v0.9.2
Immutable
release. Only release title and notes can be modified.
✨ Added
- The JSON envelope now carries Jira's own trace id: the
Atl-Traceid/X-ARequestIdresponse header is captured asmeta.upstream_request_idand on each error entry, so a Jira-side failure can be quoted directly to Atlassian support. The existingmeta.request_idis generated locally and has no server-side meaning.
🪲 Fixed
- Human output now strips ANSI escape and control bytes from Jira-controlled text (summaries, descriptions, error messages), so a crafted issue or error can no longer inject color codes or corrupt your terminal.
jira agent schemanow binds the comment input schema to thecomment add/comment editleaves (they previously reported no input schema) and publishes output schemas for the read/list commands — comment, attachment, link, worklog, transition, boards, and cache — so agents can discover response shapes without trial calls.issue attachment download --tois now confined to the working directory: a..traversal or an absolute path outside it is rejected before any HTTP call, so an agent (or a crafted instruction) can no longer write downloads outside the tree it was launched in. A newsecurity_posturesection injira agent guidedocuments the threat model.
📜 Commits
f58f060fix(cli): sanitize Jira-controlled text in human terminal outputaca151cfix(schema): bind comment input schema to leaves and fill sparse output schemas1bb41cefix(cli): confine attachment download paths to the working directory01adc7bfeat(cli): capture Jira upstream trace id in envelope meta and errors
Full Changelog: v0.9.1...v0.9.2