Skip to content
ado-aw

Azure DevOps Agentic Workflows

Continuous AI for Azure DevOps
Get Started View on GitHub

Define agents in markdown

Section titled “Define agents in markdown”

No pipeline YAML to hand-write. No complex scripting. Just describe the agent’s purpose in a markdown file with a YAML front-matter header for configuration.

agent.md
---
on:
  schedule: weekly on monday around 10:00
engine:
  model: gpt-4.1
tools:
  bash: [grep, find, wc, jq]
safe-outputs:
  create-pull-request:
    title-prefix: "[docs] "
    max: 1
  comment-on-work-item:
---


## Documentation Sync


Review all public API surfaces and ensure the corresponding
docs are up to date. Open a PR with any corrections and
comment on related work items with a summary.
pipeline.yml
# Auto-generated by ado-aw -- do not edit
trigger: none
schedules:
  - cron: "23 10 * * 1"
    branches:
      include: [main]
stages:
  - stage: Agent
    # Network-isolated sandbox, read-only token...
  - stage: Detection
    # AI threat scan of proposed outputs...
  - stage: Execution
    # Apply approved PRs and comments...

Vulnerabilities patched. Docs updated. Broken builds diagnosed and fixed. By the time you open your laptop, agents have already done the work — proposed, reviewed, and ready to merge.

Wake up to results

Section titled “Wake up to results”

Security patch PRs

Agents scan for CVEs overnight and open ready-to-merge pull requests by morning.

Pipeline failure analysis

When a build breaks, an agent reads the logs, identifies the root cause, and proposes a fix PR.

Documentation consistency

Keep READMEs, changelogs, and API docs in sync with the code — automatically.

Work item triage

Stale issues get flagged, duplicates get linked, and priorities get suggested — every day.

Five security layers, zero trust

Section titled “Five security layers, zero trust”

Every compiled pipeline enforces a defense-in-depth model. The agent never receives write credentials or secrets.

flowchart TD
    E["Trigger"] --> Agent
    subgraph Sandbox["Sandbox"]
        direction LR
        Agent["AI Agent"]
        Details["Isolated Container\nRead-only Token\nNetwork Firewall"]
    end
    Agent --> Output["Proposed Safe Outputs"]
    Output --> Detect["Threat Detection"]
    Detect -->|"safe"| Write["Executor (write token)"]
    Detect -->|"blocked"| Fail["Rejected"]
    Write --> ADO["Azure DevOps APIs"]

    style Sandbox stroke:#7c3aed,stroke-width:2px,fill:none
    style Agent fill:#4361ee,color:#fff,stroke:#3a56d4
    style Details fill:none,stroke:#7c3aed,stroke-width:1px,color:#9f7aea,stroke-dasharray:4 2,font-size:0.75rem
    style Detect fill:#e6a817,color:#1a1a1a,stroke:#c49000
    style Write fill:#2d9d78,color:#fff,stroke:#238066
    style Fail fill:#e63946,color:#fff,stroke:#c5303c
    style ADO fill:#4361ee,color:#fff,stroke:#3a56d4
LayerWhat it does
Read-only tokenThe agent can observe your repos but cannot push, merge, or delete anything
Zero secretsWrite tokens, API keys, and credentials exist only in the isolated executor stage
Network firewallAll outbound traffic routes through an allowlist-only proxy; everything else is dropped
Safe outputsThe agent proposes structured actions (PRs, comments, work items); hard limits and prefixes constrain what can be requested
Threat detectionA dedicated AI scan checks proposals for prompt injection, secret leaks, and malicious patterns before anything is applied

Get started in minutes

Section titled “Get started in minutes”

With Copilot agents

Download ado-aw, run ado-aw init, then co-create your first agent interactively with /agent ado-aw.

Quick start with agents

Write it by hand

Author an agent markdown file, compile it, push, and configure your Azure DevOps project.

Manual quick start

Same salad, different dressing

Section titled “Same salad, different dressing”

Familiar with GitHub Agentic Workflows? Azure DevOps Agentic Workflows leverages the exact same technologies — network-isolated sandboxes, safe outputs, threat detection, and MCP tooling — with a specialized compiler that targets Azure DevOps Pipelines instead of GitHub Actions.

GitHub Agentic WorkflowsAzure DevOps Agentic Workflows
PlatformGitHub ActionsAzure DevOps Pipelines
Agent formatMarkdown + YAML front matterMarkdown + YAML front matter
Security modelRead-only token, AWF sandbox, safe outputs, threat detectionRead-only token, AWF sandbox, safe outputs, threat detection
Compilergh aw compileado-aw compile
Safe outputsPRs, issues, labels, commentsPRs, work items, wiki pages, build tags
MCP supportGitHub MCP, custom serversAzure DevOps MCP, GitHub MCP, custom servers

If your team already writes gh-aw workflows, you already know how to write ado-aw agents. The markdown format, security architecture, and mental model are identical.