From 47a0452dfaa41cc7622dffe72ea88fd62991dfda Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 13 Feb 2026 15:17:23 +0000
Subject: [PATCH 1/2] Initial plan


From 065ae93f7ff470d5c3866e324f2a0bdac6586bb4 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 13 Feb 2026 15:23:03 +0000
Subject: [PATCH 2/2] Fix documentation: clarify custom domains are rejected in
 strict mode

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .../docs/guides/network-configuration.md      | 26 +++++++++++++++----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/docs/src/content/docs/guides/network-configuration.md b/docs/src/content/docs/guides/network-configuration.md
index b35f513096d..5a8145af21e 100644
--- a/docs/src/content/docs/guides/network-configuration.md
+++ b/docs/src/content/docs/guides/network-configuration.md
@@ -128,10 +128,11 @@ network:
   allowed:
     - python           # Ecosystem identifier
     - node             # Ecosystem identifier
-    - "api.example.com"  # Custom domains still allowed
 ````
 
-When strict mode rejects a domain, the error message suggests the correct ecosystem:
+### Error Messages
+
+When strict mode rejects a domain that belongs to a known ecosystem, the error message suggests the ecosystem identifier:
 
 ````text
 error: strict mode: network domains must be from known ecosystems (e.g., 'defaults',
@@ -139,15 +140,30 @@ error: strict mode: network domains must be from known ecosystems (e.g., 'defaul
 security. Did you mean: 'pypi.org' belongs to ecosystem 'python'?
 ````
 
-Disable strict mode for development or testing:
+When strict mode rejects a custom domain:
+
+````text
+error: strict mode: network domains must be from known ecosystems (e.g., 'defaults',
+'python', 'node') for all engines in strict mode. Custom domains are not allowed for
+security. Set 'strict: false' to use custom domains.
+````
+
+### Using Custom Domains
+
+To use custom domains (domains not in known ecosystems), disable strict mode:
 
 ````yaml
-strict: false
+---
+strict: false    # Required for custom domains
 network:
   allowed:
-    - "pypi.org"  # Now allowed
+    - python           # Ecosystem identifier
+    - "api.example.com"  # Custom domain (only allowed with strict: false)
+---
 ````
 
+**Security Note**: Custom domains bypass ecosystem validation. Only disable strict mode when necessary and ensure you trust the custom domains you allow.
+
 ## Security Best Practices
 
 1. **Start minimal** - Only add ecosystems you actually use