{
  "meta": {
    "agent": "planner",
    "task_id": "552",
    "title": "BJ-12: Unit tests — Atlassian OAuth auth providers",
    "created_at": "2026-04-23T17:12:41Z"
  },
  "inputs": [
    {
      "name": "issue",
      "type": "link",
      "ref": "https://github.com/AgentSDE/agent-core/issues/552",
      "notes": "BJ-12 in EPIC #539 Wave 4; depends on #542 (BJ-2) + #543 (BJ-3)"
    },
    {
      "name": "reference_spec",
      "type": "file",
      "ref": "src/github/github-app-auth.provider.spec.ts",
      "notes": "Established pattern: fetch spy + mocked ConfigService"
    },
    {
      "name": "platform_auth_interface",
      "type": "file",
      "ref": "src/platform/platform-auth-provider.interface.ts",
      "notes": "Contract: platform, getToken, getBotUsername"
    }
  ],
  "outputs": [
    {
      "name": "bitbucket_spec",
      "type": "file_plan",
      "format": "text",
      "content": "src/atlassian/bitbucket-oauth-auth.provider.spec.ts — Jest suite with ~8 cases"
    },
    {
      "name": "jira_spec",
      "type": "file_plan",
      "format": "text",
      "content": "src/atlassian/jira-oauth-auth.provider.spec.ts — Jest suite with ~8 cases"
    }
  ],
  "files": [
    {
      "path": "src/atlassian/bitbucket-oauth-auth.provider.spec.ts",
      "action": "create",
      "reason": "Unit tests for BitbucketOAuthAuthProvider"
    },
    {
      "path": "src/atlassian/jira-oauth-auth.provider.spec.ts",
      "action": "create",
      "reason": "Unit tests for JiraOAuthAuthProvider"
    },
    {
      "path": "src/atlassian/bitbucket-oauth-auth.provider.ts",
      "action": "inspect",
      "reason": "Confirm signatures before asserting"
    },
    {
      "path": "src/atlassian/jira-oauth-auth.provider.ts",
      "action": "inspect",
      "reason": "Confirm signatures before asserting"
    },
    {
      "path": "src/atlassian/atlassian-oauth-auth.provider.ts",
      "action": "inspect",
      "reason": "Base class — confirm token caching + rotation hooks"
    },
    {
      "path": "src/atlassian/atlassian-oauth-state.repo.ts",
      "action": "inspect",
      "reason": "Repo API for refresh-token persistence mocking"
    }
  ],
  "steps": [
    {
      "id": "S1",
      "summary": "Inspect merged Atlassian provider + state-repo sources and capture exact signatures, config keys, token endpoints.",
      "acceptance": [
        "Provider constructors, base-class refresh loop, and state-repo methods are documented before any assertion is written",
        "BLOCKED signal emitted if any of #541/#542/#543/#544 has not yet landed on rc/atlassian-integration"
      ],
      "depends_on": []
    },
    {
      "id": "S2",
      "summary": "Write src/atlassian/bitbucket-oauth-auth.provider.spec.ts covering cold fetch, caching, near-expiry refresh, concurrent dedup, rotation persistence, 401 error, getBotUsername, and platform identifier.",
      "acceptance": [
        "Spec passes under npm run test",
        "fetch spy verifies POST to https://bitbucket.org/site/oauth2/access_token with grant_type=refresh_token",
        "AtlassianOAuthStateRepo mock receives persisted rotated refresh token",
        "No real network calls (globalThis.fetch fully spied)"
      ],
      "depends_on": [
        "S1"
      ]
    },
    {
      "id": "S3",
      "summary": "Write src/atlassian/jira-oauth-auth.provider.spec.ts mirroring S2 with Jira-specific config keys and token endpoint.",
      "acceptance": [
        "Spec passes under npm run test",
        "fetch spy verifies POST to https://auth.atlassian.com/oauth/token",
        "platform identifier asserted as 'jira'",
        "getBotUsername returns JIRA_BOT_USERNAME from mocked ConfigService"
      ],
      "depends_on": [
        "S1"
      ]
    },
    {
      "id": "S4",
      "summary": "Run npm run test, npm run lint, npm run test:cov; confirm both providers have >90% branch coverage and lint is clean.",
      "acceptance": [
        "npm run test -- src/atlassian exits 0",
        "npm run lint exits with zero warnings",
        "Coverage report shows >90% branch coverage for both provider files"
      ],
      "depends_on": [
        "S2",
        "S3"
      ]
    }
  ],
  "risks": [
    {
      "risk": "Dependency providers (#542/#543) and base (#541) not yet merged into rc/atlassian-integration — specs cannot compile until they land.",
      "mitigation": "S1 verifies presence and signals BLOCKED if missing; do not attempt to scaffold dummy types."
    },
    {
      "risk": "AtlassianOAuthStateRepo API not yet frozen — test mocks may diverge from merged implementation.",
      "mitigation": "S1 reads the repo source first and aligns mocks to actual method names/signatures before writing assertions."
    }
  ],
  "assumptions": [
    "Refresh-token rotation: server always returns a new refresh token on success (issue edge case note).",
    "Expiry boundary uses strict < at T-5 min (issue edge case note).",
    "fetch spy is acceptable in place of nock — pattern already used in src/github/github-app-auth.provider.spec.ts."
  ],
  "open_questions": [
    "Does AtlassianOAuthStateRepo key state by tenant/workspace or by platform? Affects mock shape — resolve at S1 before writing assertions."
  ]
}