githubnext
diff --git a/‎AGENTS.md‎
Lines changed: 8 additions & 0 deletions b/‎AGENTS.md‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎docs/execution-context.md‎
Lines changed: 227 additions & 0 deletions b/‎docs/execution-context.md‎
Lines changed: 227 additions & 0 deletions
diff --git a/‎docs/front-matter.md‎
Lines changed: 10 additions & 0 deletions b/‎docs/front-matter.md‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎prompts/create-ado-agentic-workflow.md‎
Lines changed: 2 additions & 0 deletions b/‎prompts/create-ado-agentic-workflow.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/compile/extensions/exec_context/contributor.rs‎
Lines changed: 103 additions & 0 deletions b/‎src/compile/extensions/exec_context/contributor.rs‎
Lines changed: 103 additions & 0 deletions
@@ -63,6 +63,10 @@ Every compiled pipeline runs as three sequential jobs:
 │   │   │   ├── github.rs # Always-on GitHub MCP extension
 │   │   │   ├── safe_outputs.rs # Always-on SafeOutputs MCP extension
 │   │   │   ├── ado_script.rs # Always-on ado-script extension (gate evaluator + runtime-import resolver, per-job downloads)
+│   │   │   ├── exec_context/ # Always-on execution-context extension (issue #860)
+│   │   │   │   ├── mod.rs    # ExecContextExtension; CompilerExtension impl; contributor fan-out
+│   │   │   │   ├── contributor.rs # Internal ContextContributor trait + Contributor enum
+│   │   │   │   └── pr.rs     # PrContextContributor — stages aw-context/pr/* for PR builds
 │   │   │   └── tests.rs  # Extension integration tests
 │   │   ├── codemods/     # Front-matter codemods (one file per transformation)
 │   │   │   ├── mod.rs    # Codemod struct, CODEMODS registry, runner
@@ -235,6 +239,10 @@ index to jump to the right page.
   Python, Node.js, .NET).
 - [`docs/targets.md`](docs/targets.md) — target platforms: `standalone`,
   `1es`, `job`, and `stage`.
+- [`docs/execution-context.md`](docs/execution-context.md) — built-in
+  `aw-context/` precompute (issue #860): PR target-branch fetch,
+  unified diff, file snapshots, base/head SHAs, configured via the
+  `execution-context:` front-matter block.
 - [`docs/safe-outputs.md`](docs/safe-outputs.md) — full reference for every
   safe-output tool agents can use to propose actions (PRs, work items, wiki
   pages, comments, etc.) plus their per-agent configuration.
 
@@ -0,0 +1,227 @@
+# Execution Context
+
+_Part of the [ado-aw documentation](../AGENTS.md)._
+
+The **execution-context plugin** stages per-run context (changed files,
+diffs, base/head SHAs, file snapshots, metadata) on disk in a stable
+layout under `aw-context/` *before* the agent starts. The agent then
+reads these files instead of running its own `git fetch` / `git diff`
+plumbing.
+
+This is an always-on compiler extension. There is no `tools:` entry to
+enable it; per-trigger contributors gate themselves based on the
+agent's `on:` configuration.
+
+> Background and motivation: this feature was tracked in
+> [issue #860](https://github.com/githubnext/ado-aw/issues/860).
+
+## Why this exists
+
+PR-reviewer agents almost always need the same precondition: a fully
+fetched target branch, resolved base / head SHAs, a unified diff, and
+optionally pre / post snapshots of touched files. ADO's default
+`checkout: self` is shallow (`fetchDepth: 1`), doesn't fetch the PR
+target branch, and (deliberately) does not persist credentials into
+`.git/config` for OAuth bearer reuse. Every PR-reviewer agent has
+historically rebuilt the same ~120 lines of bash to work around this.
+
+The execution-context plugin owns that step centrally:
+
+- One canonical implementation that evolves with the framework.
+- Driven by ADO's predefined `System.PullRequest.*` variables — no
+  manual ref discovery.
+- Inside the trust boundary: the bearer token used to fetch is
+  scoped to the precompute step's process env and never reaches the
+  agent container or `.git/config`.
+
+## v1 contributors
+
+| Contributor | Trigger        | Output layout            |
+|-------------|----------------|--------------------------|
+| `pr`        | `on.pr`        | `aw-context/pr/*`        |
+
+Future trigger contributors (pipeline-completion, schedule, manual)
+plug in via the same internal `ContextContributor` trait without
+breaking the agent-facing layout.
+
+## Front-matter surface
+
+```yaml
+execution-context:
+  enabled: true                  # master switch; defaults to true
+  pr:                            # PR contributor configuration
+    enabled: true                # defaults to true when `on.pr` is configured
+    scope:                       # pathspecs scoping diff + snapshots
+      - "src/**"
+      - "docs/**"
+      - ":(top,glob)*.yml"
+    unified: 3                   # `-U` lines of context for diff.patch
+    max-diff-bytes: 524288       # truncate diff.patch beyond this many bytes
+    snapshots: true              # write head-files/ and base-files/
+```
+
+All keys are optional. When the `execution-context:` block is omitted
+entirely, defaults are *"on for the triggers configured in `on:`"*.
+
+### Fields
+
+- **`enabled`** (`bool`, default `true`) — master switch. When `false`,
+  no contributor runs and no `aw-context/` is staged.
+- **`pr.enabled`** (`bool`, default `true` when `on.pr` is set) —
+  whether to activate the PR contributor. Set `false` to opt out on
+  huge monorepos where the targeted fetch + diff cost is unacceptable
+  (the agent then has to roll its own equivalent).
+- **`pr.scope`** (`list[string]`, default `[]` = all paths) — pathspecs
+  passed to `git diff -- <scope>` for both `changed-files-in-scope.txt`
+  and `diff.patch`. Sanitised at compile time.
+- **`pr.unified`** (`u32`, default `3`) — `-U` lines of context for
+  `diff.patch`.
+- **`pr.max-diff-bytes`** (`u64`, default `524288` / 512 KiB) — cap on
+  `diff.patch` size. When exceeded, the file ends with a literal
+  marker line `--- TRUNCATED at <N> bytes; full diff suppressed ---`
+  so the agent knows it is reading a partial diff.
+- **`pr.snapshots`** (`bool`, default `true`) — whether to write per-file
+  pre / post snapshots under `head-files/` and `base-files/`. Disable on
+  large changes if you only need the diff.
+
+## Agent-visible layout
+
+For PR-triggered builds, the precompute step stages files under
+`$(Build.SourcesDirectory)/aw-context/` (i.e. relative to the agent's
+working directory):
+
+```
+aw-context/
+  status.txt                       # OK | (errors propagate to per-contributor files)
+  trigger.txt                      # pr (today; future: pipeline / schedule / manual)
+  metadata.txt                     # build_id, build_reason, repository, source_branch
+  pr/
+    status.txt                     # OK | NO_PR_CONTEXT | DIFF_RESOLUTION_FAILED
+    metadata.txt                   # pr_id, source_branch, target_branch, base_sha, head_sha
+    changed-files.txt              # full `git diff --name-status`
+    changed-files-in-scope.txt     # name-status restricted to `scope`
+    diff.patch                     # unified diff, scoped, capped, may end with TRUNCATED marker
+    head-files/<path>              # post-PR snapshots of A/M/T/R*/C* files in scope
+    base-files/<path>              # pre-PR snapshots of D files in scope
+    error.txt                      # only present when pr/status.txt != OK
+```
+
+**Agents MUST read `aw-context/pr/status.txt` first** and act on its
+value:
+
+- `OK` — `aw-context/pr/*` is fully populated. Prefer reading those
+  files over running `git fetch` / `git diff` yourself.
+- `NO_PR_CONTEXT` — the build is not a PR (e.g. manual queue of a
+  PR-triggered pipeline). Skip PR-specific logic.
+- `DIFF_RESOLUTION_FAILED` — the precompute step ran but could not
+  resolve the base / head SHAs. See `aw-context/pr/error.txt` for the
+  reason. Surface this in your output rather than silently producing
+  an empty review.
+- `CONTEXT_GENERATION_FAILED` — base / head SHAs resolved, but at
+  least one of the `git diff` commands that populates the staged
+  files failed. The `metadata.txt` file is still trustworthy, but
+  `changed-files.txt`, `changed-files-in-scope.txt`, or `diff.patch`
+  may be empty or partial. See `aw-context/pr/error.txt`.
+
+If `aw-context/pr/status.txt` does not exist at all (e.g. when the
+extension is disabled), treat it as `NO_PR_CONTEXT`.
+
+## What the precompute step does
+
+The PR contributor's generated bash step:
+
+1. **Reads `System.PullRequest.*` from the environment.** No manual ref
+   discovery — ADO already populates `SourceBranch`, `TargetBranch`,
+   and `PullRequestId`. If they are missing, writes `NO_PR_CONTEXT`
+   and exits 0.
+2. **Detects merge-commit shape first.** If `HEAD` has two parents
+   (the synthetic merge commit ADO checks out for PR builds), uses
+   `HEAD^1` / `HEAD^2` as base / head and skips the target-branch
+   fetch entirely. Otherwise:
+3. **Fetches the PR target branch with progressive deepening** —
+   `--depth=200`, then `500`, then `2000`, then finally `--unshallow`.
+   **After each successful fetch, attempts `git merge-base
+   origin/<target> HEAD`** and continues to the next depth if it
+   cannot resolve yet. Bounded bandwidth on the common case; covers
+   the long-tail PR-against-old-base case. On exhaustion writes
+   `DIFF_RESOLUTION_FAILED`.
+4. **Writes `metadata.txt`, `changed-files.txt`,
+   `changed-files-in-scope.txt`, `diff.patch`.** The diff is scoped to
+   `pr.scope` (or all paths if empty) and truncated at `pr.max-diff-bytes`
+   with a literal marker. If any of these `git diff` invocations fails,
+   the status becomes `CONTEXT_GENERATION_FAILED` rather than `OK`.
+5. **Snapshots** (when `pr.snapshots: true`) — for each in-scope file:
+   `head-files/<path>` for `A`/`M`/`T`/`R*`/`C*` entries,
+   `base-files/<path>` for `D` entries.
+6. **Writes the final status** to `pr/status.txt` and `status.txt`.
+
+The step is gated by `condition: eq(variables['Build.Reason'],
+'PullRequest')` so it is a no-op on manual or scheduled queues of a
+PR-triggered pipeline.
+
+## Trust boundary
+
+The PR contributor must fetch the PR target branch (which the default
+checkout does not), but doing so requires an OAuth bearer. ado-aw
+preserves the Stage 1 read-only invariant with these design choices:
+
+| Mechanism                                   | Decision |
+|---------------------------------------------|----------|
+| Override `checkout: self` with `persistCredentials: true` | **Rejected.** It would write the build identity's bearer into `.git/config` inside the workspace, which is then mounted into the AWF sandbox where the agent could read and exfiltrate it. |
+| Override `checkout: self` with `fetchDepth: 0` | **Rejected.** Unnecessary — the precompute fetches exactly the two refs it needs. |
+| In-step `SYSTEM_ACCESSTOKEN` + bash bearer wrapper | **Adopted.** `SYSTEM_ACCESSTOKEN` is mapped from `$(System.AccessToken)` only into the precompute step's process env. A `git_fetch` wrapper injects `git -c http.extraheader="Authorization: bearer ${SYSTEM_ACCESSTOKEN}" fetch …`. The token lives only in the bash step's process memory and is never written to disk. |
+
+After the precompute step exits, the bearer is gone from the runtime
+environment the agent inherits, `.git/config` contains no
+`http.extraheader` line, and the agent container is started by AWF
+with its own (read-only) MI from the ARM service connection.
+
+The compile-time test `test_execution_context_pr_does_not_leak_system_accesstoken`
+asserts that generated YAML never contains `persistCredentials: true`,
+never writes to `.git/config`, and that `SYSTEM_ACCESSTOKEN` appears
+only in the execution-context prepare step.
+
+## Migrating from a hand-rolled precompute
+
+If you have an existing PR-reviewer agent with a `steps:` block that
+manually fetches the target branch, resolves merge-base, and emits a
+diff: delete that block, ensure `on.pr` is configured, and read from
+`aw-context/pr/*` in your agent prompt. The prompt supplement is
+appended automatically — you do not need to mention the layout in your
+own markdown body.
+
+## Notes and edge cases
+
+- **`AW_PR_*` env vars are not surfaced.** ado-aw's agent-env-var
+  channel rejects ADO `$(...)` expressions for injection-defence
+  reasons, and bouncing values through pipeline output variables
+  introduces a second source of truth. Agents read everything from
+  `aw-context/pr/metadata.txt`.
+- **No `git` / `cat` / `ls` is added to the agent's bash allow-list.**
+  The agent reads `aw-context/*` using its normal file-reading
+  mechanism (the `edit` tool, native copilot reads, etc.), not via
+  shell. This avoids silently widening the bash capability surface
+  when the user has restricted bash.
+- **Non-`self` checkouts in `repos:`.** v1 only diffs the `self`
+  checkout. The PR contributor does not currently produce contexts
+  for additional repository checkouts.
+- **Workspace alias.** When `workspace:` points to a non-`self` alias,
+  `aw-context/` is still relative to `$(Build.SourcesDirectory)` —
+  i.e. the pipeline's working directory, not the workspace alias's
+  directory.
+- **Ordering.** The precompute step runs after the standard
+  `- checkout: self` and before any user `steps:`, so user `steps:`
+  can also read `aw-context/` if needed.
+
+## Compiler internals
+
+- Always-on `ExecContextExtension` in
+  `src/compile/extensions/exec_context/mod.rs` (`ExtensionPhase::Tool`).
+- Internal `ContextContributor` trait in `contributor.rs`. v1 ships one
+  contributor: `PrContextContributor` in `pr.rs`.
+- Front-matter types: `ExecutionContextConfig` and `PrContextConfig` in
+  `src/compile/types.rs`.
+- Compile tests live in `tests/compiler_tests.rs` (search for
+  `test_execution_context_pr_*`).
+- The generated bash is shellchecked by `tests/bash_lint_tests.rs` via
+  the `execution-context-agent.md` fixture.
@@ -124,6 +124,16 @@ on:                            # trigger configuration (unified under on: key)
       build-reason:
         include: [PullRequest]
       expression: "eq(variables['Custom.Flag'], 'true')"  # raw ADO condition
+execution-context:             # optional execution-context plugin (see docs/execution-context.md)
+  enabled: true                # master switch; defaults to true. Set false to disable globally.
+  pr:                          # PR-context contributor. Activates on PR-triggered builds when on.pr is set.
+    enabled: true              # defaults to true when on.pr is configured. Set false to opt out.
+    scope:                     # pathspecs scoping the diff + snapshots
+      - "src/**"
+      - "docs/**"
+    unified: 3                 # `-U` lines of context for diff.patch; default: 3
+    max-diff-bytes: 524288     # truncate diff.patch beyond this size; default: 524288 (512 KiB)
+    snapshots: true            # whether to write head-files/ and base-files/; default: true
 steps:                         # inline steps before agent runs (same job, generate context)
   - bash: echo "Preparing context for agent"
     displayName: "Prepare context"
 
@@ -429,6 +429,8 @@ on:
 
 When `on.pr` is set: the native ADO `pr:` trigger block is generated from `branches:` and `paths:`. Runtime `filters:` compile to a gate step in the Setup job that self-cancels the build when they do not match.
 
+**PR-reviewer agents — DO NOT write your own precompute step.** When `on.pr` is set, the compiler automatically stages PR context (changed files, unified diff, base/head SHAs, optional file snapshots) under `aw-context/pr/*` before the agent runs. Tell the agent to read `aw-context/pr/status.txt` first, then consume `aw-context/pr/diff.patch` and `aw-context/pr/changed-files-in-scope.txt` as needed. Customise via the top-level `execution-context:` block (scope, unified context size, max diff bytes, snapshots). Full reference: [`docs/execution-context.md`](../docs/execution-context.md).
+
 #### Pipeline Triggers (`on.pipeline`)
 
 Trigger from another pipeline completing:
 
@@ -0,0 +1,103 @@
+//! Internal `ContextContributor` trait + `Contributor` enum.
+//!
+//! The execution-context extension is itself a `CompilerExtension`
+//! (always-on, registered in `collect_extensions()`). Internally it
+//! delegates to a small set of per-trigger **context contributors**,
+//! each responsible for materialising one slice of `aw-context/`.
+//!
+//! v1 ships one contributor: `PrContextContributor`. Future
+//! contributors (pipeline-completion, schedule, manual) slot in via
+//! the same trait + enum without touching callers.
+//!
+//! ## Why a private trait instead of reusing `CompilerExtension`
+//!
+//! `CompilerExtension` is the public boundary between the compiler
+//! and runtimes/tools. Context contributors are private implementation
+//! detail of one extension; they share the same `CompileContext` input
+//! but emit a narrower output (a single prepare step + a single prompt
+//! supplement + a few env vars). Keeping them behind a small private
+//! trait avoids accidentally exposing them as user-facing extensions
+//! and lets us evolve the contract freely.
+
+use crate::compile::extensions::CompileContext;
+
+/// A unit of per-trigger execution-context generation.
+///
+/// Each contributor decides — based on `CompileContext` (front matter,
+/// triggers, target) — whether it activates. Activated contributors
+/// each emit exactly one prepare bash step (wrapped in an ADO
+/// `condition:` so non-matching trigger types skip with zero cost),
+/// plus a prompt-supplement fragment and env var declarations.
+pub(super) trait ContextContributor {
+    /// Display name for diagnostics (e.g. `"pr"`).
+    #[allow(dead_code)]
+    fn name(&self) -> &str;
+
+    /// Whether this contributor activates for the given compile context.
+    fn should_activate(&self, ctx: &CompileContext) -> bool;
+
+    /// Generate the prepare-step YAML (a single `- bash:` block or
+    /// equivalent). Must include its own ADO `condition:` so the step
+    /// no-ops on non-matching trigger types. Empty string = no step.
+    fn prepare_step(&self, ctx: &CompileContext) -> String;
+
+    /// Markdown fragment to append to the agent prompt (under the
+    /// "Execution context" supplement section). Empty = no fragment.
+    fn prompt_fragment(&self) -> String;
+
+    /// Agent env vars this contributor exposes. Currently unused
+    /// (the ado-aw env-var channel rejects ADO `$(...)` expressions,
+    /// so all per-trigger metadata flows through files), but kept on
+    /// the trait so a future contributor can opt in if it only needs
+    /// literal values.
+    #[allow(dead_code)]
+    fn agent_env_vars(&self) -> Vec<(String, String)>;
+
+    /// Bash commands the agent must have on its allow-list to read
+    /// the staged context (e.g. `cat`, `ls`). The agent itself does
+    /// NOT need `git`, `mkdir`, etc. — those run in the precompute
+    /// step which is outside the agent sandbox.
+    fn required_bash_commands(&self) -> Vec<String>;
+}
+
+/// Static-dispatch enum over all known contributors.
+///
+/// Mirrors the `Extension` enum pattern in `extensions/mod.rs`. v1
+/// ships `Pr`; adding a future variant requires only a new arm here
+/// and a registration in `ExecContextExtension::contributors()`.
+pub(super) enum Contributor {
+    Pr(super::pr::PrContextContributor),
+}
+
+impl ContextContributor for Contributor {
+    fn name(&self) -> &str {
+        match self {
+            Contributor::Pr(c) => c.name(),
+        }
+    }
+    fn should_activate(&self, ctx: &CompileContext) -> bool {
+        match self {
+            Contributor::Pr(c) => c.should_activate(ctx),
+        }
+    }
+    fn prepare_step(&self, ctx: &CompileContext) -> String {
+        match self {
+            Contributor::Pr(c) => c.prepare_step(ctx),
+        }
+    }
+    fn prompt_fragment(&self) -> String {
+        match self {
+            Contributor::Pr(c) => c.prompt_fragment(),
+        }
+    }
+    fn agent_env_vars(&self) -> Vec<(String, String)> {
+        match self {
+            Contributor::Pr(c) => c.agent_env_vars(),
+        }
+    }
+    fn required_bash_commands(&self) -> Vec<String> {
+        match self {
+            Contributor::Pr(c) => c.required_bash_commands(),
+        }
+    }
+}