datasecops-cli 0.4.8__tar.gz → 0.5.1__tar.gz

datasecops_cli-0.5.1/.github/workflows/test.yml

@@ -0,0 +1,28 @@
+name: Test
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    name: Test (Python ${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.11', '3.12', '3.13']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install package with test dependencies
+        run: pip install -e ".[test]"
+
+      - name: Run tests
+        run: pytest --tb=short

{datasecops_cli-0.4.8 → datasecops_cli-0.5.1}/CHANGELOG.md

@@ -2,6 +2,52 @@
 
 All notable changes to the DataSecOps CLI are documented in this file.
 
+## [0.5.1] - 2026-06-04
+
+### Added
+
+- **MCP server CLI arguments** — `datasecops-mcp` now accepts `--connection-name` and `--app-database` arguments, eliminating the dependency on `.datasecops.yml` being in the working directory. This fixes connection failures when AI tools (Cortex Code, Cursor, etc.) launch the MCP server from a different working directory.
+- **`init_snowflake_service()` function** — new public API in `datasecops_mcp.connection` to pre-initialize the Snowflake service singleton with explicit parameters.
+
+### Changed
+
+- **MCP registration passes connection details** — all CLI paths that register the MCP server (setup, configuration menu, downloads menu) now pass `--connection-name` and `--app-database` to the registration command and `mcp.json` args.
+- **`DownloadsMenu` accepts `datasecops_config`** — the downloads menu now receives the `DatasecopsConfig` so it can pass connection details during MCP server registration.
+
+## [0.5.0] - 2026-05-21
+
+### Added
+
+- **Work Items MCP tool** — new `get_work_items_config` tool in the MCP server returns the configured ticket system (Azure DevOps, Jira, or GitHub Issues), whether ticket numbers are required, and system-specific connection details. Used by the `new-branch` skill.
+- **WorkItems model** — new `WorkItems` model in `project_config.py` stores ticket system configuration separately from source control.
+
+### Changed
+
+- **`ticket_number_required` moved from Source Control to Work Items** — the ticket requirement is now part of the WORK_ITEMS configuration (separate from SOURCE_CONTROL). The `get_branching_rules` MCP tool no longer includes this field; use `get_work_items_config` instead.
+- **Branch format default updated** — default branch format changed from `{branch_type}/{branch_name}` to `{branch_type}/{ticket_name}_{name}` with explicit placeholders for ticket and description.
+- **Branch creation uses `str.replace()` instead of `str.format()`** — supports the new `{ticket_name}` and `{name}` placeholders in branch format without breaking on missing keys.
+- **`validate_branch_name` reads ticket requirement from WORK_ITEMS** — the MCP validation tool now queries the WORK_ITEMS config for `ticket_number_required` instead of SOURCE_CONTROL.
+- **Config class loads WORK_ITEMS** — `Config.load_from_native_app()` now also fetches the WORK_ITEMS configuration.
+- **Git operations menu accepts work_items** — `GitOperationsMenu` now receives `WorkItems` to determine ticket enforcement during branch creation.
+
+## [0.4.9] - 2026-05-21
+
+### Added
+
+- **Remove from test** — new git menu option to remove a branch from the test integration branch. Displays squash-merged branches by name and drops the selected commit from test's history via rebase, then force-pushes. The test branch is never deleted.
+- **Branch cleanup** — new option in branch management to delete all local branches (except main, test, and current) and prune stale remote tracking references in one step.
+- **Git operations documentation** — `docs/git-operations.md` documenting the full branch strategy, menu structure, and behaviour of each operation.
+- **Ticket integration plan** — `plans/ticket-integration-plan.md` specifying the design for Azure DevOps, Jira, and GitHub Projects ticket fetching during branch creation.
+
+### Changed
+
+- **Squash merge into test rebases onto main first** — prevents drift by rebasing the test branch onto `origin/main` before squash-merging, ensuring test always has main as its base with squash commits layered on top.
+- **Branch creation uses configured `branch_format`** — branch names are now built using the `branch_format` field from the framework's SOURCE_CONTROL config instead of a hardcoded pattern.
+- **Deploy to prod enforced from main only** — production deployments are hardcoded to `force=False` and can only originate from the main branch.
+- **Protected branches** — `main` and `test` cannot be deleted via delete, cleanup, or reset operations.
+- **Stash/restore on branch-switching operations** — squash merge and remove from test now stash uncommitted changes before switching branches and restore them afterward, preventing dirty-tree errors.
+- **Test branch auto-creation** — if neither local nor remote `test` branch exists, it is created from `origin/main` automatically during squash merge or remove operations.
+
 ## [0.4.8] - 2026-05-20
 
 ### Added

{datasecops_cli-0.4.8 → datasecops_cli-0.5.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: datasecops-cli
-Version: 0.4.8
+Version: 0.5.1
 Summary: DataSecOps Framework CLI for Snowflake Native App
 License-Expression: MIT
 License-File: LICENSE
@@ -161,7 +161,7 @@ The package includes an MCP (Model Context Protocol) server that exposes your fr
 **Cortex Code:**
 
 ```bash
-cortex mcp add datasecops-framework -- datasecops-mcp
+cortex mcp add datasecops-framework -- datasecops-mcp --connection-name <CONNECTION> --app-database <APP_DB>
 ```
 
 **VS Code / Cursor** — add to `.vscode/mcp.json` or `.cursor/mcp.json`:
@@ -171,7 +171,7 @@ cortex mcp add datasecops-framework -- datasecops-mcp
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     }
   }
 }

{datasecops_cli-0.4.8 → datasecops_cli-0.5.1}/README.md

@@ -142,7 +142,7 @@ The package includes an MCP (Model Context Protocol) server that exposes your fr
 **Cortex Code:**
 
 ```bash
-cortex mcp add datasecops-framework -- datasecops-mcp
+cortex mcp add datasecops-framework -- datasecops-mcp --connection-name <CONNECTION> --app-database <APP_DB>
 ```
 
 **VS Code / Cursor** — add to `.vscode/mcp.json` or `.cursor/mcp.json`:
@@ -152,7 +152,7 @@ cortex mcp add datasecops-framework -- datasecops-mcp
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     }
   }
 }

{datasecops_cli-0.4.8 → datasecops_cli-0.5.1}/docs/getting-started.md

@@ -156,7 +156,7 @@ Create `.vscode/mcp.json` in your project root:
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     },
     "dbt": {
       "command": "uvx",
@@ -185,7 +185,7 @@ For Azure DevOps instead of GitHub:
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     },
     "dbt": {
       "command": "uvx",
@@ -219,7 +219,7 @@ Add servers from the command line:
 
 ```bash
 # DataSecOps Framework
-cortex mcp add datasecops-framework -- datasecops-mcp
+cortex mcp add datasecops-framework -- datasecops-mcp --connection-name <CONNECTION> --app-database <APP_DB>
 
 # dbt
 cortex mcp add dbt -- uvx dbt-mcp

datasecops_cli-0.5.1/docs/git-operations.md

@@ -0,0 +1,208 @@
+# Git Operations
+
+The CLI provides a structured git workflow designed around a branching strategy where feature branches are squash-merged into a `test` branch for integration testing, and only `main` is deployed to production.
+
+## Branch Strategy
+
+```
+main ─────────────────────────────────────── prod
+  │
+  ├── feature/ticket_name ──┐
+  ├── bugfix/ticket_name  ──┤── squash merge ──► test
+  └── hotfix/ticket_name  ──┘
+```
+
+- `main` is the source of truth and the only branch that deploys to production
+- `test` is an integration branch built on top of main (rebased to prevent drift)
+- Feature/bugfix/hotfix branches are created from main and squash-merged into test
+- Branches can be removed from test without affecting main or other branches on test
+
+## Main Menu
+
+| Option | Name | Description |
+|--------|------|-------------|
+| 1 | Branching | Manage branches (create, checkout, switch, delete, prune, cleanup, reset) |
+| 2 | Commit | Stage all changes and commit with a message, then push |
+| 3 | Push | Push current branch to remote |
+| 4 | Pull | Pull latest changes from remote for current branch |
+| 5 | Rebase | Rebase current branch with main |
+| 6 | Deploy | Deploy to an environment branch (e.g. test, prod) |
+| 7 | Squash to test | Squash merge current branch into test |
+| 8 | Remove from test | Remove a branch's changes from test |
+
+---
+
+## Operations Detail
+
+### 1. Branching
+
+Submenu for branch management operations.
+
+| Option | Name | Description |
+|--------|------|-------------|
+| 1 | New | Create a new branch from main |
+| 2 | Checkout | Checkout a remote branch locally |
+| 3 | Switch | Switch to an existing local branch |
+| 4 | Delete | Delete a local branch (and its remote) |
+| 5 | Prune | Remove stale remote tracking references |
+| 6 | Cleanup | Delete all local branches (except main, test, current) and prune remote |
+| 7 | Reset | Hard reset to main and delete all local branches |
+
+#### New Branch
+
+Creates a branch using the configured `branch_format` (default: `{branch_type}/{ticket_name}_{name}`):
+- Prompts for branch type (feature, bugfix, hotfix — or configured types from Source Control settings)
+- Prompts for ticket number (required or optional based on Work Items config `ticket_number_required`)
+- Prompts for branch name (description)
+- Builds the full name using `format_map` with placeholders: `{branch_type}`, `{ticket_name}`, `{name}`, `{branch_name}` (legacy)
+- Creates from `origin/main`, checks out, and pushes with upstream tracking
+
+> **Tip:** Use the `new-branch` Cortex Code skill instead of the CLI menu for an AI-assisted workflow that also fetches ticket details and creates a plan document.
+
+#### Delete Branch
+
+- Cannot delete the current branch
+- Cannot delete protected branches (`main`, `test`)
+- Deletes both the local branch and the remote branch
+
+#### Cleanup
+
+- Deletes all local branches except `main`, `test`, and the current branch
+- Prunes stale remote tracking references
+
+#### Reset to Main
+
+- Checks out main and hard resets to `origin/main`
+- Deletes all local branches except `main` and `test`
+
+---
+
+### 2. Commit
+
+- Detects uncommitted changes (modified and untracked files)
+- Displays a summary of changed files
+- Prompts for a commit message
+- Stages all changes, commits, and pushes to remote
+
+---
+
+### 3. Push
+
+Pushes the current branch to its remote counterpart.
+
+---
+
+### 4. Pull
+
+Pulls the latest changes from remote for the current branch.
+
+---
+
+### 5. Rebase
+
+Submenu for rebase operations.
+
+| Option | Name | Description |
+|--------|------|-------------|
+| 1 | Rebase | Standard rebase of current branch onto `origin/main` |
+| 2 | Squash & rebase | Squash all commits into one, then rebase onto main |
+| 3 | Continue | Continue rebase after resolving conflicts |
+| 4 | Abort | Abort an in-progress rebase |
+
+#### Standard Rebase
+
+Fetches from origin and rebases the current branch onto `origin/main`. If conflicts occur, you can resolve them and use "continue" or "abort".
+
+#### Squash & Rebase
+
+Soft-resets to the main branch point, creates a single squash commit, then rebases onto `origin/main`. This gives you a clean single commit on top of main.
+
+---
+
+### 6. Deploy
+
+Pushes the current branch to a configured deployment branch.
+
+**Production rules:**
+- Production deployments can only come from the `main` branch
+- If not on main, the CLI will offer to switch to main first
+- Production pushes are never force-pushed
+
+**Non-production environments:**
+- Any branch can be pushed to non-production environments
+- Force-push is used for non-production deployments
+
+---
+
+### 7. Squash to Test
+
+Squash merges the current feature branch into the `test` integration branch.
+
+**Pre-flight checks (before merge):**
+
+1. **Branch must be up to date with main** — if your branch is behind `origin/main`, the merge is rejected. Rebase with main first.
+2. **File conflict detection** — checks if any files modified on your branch are also modified by another branch's squash-merge commit currently on test:
+   - If the conflicting branch **still exists on remote** → merge is **rejected**. You must resolve with the branch owner or remove that branch from test first.
+   - If the conflicting branch **no longer exists** (stale) → the stale commit is **automatically removed** from test before proceeding.
+
+**What it does (after pre-flight passes):**
+1. Stashes any uncommitted changes
+2. Fetches latest from origin
+3. Checks out the `test` branch (creates it from `origin/main` if it doesn't exist)
+4. Pulls latest test
+5. Rebases test onto `origin/main` to prevent drift from main
+6. Squash merges the feature branch into test
+7. Commits with message: `squash merge: {branch_name} into test`
+8. Force-pushes test (required due to the rebase)
+9. Checks out the original branch and restores stashed changes
+
+**Key behaviours:**
+- The test branch always has `main` as its base — squash commits are layered on top
+- Force-push is used because the rebase rewrites test's history to stay aligned with main
+- The commit message naming convention enables the "remove from test" feature
+- File overlap detection prevents two active branches from silently overwriting each other's changes on test
+
+---
+
+### 8. Remove from Test
+
+Removes a previously squash-merged branch from the test branch by dropping its commit from history.
+
+**What it does:**
+1. Fetches latest and lists all squash-merge commits on test (identified by commit message prefix `squash merge:`)
+2. Displays the branches currently on test by name
+3. User selects which branch to remove
+4. Stashes any uncommitted changes
+5. Checks out test
+6. Rebases test, dropping the selected commit: `git rebase --onto <commit>^ <commit> test`
+7. Force-pushes test
+8. Checks out the original branch and restores stashed changes
+
+**Key behaviours:**
+- The commit is completely removed from test's history (not reverted)
+- All other branches on test remain intact
+- The test branch itself is never deleted
+- If the rebase fails (e.g. conflicts), it aborts and returns to the original branch
+
+---
+
+## Protected Branches
+
+The following branches are protected and cannot be deleted:
+- `main` — source of truth, deploys to production
+- `test` — integration branch for testing
+
+These are protected across all operations: delete, cleanup, and reset.
+
+## Error Handling
+
+All operations that switch branches follow a safe pattern:
+1. Stash uncommitted changes before switching
+2. Perform the operation
+3. Switch back to the original branch
+4. Restore stashed changes
+
+If any step fails, the error handler will:
+- Abort any in-progress rebase/revert
+- Switch back to the original branch
+- Restore stashed changes

{datasecops_cli-0.4.8 → datasecops_cli-0.5.1}/docs/mcp-server.md

@@ -13,32 +13,25 @@ pip install datasecops-cli[mcp]
 Run the server:
 
 ```bash
-datasecops-mcp
+datasecops-mcp --connection-name <CONNECTION> --app-database <APP_DB>
 ```
 
 The server communicates via stdio transport and is designed to be launched by an MCP client (not run interactively).
 
+If `--connection-name` and `--app-database` are not provided, the server falls back to reading `.datasecops.yml` from the current working directory.
+
 ## Configuring Your AI Tool
 
 ### Cortex Code
 
-Add to your Cortex Code MCP configuration:
-
-```json
-{
-  "mcpServers": {
-    "datasecops-framework": {
-      "command": "datasecops-mcp",
-      "args": []
-    }
-  }
-}
+```bash
+cortex mcp add datasecops-framework -- datasecops-mcp --connection-name <CONNECTION> --app-database <APP_DB>
 ```
 
 ### Claude Code
 
 ```bash
-claude mcp add datasecops-framework datasecops-mcp
+claude mcp add datasecops-framework datasecops-mcp -- --connection-name <CONNECTION> --app-database <APP_DB>
 ```
 
 ### Cursor / VS Code
@@ -50,7 +43,7 @@ Add to `.cursor/mcp.json` or your IDE's MCP settings:
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     }
   }
 }
@@ -58,7 +51,7 @@ Add to `.cursor/mcp.json` or your IDE's MCP settings:
 
 ## Prerequisites
 
-The MCP server requires a `.datasecops.yml` file in your project root (the same file used by the `datasecops` CLI):
+The MCP server connects to Snowflake using the connection name specified via CLI arguments (or from `.datasecops.yml`):
 
 ```yaml
 connection_name: my_snowflake_connection
@@ -74,7 +67,8 @@ It uses your Snowflake connection from `~/.snowflake/connections.toml` to authen
 
 | Tool | Description |
 |------|-------------|
-| `get_branching_rules` | Branch types, naming conventions, ticket requirements, merge strategies |
+| `get_branching_rules` | Branch types, naming conventions, environment branches, merge strategies |
+| `get_work_items_config` | Work item system (Azure DevOps / Jira / GitHub Issues), ticket requirement, connection details |
 | `get_linting_rules` | SQLFluff rules (dialect, indentation, enabled rule codes) |
 | `get_dbt_packages` | Approved packages with pinned versions |
 | `get_pipeline_config` | CI/CD pipeline YAML templates (GitHub Actions or Azure DevOps) |
@@ -110,6 +104,11 @@ The MCP server works transparently in the background. When you ask your AI assis
 
 ### Example Interactions
 
+**Starting work on a ticket (using the `new-branch` skill):**
+> "Start work on ticket JIRA-456"
+
+The AI calls `get_branching_rules` for branch format and types, `get_work_items_config` for the ticket system, fetches the ticket details via the platform MCP server (Azure DevOps / Atlassian / GitHub), creates a branch like `feature/JIRA-456_add-customer-dim`, and saves the ticket details to a plan document.
+
 **Creating a branch:**
 > "Create a new branch for ticket JIRA-456 to add a customer dimension model"
 
@@ -166,7 +165,7 @@ For full platform integration (PR creation, CI status, issue tracking), add the
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     },
     "github": {
       "command": "npx",
@@ -193,7 +192,7 @@ This enables:
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     },
     "azure-devops": {
       "command": "npx",
@@ -212,8 +211,39 @@ This enables:
 - Creating pull requests with templates
 - Checking build pipeline status
 - Linking to work items
+- Managing and updating work items
 - Managing boards and sprints
 
+### Atlassian (Jira)
+
+The Atlassian Rovo MCP Server provides access to Jira, Confluence, and Compass. Authentication is handled via OAuth 2.1 (browser flow) or API token — no local credentials needed.
+
+```json
+{
+  "mcpServers": {
+    "datasecops-framework": {
+      "command": "datasecops-mcp",
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
+    },
+    "atlassian": {
+      "url": "https://mcp.atlassian.com/v1/mcp/authv2"
+    }
+  }
+}
+```
+
+Or via CLI:
+
+```bash
+cortex mcp add atlassian https://mcp.atlassian.com/v1/mcp/authv2 --transport http
+```
+
+This enables:
+- Searching, creating, and updating Jira issues
+- Reading Confluence pages for context
+- Querying Compass components and dependencies
+- Linking tickets to branches and PRs
+
 ## Combined Workflow Example
 
 With both the framework MCP server and GitHub MCP server configured, a developer can say:

{datasecops_cli-0.4.8 → datasecops_cli-0.5.1}/mcp-servers.json

@@ -2,7 +2,7 @@
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": [],
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"],
       "env": {},
       "description": "DataSecOps Framework governance rules, branching conventions, linting config, and project profiles from your Snowflake Native App"
     },

{datasecops_cli-0.4.8 → datasecops_cli-0.5.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "datasecops-cli"
-version = "0.4.8"
+version = "0.5.1"
 description = "DataSecOps Framework CLI for Snowflake Native App"
 readme = "README.md"
 requires-python = ">=3.10"

datasecops_cli-0.5.1/src/datasecops_cli/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.5.1"

{datasecops_cli-0.4.8 → datasecops_cli-0.5.1}/src/datasecops_cli/config.py

@@ -2,7 +2,7 @@ from pathlib import Path
 from typing import Optional
 
 from datasecops_cli.models.project_config import (
-    DatasecopsConfig, ProjectSettings, SourceControl, ProjectProfile, DbtTarget
+    DatasecopsConfig, ProjectSettings, SourceControl, WorkItems, ProjectProfile, DbtTarget
 )
 from datasecops_cli.utilities.yaml_utils import read_datasecops_config, read_dbt_project
 from datasecops_cli.utilities.display import error_line, info_line
@@ -15,6 +15,7 @@ class Config:
         self.datasecops: DatasecopsConfig = DatasecopsConfig()
         self.project_settings: ProjectSettings = ProjectSettings()
         self.source_control: SourceControl = SourceControl()
+        self.work_items: WorkItems = WorkItems()
         self.profile: Optional[ProjectProfile] = None
         self.all_profiles: list[ProjectProfile] = []
         self.project_dir: Path = Path.cwd()
@@ -77,6 +78,11 @@ class Config:
             if raw:
                 self.source_control = SourceControl(**{k: v for k, v in raw.items() if k in SourceControl.model_fields})
             
+            # Load work items
+            raw = snowflake_service.get_framework_config("WORK_ITEMS")
+            if raw:
+                self.work_items = WorkItems(**{k: v for k, v in raw.items() if k in WorkItems.model_fields})
+            
             # Load project profiles
             profiles_data = snowflake_service.get_project_profiles()
             if profiles_data:

{datasecops_cli-0.4.8 → datasecops_cli-0.5.1}/src/datasecops_cli/main.py

@@ -175,11 +175,12 @@ def _run_setup(project_dir: Path):
     # --- Connect to Snowflake ---
     info_line("")
     info_line("Connecting to Snowflake...")
-    from datasecops_cli.models.project_config import DatasecopsConfig, ProjectSettings, ProjectProfile, SourceControl
+    from datasecops_cli.models.project_config import DatasecopsConfig, ProjectSettings, ProjectProfile, SourceControl, WorkItems
     temp_config = DatasecopsConfig(connection_name=connection_name, app_database=app_database)
     temp_sf = SnowflakeService(temp_config)
     project_settings = ProjectSettings()
     source_control = SourceControl()
+    work_items = WorkItems()
     matched_profile = None
 
     try:
@@ -196,6 +197,11 @@ def _run_setup(project_dir: Path):
         if raw_sc:
             source_control = SourceControl(**{k: v for k, v in raw_sc.items() if k in SourceControl.model_fields})
 
+        # Load WORK_ITEMS settings (for ticket system and ticket_number_required)
+        raw_wi = temp_sf.get_framework_config("WORK_ITEMS")
+        if raw_wi:
+            work_items = WorkItems(**{k: v for k, v in raw_wi.items() if k in WorkItems.model_fields})
+
         # Get account identifier for MCP URL construction
         account_identifier = ""
         try:
@@ -311,11 +317,16 @@ def _run_setup(project_dir: Path):
             info_line("")
             info_line("Adding MCP servers to Cortex Code...")
             try:
-                subprocess.run(["cortex", "mcp", "add", "datasecops-framework", "--", "datasecops-mcp"],
+                subprocess.run(["cortex", "mcp", "add", "datasecops-framework", "--",
+                                "datasecops-mcp", "--connection-name", connection_name,
+                                "--app-database", app_database],
                                capture_output=True, text=True)
                 success_line("Added datasecops-framework MCP server")
             except FileNotFoundError:
-                warning_line("cortex not found — run manually: cortex mcp add datasecops-framework -- datasecops-mcp")
+                warning_line(
+                    "cortex not found — run manually: cortex mcp add datasecops-framework "
+                    f"-- datasecops-mcp --connection-name {connection_name} --app-database {app_database}"
+                )
 
             # Add AI Agent MCP server if enabled
             if ai_agent_mcp_url:
@@ -366,7 +377,10 @@ def _run_setup(project_dir: Path):
             mcp_dir = dir_map.get(tool_choice, ".vscode")
             mcp_path = project_dir / mcp_dir / "mcp.json"
 
-            servers = {"datasecops-framework": {"command": "datasecops-mcp", "args": []}}
+            servers = {"datasecops-framework": {
+                "command": "datasecops-mcp",
+                "args": ["--connection-name", connection_name, "--app-database", app_database],
+            }}
 
             # Add AI Agent MCP server if enabled
             if ai_agent_mcp_url:
@@ -683,7 +697,8 @@ def _main_menu(config: Config, dbt_runner: DbtRunner, git_service: GitService,
         elif option == 2 and git_service:
             git_menu = GitOperationsMenu(
                 git_service, config.source_control,
-                config.get_deployment_branches(), profile_name
+                config.get_deployment_branches(), profile_name,
+                work_items=config.work_items
             )
             git_menu.show()
 
@@ -741,6 +756,7 @@ def _main_menu(config: Config, dbt_runner: DbtRunner, git_service: GitService,
                 profile=config.profile,
                 source_control=config.source_control,
                 all_profiles=config.all_profiles,
+                datasecops_config=config.datasecops,
             )
             dl_menu.show()
 

{datasecops_cli-0.4.8 → datasecops_cli-0.5.1}/src/datasecops_cli/menus/configuration.py

@@ -167,13 +167,19 @@ class ConfigurationMenu:
         info_line("")
         for server in servers:
             if server == "datasecops-framework":
+                conn = self.datasecops_config.connection_name
+                app_db = self.datasecops_config.app_database
                 try:
-                    subprocess.run(["cortex", "mcp", "add", "datasecops-framework",
-                                    "--", "datasecops-mcp"],
+                    subprocess.run(["cortex", "mcp", "add", "datasecops-framework", "--",
+                                    "datasecops-mcp", "--connection-name", conn,
+                                    "--app-database", app_db],
                                    capture_output=True, text=True)
                     success_line("Added datasecops-framework MCP server")
                 except FileNotFoundError:
-                    warning_line("cortex not found — run manually: cortex mcp add datasecops-framework -- datasecops-mcp")
+                    warning_line(
+                        "cortex not found — run manually: cortex mcp add datasecops-framework "
+                        f"-- datasecops-mcp --connection-name {conn} --app-database {app_db}"
+                    )
 
             elif server == "GitHub":
                 token = get_input_string("Enter your GitHub PAT (or press Enter to skip): ", allow_empty=True)
@@ -228,7 +234,12 @@ class ConfigurationMenu:
 
         for server in servers:
             if server == "datasecops-framework":
-                server_config["datasecops-framework"] = {"command": "datasecops-mcp", "args": []}
+                conn = self.datasecops_config.connection_name
+                app_db = self.datasecops_config.app_database
+                server_config["datasecops-framework"] = {
+                    "command": "datasecops-mcp",
+                    "args": ["--connection-name", conn, "--app-database", app_db],
+                }
             elif server == "GitHub":
                 server_config["github"] = {
                     "command": "npx",