datasecops-cli 0.4.9__tar.gz → 0.5.2__tar.gz

datasecops_cli-0.5.2/.github/workflows/test.yml

@@ -0,0 +1,28 @@
+name: Test
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    name: Test (Python ${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.11', '3.12', '3.13']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install package with test dependencies
+        run: pip install -e ".[test]"
+
+      - name: Run tests
+        run: pytest --tb=short

{datasecops_cli-0.4.9 → datasecops_cli-0.5.2}/CHANGELOG.md

@@ -2,6 +2,55 @@
 
 All notable changes to the DataSecOps CLI are documented in this file.
 
+## [0.5.2] - 2026-06-05
+
+### Added
+
+- **`get_sqlfluff_config` MCP tool** — exposes the rendered `.sqlfluff` INI config file from the native app, allowing AI tools to retrieve the exact linting configuration without needing a local `.sqlfluff` file.
+- **`get_documentation` MCP tool** — exposes framework documentation topics (model development, data governance, deployment, etc.) so AI tools can reference framework conventions directly.
+
+### Changed
+
+- **Cortex Code MCP config is now project-level** — MCP server registration for Cortex Code now writes `.snowflake/cortex/mcp.json` in the project root instead of calling `cortex mcp add`. This enables project-scoped MCP servers in Cortex Code Desktop and removes the dependency on the `cortex` binary being installed.
+- **All MCP servers included in Cortex Code config** — the datasecops-framework, GitHub, Azure DevOps, and dbt MCP servers are all written to the project-level config file with `"type": "stdio"` field.
+- **Cortex Code always available as an AI tool option** — removed the `shutil.which("cortex")` check since we no longer need the cortex binary for MCP configuration.
+- **Expanded `_ALLOWED_PROCEDURES`** — added `get_sqlfluff_config_file` and `get_documentation` to the MCP connection allowlist.
+
+### Fixed
+
+- **Linting now installs dbt-snowflake at framework-pinned version** — the CLI lint menu fetches both SQLFluff and dbt requirements from the native app and ensures all packages (including `dbt-core` and `dbt-snowflake`) are installed at the correct versions before linting.
+- **Linting runs `dbt deps` if packages are missing** — if `packages.yml` exists but `dbt_packages/` is empty, `dbt deps` is run automatically before linting to satisfy the sqlfluff dbt templater.
+- **Default `.sqlfluffignore` created on first lint** — excludes `target/`, `dbt_packages/`, `dbt_modules/`, `logs/`, `macros/`, `models/cortex/agents`, `models/cortex/semantic_views`, `objects/stages/config/`, and `objects/file_formats/config/`.
+- **MCP linting tools check for dbt-snowflake** — the MCP server lint/fix tools now verify `dbt-snowflake` is installed (and install it if missing) before running SQLFluff.
+
+## [0.5.1] - 2026-06-04
+
+### Added
+
+- **MCP server CLI arguments** — `datasecops-mcp` now accepts `--connection-name` and `--app-database` arguments, eliminating the dependency on `.datasecops.yml` being in the working directory. This fixes connection failures when AI tools (Cortex Code, Cursor, etc.) launch the MCP server from a different working directory.
+- **`init_snowflake_service()` function** — new public API in `datasecops_mcp.connection` to pre-initialize the Snowflake service singleton with explicit parameters.
+
+### Changed
+
+- **MCP registration passes connection details** — all CLI paths that register the MCP server (setup, configuration menu, downloads menu) now pass `--connection-name` and `--app-database` to the registration command and `mcp.json` args.
+- **`DownloadsMenu` accepts `datasecops_config`** — the downloads menu now receives the `DatasecopsConfig` so it can pass connection details during MCP server registration.
+
+## [0.5.0] - 2026-05-21
+
+### Added
+
+- **Work Items MCP tool** — new `get_work_items_config` tool in the MCP server returns the configured ticket system (Azure DevOps, Jira, or GitHub Issues), whether ticket numbers are required, and system-specific connection details. Used by the `new-branch` skill.
+- **WorkItems model** — new `WorkItems` model in `project_config.py` stores ticket system configuration separately from source control.
+
+### Changed
+
+- **`ticket_number_required` moved from Source Control to Work Items** — the ticket requirement is now part of the WORK_ITEMS configuration (separate from SOURCE_CONTROL). The `get_branching_rules` MCP tool no longer includes this field; use `get_work_items_config` instead.
+- **Branch format default updated** — default branch format changed from `{branch_type}/{branch_name}` to `{branch_type}/{ticket_name}_{name}` with explicit placeholders for ticket and description.
+- **Branch creation uses `str.replace()` instead of `str.format()`** — supports the new `{ticket_name}` and `{name}` placeholders in branch format without breaking on missing keys.
+- **`validate_branch_name` reads ticket requirement from WORK_ITEMS** — the MCP validation tool now queries the WORK_ITEMS config for `ticket_number_required` instead of SOURCE_CONTROL.
+- **Config class loads WORK_ITEMS** — `Config.load_from_native_app()` now also fetches the WORK_ITEMS configuration.
+- **Git operations menu accepts work_items** — `GitOperationsMenu` now receives `WorkItems` to determine ticket enforcement during branch creation.
+
 ## [0.4.9] - 2026-05-21
 
 ### Added

{datasecops_cli-0.4.9 → datasecops_cli-0.5.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: datasecops-cli
-Version: 0.4.9
+Version: 0.5.2
 Summary: DataSecOps Framework CLI for Snowflake Native App
 License-Expression: MIT
 License-File: LICENSE
@@ -158,10 +158,60 @@ The package includes an MCP (Model Context Protocol) server that exposes your fr
 
 ### Setup for AI Tools
 
-**Cortex Code:**
+**Cortex Code** — add to `.snowflake/cortex/mcp.json` in your project root:
 
-```bash
-cortex mcp add datasecops-framework -- datasecops-mcp
+```json
+{
+  "mcpServers": {
+    "datasecops-framework": {
+      "type": "stdio",
+      "command": "datasecops-mcp",
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
+    },
+    "github": {
+      "type": "stdio",
+      "command": "npx",
+      "args": ["-y", "@modelcontextprotocol/server-github"],
+      "env": {
+        "GITHUB_PERSONAL_ACCESS_TOKEN": "<your-github-pat>"
+      }
+    },
+    "dbt": {
+      "type": "stdio",
+      "command": "uvx",
+      "args": ["dbt-mcp"]
+    }
+  }
+}
+```
+
+For Azure DevOps instead of GitHub:
+
+```json
+{
+  "mcpServers": {
+    "datasecops-framework": {
+      "type": "stdio",
+      "command": "datasecops-mcp",
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
+    },
+    "azure-devops": {
+      "type": "stdio",
+      "command": "npx",
+      "args": ["-y", "@tiberriver256/mcp-server-azure-devops"],
+      "env": {
+        "AZURE_DEVOPS_ORG_URL": "https://dev.azure.com/<your-org>",
+        "AZURE_DEVOPS_AUTH_METHOD": "pat",
+        "AZURE_DEVOPS_PAT": "<your-azure-pat>"
+      }
+    },
+    "dbt": {
+      "type": "stdio",
+      "command": "uvx",
+      "args": ["dbt-mcp"]
+    }
+  }
+}
 ```
 
 **VS Code / Cursor** — add to `.vscode/mcp.json` or `.cursor/mcp.json`:
@@ -171,7 +221,7 @@ cortex mcp add datasecops-framework -- datasecops-mcp
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     }
   }
 }

{datasecops_cli-0.4.9 → datasecops_cli-0.5.2}/README.md

@@ -139,10 +139,60 @@ The package includes an MCP (Model Context Protocol) server that exposes your fr
 
 ### Setup for AI Tools
 
-**Cortex Code:**
+**Cortex Code** — add to `.snowflake/cortex/mcp.json` in your project root:
 
-```bash
-cortex mcp add datasecops-framework -- datasecops-mcp
+```json
+{
+  "mcpServers": {
+    "datasecops-framework": {
+      "type": "stdio",
+      "command": "datasecops-mcp",
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
+    },
+    "github": {
+      "type": "stdio",
+      "command": "npx",
+      "args": ["-y", "@modelcontextprotocol/server-github"],
+      "env": {
+        "GITHUB_PERSONAL_ACCESS_TOKEN": "<your-github-pat>"
+      }
+    },
+    "dbt": {
+      "type": "stdio",
+      "command": "uvx",
+      "args": ["dbt-mcp"]
+    }
+  }
+}
+```
+
+For Azure DevOps instead of GitHub:
+
+```json
+{
+  "mcpServers": {
+    "datasecops-framework": {
+      "type": "stdio",
+      "command": "datasecops-mcp",
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
+    },
+    "azure-devops": {
+      "type": "stdio",
+      "command": "npx",
+      "args": ["-y", "@tiberriver256/mcp-server-azure-devops"],
+      "env": {
+        "AZURE_DEVOPS_ORG_URL": "https://dev.azure.com/<your-org>",
+        "AZURE_DEVOPS_AUTH_METHOD": "pat",
+        "AZURE_DEVOPS_PAT": "<your-azure-pat>"
+      }
+    },
+    "dbt": {
+      "type": "stdio",
+      "command": "uvx",
+      "args": ["dbt-mcp"]
+    }
+  }
+}
 ```
 
 **VS Code / Cursor** — add to `.vscode/mcp.json` or `.cursor/mcp.json`:
@@ -152,7 +202,7 @@ cortex mcp add datasecops-framework -- datasecops-mcp
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     }
   }
 }

{datasecops_cli-0.4.9 → datasecops_cli-0.5.2}/docs/getting-started.md

@@ -156,7 +156,7 @@ Create `.vscode/mcp.json` in your project root:
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     },
     "dbt": {
       "command": "uvx",
@@ -185,7 +185,7 @@ For Azure DevOps instead of GitHub:
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     },
     "dbt": {
       "command": "uvx",
@@ -215,20 +215,23 @@ Create `.cursor/mcp.json` in your project root with the same format as above.
 
 ### Cortex Code (CoCo)
 
-Add servers from the command line:
+Create `.snowflake/cortex/mcp.json` in your project root:
 
-```bash
-# DataSecOps Framework
-cortex mcp add datasecops-framework -- datasecops-mcp
-
-# dbt
-cortex mcp add dbt -- uvx dbt-mcp
-
-# GitHub
-cortex mcp add github -e GITHUB_PERSONAL_ACCESS_TOKEN=$GITHUB_TOKEN -- npx -y @modelcontextprotocol/server-github
-
-# OR Azure DevOps
-cortex mcp add azure-devops -e AZURE_DEVOPS_ORG_URL=$AZURE_DEVOPS_ORG_URL -e AZURE_DEVOPS_AUTH_METHOD=pat -e AZURE_DEVOPS_PAT=$AZURE_DEVOPS_PAT -- npx -y @tiberriver256/mcp-server-azure-devops
+```json
+{
+  "mcpServers": {
+    "datasecops-framework": {
+      "type": "stdio",
+      "command": "datasecops-mcp",
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
+    },
+    "dbt": {
+      "type": "stdio",
+      "command": "uvx",
+      "args": ["dbt-mcp"]
+    }
+  }
+}
 ```
 
 Verify all servers are connected:

{datasecops_cli-0.4.9 → datasecops_cli-0.5.2}/docs/git-operations.md

@@ -50,12 +50,15 @@ Submenu for branch management operations.
 
 #### New Branch
 
-Creates a branch using the naming convention `{type}/{ticket}_{name}`:
-- Prompts for branch type (feature, bugfix, hotfix — or configured types)
-- Prompts for ticket number (required or optional based on config)
-- Prompts for branch name
+Creates a branch using the configured `branch_format` (default: `{branch_type}/{ticket_name}_{name}`):
+- Prompts for branch type (feature, bugfix, hotfix — or configured types from Source Control settings)
+- Prompts for ticket number (required or optional based on Work Items config `ticket_number_required`)
+- Prompts for branch name (description)
+- Builds the full name using `format_map` with placeholders: `{branch_type}`, `{ticket_name}`, `{name}`, `{branch_name}` (legacy)
 - Creates from `origin/main`, checks out, and pushes with upstream tracking
 
+> **Tip:** Use the `new-branch` Cortex Code skill instead of the CLI menu for an AI-assisted workflow that also fetches ticket details and creates a plan document.
+
 #### Delete Branch
 
 - Cannot delete the current branch

{datasecops_cli-0.4.9 → datasecops_cli-0.5.2}/docs/mcp-server.md

@@ -13,23 +13,26 @@ pip install datasecops-cli[mcp]
 Run the server:
 
 ```bash
-datasecops-mcp
+datasecops-mcp --connection-name <CONNECTION> --app-database <APP_DB>
 ```
 
 The server communicates via stdio transport and is designed to be launched by an MCP client (not run interactively).
 
+If `--connection-name` and `--app-database` are not provided, the server falls back to reading `.datasecops.yml` from the current working directory.
+
 ## Configuring Your AI Tool
 
 ### Cortex Code
 
-Add to your Cortex Code MCP configuration:
+Create `.snowflake/cortex/mcp.json` in your project root:
 
 ```json
 {
   "mcpServers": {
     "datasecops-framework": {
+      "type": "stdio",
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     }
   }
 }
@@ -38,7 +41,7 @@ Add to your Cortex Code MCP configuration:
 ### Claude Code
 
 ```bash
-claude mcp add datasecops-framework datasecops-mcp
+claude mcp add datasecops-framework datasecops-mcp -- --connection-name <CONNECTION> --app-database <APP_DB>
 ```
 
 ### Cursor / VS Code
@@ -50,7 +53,7 @@ Add to `.cursor/mcp.json` or your IDE's MCP settings:
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     }
   }
 }
@@ -58,7 +61,7 @@ Add to `.cursor/mcp.json` or your IDE's MCP settings:
 
 ## Prerequisites
 
-The MCP server requires a `.datasecops.yml` file in your project root (the same file used by the `datasecops` CLI):
+The MCP server connects to Snowflake using the connection name specified via CLI arguments (or from `.datasecops.yml`):
 
 ```yaml
 connection_name: my_snowflake_connection
@@ -74,7 +77,8 @@ It uses your Snowflake connection from `~/.snowflake/connections.toml` to authen
 
 | Tool | Description |
 |------|-------------|
-| `get_branching_rules` | Branch types, naming conventions, ticket requirements, merge strategies |
+| `get_branching_rules` | Branch types, naming conventions, environment branches, merge strategies |
+| `get_work_items_config` | Work item system (Azure DevOps / Jira / GitHub Issues), ticket requirement, connection details |
 | `get_linting_rules` | SQLFluff rules (dialect, indentation, enabled rule codes) |
 | `get_dbt_packages` | Approved packages with pinned versions |
 | `get_pipeline_config` | CI/CD pipeline YAML templates (GitHub Actions or Azure DevOps) |
@@ -110,6 +114,11 @@ The MCP server works transparently in the background. When you ask your AI assis
 
 ### Example Interactions
 
+**Starting work on a ticket (using the `new-branch` skill):**
+> "Start work on ticket JIRA-456"
+
+The AI calls `get_branching_rules` for branch format and types, `get_work_items_config` for the ticket system, fetches the ticket details via the platform MCP server (Azure DevOps / Atlassian / GitHub), creates a branch like `feature/JIRA-456_add-customer-dim`, and saves the ticket details to a plan document.
+
 **Creating a branch:**
 > "Create a new branch for ticket JIRA-456 to add a customer dimension model"
 
@@ -166,7 +175,7 @@ For full platform integration (PR creation, CI status, issue tracking), add the
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     },
     "github": {
       "command": "npx",
@@ -193,7 +202,7 @@ This enables:
   "mcpServers": {
     "datasecops-framework": {
       "command": "datasecops-mcp",
-      "args": []
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
     },
     "azure-devops": {
       "command": "npx",
@@ -212,8 +221,39 @@ This enables:
 - Creating pull requests with templates
 - Checking build pipeline status
 - Linking to work items
+- Managing and updating work items
 - Managing boards and sprints
 
+### Atlassian (Jira)
+
+The Atlassian Rovo MCP Server provides access to Jira, Confluence, and Compass. Authentication is handled via OAuth 2.1 (browser flow) or API token — no local credentials needed.
+
+```json
+{
+  "mcpServers": {
+    "datasecops-framework": {
+      "command": "datasecops-mcp",
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
+    },
+    "atlassian": {
+      "url": "https://mcp.atlassian.com/v1/mcp/authv2"
+    }
+  }
+}
+```
+
+Or via CLI:
+
+```bash
+cortex mcp add atlassian https://mcp.atlassian.com/v1/mcp/authv2 --transport http
+```
+
+This enables:
+- Searching, creating, and updating Jira issues
+- Reading Confluence pages for context
+- Querying Compass components and dependencies
+- Linking tickets to branches and PRs
+
 ## Combined Workflow Example
 
 With both the framework MCP server and GitHub MCP server configured, a developer can say:

{datasecops_cli-0.4.9 → datasecops_cli-0.5.2}/mcp-servers.json

@@ -1,12 +1,13 @@
 {
   "mcpServers": {
     "datasecops-framework": {
+      "type": "stdio",
       "command": "datasecops-mcp",
-      "args": [],
-      "env": {},
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"],
       "description": "DataSecOps Framework governance rules, branching conventions, linting config, and project profiles from your Snowflake Native App"
     },
     "github": {
+      "type": "stdio",
       "command": "npx",
       "args": ["-y", "@modelcontextprotocol/server-github"],
       "env": {
@@ -15,6 +16,7 @@
       "description": "GitHub API access for PRs, issues, checks, and repository management"
     },
     "azure-devops": {
+      "type": "stdio",
       "command": "npx",
       "args": ["-y", "@tiberriver256/mcp-server-azure-devops"],
       "env": {
@@ -23,6 +25,12 @@
         "AZURE_DEVOPS_PAT": "<your-azure-pat>"
       },
       "description": "Azure DevOps API access for PRs, pipelines, work items, and boards"
+    },
+    "dbt": {
+      "type": "stdio",
+      "command": "uvx",
+      "args": ["dbt-mcp"],
+      "description": "dbt lineage, model discovery, codegen, and semantic layer"
     }
   }
 }

{datasecops_cli-0.4.9 → datasecops_cli-0.5.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "datasecops-cli"
-version = "0.4.9"
+version = "0.5.2"
 description = "DataSecOps Framework CLI for Snowflake Native App"
 readme = "README.md"
 requires-python = ">=3.10"

datasecops_cli-0.5.2/src/datasecops_cli/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.5.2"

{datasecops_cli-0.4.9 → datasecops_cli-0.5.2}/src/datasecops_cli/config.py

@@ -2,7 +2,7 @@ from pathlib import Path
 from typing import Optional
 
 from datasecops_cli.models.project_config import (
-    DatasecopsConfig, ProjectSettings, SourceControl, ProjectProfile, DbtTarget
+    DatasecopsConfig, ProjectSettings, SourceControl, WorkItems, ProjectProfile, DbtTarget
 )
 from datasecops_cli.utilities.yaml_utils import read_datasecops_config, read_dbt_project
 from datasecops_cli.utilities.display import error_line, info_line
@@ -15,6 +15,7 @@ class Config:
         self.datasecops: DatasecopsConfig = DatasecopsConfig()
         self.project_settings: ProjectSettings = ProjectSettings()
         self.source_control: SourceControl = SourceControl()
+        self.work_items: WorkItems = WorkItems()
         self.profile: Optional[ProjectProfile] = None
         self.all_profiles: list[ProjectProfile] = []
         self.project_dir: Path = Path.cwd()
@@ -77,6 +78,11 @@ class Config:
             if raw:
                 self.source_control = SourceControl(**{k: v for k, v in raw.items() if k in SourceControl.model_fields})
             
+            # Load work items
+            raw = snowflake_service.get_framework_config("WORK_ITEMS")
+            if raw:
+                self.work_items = WorkItems(**{k: v for k, v in raw.items() if k in WorkItems.model_fields})
+            
             # Load project profiles
             profiles_data = snowflake_service.get_project_profiles()
             if profiles_data: