DEVPROD-27825 Set the default jira comment visibility to developers only#284
Draft
ahartschen wants to merge 2 commits intomainfrom
Draft
DEVPROD-27825 Set the default jira comment visibility to developers only#284ahartschen wants to merge 2 commits intomainfrom
ahartschen wants to merge 2 commits intomainfrom
Conversation
- Add visibility restriction (type: 'role', value: 'Developers') to all comments posted via JiraClient.addComment() - Add JIRA_COMMENT_VISIBILITY_ROLE env var for configuring the role name (defaults to 'Developers') - Add DEFAULT_COMMENT_VISIBILITY_ROLE constant in jira/constants.ts - Update jiraClient unit tests to verify visibility is set This prevents unintended exposure of internal information when commenting on public Jira projects (DEVPROD-27825).
Contributor
|
Cursor Agent can help with this pull request. Just |
ahartschen
commented
Feb 10, 2026
src/config/index.ts
Outdated
| /** SAGE_BOT_SUPPORTED_PROJECTS - comma-separated list of Jira project keys */ | ||
| supportedProjects: string[]; | ||
| /** JIRA_COMMENT_VISIBILITY_ROLE - Jira project role to restrict comment visibility (defaults to "Developers") */ | ||
| jiraCommentVisibilityRole: string; |
Collaborator
Author
There was a problem hiding this comment.
We don't need to specify any config for this. Just the constant in the addComment method will suffice.
Collaborator
Author
|
@cursor address the feedback |
Contributor
|
Addressed the feedback:
All 33 tests pass and lint checks are clean. |
…ibility Address PR feedback: remove JIRA_COMMENT_VISIBILITY_ROLE env var and config property. Use the COMMENT_VISIBILITY_ROLE constant directly in addComment instead.
ahartschen
changed the title
ahartschen
changed the title
Collaborator
Author
|
I had to open an IT ticket for this because we don't have permission to set comments to the Developer role currently. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
DEVPROD-27825
Description
This PR addresses DEVPROD-27825 by defaulting Jira comments to private visibility to prevent unintended exposure of internal information on public projects.
jiraClient.addCommentto include avisibilityproperty, restricting comments to a configurable Jira project role (defaults to "Developers").jiraCommentVisibilityRoleto the application config, allowing the role to be specified via theJIRA_COMMENT_VISIBILITY_ROLEenvironment variable.DEFAULT_COMMENT_VISIBILITY_ROLEconstant.Testing
jiraClient.test.tsto verify thevisibilityproperty is included in theaddCommentAPI call.jiraClient,SageAutoPRBotJiraPollingService, andCursorAgentStatusPollingService. All 25 tests passed.