Skip to main content
mcpSource-backed
Azure logo

Azure DevOps MCP Server for Claude

Official Microsoft Azure DevOps MCP server for querying work items, pull requests, repositories, pipelines, wikis, test plans, and project metadata through remote HTTP or local stdio transports.

by Microsoft · submitted by oktofeesh1·added 2026-06-03·
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://learn.microsoft.com/en-us/azure/devops/mcp-server/remote-mcp-server, https://github.com/microsoft/azure-devops-mcp
Brand
Azure
Brand domain
azure.microsoft.com
Brand asset source
brandfetch
Safety notes
Start with read-only mode for investigation. The remote server supports the `X-MCP-Readonly: true` header, and the local server supports domain filtering so agents only load the Azure DevOps areas they need., Azure DevOps write-capable tools can create or update work items, pull requests, pull request comments, branches, wiki pages, test plans, test suites, test cases, and pipeline runs. Keep manual approval on any operation that changes project state., Treat Azure DevOps PATs, Microsoft Entra tokens, Azure CLI sessions, and MCP configuration as sensitive credentials. Do not paste tokens into prompts, commit them to repositories, or share them in issue/PR threads., Use toolsets, domains, project defaults, and team defaults to keep the MCP surface narrow. Loading every repo, work item, wiki, pipeline, and test plan tool can confuse the model and expose more context than the task needs., The remote MCP server is in public preview. Preview behavior, available tools, supported clients, and authentication requirements can change before general availability.
Privacy notes
Tool results can expose organization names, project names, teams, iteration data, capacity information, work item titles and fields, comments, attachments, pull request discussions, repository file content, branch names, commit metadata, pipeline logs, build artifacts, wiki pages, test plans, and search results., Work item comments, PR threads, pipeline logs, wiki pages, and attachments often contain customer data, production incident details, credentials, internal URLs, unreleased roadmap information, employee names, or security findings., MCP client logs, AI transcripts, generated code comments, local terminal history, and downstream ticket summaries can retain Azure DevOps content outside the original Azure DevOps audit, permission, and retention model., Microsoft Entra authentication exposes the user's organizational identity to the MCP client and constrains access to the authenticated user's Azure DevOps permissions.
Author
Microsoft
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-03

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

CLI install

Copy-ready — paste the snippet to get started.

15 minutes

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

6 prerequisites to line up before setup. Includes a review or approval gate.

0/6 ready
Install & runtime2Permissions & scopes1Review & approval1General215 minutes

Safety & privacy surface

Safety & privacy surface

5 safety and 4 privacy notes across 4 risk areas. Review closely: credentials & tokens, permissions & scopes, network access.

4 areas
  • SafetyNetwork accessStart with read-only mode for investigation. The remote server supports the `X-MCP-Readonly: true` header, and the local server supports domain filtering so agents only load the Azure DevOps areas they need.
  • SafetyNetwork accessAzure DevOps write-capable tools can create or update work items, pull requests, pull request comments, branches, wiki pages, test plans, test suites, test cases, and pipeline runs. Keep manual approval on any operation that changes project state.
  • SafetyCredentials & tokensTreat Azure DevOps PATs, Microsoft Entra tokens, Azure CLI sessions, and MCP configuration as sensitive credentials. Do not paste tokens into prompts, commit them to repositories, or share them in issue/PR threads.
  • SafetyGeneralUse toolsets, domains, project defaults, and team defaults to keep the MCP surface narrow. Loading every repo, work item, wiki, pipeline, and test plan tool can confuse the model and expose more context than the task needs.
  • SafetyNetwork accessThe remote MCP server is in public preview. Preview behavior, available tools, supported clients, and authentication requirements can change before general availability.
  • PrivacyNetwork accessTool results can expose organization names, project names, teams, iteration data, capacity information, work item titles and fields, comments, attachments, pull request discussions, repository file content, branch names, commit metadata, pipeline logs, build artifacts, wiki pages, test plans, and search results.
  • PrivacyCredentials & tokensWork item comments, PR threads, pipeline logs, wiki pages, and attachments often contain customer data, production incident details, credentials, internal URLs, unreleased roadmap information, employee names, or security findings.
  • PrivacyPermissions & scopesMCP client logs, AI transcripts, generated code comments, local terminal history, and downstream ticket summaries can retain Azure DevOps content outside the original Azure DevOps audit, permission, and retention model.
  • PrivacyPermissions & scopesMicrosoft Entra authentication exposes the user's organizational identity to the MCP client and constrains access to the authenticated user's Azure DevOps permissions.

Safety notes

  • Start with read-only mode for investigation. The remote server supports the `X-MCP-Readonly: true` header, and the local server supports domain filtering so agents only load the Azure DevOps areas they need.
  • Azure DevOps write-capable tools can create or update work items, pull requests, pull request comments, branches, wiki pages, test plans, test suites, test cases, and pipeline runs. Keep manual approval on any operation that changes project state.
  • Treat Azure DevOps PATs, Microsoft Entra tokens, Azure CLI sessions, and MCP configuration as sensitive credentials. Do not paste tokens into prompts, commit them to repositories, or share them in issue/PR threads.
  • Use toolsets, domains, project defaults, and team defaults to keep the MCP surface narrow. Loading every repo, work item, wiki, pipeline, and test plan tool can confuse the model and expose more context than the task needs.
  • The remote MCP server is in public preview. Preview behavior, available tools, supported clients, and authentication requirements can change before general availability.

Privacy notes

  • Tool results can expose organization names, project names, teams, iteration data, capacity information, work item titles and fields, comments, attachments, pull request discussions, repository file content, branch names, commit metadata, pipeline logs, build artifacts, wiki pages, test plans, and search results.
  • Work item comments, PR threads, pipeline logs, wiki pages, and attachments often contain customer data, production incident details, credentials, internal URLs, unreleased roadmap information, employee names, or security findings.
  • MCP client logs, AI transcripts, generated code comments, local terminal history, and downstream ticket summaries can retain Azure DevOps content outside the original Azure DevOps audit, permission, and retention model.
  • Microsoft Entra authentication exposes the user's organizational identity to the MCP client and constrains access to the authenticated user's Azure DevOps permissions.

Prerequisites

  • Azure DevOps organization and project membership for the resources Claude should access
  • Microsoft Entra ID connected Azure DevOps organization for the remote MCP server
  • Visual Studio Code or Visual Studio for the Microsoft-supported remote MCP preview path
  • Node.js 20 or later and npx for the optional local `@azure-devops/mcp` stdio server
  • Azure DevOps permissions, PAT, Microsoft Entra authentication, or Azure CLI authentication appropriate to the chosen transport
  • Team policy for which work items, repositories, pipelines, wikis, and test plans may be exposed to AI-assisted workflows

Schema details

Install type
cli
Troubleshooting
No
Source repository stats
Scope
Source repo
Collection metadata
Estimated setup
15 minutes
Difficulty
intermediate
Full copyable content
{
  "azure-devops": {
    "command": "npx",
    "args": [
      "-y",
      "@azure-devops/mcp",
      "YOUR_AZURE_DEVOPS_ORG",
      "-d",
      "core",
      "work",
      "work-items",
      "repositories"
    ],
    "env": {
      "ado_mcp_project": "YOUR_PROJECT"
    }
  }
}

About this resource

Content

The Azure DevOps MCP Server brings Azure DevOps context into AI-assisted development workflows. It gives agents structured access to project metadata, work items, repositories, pull requests, branches, files, pipeline runs, build logs, artifacts, wikis, test plans, and search results so a task can start from the actual Azure DevOps source of truth rather than a copied ticket or stale summary.

Microsoft now recommends the Azure DevOps-hosted remote MCP server for supported clients. The remote server uses streamable HTTP at https://mcp.dev.azure.com/{organization}, authenticates with Microsoft Entra ID, and can be narrowed with toolset and read-only headers. The local @azure-devops/mcp package remains useful for Claude Code, Cursor, Codex, and other stdio-oriented clients while remote OAuth client support continues to roll out.

Features

  • Remote HTTP endpoint at https://mcp.dev.azure.com/{organization} for the public preview hosted server.
  • Local stdio server through npx -y @azure-devops/mcp.
  • Core organization, project, and team discovery.
  • Work item lookup, batch retrieval, comments, revisions, backlog data, saved query results, and full-text work item search.
  • Repository, branch, file, commit, pull request, and pull request thread inspection.
  • Pipeline build listing, build status, build changes, logs, pipeline runs, and artifacts.
  • Wiki listing, page retrieval, and wiki search.
  • Test plan, suite, case, and build test-result lookup.
  • Remote toolset filtering with X-MCP-Toolsets and read-only restriction with X-MCP-Readonly.
  • Local domain filtering for focused tool loading, such as core, work, work-items, repositories, wiki, pipelines, and test-plans.

Use Cases

  • Ask Claude to list your assigned Azure DevOps work items and summarize what needs attention.
  • Pull a work item, related PRs, and repository files before implementing a feature.
  • Review pull request threads and changed branches before drafting a response.
  • Inspect a failed build's status, associated commits, work items, and logs.
  • Search Azure DevOps wiki pages for runbooks or architecture notes connected to a task.
  • Limit the server to issue-tracking toolsets for triage workflows that should not touch repositories or pipelines.

Installation

Claude Code with the local stdio server

  1. Confirm Node.js 20 or later and npx are available.
  2. Confirm your Azure DevOps organization name, project, and authentication method.
  3. Add the local MCP server:
claude mcp add azure-devops -- npx -y @azure-devops/mcp YOUR_AZURE_DEVOPS_ORG
  1. Use domain filters when you only need a subset of tools:
claude mcp add azure-devops -- npx -y @azure-devops/mcp YOUR_AZURE_DEVOPS_ORG -d core work work-items repositories
  1. Authenticate when the server prompts, then test with a read-only request such as listing projects or your assigned work items.

Remote MCP server in Visual Studio Code

  1. Confirm the Azure DevOps organization is connected to Microsoft Entra ID.
  2. Add an MCP configuration like the one below to .vscode/mcp.json.
  3. Start the MCP server from the VS Code MCP view.
  4. Authenticate with the Microsoft Entra account that has access to the Azure DevOps organization.
  5. Ask a read-only prompt such as List the projects in my Azure DevOps organization.

Configuration

Remote read-only toolset configuration

{
  "servers": {
    "ado-remote-mcp": {
      "url": "https://mcp.dev.azure.com/YOUR_AZURE_DEVOPS_ORG",
      "type": "http",
      "headers": {
        "X-MCP-Toolsets": "repos,wiki,wit",
        "X-MCP-Readonly": "true"
      }
    }
  },
  "inputs": []
}

Local stdio configuration

{
  "mcpServers": {
    "azure-devops": {
      "command": "npx",
      "args": [
        "-y",
        "@azure-devops/mcp",
        "YOUR_AZURE_DEVOPS_ORG",
        "-d",
        "core",
        "work",
        "work-items",
        "repositories"
      ],
      "env": {
        "ado_mcp_project": "YOUR_PROJECT"
      }
    }
  }
}

Examples

Triage assigned work items

List my Azure DevOps work items in PROJECT_NAME and group them by priority, blocked status, and next action.

Inspect a pull request

Find pull requests in PROJECT_NAME that require my review, summarize the active comment threads, and do not post any comments.

Debug a failed pipeline

Get the latest failed pipeline run for PROJECT_NAME, summarize the failed stage and relevant logs, and link related commits or work items.

Read a wiki runbook

Search Azure DevOps wiki pages for the deployment rollback runbook and summarize the exact steps without changing the wiki.

Source notes

  • Microsoft Learn documents the remote Azure DevOps MCP Server as a public preview hosted service using streamable HTTP transport at https://mcp.dev.azure.com/{organization}.
  • The remote setup guide says the hosted server avoids local installation, authenticates with Microsoft Entra ID, and provides access to work items, pull requests, pipelines, and more.
  • Microsoft documents toolset filtering with X-MCP-Toolsets, read-only filtering with X-MCP-Readonly, individual tool selection with X-MCP-Tools, and insiders features with X-MCP-Insiders.
  • The available remote toolsets include repos, wit, pipelines, wiki, work, and testplan, with read-only and write-capable tools called out in the Microsoft Learn reference.
  • The official GitHub repository recommends the remote MCP server going forward while continuing to support the local @azure-devops/mcp stdio package for clients and scenarios that need it.
  • npm metadata identifies @azure-devops/mcp as Microsoft's MCP server for interacting with Azure DevOps and points to the microsoft/azure-devops-mcp repository under the MIT license.

Duplicate check

Checked current content/mcp/, content/tools/, guides, skills, agents, open pull requests, and repository-wide content for Azure DevOps, azure-devops-mcp, microsoft/azure-devops-mcp, @azure-devops/mcp, mcp.dev.azure.com, ado-remote-mcp, work item, pull request tools, Microsoft Entra, pipelines, and issue tracker MCP. Existing Jira MCP content covers Atlassian Jira and Confluence, while this entry covers Microsoft Azure DevOps work items, repos, PRs, pipelines, wiki, and test plans. Existing Microsoft AutoGen content is an agent framework entry, not an Azure DevOps MCP server. No dedicated Azure DevOps MCP entry, Azure DevOps source URL duplicate, or open duplicate PR was found.

Disclosure

Editorial listing. No paid placement or affiliate link is used.

Source citations

Add this badge to your README

Show that Azure DevOps MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/azure-devops-mcp-server.svg)](https://heyclau.de/entry/mcp/azure-devops-mcp-server)

How it compares

Azure DevOps MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field

Official Microsoft Azure DevOps MCP server for querying work items, pull requests, repositories, pipelines, wikis, test plans, and project metadata through remote HTTP or local stdio transports.

Open dossier

Official Microsoft Azure MCP server that connects Claude and other MCP clients to Azure subscriptions, resource groups, storage, databases, Key Vault, Monitor, App Service, AKS, AI Search, Cosmos DB, RBAC, pricing, and other Azure services through local stdio or self-hosted HTTP transports.

Open dossier

Official Plane MCP server for connecting Claude to Plane projects, work items, cycles, modules, initiatives, comments, links, work logs, pages, and workspace metadata.

Open dossier

Argo Project Labs MCP server for connecting Claude to Argo CD applications, clusters, managed resources, workload logs, events, sync operations, and resource actions through stdio or HTTP stream transports.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backedSource-backed
Submitteroktofeesh1oktofeesh1oktofeesh1oktofeesh1
Install riskReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandAzure logoAzureAzure logoAzurePlane logoPlaneArgo CD logoArgo CD
Categorymcpmcpmcpmcp
SourceSource-backedSource-backedSource-backedSource-backed
AuthorMicrosoftMicrosoftPlaneArgo Project Labs
Added2026-06-032026-06-042026-06-062026-06-06
Platforms
Harness
Source repo
Safety notesStart with read-only mode for investigation. The remote server supports the `X-MCP-Readonly: true` header, and the local server supports domain filtering so agents only load the Azure DevOps areas they need. Azure DevOps write-capable tools can create or update work items, pull requests, pull request comments, branches, wiki pages, test plans, test suites, test cases, and pipeline runs. Keep manual approval on any operation that changes project state. Treat Azure DevOps PATs, Microsoft Entra tokens, Azure CLI sessions, and MCP configuration as sensitive credentials. Do not paste tokens into prompts, commit them to repositories, or share them in issue/PR threads. Use toolsets, domains, project defaults, and team defaults to keep the MCP surface narrow. Loading every repo, work item, wiki, pipeline, and test plan tool can confuse the model and expose more context than the task needs. The remote MCP server is in public preview. Preview behavior, available tools, supported clients, and authentication requirements can change before general availability.Start in read-only mode and narrow the exposed namespaces or individual tools before enabling broader Azure access. Microsoft documents read-only mode, namespace filters, single-tool mode, and learn mode as controls for reducing the active MCP surface. Azure MCP tools can inspect and manage real cloud resources. Depending on the tool and RBAC role, actions can create, update, delete, deploy, restart, query, or reconfigure resources and can incur cloud spend. Keep human approval on destructive, cost-bearing, deployment, RBAC, Key Vault, database, storage, messaging, and production-environment actions. Do not disable user confirmation for high-risk or sensitive-data commands unless the automation environment is tightly controlled. The server authenticates with Azure credentials available to the local machine or hosted environment. Limit the credential chain with `AZURE_TOKEN_CREDENTIALS`, managed identities, service principals, and least-privilege Azure RBAC where practical. For self-hosted HTTP deployments, configure Entra ID inbound authentication, outbound authentication strategy, network exposure, logging, and per-user versus server-identity audit requirements before sharing the endpoint. Docker setup uses Azure credential environment variables such as `AZURE_TENANT_ID`, `AZURE_CLIENT_ID`, and `AZURE_CLIENT_SECRET`; protect those values and never commit the env file. Microsoft documents telemetry environment variables for the server. Review `AZURE_MCP_COLLECT_TELEMETRY` and `AZURE_MCP_COLLECT_TELEMETRY_MICROSOFT` before using the server in sensitive environments. This is the Azure services MCP server. It is distinct from the Azure DevOps MCP server, which focuses on work items, repositories, pull requests, pipelines, wikis, and test plans.Plane MCP exposes 100+ tools across projects, work items, cycles, modules, initiatives, intake, labels, states, comments, links, work logs, pages, workspaces, and users. Many tools can create, update, delete, archive, unarchive, transfer, or otherwise change Plane workspace state. Remote OAuth and PAT transports grant read and write scopes, so configure the narrowest workspace access and review actions before execution. Stdio transport requires PLANE_API_KEY and PLANE_WORKSPACE_SLUG; protect API keys and rotate them if they are exposed. The server uses structured logging middleware with payloads enabled in source, so review logging behavior before sending sensitive issue data through the server.Argo CD MCP can inspect clusters, applications, resource trees, managed resources, workload logs, and resource events. By default all tools are available; setting MCP_READ_ONLY to true disables create_application, update_application, delete_application, sync_application, and run_resource_action. sync_application can apply changes to Kubernetes resources and may prune resources depending on options. delete_application can remove Argo CD applications and may cascade deletion to child resources depending on options. run_resource_action can trigger actions on resources managed by an application. Disabling TLS certificate validation with NODE_TLS_REJECT_UNAUTHORIZED weakens transport security and should be limited to reviewed development contexts.
Privacy notesTool results can expose organization names, project names, teams, iteration data, capacity information, work item titles and fields, comments, attachments, pull request discussions, repository file content, branch names, commit metadata, pipeline logs, build artifacts, wiki pages, test plans, and search results. Work item comments, PR threads, pipeline logs, wiki pages, and attachments often contain customer data, production incident details, credentials, internal URLs, unreleased roadmap information, employee names, or security findings. MCP client logs, AI transcripts, generated code comments, local terminal history, and downstream ticket summaries can retain Azure DevOps content outside the original Azure DevOps audit, permission, and retention model. Microsoft Entra authentication exposes the user's organizational identity to the MCP client and constrains access to the authenticated user's Azure DevOps permissions.Tool results can expose tenant IDs, subscription IDs, resource groups, resource names, tags, deployment outputs, Azure Monitor logs, metrics, pricing data, quotas, RBAC assignments, policy data, app settings, database metadata, storage account and blob metadata, and service-specific configuration. Key Vault, App Configuration, Storage, database, Service Bus, Event Hubs, Communication Services, and deployment tools may expose secrets, connection strings, keys, certificates, message contents, sample records, or customer data when the authenticated identity has permission. Microsoft documents user confirmation for tools that handle sensitive data, including Key Vault secrets, connection strings, passwords, certificate private keys, and other confidential values. Treat those prompts as a required guardrail rather than friction. MCP client logs, AI transcripts, local terminal history, hosted server logs, prompt traces, generated runbooks, and downstream tickets can retain Azure resource inventory and returned data outside Azure's original access and retention boundaries. Remote HTTP deployments require Entra ID bearer tokens on inbound requests and a configured outbound Azure authentication strategy. Choose On-Behalf-Of when per-user RBAC and audit trails matter, and managed identity only when the shared-server identity model is acceptable. Read-only mode reduces mutation risk, but it does not make returned Azure metadata or data safe to share with untrusted models, logs, chats, or third-party tools.Plane workspaces can contain roadmap plans, bug reports, customer requests, comments, assignees, estimates, links, work logs, labels, and internal operational metadata. Tool calls and logs can expose workspace slugs, project identifiers, work item IDs, titles, descriptions, comments, links, activity history, and user details to the MCP client and model provider. PLANE_API_KEY, PLANE_ACCESS_TOKEN, PAT values, OAuth client secrets, workspace slugs, and self-hosted Plane URLs should stay out of prompts, issues, logs, screenshots, and committed files. Claude-generated updates may notify teammates or alter shared planning state, so review visible changes before applying them.Argo CD application specs, cluster names, repository URLs, revisions, namespaces, Kubernetes manifests, resource events, and workload logs can reveal secrets, internal topology, deployment history, incident details, or customer data. ARGOCD_BASE_URL, ARGOCD_API_TOKEN, stateless HTTP request headers, cluster names, namespace names, and application names should stay out of prompts, issues, logs, screenshots, and committed files. Workload logs and resource events may include credentials, tokens, environment variables, error traces, or production incident context. HTTP transport should be authenticated and network-restricted so Argo CD tools are not reachable by untrusted clients.
Prerequisites
  • Azure DevOps organization and project membership for the resources Claude should access
  • Microsoft Entra ID connected Azure DevOps organization for the remote MCP server
  • Visual Studio Code or Visual Studio for the Microsoft-supported remote MCP preview path
  • Node.js 20 or later and npx for the optional local `@azure-devops/mcp` stdio server
  • Azure subscription, tenant, and RBAC permissions for the resources Claude should inspect or manage.
  • MCP-capable client that can run local stdio servers or connect to a self-hosted HTTP MCP endpoint.
  • Azure authentication through Azure CLI, Azure PowerShell, Visual Studio, Visual Studio Code, Azure Developer CLI, browser login, service principal environment variables, workload identity, or managed identity.
  • Node.js 20 LTS or later and `npx` for the `@azure/mcp` package, or `uvx` for `msmcp-azure`, or .NET 10 Preview 6 or later for `Azure.Mcp`.
  • Python 3.10 or newer available through uvx for local stdio usage.
  • Plane workspace slug and API key for stdio transport.
  • Plane OAuth or Personal Access Token setup when using hosted remote HTTP transport.
  • Clear project and workspace scope for what Claude may read or modify.
  • Node.js 18 or newer.
  • Argo CD instance with API access.
  • Argo CD API token scoped to the minimum applications, projects, clusters, and actions Claude should use.
  • Read-only mode enabled unless the workflow explicitly needs application or resource mutations.
Install
claude mcp add azure-devops -- npx -y @azure-devops/mcp YOUR_AZURE_DEVOPS_ORG
npx -y @azure/mcp@latest server start
uvx plane-mcp-server stdio
npx argocd-mcp@latest stdio
Config
Manual-only setup:
{
  "servers": {
    "ado-remote-mcp": {
      "url": "https://mcp.dev.azure.com/YOUR_AZURE_DEVOPS_ORG",
      "type": "http",
      "headers": {
        "X-MCP-Toolsets": "repos,wiki,wit",
        "X-MCP-Readonly": "true"
      }
    }
  },
  "inputs": []
}
{
  "mcpServers": {
    "Azure MCP Server": {
      "command": "uvx",
      "args": [
        "--from",
        "msmcp-azure",
        "azmcp",
        "server",
        "start"
      ]
    }
  }
}
{
  "mcpServers": {
    "plane": {
      "command": "uvx",
      "args": ["plane-mcp-server", "stdio"],
      "env": {
        "PLANE_API_KEY": "<your-plane-api-key>",
        "PLANE_WORKSPACE_SLUG": "<your-workspace-slug>",
        "PLANE_BASE_URL": "https://api.plane.so"
      }
    }
  }
}
{
  "mcpServers": {
    "argocd-mcp": {
      "command": "npx",
      "args": ["argocd-mcp@latest", "stdio"],
      "env": {
        "ARGOCD_BASE_URL": "<argocd-url>",
        "ARGOCD_API_TOKEN": "<argocd-token>",
        "MCP_READ_ONLY": "true"
      }
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.