mcp-devops-onpremise
This server enables AI assistants to interact with on-premises Azure DevOps / TFS environments, supporting NTLM, PAT, and OAuth authentication (ideal for restricted, VPN-based, or offline setups).
Pull Requests
Retrieve PR details (linked work items, commit SHAs)
List comment threads and individual comments
Create new threads (general or inline on a specific file/line), reply to existing ones
Update thread status (Active, Resolved, WontFix, Closed, Pending)
Update or delete comments
Repositories
List repositories and get details by name or ID
List files changed in a commit (with change type: add, edit, remove)
Diff two commits to see changed file paths
Get raw file content at a specific commit or branch
Get line-level textual diffs between two commits
Work Items
Retrieve work items by ID (fields, attachments, linked items); download attachments
Query work items using WIQL
Create, update (JSON Patch), soft-delete, permanently destroy, and restore work items
Add/remove relation links (parent, child, related, successor, predecessor, etc.)
Add/remove artifact links (Pull Request, Build, Commit, Branch, Changeset)
List, add, update, and delete work item comments
Get work item type definitions (e.g., Bug, User Story)
Wiki
Get wiki page metadata and content by URL
Create or update pages (under a specified parent)
Update an existing page by ID
Delete a page by ID
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-devops-onpremiseshow open pull requests in the main repository"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP DevOps On-Premise
Model Context Protocol MCP server for on-premises Azure DevOps that lets AI assistants browse repositories, review pull requests, manage work items, and interact with wikis.
Overview
Many organizations use on-premise DevOps solutions such as TFS or Azure DevOps Server in their projects. Integrating these systems with modern agentic AI tools and LLMs can be difficult. The official Microsoft Azure DevOps MCP server does not support these environments and is unlikely to support them in the future.
This MCP server closes that gap and enables smooth integration with on-premise DevOps systems.
This project is under active development, with features continuously added to meet current requirements. Community needs are highly valued — if you miss any features, please submit an Issue. User-requested features are fast-tracked and will be prioritized and added as soon as possible.
Related MCP server: Azure DevOps MCP Server
Key Advantages
One of the most important features of this MCP server is NTLM authentication support. NTLM is required by many on-premises and enterprise environments where users authenticate with Windows domain credentials, either directly or over VPN. Most MCP servers for Azure DevOps target only cloud-hosted Azure DevOps Services with token-based auth and cannot connect to these environments.
NTLM authentication (Windows domain credentials) for on-prem and VPN-based setups where no other auth method works.
PAT and OAuth bearer token authentication as alternatives when available.
Enables secure access to on-prem DevOps systems from MCP-compatible AI tools such as GitHub Copilot, Claude Desktop, Cursor, Windsurf, and others.
Works in restricted or offline environments without exposing sensitive data to external services.
Retrieves commit diffs with clear added/removed lines, similar to the DevOps UI.
Helps keep and track project documentation alongside code changes.
Automates common tasks such as work item management and code review processes.
Getting Started
Prerequisites
Python 3.10+ and uv are required. If not yet installed, see installation guide.
Quick Install
Click one of the buttons below to install directly in your IDE. You will be prompted for credentials:
For other platforms, see Manual Installation in the Getting Started guide.
Manual Installation
The MCP server can be installed manually in the following AI tools: VS Code, Visual Studio, Cursor, Goose, LM Studio, Amp, Claude Code, Claude Desktop, Codex, Gemini CLI, OpenCode, Qodo Gen, Warp, Windsurf, GitHub Copilot CLI, GitHub Copilot Coding Agent, and others.
For step-by-step instructions, see Manual Installation in the Getting Started guide.
Configuration
The DEVOPS_API_URL must point to your full project URL:
https://<your-devops-server>/<organization>/<project>The server supports three authentication methods. If you are unsure which one to use, start with NTLM because it is the most common for on-prem/VPN setups.
Method | Description |
NTLM (username + password) | Most common for on-prem/VPN. Usually the simplest first setup and best fallback if other options fail. |
PAT (Personal Access Token) | Use when PAT is enabled and allowed. Tokens can expire, and token-based auth may be blocked by policy. Advantage: you do not store your account password in config. |
OAuth Bearer Token | Advanced option for CI/CD pipelines. Requires OAuth 2.0 configured on your DevOps Server and a token source defined by your administrators. |
For detailed setup instructions for each method, see Authentication in the Getting Started guide.
With NTLM (username + password)
{
"mcpServers": {
"devops-onprem": {
"command": "uvx",
"args": ["mcp-devops-onpremise@latest"],
"env": {
"DEVOPS_API_URL": "https://your-devops-server/your-organization/your-project",
"DEVOPS_USERNAME": "DOMAIN\\your-username",
"DEVOPS_PASSWORD": "your-password"
}
}
}
}With PAT
{
"mcpServers": {
"devops-onprem": {
"command": "uvx",
"args": ["mcp-devops-onpremise@latest"],
"env": {
"DEVOPS_API_URL": "https://your-devops-server/your-organization/your-project",
"DEVOPS_PAT": "your-personal-access-token"
}
}
}
}If you used a permanent install, replace
"command": "uvx"with"command": "mcp-devops-onpremise"and remove the"args"line.
Updating
All configuration examples use mcp-devops-onpremise@latest, which instructs uvx to fetch the latest version automatically on every run.
For permanent installs and release notes, see Updating in the Getting Started guide.
Available Tools
Pull Requests
Tool | Description | Read-only |
| Retrieve a pull request by ID, including linked work items and commit SHAs for diffing | ✅ |
| Returns a hierarchical list of non-deleted comment threads and their text comments | ✅ |
| List non-deleted text comments in a specific thread | ✅ |
| Create a new thread with an initial comment (general or inline on a file/line) | ❌ |
| Reply to an existing comment thread | ❌ |
| Update the status of a comment thread | ❌ |
| Update the text of an existing comment | ❌ |
| Delete a comment from a pull request thread | ❌ |
Repositories
Tool | Description | Read-only |
| List all repositories in the project | ✅ |
| Retrieve repository details by name or ID | ✅ |
| List files changed in a specific commit | ✅ |
| Get the difference between two commits (changed file paths) | ✅ |
| Get raw file content at a specific commit or branch | ✅ |
| Get line-level textual diff of a file between two commits (added lines prefixed | ✅ |
Work Items
Tool | Description | Read-only |
| Retrieve a work item (PBI, bug, task) by numeric ID. Returns a compact object with key fields, attachments (files and inline images), and linked items (work items, pull requests, commits) | ✅ |
| Download a work item attachment by its GUID, either saving locally or returning base64-encoded content | ✅ |
| Get the definition of a work item type by name (e.g. | ✅ |
| Execute a WIQL (Work Item Query Language) query and return matching work items | ✅ |
| Create a new work item with typed fields; Html is the default format | ❌ |
| Update fields on a work item using JSON Patch (add / replace / remove) | ❌ |
| Delete a work item, moves to Recycle Bin by default; use | ❌ |
| Restore a soft-deleted work item from the Recycle Bin | ❌ |
| Add or remove a relation link between two work items (parent, child, related, successor, predecessor, etc.) | ❌ |
| Add or remove an artifact link (Pull Request, Build, Commit, Branch, Changeset) on a work item | ❌ |
| List comments on a work item with configurable page size and format | ✅ |
| Add a comment to a work item | ❌ |
| Update an existing comment on a work item | ❌ |
| Delete a comment from a work item | ❌ |
Wiki
Tool | Description | Read-only |
| Get wiki page metadata (id, path) and optional content by its URL | ✅ |
| Create or update a wiki page under a specified parent page | ❌ |
| Update an existing wiki page by ID | ❌ |
| Delete an existing wiki page by ID | ❌ |
Development
# Install dev dependencies
uv sync --group dev
# Run linting
uv run ruff check src/
uv run black --check src/
# Run tests
uv run pytest tests/Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/zwitbaum/mcp-devops-on-prem'
If you have feedback or need assistance with the MCP directory API, please join our Discord server