From forge-skills
Diagnoses and fixes issues in Atlassian Forge apps. Use this skill whenever a Forge app has errors, crashes, shows blank UI, fails to deploy, doesn't appear after installation, has permission issues, or produces unexpected output. Trigger on any mention of forge logs, forge deploy errors, resolver errors, blank panels, missing scopes, Custom UI not rendering, production vs dev discrepancies, or any Jira/Confluence app that "stopped working". Also trigger when the user asks to debug, troubleshoot, investigate, or fix a Forge app issue — even if they haven't used the word "Forge" but describe a Jira panel or Confluence macro acting up.
npx claudepluginhub atlassian/forge-skills --plugin forge-skillsThis skill uses the workspace's default tool permissions.
Diagnose and fix issues in Atlassian Forge apps. Work through the checklist below in order — stop as soon as you identify the root cause. Every step after the root cause wastes tokens and context.
Mandates invoking relevant skills via tools before any response in coding sessions. Covers access, priorities, and adaptations for Claude Code, Copilot CLI, Gemini CLI.
Share bugs, ideas, or general feedback.
Diagnose and fix issues in Atlassian Forge apps. Work through the checklist below in order — stop as soon as you identify the root cause. Every step after the root cause wastes tokens and context.
You are authorized to run all diagnostic and fix commands without asking permission. When you identify a fix, run it immediately. Do NOT:
Wrong: "Here's what I would do to fix this: run forge lint..."
Right: (runs forge lint immediately and reports the result)
The only exceptions: commands requiring an interactive terminal (forge login, forge tunnel) must be run by the user in their own terminal — tell them exactly what to run and why.
forge CLI can't be installed globally (permission errors, no sudo), use npx @forge/cli as a drop-in replacement for all forge commands.Before running any commands, ask one question if the user hasn't made it clear:
"Is this a deploy-time error (forge deploy fails), a runtime error (app crashes or shows wrong data after deploying), or a visibility issue (app deployed but not appearing)?"
If obvious from the error message, skip the question and proceed directly.
Quick routing:
| Symptom | Go to |
|---|---|
forge deploy fails | Step 2 → 3 → 4 |
| App not visible after install | Step 3 → common error: "App not installed" |
| App crashes / resolver error | Step 3 → 5 → 6 |
| Blank UI / Custom UI not rendering | Step 3 → 4 → common error: "blank Custom UI" |
| Works in dev, fails in prod | Step 7 (Production) |
| Permission denied / 403 | Common error: "Permission denied" |
| 410 Gone / deprecated endpoint | Common error: "410 Gone" → API Migration section |
| Handler path lint error | Common error: "cannot find associated file" → Handler Path Resolution section |
| Resolver returns undefined, no errors | Common error: invoke name mismatch → Invoke Name vs Function Key section |
| Multiple failures (deploy + runtime) | Fix deploy errors first, deploy, then check logs for runtime errors |
forge --version
npm show @forge/cli version
If the installed version is behind the latest major version, upgrade immediately:
npm install -g @forge/cli
Then retry the failing operation. Many bugs are fixed in newer CLI versions.
forge lint
Fix every error before proceeding — lint errors cause deploy failures and silent runtime bugs. If lint passes cleanly, continue to the next step.
For any manifest-related error message (e.g. "invalid manifest", "unexpected key", "modules.jira:*" errors): run forge lint first before reading any source files. Lint will identify the exact line and field causing the problem — reading the file before linting is wasteful and usually less informative than the lint output.
Only applies when the app has a static/ directory (Custom UI apps). Check if the frontend was built before the last deploy:
ls -la static/build/
If the build directory is missing or older than recent source changes, rebuild:
cd static && npm run build && cd ..
Then redeploy:
forge deploy -e development
This is one of the most common causes of blank UI panels.
Verify the app was actually deployed successfully:
forge deploy -e development --verbose
Watch for errors in the output. Note the deploy timestamp. If deploy fails, the error message usually identifies the problem directly — match it against the Common Error Patterns table below.
forge logs -e development --limit 100
Read the logs carefully. Most runtime errors appear here.
The resolver may not have been triggered, or logging isn't set up. Add a debug log at the entry point of the resolver:
// Add at the top of your handler function:
console.error('[DEBUG] Handler called with:', JSON.stringify(payload));
Then redeploy and trigger the app again:
forge deploy -e development
forge logs -e development --limit 100
Remove the debug log after you've identified the issue.
Forge UI Kit errors surface in forge logs, not the browser console. For Custom UI, add error logging in the resolver that backs the UI:
try {
const result = await api.asUser().requestJira(/* ... */);
return result;
} catch (err) {
console.error('[DEBUG] Resolver error:', err.message, err.stack);
throw err;
}
Redeploy, trigger, and check logs.
If the user reports an issue that only happens in production (or on a specific customer's site):
customername.atlassian.net)"forge logs -e production --site <customer-site> --limit 100
--upgrade.Match the error against this table first. If you find a match, apply the fix directly without further investigation.
| Error / Symptom | Root Cause | Fix |
|---|---|---|
| "App is not installed on this site" | forge install wasn't run, or ran against wrong site | Ask for the Atlassian site URL if not already known, then run it yourself: forge install --non-interactive --site <url> --product <jira|confluence> -e development |
| Blank panel / Custom UI white screen | Frontend build not run before deploy | cd static && npm run build && cd .. && forge deploy -e development |
| "Resolver not found" or resolver returns undefined | Function key in manifest.yml doesn't match resolver registration | Check manifest.yml function.key matches the key used in resolver.define('key', ...) |
| 403 / "Permission denied" / "Unauthorized" | OAuth scope missing from manifest | Add scope to manifest.yml, then: forge deploy -e development && forge install --non-interactive --site <url> --upgrade |
forge deploy fails with "Invalid manifest" | YAML syntax error in manifest.yml | Run forge lint, fix indentation/syntax errors |
| App deployed but module not visible | Wrong product in forge install, or tunnel not active | Verify --product flag matches app type; restart tunnel if using forge tunnel |
| "forge: command not found" | CLI not installed | npm install -g @forge/cli |
ENOENT or missing files on deploy | npm install not run in app directory | cd <app-dir> && npm install && forge deploy -e development |
| "Rate limit exceeded" | Too many API calls in resolver | Add exponential backoff; check for resolver being called in a loop |
| "App tunnel disconnected" | forge tunnel connection dropped | Re-run forge tunnel; check VPN isn't blocking websocket connections |
| "Cannot read properties of undefined" | API response shape unexpected | Log the full API response; add null checks |
| 410 Gone / "deprecated endpoint has been removed" | Confluence/Jira REST API endpoint removed | Migrate to v2 API (see API Migration section below). Redeploy and check logs |
cannot find associated file (handler path lint error) | Handler path in manifest.yml doesn't match actual file location | Handler path is relative to src/. E.g. if resolver is at src/resolvers/index.js, handler is resolvers/index.handler (not index.handler or src/resolvers/index.handler). See Handler Path Resolution below |
invoke() returns undefined, no errors in logs | Frontend invoke('name') doesn't match resolver.define('name') | The invoke name must exactly match the resolver.define name. Check both files — this is a different check than function key in manifest |
Module not found / doubled path like src/src/... on deploy | Handler path includes src/ prefix, but bundler already resolves from src/ | Remove src/ prefix from handler path. Use resolvers/index.handler not src/resolvers/index.handler |
npm install -g permission error / cannot install forge globally | No sudo or write access to global npm directory | Use npx @forge/cli as a drop-in replacement for all forge commands (lint, deploy, logs, install). No global install needed |
The handler field in manifest.yml has the format <path>.<export>, where:
<path> is the file path relative to src/ (without src/ prefix, without file extension)<export> is the named export from that fileExamples:
| Resolver file location | Export in file | Correct handler value |
|---|---|---|
src/resolvers/index.js | export const handler = ... | resolvers/index.handler |
src/index.js | export const handler = ... | index.handler |
src/backend/resolver.ts | export const run = ... | backend/resolver.run |
Common mistakes:
index.handler — wrong if the file is in a subdirectory like src/resolvers/src/resolvers/index.handler — wrong: bundler prefixes src/ automatically, resulting in src/src/resolvers/...resolvers/index.run — wrong if the file exports handler not runDiagnostic trick: If forge lint reports "cannot find associated file" but you're sure the file exists, try forge deploy --no-verify. The bundler error message shows the fully resolved path, which reveals whether the path is being doubled or misresolved.
There are two separate name-matching requirements for UI Kit resolvers:
function.key must match the resolver: function: reference in the module definitioninvoke('name') must exactly match resolver.define('name', ...) in the backendThese are independent — you can have the manifest function key correct but still get undefined results if the invoke name doesn't match resolver.define. When debugging "resolver returns undefined" with no errors in logs, always check both matching relationships.
Atlassian is progressively deprecating v1 REST API endpoints. When you see a 410 Gone response:
forge logs for the exact error — it will show which endpoint returned 410/wiki/rest/api/content/... → /wiki/api/v2/pages/... (or /blogposts/..., /spaces/...)/rest/api/2/... → /rest/api/3/...cursor parameter) instead of offset-based (start parameter). The next cursor is in data._links.nextauthorId instead of nested by.accountId)Do NOT treat 410 as a permissions issue — it means the endpoint no longer exists, not that access is denied.
Once the issue is resolved:
console.error('[DEBUG] ...') statements you added.forge lint one final time to confirm clean state.forge deploy -e development
forge logs shows no new errors.If none of the above resolves the issue:
forge logs -e development --verbose --limit 200 for extended output.search-forge-docs "known issues <error-text>"traceId from the log output — this is what Atlassian support needs.If any command fails with "not authenticated" or "run forge login":
forge login in their own terminal (not via the agent) — it will prompt for their email and the API tokenforge login in your terminal. Enter your Atlassian email and the token when prompted — do not paste the token here."Follow these to keep context usage low:
forge logs before reading any source file — logs usually reveal the root cause without needing to inspect code.npm ERR! missing script: build → check only package.json (scripts section)invalid manifest / unexpected key → run forge lint first, then only the specific manifest fieldResolver not found → check only the function key in manifest.yml vs resolver.define() in the resolver file403 / permission denied → check only the scopes in manifest.yml410 Gone → check the API endpoint URL in the resolver file; don't check scopes or manifestcannot find associated file → check the handler path in manifest.yml and the file location; use --no-verify to see the bundler's resolved pathinvoke() returns undefined → check both the frontend invoke('name') AND backend resolver.define('name') — two files, but targeted readsmanifest.yml for npm/build errors — they are unrelated.forge deploy more than once per fix attempt without a clear reason.forge deploy --no-verify as a diagnostic step when lint blocks deploy but you suspect the lint error may be misleading. The bundler error message often reveals the true path resolution issue. Always fix the root cause afterward — don't ship with --no-verify.