Atlassian developer changelog

We've added new convenience components and hooks for routing in UI Kit. These are now available in Preview in the latest version of @forge/react.

Routing is available in any full-page module and enables your app to manipulate the current page URL using a familiar API.

What’s changing

You can now use the following components and hooks to manage navigation within your Forge apps:

• Router

• Route

• useNavigate

• useLocation

• useParams

What you need to do

To use these new features, update to the latest version of the @forge/react package. In your terminal, run the following command from your project directory:

npm install --save @forge/react@latest

For implementation details and code examples, refer to the documentation links above.

The Status Search API now exposes a new optional includeGlobalStatuses query parameter. When set to true on a project-scoped query, the response includes global statuses (statuses not tied to any specific project) alongside the project's own statuses. Defaults to false. This parameter is only relevant for project-scoped queries.

Bitbucket Forge page modules will now have their menu items grouped into sections by their app. This change improves the organization of the Bitbucket navigation menu, making it easier for users to identify which menu items belong to specific apps.

What’s changing:

The following modules will now have their menu items grouped by app:

• bitbucket:workspaceGlobalPage

• bitbucket:workspaceSettingsMenuPage

• bitbucket:workspacePersonalSettingsPage

• bitbucket:repoMainMenuPage

• bitbucket:repoSettingsMenuPage

• bitbucket:projectSettingsMenuPage

What you need to do:

No action is required from you. If your app uses these modules, their menu items will automatically be grouped. You can see the linked documentation pages for example screenshots of the new grouping behaviour.

We've added a new Forge module (devops:securityInfoProvider) that lets your app send security information (such as vulnerabilities and security containers) to Jira and associate it with issues. This is now available in preview.

What's new

The devops:securityInfoProvider module surfaces your app's security data directly in the development panel of Jira issues. Apps can write and delete security information using the https://developer.atlassian.com/cloud/jira/software/rest/ via the requestJira function.

To register a provider, declare the module in your manifest.yml and configure the required endpoint handlers:

• fetchWorkspaces: returns the list of workspaces available to the user

• fetchContainers: returns security containers within a workspace

• searchContainers: searches containers matching a query

Two optional lifecycle hooks are also available: onEntityAssociated and onEntityDisassociated, invoked when a container is linked or unlinked from a Jira entity.

Important behaviour to note

When a user uninstalls your app, all security data your app sent to Jira is deleted after a grace period.

Get started

See the https://developer.atlassian.com/platform/forge/manifest-reference/modules/jira-software-security-info/ for the full manifest schema, example requests/responses, and property details.

A new --debugHost (or -d) option has been added to the Forge CLI tunnel debugger. This allows you to start the debugger at any valid IPv4 or IPv6 address, providing more flexibility for your local development environment.

What's changing

• You can now specify a custom host for the tunnel debugger using the --debugHost or -d flag.

• If no host is specified, the debugger will default to localhost (127.0.0.1).

What you need to do

• Update your Forge CLI to the latest version to access this feature.

• To start the debugger at a specific address, use the following command:
  forge tunnel --debugHost <address>

• For more information on debugging Forge apps, refer to the Tunneling documentation.

The Forge CLI now includes a new forge module command group (in Preview) for adding modules to an existing app — and for discovering and inspecting the modules you can add — directly from the command line.

What's changing

Previously, adding a module to an existing app meant editing your manifest.yml and creating the source files yourself. The new forge module command group gives you three subcommands to do this from the command line:

• forge module add — add a module to your app. The command guides you through choosing a module and UI framework (UI Kit or custom UI), then generates the source files, updates your manifest.yml, and installs any required dependencies. Use --dry-run to preview the changes first.

• forge module list — browse the available module templates, filterable by product, UI framework, or module key.

• forge module show <moduleType> — view the details and documentation for a specific module.

Why this matters

• Faster setup: scaffold a new module in seconds instead of wiring up the manifest, files, and dependencies by hand.

• Safer changes: forge module add runs key-collision and file-conflict checks before writing anything, and --dry-run lets you preview first.

• Efficient resource usage: modules are bundled using multi-entry resource bundles.

Key details

• forge module add extends an app you already have. To scaffold a brand-new app from a template, use forge create instead.

• The manifest and resources that forge module add generates are built on multi-entry resource bundles, a Preview feature.

• Custom UI modules are scaffolded with a Vite-based build setup.

• These commands are in Preview and may modify your app files (manifest.yml, source files, and package.json). We recommend committing your work beforehand.

• Only a subset of Forge modules is available today, and we're adding more over time.

Support for Claude Sonnet 4.6 model is now available in Forge LLMs. For the exhaustive list of supported models, refer to our documentation here

What's changing
The legacy storage module has been removed from the @forge/api package. This follows the deprecation notice issued in Dec 1, 2025.

Starting today, any apps still using import { storage } from '@forge/api' will fail to build or run, as this export is no longer available.

What you need to do
If your app still uses the legacy storage module, you must migrate to the @forge/kvs package immediately to avoid service disruption.

• Install the @forge/kvs package: npm install @forge/kvs

• Update your imports from import { storage } from '@forge/api' to import { storage } from '@forge/kvs'

• Deploy the updated version of your app.

For detailed instructions, refer to the KVS migration guide. You can also use the Forge CLI linting tool to identify any remaining references to the deprecated module.

Forge packages now ship TypeScript 5-compatible type declarations and declare an optional peer dependency on typescript >= 5.0.0.

What's changing

• TypeScript 4 compatibility is not guaranteed in future releases.

• An optional peer dependency on typescript >= 5.0.0 has been added to each package.

What you need to do

If you use TypeScript, and want to use the latest Forge package versions, upgrade to TypeScript 5:

1. In your project, run: npm install typescript@^5.0.0 --save-dev

2. Update your Forge package dependencies to the latest major version.

3. Review your tsconfig.json for any TypeScript 5-specific settings you may want to enable.

4. Re-build and test your app.

Forge Object Store and front-end `useObjectStore` hook is now available in Preview. Forge Object Store EAP is now closed.

The Preview release provides improvements to pre-signed links and adds CDN support. The service will be available to all developers as a billable capability, starting on Jul 1, 2026.

Please review the available documentation, ‘useObjectStore’ documentation and pricing information to get started with Forge Object Store, including assessing all of the current limitations of the service.

Following the deprecation announcement last year, access to the old workflow editor will be removed for all customers starting July 13, 2026.

What you need to do

• Review your apps: If you own workflow-related apps, ensure your rules provide a high quality experience in the new editor.

• Implement rule descriptions: We recommend providing dynamic configuration descriptions for Forge and Connect workflow rules. This helps admins understand your app's rules at a glance within the new editor.

• Test and report issues: If you encounter any behavior issues in the new workflow editor, please raise a support ticket.

For more details refer to the community announcement.

The Developer Space Insights dashboard gives you an aggregated view of log volume, errors, alerts, performance, and cost data across your Forge apps — helping you quickly identify which apps need attention.

Access it by selecting Insights from the navigation menu in your Developer Space. The dashboard includes seven charts (showing top 3 apps where applicable), and clicking any app in a chart takes you directly to its relevant monitoring view:

• Log volume by level – Total log lines broken down by log level (INFO, WARN, ERROR, DEBUG).

• Apps by error log volume – Apps ranked by error log count.

• Open alerts by app – Apps with currently open alerts.

• Apps by invocation errors – Apps ranked by invocation errors.

• Apps by latency – Apps ranked by response latency.

• Apps by invocation count – Apps ranked by invocation count.

• Top apps by resource usage – Apps ranked by Forge usage based cost.

All Developer Space roles (Admin, Developer, and Viewer) can access the Insights dashboard. For more information, see Developer Space Insights dashboard.

The Workflow Search API now supports a new optional projectId query parameter. When provided, the search returns only the workflows used by that project. You can combine it with the existing scope parameter, but the project must belong to the same scope you specify - otherwise no workflows are returned.

Quotes reporting is now available via Marketplace reporting APIs. We're introducing Quotes reporting to the Atlassian Marketplace reporting APIs. Partners can now programmatically retrieve their accepted quotes and export quotes data in bulk.

You can now access accepted-quote data for your apps through the reporting APIs:

• List accepted quotes — a paginated list of accepted quotes for your apps, with filtering by product, creation date, acceptance date, and entitlement period.

• Quote details — line-level detail for a single quote (including schedules and discounts), looked up by quoteId and/or quoteNumber.

• Async export — initiate a bulk export of accepted quotes, poll its status, and download the resulting CSV/JSON file (recommended for large datasets).

The following endpoints are available for Quotes reporting.

Vendor (v2):

• GET rest/2/vendors/{vendorId}/reporting/quotes(link)

• GET rest/2/vendors/{vendorId}/reporting/quotes/details(link)

• POST rest/2/vendors/{vendorId}/reporting/quotes/async/export(link)

• GET rest/2/vendors/{vendorId}/reporting/quotes/async/export/{exportId}/status(link)

• GET rest/2/vendors/{vendorId}/reporting/quotes/async/export/{exportId}(link)

Developer-space (v3):

• GET rest/3/reporting/developer-space/{developerId}/quotes(link)

• GET rest/3/reporting/developer-space/{developerId}/quotes/details(link)

• POST rest/3/reporting/developer-space/{developerId}/quotes/async/export(link)

• GET rest/3/reporting/developer-space/{developerId}/quotes/async/export/{exportId}/status(link)

• GET rest/3/reporting/developer-space/{developerId}/quotes/async/export/{exportId}(link)

Key query parameters (list endpoint): productId, startDate, endDate, acceptedStartDate, acceptedEndDate, entitlementStartDate, entitlementEndDate, limit, offset.

Quote details: provide quoteId and/or quoteNumber (optionally entitlementNumber).

Async export: filter by createdStartDate/createdEndDate, acceptedStartDate/acceptedEndDate, entitlementStartDate/entitlementEndDate, and choose accept=csv or accept=json. At least one complete date range pair is required.

GET rest/3/reporting/developer-space/{developerId}/quotes?startDate=2025-01-01&endDate=2025-01-31

No action is required to keep existing integrations working.

If you want to consume quotes data:

• Use the vendor endpoints (/rest/2/vendors/{vendorId}/...) for vendor-scoped access, or the developer-space endpoints (/rest/3/reporting/developer-space/{developerId}/...) for developer-scoped access across all your apps.

• For large result sets, prefer the async export flow (initiate → poll status → download) rather than the synchronous list endpoint.

• New skill: forge-cost-optimizer – Analyzes your Forge app's resource usage and recommends optimizations to reduce invocation costs.

• New skill: forge-security-review – Performs automated security checks against common vulnerabilities and Atlassian best practices before deployment.

• New skill: forge-connector – Helps scaffold and configure connections between Forge apps and external services.

• Updated: forge-app-review – Now provides a lightweight release-readiness review covering permissions, manifest hygiene, and common deployment blockers.

• Codex support – Added Codex as an installation option for the plugin and individual skills.

• If you're using the Forge AI Plugin, update to the latest version to access the new cost optimizer and security review features.

• To install via Codex, follow the new Codex installation steps in the relevant skill or plugin docs.