Title#

feat: add JiraAdapter and POST /webhooks/jira route (BJ-7)

Problem#

Agent-core has no way to receive and normalize Jira webhook events. The Atlassian integration epic requires a Jira webhook handler that maps Jira events to DispatchEvent for downstream pipeline routing.

Task / Link#

Closes #547 — BJ-7: JiraAdapter + webhook route

Changes#

• Add src/webhook/crypto.ts — shared verifyHmacSha256 helper; extracted from GitHubAdapter so both adapters share one HMAC-SHA256 code path
• Refactor GitHubAdapter.verifySignature to delegate to the shared helper (no behaviour change)
• Add JiraAdapter implementing PlatformAdapter with platform='jira'; maps 5 Jira webhook events to DispatchEvent (intake, issue_updated, task_cancelled, issue_comment, link_created)
• Extend DispatchEventType with 'issue_updated' and 'link_created'; add 'jira' to the platform union
• Add POST /webhooks/jira controller route; reads JIRA_WEBHOOK_SECRET (optional) for signature verification via x-hub-signature header
• Register JiraAdapter in WebhookModule.onModuleInit()
• Add JIRA_WEBHOOK_SECRET: Joi.string().optional() to config schema; document in .env.example and CLAUDE.md

Notes#

• JIRA_WEBHOOK_SECRET is optional — if not configured, signature verification is skipped for Jira webhooks (suitable for local dev / trusted networks)
• jira:issue_updated without a changelog field emits an issue_updated event with no commentBody (graceful per plan assumption)
• Unknown webhookEvent values return 200 with status: ignored (no throw)
• Downstream routing for issue_updated and link_created is left to a follow-up BJ- story

Testing#

• Unit tests: jira.adapter.spec.ts covers all 5 event types, bad/missing signature (3 cases), unknown event, and missing required fields
• webhook.controller.spec.ts extended with 4 jira-route scenarios (401, ignored, dispatched, no-adapter)
• All 50 existing test suites continue to pass after GitHubAdapter crypto extraction
• npm run lint passes with zero warnings