@stubbedev/atlassian-mcp 0.5.0 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +58 -0
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -254,6 +254,62 @@ instead of `npx`. On these paths `ffmpeg`/`ffprobe` must be available on `PATH`
254
254
  (or set `ATLASSIAN_MCP_FFMPEG_PATH` / `ATLASSIAN_MCP_FFPROBE_PATH`); the npm
255
255
  wrapper bundles them automatically.
256
256
 
257
+ ### Running as an HTTP server (shared / behind a proxy)
258
+
259
+ By default the server speaks MCP over **stdio** (one process per client, launched
260
+ by your editor). It can instead run as a long-lived **Streamable HTTP** server that
261
+ many clients share — useful behind a reverse proxy:
262
+
263
+ ```bash
264
+ atlassian-mcp --http # binds 127.0.0.1:7337
265
+ atlassian-mcp --http 127.0.0.1:9000 # custom address
266
+ ATLASSIAN_MCP_HTTP=1 atlassian-mcp # same, via env
267
+ ```
268
+
269
+ - Single endpoint `POST /mcp` (JSON-RPC) plus an optional `GET /mcp` SSE stream that
270
+ carries server→client requests (`roots/list`, elicitation). The server is **stateful**:
271
+ `initialize` mints a session and returns an `Mcp-Session-Id` header, which the client
272
+ **must** echo on every subsequent request and on the SSE stream. Requests with a
273
+ missing/unknown/expired session id get **HTTP 404** so the client re-initializes
274
+ (standard MCP-client behaviour). Each connected client/worktree is an isolated session.
275
+ - **Auth:** on a loopback bind no token is needed. Binding a non-loopback address
276
+ **requires** `ATLASSIAN_MCP_HTTP_TOKEN` (sent by clients as `Authorization: Bearer …`);
277
+ the server refuses to start otherwise. Terminate TLS at your proxy.
278
+ - **`GET /healthz`** is an unauthenticated liveness probe (returns `ok`) for proxies/load
279
+ balancers. Idle sessions are evicted after 1h.
280
+
281
+ **Repo context comes from the client, not the server's working directory.** Tools that
282
+ need a repo (the `git_*` tools, `get_dev_context`, `start_work`, `complete_work`, and
283
+ Bitbucket project/repo auto-detection) resolve it in this order: an explicit `repoPath`
284
+ argument → a **root pinned via request header** (see below) → the client's **MCP workspace
285
+ roots** (the server asks via `roots/list`, caches per session, and refreshes on
286
+ `notifications/roots/list_changed`) → the process cwd (stdio
287
+ only). So one shared HTTP server handles many worktrees: each client's own workspace drives
288
+ its calls. When a session exposes **several** roots (multiple worktrees), a tool with no
289
+ `repoPath` uses the first git-repo root; pass `repoPath` (an absolute path, or a worktree
290
+ name/basename that matches one of the roots) to target a specific worktree. For Bitbucket,
291
+ passing `projectKey`+`repoSlug` explicitly skips repo detection entirely. The repos must be
292
+ reachable on the server's host (the git tools run `git` locally).
293
+
294
+ **Pinning the root via a request header (HTTP).** A reverse proxy or harness that already
295
+ knows the working tree can hand it to the server directly, skipping the `roots/list`
296
+ round-trip (and working even when the client never advertised the `roots` capability).
297
+ Send a `file://` URI or absolute path (comma-separated for multiple; first git repo wins):
298
+
299
+ ```
300
+ X-Mcp-Root: file:///srv/myrepo
301
+ X-Mcp-Roots: /srv/a, /srv/b
302
+ ```
303
+
304
+ Accepted header names: `X-Mcp-Roots`, `X-Mcp-Root`, `Mcp-Roots`, `Mcp-Root`. A header value
305
+ is authoritative — it takes precedence over `roots/list` and survives `list_changed`.
306
+
307
+ Client config for an already-running HTTP server (Claude Code example):
308
+
309
+ ```bash
310
+ claude mcp add --transport http atlassian http://127.0.0.1:7337/mcp
311
+ ```
312
+
257
313
  ### Attachment decoding pipeline
258
314
 
259
315
  The attachment tools (`jira_get_attachment`, `bitbucket_get_attachment`) decode binary attachments into model-readable content before returning them:
@@ -287,6 +343,8 @@ pure-Go implementation shell out to external binaries:
287
343
 
288
344
  | Variable | Purpose | Default |
289
345
  | --- | --- | --- |
346
+ | `ATLASSIAN_MCP_HTTP` | Run as a Streamable HTTP server instead of stdio. `1`/`true` → `127.0.0.1:7337`; or set an explicit `host:port`. Same as `--http`. | unset (stdio) |
347
+ | `ATLASSIAN_MCP_HTTP_TOKEN` | Bearer token for HTTP mode. Optional on loopback binds; **required** on non-loopback binds. | unset |
290
348
  | `ATLASSIAN_MCP_FFMPEG_PATH` | Path to `ffmpeg` binary. | npm: bundled `ffmpeg-static`; otherwise `ffmpeg` on `PATH` |
291
349
  | `ATLASSIAN_MCP_FFPROBE_PATH` | Path to `ffprobe` binary. | npm: bundled `ffprobe-static`; otherwise `ffprobe` on `PATH` |
292
350
  | `ATLASSIAN_MCP_TMP_TTL_DAYS` | Auto-saved attachments older than this are pruned. | `7` |
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@stubbedev/atlassian-mcp",
3
- "version": "0.5.0",
3
+ "version": "0.5.2",
4
4
  "description": "MCP server for self-hosted Jira and Bitbucket (Go, distributed as a prebuilt binary)",
5
5
  "license": "MIT",
6
6
  "type": "module",