A comprehensive example of integrating external services with Atlassian Forge while maintaining full compliance with the "Runs on Atlassian" policy. This project demonstrates how to monitor external services without violating Atlassian's data egress restrictions.
This project serves as a reference implementation showing how to:
- Monitor external services from within Atlassian Forge
- Maintain compliance with "Runs on Atlassian" policy
- Use cryptographic authentication for secure communication
- Implement periodic health checks without data egress
- Create a complete monitoring solution with custom backend
Forge Health Monitor is a monitoring solution that allows you to track the health status of external services directly from your Jira instance. Here's what it does:
- Monitors External Services - Continuously checks if your external APIs, websites, or services are running
- Real-time Status Display - Shows current health status (ALIVE/DOWN) for all monitored services
- User-friendly Interface - Simple Jira global page where you can view all your service statuses
- Automatic Updates - Refreshes status every 5 minutes without manual intervention
- Node.js 22+
- Atlassian Forge CLI
- ngrok or similar HTTPS tunnel service
# Install root dependencies
npm install
# Install Forge UI dependencies
cd static/cusomUI
npm install
cd ../..
# Install custom backend dependencies
cd ./customBackend
npm install
cd ..# In a new terminal
ngrok http 8080
# Note the HTTPS URL (e.g., https://abc123.ngrok.app)forge login
forge register
# Set the backend URL
forge variables set BACKEND_URL https://abc123.ngrok.app# Deploy the Forge app
forge deploy
# Install in your Jira instance
forge installcd customBackend
npm run start- Open the Forge app in your Jira instance!
- Click "Add Service" buttonimg.png
- Confirm the security dialog - Atlassian will show "Opening external page" dialog
- Click "Continue" to proceed to the custom backend
- Enter your health check URL in the custom backend form
- Complete registration and return to Forge app
-
Forge Backend (
src/)- Atlassian Forge backend with resolvers and web triggers
- Uses forge-sql-orm as ORM framework with MySQL database
- Implements cryptographic authentication with Ed25519 key pairs
- Fully compliant with "Runs on Atlassian" policy
Resolvers:
getTriggerUrlAndBackendUrl- Returns web trigger URL and backend URLgetSignature- Generates cryptographic signature for service registrationgetRecords- Fetches health check records with user information
Web Triggers:
updateItemStatusWeb- Receives health check updates from custom backendclearCacheWeb- Clears application cacheinvoke-schema-migration- Handles database schema migrationsdrop-schema-migration- Drops database schema
Scheduled Triggers:
scheduled-schema-migration- Hourly schema migrationprint-10slowest-queries- Performance analysis every hourclear-cache-trigger- Cache cleanup every 5 minutes
-
Forge CustomUI Application (
static/customUI)- Atlassian Forge app with Jira global page
- Displays health check results and service status
- Handles service registration and user management
-
Custom Backend (
customBackend/)- External Node.js server for health monitoring
- Performs periodic health checks (every 5 minutes)
- Sends results to Forge via static web triggers
- No data egress - only sends status updates
-
Custom Backend Frontend (
customBackend/customBackendFrontend/)- Registration interface for new services
- Service configuration and management
- User-friendly setup process
The application has two distinct data flows:
Forge UI β Forge Backend -> Opening external page β Custom Backend UI β Custom Backend β Forge Backend β Forge UI
(register) (generate (ask for URL) (ping service, (store data) (display
signature) generate keys) status)
Detailed Registration Steps:
- Forge UI - User clicks "Add Service" button
- Forge Backend - Generates Ed25519 signature (valid for 30 minutes)
- Forge UI - Initiates redirect to Custom Backend UI with signed state
- Opening external page - Atlassian security dialog appears, user must confirm
- Custom Backend UI - Asks user to enter Health Check URL
- Custom Backend - Pings external service to verify it's accessible
- Custom Backend - Generates Ed25519 key pairs for tenant
- Custom Backend - Stores key pairs for current tenant
- Custom Backend - Sends public key, service info, and status to Forge Backend
- Custom Backend - Redirects back to Forge application
- Forge UI - Renders page with external system status
External Service β Custom Backend β Forge Backend β Forge UI β Jira UI
(ping) (health check) (web trigger) (resolvers) (display)
Detailed Monitoring Steps:
- Custom Backend - Pings external services every 5 minutes
- Custom Backend - Sends results to Forge via
updateItemStatusWebtrigger - Forge Backend - Validates signatures and stores/updates records
- Forge UI - Fetches records via
getRecordsresolver - Jira UI - Displays real-time health status
- No data egress: All sensitive data stays within Atlassian infrastructure
- External monitoring only: Custom backend only pings external services
- Status updates only: Only health status is sent to Forge
- Tenant isolation: Each tenant has separate data storage
- Ed25519 key pairs: Generated per tenant for secure communication
- Signature verification: All requests are cryptographically signed
- 30-minute validity: Signatures expire for security
- Public key registration: Keys are stored securely in Forge
- Atlassian Security Dialog: "Opening external page" confirmation required for external redirects
- User Consent: Users must explicitly confirm navigation to external services
- Secure Redirects: All external navigation goes through Atlassian's security layer
- Default Forge Behavior: The "Opening external page" dialog is a standard Atlassian Forge security feature
- Automatic Trigger: Appears automatically when Forge apps redirect to external URLs
- User Protection: Prevents unauthorized external navigation and protects user data
- Required Confirmation: Users must click "Open" to proceed to external services
- Screenshot Available: Visual reference of the dialog will be added to documentation
βββ static/cusomUI/ # Forge application (Jira UI)
β βββ src/ # React components and logic
β βββ build-static/ # Built static files
β βββ README.md # Forge UI documentation
βββ customBackend/ # External monitoring server
β βββ src/ # Backend services and routes
β βββ customBackendFrontend/ # Registration interface
β βββ README.md # Backend documentation
βββ src/ # Forge backend resolvers
βββ manifest.yml # Forge app configuration
βββ README.md # This file
getTriggerUrlAndBackendUrl
- Returns web trigger URL for custom backend communication
- Provides backend URL from environment variables
- Essential for service registration flow
- Triggers Atlassian security dialog when redirecting to external pages
getSignature
- Generates Ed25519 key pairs per tenant
- Creates cryptographic signatures for service registration
- Manages signature expiration (30 minutes)
- Stores signature data in database for verification
getRecords
- Fetches all health check records from database
- Enriches data with user information from Jira API
- Returns combined record and user data for UI display
updateItemStatusWeb
- Receives health check updates from custom backend
- Validates cryptographic signatures for security
- Handles both REGISTER and UPDATE actions
- Stores/updates health check records in database
clearCacheWeb
- Clears application cache for performance optimization
- Triggered manually or via scheduled tasks
Tables:
records- Health check data and statustenantInfo- Ed25519 key pairs per tenantregisterNumbers- Signature validation data
ORM Features:
- Type-safe database operations with Drizzle ORM
- Automatic cache invalidation
- Schema migration support
- Performance monitoring and optimization
- Forge UI Documentation - Frontend application details
- Custom Backend Documentation - Backend server details
- Custom Backend Frontend Documentation - Registration interface details