Title#

feat(atlassian): add AtlassianOAuthAuthProvider abstract base (BJ-1)

Problem#

The Atlassian integration EPIC (#539) needs a shared OAuth 2.0 authentication foundation before Bitbucket and Jira providers can be implemented. Without it, BJ-2 and BJ-3 have no base class to extend.

Task / Link#

Closes #541 — BJ-1: AtlassianOAuthAuthProvider abstract base EPIC: #539

Changes#

• Add AtlassianOAuthAuthProvider abstract class implementing PlatformAuthProvider with OAuth 2.0 refresh-token flow
• Add AtlassianOAuthStateRepo interface + ATLASSIAN_OAUTH_STATE_REPO injection token (concrete DB impl comes in BJ-5)
• Add AtlassianOAuthConfig and AtlassianPlatform types used by BJ-2/BJ-3 subclasses
• Add src/atlassian/index.ts barrel export
• Add unit tests: cached token reuse, preemptive 5-min refresh, concurrent call coalescing, rotated token persistence, error propagation

Notes#

• AtlassianOAuthStateRepo is interface-only here; BJ-5 delivers the DB-backed implementation
• Atlassian rotates the refresh token on every refresh — saveRefreshToken is awaited before returning the access token to prevent stale-token crashes

Testing#

• 9 unit tests via a concrete test subclass (TestAtlassianProvider)
• All scenarios from the plan acceptance criteria covered
• npm run lint — zero warnings
• npm run test -- atlassian-oauth-auth — all 9 pass