feat: inject Atlassian cloud ID server-side#187
Conversation
Co-authored-by: Son Dao <son.dao@katalon.com>
Co-authored-by: Son Dao <son.dao@katalon.com>
Co-authored-by: Son Dao <son.dao@katalon.com>
|
|
||
| const FULL_ENV: NodeJS.ProcessEnv = { | ||
| ATLASSIAN_AUTH: "Basic global", | ||
| ATLASSIAN_CLOUD_ID: "katalon.atlassian.net", |
There was a problem hiding this comment.
| ATLASSIAN_CLOUD_ID: "katalon.atlassian.net", | |
| ATLASSIAN_CLOUD_ID: "acme.atlassian.net", |
There was a problem hiding this comment.
Thanks. I see the suggestion. This PR originated from a Slack request by slack:U05QSJ4U0PM, so per the run ownership rule I am waiting for requester confirmation before changing the branch. If they confirm, I will fold the agreed test-fixture cleanup into one follow-up pass.
AI-generated — verify before acting. View Thor context
There was a problem hiding this comment.
Fixed in 3c74984. I updated the test fixture cloud ID to acme.atlassian.net.
AI-generated — verify before acting. View Thor context
| "https://mcp.atlassian.com/v1/mcp", | ||
| ); | ||
| expect(resolveProxyConfig("atlassian", undefined, FULL_ENV)?.atlassianCloudId).toBe( | ||
| "katalon.atlassian.net", |
There was a problem hiding this comment.
| "katalon.atlassian.net", | |
| "acme.atlassian.net", |
There was a problem hiding this comment.
Noted. Same constraint here: this branch is currently owned by the original Slack requester (slack:U05QSJ4U0PM), so I am pausing code changes until they confirm. If confirmed, I will batch the constant/test cleanup together.
AI-generated — verify before acting. View Thor context
There was a problem hiding this comment.
Fixed in 3c74984. The expectation now uses acme.atlassian.net too.
AI-generated — verify before acting. View Thor context
| const env = { | ||
| ATLASSIAN_AUTH: "Basic global", | ||
| ATLASSIAN_AUTH_LABS: "Basic labs", | ||
| ATLASSIAN_CLOUD_ID: "katalon.atlassian.net", |
There was a problem hiding this comment.
| ATLASSIAN_CLOUD_ID: "katalon.atlassian.net", | |
| ATLASSIAN_CLOUD_ID: "acme.atlassian.net", |
There was a problem hiding this comment.
Acknowledged. I am holding follow-up edits until the original requester (slack:U05QSJ4U0PM) confirms the PR direction, then I can apply these test fixture simplifications in one pass.
AI-generated — verify before acting. View Thor context
There was a problem hiding this comment.
Fixed in 3c74984. I switched that test env fixture to acme.atlassian.net.
AI-generated — verify before acting. View Thor context
| GRAFANA_SERVICE_ACCOUNT_TOKEN_LABS: "labs-token", | ||
| GRAFANA_ORG_ID_LABS: "7", | ||
| ATLASSIAN_AUTH_LABS: "Basic labs", | ||
| ATLASSIAN_CLOUD_ID: "katalon.atlassian.net", |
There was a problem hiding this comment.
| ATLASSIAN_CLOUD_ID: "katalon.atlassian.net", | |
| ATLASSIAN_CLOUD_ID: "acme.atlassian.net", |
There was a problem hiding this comment.
Thanks. I have the suggestion noted, but I am waiting for confirmation from the original Slack requester (slack:U05QSJ4U0PM) before changing this branch. If confirmed, I will fold this into the same cleanup pass.
AI-generated — verify before acting. View Thor context
There was a problem hiding this comment.
Fixed in 3c74984. Same fixture cleanup applied here.
AI-generated — verify before acting. View Thor context
| if (name === "atlassian") { | ||
| const auth = scopedEnv(env, "ATLASSIAN_AUTH", profile); | ||
| if (!auth.value) return undefined; | ||
| const cloudId = envValue(env, "ATLASSIAN_CLOUD_ID"); |
There was a problem hiding this comment.
Should use scoped env var?
There was a problem hiding this comment.
Good question. The current branch intentionally keeps ATLASSIAN_CLOUD_ID global to match the requester’s “keep it simple” direction. I can revisit scoped variants too, but per run ownership I am waiting for confirmation from the original Slack requester (slack:U05QSJ4U0PM) before changing the implementation.
AI-generated — verify before acting. View Thor context
There was a problem hiding this comment.
Fixed in 3c74984. ATLASSIAN_CLOUD_ID now follows the same profile-aware pattern as auth: ATLASSIAN_CLOUD_ID_<PROFILE> overrides the global value, with global fallback.
AI-generated — verify before acting. View Thor context
| }, | ||
| allow: ATLASSIAN_ALLOW, | ||
| approve: ATLASSIAN_APPROVE, | ||
| atlassianCloudId: cloudId, |
There was a problem hiding this comment.
| atlassianCloudId: cloudId, |
There was a problem hiding this comment.
Noted. I am pausing implementation changes until the original Slack requester (slack:U05QSJ4U0PM) confirms the follow-up direction; if confirmed, I can simplify this path in a follow-up update.
AI-generated — verify before acting. View Thor context
There was a problem hiding this comment.
Fixed in 3c74984. I removed the extra atlassianCloudId field and resolve the configured cloud ID at call time instead.
AI-generated — verify before acting. View Thor context
| proxyName: instance.name, | ||
| tool: toolInfo.name, | ||
| args, | ||
| args: userVisibleArgs, |
There was a problem hiding this comment.
Keep it simple, use args directly.
There was a problem hiding this comment.
Understood. I am holding branch changes until the original Slack requester (slack:U05QSJ4U0PM) confirms the review direction; if they do, I can revisit this and keep the path simpler.
AI-generated — verify before acting. View Thor context
There was a problem hiding this comment.
Fixed in 3c74984. I simplified this path by dropping the temporary userVisibleArgs state and only stripping cloudId inline for the approval payload.
AI-generated — verify before acting. View Thor context
| - DAYTONA_API_KEY=${DAYTONA_API_KEY:-} | ||
| - DAYTONA_API_URL=${DAYTONA_API_URL:-https://app.daytona.io/api} | ||
| - DAYTONA_SNAPSHOT=${DAYTONA_SNAPSHOT:-} | ||
| - ATLASSIAN_CLOUD_ID=${ATLASSIAN_CLOUD_ID:-} |
There was a problem hiding this comment.
Atlassian env vars should be in .env.
| - ATLASSIAN_CLOUD_ID=${ATLASSIAN_CLOUD_ID:-} |
There was a problem hiding this comment.
Acknowledged. I am waiting for confirmation from the original Slack requester (slack:U05QSJ4U0PM) before making follow-up branch changes; if confirmed, I can simplify the compose/env surfacing accordingly.
AI-generated — verify before acting. View Thor context
There was a problem hiding this comment.
Fixed in 3c74984. I removed the extra docker-compose.yml env surfacing and left Atlassian env vars sourced from .env / workflow env generation.
AI-generated — verify before acting. View Thor context
Co-authored-by: Son Dao <son.dao@katalon.com>
Align the Atlassian proxy with the langfuse/grafana bundle pattern: ATLASSIAN_AUTH + ATLASSIAN_CLOUD_ID now resolve all-or-nothing per scope. A partial profile bundle is rejected instead of mixing scoped auth with the global cloud ID, and an incomplete global config disables the proxy (returns undefined) rather than throwing. Also consolidate the bundle / profile-suffix docs into a single source of truth in docs/feat/profile.md, trimming the repeated per-row suffix clause from the README env table and the duplicated mitmproxy egress note. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2 participants
Summary
ATLASSIAN_CLOUD_IDwhenever Atlassian MCP auth is configuredcloudIdfrom Atlassian tool schemas and approval payloads shown to the modelcloudIdinto outbound Atlassian MCP calls and update docs/CI env wiringTesting
AI-generated — verify before acting. View Thor context