refactor: move templates into src/data/ directory

Move pipeline templates from top-level templates/ into src/data/
alongside ecosystem_domains.json, keeping injected content separate
from source code. Update all include paths, documentation, workflow
path filters, and test references.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: jamesadevine

.github/workflows/doc-freshness-check.md

@@ -75,8 +75,8 @@ Compare the `FrontMatter` struct in `src/compile/types.rs` against the documente
 Scan template files for markers:
 
 ```bash
-grep -oP '\{\{[^}]+\}\}' templates/base.yml
-grep -oP '\{\{[^}]+\}\}' templates/1es-base.yml
+grep -oP '\{\{[^}]+\}\}' src/data/base.yml
+grep -oP '\{\{[^}]+\}\}' src/data/1es-base.yml
 ```
 
 Compare against documented markers in `AGENTS.md`. Check for:

.github/workflows/red-team-security.md

@@ -101,7 +101,7 @@ grep -rn 'allow\|block\|domain\|host' src/compile/common.rs | head -30
 
 ### Category D: Credential & Secret Exposure
 
-Audit `src/compile/standalone.rs`, `src/compile/common.rs`, and `templates/base.yml` for:
+Audit `src/compile/standalone.rs`, `src/compile/common.rs`, and `src/data/base.yml` for:
 
 - **Token leakage**: Are ADO tokens (`SC_READ_TOKEN`, `SC_WRITE_TOKEN`, `SYSTEM_ACCESSTOKEN`) ever logged, printed, or embedded in non-secret pipeline variables?
 - **MCP env passthrough**: Can the `env:` field in MCP configs leak host environment variables that shouldn't be accessible inside the AWF sandbox?
@@ -111,8 +111,8 @@ Audit `src/compile/standalone.rs`, `src/compile/common.rs`, and `templates/base.
 Focus files:
 ```bash
 grep -rn 'SECRET\|TOKEN\|API_KEY\|secret\|password' src/compile/
-grep -rn 'SC_READ_TOKEN\|SC_WRITE_TOKEN' src/compile/ templates/
-cat templates/base.yml | grep -A2 -B2 'TOKEN\|SECRET\|env:'
+grep -rn 'SC_READ_TOKEN\|SC_WRITE_TOKEN' src/compile/ src/data/
+cat src/data/base.yml | grep -A2 -B2 'TOKEN\|SECRET\|env:'
 ```
 
 ### Category E: Logic & Authorization Flaws
@@ -135,7 +135,7 @@ grep -rn 'allowed_repos\|repository' src/tools/create_pr.rs
 
 ### Category F: Supply Chain & Dependency Integrity
 
-Audit `src/compile/common.rs`, `Cargo.toml`, and `templates/base.yml` for:
+Audit `src/compile/common.rs`, `Cargo.toml`, and `src/data/base.yml` for:
 
 - **Binary integrity**: Are the `ado-aw`, AWF, and MCPG binaries downloaded with proper checksum verification? Can the checksums file itself be tampered with?
 - **Docker image pinning**: Is the MCPG Docker image pinned by digest, or only by tag? Tag-only pinning allows image replacement attacks.

.github/workflows/rust-pr-reviewer.lock.yml

@@ -7,7 +7,6 @@ on:
     paths:
       - "src/**"
       - "tests/**"
-      - "templates/**"
       - "Cargo.toml"
       - "Cargo.lock"
 description: Reviews Rust code changes for quality, error handling, security, and project conventions

.github/workflows/rust-pr-reviewer.md

@@ -5,7 +5,6 @@ on:
     paths:
       - "src/**"
       - "tests/**"
-      - "templates/**"
       - "Cargo.toml"
       - "Cargo.lock"
 

.github/workflows/rust-tests.yml

@@ -68,14 +68,15 @@ Alongside the correctly generated pipeline yaml, an agent file is generated from
 │   ├── runtimes/         # Runtime environment implementations
 │   │   ├── mod.rs        # Module entry point
 │   │   └── lean.rs       # Lean 4 theorem prover runtime
+│   ├── data/
+│   │   ├── base.yml          # Base pipeline template for standalone
+│   │   ├── 1es-base.yml      # Base pipeline template for 1ES target
+│   │   ├── ecosystem_domains.json # Network allowlists per ecosystem
+│   │   ├── init-agent.md     # Dispatcher agent template for `init` command
+│   │   └── threat-analysis.md # Threat detection analysis prompt template
 │   └── tools/            # First-class tool implementations (compiler auto-configures)
 │       ├── mod.rs
 │       └── cache_memory.rs
-├── templates/
-│   ├── base.yml          # Base pipeline template for standalone
-│   ├── 1es-base.yml      # Base pipeline template for 1ES target
-│   ├── init-agent.md     # Dispatcher agent template for `init` command
-│   └── threat-analysis.md # Threat detection analysis prompt template
 ├── examples/             # Example agent definitions
 ├── tests/                # Integration tests and fixtures
 ├── Cargo.toml            # Rust dependencies
@@ -540,8 +541,8 @@ When using `target: 1es`, the pipeline will extend `1es/1ES.Unofficial.PipelineT
 
 The compiler transforms the input into valid Azure DevOps pipeline YAML based on the target platform:
 
-- **Standalone**: Uses `templates/base.yml`
-- **1ES**: Uses `templates/1es-base.yml`
+- **Standalone**: Uses `src/data/base.yml`
+- **1ES**: Uses `src/data/1es-base.yml`
 
 Explicit markings are embedded in these templates that the compiler is allowed to replace e.g. `{{ copilot_params }}` denotes parameters which are passed to the copilot command line tool. The compiler should not replace sections denoted by `${{ some content }}`. What follows is a mapping of markings to responsibilities (primarily for the standalone template).
 
@@ -831,7 +832,7 @@ Example output:
 
 ## {{ threat_analysis_prompt }}
 
-Should be replaced with the embedded threat detection analysis prompt from `templates/threat-analysis.md`. This prompt template includes markers for `{{ source_path }}`, `{{ agent_name }}`, `{{ agent_description }}`, and `{{ working_directory }}` which are replaced during compilation.
+Should be replaced with the embedded threat detection analysis prompt from `src/data/threat-analysis.md`. This prompt template includes markers for `{{ source_path }}`, `{{ agent_name }}`, `{{ agent_description }}`, and `{{ working_directory }}` which are replaced during compilation.
 
 The threat analysis prompt instructs the security analysis agent to check for:
 - Prompt injection attempts

AGENTS.md

@@ -2036,7 +2036,7 @@ pub async fn compile_shared(
     validate_resolve_pr_thread_statuses(front_matter)?;
 
     // 11. Threat analysis prompt
-    let threat_analysis_prompt = include_str!("../../templates/threat-analysis.md");
+    let threat_analysis_prompt = include_str!("../data/threat-analysis.md");
     let template = replace_with_indent(
         &config.template,
         "{{ threat_analysis_prompt }}",

src/compile/common.rs

@@ -63,7 +63,7 @@ impl Compiler for OneESCompiler {
         let teardown_job = generate_teardown_job(&front_matter.teardown, &front_matter.name);
 
         let config = CompileConfig {
-            template: include_str!("../../templates/1es-base.yml").to_string(),
+            template: include_str!("../data/1es-base.yml").to_string(),
             extra_replacements: vec![
                 ("{{ firewall_version }}".into(), AWF_VERSION.into()),
                 ("{{ mcpg_version }}".into(), MCPG_VERSION.into()),

src/compile/onees.rs

@@ -58,7 +58,7 @@ impl Compiler for StandaloneCompiler {
         let mcpg_docker_env = generate_mcpg_docker_env(front_matter);
 
         let config = CompileConfig {
-            template: include_str!("../../templates/base.yml").to_string(),
+            template: include_str!("../data/base.yml").to_string(),
             extra_replacements: vec![
                 ("{{ firewall_version }}".into(), AWF_VERSION.into()),
                 ("{{ mcpg_version }}".into(), MCPG_VERSION.into()),