Azure DevOps MCP Policy

GET STARTED

Download this policy scaffold and add your rules. Intercept enforces them on every tool call before it reaches Azure DevOps.

terminal

# Download policy scaffold


curl -o azure-devops.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/azure-devops.yaml

# Run with Intercept


intercept --policy azure-devops.yaml -- npx -y @@azure-devops/mcp

Server documentation: https://github.com/microsoft/azure-devops-mcp

READ TOOLS

54

mcp_ado_advsec_get_alerts Retrieve Advanced Security alerts for a repository

mcp_ado_advsec_get_alert_details Get detailed information about a specific security alert

mcp_ado_core_list_projects List all projects in the organization

mcp_ado_core_list_project_teams List teams within a project

mcp_ado_core_get_identity_ids Retrieve identity IDs by search filter

mcp_ado_pipelines_get_builds Retrieve a list of builds with optional filters

mcp_ado_pipelines_get_build_status Get the status of a specific build

mcp_ado_pipelines_get_build_log Retrieve complete logs for a build

mcp_ado_pipelines_get_build_log_by_id Get a specific build log by log ID

mcp_ado_pipelines_get_build_changes Get changes associated with a build

mcp_ado_pipelines_get_build_definitions List build/pipeline definitions in a project

mcp_ado_pipelines_get_build_definition_revisions Get revision history of a build definition

mcp_ado_pipelines_get_run Get details of a specific pipeline run

mcp_ado_pipelines_list_runs List recent runs for a pipeline

mcp_ado_pipelines_list_artifacts List artifacts for a given build

mcp_ado_pipelines_download_artifact Download a pipeline artifact

mcp_ado_repo_list_repos_by_project List all repositories in a project

mcp_ado_repo_get_repo_by_name_or_id Get repository details by name or ID

mcp_ado_repo_list_branches_by_repo List all branches in a repository

mcp_ado_repo_list_my_branches_by_repo List branches created by current user

mcp_ado_repo_get_branch_by_name Get details of a specific branch

mcp_ado_repo_search_commits Search for commits with comprehensive filters

mcp_ado_repo_list_pull_requests_by_repo_or_project List pull requests with optional filters

mcp_ado_repo_list_pull_requests_by_commits Find pull requests containing specific commits

mcp_ado_repo_get_pull_request_by_id Get details of a specific pull request

mcp_ado_repo_list_pull_request_threads List comment threads on a pull request

mcp_ado_repo_list_pull_request_thread_comments List comments in a specific thread

mcp_ado_repo_list_directory List files and folders in a directory

mcp_ado_search_code Search for code across repositories

mcp_ado_search_wiki Search wiki pages by keywords

mcp_ado_search_workitem Search work items by text and filters

mcp_ado_testplan_list_test_plans List test plans in a project

mcp_ado_testplan_list_test_suites List test suites in a test plan

mcp_ado_testplan_list_test_cases List test cases in a test suite

mcp_ado_testplan_show_test_results_from_build_id Get test results for a specific build

mcp_ado_wiki_list_wikis List wikis in organization or project

mcp_ado_wiki_get_wiki Get details of a specific wiki

mcp_ado_wiki_list_pages List pages in a wiki

mcp_ado_wiki_get_page Get wiki page metadata without content

mcp_ado_wiki_get_page_content Retrieve wiki page content

mcp_ado_wit_get_work_item Get a work item by ID

mcp_ado_wit_get_work_items_batch_by_ids Retrieve multiple work items by IDs

mcp_ado_wit_list_work_item_comments List comments on a work item

mcp_ado_wit_list_work_item_revisions Get revision history of a work item

mcp_ado_wit_get_work_item_type Get details of a work item type

mcp_ado_wit_get_work_items_for_iteration Get work items in a specific iteration

mcp_ado_wit_list_backlogs List backlogs for a team

mcp_ado_wit_list_backlog_work_items Get work items in a backlog

mcp_ado_wit_get_query Get a work item query by ID or path

mcp_ado_wit_get_query_results_by_id Execute a query and get results

mcp_ado_work_list_iterations List all iterations in a project

mcp_ado_work_list_team_iterations List iterations assigned to a team

mcp_ado_work_get_iteration_capacities Get capacity for all teams in an iteration

mcp_ado_work_get_team_capacity Get capacity for a specific team in iteration

WRITE TOOLS

25

mcp_ado_pipelines_create_pipeline Create a new pipeline with YAML configuration

mcp_ado_pipelines_update_build_stage Update a build stage (cancel, retry, or run)

mcp_ado_repo_create_branch Create a new branch from a source branch

mcp_ado_repo_create_pull_request Create a new pull request

mcp_ado_repo_update_pull_request Update pull request properties and settings

mcp_ado_repo_update_pull_request_reviewers Add or remove reviewers from a pull request

mcp_ado_repo_vote_pull_request Cast a vote on a pull request

mcp_ado_repo_create_pull_request_thread Create a new comment thread on a pull request

mcp_ado_repo_update_pull_request_thread Update an existing pull request comment thread

mcp_ado_repo_reply_to_comment Reply to a pull request comment

mcp_ado_testplan_create_test_plan Create a new test plan

mcp_ado_testplan_create_test_suite Create a test suite within a test plan

mcp_ado_testplan_add_test_cases_to_suite Add test cases to a test suite

mcp_ado_testplan_create_test_case Create a new test case work item

mcp_ado_testplan_update_test_case_steps Update steps of an existing test case

mcp_ado_wiki_create_or_update_page Create or update a wiki page

mcp_ado_wit_create_work_item Create a new work item

mcp_ado_wit_update_work_item Update fields of a work item

mcp_ado_wit_update_work_items_batch Update multiple work items in batch

mcp_ado_wit_add_child_work_items Create child work items under a parent

mcp_ado_wit_add_artifact_link Link artifacts to work items

mcp_ado_wit_add_work_item_comment Add a comment to a work item

mcp_ado_work_create_iterations Create new iterations in a project

mcp_ado_work_assign_iterations Assign iterations to a team

mcp_ado_work_update_team_capacity Update team member capacity for iteration

DESTRUCTIVE TOOLS

1

mcp_ado_wit_work_item_unlink Remove links from a work item

EXECUTE TOOLS

1

mcp_ado_pipelines_run_pipeline Start a new pipeline run with optional parameters

OTHER TOOLS

3

mcp_ado_wit_work_items_link Link work items together

mcp_ado_wit_link_work_item_to_pull_request Link a work item to a pull request

mcp_ado_wit_my_work_items List work items relevant to current user

POLICY YAML

This scaffold lists every tool with empty rules. Add conditions — rate limits, argument validation, deny rules — then deploy with Intercept.

azure-devops.yaml

version: "1"
description: "Policy for @azure-devops/mcp"
default: "allow"
tools:
    mcp_ado_advsec_get_alerts:
        rules: []
    mcp_ado_advsec_get_alert_details:
        rules: []
    mcp_ado_core_list_projects:
        rules: []
    mcp_ado_core_list_project_teams:
        rules: []
    mcp_ado_core_get_identity_ids:
        rules: []
    mcp_ado_pipelines_get_builds:
        rules: []
    mcp_ado_pipelines_get_build_status:
        rules: []
    mcp_ado_pipelines_get_build_log:
        rules: []
    mcp_ado_pipelines_get_build_log_by_id:
        rules: []
    mcp_ado_pipelines_get_build_changes:
        rules: []
    mcp_ado_pipelines_get_build_definitions:
        rules: []
    mcp_ado_pipelines_get_build_definition_revisions:
        rules: []
    mcp_ado_pipelines_get_run:
        rules: []
    mcp_ado_pipelines_list_runs:
        rules: []
    mcp_ado_pipelines_list_artifacts:
        rules: []
    mcp_ado_pipelines_download_artifact:
        rules: []
    mcp_ado_repo_list_repos_by_project:
        rules: []
    mcp_ado_repo_get_repo_by_name_or_id:
        rules: []
    mcp_ado_repo_list_branches_by_repo:
        rules: []
    mcp_ado_repo_list_my_branches_by_repo:
        rules: []
    mcp_ado_repo_get_branch_by_name:
        rules: []
    mcp_ado_repo_search_commits:
        rules: []
    mcp_ado_repo_list_pull_requests_by_repo_or_project:
        rules: []
    mcp_ado_repo_list_pull_requests_by_commits:
        rules: []
    mcp_ado_repo_get_pull_request_by_id:
        rules: []
    mcp_ado_repo_list_pull_request_threads:
        rules: []
    mcp_ado_repo_list_pull_request_thread_comments:
        rules: []
    mcp_ado_repo_list_directory:
        rules: []
    mcp_ado_search_code:
        rules: []
    mcp_ado_search_wiki:
        rules: []
    mcp_ado_search_workitem:
        rules: []
    mcp_ado_testplan_list_test_plans:
        rules: []
    mcp_ado_testplan_list_test_suites:
        rules: []
    mcp_ado_testplan_list_test_cases:
        rules: []
    mcp_ado_testplan_show_test_results_from_build_id:
        rules: []
    mcp_ado_wiki_list_wikis:
        rules: []
    mcp_ado_wiki_get_wiki:
        rules: []
    mcp_ado_wiki_list_pages:
        rules: []
    mcp_ado_wiki_get_page:
        rules: []
    mcp_ado_wiki_get_page_content:
        rules: []
    mcp_ado_wit_get_work_item:
        rules: []
    mcp_ado_wit_get_work_items_batch_by_ids:
        rules: []
    mcp_ado_wit_list_work_item_comments:
        rules: []
    mcp_ado_wit_list_work_item_revisions:
        rules: []
    mcp_ado_wit_get_work_item_type:
        rules: []
    mcp_ado_wit_get_work_items_for_iteration:
        rules: []
    mcp_ado_wit_list_backlogs:
        rules: []
    mcp_ado_wit_list_backlog_work_items:
        rules: []
    mcp_ado_wit_get_query:
        rules: []
    mcp_ado_wit_get_query_results_by_id:
        rules: []
    mcp_ado_work_list_iterations:
        rules: []
    mcp_ado_work_list_team_iterations:
        rules: []
    mcp_ado_work_get_iteration_capacities:
        rules: []
    mcp_ado_work_get_team_capacity:
        rules: []
    mcp_ado_pipelines_create_pipeline:
        rules: []
    mcp_ado_pipelines_update_build_stage:
        rules: []
    mcp_ado_repo_create_branch:
        rules: []
    mcp_ado_repo_create_pull_request:
        rules: []
    mcp_ado_repo_update_pull_request:
        rules: []
    mcp_ado_repo_update_pull_request_reviewers:
        rules: []
    mcp_ado_repo_vote_pull_request:
        rules: []
    mcp_ado_repo_create_pull_request_thread:
        rules: []
    mcp_ado_repo_update_pull_request_thread:
        rules: []
    mcp_ado_repo_reply_to_comment:
        rules: []
    mcp_ado_testplan_create_test_plan:
        rules: []
    mcp_ado_testplan_create_test_suite:
        rules: []
    mcp_ado_testplan_add_test_cases_to_suite:
        rules: []
    mcp_ado_testplan_create_test_case:
        rules: []
    mcp_ado_testplan_update_test_case_steps:
        rules: []
    mcp_ado_wiki_create_or_update_page:
        rules: []
    mcp_ado_wit_create_work_item:
        rules: []
    mcp_ado_wit_update_work_item:
        rules: []
    mcp_ado_wit_update_work_items_batch:
        rules: []
    mcp_ado_wit_add_child_work_items:
        rules: []
    mcp_ado_wit_add_artifact_link:
        rules: []
    mcp_ado_wit_add_work_item_comment:
        rules: []
    mcp_ado_work_create_iterations:
        rules: []
    mcp_ado_work_assign_iterations:
        rules: []
    mcp_ado_work_update_team_capacity:
        rules: []
    mcp_ado_wit_work_item_unlink:
        rules: []
    mcp_ado_pipelines_run_pipeline:
        rules: []
    mcp_ado_wit_work_items_link:
        rules: []
    mcp_ado_wit_link_work_item_to_pull_request:
        rules: []
    mcp_ado_wit_my_work_items:
        rules: []

RELATED POLICIES

FREQUENTLY ASKED QUESTIONS

What tools does the Azure DevOps MCP server expose?

The Azure DevOps MCP Server exposes 84 tools across 5 categories: Read, Write, Destructive, Execute, Other. Each tool can be individually controlled with Intercept policies.

How do I enforce policies on Azure DevOps?

Download the policy scaffold, add rules (rate limits, argument validation, deny rules), then run Intercept as a proxy in front of the Azure DevOps MCP server. Every tool call is evaluated against your YAML policy before execution.

Is the Azure DevOps policy free to use?

Yes. All Intercept policies are open source under the Apache 2.0 licence. Download, modify, and deploy without restrictions.

ENFORCE POLICIES ON AZURE DEVOPS

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Browse all policies →