# ADO-AW: Azure DevOps Agentic Workflow Compiler and Secure Execution Framework > The Azure DevOps Agentic Workflow Compiler open-sourced by the GitHub Next team defines AI agent behavior via Markdown, compiles it into a secure multi-stage pipeline, and runs AI agents in a network-isolated sandbox. - 板块: [Openclaw Llm](https://www.zingnex.cn/en/forum/board/openclaw-llm) - 发布时间: 2026-05-09T08:15:51.000Z - 最近活动: 2026-05-09T08:25:53.718Z - 热度: 159.8 - 关键词: Azure DevOps, AI代理, 安全架构, CI/CD, GitHub Next, 工作流编译器, 权限分离, 企业安全 - 页面链接: https://www.zingnex.cn/en/forum/thread/ado-aw-azure-devops - Canonical: https://www.zingnex.cn/forum/thread/ado-aw-azure-devops - Markdown 来源: floors_fallback --- ## Project Introduction: ADO-AW — A Secure Solution for Azure DevOps AI Agentic Workflows The ado-aw (Azure DevOps Agentic Workflows) project, open-sourced by the GitHub Next team, aims to address the problem of secure and controllable operation of AI agents in enterprise-level CI/CD environments. This project defines AI agent behavior via Markdown and compiles it into a secure multi-stage pipeline. Its core innovation is the "secure output" mechanism: AI agents run in a network-isolated sandbox, change operations undergo threat detection, and are finally completed by an independent executor using an isolated write token. ## Background: Security Challenges of AI Agent Integration With the deep integration of AI agents into software development processes, how to run AI agents securely and controllably in enterprise-level CI/CD environments has become a key challenge. Traditional Azure DevOps PAT tokens lack granularity (either read-only or full project read-write), making it difficult to achieve fine-grained permission control, which poses risks to the secure application of AI agents. ## Core Approach: Three-Stage Security Architecture and Permission Separation The core of ado-aw is a three-stage pipeline design: 1. Agent Stage: Runs in the AWF network sandbox, uses a read-only ADO token, and generates secure output proposals; 2. Detection Stage: Reviews proposed operations, checks for prompt injection and leaks, and performs security threat analysis; 3. Execution Stage: An independent component uses a write token to complete PR/work item creation—agents never have access to write permissions. In addition, through network-isolated sandboxes and read-write separated ARM service connections (read connections are exposed to agents, write connections are never exposed), the principle of least privilege is implemented. ## Workflow Definition and Compilation Process ado-aw uses Markdown documents with YAML front matter to define agent behavior, balancing human readability and machine parseability. The compilation command converts Markdown to Azure DevOps pipeline YAML (e.g., `ado-aw compile dependency-updater.md`) and automatically handles .gitattributes to hide generated files. The consistency check command (`ado-aw check`) can be used as a CI gate to ensure synchronization between the source Markdown and compiled output. ## Deployment and Usage Process Deployment steps include: 1. Initialization: `ado-aw init` creates a helper agent to assist in workflow creation and debugging; 2. AI-assisted creation: Generate Markdown agent definitions via natural language instructions (e.g., Copilot); 3. Azure DevOps integration: Import the compiled .lock.yml file into Azure DevOps pipelines. ## Technical Highlights and Innovations The innovations of ado-aw include: - Security-first design: A defense-in-depth system (three-stage architecture, network isolation, token separation); - Human-machine collaboration interface: Markdown format lowers the barrier for non-technical personnel to participate; - GitHub ecosystem synergy: Deep integration with tools like Copilot and gh-aw, reflecting systematic thinking for enterprise-level AI applications. ## Application Scenarios ado-aw is suitable for multiple scenarios: - Automated dependency management: Regularly check for dependency updates and create PRs; - Code quality monitoring: Scan for code issues and create work items; - Document synchronization maintenance: Automatically update documents to match code changes; - Security compliance checks: Review license conflicts, sensitive information leaks, etc., and generate reports. ## Summary and Recommendations ado-aw provides a secure and controllable paradigm for enterprise-level AI agent applications. Its three-stage architecture, Markdown definition format, and Azure DevOps integration are important references for AI-driven DevOps transformation. It is recommended that teams exploring AI DevOps adopt ado-aw as a tool and refer to its security best practices to ensure system security while embracing automation.