diff --git a/AGENTS.md b/AGENTS.md index 02de6d1..e8a1fde 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -108,7 +108,10 @@ Every compiled pipeline runs as three sequential jobs: │ │ ├── python/ # Python runtime │ │ │ ├── mod.rs # Config types, install/auth helpers │ │ │ └── extension.rs # CompilerExtension impl -│ │ └── node/ # Node.js runtime +│ │ ├── node/ # Node.js runtime +│ │ │ ├── mod.rs # Config types, install/auth helpers +│ │ │ └── extension.rs # CompilerExtension impl +│ │ └── dotnet/ # .NET runtime │ │ ├── mod.rs # Config types, install/auth helpers │ │ └── extension.rs # CompilerExtension impl │ ├── data/ @@ -166,7 +169,7 @@ index to jump to the right page. - [`docs/tools.md`](docs/tools.md) — `tools:` configuration (bash allow-list, `edit`, `cache-memory`, `azure-devops` MCP). - [`docs/runtimes.md`](docs/runtimes.md) — `runtimes:` configuration (Lean 4, - Python, Node.js). + Python, Node.js, .NET). - [`docs/targets.md`](docs/targets.md) — target platforms: `standalone` and `1es`. - [`docs/safe-outputs.md`](docs/safe-outputs.md) — full reference for every diff --git a/README.md b/README.md index df289c3..97e6223 100644 --- a/README.md +++ b/README.md @@ -241,7 +241,7 @@ the service connections. Approve the permissions and the pipeline is ready. | `checkout` | list | — | Which repositories to check out | | `mcp-servers` | map | — | MCP server configuration | | `tools` | object | — | Tool configuration (`bash`, `edit`, `cache-memory`, `azure-devops`) | -| `runtimes` | object | — | Runtime environment configuration (`lean`) | +| `runtimes` | object | — | Runtime environment configuration (`lean`, `python`, `node`, `dotnet`) | | `parameters` | list | — | ADO runtime parameters surfaced in the pipeline queue UI | | `permissions` | object | — | ARM service connections (`read`, `write`) | | `safe-outputs` | object | — | Per-tool configuration | diff --git a/prompts/create-ado-agentic-workflow.md b/prompts/create-ado-agentic-workflow.md index 9480494..f6166a5 100644 --- a/prompts/create-ado-agentic-workflow.md +++ b/prompts/create-ado-agentic-workflow.md @@ -382,7 +382,54 @@ teardown: # Separate job AFTER Execution displayName: "Teardown" ``` -### Step 13 — Network (standalone target only) +### Step 13 — Runtimes (optional) + +Configure language runtimes that are installed before the agent runs. Runtimes auto-extend the bash command allow-list and add ecosystem-specific domains to the network allowlist. + +```yaml +# Lean 4 theorem prover +runtimes: + lean: true + # lean: + # toolchain: "leanprover/lean4:v4.29.1" # pin a specific version + +# Python +runtimes: + python: true + # python: + # version: "3.12" + # feed-url: "https://pkgs.dev.azure.com/myorg/_packaging/myfeed/pypi/simple/" + +# Node.js +runtimes: + node: true + # node: + # version: "22.x" + # feed-url: "https://pkgs.dev.azure.com/ORG/PROJECT/_packaging/FEED/npm/registry/" + +# .NET +runtimes: + dotnet: true + # dotnet: + # version: "8.0.x" # or "global.json" to use the repo's global.json + # feed-url: "https://pkgs.dev.azure.com/myorg/_packaging/myfeed/nuget/v3/index.json" + # config: "nuget.config" # mutually exclusive with feed-url +``` + +Multiple runtimes can be combined: +```yaml +runtimes: + python: + version: "3.12" + node: + version: "22.x" + dotnet: + version: "8.0.x" +``` + +> Each enabled runtime auto-adds its ecosystem's bash commands (e.g., `dotnet`, `python`, `node`, `npm`, `lean`, `lake`) and network domains to the allowlist. See `docs/runtimes.md` for full configuration reference. + +### Step 14 — Network (standalone target only) Additional allowed domains beyond the built-in allowlist: ```yaml