feat: network ecosystem identifiers aligned with gh-aw

[jamesadevine]

Summary

Add support for ecosystem identifiers in network.allow and network.blocked, aligning with gh-aw's ecosystem model. Instead of listing individual domains like pypi.org, files.pythonhosted.org, etc., users write python.

Background

gh-aw supports named domain bundles called ecosystem identifiers:

• Identifiers are bare words without dots (e.g., python, node, rust)
• Custom domains contain dots (e.g., api.example.com, *.mycompany.com)
• Both coexist in the same allowed list
• defaults is the baseline ecosystem (certificates, Ubuntu mirrors, infrastructure)
• Domain lists are maintained in ecosystem_domains.json
• blocked can reference both ecosystems and domains

Current ado-aw model

• CORE_ALLOWED_HOSTS (ADO + GitHub + Azure + auth) are always included — differs from gh-aw
• network.allow accepts only individual domains (no ecosystem identifiers)
• network.blocked removes exact-string matches
• MCP-specific hosts are auto-added via mcp_required_hosts()

Proposed Design

Front matter syntax

network:
  allow:
    - defaults              # Infrastructure ecosystem
    - python                # Python/PyPI ecosystem
    - lean                  # Lean 4 ecosystem
    - "api.example.com"     # Custom domain (has dots)
  blocked:
    - rust                  # Block entire ecosystem
    - "evil.example.com"    # Block specific domain

Identifier detection

An entry is an ecosystem identifier if it does NOT contain ., *, or : (protocol prefix). Same heuristic as gh-aw.

Key design decision: ado-aw core hosts

ado-aw must always include ADO/GitHub/Azure core hosts for pipeline operations — these cannot be opt-in like gh-aw's defaults. The model is:

ado-aw core hosts (always on, non-negotiable)
  + ecosystem identifiers from network.allow (opt-in)
  + individual domains from network.allow (opt-in)
  + MCP-specific hosts (auto-added per enabled MCPs)
  + tool-specific ecosystems (auto-added per enabled first-class tools)
  - blocked entries from network.blocked

Implementation

1. src/allowed_hosts.rs: Add ecosystem_hosts(name: &str) -> Option<&'static [&'static str]> function
2. src/compile/standalone.rs: Update generate_allowed_domains() to detect and expand ecosystem identifiers
3. src/compile/types.rs: No structural change needed — Vec<String> fields handle both
4. Compile-time warnings: Unknown identifiers warn; individual domains belonging to known ecosystems suggest the identifier

Initial ecosystem set (aligned with gh-aw)

Identifier	Key Domains
defaults	crl/ocsp certs, Ubuntu mirrors, packagecloud
github	github.com, *.githubusercontent.com, docs.github.com
python	pypi.org, *.pythonhosted.org, conda
node	registry.npmjs.org, yarnpkg.com, nodejs.org
rust	crates.io, static.crates.io, rustup.rs
go	proxy.golang.org, sum.golang.org, pkg.go.dev
java	repo.maven.apache.org, services.gradle.org
dotnet	nuget.org, api.nuget.org
containers	ghcr.io, *.docker.io, quay.io
linux-distros	deb.debian.org, dl-cdn.alpinelinux.org
lean	elan.lean-lang.org, leanprover.github.io, lean-lang.org
terraform	releases.hashicorp.com, registry.terraform.io
local	127.0.0.1, ::1, localhost

Full domain lists should match gh-aw ecosystem_domains.json where available.

References

• gh-aw Supported Languages
• gh-aw Network Permissions
• gh-aw Network Configuration Guide
• ecosystem_domains.json

[jamesadevine]

Done!