Title#

feat: add atlassian_oauth_state entity + repo (BJ-5)

Problem#

Atlassian rotates refresh tokens on every /oauth/token call, so storing them in env files leads to stale-token failures. A durable, upsert-capable DB table is required to persist the current token state per (platform, tenantId).

Task / Link#

Closes #545 · Part of EPIC #539 (rc/atlassian-integration)

Changes#

• Add AtlassianOauthStateEntity TypeORM entity (atlassian_oauth_state table) with unique constraint on (platform, tenant_id), nullable access_token/expires_at, and @UpdateDateColumn
• Register entity in DatabaseModule (forRoot + forFeature entity arrays) and export from src/database/entities/index.ts
• Add AtlassianOauthStateRepo with get(platform, tenantId) and upsert(platform, tenantId, state) — upsert uses find-then-save to handle token rotation without duplicates
• Add AtlassianModule wiring TypeOrmModule.forFeature + repo provider/export
• Add src/atlassian/index.ts barrel exporting module, repo, types, and entity
• Add unit tests covering: get-miss, get-hit, null field round-trip, new insert, in-place update, bootstrap null insert

Notes#

• Repo uses better-sqlite3 with synchronize:true — no migration runner exists, so the entity acts as the migration (table auto-created on boot)
• PostgreSQL types (timestamptz, uuid) from the original issue spec are mapped to SQLite equivalents (datetime, varchar) with no loss of semantics

Testing#

• Unit tests: 6 specs added in atlassian-oauth-state.repo.spec.ts using mock TypeORM repository
• Full suite: 840 tests pass, 0 failures
• Lint: zero warnings (eslint --fix clean)