Issue Summary

Currently, the Atlassian Rovo MCP Server domain allowlist is managed at the Organization level (Atlassian Administration → Apps → AI settings → Rovo MCP server → Domains). When an admin adds a domain (e.g., claude.ai) to the allowlist, that domain is authorized to connect to ALL sites within the organization via OAuth 2.1. There is no mechanism to restrict MCP Server domain access to specific sites.

This means customers cannot enable MCP Server connectivity for a sandbox site to test/POC without also exposing their production sites to the same MCP connections. Users who authenticate via the allowed domain can select any site they have access to during the OAuth consent flow.

Customer Use Case

A customer wants to:

1. Activate the MCP Server only for their sandbox site to conduct testing/POC
2. Prevent users from connecting to production sites via MCP until the POC is validated
3. Restrict which MCP tools are available in the backend on a per-site basis

Currently none of these are achievable because:

• The domain allowlist is org-wide — adding a domain enables it for every site
• The Permissions tab (Read/Write/Search per product) is also org-wide
• There is no per-tool granularity at site level

Expected Results

Organization Administrators should have the option to:

1. Select specific sites (e.g., sandbox-site.atlassian.net only) when configuring allowed domains in the Rovo MCP Server settings, enabling site-specific MCP domain access control
2. Apply MCP permission policies (Read/Write/Search) on a per-site basis, allowing different security postures for sandbox vs. production environments
3. Optionally restrict which MCP tools are available per site