Demote strict-mode ecosystem domain guidance from warning to info

[Copilot]

Strict-mode validation was surfacing ecosystem-domain guidance as a warning, including the strict mode: prefix and warning count impact. This change keeps the guidance visible while treating it as informational output instead.

• Behavior

  • switch the ecosystem-domain recommendation in validateStrictFirewall from warning formatting to info formatting
  • remove the strict mode: warning prefix from the emitted message
  • stop incrementing compiler warning count for this guidance

• Tests

  • update strict firewall tests to assert informational output instead of warning-count changes
  • add coverage for the new message shape, including multi-domain Python guidance

• Docs

  • update the network reference to describe this as an informational message and show the new output

recommend using ecosystem identifiers instead of individual domain names for better maintainability: 'files.pythonhosted.org' → 'python', 'pypi.org' → 'python'

[Copilot]

Pull request overview

This PR adjusts strict-mode validation output so ecosystem-domain guidance is informational rather than a warning, keeping the recommendation visible while no longer contributing to the compiler warning count.

Changes:

• Switch ecosystem-domain guidance in validateStrictFirewall from warning formatting/counting to info formatting (and remove the strict mode: prefix).
• Update strict firewall tests to stop asserting warning-count increments and add stderr output assertions for the new message shape.
• Update network reference docs to describe the guidance as informational output.

Show a summary per file

File	Description
pkg/workflow/strict_mode_permissions_validation.go	Emits ecosystem-domain recommendations as informational output and no longer increments warning count.
pkg/workflow/strict_mode_llm_gateway_test.go	Updates strict firewall tests to assert info guidance behavior and validate stderr output/message shape.
docs/src/content/docs/reference/network.md	Rewords the strict-mode ecosystem guidance section from warnings to informational messaging.
.github/workflows/aw-portfolio-yield.lock.yml	Regenerates a lock workflow file (including a cron schedule change).

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (2)

pkg/workflow/strict_mode_llm_gateway_test.go:87

• The inline comment still says these ecosystem domains "will emit warnings" suggesting identifiers, but validateStrictFirewall now prints informational guidance and does not increment warningCount. Please update the comment to avoid confusing future readers/tests.

This issue also appears on line 120 of the same file.

	t.Run("copilot engine allows domains from known ecosystems with informational ecosystem guidance in strict mode", func(t *testing.T) {
		compiler := NewCompiler()
		compiler.strictMode = true

		// These domains are from known ecosystems (python, node) and will emit warnings suggesting ecosystem identifiers
		networkPerms := &NetworkPermissions{

pkg/workflow/strict_mode_llm_gateway_test.go:126

• This inline comment says the domains "will emit warnings" suggesting ecosystem identifiers, but the updated strict-mode behavior prints informational guidance without affecting warningCount. Please adjust the wording to match the new behavior.

	t.Run("codex engine allows domains from known ecosystems with informational ecosystem guidance", func(t *testing.T) {
		compiler := NewCompiler()
		compiler.strictMode = true

		// These domains are from known ecosystems (python, node) and will emit warnings suggesting ecosystem identifiers
		networkPerms := &NetworkPermissions{
			Allowed: []string{"pypi.org", "registry.npmjs.org"},

• Files reviewed: 4/4 changed files
• Comments generated: 2