Release Notes

Business Sign-off & Approval for Jira Cloud

Version 1.0.0

Released: TBD Marketplace Version: TBD Platform: Atlassian Forge (Jira Cloud)

Initial release of Business Sign-off & Approval for Jira Cloud — a complete rebuild of the Data Center plugin for Atlassian’s Forge platform. Provides configurable, auditable approval workflows directly within Jira issues.

Approval Workflow Management

  • Approver management — Add, remove, and notify approvers on any Jira issue via the Business Sign-off issue panel
  • Approval decisions — Approvers can approve, return, or withdraw decisions with optional comments
  • Approval status calculation — Configurable approval threshold (percentage-based), with statuses: Not Started, Awaiting Decisions, Approval Passed, Approval Failed
  • Bulk add approvers — Add multiple approvers at once with per-user eligibility validation
  • Three-mode notify action — Notify new approvers only, send reminders to all undecided, or request full re-review (resets decided approvers)
  • Decision locking — Optionally lock approved decisions when the issue transitions to a new status, preventing changes after workflow progression
  • Comment requirements — Configurable per decision type: require comments on all decisions, approvals only, returns only, or none

Configurable Rules & Permissions

  • Global configuration — Centralized admin page with tabbed layout for all plugin settings
  • Project-level overrides — Per-project configuration with optional overrides for threshold, SoD, eligibility, comments, and decision locking
  • Approver management permissions — Control who can add/remove approvers: issue reporter, assignee, and/or Jira administrators
  • Eligible approver filtering — Restrict who can be assigned as an approver by project role and/or group membership (ALL_USERS or SELECTED_USERS mode)
  • Separation of Duties (SoD) — Prevent the issue assignee and/or reporter from being an approver, with real-time re-evaluation when fields change
  • Decision authority — Optionally require Jira Edit Issues permission to record a decision
  • Panel visibility — Show the approval panel on all standard issue types (excludes subtasks) or selected issue types only
  • Finishing mode — Non-destructive plugin disable that preserves existing approvals while preventing new ones

Workflow Integration

  • Workflow conditions — Block transitions based on approval status (e.g., require Approval Passed before closing)
  • Workflow validators — Validate approval state during transitions with configurable error messages
  • Workflow post-functions — Automatically add approvers (from users, roles, groups, or custom fields), remove approvers, reset decisions, and notify approvers on transitions
  • Selective notify post-function — Notify only approvers matching specific role/group filters
  • Selective reset post-function — Reset decisions only for approvers matching specific role/group filters
  • Notification rate limiting — Prevents duplicate notifications within the same UTC day

Audit & Compliance

  • Immutable audit trail — SHA-256 integrity-protected history records stored as Jira issue properties, providing tamper-evident audit evidence
  • Approval history — Append-only audit log viewable in the issue panel with full decision context (actor, action, timestamps, comments, SoD status)
  • CSV audit export — Export approval history to CSV with date range and project filtering, async background processing with progress tracking
  • Admin audit log — Tracks all configuration changes (global config, project config, debug logging toggles) with actor and timestamp
  • Diagnostic logging — Admin-controlled toggle with auto-expiry (1–8 hours) for production troubleshooting via the Atlassian Developer Console

Custom Fields & JQL

  • BSO - Approvers — Read-only multi-user custom field showing current approvers on each issue, synced automatically from the approval panel
  • BSO - Status — Read-only text custom field showing the current approval status (Not Started, Awaiting Decisions, Approval Passed, Approval Failed)
  • JQL support — Filter and search issues using standard JQL:
    • "BSO - Approvers" = currentUser() — find issues where you are an approver
    • "BSO - Status" = "Approval Passed" — find approved issues
    • Issue property queries for advanced filtering (threshold, percentage, counts)

Email Notifications

  • Approval requested — Notify approvers when added or when review is requested
  • Decision notifications — Notify assignee and/or reporter when decisions are recorded
  • Outcome notifications — Notify assignee and/or reporter when approval passes or fails
  • Re-review notifications — Notify all approvers when decisions are reset and re-review is requested
  • Per-project notification settings — Enable/disable each notification type independently per project

Data Privacy & GDPR

  • Personal Data Reporting — Weekly scheduled job reports stored account IDs to Atlassian’s Personal Data Reporting API
  • Account pseudonymization — Automatically pseudonymizes approver records, history entries, admin audit entries, and issue properties when Atlassian reports an account as closed
  • DSAR support — Admin endpoint generates a complete personal data report for any account ID
  • No data egress — All data remains within Atlassian’s Forge infrastructure; no data transmitted to external services
  • Minimal PII storage — Stores Atlassian account IDs (opaque identifiers) only; display names and emails resolved at runtime via Jira APIs

Licensing

  • Atlassian Marketplace licensing — Standard Marketplace paid app licensing with trial support
  • Graceful degradation — Expired licenses restrict write operations while preserving read access to existing approval data
  • License status display — License state shown in the admin page and issue panel

Platform Details

  • Runtime: Atlassian Forge (Node.js 22.x)
  • Frontend: React 18 (Custom UI) + Forge UI Kit (issue panel, admin pages)
  • Storage: Forge Storage (key-value) + Jira issue properties
  • Authentication: Forge app identity (asApp()) for all Jira API calls; asUser() for admin permission verification
  • Scopes: storage:app, read:jira-work, write:jira-work, read:jira-user, manage:jira-configuration, write:app-data:jira, report:personal-data

Test Coverage

  • 982 backend tests + 72 frontend tests (1,054 total)
  • 88.7% line coverage, 88.2% branch coverage
  • ESLint security scan, npm dependency audit, Gitleaks secrets scan — all clean

Known Limitations

  • BSO - Approvers field is read-only — Approvers are managed exclusively through the Business Sign-off panel. The custom field is for display and JQL queries only.
  • Panel visibility on disabled projects — The panel header (“Business Sign-off”) appears even when the plugin is disabled for a project. The panel body is empty, but the header cannot be suppressed due to Forge platform behavior.
  • No custom JQL functions — Forge does not support custom JQL functions. Use the built-in custom field JQL and issue property queries instead.
  • Eventual consistency — Forge Storage has eventual consistency characteristics. In rare cases, rapid sequential operations may see stale data.
  • Forge cold start — First invocation after idle may take 500–1000ms longer due to Forge runtime cold start.
  • Frontend bundle size — The Custom UI bundle is ~1.1MB (313KB gzipped). This is within Forge limits but may be optimized in future releases.

Migration from Data Center

This is a new Forge app, not a direct migration tool. Data Center customers moving to Jira Cloud will need to:

  1. Install the Forge app from the Atlassian Marketplace
  2. Configure global and project settings (settings are not migrated from DC)
  3. Re-add approvers on existing issues (approval data from DC is not transferred)

A data migration tool is planned for a future release (Rel 1.1.0).

Support

← Back to Documentation