Remove built-in GitHub and Jira issue tools

[nickmisasi]

Summary

Removes the built-in GetGithubIssue and GetJiraIssue tools, deletes their provider wiring and implementation code, updates related docs to stop advertising those built-in integrations, and removes the now-unused Go dependencies and stale NOTICE.txt entries.

Ticket Link

NONE

Screenshots

NONE

Release Note

Removed the built-in GitHub and Jira issue retrieval tools from Agents. GitHub/Jira issue access should now come from configured MCP integrations instead of built-in connectors.

  

Summary by CodeRabbit

• Removed Features

  • Removed GitHub issue lookup and Jira issue lookup tools from direct messages

• Documentation

  • Updated user guide to reflect removal of GitHub and Jira integration tools
  • Updated admin guide to remove GitHub and Jira integration configuration information
  • Updated framework documentation to reference MCP servers and other configured integrations

[github-actions]

🤖 LLM Evaluation Results

OpenAI

✅ Overall: 19/19 tests passed (100.0%)

Provider	Total	Passed	Failed	Pass Rate
✅ OPENAI	19	19	0	100.0%

---

Anthropic

⚠️ Overall: 18/19 tests passed (94.7%)

Provider	Total	Passed	Failed	Pass Rate
⚠️ ANTHROPIC	19	18	1	94.7%

❌ Failed Evaluations

Show 1 failures

ANTHROPIC

1. TestReactEval/[anthropic]_react_cat_message

• Score: 0.00
• Rubric: The word/emoji is a cat emoji or a heart/love emoji
• Reason: The output is the text "heart_eyes_cat", which is neither an actual cat emoji nor a heart/love emoji character.

---

This comment was automatically generated by the eval CI pipeline.

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes remove GitHub and Jira integration tools from the system, including their implementations, dependencies, and documentation. These integrations are being replaced with MCP servers and other configured integrations.

Changes

Cohort / File(s)	Summary
Integration Implementation Removal mmtools/github.go, mmtools/jira.go	Deleted entire GitHub issue fetching tool (89 lines) and Jira issue fetching tool (185 lines), including argument validation, API request logic, and response formatting.
Tool Provider Refactoring mmtools/provider.go, mmtools/provider_test.go, server/main.go	Removed httpClient parameter from NewMMToolProvider signature and eliminated conditional registration of GitHub and Jira tools from GetTools. Updated test cases and main initialization accordingly.
Dependency Management go.mod, NOTICE.txt	Removed 7 Go modules including github.com/andygrunwald/go-jira, github.com/google/go-github/v41, and their transitive dependencies. Cleaned up corresponding license entries.
Documentation Updates docs/admin_guide.md, docs/sovereign_ai.md, docs/user_guide.md	Removed GitHub and Jira integration sections from admin and user guides. Updated framework description to reference "MCP servers and other configured integrations" instead of "built-in connectors (GitHub, Jira)".
Test Updates conversations/conversations_test.go	Replaced mock GitHub issue retriever tool with mock server-search tool in test setup, removing mmtools import dependency.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately and concisely summarizes the main change: removing the built-in GitHub and Jira issue tools, which is reflected across all modified files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch cursor/github-jira-tools-878c

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

conversations/conversations_test.go (1)

37-40: Use mmtools.SearchServerArgs in the mock schema to prevent drift.

Line 39 duplicates the tool input shape with an anonymous struct. If mmtools.SearchServerArgs changes (fields/tags), this test can silently diverge from production behavior.

♻️ Proposed refactor

 import (
 	"bytes"
 	"io"
 	"net/http"
 	"path/filepath"
 	"testing"

 	"github.com/mattermost/mattermost-plugin-ai/bots"
 	"github.com/mattermost/mattermost-plugin-ai/conversations"
 	"github.com/mattermost/mattermost-plugin-ai/enterprise"
 	"github.com/mattermost/mattermost-plugin-ai/evals"
 	"github.com/mattermost/mattermost-plugin-ai/i18n"
 	"github.com/mattermost/mattermost-plugin-ai/llm"
 	"github.com/mattermost/mattermost-plugin-ai/llmcontext"
 	"github.com/mattermost/mattermost-plugin-ai/mcp"
+	"github.com/mattermost/mattermost-plugin-ai/mmtools"
 	"github.com/mattermost/mattermost-plugin-ai/mmapi/mocks"
 	"github.com/mattermost/mattermost-plugin-ai/prompts"
@@
 	tools = append(tools, llm.Tool{
 		Name:        "SearchServer",
 		Description: "Search the Mattermost chat server for relevant messages.",
-		Schema:      llm.NewJSONSchemaFromStruct[struct{ Term string }](),
+		Schema:      llm.NewJSONSchemaFromStruct[mmtools.SearchServerArgs](),
 		Resolver: func(context *llm.Context, args llm.ToolArgumentGetter) (string, error) {
 			return "No relevant messages found.", nil
 		},
 	})

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@conversations/conversations_test.go` around lines 37 - 40, The test is using
an anonymous struct for the tool schema (llm.NewJSONSchemaFromStruct[struct{
Term string }]()) which can drift from the real input type; replace the
anonymous type with the canonical mmtools.SearchServerArgs type in the schema
call so the mock always matches production (update imports if needed and keep
the Resolver signature intact), i.e., change llm.NewJSONSchemaFromStruct[...] to
use mmtools.SearchServerArgs so the tool "SearchServer" test schema stays in
sync.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@conversations/conversations_test.go`:
- Around line 37-40: The test is using an anonymous struct for the tool schema
(llm.NewJSONSchemaFromStruct[struct{ Term string }]()) which can drift from the
real input type; replace the anonymous type with the canonical
mmtools.SearchServerArgs type in the schema call so the mock always matches
production (update imports if needed and keep the Resolver signature intact),
i.e., change llm.NewJSONSchemaFromStruct[...] to use mmtools.SearchServerArgs so
the tool "SearchServer" test schema stays in sync.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 9aa3e208-c853-40b9-a233-e0338dd36eef

📥 Commits

Reviewing files that changed from the base of the PR and between fc37217 and d202a57.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (11)

• NOTICE.txt
• conversations/conversations_test.go
• docs/admin_guide.md
• docs/sovereign_ai.md
• docs/user_guide.md
• go.mod
• mmtools/github.go
• mmtools/jira.go
• mmtools/provider.go
• mmtools/provider_test.go
• server/main.go

💤 Files with no reviewable changes (7)

• docs/user_guide.md
• docs/admin_guide.md
• server/main.go
• NOTICE.txt
• mmtools/github.go
• go.mod
• mmtools/jira.go

[cursor]

Security Review: No findings

This PR strictly removes the built-in GitHub and Jira issue tools, their dependencies, and associated documentation. No new code, endpoints, data flows, or user inputs are introduced.

The change is a net security improvement:

• Reduced attack surface: Two tool implementations and their third-party dependencies (go-jira, go-github) are removed.
• SSRF vector removed: The deleted Jira tool accepted an LLM-controlled instanceURL passed to jira.NewClient, which was an SSRF-susceptible pattern. This risk no longer exists.
• Fewer dependencies: Removing andygrunwald/go-jira, google/go-github/v41, and transitive dependencies (fatih/structs, trivago/tgo, golang-jwt/v4, go-querystring) reduces supply-chain risk.

  

_{Sent by Cursor Automation: Find vulnerabilities}

[crspeller]

Uh.... what? A search tool that does nothing. Very useful.

[nickmisasi]

This is the mockToolProvider implementation - it didn't do anything previously either