Encode markdown formatted fields to prevent issues with >, <, and $

[agreaves-ms]

This PR introduces an encoding utility for Markdown used in all work item creation/update paths to prevent truncation/corruption when <, >, and ${), appear in Markdown fields.

Previously

With this change

GitHub issue number

Associated Risks

The user may intend to use >,<,$ for their Markdown.

• However, it's signficantly more likely the user will be using GitHub Copilot or another AI coding tool, which the models tend to use < and > to represent greater than some value (instead of intending to use it as html embedded in Markdown).

✅ PR Checklist

• I have read the contribution guidelines
• I have read the code of conduct guidelines
• Title of the pull request is clear and informative.
• 👌 Code hygiene
• 🔭 Telemetry added, updated, or N/A
• 📄 Documentation added, updated, or N/A
• 🛡️ Automated tests added, or N/A

🧪 How did you test it?

I wrote tests and provided the following to Claude Sonnet 4 and GPT-5 both before and after this change:

Try creating a Markdown epic again with the following field values:
tool : mcp_ado_wit_create_work_item
args : {
  "fields": [
    {
      "name": "System.Title",
      "value": "Test Epic #3 - Comparison Operators < > in Metrics"
    },
    {
      "format": "Markdown",
      "name": "System.Description",
      "value": "This epic tests comparison operators in metric contexts:

## Metric Examples

- Example Metric: <5 of something
- Another Example Metric: >6 of something
- One Last Metric: <7 of something >8 of something

## Additional Test Cases

- Performance requirement: Response time <500ms
- Throughput requirement: Handle >1000 requests per second
- Memory usage: Keep memory <2GB but >1GB for optimal performance
- Error rate: Maintain error rate <1% and uptime >99.9%

## Code Context

```bash
if [ $count -lt 5 ]; then
  echo \"Count is <5\"
elif [ $count -gt 6 ]; then
  echo \"Count is >6\"
fi
```

Testing how these comparison operators are handled in various contexts."
    }
  ],
  "project": "REPLACE-ME",
  "workItemType": "Epic"
}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@69b2928). Learn more about missing BASE report.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #500   +/-   ##
=======================================
  Coverage        ?   98.01%           
=======================================
  Files           ?       15           
  Lines           ?     1056           
  Branches        ?      199           
=======================================
  Hits            ?     1035           
  Misses          ?        7           
  Partials        ?       14           

Flag	Coverage Δ
unittests	98.01% <100.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[danhellem]

@agreaves-ms we ask that you follow the process as outlined in the https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md

Please create an issue first, and if approved, we can proceed with a PR

[agreaves-ms]

@agreaves-ms we ask that you follow the process as outlined in the https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md

Please create an issue first, and if approved, we can proceed with a PR

Thank you @danhellem, I've added issue #508

[polatengin]

Thanks for the PR!

Escaping < and > makes sense because Azure DevOps Markdown can confuse them with HTML tags, which may break formatting.

But escaping $ is not needed, Azure DevOps doesn’t treat $ as special.

Encoding it would only make the raw text harder to read (e.g. $100 instead of $100 when editing).

Could you clarify why encoding $ is also needed, please?

If it's not needed, can we kindly ask you to update the PR to only escape < and >?

[agreaves-ms]

@polatengin I was attempting to address accidental LaTeX rendering in Markdown as well. I realize my contrived sample work items did not properly validate this encoding actually fixing this issue (as you needed <$ and $> together to trigger the latex rendering). It looks like encoding the $ doesn't remove the LaTeX rendering so it'll just be something our users will need to be aware of in the unlikely event they run into this edge-case. I'll remove it and update my PR. The < and > happen all the time though so I appreciate the review.

[polatengin]

LGTM