allow links to additional data sources to further inform jira:generate-enhancement

[rvanderp3]

Summary

Add --additional-links parameter to /jira:generate-enhancement command, enabling users to provide additional context (GitHub PRs, Jira issues, enhancement proposals, documentation)
beyond the epic or feature to enrich the generated enhancement proposal.

Motivation

When generating enhancement proposals from Jira epics/features, users often have additional context that would improve the quality of the generated document:

• GitHub PRs with API changes that should be documented
• Related Jira bugs that highlight risks and edge cases
• Related enhancement proposals that provide architectural context
• Documentation links that explain requirements and background

Previously, users had to manually add this information after generation. This enhancement automates the enrichment process by fetching and analyzing additional links upfront.

Changes

Command Updates (plugins/jira/commands/generate-enhancement.md)

• Added --additional-links parameter accepting comma-separated URLs
• Added usage examples demonstrating single and multiple link types
• Updated workflow to include Step 0 for processing additional context
• Enhanced structure mapping table showing which sections benefit from additional context

Skill Updates (plugins/jira/skills/generate-enhancement/SKILL.md)

Added Step 0: Process Additional Context Links with logic to:

• Fetch and categorize links (GitHub PRs, Jira issues, enhancements, docs)
• Extract API changes from GitHub PRs (especially openshift/api)
• Extract risks from related Jira bugs
• Reference related enhancement proposals in see-also metadata
• Pull background context from documentation links

Enhanced API Extensions section to:

• Auto-extract API definitions from provided GitHub PRs
• Generate API documentation with real examples from PRs
• Reference the source PR in the documentation

Enhanced Risks and Mitigations section to:

• Extract risks from related Jira bugs
• Generate risk entries with mitigation strategies
• Link back to source issues

Updated metadata generation to:

• Auto-populate see-also from related enhancement proposals
• Detect API changes from PR files, not just description text

Added content mapping reference table showing how each link type enriches specific sections.

Updated reporting to show which additional context was used and which sections were auto-populated.

Version Bump

• Bumped plugin version from 0.3.7 to 0.3.8

Usage Examples

Basic usage with API PR

/jira:generate-enhancement [OCPSTRAT-1596](https://redhat.atlassian.net/browse/OCPSTRAT-1596) --additional-links "https://github.com/openshift/api/pull/1234"                                                                                   
→ Auto-extracts API changes for the API Extensions section
                                                                                                                                                                                           
Multiple link types
                                                                                                                                                                                           
/jira:generate-enhancement [HIVE-2589](https://redhat.atlassian.net/browse/HIVE-2589) --additional-links "https://github.com/openshift/api/pull/1234,https://issues.redhat.com/browse/OCPBUGS-5678,https://github.com/openshift/enhancements
/blob/master/enhancements/cluster-api/cluster-api-integration.md"                                                                                                                          
→ Enriches enhancement with:
- API changes from PR #1234                                                                                                                                                                
- Risks from bug OCPBUGS-5678                             
- References to related enhancement in see-also                                                                                                                                            
                                                                                                                                                                                           
Benefits
                                                                                                                                                                                           
1. Reduced manual effort - Auto-populate sections that would otherwise require research                                                                                                    
2. Better quality - Enhancements include real implementation details from PRs
3. Traceability - Links back to source PRs and issues for context                                                                                                                          
4. Consistency - API documentation matches actual implementation                                                                                                                           
5. Risk awareness - Known issues from bugs are documented upfront                                                                                                                          
                                                                                                                                                                                           
Testing                                                                                                                                                                                    
                                                                                                                                                                                           
- ✅ Ran make lint - all checks passed                                                                                                                                                     
- ✅ Ran make update - marketplace.json and docs regenerated successfully
- ✅ Validated command and skill documentation structure                                                                                                                                   
- ✅ Version bumped appropriately (0.3.7 → 0.3.8)                                                                                                                                          
                                                                                                                                                                                           
Related                                                                                                                                                                                    
                                                                                                                                                                                           
This enhancement complements the existing --verify and --sync-from-prs flags, which analyze PRs after generation. The --additional-links parameter enriches during initial generation.     

Summary by CodeRabbit

• New Features

  • Added optional --additional-links parameter to the generate-enhancement command, enabling users to provide GitHub PRs, Jira issues, and documentation links to automatically enrich enhancement generation with API changes, risks, and related references.

• Documentation

  • Updated command and skill documentation with new workflow steps, examples, and mapping guidance for the enhanced context processing feature.

Version: Bumped to 0.3.8

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rvanderp3

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [rvanderp3]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

The Jira plugin version is updated from 0.3.7 to 0.3.8 across manifest files. The generate-enhancement command documentation is extended to support an optional --additional-links parameter that fetches and processes external context from GitHub PRs and Jira issues to enrich enhancement specifications.

Changes

Cohort / File(s)	Summary
Version Bump .claude-plugin/marketplace.json, docs/data.json, plugins/jira/.claude-plugin/plugin.json	Version field incremented from 0.3.7 to 0.3.8 across plugin manifest files.
Feature Documentation plugins/jira/commands/generate-enhancement.md, plugins/jira/skills/generate-enhancement/SKILL.md	Added --additional-links CLI argument documentation and extended skill specification with Step 0 (context link processing), helper functions for fetching GitHub PR/Jira issue details, auto-population of enhancement sections (see-also, API Extensions, Risks and Mitigations) from linked content, and usage examples demonstrating enriched generation with external context sources.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 8

✅ Passed checks (8 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding support for additional data source links to enhance the jira:generate-enhancement command.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
No Real People Names In Style References	✅ Passed	No real people's names appear as style references or examples in the modified documentation files.
No Assumed Git Remote Names	✅ Passed	No hardcoded git remote names like 'origin' or 'upstream' found in changed files. Changes are documentation and version updates only.
Git Push Safety Rules	✅ Passed	Pull request contains only documentation and JSON manifests with no git push commands, force push operations, or automated push workflows.
No Untrusted Mcp Servers	✅ Passed	No MCP server installations from untrusted or any sources detected. Changes consist of version bumps and documentation additions without new dependencies.
Ai-Helpers Overlap Detection	✅ Passed	PR extends existing jira:generate-enhancement command with --additional-links parameter. No duplicate functionality or overlapping commands detected in repository.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@plugins/jira/commands/generate-enhancement.md`:
- Around line 155-157: The fenced code blocks in
plugins/jira/commands/generate-enhancement.md showing the example invocations
(e.g., the lines containing "/jira:generate-enhancement OCPSTRAT-1596 ..." and
"/jira:generate-enhancement HIVE-2589 ...") are missing a language specifier and
trigger markdownlint MD040; update those triple-backtick fences (and the other
example fences noted around lines 161–163) to include a language tag such as
text or bash (e.g., ```text) so all example code fences consistently have a
language specifier.

In `@plugins/jira/skills/generate-enhancement/SKILL.md`:
- Around line 93-136: The process_additional_links function currently fetches
user-provided URLs directly; harden all calls to fetch_url_content and any
network fetches (e.g., fetch_github_pr, fetch_jira_issue) by validating URLs
first: enforce HTTPS only, check host allowlist (e.g., known
github/jira/docs/enhancements hosts), disallow localhost/127.0.0.0/8 and private
CIDR ranges, prevent file:// and other schemes, and reject or sanitize redirect
targets; also apply fetch limits (connection and read timeouts, max response
size) and follow-only-same-host redirect policy. Update process_additional_links
to run each link through a validate_and_normalize_url helper (create if needed)
before calling fetch_url_content/fetch_github_pr/fetch_jira_issue and ensure
those fetch functions respect timeouts, max bytes, and do not follow untrusted
redirects.
- Around line 648-649: The current risk-extraction condition checks
issue['status'] != 'Closed', which can treat resolved/done issues as active
risks; update the condition in the block that appends to risks (where issue and
risks are used) to use unresolved semantics or an explicit
closed-status/resolution set — e.g., check issue.get('resolution') is None or
that issue['status'] not in ['Closed','Done','Resolved','Cancelled'] (or similar
project-specific closed statuses) before calling risks.append({...}) so only
truly open/unresolved Bugs and Tasks are flagged as risks.
- Around line 140-142: The code calls match.groups() on the result of
re.match(r'https://github.com/([^/]+)/([^/]+)/pull/(\d+)', pr_url) without
checking for a successful match, which will raise on malformed URLs; update the
logic around re.match/pr_url to first check if match is not None (e.g., if not
match: raise ValueError or log and skip) before calling match.groups(), and
handle the error path cleanly so org, repo, pr_number are only assigned when a
valid match exists.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 88dfc441-1421-4715-94af-7c747bb60346

📥 Commits

Reviewing files that changed from the base of the PR and between 35cac24 and 89250ab.

📒 Files selected for processing (5)

• .claude-plugin/marketplace.json
• docs/data.json
• plugins/jira/.claude-plugin/plugin.json
• plugins/jira/commands/generate-enhancement.md
• plugins/jira/skills/generate-enhancement/SKILL.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add languages to new fenced code blocks to satisfy markdownlint.

The new example fences are missing a language specifier, which triggers MD040. Use text or bash consistently for these command examples.

Suggested diff

-   ```
+   ```text
    /jira:generate-enhancement OCPSTRAT-1596 --additional-links "https://github.com/openshift/api/pull/1234,https://issues.redhat.com/browse/OCPBUGS-5678"
    ```
@@
-   ```
+   ```text
    /jira:generate-enhancement HIVE-2589 --additional-links "https://github.com/openshift/api/pull/1234,https://issues.redhat.com/browse/OCPBUGS-5678,https://github.com/openshift/enhancements/blob/master/enhancements/cluster-api/cluster-api-integration.md"
    ```

Also applies to: 161-163

🧰 Tools

🪛 markdownlint-cli2 (0.22.0)

[warning] 155-155: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@plugins/jira/commands/generate-enhancement.md` around lines 155 - 157, The
fenced code blocks in plugins/jira/commands/generate-enhancement.md showing the
example invocations (e.g., the lines containing "/jira:generate-enhancement
OCPSTRAT-1596 ..." and "/jira:generate-enhancement HIVE-2589 ...") are missing a
language specifier and trigger markdownlint MD040; update those triple-backtick
fences (and the other example fences noted around lines 161–163) to include a
language tag such as text or bash (e.g., ```text) so all example code fences
consistently have a language specifier.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Harden external link fetching to prevent SSRF/path abuse.

This guidance currently fetches user-provided URLs directly. Please document strict URL validation (HTTPS only, allowlisted hosts, no localhost/private CIDR, redirects/timeouts/size caps) before any fetch_url_content call.

Suggested diff

 def process_additional_links(links):
     """Process additional context links provided by the user."""
@@
     for link in links.split(','):
         link = link.strip()
+        if not is_allowed_context_url(link):
+            continue
@@
-        elif 'docs.openshift.com' in link or '.md' in link:
+        elif 'docs.openshift.com' in link or '.md' in link:
             doc_content = fetch_url_content(link)
             context['documentation'].append({
                 'url': link,
                 'content': doc_content
             })

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@plugins/jira/skills/generate-enhancement/SKILL.md` around lines 93 - 136, The
process_additional_links function currently fetches user-provided URLs directly;
harden all calls to fetch_url_content and any network fetches (e.g.,
fetch_github_pr, fetch_jira_issue) by validating URLs first: enforce HTTPS only,
check host allowlist (e.g., known github/jira/docs/enhancements hosts), disallow
localhost/127.0.0.0/8 and private CIDR ranges, prevent file:// and other
schemes, and reject or sanitize redirect targets; also apply fetch limits
(connection and read timeouts, max response size) and follow-only-same-host
redirect policy. Update process_additional_links to run each link through a
validate_and_normalize_url helper (create if needed) before calling
fetch_url_content/fetch_github_pr/fetch_jira_issue and ensure those fetch
functions respect timeouts, max bytes, and do not follow untrusted redirects.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Guard regex parsing before dereferencing GitHub PR URL groups.

match.groups() will fail on malformed/non-PR URLs. Add a null check and skip/raise a controlled error.

Suggested diff

 def fetch_github_pr(pr_url):
     """Fetch PR details from GitHub."""
     match = re.match(r'https://github.com/([^/]+)/([^/]+)/pull/(\d+)', pr_url)
+    if not match:
+        return None
     org, repo, pr_number = match.groups()

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	match = re.match(r'https://github.com/([^/]+)/([^/]+)/pull/(\d+)', pr_url)
	org, repo, pr_number = match.groups()
	def fetch_github_pr(pr_url):
	"""Fetch PR details from GitHub."""
	match = re.match(r'https://github.com/([^/]+)/([^/]+)/pull/(\d+)', pr_url)
	if not match:
	return None
	org, repo, pr_number = match.groups()

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@plugins/jira/skills/generate-enhancement/SKILL.md` around lines 140 - 142,
The code calls match.groups() on the result of
re.match(r'https://github.com/([^/]+)/([^/]+)/pull/(\d+)', pr_url) without
checking for a successful match, which will raise on malformed URLs; update the
logic around re.match/pr_url to first check if match is not None (e.g., if not
match: raise ValueError or log and skip) before calling match.groups(), and
handle the error path cleanly so org, repo, pr_number are only assigned when a
valid match exists.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use broader terminal-status filtering for Jira risk extraction.

Filtering only status != 'Closed' can include resolved/done bugs as active risks. Prefer unresolved semantics (or an explicit closed-status set).

Suggested diff

-        if issue['type'] in ['Bug', 'Task'] and issue['status'] != 'Closed':
+        terminal_statuses = {'Closed', 'Done', 'Resolved', 'Cancelled'}
+        if issue['type'] in ['Bug', 'Task'] and issue['status'] not in terminal_statuses:
             risks.append({
                 'source': issue['key'],
                 'description': issue['summary'],
                 'details': issue['description']
             })

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@plugins/jira/skills/generate-enhancement/SKILL.md` around lines 648 - 649,
The current risk-extraction condition checks issue['status'] != 'Closed', which
can treat resolved/done issues as active risks; update the condition in the
block that appends to risks (where issue and risks are used) to use unresolved
semantics or an explicit closed-status/resolution set — e.g., check
issue.get('resolution') is None or that issue['status'] not in
['Closed','Done','Resolved','Cancelled'] (or similar project-specific closed
statuses) before calling risks.append({...}) so only truly open/unresolved Bugs
and Tasks are flagged as risks.

[openshift-ci]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.