Skip to main content
Interact with Atlassian Confluence via the confluence-cli binary installed on the gateway host. Agents pass confluence arguments directly; the tool enforces two independent, optional permission layers before executing anything.

Installation

Install this tool individually:
Or install all tools from the toolkit:

Configuration

By default, all commands are permitted and all spaces are accessible — both permission layers are fully open until explicitly configured.

Prerequisites

Permission Model

There are two independent, optional permission layers. Either, both, or neither can be configured. They compose: a call must pass both layers to proceed.

Layer 1 — Command-Level

Controls which subcommands the agent may run. Command paths use the leading subcommand tokens (e.g. read, search, create, profile list). Prefix matching: "create" blocks both create and create-child. "profile" blocks all profile subcommands. Precedence: deny beats allow.

Layer 2 — Space-Level

Controls which Confluence spaces the agent may read from and write to. Completely skipped when neither allowReadSpaces nor allowWriteSpaces is configured.

Space Resolution

  • Static (free): create parses the space key from args, search --space uses the flag, URLs have the space key in the path
  • Dynamic (one API call): Commands with numeric page IDs trigger a confluence info lookup (results are cached)

⚠️ CQL Disclaimer

The search command accepts free-text queries that may contain CQL expressions. This tool only inspects the --space flag. CQL in the query string is NOT parsed or enforced. Use requireSpaceOnSearch: true to force explicit --space usage.

⚠️ comment-delete Disclaimer

comment-delete <commentId> takes a comment ID, not a page ID. Space enforcement cannot be applied. Use denyCommands: ["comment-delete"] to block it entirely if needed.

Config Examples

Read-only agent, all spaces:
Read-only agent, scoped to DOCS and TEAM spaces:
Documentation bot (reads anywhere, writes only to DRAFTS):
Write-safe agent (all reads allowed; only non-destructive writes):
Full access, always use the production profile:

Per-Agent Configuration (pluginConfigs)

Use beige’s pluginConfigs to give different agents different Confluence permissions:

Available Commands

read, info, search, spaces, find, children

Create / Update / Delete

create, create-child, copy-tree, update, move, delete, edit

Attachments

attachments, attachment-upload, attachment-delete

Comments

comments, comment, comment-delete

Content Properties

property-list, property-get, property-set, property-delete

Export / Profiles

export, edit, profile list, profile use, profile add, profile remove, stats

Error Reference

Implementation Details

  • Target: Gateway (runs on the host, not in the sandbox)
  • Dependency: confluence-cli binary
  • Stateless: Each invocation spawns a fresh process (except cached space lookups)