You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: site/src/content/docs/reference/tools.mdx
+8-6Lines changed: 8 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,9 +7,11 @@ description: "Reference for the tools field, including bash access, file editing
7
7
8
8
The `tools` field controls which tools are available to the agent. Both sub-fields are optional and have sensible defaults.
9
9
10
+
For custom MCP servers beyond the built-in `azure-devops` integration, see the [MCP reference](/ado-aw/reference/mcp/).
11
+
10
12
### Default Bash Command Allow-list
11
13
12
-
When `tools.bash` is omitted, the agent defaults to **unrestricted bash access** (`--allow-all-tools`). This matches gh-aw's sandbox behavior -- since ado-aw agents always run inside the AWF sandbox, all tools are allowed by default.
14
+
When `tools.bash` is omitted, the agent defaults to **unrestricted bash access** (`--allow-all-tools`). This matches gh-aw's sandbox behavior -- since ado-aw agents always run inside the [AWF sandbox](/ado-aw/reference/network/), all tools are allowed by default.
13
15
14
16
### Configuring Bash Access
15
17
@@ -59,13 +61,13 @@ When enabled, the compiler auto-generates pipeline steps to:
59
61
- Download previous memory from the last successful run's artifact
60
62
- Restore files to `/tmp/awf-tools/staging/agent_memory/`
61
63
- Append a memory prompt to the agent instructions
62
-
- Auto-inject a `clearMemory` pipeline parameter (allows clearing memory from the ADO UI)
64
+
- Auto-inject a `clearMemory` [runtime parameter](/ado-aw/reference/parameters/) (allows clearing memory from the ADO UI)
63
65
64
66
During Stage 3 execution, memory files are validated (path safety, extension filtering, `##vso[` injection detection, 5 MB size limit) and published as a pipeline artifact.
65
67
66
68
### Azure DevOps MCP (`azure-devops:`)
67
69
68
-
First-class Azure DevOps MCP integration. Auto-configures the ADO MCP container, token mapping, MCPG entry, and network allowlist.
70
+
First-class Azure DevOps MCP integration. Auto-configures the ADO MCP container, token mapping, [MCPG](/ado-aw/reference/mcpg/) entry, and [network allowlist](/ado-aw/reference/network/).
69
71
70
72
```yaml
71
73
# Simple enablement (auto-infers org from git remote)
@@ -81,8 +83,8 @@ tools:
81
83
```
82
84
83
85
When enabled, the compiler:
84
-
- Generates a containerized stdio MCP entry (`node:20-slim` + `npx @azure-devops/mcp`) in the MCPG config
85
-
- Auto-maps `AZURE_DEVOPS_EXT_PAT` token passthrough when `permissions.read` is configured
86
-
- Adds ADO-specific hosts to the network allowlist
86
+
- Generates a containerized stdio MCP entry (`node:20-slim` + `npx @azure-devops/mcp`) in the [MCPG](/ado-aw/reference/mcpg/) config
87
+
- Auto-maps `AZURE_DEVOPS_EXT_PAT` token passthrough when [`permissions.read`](/ado-aw/reference/network/#permissions-ado-access-tokens) is configured
88
+
- Adds ADO-specific hosts to the [network allowlist](/ado-aw/reference/network/)
87
89
- Auto-infers org from the git remote URL at compile time (overridable via `org:` field)
88
90
- Fails compilation if org cannot be determined (no explicit override and no ADO git remote)
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments