feat: unify standalone and 1ES compilers (#226)

* refactor: extract shared compile flow and move helpers to common.rs

Move helper functions, MCPG generation, and MCP validation from
standalone.rs to common.rs. Extract compile_shared() function with
CompileConfig struct so both standalone and 1ES compilers can share
the common compilation flow.

Standalone compiler is now a thin wrapper that provides target-specific
values (AWF domains, MCPG config, firewall version) via extra_replacements.

This is a pure refactor - standalone output is byte-identical to before
(verified via golden snapshot comparison).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* feat: rewrite 1ES compiler to use Copilot CLI + AWF + MCPG

Replace the legacy Agency job type (agencyJob) with direct Copilot CLI
invocation, AWF network isolation, and MCP Gateway — matching the
standalone pipeline execution model.

Changes:
- templates/1es-base.yml: Complete rewrite. All three jobs
  (PerformAgenticTask, AnalyzeSafeOutputs, ProcessSafeOutputs) now use
  templateContext.type: buildJob with the same step sequence as
  standalone. Dropped Agency concepts: commandOptions, globalOptions,
  logLevel, mcpConfiguration, agentContextRoot, AgencyArtifact.
- src/compile/onees.rs: Rewritten as thin wrapper using compile_shared().
  Removed generate_agent_context_root, generate_mcp_configuration,
  generate_inline_steps. Only 1ES-specific setup/teardown helpers remain.
- src/compile/common.rs: Moved generate_allowed_domains from standalone.
  Removed dead is_custom_mcp function.
- src/compile/standalone.rs: Removed now-unnecessary imports.

Both compilers now share the same execution model and compile flow.
Standalone output is verified byte-identical to pre-refactor baseline.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* docs: update documentation for unified compiler architecture

Remove Agency/agencyJob references from AGENTS.md and module docs.
Update 1ES target description to reflect shared execution model
(Copilot CLI + AWF + MCPG). Remove obsolete 1ES-specific marker
documentation (agent_context_root, mcp_configuration, global_options,
log_level).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* test: add YAML validation tests for compiled pipeline output

Add integration tests that compile fixtures and verify the output is
valid, parseable YAML. Tests cover:
- 1ES: valid YAML with correct 'extends' and 'resources' structure
- Standalone minimal: valid YAML with 'jobs' key
- Standalone pipeline-trigger: valid YAML
- Standalone complete: compile-only (has pre-existing indentation
  issue in multi-repository output)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: correct indentation in generate_repositories, checkout_steps, and teardown_job

- generate_repositories: remove hardcoded 6-space indent on sub-fields;
  output flat YAML and let replace_with_indent handle template-level
  indentation
- generate_checkout_steps: same fix, remove hardcoded 14-space join
- generate_teardown_job (common.rs): match setup_job pattern — output
  flat YAML starting at column 0 instead of baking in 2-space indent;
  move template placeholder from column 0 to column 2 to match setup_job
- generate_setup_job/teardown_job (onees.rs): fix step indentation from
  4 to 6 to match the steps: nesting depth in templateContext
- Upgrade complete-agent test from compile-only to full YAML validation

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: eliminate double CompileContext creation and fragile replacement ordering

- compile_shared() now accepts &CompileContext instead of building its
  own, eliminating duplicate git remote I/O on every compilation
- extra_replacements are applied before shared replacements, so targets
  can cleanly override shared markers (e.g., 1ES setup/teardown jobs)
  via the intended CompileConfig mechanism
- 1ES compiler no longer pre-replaces markers in the template string
  before calling compile_shared; uses extra_replacements instead

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* test: strengthen 1ES YAML validation with content assertions

Add assertions verifying that key pipeline content is present in the
compiled 1ES output: Copilot CLI install, AWF, MCPG, SafeOutputs,
copilot invocation, threat analysis, safe output execution, and all
three job names. Also verify no Agency remnants (agencyJob,
AgencyArtifact, commandOptions).

These catch placeholder substitution regressions that the structural
YAML validity and no-unreplaced-markers tests would miss.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: stale doc comment and unescaped service connection name in YAML

- Remove orphaned schedule doc comment accidentally prepended to
  generate_parameters() during earlier refactoring
- Escape single quotes in service connection names when emitting
  azureSubscription YAML values to prevent malformed pipeline output

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: jamesadevine

AGENTS.md

@@ -523,20 +523,17 @@ This is the recommended target for maximum flexibility and security controls.
 #### `1es`
 
 Generates a pipeline that extends the 1ES Unofficial Pipeline Template:
-- Uses `templateContext.type: agencyJob` for the main agent job
+- Uses `templateContext.type: buildJob` with Copilot CLI + AWF + MCPG (same execution model as standalone)
 - Integrates with 1ES SDL scanning and compliance tools
-- Custom jobs for threat analysis and safe output processing
-- **Limitations:**
-  - MCP servers use service connections (no custom `command:` support)
-  - Network isolation is handled by OneBranch (no custom proxy allow-lists)
-  - Requires 1ES Pipeline Templates repository access
+- Full 3-job pipeline: PerformAgenticTask → AnalyzeSafeOutputs → ProcessSafeOutputs
+- Requires 1ES Pipeline Templates repository access
 
 Example:
 ```yaml
 target: 1es
 ```
 
-When using `target: 1es`, the pipeline will extend `1es/1ES.Unofficial.PipelineTemplate.yml@1ESPipelinesTemplates` and MCPs will require corresponding service connections (naming convention: `mcp-<name>-service-connection`).
+When using `target: 1es`, the pipeline will extend `1es/1ES.Unofficial.PipelineTemplate.yml@1ESPipelinesTemplates`.
 
 ### Output Format (Azure DevOps YAML)
 
@@ -919,34 +916,9 @@ https://pkgs.dev.azure.com/msazuresphere/_packaging/Guardian1ESPTUpstreamOrgFeed
 
 ### 1ES-Specific Template Markers
 
-The following markers are specific to the 1ES target (`target: 1es`) and are not used in standalone pipelines:
+The 1ES target uses the same template markers as standalone, plus the 1ES-specific `extends:` / `stages:` / `templateContext` wrapping. The 1ES template includes `templateContext.type: buildJob` for all jobs, and the pool is specified at the top-level `parameters.pool` rather than per-job.
 
-## {{ agent_context_root }}
-
-Should be replaced with the agent context root for 1ES Agency jobs. This determines the working directory context for the agent:
-- `repo`: `$(Build.Repository.Name)` - the repository subfolder
-- `root`: `.` - the checkout root
-
-## {{ mcp_configuration }}
-
-Should be replaced with the MCP server configuration for 1ES templates. For each `mcp-servers:` entry without a `command:` field, generates a service connection reference using the entry name:
-
-```yaml
-my-mcp:
-  serviceConnection: mcp-my-mcp-service-connection
-other-mcp:
-  serviceConnection: mcp-other-mcp-service-connection
-```
-
-Custom MCP servers (with `command:` field) are not supported in 1ES target. Only entries without a `command:` (which have a corresponding service connection) are supported.
-
-## {{ global_options }}
-
-Reserved for future use. Currently replaced with an empty string.
-
-## {{ log_level }}
-
-Reserved for future use. Currently replaced with an empty string.
+Both targets share the same execution model (Copilot CLI + AWF + MCPG) and the same set of template markers.
 
 ### CLI Commands
 
@@ -1675,7 +1647,7 @@ The following domains are always allowed (defined in `allowed_hosts.rs`):
 | `*.in.applicationinsights.azure.com` | Application Insights ingestion |
 | `dc.services.visualstudio.com` | Visual Studio telemetry |
 | `rt.services.visualstudio.com` | Visual Studio runtime telemetry |
-| `config.edge.skype.com` | Agency configuration |
+| `config.edge.skype.com` | Configuration |
 | `host.docker.internal` | MCP Gateway (MCPG) on host |
 
 ### Adding Additional Hosts