AgentGate
Your AI agent needs Jira access. Your team needs approval control.
AgentGate lets AI agents read issues, propose changes, and manage workflows in Jira — with every write operation going through human approval. Built on Atlassian Forge. Free for teams up to 10 users.
Install from MarketplaceSecurity & compliance
AgentGate is covered in our CAIQ (Lite) self-assessment.
AI agents are great at planning work. But should they write directly to Jira?
Every team experimenting with AI agents hits this dilemma:
Give the agent full Jira access
One hallucination creates 50 junk tickets, reassigns your sprint, or closes the wrong epic. Every mistake goes live instantly.
Give the agent no Jira access
The agent can't track its own work, can't update status, can't file bugs it finds. You're copy-pasting between chat and Jira all day.
Give the agent read access only
Better, but the agent still can't propose actions. You become the bottleneck, manually executing everything the agent suggests.
AgentGate is the middle path: full read access, write access through human approval.
Read fast. Write safe.
Agent Reads
Issues, transitions, comments, attachments, project context — scoped to the projects you choose, no approval needed
Agent Proposes
Create tickets, transition issues, add comments — all queued for review
Human Reviews
See exactly what the agent wants to change. Diff view against current Jira state. One click to approve or reject
Jira Updates
Only approved changes are applied. Rejected changes are discarded with a reason. Full audit trail
15+ tools covering the full Jira workflow: reading issues, searching with JQL, proposing creates/updates/transitions/comments, hierarchical issue creation, project context, attachments, and more. Every write goes through the approval queue.
What happens without an approval workflow
| Without AgentGate (direct access) | ||
|---|---|---|
| Agent creates duplicate tickets | Clutters your backlog immediately | Reviewer catches it before it hits the board |
| Agent skips labels or fields | Tickets invisible to board filters | Reviewer checks and corrects before approving |
| Agent makes 10 changes at once | All live — manual cleanup required | Review all at once, approve or reject as a batch |
| Who did what? | All changes appear under your name | Full audit trail: who proposed, who approved, what changed |
| Undo mistakes | Manually revert each one in Jira | Reject the change — nothing was written |
AgentGate vs Atlassian Rovo MCP
Atlassian offers their own MCP server that connects AI tools to Jira. It's included in paid plans at no extra cost. So why use AgentGate? Because it's purpose-built for how AI agents actually work — and the token savings alone can pay for itself.
The token cost problem
Rovo MCP consumes approximately 24,000 tokens just by connecting — before your agent does anything useful. That overhead repeats every session. With AI tokens costing real money, an inefficient Jira integration can quietly become one of your biggest AI infrastructure costs.
AgentGate loads tools on demand with minimal overhead. The token savings alone can exceed what you'd pay for the subscription.
| Rovo MCP | ||
|---|---|---|
| Token overhead on connect | Minimal — tools load on demand | ~24,000 tokens per session |
| Issue context | One command returns parent, epic, children, and siblings in compact form | Separate API call for each related issue |
| Hierarchical issue creation | Create Epic + Stories + Subtasks in one command | One issue per API call |
| Write safety | Mandatory human approval before any Jira write | Writes go directly to Jira — no approval gate |
| Read access control | Scoped to specific Jira projects per token | All-or-nothing based on user permissions |
| Agent identity | Full audit trail: who proposed, who approved | All actions appear under your name |
| Authentication | Token-based — stable, no expiration issues | OAuth with silent token expiration and 30-min timeouts |
| Jira features | Attachments, labels, custom fields, working pagination | Missing attachments, labels, custom fields (open GitHub issues) |
AgentGate and Rovo MCP are not mutually exclusive. You can run both — use Rovo for Confluence reads, and AgentGate for safe, efficient Jira operations.
Two ways to connect
MCP Server
For Claude Desktop, Claude Code, Cursor, Windsurf, or any MCP-compatible client. Standard MCP protocol — works with any compliant AI tool.
npm install -g @orbiscend/jd-mcp# ordocker pull gustavorbiscend/jd-mcp:latestCLI
For terminal-based AI agents (like Claude Code), scripting, and CI/CD pipelines. More token-efficient than MCP for agents that run in the terminal.
npm install -g @orbiscend/jd-cliWhy AI agents prefer the CLI
Rich context in one call
jd issues show KEY -c returns the full issue context — parent story, epic, children, siblings — in a single compact command. Saves tokens compared to multiple API calls.
Hierarchical issue creation
Create an Epic with Stories and Subtasks in one command. AI agents can decompose projects into proper issue hierarchies without multiple round-trips.
Compact, structured output
Every command produces token-efficient output designed for LLM consumption. No 24,000-token init overhead — just the data agents need.
JSON mode for automation
Add --json to any command for machine-readable output. Perfect for CI/CD pipelines, scripting, and multi-agent workflows.
Optional: Claude Code Plugin
Not a connection method — an enhancement for Claude Code users. Automatically runs prime on session start to inject Jira context, and adds a /jira skill with built-in documentation. Requires the CLI to be installed.
claude plugin add github:Orbiscend/agentgate-claude-pluginWhat teams are building with AgentGate
AI-powered sprint management
An AI agent reviews the backlog daily, suggests priority changes, and proposes sprint scope adjustments — all approved by the engineering lead before anything moves.
Automated bug triage
AI reads incoming support tickets, creates Jira bugs with reproduction steps and severity, assigns to the right team. Human approves before anything hits the board.
AI CEO / operations agent
An AI agent manages company strategy, tracks metrics, creates tasks, and runs the operational cadence — with every Jira action human-approved.
Code review to Jira pipeline
AI reviews pull requests, identifies issues, and creates Jira tickets for follow-up work. The tech lead approves relevant tickets, rejects noise.
Built for teams that take security seriously
Forge-native backend
The backend runs entirely on Atlassian's infrastructure — no external servers, no third-party databases. Jira data is exposed to your AI agent only through authenticated, scoped API tokens under your control.
Token-based authentication
Scoped per user, revocable instantly, starts with jfa_ for easy identification.
Mandatory approval
Every write operation requires human confirmation. No exceptions, no bypass.
User attribution
Approved changes are applied as the approving user, maintaining proper Jira permissions and accountability.
5-minute setup
Install the Forge app
From the Atlassian Marketplace
Generate a token
From Apps → AgentGate for Jira - Tokens in Jira
Configure your client
MCP server, CLI, or both
Run prime
Your agent now has full Jira context
// Claude Desktop / Claude Code config
{
"mcpServers": {
"agentgate-for-jira": {
"command": "jd-mcp",
"env": {
"JD_ENDPOINT": "https://your-forge-endpoint",
"JD_TOKEN": "jfa_your_token",
"JD_PROJECT": "PROJ"
}
}
}
}Free for small teams. Built for enterprise.
Free
$0
Up to 10 users
Standard
~$1-2
per user/month, 11+ users
Advanced
Soon
Enterprise features
Pricing is handled through the Atlassian Marketplace. See the Marketplace listing for current pricing details.
Frequently Asked Questions
Is AgentGate free?
AgentGate is free for teams up to 10 users, with all features included. For larger teams, pricing starts at approximately $1-2 per user per month through the Atlassian Marketplace.
Which AI clients does AgentGate support?
AgentGate works with Claude Desktop, Claude Code, Cursor, Windsurf, and any MCP-compatible AI client. The CLI works with any terminal-based workflow or CI/CD pipeline.
Can the AI agent make changes without approval?
No. Every write operation (creating issues, updating fields, transitions, comments) requires human approval. Read access can be scoped to specific Jira projects — you control exactly which projects each agent can see.
Is my data safe?
The Forge backend runs entirely on Atlassian's infrastructure — no external servers, no third-party databases. Jira data is exposed to AI agents only through authenticated, scoped API tokens that you control and can revoke at any time. Approved changes are applied as the approving user, maintaining proper Jira permissions.