Unofficial agent-friendly CLI for self-hosted Confluence and Jira
Project description
conjira-cli
Unofficial, agent-friendly CLI for self-hosted Confluence and Jira.
Korean version: README.ko.md
Release notes for maintainers: docs/RELEASING.md
conjira-cli is a small Python command-line tool for teams that run Confluence and Jira on their own infrastructure and want a practical local interface for scripts, coding agents, and Markdown workflows. It wraps standard Atlassian REST APIs behind a simple CLI, supports safer local credential handling, and adds guardrails for write operations.
You do not need to be a Python developer to get value from this repository. If you already use a local coding agent or another shell-capable AI tool, you can hand the repo to the agent, point it at your local agent.env, and ask for tasks like “export this Confluence page to Markdown”, “refresh this stale wiki note”, or “search Jira for issues created this week”. The agent can read this README, follow docs/AGENT_USAGE.md, and run the CLI for you.
The problem this solves
If your team uses self-hosted Confluence and Jira, official cloud-native connectors are often not enough. You still have the REST APIs, but the missing piece is usually a reusable local tool that makes those APIs easy to use from a shell or from local coding agents.
conjira-cli is built for that gap. It helps when you want to read Confluence pages, export them to Markdown, refresh stale exports from the live wiki, summarize inline comment threads, search Jira with JQL, or create and update content without hardcoding PATs into source files or chat transcripts.
What you can do with it
- read Confluence pages and search with CQL
- export Confluence pages to Markdown for note systems, docs folders, or knowledge bases
- create or update Confluence pages from either storage HTML or Markdown
- detect stale Markdown exports and refresh them from the live page
- fetch and export grouped Confluence inline comment threads
- upload attachments to Confluence pages
- read Jira issues, search with JQL, inspect create metadata, create issues, and add comments
- preview writes with
--dry-run, then enforce them with--allow-writeplus optional allowlists
Who this is for
This tool is aimed at self-hosted Atlassian environments first, especially Server/Data Center style deployments. The current tested path uses Personal Access Tokens with Bearer auth against self-hosted base URLs, which matches the on-premise Atlassian pattern much better than Atlassian Cloud. Official references: Atlassian Cloud basic auth and Atlassian Personal Access Tokens.
Set up in about 5 minutes
If you already use pipx, the shortest install path is:
pipx install conjira-cli
conjira-setup-macos
If you do not use pipx, a simple fallback is:
python3 -m pip install --user conjira-cli
conjira-setup-macos
Or install from a local checkout:
git clone https://github.com/quanttraderkim/conjira-cli.git
cd conjira-cli
python3 -m venv .venv
source .venv/bin/activate
python -m pip install --upgrade pip setuptools wheel
pip install -e .
If you do not want to install the package yet, the checked-in wrappers work directly:
./bin/conjira --help
./bin/conjira-cli --help
Create a local config file:
cp ./local/agent.env.example ./local/agent.env
On macOS, you can do the first-time Keychain-based setup with one script instead of editing local/agent.env by hand:
conjira-setup-macos
The script stores PATs in macOS Keychain, writes only non-secret settings to local/agent.env, and can run auth-check for you at the end.
It uses the default Keychain target names automatically, so most users only need to enter the base URL and PAT.
PAT prompts are hidden on screen by design. Paste the token and press Enter even if nothing appears while typing.
It does not write PAT values to ~/.zshrc or other shell profile files.
If you are running directly from a source checkout before installing entrypoints, you can still use:
bash scripts/setup-conjira-macos.sh
Ask an agent
If you are using Codex, Claude Code, or another shell-capable local coding agent, you can usually ask in plain language instead of writing the command yourself. For example:
- "Use conjira to export Confluence page
123456to Markdown and save it into my notes folder." - "Check whether this exported Confluence note is stale, refresh it from the live wiki, and summarize what changed."
- "Search Jira for issues created this week in project
DEMOand give me a short summary." - "Replace the
Rollout plansection on page123456, show me a dry-run preview, and only write if the preview looks correct."
If you want to run the CLI directly, start with these short commands:
conjira --env-file ./local/agent.env auth-check
conjira --env-file ./local/agent.env jira-auth-check
conjira --env-file ./local/agent.env export-page-md --page-id 123456 --output-dir "/path/to/notes"
Short sample output blocks, using synthetic values:
{
"base_url": "https://confluence.example.com",
"authenticated": true,
"space_count_sample": 1,
"first_space_key": "DOCS"
}
{
"page_id": "123456",
"title": "Quarterly planning notes",
"output_file": "/path/to/notes/Quarterly planning notes.md",
"source_url": "https://confluence.example.com/pages/viewpage.action?pageId=123456",
"used_staging_local": false
}
{
"key": "DEMO-123",
"summary": "Roll out the new onboarding flow",
"status": "In Progress",
"issue_type": "Task",
"assignee": "Alex Kim",
"browse_url": "https://jira.example.com/browse/DEMO-123"
}
Credential handling
The recommended setup depends on your OS.
On macOS, the best local experience is to keep PATs in Keychain and store only non-secret machine settings in local/agent.env.
If you want the easiest path on macOS, run:
conjira-setup-macos
If you prefer to set everything manually, use the Keychain flow below.
CONFLUENCE_BASE_URL=https://confluence.example.com
CONFLUENCE_PAT_KEYCHAIN_SERVICE=conjira-cli
CONFLUENCE_PAT_KEYCHAIN_ACCOUNT=confluence-prod
CONFLUENCE_EXPORT_DEFAULT_DIR=/path/to/notes/wiki-exports
CONFLUENCE_EXPORT_STAGING_DIR=/absolute/path/to/conjira-cli/local/exports
# Optional: convert ```mermaid fences to a Confluence Mermaid macro
# CONFLUENCE_MERMAID_MACRO_NAME=mermaid-macro
JIRA_BASE_URL=https://jira.example.com
JIRA_PAT_KEYCHAIN_SERVICE=conjira-cli
JIRA_PAT_KEYCHAIN_ACCOUNT=jira-prod
Store the Confluence PAT in Keychain:
read -s "PAT?Enter Confluence PAT: "; echo
security add-generic-password -U -s conjira-cli -a confluence-prod -w "$PAT"
unset PAT
Store the Jira PAT in Keychain:
read -s "PAT?Enter Jira PAT: "; echo
security add-generic-password -U -s conjira-cli -a jira-prod -w "$PAT"
unset PAT
On Linux or Windows, use environment variables or token files instead of Keychain. For example:
CONFLUENCE_BASE_URL=https://confluence.example.com
CONFLUENCE_PAT=your-confluence-pat
CONFLUENCE_EXPORT_DEFAULT_DIR=/path/to/notes
# Optional: convert ```mermaid fences to a Confluence Mermaid macro
# CONFLUENCE_MERMAID_MACRO_NAME=mermaid-macro
JIRA_BASE_URL=https://jira.example.com
JIRA_PAT=your-jira-pat
Or point the CLI at token files:
CONFLUENCE_BASE_URL=https://confluence.example.com
CONFLUENCE_PAT_FILE=/path/to/confluence.token
JIRA_BASE_URL=https://jira.example.com
JIRA_PAT_FILE=/path/to/jira.token
Then verify the connection:
conjira --env-file ./local/agent.env auth-check
conjira --env-file ./local/agent.env jira-auth-check
Common commands
Read a Confluence page:
conjira --env-file ./local/agent.env get-page --page-id 123456 --expand body.storage,space,version
Export a Confluence page to Markdown:
conjira --env-file ./local/agent.env export-page-md --page-id 123456 --output-dir "/path/to/work-folder"
Export a Confluence page tree to nested Markdown folders:
conjira --env-file ./local/agent.env export-tree-md --page-id 123456 --output-dir "/path/to/work-folder"
Export grouped inline comment threads:
conjira --env-file ./local/agent.env export-inline-comments-md --page-id 123456 --status open --output-dir "/path/to/work-folder"
Create or update a Confluence page:
conjira --env-file ./local/agent.env create-page --allow-write --space-key DOCS --parent-id 100001 --title "CLI test page" --body-html "<p>Hello from conjira</p>"
conjira --env-file ./local/agent.env update-page --allow-write --page-id 100002 --append-html "<p>Updated by conjira</p>"
Create or update a Confluence page from Markdown:
conjira --env-file ./local/agent.env create-page --allow-write --space-key DOCS --parent-id 100001 --title "Markdown page" --body-markdown "# Demo\n\n- Item A"
conjira --env-file ./local/agent.env update-page --allow-write --page-id 100002 --append-markdown-file ./notes/update.md
Replace one named section on an existing Confluence page:
conjira --env-file ./local/agent.env replace-section --allow-write --page-id 100002 --heading "Rollout plan" --section-markdown-file ./notes/rollout.md
Move an existing Confluence page under a different parent page:
conjira --env-file ./local/agent.env move-page --dry-run --page-id 100002 --new-parent-id 100001
conjira --env-file ./local/agent.env move-page --allow-write --page-id 100002 --new-parent-id 100001
Preview a Confluence or Jira write first:
conjira --env-file ./local/agent.env update-page --dry-run --page-id 100002 --append-markdown-file ./notes/update.md
conjira --env-file ./local/agent.env jira-create-issue --dry-run --project-key DEMO --issue-type-name Task --summary "Preview issue" --description "No write yet"
Search Jira and fetch an issue:
conjira --env-file ./local/agent.env jira-search --jql 'project = DEMO ORDER BY created DESC' --limit 5
conjira --env-file ./local/agent.env jira-get-issue --issue-key DEMO-123
Create a Jira issue or add a comment:
conjira --env-file ./local/agent.env jira-create-issue --allow-write --project-key DEMO --issue-type-name Task --summary "CLI issue test" --description "Created from conjira"
conjira --env-file ./local/agent.env jira-add-comment --allow-write --issue-key DEMO-123 --body "Comment from conjira"
Configuration
The CLI resolves configuration in this order:
- explicit CLI flags such as
--base-urland--token - environment variables
- values loaded from
--env-file
Confluence settings:
CONFLUENCE_BASE_URLCONFLUENCE_PATCONFLUENCE_PAT_FILECONFLUENCE_PAT_KEYCHAIN_SERVICECONFLUENCE_PAT_KEYCHAIN_ACCOUNTCONFLUENCE_TIMEOUT_SECONDSCONFLUENCE_ALLOWED_SPACE_KEYSCONFLUENCE_ALLOWED_PARENT_IDSCONFLUENCE_ALLOWED_PAGE_IDSCONFLUENCE_EXPORT_DEFAULT_DIRCONFLUENCE_EXPORT_STAGING_DIR
Jira settings:
JIRA_BASE_URLJIRA_PATJIRA_PAT_FILEJIRA_PAT_KEYCHAIN_SERVICEJIRA_PAT_KEYCHAIN_ACCOUNTJIRA_TIMEOUT_SECONDSJIRA_ALLOWED_PROJECT_KEYSJIRA_ALLOWED_ISSUE_KEYS
Safety model
This CLI intentionally does not implement delete commands for Confluence pages or Jira issues.
Write commands either require --allow-write, or --dry-run when you only want a preview. That means a copied read command does not mutate Confluence or Jira unless the caller explicitly opts in.
For stronger guardrails, define write allowlists in local/agent.env. If CONFLUENCE_ALLOWED_* or JIRA_ALLOWED_* values are set, writes fail closed outside the approved spaces, parents, pages, projects, or issue keys even if the PAT itself has broader permissions.
Common failure hints
When the CLI hits a common API failure, it now returns a guidance field alongside the raw error. The most common cases are:
401: check the PAT, the credential source being used, and whether the base URL points at the right product host403: check product permissions and any configured allowlists404: check the page ID, issue key, or target path and confirm the PAT owner can see it in the web UI409: refresh live content and retry, especially for Confluence updates after concurrent edits429and5xx: retry after a short delay and reduce request volume if you are looping
Export strategy
Use local/ only for machine-local config, temporary files, and staging artifacts. Final Markdown exports should usually go into your real notes folder, docs workspace, or knowledge base, not into the CLI repository itself.
The recommended pattern is to set CONFLUENCE_EXPORT_DEFAULT_DIR to an inbox or work folder, keep CONFLUENCE_EXPORT_STAGING_DIR pointed at local/exports, use --output-dir when the final destination is already known, and use --staging-local only when you want a short-lived preview.
Markdown import notes
Markdown upload is a best-effort conversion to Confluence storage HTML. It works well for common headings, paragraphs, lists, blockquotes, fenced code blocks, tables, links, images, and simple wiki-style links. It is not a perfect round-trip for complex Confluence macros, merged tables, or deeply nested layouts, so treat Markdown import as a practical authoring path rather than a lossless document converter.
Use --body-file and --append-file only for storage HTML files. If your source file is Markdown, use --body-markdown-file or --append-markdown-file so the CLI converts it before upload.
Agent usage
If another local coding agent needs to use this project, point it to docs/AGENT_USAGE.md. That document is written for tools that can run shell commands on the same machine.
License
This repository is released under the MIT License. See LICENSE.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file conjira_cli-0.2.1.tar.gz.
File metadata
- Download URL: conjira_cli-0.2.1.tar.gz
- Upload date:
- Size: 49.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9e7bf2a4b2d69b7d8397e872e4d678f1d0f4a4e417829960cc763009761a506d
|
|
| MD5 |
c2f8ff87502a0263adfd1585f9d14c1a
|
|
| BLAKE2b-256 |
19b1a577065dc42a1e3da759583e0bf88045336943fb278368524ac2796abdd7
|
File details
Details for the file conjira_cli-0.2.1-py3-none-any.whl.
File metadata
- Download URL: conjira_cli-0.2.1-py3-none-any.whl
- Upload date:
- Size: 39.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9a35da39fa22102db1ca52aa0bfa400a70582b765ebeb73c27c8db1b4080e637
|
|
| MD5 |
586ce994c246fa2f433e1e14d427a569
|
|
| BLAKE2b-256 |
a77a787bbbff30d79321ae885a1ab60d5ce7cee1187b96679709794f49387a3a
|