Skip to main content
Glama
ennuiii

Azure DevOps MCP Server with PAT Authentication

by ennuiii
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

advsec_get_alert_details

Retrieve detailed information for a specific Advanced Security alert in Azure DevOps by specifying project, repository, and alert ID using PAT authentication.

Instructions

Get detailed information about a specific Advanced Security alert.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
alertIdYesThe ID of the alert to retrieve details for.
projectYesThe name or ID of the Azure DevOps project.
refNoGit reference (branch) to filter the alert.
repositoryYesThe name or ID of the repository containing the alert.

Implementation Reference

  • src/tools/advsec.ts:110-140 (handler)
    Handler function that executes the tool logic: fetches detailed alert information from Azure DevOps Alert API.
      async ({ project, repository, alertId, ref }) => {
    try {
      const connection = await connectionProvider();
      const alertApi = await connection.getAlertApi();

      const result = await alertApi.getAlert(
        project,
        alertId,
        repository,
        ref,
        undefined // expand parameter
      );

      return {
        content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
      };
    } catch (error) {
      const errorMessage = error instanceof Error ? error.message : "Unknown error occurred";

      return {
        content: [
          {
            type: "text",
            text: `Error fetching alert details: ${errorMessage}`,
          },
        ],
        isError: true,
      };
    }
  }
);
  • src/tools/advsec.ts:104-109 (schema)
    Zod input schema defining parameters for the advsec_get_alert_details tool.
    {
  project: z.string().describe("The name or ID of the Azure DevOps project."),
  repository: z.string().describe("The name or ID of the repository containing the alert."),
  alertId: z.number().describe("The ID of the alert to retrieve details for."),
  ref: z.string().optional().describe("Git reference (branch) to filter the alert."),
},
  • src/tools/advsec.ts:101-141 (registration)
    Tool registration using server.tool() in configureAdvSecTools function, which is called from src/tools.ts.
      server.tool(
    ADVSEC_TOOLS.get_alert_details,
    "Get detailed information about a specific Advanced Security alert.",
    {
      project: z.string().describe("The name or ID of the Azure DevOps project."),
      repository: z.string().describe("The name or ID of the repository containing the alert."),
      alertId: z.number().describe("The ID of the alert to retrieve details for."),
      ref: z.string().optional().describe("Git reference (branch) to filter the alert."),
    },
    async ({ project, repository, alertId, ref }) => {
      try {
        const connection = await connectionProvider();
        const alertApi = await connection.getAlertApi();

        const result = await alertApi.getAlert(
          project,
          alertId,
          repository,
          ref,
          undefined // expand parameter
        );

        return {
          content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
        };
      } catch (error) {
        const errorMessage = error instanceof Error ? error.message : "Unknown error occurred";

        return {
          content: [
            {
              type: "text",
              text: `Error fetching alert details: ${errorMessage}`,
            },
          ],
          isError: true,
        };
      }
    }
  );
}
  • src/tools/advsec.ts:11-14 (helper)
    Constant defining the tool name string for advsec_get_alert_details.
    const ADVSEC_TOOLS = {
  get_alerts: "advsec_get_alerts",
  get_alert_details: "advsec_get_alert_details",
};

Tool Definition Quality

B3.1/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure but adds minimal context. It states this is a read operation ('Get'), but doesn't mention authentication requirements, rate limits, error conditions, response format, or whether it's idempotent. For a tool that likely accesses sensitive security data, this lack of behavioral context is a significant gap.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that states exactly what the tool does without unnecessary words. It's appropriately sized for a straightforward retrieval tool and front-loads the core functionality. Every word earns its place.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a read-only tool with 100% schema coverage, the description is minimally adequate. However, with no output schema and no annotations, the description should ideally provide more context about what 'detailed information' includes or the response structure. The combination of complete parameter documentation but missing behavioral and output context results in a middle score.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The schema has 100% description coverage, so all parameters are documented in the schema itself. The description adds no additional parameter semantics beyond what's in the schema - it doesn't explain relationships between parameters (e.g., that alertId must exist within the specified project/repository) or provide examples. This meets the baseline for high schema coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb ('Get') and resource ('detailed information about a specific Advanced Security alert'), making the purpose unambiguous. It distinguishes from the sibling 'advsec_get_alerts' by specifying retrieval of details for a single alert rather than listing multiple alerts. However, it doesn't explicitly contrast with other security-related tools beyond the sibling, keeping it at 4 rather than 5.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (like needing project/repository context first), when not to use it, or how it differs from other alert-related tools beyond the implied distinction from 'advsec_get_alerts'. The agent must infer usage from the tool name and parameters alone.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/ennuiii/DevOpsMcpPAT'

If you have feedback or need assistance with the MCP directory API, please join our Discord server