Jira MCP | OAuth Jira connector for AI agents

CALL ANY TOOL

Search issues with JQL, manage sprints, update status, and log work. Same toolkit, every framework, no auth plumbing.

jira_issues_search

Search issues

Search Jira issues using JQL (Jira Query Language) with pagination.

Parameters

Name

Type

Required

Description

jql

string

Required

JQL query string (e.g. project=PLAT AND status=Open AND type=Bug)

max_results

integer

Optional

Max results to return (default 50)

start_at

integer

Optional

Pagination offset

fields

array

Optional

Fields to include in response

jira_issue_get

Get issue

jira_issue_create

Create issue

jira_issue_update

Update issue

jira_issue_transition

Transition issue

jira_projects_list

List projects

Build your Agent

Drop the toolkit in, point it at the user, and your agent can search Jira issues with JQL, create tickets, and transition status from the first run.

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["jira"], toolNames: ["jira_issues_search", "jira_issue_get", "jira_issue_create"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["jira"], toolNames: ["jira_issues_search", "jira_issue_get", "jira_issue_create"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  type: "function",
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});

import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["jira"], toolNames: ["jira_issues_search", "jira_issue_get", "jira_issue_create"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});

Copied

import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/jira",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});

Try these prompts

Paste any prompt into your agent to start managing Jira workflows.

Search & recall

Copy the prompt

Copied

List all open bugs in [project] assigned to me.

Copy the prompt

Copied

Run a JQL query: project=PLAT AND sprint in openSprints() AND type=Bug.

Copy the prompt

Copied

What issues are blocking the current sprint?

Copy the prompt

Copied

Find all stories in epic [epic name] with status In Progress.

Action & creation

Copy the prompt

Copied

Create a bug in [project]: [title] — [description], priority High.

Copy the prompt

Copied

Move issue [PROJ-123] to status In Progress.

Copy the prompt

Copied

Assign [PROJ-456] to [person name].

Copy the prompt

Copied

Create a story in [project] for [epic name]: [details].

Sprints & reporting

Copy the prompt

Copied

What is in the current sprint for [project]?

Copy the prompt

Copied

How many open issues are there by priority in [project]?

Copy the prompt

Copied

List all issues closed this week in [project].

Copy the prompt

Copied

Which epics have the most open issues?

SEE HOW AUTH WORKS

Users authorize Jira once. Their Atlassian credentials stay vaulted, every call is checked, and every action is logged.

1

Authorize

Your user connects

Jira

once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access

Who:

user ‘A’

when:

Once per user

access:

Limited to user

2

Store

Their

Jira

token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection

vault:

encrypted

scope:

per-user

tokens:

auto-refreshed

3

Resolve

When your agent calls a

Jira

tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs

speed:

~40ms

check:

before every call

seen by:

nobody

4

Audit

Every

Jira

tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it

history:

90 days

export:

SIEM-ready

logged:

every call

Test other agents

Same per-user auth pattern across other project management agents and MCP connectors. Working code, live demos, fork what fits.

ENGINEERING

Engineering standup agent

Aggregate GitHub and GitLab activity, link to Jira, and post a daily standup digest to Slack. No async updates.

ENGINEERING

DevOps assistant agent

Triage GitHub incidents, open Linear tickets, and notify the on-call channel in Slack with context already attached.

Why Scalekit

Secure your agent's access. Connectors ship in minutes

Other connector libraries treat auth as a demo afterthought. Scalekit starts with user identity, scope enforcement, and audit.

01.

Issues updated under the admin profile

A shared Jira admin token bypasses project-level permissions. In production, every issue query and update runs under the admin profile. Project roles break. Per-user sprint capacity visibility breaks. Scalekit resolves the project manager's own credential, so Jira enforces the right access rules.

// shared bot token
token = "sk_jira_shared_xxx"
audit → bot_service_account
user_filter → broken

// scalekit · per-user
token = resolve(user_id)
audit → user_abc
scope → enforced ✓

02.

Authentication is not authorization

03.

Multi-tenancy is architectural

04.

Jira today. Linear, GitLab, Notion tomorrow.

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni

Head of Engineering / Von

FAQs

Frequently Asked Questions

Does the agent access Jira as the user or as a shared key?

As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.

Where is the Jira oauth 2.0 stored?

In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.

Can I limit what the agent is allowed to do in Jira?

Yes. Pass a tool name filter to listScopedTools so the project management agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Jira.

What happens when a user revokes Jira access?

The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.

Can the agent run JQL across all projects?

Only projects the authorizing user can see in Jira. JQL respects project permissions, issue security levels, and field-level visibility. Cross-project visibility mirrors the user's actual scope.

Jira

Tools your project management agent reaches for on Jira, scoped per user.