Add JIRA proxy for agent integration and compliance automation#63
Merged
Add JIRA proxy for agent integration and compliance automation#63
Conversation
Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com>
Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add proxy for JIRA
Add JIRA proxy for agent integration and compliance automation
Jun 26, 2025
phrocker
requested changes
Jun 26, 2025
Contributor
phrocker
left a comment
phrocker
left a comment
There was a problem hiding this comment.
Can we rename llm-proxy maven model to integration-proxy? change all references and uses.
… update Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com>
Contributor
Author
Done! I've renamed the llm-proxy maven module to integration-proxy and updated all references throughout the codebase. This includes the module directory, Maven artifact names, build scripts, Docker configurations, Kubernetes/Helm charts, and documentation. The build completes successfully with the new module name. See commit 405c0a7. Warning Firewall rules blocked me from connecting to one or more addressesI tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
phrocker
added a commit
that referenced
this pull request
Nov 27, 2025
…ion (#63) * Initial plan * Update dashboard UI with agent deployments and MCP server management Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com> * Add enhanced Launch Agent modal with MCP server support and enable/disable toggles Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com> * Remove TODOs, add MCP proxy controller, and implement GitHub token listing - Created MCPProxyController to proxy MCP API calls from frontend to integration-proxy service - Added /api/v1/integrations/github/list endpoint to list GitHub integration tokens - Removed all TODO comments and implemented proper functionality - Updated enclave-data.js to remove TODOs with appropriate messages - Updated add_agent.html to load GitHub tokens from API endpoint - All MCP endpoints now properly route through integration-proxy service Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com> * Fix Authorization header and CSRF token issues - Removed required Authorization header from MCPProxyController methods - Extract JWT token from Spring Security context instead of requiring it from client - Added CSRF token to all MCP POST/DELETE requests in JavaScript - JavaScript now sends X-CSRF-TOKEN header instead of Authorization header - Fixes 302 redirect and missing Authorization header errors Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com> * Use service principal authentication for MCP proxy calls - MCPProxyController now uses KeycloakService.getKeycloakToken() for service-to-service auth - Removed user token forwarding approach that caused 401 errors - Uses API's service principal JWT token instead of user's token - Follows the same pattern as AgentClientService for authenticated calls to other services - All MCP operations (launch, status, delete, list) now authenticate correctly Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com> * Add Kubernetes RBAC for integration-proxy pod creation - Created ServiceAccount for integration-proxy - Created Role with pod and service creation permissions - Created RoleBinding to bind role to service account - Updated integration-proxy deployment to use the service account - Fixes 403 Forbidden error when creating MCP server pods - Matches RBAC setup pattern used by agent-launcher service Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com> * fixup * Fix GitHub integration link in Launch Agent modal - Changed link from /sso/v1/integrations/github/add to /sso/v1/integrations/github - Fixes NoResourceFoundException when clicking "Add New GitHub Token" button - Links to existing GitHub integration page in IntegrationController Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com> Co-authored-by: Marc Parisi <phrocker@apache.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR implements a comprehensive JIRA proxy solution that enables agents and compliance tools to interact with JIRA instances through a secure, standardized interface.
Overview
The implementation adds a new
JiraProxyControllerin thellm-proxymodule that mirrors key JIRA REST API endpoints while maintaining the platform's existing authentication and authorization mechanisms.Key Features
🔐 Secure Authentication
BaseControllerinfrastructure@LimitAccessannotations🔌 JIRA API Endpoints
The proxy implements core JIRA REST API endpoints:
/api/v1/jira/rest/api/3/search- Search issues with JQL or text queries/api/v1/jira/rest/api/3/issue/{issueKey}- Get issue status/api/v1/jira/rest/api/3/issue/{issueKey}/comment- Add comments/api/v1/jira/rest/api/3/issue/{issueKey}/assignee- Assign issues📊 Integration & Observability
JiraServicefor actual JIRA operationsExample Usage
Testing & Documentation
Benefits for Compliance Agents
This proxy enables compliance agents to:
Future Enhancements
The foundation supports future extensions like:
Fixes #62.
Warning
Firewall rules blocked me from connecting to one or more addresses
I tried to connect to the following addresses, but was blocked by firewall rules:
repository.jboss.org/usr/lib/jvm/temurin-17-jdk-amd64/bin/java -classpath /usr/share/apache-maven-3.9.9/boot/plexus-classworlds-2.8.0.jar -Dclassworlds.conf=/usr/share/apache-maven-3.9.9/bin/m2.conf -Dmaven.home=/usr/share/apache-maven-3.9.9 -Dlibrary.jansi.path=/usr/share/apache-maven-3.9.9/lib/jansi-native -Dmaven.multiModuleProjectDirectory=/home/REDACTED/work/Sentrius/Sentrius org.codehaus.plexus.classworlds.launcher.Launcher clean compile -DskipTests(dns block)If you need me to access, download, or install something from one of these locations, you can either:
💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.