@azure-devops/mcp 2.2.1-nightly.20251105 → 2.2.2

package/dist/auth.js

@@ -53,6 +53,15 @@ class OAuthAuthenticator {
 }
 function createAuthenticator(type, tenantId) {
     switch (type) {
+        case "envvar":
+            // Read token from fixed environment variable
+            return async () => {
+                const token = process.env["ADO_MCP_AUTH_TOKEN"];
+                if (!token) {
+                    throw new Error("Environment variable 'ADO_MCP_AUTH_TOKEN' is not set or empty. Please set it with a valid Azure DevOps Personal Access Token.");
+                }
+                return token;
+            };
         case "azcli":
         case "env":
             if (type !== "env") {

package/dist/domains.js

@@ -0,0 +1 @@
+export {};

package/dist/http.js

@@ -0,0 +1,52 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import express from "express";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { serverBuildAndConnect } from "./server.js";
+import { packageVersion } from "./version.js";
+const app = express();
+app.use(express.json());
+app.post('/mcp/:orgName', async (req, res) => {
+    // In stateless mode, create a new instance of transport and server for each request
+    // to ensure complete isolation. A single instance would cause request ID collisions
+    // when multiple clients connect concurrently.
+    try {
+        const transport = new StreamableHTTPServerTransport({
+            sessionIdGenerator: undefined,
+        });
+        const server = await serverBuildAndConnect(req.params.orgName, transport);
+        res.on('close', () => {
+            transport.close();
+            server.close();
+        });
+        await transport.handleRequest(req, res, req.body);
+    }
+    catch (error) {
+        console.error('Error handling MCP request:', error);
+        if (!res.headersSent) {
+            res.status(500).json({
+                jsonrpc: '2.0',
+                error: {
+                    code: -32603,
+                    message: 'Internal server error',
+                },
+                id: null,
+            });
+        }
+    }
+});
+app.get('/mcp/:orgName', async (req, res) => {
+    console.log('Received GET MCP request');
+    res.writeHead(405).end(JSON.stringify({
+        jsonrpc: "2.0",
+        error: {
+            code: -32000,
+            message: "Method not allowed."
+        },
+        id: null
+    }));
+});
+const PORT = 3000;
+app.listen(PORT, () => {
+    console.log(`Azure DevOps MCP Server with http transport listening on port ${PORT}. Version: ${packageVersion}`);
+});

package/dist/index.js

@@ -38,9 +38,9 @@ const argv = yargs(hideBin(process.argv))
 })
     .option("authentication", {
     alias: "a",
-    describe: "Type of authentication to use. Supported values are 'interactive', 'azcli' and 'env' (default: 'interactive')",
+    describe: "Type of authentication to use",
     type: "string",
-    choices: ["interactive", "azcli", "env"],
+    choices: ["interactive", "azcli", "env", "envvar"],
     default: defaultAuthenticationType,
 })
     .option("tenant", {

package/dist/orgtenants.js

@@ -0,0 +1,73 @@
+import * as fs from 'fs/promises';
+import * as os from 'os';
+import * as path from 'path';
+const CACHE_FILE = path.join(os.homedir(), '.ado_orgs.cache');
+const CACHE_TTL_MS = 7 * 24 * 60 * 60 * 1000; // 1 week in milliseconds
+async function loadCache() {
+    try {
+        const cacheData = await fs.readFile(CACHE_FILE, 'utf-8');
+        return JSON.parse(cacheData);
+    }
+    catch (error) {
+        // Cache file doesn't exist or is invalid, return empty cache
+        return {};
+    }
+}
+async function trySavingCache(cache) {
+    try {
+        await fs.writeFile(CACHE_FILE, JSON.stringify(cache, null, 2), 'utf-8');
+    }
+    catch (error) {
+        console.error('Failed to save org tenants cache:', error);
+    }
+}
+async function fetchTenantFromApi(orgName) {
+    const url = `https://vssps.dev.azure.com/${orgName}`;
+    try {
+        const response = await fetch(url, { method: 'HEAD' });
+        if (response.status !== 404) {
+            throw new Error(`Expected status 404, got ${response.status}`);
+        }
+        const tenantId = response.headers.get('x-vss-resourcetenant');
+        if (!tenantId) {
+            throw new Error('x-vss-resourcetenant header not found in response');
+        }
+        return tenantId;
+    }
+    catch (error) {
+        throw new Error(`Failed to fetch tenant for organization ${orgName}: ${error}`);
+    }
+}
+function isCacheEntryExpired(entry) {
+    return Date.now() - entry.refreshedOn > CACHE_TTL_MS;
+}
+export async function getOrgTenant(orgName) {
+    // Load cache
+    const cache = await loadCache();
+    // Check if tenant is cached and not expired
+    const cachedEntry = cache[orgName];
+    if (cachedEntry && !isCacheEntryExpired(cachedEntry)) {
+        return cachedEntry.tenantId;
+    }
+    // Try to fetch fresh tenant from API
+    try {
+        const tenantId = await fetchTenantFromApi(orgName);
+        // Cache the result
+        cache[orgName] = {
+            tenantId,
+            refreshedOn: Date.now()
+        };
+        await trySavingCache(cache);
+        return tenantId;
+    }
+    catch (error) {
+        // If we have an expired cache entry, return it as fallback
+        if (cachedEntry) {
+            console.error(`Failed to fetch fresh tenant for ADO org ${orgName}, using expired cache entry:`, error);
+            return cachedEntry.tenantId;
+        }
+        // No cache entry available, log and return empty result
+        console.error(`Failed to fetch tenant for ADO org ${orgName}:`, error);
+        return undefined;
+    }
+}

package/dist/server.js

@@ -0,0 +1,36 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import * as azdev from "azure-devops-node-api";
+import { DefaultAzureCredential } from "@azure/identity";
+import { configurePrompts } from "./prompts.js";
+import { configureAllTools } from "./tools.js";
+import { userAgent } from "./utils.js";
+import { packageVersion } from "./version.js";
+async function getAzureDevOpsToken() {
+    process.env.AZURE_TOKEN_CREDENTIALS = "dev";
+    const credential = new DefaultAzureCredential(); // CodeQL [SM05138] resolved by explicitly setting AZURE_TOKEN_CREDENTIALS
+    const token = await credential.getToken("499b84ac-1321-427f-aa17-267ca6975798/.default");
+    return token;
+}
+async function getAzureDevOpsClient(orgUrl) {
+    const token = await getAzureDevOpsToken();
+    const authHandler = azdev.getBearerHandler(token.token);
+    const connection = new azdev.WebApi(orgUrl, authHandler, undefined, {
+        productName: "AzureDevOps.MCP",
+        productVersion: packageVersion,
+        userAgent: userAgent
+    });
+    return connection;
+}
+export async function serverBuildAndConnect(orgName, transport) {
+    const server = new McpServer({
+        name: "Azure DevOps MCP Server",
+        version: packageVersion,
+    });
+    const orgUrl = "https://dev.azure.com/" + orgName;
+    configurePrompts(server);
+    configureAllTools(server, () => orgName, getAzureDevOpsToken, () => getAzureDevOpsClient(orgUrl));
+    await server.connect(transport);
+    return server;
+}

package/dist/tenant.js

@@ -0,0 +1,73 @@
+import * as fs from 'fs/promises';
+import * as os from 'os';
+import * as path from 'path';
+const CACHE_FILE = path.join(os.homedir(), '.ado_orgs.cache');
+const CACHE_TTL_MS = 7 * 24 * 60 * 60 * 1000; // 1 week in milliseconds
+async function loadCache() {
+    try {
+        const cacheData = await fs.readFile(CACHE_FILE, 'utf-8');
+        return JSON.parse(cacheData);
+    }
+    catch (error) {
+        // Cache file doesn't exist or is invalid, return empty cache
+        return {};
+    }
+}
+async function saveCache(cache) {
+    try {
+        await fs.writeFile(CACHE_FILE, JSON.stringify(cache, null, 2), 'utf-8');
+    }
+    catch (error) {
+        console.warn('Failed to save cache:', error);
+    }
+}
+async function fetchTenantFromApi(orgName) {
+    const url = `https://vssps.dev.azure.com/${orgName}`;
+    try {
+        const response = await fetch(url, { method: 'HEAD' });
+        if (response.status !== 404) {
+            throw new Error(`Expected status 404, got ${response.status}`);
+        }
+        const tenantId = response.headers.get('x-vss-resourcetenant');
+        if (!tenantId) {
+            throw new Error('x-vss-resourcetenant header not found in response');
+        }
+        return tenantId;
+    }
+    catch (error) {
+        throw new Error(`Failed to fetch tenant for organization ${orgName}: ${error}`);
+    }
+}
+function isCacheEntryExpired(entry) {
+    return Date.now() - entry.refreshedOn > CACHE_TTL_MS;
+}
+export async function getOrgTenant(orgName) {
+    // Load cache
+    const cache = await loadCache();
+    // Check if tenant is cached and not expired
+    const cachedEntry = cache[orgName];
+    if (cachedEntry && !isCacheEntryExpired(cachedEntry)) {
+        return cachedEntry.tenantId;
+    }
+    // Try to fetch fresh tenant from API
+    try {
+        const tenantId = await fetchTenantFromApi(orgName);
+        // Cache the fresh result
+        cache[orgName] = {
+            tenantId,
+            refreshedOn: Date.now()
+        };
+        await saveCache(cache);
+        return tenantId;
+    }
+    catch (error) {
+        // If we have an expired cache entry, return it as fallback
+        if (cachedEntry) {
+            console.error(`Failed to fetch fresh tenant for ADO org ${orgName}, using expired cache entry:`, error);
+            return cachedEntry.tenantId;
+        }
+        // No cache entry available, re-throw the error
+        console.error(`Failed to fetch tenant for ADO org ${orgName}:`, error);
+        return undefined;
+    }
+}

package/dist/tools/advsec.js

@@ -0,0 +1,108 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { AlertType, AlertValidityStatus, Confidence, Severity, State } from "azure-devops-node-api/interfaces/AlertInterfaces.js";
+import { z } from "zod";
+import { getEnumKeys, mapStringArrayToEnum, mapStringToEnum } from "../utils.js";
+const ADVSEC_TOOLS = {
+    get_alerts: "advsec_get_alerts",
+    get_alert_details: "advsec_get_alert_details",
+};
+function configureAdvSecTools(server, tokenProvider, connectionProvider) {
+    server.tool(ADVSEC_TOOLS.get_alerts, "Retrieve Advanced Security alerts for a repository.", {
+        project: z.string().describe("The name or ID of the Azure DevOps project."),
+        repository: z.string().describe("The name or ID of the repository to get alerts for."),
+        alertType: z
+            .enum(getEnumKeys(AlertType))
+            .optional()
+            .describe("Filter alerts by type. If not specified, returns all alert types."),
+        states: z
+            .array(z.enum(getEnumKeys(State)))
+            .optional()
+            .describe("Filter alerts by state. If not specified, returns alerts in any state."),
+        severities: z
+            .array(z.enum(getEnumKeys(Severity)))
+            .optional()
+            .describe("Filter alerts by severity level. If not specified, returns alerts at any severity."),
+        ruleId: z.string().optional().describe("Filter alerts by rule ID."),
+        ruleName: z.string().optional().describe("Filter alerts by rule name."),
+        toolName: z.string().optional().describe("Filter alerts by tool name."),
+        ref: z.string().optional().describe("Filter alerts by git reference (branch). If not provided and onlyDefaultBranch is true, only includes alerts from default branch."),
+        onlyDefaultBranch: z.boolean().optional().default(true).describe("If true, only return alerts found on the default branch. Defaults to true."),
+        confidenceLevels: z
+            .array(z.enum(getEnumKeys(Confidence)))
+            .optional()
+            .default(["high", "other"])
+            .describe("Filter alerts by confidence levels. Only applicable for secret alerts. Defaults to both 'high' and 'other'."),
+        validity: z
+            .array(z.enum(getEnumKeys(AlertValidityStatus)))
+            .optional()
+            .describe("Filter alerts by validity status. Only applicable for secret alerts."),
+        top: z.number().optional().default(100).describe("Maximum number of alerts to return. Defaults to 100."),
+        orderBy: z.enum(["id", "firstSeen", "lastSeen", "fixedOn", "severity"]).optional().default("severity").describe("Order results by specified field. Defaults to 'severity'."),
+        continuationToken: z.string().optional().describe("Continuation token for pagination."),
+    }, async ({ project, repository, alertType, states, severities, ruleId, ruleName, toolName, ref, onlyDefaultBranch, confidenceLevels, validity, top, orderBy, continuationToken }) => {
+        try {
+            const connection = await connectionProvider();
+            const alertApi = await connection.getAlertApi();
+            const isSecretAlert = !alertType || alertType.toLowerCase() === "secret";
+            const criteria = {
+                ...(alertType && { alertType: mapStringToEnum(alertType, AlertType) }),
+                ...(states && { states: mapStringArrayToEnum(states, State) }),
+                ...(severities && { severities: mapStringArrayToEnum(severities, Severity) }),
+                ...(ruleId && { ruleId }),
+                ...(ruleName && { ruleName }),
+                ...(toolName && { toolName }),
+                ...(ref && { ref }),
+                ...(onlyDefaultBranch !== undefined && { onlyDefaultBranch }),
+                ...(isSecretAlert && confidenceLevels && { confidenceLevels: mapStringArrayToEnum(confidenceLevels, Confidence) }),
+                ...(isSecretAlert && validity && { validity: mapStringArrayToEnum(validity, AlertValidityStatus) }),
+            };
+            const result = await alertApi.getAlerts(project, repository, top, orderBy, criteria, undefined, // expand parameter
+            continuationToken);
+            return {
+                content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+            };
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : "Unknown error occurred";
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `Error fetching Advanced Security alerts: ${errorMessage}`,
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+    server.tool(ADVSEC_TOOLS.get_alert_details, "Get detailed information about a specific Advanced Security alert.", {
+        project: z.string().describe("The name or ID of the Azure DevOps project."),
+        repository: z.string().describe("The name or ID of the repository containing the alert."),
+        alertId: z.number().describe("The ID of the alert to retrieve details for."),
+        ref: z.string().optional().describe("Git reference (branch) to filter the alert."),
+    }, async ({ project, repository, alertId, ref }) => {
+        try {
+            const connection = await connectionProvider();
+            const alertApi = await connection.getAlertApi();
+            const result = await alertApi.getAlert(project, alertId, repository, ref, undefined // expand parameter
+            );
+            return {
+                content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+            };
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : "Unknown error occurred";
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `Error fetching alert details: ${errorMessage}`,
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+}
+export { ADVSEC_TOOLS, configureAdvSecTools };

package/dist/tools/builds.js

@@ -0,0 +1,271 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+import { apiVersion, getEnumKeys, safeEnumConvert } from "../utils.js";
+import { BuildQueryOrder, DefinitionQueryOrder } from "azure-devops-node-api/interfaces/BuildInterfaces.js";
+import { z } from "zod";
+import { StageUpdateType } from "azure-devops-node-api/interfaces/BuildInterfaces.js";
+const BUILD_TOOLS = {
+    get_builds: "build_get_builds",
+    get_changes: "build_get_changes",
+    get_definitions: "build_get_definitions",
+    get_definition_revisions: "build_get_definition_revisions",
+    get_log: "build_get_log",
+    get_log_by_id: "build_get_log_by_id",
+    get_status: "build_get_status",
+    pipelines_get_run: "pipelines_get_run",
+    pipelines_list_runs: "pipelines_list_runs",
+    pipelines_run_pipeline: "pipelines_run_pipeline",
+    update_build_stage: "build_update_build_stage",
+};
+function configureBuildTools(server, tokenProvider, connectionProvider, userAgentProvider) {
+    server.tool(BUILD_TOOLS.get_definitions, "Retrieves a list of build definitions for a given project.", {
+        project: z.string().describe("Project ID or name to get build definitions for"),
+        repositoryId: z.string().optional().describe("Repository ID to filter build definitions"),
+        repositoryType: z.enum(["TfsGit", "GitHub", "BitbucketCloud"]).optional().describe("Type of repository to filter build definitions"),
+        name: z.string().optional().describe("Name of the build definition to filter"),
+        path: z.string().optional().describe("Path of the build definition to filter"),
+        queryOrder: z
+            .enum(getEnumKeys(DefinitionQueryOrder))
+            .optional()
+            .describe("Order in which build definitions are returned"),
+        top: z.number().optional().describe("Maximum number of build definitions to return"),
+        continuationToken: z.string().optional().describe("Token for continuing paged results"),
+        minMetricsTime: z.coerce.date().optional().describe("Minimum metrics time to filter build definitions"),
+        definitionIds: z.array(z.number()).optional().describe("Array of build definition IDs to filter"),
+        builtAfter: z.coerce.date().optional().describe("Return definitions that have builds after this date"),
+        notBuiltAfter: z.coerce.date().optional().describe("Return definitions that do not have builds after this date"),
+        includeAllProperties: z.boolean().optional().describe("Whether to include all properties in the results"),
+        includeLatestBuilds: z.boolean().optional().describe("Whether to include the latest builds for each definition"),
+        taskIdFilter: z.string().optional().describe("Task ID to filter build definitions"),
+        processType: z.number().optional().describe("Process type to filter build definitions"),
+        yamlFilename: z.string().optional().describe("YAML filename to filter build definitions"),
+    }, async ({ project, repositoryId, repositoryType, name, path, queryOrder, top, continuationToken, minMetricsTime, definitionIds, builtAfter, notBuiltAfter, includeAllProperties, includeLatestBuilds, taskIdFilter, processType, yamlFilename, }) => {
+        const connection = await connectionProvider();
+        const buildApi = await connection.getBuildApi();
+        const buildDefinitions = await buildApi.getDefinitions(project, name, repositoryId, repositoryType, safeEnumConvert(DefinitionQueryOrder, queryOrder), top, continuationToken, minMetricsTime, definitionIds, path, builtAfter, notBuiltAfter, includeAllProperties, includeLatestBuilds, taskIdFilter, processType, yamlFilename);
+        return {
+            content: [{ type: "text", text: JSON.stringify(buildDefinitions, null, 2) }],
+        };
+    });
+    server.tool(BUILD_TOOLS.get_definition_revisions, "Retrieves a list of revisions for a specific build definition.", {
+        project: z.string().describe("Project ID or name to get the build definition revisions for"),
+        definitionId: z.number().describe("ID of the build definition to get revisions for"),
+    }, async ({ project, definitionId }) => {
+        const connection = await connectionProvider();
+        const buildApi = await connection.getBuildApi();
+        const revisions = await buildApi.getDefinitionRevisions(project, definitionId);
+        return {
+            content: [{ type: "text", text: JSON.stringify(revisions, null, 2) }],
+        };
+    });
+    server.tool(BUILD_TOOLS.get_builds, "Retrieves a list of builds for a given project.", {
+        project: z.string().describe("Project ID or name to get builds for"),
+        definitions: z.array(z.number()).optional().describe("Array of build definition IDs to filter builds"),
+        queues: z.array(z.number()).optional().describe("Array of queue IDs to filter builds"),
+        buildNumber: z.string().optional().describe("Build number to filter builds"),
+        minTime: z.coerce.date().optional().describe("Minimum finish time to filter builds"),
+        maxTime: z.coerce.date().optional().describe("Maximum finish time to filter builds"),
+        requestedFor: z.string().optional().describe("User ID or name who requested the build"),
+        reasonFilter: z.number().optional().describe("Reason filter for the build (see BuildReason enum)"),
+        statusFilter: z.number().optional().describe("Status filter for the build (see BuildStatus enum)"),
+        resultFilter: z.number().optional().describe("Result filter for the build (see BuildResult enum)"),
+        tagFilters: z.array(z.string()).optional().describe("Array of tags to filter builds"),
+        properties: z.array(z.string()).optional().describe("Array of property names to include in the results"),
+        top: z.number().optional().describe("Maximum number of builds to return"),
+        continuationToken: z.string().optional().describe("Token for continuing paged results"),
+        maxBuildsPerDefinition: z.number().optional().describe("Maximum number of builds per definition"),
+        deletedFilter: z.number().optional().describe("Filter for deleted builds (see QueryDeletedOption enum)"),
+        queryOrder: z
+            .enum(getEnumKeys(BuildQueryOrder))
+            .default("QueueTimeDescending")
+            .optional()
+            .describe("Order in which builds are returned"),
+        branchName: z.string().optional().describe("Branch name to filter builds"),
+        buildIds: z.array(z.number()).optional().describe("Array of build IDs to retrieve"),
+        repositoryId: z.string().optional().describe("Repository ID to filter builds"),
+        repositoryType: z.enum(["TfsGit", "GitHub", "BitbucketCloud"]).optional().describe("Type of repository to filter builds"),
+    }, async ({ project, definitions, queues, buildNumber, minTime, maxTime, requestedFor, reasonFilter, statusFilter, resultFilter, tagFilters, properties, top, continuationToken, maxBuildsPerDefinition, deletedFilter, queryOrder, branchName, buildIds, repositoryId, repositoryType, }) => {
+        const connection = await connectionProvider();
+        const buildApi = await connection.getBuildApi();
+        const builds = await buildApi.getBuilds(project, definitions, queues, buildNumber, minTime, maxTime, requestedFor, reasonFilter, statusFilter, resultFilter, tagFilters, properties, top, continuationToken, maxBuildsPerDefinition, deletedFilter, safeEnumConvert(BuildQueryOrder, queryOrder), branchName, buildIds, repositoryId, repositoryType);
+        return {
+            content: [{ type: "text", text: JSON.stringify(builds, null, 2) }],
+        };
+    });
+    server.tool(BUILD_TOOLS.get_log, "Retrieves the logs for a specific build.", {
+        project: z.string().describe("Project ID or name to get the build log for"),
+        buildId: z.number().describe("ID of the build to get the log for"),
+    }, async ({ project, buildId }) => {
+        const connection = await connectionProvider();
+        const buildApi = await connection.getBuildApi();
+        const logs = await buildApi.getBuildLogs(project, buildId);
+        return {
+            content: [{ type: "text", text: JSON.stringify(logs, null, 2) }],
+        };
+    });
+    server.tool(BUILD_TOOLS.get_log_by_id, "Get a specific build log by log ID.", {
+        project: z.string().describe("Project ID or name to get the build log for"),
+        buildId: z.number().describe("ID of the build to get the log for"),
+        logId: z.number().describe("ID of the log to retrieve"),
+        startLine: z.number().optional().describe("Starting line number for the log content, defaults to 0"),
+        endLine: z.number().optional().describe("Ending line number for the log content, defaults to the end of the log"),
+    }, async ({ project, buildId, logId, startLine, endLine }) => {
+        const connection = await connectionProvider();
+        const buildApi = await connection.getBuildApi();
+        const logLines = await buildApi.getBuildLogLines(project, buildId, logId, startLine, endLine);
+        return {
+            content: [{ type: "text", text: JSON.stringify(logLines, null, 2) }],
+        };
+    });
+    server.tool(BUILD_TOOLS.get_changes, "Get the changes associated with a specific build.", {
+        project: z.string().describe("Project ID or name to get the build changes for"),
+        buildId: z.number().describe("ID of the build to get changes for"),
+        continuationToken: z.string().optional().describe("Continuation token for pagination"),
+        top: z.number().default(100).describe("Number of changes to retrieve, defaults to 100"),
+        includeSourceChange: z.boolean().optional().describe("Whether to include source changes in the results, defaults to false"),
+    }, async ({ project, buildId, continuationToken, top, includeSourceChange }) => {
+        const connection = await connectionProvider();
+        const buildApi = await connection.getBuildApi();
+        const changes = await buildApi.getBuildChanges(project, buildId, continuationToken, top, includeSourceChange);
+        return {
+            content: [{ type: "text", text: JSON.stringify(changes, null, 2) }],
+        };
+    });
+    server.tool(BUILD_TOOLS.pipelines_get_run, "Gets a run for a particular pipeline.", {
+        project: z.string().describe("Project ID or name to run the build in"),
+        pipelineId: z.number().describe("ID of the pipeline to run"),
+        runId: z.number().describe("ID of the run to get"),
+    }, async ({ project, pipelineId, runId }) => {
+        const connection = await connectionProvider();
+        const pipelinesApi = await connection.getPipelinesApi();
+        const pipelineRun = await pipelinesApi.getRun(project, pipelineId, runId);
+        return {
+            content: [{ type: "text", text: JSON.stringify(pipelineRun, null, 2) }],
+        };
+    });
+    server.tool(BUILD_TOOLS.pipelines_list_runs, "Gets top 10000 runs for a particular pipeline.", {
+        project: z.string().describe("Project ID or name to run the build in"),
+        pipelineId: z.number().describe("ID of the pipeline to run"),
+    }, async ({ project, pipelineId }) => {
+        const connection = await connectionProvider();
+        const pipelinesApi = await connection.getPipelinesApi();
+        const pipelineRuns = await pipelinesApi.listRuns(project, pipelineId);
+        return {
+            content: [{ type: "text", text: JSON.stringify(pipelineRuns, null, 2) }],
+        };
+    });
+    const variableSchema = z.object({
+        value: z.string().optional(),
+        isSecret: z.boolean().optional(),
+    });
+    const resourcesSchema = z.object({
+        builds: z
+            .record(z.string().describe("Name of the build resource."), z.object({
+            version: z.string().optional().describe("Version of the build resource."),
+        }))
+            .optional(),
+        containers: z
+            .record(z.string().describe("Name of the container resource."), z.object({
+            version: z.string().optional().describe("Version of the container resource."),
+        }))
+            .optional(),
+        packages: z
+            .record(z.string().describe("Name of the package resource."), z.object({
+            version: z.string().optional().describe("Version of the package resource."),
+        }))
+            .optional(),
+        pipelines: z.record(z.string().describe("Name of the pipeline resource."), z.object({
+            runId: z.number().describe("Id of the source pipeline run that triggered or is referenced by this pipeline run."),
+            version: z.string().optional().describe("Version of the source pipeline run."),
+        })),
+        repositories: z
+            .record(z.string().describe("Name of the repository resource."), z.object({
+            refName: z.string().describe("Reference name, e.g., refs/heads/main."),
+            token: z.string().optional(),
+            tokenType: z.string().optional(),
+            version: z.string().optional().describe("Version of the repository resource, git commit sha."),
+        }))
+            .optional(),
+    });
+    server.tool(BUILD_TOOLS.pipelines_run_pipeline, "Starts a new run of a pipeline.", {
+        project: z.string().describe("Project ID or name to run the build in"),
+        pipelineId: z.number().describe("ID of the pipeline to run"),
+        pipelineVersion: z.number().optional().describe("Version of the pipeline to run. If not provided, the latest version will be used."),
+        previewRun: z.boolean().optional().describe("If true, returns the final YAML document after parsing templates without creating a new run."),
+        resources: resourcesSchema.optional().describe("A dictionary of resources to pass to the pipeline."),
+        stagesToSkip: z.array(z.string()).optional().describe("A list of stages to skip."),
+        templateParameters: z.record(z.string(), z.string()).optional().describe("Custom build parameters as key-value pairs"),
+        variables: z.record(z.string(), variableSchema).optional().describe("A dictionary of variables to pass to the pipeline."),
+        yamlOverride: z.string().optional().describe("YAML override for the pipeline run."),
+    }, async ({ project, pipelineId, pipelineVersion, previewRun, resources, stagesToSkip, templateParameters, variables, yamlOverride }) => {
+        if (!previewRun && yamlOverride) {
+            throw new Error("Parameter 'yamlOverride' can only be specified together with parameter 'previewRun'.");
+        }
+        const connection = await connectionProvider();
+        const pipelinesApi = await connection.getPipelinesApi();
+        const runRequest = {
+            previewRun: previewRun,
+            resources: {
+                ...resources,
+            },
+            stagesToSkip: stagesToSkip,
+            templateParameters: templateParameters,
+            variables: variables,
+            yamlOverride: yamlOverride,
+        };
+        const pipelineRun = await pipelinesApi.runPipeline(runRequest, project, pipelineId, pipelineVersion);
+        const queuedBuild = { id: pipelineRun.id };
+        const buildId = queuedBuild.id;
+        if (buildId === undefined) {
+            throw new Error("Failed to get build ID from pipeline run");
+        }
+        return {
+            content: [{ type: "text", text: JSON.stringify(pipelineRun, null, 2) }],
+        };
+    });
+    server.tool(BUILD_TOOLS.get_status, "Fetches the status of a specific build.", {
+        project: z.string().describe("Project ID or name to get the build status for"),
+        buildId: z.number().describe("ID of the build to get the status for"),
+    }, async ({ project, buildId }) => {
+        const connection = await connectionProvider();
+        const buildApi = await connection.getBuildApi();
+        const build = await buildApi.getBuildReport(project, buildId);
+        return {
+            content: [{ type: "text", text: JSON.stringify(build, null, 2) }],
+        };
+    });
+    server.tool(BUILD_TOOLS.update_build_stage, "Updates the stage of a specific build.", {
+        project: z.string().describe("Project ID or name to update the build stage for"),
+        buildId: z.number().describe("ID of the build to update"),
+        stageName: z.string().describe("Name of the stage to update"),
+        status: z.enum(getEnumKeys(StageUpdateType)).describe("New status for the stage"),
+        forceRetryAllJobs: z.boolean().default(false).describe("Whether to force retry all jobs in the stage."),
+    }, async ({ project, buildId, stageName, status, forceRetryAllJobs }) => {
+        const connection = await connectionProvider();
+        const orgUrl = connection.serverUrl;
+        const endpoint = `${orgUrl}/${project}/_apis/build/builds/${buildId}/stages/${stageName}?api-version=${apiVersion}`;
+        const token = await tokenProvider();
+        const body = {
+            forceRetryAllJobs: forceRetryAllJobs,
+            state: safeEnumConvert(StageUpdateType, status),
+        };
+        const response = await fetch(endpoint, {
+            method: "PATCH",
+            headers: {
+                "Content-Type": "application/json",
+                "Authorization": `Bearer ${token}`,
+                "User-Agent": userAgentProvider(),
+            },
+            body: JSON.stringify(body),
+        });
+        if (!response.ok) {
+            const errorText = await response.text();
+            throw new Error(`Failed to update build stage: ${response.status} ${errorText}`);
+        }
+        const updatedBuild = await response.text();
+        return {
+            content: [{ type: "text", text: JSON.stringify(updatedBuild, null, 2) }],
+        };
+    });
+}
+export { BUILD_TOOLS, configureBuildTools };