   ├── stage-base.yml    # Stage-level ADO template for target: stage
 │   │   ├── ecosystem_domains.json # Network allowlists per ecosystem
 │   │   ├── init-agent.md     # Dispatcher agent template for `init` command
 │   │   └── threat-analysis.md # Threat detection analysis prompt template
@@ -256,8 +252,7 @@ index to jump to the right page.
 
 ### Compiler internals & operations
 
-- [`docs/template-markers.md`](docs/template-markers.md) — every `{{ marker }}`
-  in `src/data/base.yml`, `src/data/1es-base.yml`, `src/data/job-base.yml`, and `src/data/stage-base.yml` and how it is replaced.
+- [`docs/ir.md`](docs/ir.md) — typed Azure DevOps pipeline IR (`Pipeline`, jobs/stages/steps, output refs, graph pass, lowering, and target builders).
 - [`docs/cli.md`](docs/cli.md) — `ado-aw` CLI commands (`init`, `compile`,
   `check`, `mcp`, `mcp-http`, `execute`, `secrets`, `enable`, `disable`,
   `remove`, `list`, `status`, `run`, `audit`; `configure` is a deprecated hidden alias).
@@ -272,7 +267,7 @@ index to jump to the right page.
   allowed domains, ecosystem identifiers, blocking, and ADO `permissions:`
   service-connection model.
 - [`docs/extending.md`](docs/extending.md) — adding new CLI commands, compile
-  targets, front-matter fields, template markers, safe-output tools,
+  targets, front-matter fields, typed IR extensions, safe-output tools,
   first-class tools, and runtimes; the `CompilerExtension` trait.
 - [`docs/filter-ir.md`](docs/filter-ir.md) — filter expression IR
   specification: `Fact`/`Predicate` types, three-pass compilation (lower →

Cargo.toml

@@ -35,6 +35,7 @@ base64 = "0.22.1"
 glob-match = "0.2.1"
 similar = "3.1.0"
 sha2 = "0.11.0"
+indexmap = "2"
 zip = { version = "8.6.0", default-features = false, features = ["deflate"] }
 
 [dev-dependencies]

docs/ado-aw-debug.md

@@ -191,5 +191,5 @@ on the compiler and re-compiling frequently.
 - [`docs/safe-outputs.md`](safe-outputs.md) — regular safe-outputs
   surface (`create-issue` is **not** in it).
 - [`docs/cli.md`](cli.md) — `--skip-integrity` CLI flag.
-- [`docs/template-markers.md`](template-markers.md) — `{{ executor_ado_env }}`
-  and `{{ integrity_check }}` markers and their conditional behaviour.
+- [`docs/ir.md`](ir.md) — typed pipeline IR and how debug-only choices such as
+  integrity-check omission are represented in generated steps.

docs/ado-script.md

@@ -314,8 +314,8 @@ bundle**:
 
 ### Setup job (gate evaluator)
 
-When `filters:` lowers to non-empty checks, `setup_steps()` returns
-three step strings into the Setup job:
+When `filters:` lowers to non-empty checks, `AdoScriptExtension::declarations()`
+returns three typed `Declarations::setup_steps` entries for the Setup job:
 
 1. **`NodeTool@0`** — installs Node 20.x LTS, capped at
    `timeoutInMinutes: 5`.
@@ -332,8 +332,8 @@ three step strings into the Setup job:
 
 When `inlined-imports: false` (the default) OR the execution-context
 PR contributor activates (`on.pr` configured and not disabled),
-`prepare_steps()` returns the install + download pair into the Agent
-job's existing `{{ prepare_steps }}` block:
+`AdoScriptExtension::declarations()` returns the install + download pair in
+`Declarations::agent_prepare_steps` for the Agent job:
 
 1. **`NodeTool@0`** — same shape as above.
 2. **`curl` download + verify + extract** — same artefact, same
@@ -345,8 +345,8 @@ job's existing `{{ prepare_steps }}` block:
    **Only emitted when `inlined-imports: false`.**
 
 The PR-context precompute step (`node exec-context-pr.js`) is owned
-by `ExecContextExtension` (not `AdoScriptExtension`) and emitted in
-its own `Tool`-phase `prepare_steps()`. Phase ordering
+by `ExecContextExtension` (not `AdoScriptExtension`) and emitted through
+its own Tool-phase `Declarations::agent_prepare_steps`. Phase ordering
 (`AdoScriptExtension::phase() == System` < `ExecContextExtension::phase() == Tool`)
 guarantees the bundle is installed and on disk before the
 exec-context invocation runs.

docs/cli.md

@@ -151,13 +151,8 @@ These commands are not shown in `--help` but are available for contributors work
   - `--output, -o <path>` - Write the schema to a file instead of stdout. Parent directories are created automatically.
   - See [`docs/ado-script.md`](ado-script.md) for how this command fits into the ado-script build workflow (`cargo run -- export-gate-schema --output schema/gate-spec.schema.json`).
 
-## Template Markers Reference
+## Pipeline IR Reference
 
-The compiler uses Mustache-style markers in template files to inject configuration:
-- `base.yml` (standalone), `1es-base.yml` (1ES), `job-base.yml` (job template), `stage-base.yml` (stage template)
+The compiler builds typed Azure DevOps pipeline IR and lowers it through one YAML emitter. Target-specific builders (`standalone_ir.rs`, `onees_ir.rs`, `job_ir.rs`, and `stage_ir.rs`) own job/stage names, template parameters, triggers, resources, and 1ES wrapping.
 
-**Job/Stage Template Markers:**
-- `{{ stage_prefix }}` — Prefixes job names with sanitized agent name for uniqueness (e.g., `DailyReview_Agent`)
-- `{{ template_parameters }}` — Generates ADO template `parameters:` block (not pipeline parameters)
-
-See [`docs/template-markers.md`](template-markers.md) for the complete marker reference.
+See [`docs/ir.md`](ir.md) for the complete IR reference.

docs/codemods.md

@@ -71,9 +71,9 @@ codemods") rather than clobbering whoever wrote the file.
 
 `ado-aw check` exits non-zero when codemods would fire — there is no
 opt-in flag and no warning-only mode. Rationale: compiled pipelines
-download the **same** `ado-aw` version that produced them
-(`src/data/base.yml`, `src/data/1es-base.yml`), so the in-pipeline
-integrity check is internally consistent by construction. The only
+download the **same** `ado-aw` version that produced them (recorded in
+compiled YAML metadata), so the in-pipeline integrity check is internally
+consistent by construction. The only
 time `check` sees pending codemods is when a developer runs a newer
 `ado-aw` locally against an older source — exactly when we want to
 fail loudly. The fix is `ado-aw compile`, which applies the codemods

docs/execution-context.md

@@ -123,9 +123,9 @@ commands.
 ## Agent prompt fragment
 
 The precompute step appends one of two fragments directly to
-`/tmp/awf-tools/agent-prompt.md` (the file built by the
-"Prepare agent prompt" step in `base.yml`). This mirrors how gh-aw
-injects its own built-in prompt sections.
+`/tmp/awf-tools/agent-prompt.md` (the file built by the Agent job's
+"Prepare agent prompt" step). This mirrors how gh-aw injects its own
+built-in prompt sections.
 
 ### Success fragment
 
@@ -287,8 +287,8 @@ your own markdown body.
   alias, `aw-context/` is still relative to `$(Build.SourcesDirectory)`
   — i.e. the pipeline's working directory, not the workspace alias's
   directory.
-- **Ordering.** The precompute step runs after `{{ checkout_self }}`
-  in the Agent job's prepare phase, after the "Prepare agent prompt"
+- **Ordering.** The precompute step runs after the typed `checkout: self`
+  step in the Agent job's prepare phase, after the "Prepare agent prompt"
   step (so it can append) and before the agent runs (so the agent
   sees the appended prompt).