jira-ai 1.6.0 → 1.7.1

package/README.md

@@ -365,15 +365,134 @@ jira-ai issue search --query overdue-tasks --limit 10
 
 Saved queries are mutually exclusive with raw JQL — you cannot provide both a positional JQL argument and `--query` at the same time.
 
+## Presets
+
+Predefined configuration presets let you quickly set up permission levels without manually editing `settings.yaml`. Presets configure `allowed-commands`, `allowed-jira-projects`, and `allowed-confluence-spaces` in one step.
+
+The `--preset`, `--list-presets`, `--detect-preset`, `--apply`, `--validate`, and `--reset` flags are mutually exclusive — only one can be used at a time.
+
+### Available Presets
+
+| Preset | Description |
+| :--- | :--- |
+| `read-only` | AI can only observe. No create, update, delete, or transition operations. |
+| `standard` | AI can perform common productive actions but cannot do destructive operations (delete, sprint management). |
+| `my-tasks` | AI has full command access but is restricted to issues where the current user participated (assignee, reporter, commenter, or watcher). |
+| `yolo` | Unrestricted access. The AI can do everything. The name explicitly signals risk. |
+
+#### What each preset allows
+
+- **`read-only`** — `issue get/search/stats/comments/activity/tree/worklog.list/link.list/link.types/attach/list`, `project list/statuses/types/fields`, `user me/search/worklog`, `confl get/spaces/pages/search`, `epic list/get/issues/progress`, `board list/get/config/issues`, `sprint list/get/issues/tree`
+- **`standard`** — Everything in `read-only`, plus `issue create/update/transition/comment/assign/label.add/label.remove/link.create/attach.upload/attach.download/worklog.add/worklog.update`, `confl create/comment/update`, `epic create/update/link/unlink`, `sprint update`
+- **`my-tasks`** — All commands across all domains (`issue`, `project`, `user`, `confl`, `epic`, `board`, `sprint`, `backlog`), but issue visibility is filtered to those where the user participated (see [globalParticipationFilter](#globalparticipationfilter) below)
+- **`yolo`** — All commands, all projects, all Confluence spaces. No restrictions.
+
+### Usage
+
+Apply a preset:
+
+```bash
+jira-ai settings --preset read-only
+jira-ai settings --preset standard
+jira-ai settings --preset my-tasks
+jira-ai settings --preset yolo
+```
+
+List all available presets with their full configuration details:
+
+```bash
+jira-ai settings --list-presets
+```
+
+Detect which preset (if any) your current settings match:
+
+```bash
+jira-ai settings --detect-preset
+```
+
+If your settings don't match any preset exactly, `--detect-preset` reports `custom` and shows the closest match with a diff of added/removed commands.
+
+Reset settings to defaults:
+
+```bash
+jira-ai settings --reset
+```
+
+Validate a settings file without applying it:
+
+```bash
+jira-ai settings --validate my-settings.yaml
+```
+
+Apply a settings file:
+
+```bash
+jira-ai settings --apply my-settings.yaml
+```
+
+View current settings:
+
+```bash
+jira-ai settings
+```
+
+After applying a preset, you can further customize permissions by editing `~/.jira-ai/settings.yaml`. Saved queries are preserved when switching presets.
+
+### globalParticipationFilter
+
+The `my-tasks` preset sets a `globalParticipationFilter` in `settings.yaml` that restricts which issues the AI can see and interact with. Only issues where the current user matches at least one participation criterion are accessible:
+
+```yaml
+defaults:
+  globalParticipationFilter:
+    was_assignee: true
+    was_reporter: true
+    was_commenter: true
+    is_watcher: true
+```
+
+| Field | JQL equivalent | Meaning |
+| :--- | :--- | :--- |
+| `was_assignee` | `assignee was currentUser()` | User was ever assigned to the issue |
+| `was_reporter` | `reporter = currentUser()` | User is the issue reporter |
+| `was_commenter` | `issue in issueHistory()` | User commented on the issue |
+| `is_watcher` | `issue in watchedIssues()` | User is watching the issue |
+
+The filter applies to both search queries (JQL is automatically wrapped) and direct issue access (per-issue validation). You can customize the filter after applying a preset by editing `~/.jira-ai/settings.yaml` — set individual fields to `false` to relax that criterion.
+
 ## Configuration & Restrictions
 
 Tool allows you to have very complex configutations of what Projects/Jira commands/Issue types you would have acess to thought the tool.
-Use this command to start setup: 
+
+### Quick setup with presets
+
+The fastest way to configure permissions is with a preset (see [Presets](#presets) above):
+
+```bash
+jira-ai settings --preset standard
+```
+
+### Manual setup
+
+Use this command to start setup:
 
 ```bash
 jira-ai settings --help
 ```
 
+You can also validate or apply settings from a YAML file:
+
+```bash
+jira-ai settings --validate my-settings.yaml
+jira-ai settings --apply my-settings.yaml
+```
+
+To revert to default settings:
+
+```bash
+jira-ai settings --reset
+```
+
 All avalible commands: [https://github.com/festoinc/jira-ai/blob/main/all_avaliable_commands.md](https://github.com/festoinc/jira-ai/blob/main/all_avaliable_commands.md)
 
 ## Links

package/dist/cli.js

@@ -763,12 +763,19 @@ program
     .option('--apply <path>', 'Validate and apply settings from a YAML file')
     .option('--validate <path>', 'Perform schema and deep validation of a settings YAML file')
     .option('--reset', 'Revert settings to default')
+    .option('--preset <name>', 'Apply a predefined configuration preset (read-only, standard, my-tasks, yolo)')
+    .option('--list-presets', 'List all available predefined presets with their details')
+    .option('--detect-preset', 'Detect which preset (if any) matches current settings')
     .addHelpText('after', `
 Examples:
   $ jira-ai settings
   $ jira-ai settings --validate my-settings.yaml
   $ jira-ai settings --apply my-settings.yaml
   $ jira-ai settings --reset
+  $ jira-ai settings --preset read-only
+  $ jira-ai settings --preset standard
+  $ jira-ai settings --list-presets
+  $ jira-ai settings --detect-preset
 
 Settings File Structure:
   defaults:

package/dist/commands/settings.js

@@ -1,12 +1,40 @@
 import fs from 'fs';
 import yaml from 'js-yaml';
-import { loadSettings, saveSettings, DEFAULT_SETTINGS, migrateSettings } from '../lib/settings.js';
+import { loadSettings, saveSettings, DEFAULT_SETTINGS, migrateSettings, __resetCache__, } from '../lib/settings.js';
 import { SettingsSchema } from '../lib/validation.js';
 import { getProjects } from '../lib/jira-client.js';
 import { CommandError } from '../lib/errors.js';
 import { validateEnvVars } from '../lib/utils.js';
 import { outputResult } from '../lib/json-mode.js';
+import { getPreset, listPresets, detectPreset } from '../lib/presets.js';
 export async function settingsCommand(options) {
+    const presetFlags = [options.preset, options.listPresets, options.detectPreset].filter(Boolean).length;
+    const exclusiveFlags = presetFlags + (options.reset ? 1 : 0) + (options.apply ? 1 : 0) + (options.validate ? 1 : 0);
+    if (exclusiveFlags > 1) {
+        throw new CommandError('--preset, --list-presets, --detect-preset, --reset, --apply, and --validate are mutually exclusive');
+    }
+    if (options.listPresets) {
+        outputResult({ presets: listPresets() });
+        return;
+    }
+    if (options.detectPreset) {
+        const settings = loadSettings();
+        const defaults = settings.defaults || DEFAULT_SETTINGS.defaults;
+        outputResult(detectPreset(defaults));
+        return;
+    }
+    if (options.preset) {
+        const preset = getPreset(options.preset);
+        __resetCache__();
+        const current = loadSettings();
+        const newSettings = {
+            defaults: { ...preset.defaults, ...(preset.globalParticipationFilter ? { globalParticipationFilter: preset.globalParticipationFilter } : {}) },
+            savedQueries: current.savedQueries,
+        };
+        saveSettings(newSettings);
+        outputResult({ success: true, preset: options.preset, message: `Preset applied. Edit ~/.jira-ai/settings.yaml to customize.` });
+        return;
+    }
     if (options.reset) {
         try {
             saveSettings(DEFAULT_SETTINGS);

package/dist/lib/presets.js

@@ -0,0 +1,213 @@
+export const PRESETS = {
+    'read-only': {
+        description: 'AI can only observe. No create, update, delete, or transition operations.',
+        defaults: {
+            'allowed-jira-projects': ['all'],
+            'allowed-commands': [
+                'issue.get',
+                'issue.search',
+                'issue.stats',
+                'issue.comments',
+                'issue.activity',
+                'issue.tree',
+                'issue.worklog.list',
+                'issue.link.list',
+                'issue.link.types',
+                'issue.attach.list',
+                'project.list',
+                'project.statuses',
+                'project.types',
+                'project.fields',
+                'user.me',
+                'user.search',
+                'user.worklog',
+                'confl.get',
+                'confl.spaces',
+                'confl.pages',
+                'confl.search',
+                'epic.list',
+                'epic.get',
+                'epic.issues',
+                'epic.progress',
+                'board.list',
+                'board.get',
+                'board.config',
+                'board.issues',
+                'sprint.list',
+                'sprint.get',
+                'sprint.issues',
+                'sprint.tree',
+            ],
+            'allowed-confluence-spaces': ['all'],
+        },
+    },
+    'standard': {
+        description: 'AI can perform common productive actions but cannot do destructive operations.',
+        defaults: {
+            'allowed-jira-projects': ['all'],
+            'allowed-commands': [
+                'issue.get',
+                'issue.create',
+                'issue.search',
+                'issue.transition',
+                'issue.update',
+                'issue.comment',
+                'issue.stats',
+                'issue.assign',
+                'issue.label.add',
+                'issue.label.remove',
+                'issue.link.list',
+                'issue.link.create',
+                'issue.link.types',
+                'issue.attach.upload',
+                'issue.attach.list',
+                'issue.attach.download',
+                'issue.comments',
+                'issue.activity',
+                'issue.tree',
+                'issue.worklog.list',
+                'issue.worklog.add',
+                'issue.worklog.update',
+                'project.list',
+                'project.statuses',
+                'project.types',
+                'project.fields',
+                'user.me',
+                'user.search',
+                'user.worklog',
+                'confl.get',
+                'confl.spaces',
+                'confl.pages',
+                'confl.create',
+                'confl.comment',
+                'confl.update',
+                'confl.search',
+                'epic.list',
+                'epic.get',
+                'epic.create',
+                'epic.update',
+                'epic.issues',
+                'epic.link',
+                'epic.unlink',
+                'epic.progress',
+                'board.list',
+                'board.get',
+                'board.config',
+                'board.issues',
+                'sprint.list',
+                'sprint.get',
+                'sprint.issues',
+                'sprint.tree',
+                'sprint.update',
+            ],
+            'allowed-confluence-spaces': ['all'],
+        },
+    },
+    'my-tasks': {
+        description: 'AI has full command access but restricted to issues where the current user participated.',
+        defaults: {
+            'allowed-jira-projects': ['all'],
+            'allowed-commands': [
+                'issue',
+                'project',
+                'user',
+                'confl',
+                'epic',
+                'board',
+                'sprint',
+                'backlog',
+            ],
+            'allowed-confluence-spaces': ['all'],
+        },
+        globalParticipationFilter: {
+            was_assignee: true,
+            was_reporter: true,
+            was_commenter: true,
+            is_watcher: true,
+        },
+    },
+    'yolo': {
+        description: 'Unrestricted access. The AI can do everything. The name explicitly signals risk.',
+        defaults: {
+            'allowed-jira-projects': ['all'],
+            'allowed-commands': ['all'],
+            'allowed-confluence-spaces': ['all'],
+        },
+    },
+};
+export function getPreset(name) {
+    const preset = PRESETS[name];
+    if (!preset) {
+        const available = Object.keys(PRESETS).join(', ');
+        throw new Error(`Unknown preset "${name}". Available presets: ${available}`);
+    }
+    return preset;
+}
+export function listPresets() {
+    const result = {};
+    for (const [name, preset] of Object.entries(PRESETS)) {
+        result[name] = {
+            description: preset.description,
+            'allowed-commands': preset.defaults['allowed-commands'],
+            'allowed-jira-projects': preset.defaults['allowed-jira-projects'],
+            'allowed-confluence-spaces': preset.defaults['allowed-confluence-spaces'],
+            ...(preset.globalParticipationFilter !== undefined && { globalParticipationFilter: preset.globalParticipationFilter }),
+        };
+    }
+    return result;
+}
+export function detectPreset(settings) {
+    for (const [name, preset] of Object.entries(PRESETS)) {
+        if (settingsMatchPreset(settings, preset.defaults, preset.globalParticipationFilter)) {
+            return {
+                current: name,
+                description: `Your settings match the '${name}' preset.`,
+            };
+        }
+    }
+    // Find closest match
+    let closestMatch;
+    let minDiff = Infinity;
+    for (const [name, preset] of Object.entries(PRESETS)) {
+        const currentCmds = new Set(settings['allowed-commands']);
+        const presetCmds = new Set(preset.defaults['allowed-commands']);
+        const added = [...currentCmds].filter(c => !presetCmds.has(c));
+        const removed = [...presetCmds].filter(c => !currentCmds.has(c));
+        const diff = added.length + removed.length;
+        if (diff < minDiff) {
+            minDiff = diff;
+            closestMatch = name;
+        }
+    }
+    const closestPreset = closestMatch ? PRESETS[closestMatch] : undefined;
+    const currentCmds = new Set(settings['allowed-commands']);
+    const presetCmds = closestPreset ? new Set(closestPreset.defaults['allowed-commands']) : new Set();
+    const addedCommands = [...currentCmds].filter(c => !presetCmds.has(c));
+    const removedCommands = [...presetCmds].filter(c => !currentCmds.has(c));
+    return {
+        current: 'custom',
+        description: 'Your settings do not match any predefined preset.',
+        closestMatch,
+        differences: {
+            addedCommands,
+            removedCommands,
+        },
+    };
+}
+function settingsMatchPreset(settings, presetDefaults, presetGlobalFilter) {
+    const settingsCmds = [...settings['allowed-commands']].sort();
+    const presetCmds = [...presetDefaults['allowed-commands']].sort();
+    if (JSON.stringify(settingsCmds) !== JSON.stringify(presetCmds))
+        return false;
+    const settingsProjects = [...settings['allowed-jira-projects']].map(p => typeof p === 'string' ? p : JSON.stringify(p)).sort();
+    const presetProjects = [...presetDefaults['allowed-jira-projects']].map(p => typeof p === 'string' ? p : JSON.stringify(p)).sort();
+    if (JSON.stringify(settingsProjects) !== JSON.stringify(presetProjects))
+        return false;
+    const settingsSpaces = [...settings['allowed-confluence-spaces']].sort();
+    const presetSpaces = [...presetDefaults['allowed-confluence-spaces']].sort();
+    if (JSON.stringify(settingsSpaces) !== JSON.stringify(presetSpaces))
+        return false;
+    if (JSON.stringify(settings.globalParticipationFilter ?? null) !== JSON.stringify(presetGlobalFilter ?? null))
+        return false;
+    return true;
+}

package/dist/lib/settings.js

@@ -249,12 +249,41 @@ export function getAllowedConfluenceSpaces() {
     const settings = getEffectiveSettings();
     return settings ? settings['allowed-confluence-spaces'] : ['all'];
 }
+function buildParticipationJql(filter) {
+    const parts = [];
+    if (filter.was_assignee)
+        parts.push('assignee was currentUser()');
+    if (filter.was_reporter)
+        parts.push('reporter = currentUser()');
+    if (filter.was_commenter)
+        parts.push('issue in issueHistory()');
+    if (filter.is_watcher)
+        parts.push('issue in watchedIssues()');
+    return parts.join(' OR ');
+}
 export function applyGlobalFilters(jql) {
     const settings = getEffectiveSettings();
     if (!settings)
         return jql;
     const allAllowed = settings['allowed-jira-projects'].some(p => p === 'all');
     if (allAllowed) {
+        // When globalParticipationFilter is set, inject participation-based JQL so
+        // issue.search is restricted to issues the user participated in (not just individual
+        // issue actions which validateIssueAgainstFilters already gates).
+        if (settings.globalParticipationFilter) {
+            const participationJql = buildParticipationJql(settings.globalParticipationFilter);
+            if (participationJql) {
+                let filterPart = jql;
+                let orderByPart = '';
+                const orderByMatch = jql.match(/(.*)\bORDER BY\b(.*)/i);
+                if (orderByMatch) {
+                    filterPart = orderByMatch[1].trim();
+                    orderByPart = ` ORDER BY ${orderByMatch[2].trim()}`;
+                }
+                const filterJql = filterPart.trim() ? ` AND (${filterPart})` : '';
+                return `(${participationJql})${filterJql}${orderByPart}`;
+            }
+        }
         return jql;
     }
     // Handle ORDER BY
@@ -297,8 +326,23 @@ export function validateIssueAgainstFilters(issue, currentUserId) {
     if (!project) {
         return false;
     }
-    if (typeof project === 'string')
+    if (typeof project === 'string') {
+        // Apply global participation filter when project is 'all' and globalParticipationFilter is set
+        if (project === 'all' && settings.globalParticipationFilter) {
+            const participated = settings.globalParticipationFilter;
+            let hasParticipated = false;
+            if (participated.was_assignee && issue.assignee?.accountId === currentUserId)
+                hasParticipated = true;
+            if (participated.was_reporter && issue.reporter?.accountId === currentUserId)
+                hasParticipated = true;
+            if (participated.was_commenter && issue.comments?.some((c) => c.author?.accountId === currentUserId))
+                hasParticipated = true;
+            if (participated.is_watcher && issue.watchers?.includes('CURRENT_USER'))
+                hasParticipated = true;
+            return hasParticipated;
+        }
         return true;
+    }
     if (project.filters?.participated) {
         const { participated } = project.filters;
         let hasParticipated = false;

package/dist/lib/validation.js

@@ -158,6 +158,12 @@ export const OrganizationSettingsSchema = z.object({
     'allowed-jira-projects': z.array(ProjectSettingSchema).nullish().transform(val => val || ['all']),
     'allowed-commands': z.array(z.string()).nullish().transform(val => val || DEFAULT_ALLOWED_COMMANDS),
     'allowed-confluence-spaces': z.array(z.string()).nullish().transform(val => val || ['all']),
+    globalParticipationFilter: z.object({
+        was_assignee: z.boolean().optional(),
+        was_reporter: z.boolean().optional(),
+        was_commenter: z.boolean().optional(),
+        is_watcher: z.boolean().optional(),
+    }).optional(),
 });
 export const SavedQueryNameSchema = z.string().regex(/^[a-z0-9][a-z0-9-]*[a-z0-9]$|^[a-z0-9]$/, 'Query name must be lowercase alphanumeric with hyphens (e.g., "my-query"), cannot start or end with a hyphen');
 export const SettingsSchema = z.object({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jira-ai",
-  "version": "1.6.0",
+  "version": "1.7.1",
   "description": "AI friendly Jira CLI to save context",
   "type": "module",
   "main": "dist/cli.js",