Merge branch 'main' into removing-redundant-safejaonparse

Author: teg-atlassian

CHANGELOG.md

@@ -2,10 +2,15 @@
 
 ## What's new in 4.0.27
 
+### Improvements
+
+- **RovoDev**: Generalized MCP tool parsing in chat UI to support any MCP toolset via regex matching (`mcp__<name>__invoke_tool` / `mcp__<name>__get_tool_schema`) instead of hardcoded tool names
+
 ### Bug Fixes
 
 - Fixed "Please log in again" error message for disabled products so Jira-only and Bitbucket-only users do not see the other product's connection error on startup
 - Fixed duplicate remote creation when checking out PR branches from forked repositories - the extension now reuses existing remotes that point to the same repository
+- **Bitbucket (and Jira) Cloud OAuth**: Fixed repeated disconnections after one or two operations. OAuth API clients were not using the auth interceptor
 
 ## What's new in 4.0.25
 
@@ -61,7 +66,7 @@
 - **RovoDev**: Fixed chat message not appearing when clicking "Fix with Rovo Dev" before the chat view is fully initialized - now waits for the webview to be ready before executing the chat command
 - Fixed "Cannot read properties of undefined (reading 'initiateApiTokenAuth')" error
 - Fixed the bug that prevented users from editing selected values in the landing page for Rovo Dev.
-- **RovoDev**: Hide chat action buttons during plan workflows and remove the Generate Code button when a plan is scrapped
+  **RovoDev**: Hide chat action buttons during plan workflows and remove the Generate Code button when a plan is scrapped
 
 ## What's new in 4.0.22
 

scripts/release.sh

@@ -1,39 +1,14 @@
 #!/bin/bash 
 set -e
 
-# Check for dry flag (must be first argument)
-DRY_RUN=false
-if [ "$1" = "dry" ]; then
-  DRY_RUN=true
-  echo "========================================="
-  echo "DRY RUN MODE - No remote push"
-  echo "========================================="
-fi
-
-echo "========================================="
-echo "Automated Stable Release Script"
-echo "========================================="
+git checkout main
+git pull origin main
 
 # If no version provided, calculate it automatically
 if [ -z "$VERSION" ]; then
-  echo ""
   echo "No version provided. Calculating next stable version..."
 
-  # Step 1: Always start from main
-  echo ""
-  echo "Step 1: Switching to main branch..."
-  git checkout main
-  
-  # Step 2: Fetch and update from remote
-  echo ""
-  echo "Step 2: Fetching and updating from remote..."
-  git fetch origin
-  git pull origin main
-  git fetch --tags --force
-  
-  # Step 3: Calculate the latest version number
-  echo ""
-  echo "Step 3: Calculating next stable version..."
+  # Calculate the latest version number
   latest_stable_version=$(./scripts/version/get-latest-stable.sh)
   echo "Latest stable version: $latest_stable_version"
 
@@ -47,111 +22,21 @@ if [ -z "$VERSION" ]; then
   VERSION="$major.$minor.$next_patch"
 
   echo "Next stable version: $VERSION"
-else
-  echo ""
-  echo "Using provided version: $VERSION"
-  
-  # Ensure we're on main and up to date
-  echo ""
-  echo "Switching to main branch and updating..."
-  git checkout main
-  git fetch origin
-  git pull origin main
-  git fetch --tags --force
 fi
 
-# Validate the version is stable
-echo ""
-echo "Validating version is stable..."
+# call assert-stable.sh to check if the version is stable
 ./scripts/version/assert-stable.sh $VERSION
 
-# Create release branch first (before CHANGELOG update)
-echo ""
-echo "Creating release branch..."
-RELEASE_BRANCH="release/v$VERSION"
-git checkout -b $RELEASE_BRANCH
-
+# Confirm that the CHANGELOG.md has been updated
 if ! grep -q "## What's new in $VERSION" CHANGELOG.md; then
   echo "CHANGELOG.md has not been updated. Please update CHANGELOG.md with the changes in this release."
   exit 1
 fi
-  
-# Update CHANGELOG.md if needed
-# echo ""
-# echo "Checking CHANGELOG.md..."
 
-# Check if the third line is "## What's new in $VERSION"
-# Line 1: ### [Report an Issue](...)
-# Line 2: (blank)
-# Line 3: ## What's new in $VERSION
-# third_line=$(sed -n '3p' CHANGELOG.md)
-# expected_header="## What's new in $VERSION"
+# add v to the beginning of the version number
+VERSION="v$VERSION"
 
-# if [ "$third_line" = "$expected_header" ]; then
-#   echo "CHANGELOG.md already has latest version entry ✓"
-# else
-#   echo "CHANGELOG.md needs update. Adding version entry..."
-  
-#   # Add the new version entry after line 2 (after the blank line)
-#   {
-#     head -2 CHANGELOG.md
-#     echo "## What's new in $VERSION"
-#     echo ""
-#     tail -n +3 CHANGELOG.md
-#   } > CHANGELOG.md.tmp && mv CHANGELOG.md.tmp CHANGELOG.md
-  
-#   echo "Added '## What's new in $VERSION' to CHANGELOG.md ✓"
-  
-#   # Commit the changelog update
-#   git add CHANGELOG.md
-#   git commit -m "chore: update CHANGELOG for v$VERSION"
-# fi
+MESSAGE=${2:-"Release $VERSION"}
 
-# Add v to the beginning of the version number for tag
-VERSION_TAG="v$VERSION"
-MESSAGE=${3:-"Release $VERSION_TAG"}
-
-echo ""
-echo "Creating tag $VERSION_TAG..."
-git tag $VERSION_TAG -m "$MESSAGE"
-
-# Push to remote or show dry run message
-if [ "$DRY_RUN" = true ]; then
-  echo ""
-  echo "========================================="
-  echo "DRY RUN - Branch and tag created locally"
-  echo "========================================="
-  echo ""
-  echo "Created locally:"
-  echo "  - Branch: $RELEASE_BRANCH"
-  echo "  - Tag: $VERSION_TAG"
-  echo ""
-  echo "To push to remote, run without 'dry' flag:"
-  echo "  npm run release:stable"
-  echo "  or"
-  echo "  ./scripts/release.sh"
-  echo ""
-  echo "To clean up local artifacts, run:"
-  echo "  git checkout main && git branch -D $RELEASE_BRANCH && git tag -d $VERSION_TAG && git checkout CHANGELOG.md"
-else
-  echo ""
-  echo "Pushing to remote..."
-  git push origin $RELEASE_BRANCH
-  git push origin $VERSION_TAG
-  
-  echo ""
-  echo "========================================="
-  echo "✓ Release $VERSION_TAG completed!"
-  echo "========================================="
-  echo ""
-  echo "Release branch: $RELEASE_BRANCH"
-  echo "Tag: $VERSION_TAG"
-  echo ""
-  echo "Next steps:"
-  echo "1. Create a PR from $RELEASE_BRANCH to main"
-  echo "2. Review and merge the PR"
-  echo "3. The GitHub release workflow will trigger automatically"
-  echo ""
-  echo "To create a draft PR, visit:"
-  echo "https://github.com/atlassian/atlascode/pull/new/$RELEASE_BRANCH"
-fi
+git tag $VERSION -m "$MESSAGE"
+git push origin $VERSION

src/atlclients/authStore.test.ts

@@ -798,6 +798,45 @@ describe('CredentialManager', () => {
         });
     });
 
+    describe('handleApiUnauthorized', () => {
+        it('should return isOAuth true, not persist Invalid, and invoke callback when credentials are OAuth', async () => {
+            const oauthInfo: OAuthInfo = {
+                user: { id: 'user-id', displayName: 'User Name', email: 'user@example.com', avatarUrl: '' },
+                state: AuthInfoState.Valid,
+                access: 'access-token',
+                refresh: 'refresh-token',
+                expirationDate: Date.now() + Time.HOURS,
+                recievedAt: Date.now(),
+            };
+            (Container.context.secrets.get as jest.Mock).mockResolvedValue(JSON.stringify(oauthInfo));
+            const memStore = (credentialManager as any)._memStore;
+            memStore.get(ProductJira.key).set(mockJiraSite.credentialId, oauthInfo);
+
+            const saveAuthInfoSpy = jest.spyOn(credentialManager as any, 'saveAuthInfo');
+            const onOAuthApiUnauthorized = jest.fn();
+            credentialManager.setOnOAuthApiUnauthorized(onOAuthApiUnauthorized);
+
+            const result = await credentialManager.handleApiUnauthorized(mockJiraSite);
+
+            expect(result).toEqual({ isOAuth: true });
+            expect(saveAuthInfoSpy).not.toHaveBeenCalled();
+            expect(onOAuthApiUnauthorized).toHaveBeenCalledWith(mockJiraSite);
+        });
+
+        it('should persist Invalid and return isOAuth false when credentials are basic/API token', async () => {
+            (Container.context.secrets.get as jest.Mock).mockResolvedValue(JSON.stringify(mockAuthInfo));
+            const memStore = (credentialManager as any)._memStore;
+            memStore.get(ProductJira.key).set(mockJiraSite.credentialId, mockAuthInfo);
+
+            const result = await credentialManager.handleApiUnauthorized(mockJiraSite);
+
+            expect(result).toEqual({ isOAuth: false });
+            expect(Container.context.secrets.store).toHaveBeenCalled();
+            const storedJson = (Container.context.secrets.store as jest.Mock).mock.calls[0][1];
+            expect(JSON.parse(storedJson).state).toBe(AuthInfoState.Invalid);
+        });
+    });
+
     describe('removeAuthInfo', () => {
         it('should remove auth info from memory and secret storage', async () => {
             // Setup memory store with auth info

src/atlclients/authStore.ts

@@ -62,6 +62,7 @@ export class CredentialManager implements Disposable {
     private negotiator: Negotiator;
     private _refreshInFlight = new Map<string, Promise<void>>();
     private _failedRefreshCache = new Map<string, FailedRefreshEntry>();
+    private _onOAuthApiUnauthorized?: (site: DetailedSiteInfo) => void;
 
     constructor(
         context: ExtensionContext,
@@ -72,6 +73,14 @@ export class CredentialManager implements Disposable {
         this.negotiator = new Negotiator(context.globalState);
     }
 
+    /**
+     * Register a callback to run when an API 401/403 is handled for OAuth credentials. Used by ClientManager
+     * to evict the cached client so the next request creates a new one and triggers token refresh.
+     */
+    public setOnOAuthApiUnauthorized(callback: (site: DetailedSiteInfo) => void): void {
+        this._onOAuthApiUnauthorized = callback;
+    }
+
     private _onDidAuthChange = new EventEmitter<AuthInfoEvent>();
     public get onDidAuthChange(): Event<AuthInfoEvent> {
         return this._onDidAuthChange.event;
@@ -639,6 +648,25 @@ export class CredentialManager implements Disposable {
         }
     }
 
+    /**
+     * Handles 401/403 from an API call (not the token endpoint). For basic/API token auth, marks credentials
+     * Invalid and persists. For OAuth, does not persist and invokes the registered callback so cached clients
+     * can be evicted and the next request triggers token refresh.
+     */
+    public async handleApiUnauthorized(site: DetailedSiteInfo): Promise<{ isOAuth: boolean }> {
+        const authInfo = await this.getAuthInfoForProductAndCredentialId(site, true);
+        if (!authInfo) {
+            return { isOAuth: false };
+        }
+        if (isOAuthInfo(authInfo)) {
+            this._onOAuthApiUnauthorized?.(site);
+            return { isOAuth: true };
+        }
+        authInfo.state = AuthInfoState.Invalid;
+        await this.saveAuthInfo(site, authInfo);
+        return { isOAuth: false };
+    }
+
     /**
      * Removes an auth item from both the in-memory store and the secretstorage.
      */

src/atlclients/basicInterceptor.test.ts

@@ -13,6 +13,7 @@ jest.mock('../logger');
 jest.mock('../constants', () => ({
     Commands: {
         ShowJiraAuth: 'atlascode.showJiraAuth',
+        ShowBitbucketAuth: 'atlascode.showBitbucketAuth',
     },
 }));
 
@@ -41,6 +42,7 @@ describe('BasicInterceptor', () => {
         mockAuthStore = {
             getAuthInfo: jest.fn(),
             saveAuthInfo: jest.fn(),
+            handleApiUnauthorized: jest.fn(),
         } as any;
 
         mockRequestInterceptorUse = jest.fn();
@@ -99,21 +101,14 @@ describe('BasicInterceptor', () => {
     });
 
     describe('error interceptor', () => {
-        it('should handle 401 error and mark credentials as invalid', async () => {
-            const authInfo = expansionCastTo<any>({
-                state: AuthInfoState.Valid,
-            });
-            mockAuthStore.getAuthInfo.mockResolvedValue(authInfo);
+        it('should call handleApiUnauthorized on 401', async () => {
+            mockAuthStore.handleApiUnauthorized.mockResolvedValue({ isOAuth: false });
 
             const interceptor = new BasicInterceptor(mockSite, mockAuthStore);
             await interceptor.attachToAxios(mockAxiosInstance);
 
             const errorInterceptor = mockResponseInterceptorUse.mock.calls[0][1];
-            const error401 = {
-                response: {
-                    status: 401,
-                },
-            };
+            const error401 = { response: { status: 401 } };
 
             await expect(errorInterceptor(error401)).rejects.toBe(error401);
 
@@ -123,33 +118,22 @@ describe('BasicInterceptor', () => {
                 { modal: false },
                 'Update Credentials',
             );
-            expect(mockAuthStore.getAuthInfo).toHaveBeenCalledWith(mockSite);
+            expect(mockAuthStore.handleApiUnauthorized).toHaveBeenCalledWith(mockSite);
         });
 
-        it('should handle 403 error and mark credentials as invalid', async () => {
-            const authInfo = expansionCastTo<any>({
-                state: AuthInfoState.Valid,
-            });
-            mockAuthStore.getAuthInfo.mockResolvedValue(authInfo);
+        it('should call handleApiUnauthorized on 403', async () => {
+            mockAuthStore.handleApiUnauthorized.mockResolvedValue({ isOAuth: false });
 
             const interceptor = new BasicInterceptor(mockSite, mockAuthStore);
             await interceptor.attachToAxios(mockAxiosInstance);
 
             const errorInterceptor = mockResponseInterceptorUse.mock.calls[0][1];
-            const error403 = {
-                response: {
-                    status: 403,
-                },
-            };
+            const error403 = { response: { status: 403 } };
 
             await expect(errorInterceptor(error403)).rejects.toBe(error403);
 
             expect(mockedLogger.debug).toHaveBeenCalledWith('Received 403 - marking credentials as invalid');
-            expect(mockedWindow.showErrorMessage).toHaveBeenCalledWith(
-                `Credentials refused for ${mockSite.baseApiUrl}`,
-                { modal: false },
-                'Update Credentials',
-            );
+            expect(mockAuthStore.handleApiUnauthorized).toHaveBeenCalledWith(mockSite);
         });
     });