Summary
Add an add-build-tag safe output that allows agents to add tags to completed Azure DevOps builds for classification and filtering.
ADO API
PUT /_apis/build/builds/{buildId}/tags/{tag}?api-version=7.1
Agent Parameters
build-id (required) — Build ID to tagtag (required) — Tag string to add (e.g., verified, release-candidate, security-reviewed)
Front Matter Configuration (safe-outputs.add-build-tag)
allowed-tags — List of allowed tag values or patterns (e.g., ["verified", "release-*"])tag-prefix — Prefix added to all tags (e.g., agent- to produce agent-verified)
Use Cases
- Quality gate agents marking builds as
verified or release-candidate
- Security review agents tagging builds as
security-reviewed
- Classification agents tagging builds by type or target
- Compliance agents marking builds that pass policy checks
Security Considerations
- Tag allow-list prevents arbitrary tagging
- Build ID validation (must reference existing build in project)
- Standard text sanitization on tag values
- Tag names should be restricted to alphanumeric + hyphens
Priority
Tier 3 — Niche use case. Low complexity.
Summary
Add an
add-build-tagsafe output that allows agents to add tags to completed Azure DevOps builds for classification and filtering.ADO API
PUT /_apis/build/builds/{buildId}/tags/{tag}?api-version=7.1Agent Parameters
build-id(required) — Build ID to tagtag(required) — Tag string to add (e.g.,verified,release-candidate,security-reviewed)Front Matter Configuration (
safe-outputs.add-build-tag)allowed-tags— List of allowed tag values or patterns (e.g.,["verified", "release-*"])tag-prefix— Prefix added to all tags (e.g.,agent-to produceagent-verified)Use Cases
verifiedorrelease-candidatesecurity-reviewedSecurity Considerations
Priority
Tier 3 — Niche use case. Low complexity.