fix(atlassian): harden cloud ID resolution for Confluence and Jira

[waleedlatif1]

Summary

• Normalize domain input in getConfluenceCloudId and getJiraCloudId (strip protocol, trailing slashes, whitespace)
• Remove silent fallback to resources[0] when multiple Atlassian sites exist and domain doesn't match — now throws with available sites listed
• Single-resource fallback preserved for users with one site

Type of Change

• Bug fix

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Mar 30, 2026 11:51pm

[cursor]

PR Summary

Medium Risk
Behavior changes from implicit fallback to explicit errors when the provided domain doesn’t match and multiple sites are accessible, which could break existing flows relying on the old fallback. Changes are localized to Atlassian site resolution logic and improve input normalization and debuggability.

Overview
Hardens Atlassian Cloud site resolution for Confluence and Jira. Domain inputs are now normalized (trim whitespace, strip protocol, remove trailing slashes, lowercase) before matching against accessible resource URLs.

When no match is found, the code now only falls back to the sole resource if exactly one site is accessible; otherwise it throws a more informative error listing available sites, avoiding silently choosing resources[0] in multi-site scenarios.

^{Written by Cursor Bugbot for commit 8115abb. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[greptile-apps]

Greptile Summary

This PR hardens cloud ID resolution for both Confluence and Jira by normalizing the user-supplied domain (stripping protocol, trailing slashes, and whitespace) before matching against Atlassian's accessible-resources API, and replacing the silent "fall back to first result" behavior with a descriptive error that lists available sites. The single-site fallback is intentionally preserved.

• normalizeDomain helper added to both confluence/utils.ts and jira/utils.ts — the function is identical in both files and could be extracted to a shared Atlassian utility module to avoid future drift.
• Multi-resource mismatch now throws with actionable context (available site URLs) instead of silently using resources[0].
• getConfluenceCloudId still lacks the response.ok guard that getJiraCloudId already has; on a non-2xx response the error will be the generic "No Confluence resources found" rather than the actual HTTP status/message.

Confidence Score: 5/5

• Safe to merge — all remaining findings are P2 style/cleanup suggestions that do not affect correctness of the happy path.
• The core logic change is correct: normalization is sound, the comparison handles case and trailing slashes on both sides, the single-site fallback is intentional, and the descriptive error improves debuggability. Both open findings (duplicated helper, missing response.ok in Confluence) are pre-existing or style issues that don't affect runtime behavior on the fixed path.
• apps/sim/tools/confluence/utils.ts — missing response.ok check before JSON parsing.

Important Files Changed

Filename	Overview
apps/sim/tools/confluence/utils.ts	Domain normalization hardened; multi-site error now descriptive; single-site fallback preserved — but missing response.ok guard before JSON parsing, unlike the Jira equivalent.
apps/sim/tools/jira/utils.ts	Same normalization and fallback logic added; already had response.ok guard; normalizeDomain is duplicated from the Confluence file.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[User provides domain string] --> B[normalizeDomain\ntrim · strip protocol · strip trailing slash · lowercase]
    B --> C[GET /oauth/token/accessible-resources]
    C --> D{response.ok?\nJira only}
    D -- No --> E[Throw HTTP error with status]
    D -- Yes --> F[Parse JSON resources]
    C --> F2[Parse JSON resources\nConfluence — no ok check]
    F --> G{Array with items?}
    F2 --> G
    G -- No --> H[Throw: No resources found]
    G -- Yes --> I{Find resource where\nurl matches normalized domain}
    I -- Match found --> J[Return matched cloud ID]
    I -- No match --> K{resources.length === 1?}
    K -- Yes --> L[Return single resource ID\nsingle-site fallback]
    K -- No --> M[Throw descriptive error\nlisting available site URLs]

Loading

Comments Outside Diff (1)

1. apps/sim/tools/confluence/utils.ts, line 16-28 (link)

   Missing response.ok guard before parsing JSON

   The Jira counterpart (lines 119–122 in jira/utils.ts) guards against non-2xx HTTP responses before calling response.json():

   if (!response.ok) {
     const errorText = await response.text()
     throw new Error(`Failed to fetch Jira accessible resources: ${response.status} - ${errorText}`)
   }

   The Confluence version skips this check entirely. If the Atlassian API returns a 401 or 403 (e.g. expired token), response.json() will parse the error envelope object, Array.isArray(resources) will be false, and the code will throw the misleading generic message "No Confluence resources found" rather than surfacing the actual HTTP error. Since this PR's stated goal is to harden cloud ID resolution, adding the same guard here would complete the fix.

_{Reviews (1): Last reviewed commit: "fix(atlassian): harden cloud ID resoluti..." | Re-trigger Greptile}