feat(agency): centralize Claude Code plugin and self-contained marketplace

.claude-plugin/marketplace.json

@@ -0,0 +1,20 @@
+{
+  "name": "ado-aw",
+  "metadata": {
+    "description": "Azure DevOps Agentic Workflows (ado-aw) marketplace",
+    "version": "0.38.0"
+  },
+  "owner": {
+    "name": "GitHub Next",
+    "url": "https://github.com/githubnext/ado-aw"
+  },
+  "plugins": [
+    {
+      "name": "ado-aw",
+      "source": "./agency/plugins/ado-aw",
+      "version": "0.38.0",
+      "description": "Create, update, validate, operate, and debug Azure DevOps agentic workflows with ado-aw",
+      "keywords": ["azure-devops", "ado", "agentic", "pipelines", "ado-aw"]
+    }
+  ]
+}

.gitattributes

@@ -3,6 +3,12 @@
 # Install scripts must always be LF (executed on Linux/macOS via curl|sh).
 scripts/install/*.sh text eol=lf
 scripts/install/*.ps1 text eol=lf
+# Agency plugin is a Linux/macOS-consumed artifact (and release-please rewrites
+# it on Linux CI) — keep every text file LF.
+agency/plugins/** text eol=lf
+# Generated marketplace catalogs (release-please rewrites on Linux CI).
+.claude-plugin/marketplace.json text eol=lf
+.github/plugin/marketplace.json text eol=lf
 # BEGIN ado-aw managed (do not edit)
 tests/fixtures/job-agent.lock.yml linguist-generated=true merge=ours text eol=lf
 tests/fixtures/runtime_imports_author_marker_job.lock.yml linguist-generated=true merge=ours text eol=lf

.github/agents/ado-aw.agent.md

@@ -1,11 +1,11 @@
 ---
-description: Azure DevOps Agentic Pipelines (ado-aw) - Create, update, and debug AI-powered ADO pipelines
+description: Azure DevOps Agentic Workflows (ado-aw) - Create, update, and debug AI-powered Azure DevOps agentic workflows
 disable-model-invocation: true
 ---
 
-# ADO Agentic Pipelines Agent
+# Azure DevOps Agentic Workflows Agent
 
-This agent helps you create and manage Azure DevOps agentic pipelines using **ado-aw**.
+This agent helps you create and manage Azure DevOps agentic workflows using **ado-aw**.
 
 ado-aw compiles human-friendly markdown files with YAML front matter into secure, multi-stage Azure DevOps pipelines that run AI agents in network-isolated sandboxes.
 
@@ -37,39 +37,39 @@ Verify: `ado-aw --version`
 
 This is a **dispatcher agent** that routes your request to the appropriate specialized prompt:
 
-- **Creating new agentic pipelines** → Routes to the create prompt
-- **Updating existing pipelines** → Routes to the update prompt  
-- **Debugging failing pipelines** → Routes to the debug prompt
+- **Creating new agentic workflows** → Routes to the create prompt
+- **Updating existing workflows** → Routes to the update prompt  
+- **Debugging failing workflows** → Routes to the debug prompt
 
 ## Available Prompts
 
-### Create New Agentic Pipeline
-**Load when**: User wants to create a new agentic pipeline from scratch
+### Create New Agentic Workflow
+**Load when**: User wants to create a new agentic workflow from scratch
 
-**Prompt file**: https://raw.githubusercontent.com/githubnext/ado-aw/v0.16.0/prompts/create-ado-agentic-workflow.md
+**Prompt file**: https://raw.githubusercontent.com/githubnext/ado-aw/v0.38.0/prompts/create-ado-agentic-workflow.md <!-- x-release-please-version -->
 
 **Use cases**:
-- "Create an agentic pipeline that reviews PRs weekly"
-- "I need a pipeline that triages work items daily"
+- "Create an agentic workflow that reviews PRs weekly"
+- "I need a workflow that triages work items daily"
 - "Design a scheduled dependency updater"
 
-### Update Existing Pipeline
+### Update Existing Workflow
 **Load when**: User wants to modify an existing agent workflow file
 
-**Prompt file**: https://raw.githubusercontent.com/githubnext/ado-aw/v0.16.0/prompts/update-ado-agentic-workflow.md
+**Prompt file**: https://raw.githubusercontent.com/githubnext/ado-aw/v0.38.0/prompts/update-ado-agentic-workflow.md <!-- x-release-please-version -->
 
 **Use cases**:
-- "Add the Azure DevOps MCP to my pipeline"
+- "Add the Azure DevOps MCP to my workflow"
 - "Change the schedule from daily to weekly"
 - "Add work item creation as a safe output"
 
-### Debug Failing Pipeline
-**Load when**: User needs to troubleshoot a failing agentic pipeline
+### Debug Failing Workflow
+**Load when**: User needs to troubleshoot a failing agentic workflow
 
-**Prompt file**: https://raw.githubusercontent.com/githubnext/ado-aw/v0.16.0/prompts/debug-ado-agentic-workflow.md
+**Prompt file**: https://raw.githubusercontent.com/githubnext/ado-aw/v0.38.0/prompts/debug-ado-agentic-workflow.md <!-- x-release-please-version -->
 
 **Use cases**:
-- "Why is my agentic pipeline failing?"
+- "Why is my agentic workflow failing?"
 - "The agent can't reach the MCP server"
 - "Safe outputs aren't being processed"
 
@@ -92,12 +92,12 @@ ado-aw compile <agent-file.md>
 ado-aw compile
 
 # Verify pipeline matches source
-ado-aw check <pipeline.yml>
+ado-aw check <pipeline.lock.yml>
 ```
 
 ## Key Features
 
-- **Natural language pipelines**: Write in markdown with YAML frontmatter
+- **Natural language workflows**: Write in markdown with YAML frontmatter
 - **3-stage security**: Agent → Threat Analysis → Safe Output Execution
 - **Network isolation**: AWF (Agentic Workflow Firewall) with domain whitelisting
 - **MCP Gateway**: Tool routing for Azure DevOps, custom MCPs
@@ -109,4 +109,4 @@ ado-aw check <pipeline.yml>
 - Agent files must be compiled with `ado-aw compile` after YAML frontmatter changes
 - Markdown body (agent instructions) changes do NOT require recompilation
 - The agent never has direct write access — all mutations go through safe outputs
-- Full reference: https://raw.githubusercontent.com/githubnext/ado-aw/v0.16.0/AGENTS.md
+- Full reference: https://raw.githubusercontent.com/githubnext/ado-aw/v0.38.0/AGENTS.md <!-- x-release-please-version -->

.github/plugin/marketplace.json

@@ -0,0 +1,20 @@
+{
+  "name": "ado-aw",
+  "metadata": {
+    "description": "Azure DevOps Agentic Workflows (ado-aw) marketplace",
+    "version": "0.38.0"
+  },
+  "owner": {
+    "name": "GitHub Next",
+    "url": "https://github.com/githubnext/ado-aw"
+  },
+  "plugins": [
+    {
+      "name": "ado-aw",
+      "source": "./agency/plugins/ado-aw",
+      "version": "0.38.0",
+      "description": "Create, update, validate, operate, and debug Azure DevOps agentic workflows with ado-aw",
+      "keywords": ["azure-devops", "ado", "agentic", "pipelines", "ado-aw"]
+    }
+  ]
+}

AGENTS.md

@@ -1,4 +1,4 @@
-# Copilot Instructions for Azure DevOps Agentic Pipelines
+# Copilot Instructions for Azure DevOps Agentic Workflows
 
 This repository contains a compiler for Azure DevOps pipelines that transforms
 natural language markdown files with YAML front matter into Azure DevOps
@@ -102,8 +102,21 @@ Every compiled pipeline runs as three sequential jobs:
 │   │   │   ├── 0002_pool_object_form.rs # Legacy scalar pool → object form codemod
 │   │   │   └── helpers.rs # take_key, insert_no_overwrite, rename_key, ConflictPolicy
 │   │   ├── codemod_integration_test.rs # White-box rewrite-path tests (stub registry injection)
-│   │   └── types.rs      # Front matter grammar and types
-│   ├── init.rs           # Repository initialization for AI-first authoring
+│   │   ├── types.rs      # Front matter grammar and types
+│   │   └── ir/           # Typed Azure DevOps pipeline IR (see docs/ir.md)
+│   │       ├── mod.rs    # Pipeline / PipelineBody / PipelineShape root types
+│   │       ├── ids.rs    # Typed StageId / JobId / StepId newtypes
+│   │       ├── step.rs   # Step variants (Bash, Task, Checkout, Download, Publish, RawYaml)
+│   │       ├── job.rs    # Job, Pool, TemplateContext, JobVariable
+│   │       ├── stage.rs  # Stage + external-params wrap
+│   │       ├── env.rs    # Typed EnvValue (Literal, AdoMacro, PipelineVar, Secret, StepOutput, Coalesce, Concat)
+│   │       ├── condition.rs # Typed Condition / Expr AST + codegen to ADO condition syntax
+│   │       ├── output.rs # OutputDecl / OutputRef + location-aware lowering
+│   │       ├── graph.rs  # Dependency graph: validation, edge derivation, isOutput promotion, cycle detection
+│   │       ├── lower.rs  # IR → serde_yaml::Value lowering
+│   │       ├── emit.rs   # Thin `lower() + serde_yaml::to_string()` wrapper
+│   │       └── summary.rs # Public, serializable PipelineSummary / GraphSummary for agent-facing tooling (see docs/ir.md Public JSON summary)
+│   ├── init.rs           # Repository initialization for AI-first authoring (incl. `--agency` plugin scaffold, embeds agency/plugins/ado-aw/ via include_str!)
 │   ├── execute.rs        # Stage 3 safe output execution
 │   ├── fuzzy_schedule.rs # Fuzzy schedule parsing
 │   ├── logging.rs        # File-based logging infrastructure
@@ -154,7 +167,7 @@ Every compiled pipeline runs as three sequential jobs:
 │   │   ├── whatif.rs     # `ado-aw whatif`: static downstream skip classification for failures
 │   │   ├── lint.rs       # `ado-aw lint`: structural workflow lint checks
 │   │   └── catalog.rs    # `ado-aw catalog`: list in-tree registries (tools, runtimes, models, etc.)
-│   ├── detect.rs         # Agentic pipeline detection — discovers compiled pipelines; used by all lifecycle commands
+│   ├── detect.rs         # Agentic workflow detection — discovers compiled pipelines; used by all lifecycle commands
 │   ├── update_check.rs   # Version update check — queries GitHub Releases and prints advisory when newer version is available
 │   ├── ndjson.rs         # NDJSON parsing utilities
 │   ├── sanitize.rs       # Input sanitization for safe outputs
@@ -217,11 +230,21 @@ Every compiled pipeline runs as three sequential jobs:
 │           ├── extension.rs # CompilerExtension impl (compile-time)
 │           └── execute.rs   # Stage 3 runtime (validate/copy)
 ├── ado-aw-derive/        # Proc-macro crate: #[derive(SanitizeConfig)], #[derive(SanitizeContent)]
+├── .claude-plugin/       # Root Claude marketplace catalog (makes the repo installable via `/plugin marketplace add`); release-please-versioned
+│   └── marketplace.json  # Lists the ado-aw plugin with source ./agency/plugins/ado-aw
+├── agency/               # Agency / Claude Code marketplace plugin (canonical source of truth)
+│   └── plugins/ado-aw/   # Version-locked plugin (release-please bumps version + pinned prompt URLs); listed in Agency marketplace via external `source`; scaffolded into consumer repos by `ado-aw init --agency`
+│       ├── .claude-plugin/ # plugin.json (manifest)
+│       ├── .mcp.json     # Wires read-only `ado-aw mcp-author` stdio server
+│       ├── agency.json   # Marketplace governance metadata + external source pointer
+│       ├── agents/ado-aw.md # Dispatcher subagent
+│       ├── skills/       # 6 SKILL.md playbooks (create/update/debug-workflow, compile-and-validate, manage-lifecycle, audit-build)
+│       └── scripts/      # doctor.{sh,ps1} prerequisite checks
 ├── examples/             # Example agent definitions
 ├── prompts/              # AI agent prompt files for workflow authoring tasks
-│   ├── create-ado-agentic-workflow.md # Step-by-step guide for creating a new agentic pipeline
-│   ├── update-ado-agentic-workflow.md # Guide for modifying an existing agentic pipeline
-│   └── debug-ado-agentic-workflow.md  # Guide for troubleshooting a failing agentic pipeline
+│   ├── create-ado-agentic-workflow.md # Step-by-step guide for creating a new agentic workflow
+│   ├── update-ado-agentic-workflow.md # Guide for modifying an existing agentic workflow
+│   └── debug-ado-agentic-workflow.md  # Guide for troubleshooting a failing agentic workflow
 ├── scripts/              # Supporting scripts shipped as release artifacts
 │   └── ado-script/       # TypeScript workspace for bundled gate.js, import.js, exec-context-pr.js, exec-context-pr-synth.js
 │       └── src/
@@ -255,11 +278,11 @@ index to jump to the right page.
 ### Prompt files for workflow authoring
 
 - [`prompts/create-ado-agentic-workflow.md`](prompts/create-ado-agentic-workflow.md) — step-by-step
-  guide for creating a new agentic pipeline from scratch (interactive and non-interactive modes).
+  guide for creating a new agentic workflow from scratch (interactive and non-interactive modes).
 - [`prompts/update-ado-agentic-workflow.md`](prompts/update-ado-agentic-workflow.md) — guide for
-  modifying an existing agentic pipeline (read-then-update workflow with validation).
+  modifying an existing agentic workflow (read-then-update workflow with validation).
 - [`prompts/debug-ado-agentic-workflow.md`](prompts/debug-ado-agentic-workflow.md) — guide for
-  troubleshooting a failing agentic pipeline and filing a diagnostic report.
+  troubleshooting a failing agentic workflow and filing a diagnostic report.
 
 ### Authoring agent files
 
@@ -311,6 +334,10 @@ index to jump to the right page.
 - [`docs/cli.md`](docs/cli.md) — `ado-aw` CLI commands (`init`, `compile`,
   `check`, `mcp`, `mcp-http`, `execute`, `secrets`, `enable`, `disable`,
   `remove`, `list`, `status`, `run`, `audit`; `configure` is a deprecated hidden alias).
+- [`docs/agency-plugin.md`](docs/agency-plugin.md) — the Agency / Claude Code
+  plugin (`agency/plugins/ado-aw/`): canonical layout, six skills, `mcp-author`
+  wiring, the self-contained root marketplace catalogs, `init --agency`
+  scaffolding, release-please version-locking, and shared-marketplace listing.
 - [`docs/audit.md`](docs/audit.md) — `ado-aw audit`: accepted build-id / URL
   forms, artifact layout, cache behavior, rejection tracing, and `AuditData`
   report shape.
@@ -449,10 +476,10 @@ the bash body — shellcheck honours the directive and it's inert at runtime.
 cargo run -- compile ./path/to/agent.md
 ```
 
-### Recompile all agentic pipelines in the current directory
+### Recompile all agentic workflows in the current directory
 
 ```bash
-# Auto-discovers and recompiles all detected agentic pipelines
+# Auto-discovers and recompiles all detected agentic workflows
 cargo run -- compile
 ```
 

README.md

@@ -1,8 +1,8 @@
 # ado-aw
 
-An agentic pipeline compiler for Azure DevOps. Write pipeline definitions in
-human-friendly markdown, compile them into secure, multi-stage Azure DevOps
-pipelines that run AI agents in network-isolated sandboxes.
+**Azure DevOps Agentic Workflows.** Write agentic workflows in human-friendly
+markdown; ado-aw compiles each into a secure, multi-stage Azure DevOps pipeline
+that runs an AI agent in a network-isolated sandbox.
 
 Inspired by [GitHub Agentic Workflows (gh-aw)](https://github.com/githubnext/gh-aw).
 
@@ -71,7 +71,7 @@ If you see `The Process object must have the UseShellExecute property set to fal
 ado-aw init
 ```
 
-This creates a Copilot agent at `.github/agents/ado-aw.agent.md` that helps you create, update, and debug agentic pipelines. The agent automatically downloads the ado-aw compiler and handles compilation.
+This creates a Copilot agent at `.github/agents/ado-aw.agent.md` that helps you create, update, and debug agentic workflows. The agent automatically downloads the ado-aw compiler and handles compilation.
 
 ### 3. Create an Agent with AI
 
@@ -87,7 +87,7 @@ and open PRs to update them.
 
 Or if you've run `ado-aw init`, simply ask your AI agent:
 ```
-Create an agentic pipeline that checks for outdated dependencies and opens PRs
+Create an agentic workflow that checks for outdated dependencies and opens PRs
 ```
 
 The AI will generate a markdown file like:
@@ -521,7 +521,7 @@ network:
 ado-aw [OPTIONS] <COMMAND>
 
 Commands:
-  init          Initialize a repository for AI-first agentic pipeline authoring
+  init          Initialize a repository for AI-first agentic workflow authoring
   compile       Compile markdown to pipeline definition
   check         Verify a compiled pipeline matches its source
   mcp           Run as an MCP server (safe outputs)
@@ -567,9 +567,9 @@ ado-aw provides specialized prompt files that guide AI agents through common tas
 
 | Task | Prompt URL | Description |
 |------|-----------|-------------|
-| Create a workflow | [create-ado-agentic-workflow.md](prompts/create-ado-agentic-workflow.md) | Step-by-step guide for creating a new agentic pipeline from scratch |
+| Create a workflow | [create-ado-agentic-workflow.md](prompts/create-ado-agentic-workflow.md) | Step-by-step guide for creating a new agentic workflow from scratch |
 | Update a workflow | [update-ado-agentic-workflow.md](prompts/update-ado-agentic-workflow.md) | Guide for modifying existing agent workflows |
-| Debug a pipeline | [debug-ado-agentic-workflow.md](prompts/debug-ado-agentic-workflow.md) | Troubleshoot failing agentic pipelines |
+| Debug a workflow | [debug-ado-agentic-workflow.md](prompts/debug-ado-agentic-workflow.md) | Troubleshoot failing agentic workflows |
 
 ### Using Prompts with Your AI Agent
 

agency/plugins/ado-aw/.claude-plugin/plugin.json

@@ -0,0 +1,23 @@
+{
+  "name": "ado-aw",
+  "version": "0.38.0",
+  "description": "Azure DevOps Agentic Workflows (ado-aw) — create, update, validate, operate, and debug AI-powered Azure DevOps agentic workflows: Markdown agent specs compiled into secure, network-isolated ADO pipelines.",
+  "author": {
+    "name": "GitHub Next",
+    "url": "https://github.com/githubnext/ado-aw"
+  },
+  "homepage": "https://github.com/githubnext/ado-aw",
+  "repository": "https://github.com/githubnext/ado-aw",
+  "license": "MIT",
+  "keywords": [
+    "azure-devops",
+    "ado",
+    "agentic",
+    "pipelines",
+    "ado-aw",
+    "safe-outputs",
+    "compiler",
+    "automation"
+  ],
+  "mcpServers": "./.mcp.json"
+}

agency/plugins/ado-aw/.mcp.json

@@ -0,0 +1,10 @@
+{
+  "mcpServers": {
+    "ado-aw": {
+      "command": "ado-aw",
+      "type": "local",
+      "args": ["mcp-author"],
+      "tools": ["*"]
+    }
+  }
+}