Azure DevOps MCP Server

Official Microsoft MCP server for Azure DevOps providing repositories, pipelines, work items, wiki, test plans, and search tools.

Overall Score66/100

Score Breakdown

Authentication & Identity1 finding↓0/25

Tool Schema Quality1 finding↓21/25

Permission Granularity20/20

LLM Safety15/15

Data Exposure2 findings↓5/10

Maintenance & Trust5/5

Server Info

Package: @azure-devops/mcp
Registry: npm
Repository: microsoft/azure-devops-mcp
Maintainer: Community
Category: Developer Tools
Tags: ci-cdreposwork-items
Last Scanned: 7 Apr 2026

Findings

4 issues

Authentication & Identity

HIGHNo per-request auth - requires instance-per-user

Stdio-only transport. Supports multiple auth methods: interactive OAuth (MSAL device code flow), Azure CLI credentials, or PAT via environment variable. The organization name is a required CLI argument. Tenant ID can be auto-detected or specified. No MCP OAuth spec or HTTP transport. For multi-tenant deployment, the platform must spawn a separate server instance per user.

Remediation

Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.

Tool Schema Quality

MEDIUMOnly 4 of 90 schemas have parameter constraints

Most schemas lack maxLength, enum, or pattern constraints on string parameters.

Remediation

Add constraints to string parameters, especially on write operations.

Data Exposure

MEDIUM10 list operations lack pagination

Several list tools support top/skip pagination parameters. Some list endpoints lack explicit pagination controls. No field selection. Responses return full JSON objects. Elicitation used for missing project context rather than returning all data.

Remediation

Add limit/offset or cursor-based pagination.

LOWNo field selection on responses

Responses return full records rather than projected fields.

Remediation

Implement field selection to return only relevant fields.

Tools

90 total

Name	Description	Risk
core_list_project_teams	Retrieve a list of teams for an Azure DevOps project.	read
core_list_projects	Retrieve a list of projects in your Azure DevOps organization.	read
core_get_identity_ids	Retrieve Azure DevOps identity IDs for a provided search filter.	read
mcp_apps_ping	A simple ping tool to verify that the mcp-apps domain is enabled.	read
repo_list_repos_by_project	List repositories in an Azure DevOps project.	read
repo_list_pull_requests_by_repo_or_project	List pull requests in an Azure DevOps repository or project.	read
repo_list_branches_by_repo	List branches in an Azure DevOps repository.	read
repo_list_my_branches_by_repo	List branches created by the authenticated user.	read
repo_list_pull_request_threads	List comment threads on a pull request.	read
repo_list_pull_request_thread_comments	List comments in a specific pull request thread.	read
repo_get_repo_by_name_or_id	Get repository details by name or ID.	read
repo_get_branch_by_name	Get branch details by name.	read
repo_get_pull_request_by_id	Get pull request details by ID.	read
repo_get_pull_request_changes	Get the changes/diffs in a pull request.	read
repo_create_pull_request	Create a new pull request.	write
repo_create_branch	Create a new branch in a repository.	write
repo_update_pull_request	Update an existing pull request.	write
repo_update_pull_request_reviewers	Update pull request reviewers.	write
repo_reply_to_comment	Reply to a comment in a pull request thread.	write
repo_create_pull_request_thread	Create a new comment thread on a pull request.	write
repo_update_pull_request_thread	Update a pull request comment thread.	write
repo_search_commits	Search for commits in a repository.	read
repo_list_pull_requests_by_commits	List pull requests associated with specific commits.	read
repo_vote_pull_request	Vote (approve/reject) on a pull request.	write
repo_list_directory	List directory contents in a repository.	read
repo_get_file_content	Get file content from a repository.	read
pipelines_get_build_definitions	Get build/pipeline definitions for a project.	read
pipelines_create_pipeline	Create a new build pipeline.	write
pipelines_get_build_definition_revisions	Get revisions of a build definition.	read
pipelines_get_builds	List builds for a project with optional filters.	read
pipelines_get_build_log	Get build logs.	read
pipelines_get_build_log_by_id	Get a specific build log by log ID.	read
pipelines_get_build_changes	Get changes associated with a build.	read
pipelines_get_run	Get a specific pipeline run.	read
pipelines_list_runs	List pipeline runs.	read
pipelines_run_pipeline	Trigger a pipeline run.	write
pipelines_get_build_status	Get build status.	read
pipelines_update_build_stage	Update a build stage (e.g., retry, cancel).	write
pipelines_list_artifacts	List artifacts for a build.	read
pipelines_download_artifact	Download a build artifact.	read
wit_list_backlogs	List backlogs for a team.	read
wit_list_backlog_work_items	List work items in a backlog.	read
wit_my_work_items	List work items assigned to the authenticated user.	read
wit_get_work_items_batch_by_ids	Get multiple work items by their IDs.	read
wit_get_work_item	Get details of a single work item.	read
wit_list_work_item_comments	List comments on a work item.	read
wit_add_work_item_comment	Add a comment to a work item.	write
wit_update_work_item_comment	Update an existing work item comment.	write
wit_list_work_item_revisions	List revision history of a work item.	read
wit_add_child_work_items	Add child work items to a parent.	write
wit_link_work_item_to_pull_request	Link a work item to a pull request.	write
wit_get_work_items_for_iteration	Get work items for a specific iteration.	read
wit_update_work_item	Update a work item's fields.	write
wit_get_work_item_type	Get work item type definition.	read
wit_create_work_item	Create a new work item.	write
wit_get_query	Get a saved work item query.	read
wit_get_query_results_by_id	Execute a saved query and return results.	read
wit_update_work_items_batch	Batch update multiple work items.	write
wit_work_items_link	Link work items together.	write
wit_work_item_unlink	Remove a link between work items.	write
wit_add_artifact_link	Add an artifact link to a work item.	write
wit_get_work_item_attachment	Get a work item attachment.	read
wiki_list_wikis	List wikis in a project.	read
wiki_get_wiki	Get details of a specific wiki.	read
wiki_list_pages	List pages in a wiki.	read
wiki_get_page	Get a specific wiki page.	read
wiki_get_page_content	Get wiki page content.	read
wiki_create_or_update_page	Create or update a wiki page.	write
testplan_list_test_plans	List test plans in a project.	read
testplan_create_test_plan	Create a new test plan.	write
testplan_create_test_suite	Create a test suite within a test plan.	write
testplan_list_test_suites	List test suites in a test plan.	read
testplan_create_test_case	Create a test case.	write
testplan_update_test_case_steps	Update test case steps.	write
testplan_add_test_cases_to_suite	Add test cases to a test suite.	write
testplan_show_test_results_from_build_id	Show test results from a build.	read
testplan_list_test_cases	List test cases in a suite.	read
search_code	Search for code across Azure DevOps repositories.	read
search_wiki	Search wiki content.	read
search_workitem	Search work items.	read
advsec_get_alerts	Get Advanced Security alerts for a repository.	read
advsec_get_alert_details	Get details of a specific Advanced Security alert.	read
work_list_team_iterations	List iterations for a team.	read
work_list_iterations	List all iterations.	read
work_create_iterations	Create new iterations.	write
work_assign_iterations	Assign iterations to a team.	write
work_get_team_capacity	Get team capacity for an iteration.	read
work_update_team_capacity	Update team capacity for an iteration.	write
work_get_iteration_capacities	Get iteration capacities.	read
work_get_team_settings	Get team settings.	read

Deploy Azure DevOps MCP Server securely

CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.

Deploy on CompleteFlow