feat(jira): adds Jira Cloud integration

.dev.vars.example

@@ -1,8 +1,18 @@
 GITHUB_CLIENT_ID=your_client_id_here
 GITHUB_CLIENT_SECRET=your_client_secret_here
+# Note: ALLOWED_ORIGIN must match the registered OAuth callback origin.
+# For Jira local dev, this must be http://localhost:5173 — the Worker constructs
+# redirect_uri as ${ALLOWED_ORIGIN}/jira/callback, which Atlassian validates against
+# the registered callback URLs in your Atlassian Developer Console app settings.
 ALLOWED_ORIGIN=http://localhost:5173
 SESSION_KEY=your-base64-encoded-32-byte-key
 SEAL_KEY=your-base64-encoded-32-byte-key
 TURNSTILE_SECRET_KEY=your-turnstile-secret-from-cf-dashboard
 # Optional: only needed if Sentry "Allowed Domains" is configured in your Sentry project settings
 # SENTRY_SECURITY_TOKEN=your-sentry-security-token
+
+# ── Jira Cloud Integration (optional) ─────────────────────────────────────────
+# Get these from the Atlassian Developer Console: https://developer.atlassian.com/console/myapps/
+# Create an OAuth 2.0 (3LO) app, add read:jira-work scope, set callback to ${ALLOWED_ORIGIN}/jira/callback
+# JIRA_CLIENT_ID=your-jira-oauth-client-id
+# JIRA_CLIENT_SECRET=your-jira-oauth-client-secret

.env.example

@@ -13,6 +13,11 @@ GITHUB_TOKEN=your_github_token_here
 # Default: 9876
 # MCP_WS_PORT=9876
 
+# ── Jira Cloud Integration (optional) ─────────────────────────────────────────
+# Public Jira OAuth client ID — embedded into client-side bundle at build time by Vite.
+# This is public information (visible in the OAuth authorize URL).
+# VITE_JIRA_CLIENT_ID=your-jira-oauth-client-id
+
 # ── Turnstile (Cloudflare) ─────────────────────────────────────────────────────
 # Public site key — embedded into client-side bundle at build time by Vite.
 # This is public information (visible in the Turnstile widget script).

CONTRIBUTING.md

@@ -13,6 +13,13 @@ pnpm run dev
 
 The dev server starts at `http://localhost:5173`. You'll need a GitHub OAuth app client ID in `.env` (copy `.env.example` and fill in your value).
 
+**Jira integration (optional):** The Jira Cloud integration is opt-in. Tests run without Jira credentials. To develop or test the Jira features locally:
+
+1. Add `VITE_JIRA_CLIENT_ID=<your-atlassian-oauth-client-id>` to `.env` — this gates visibility of the Jira section in Settings
+2. Add `JIRA_CLIENT_ID` and `JIRA_CLIENT_SECRET` to `.dev.vars` (copy from `.dev.vars.example`) — these are used by the Cloudflare Worker for OAuth token exchange
+
+In production, provision `JIRA_CLIENT_ID` and `JIRA_CLIENT_SECRET` as Worker secrets via `wrangler secret put`. Never commit them to `.env` or `.dev.vars`.
+
 The repo uses a pnpm workspace: the root package is the SolidJS SPA; `mcp/` is a separate package (`github-tracker-mcp`) built with tsup. Running `pnpm install` at the root installs both.
 
 To run the MCP server in standalone mode, set `GITHUB_TOKEN` before starting:

DEPLOY.md

@@ -119,13 +119,12 @@ Cloudflare Worker secrets are set. In CI, the deploy workflow runs
 
 ### Scopes
 
-The login flow requests `scope=repo read:org notifications`:
+The login flow requests `scope=repo read:org`:
 
 | Scope | Used for |
 |-------|----------|
 | `repo` | Read issues, PRs, check runs, workflow runs (includes private repos) |
 | `read:org` | `GET /user/orgs` — list user's organizations for the org selector |
-| `notifications` | `GET /notifications` — polling optimization gate (304 = skip full fetch) |
 
 **Note:** The `repo` scope grants write access to repositories, but this app never performs write operations (POST/PUT/PATCH/DELETE on repo endpoints). It is read-only by design.
 

README.md

@@ -59,7 +59,7 @@ A second, faster poll loop (default 30s, configurable 10–120s) targets only in
 
 ### Desktop Notifications
 
-Browser notifications for new issues, PRs, and failed runs. Per-type toggles in settings. Notification permission requested on first enable. Uses the GitHub Notifications API as a change-detection gate when the `notifications` scope is available.
+Browser notifications for new issues, PRs, and failed runs. Per-type toggles in settings. Notification permission requested on first enable. New items are detected via the Events API polling loop and full refresh cycles.
 
 ### Repo Pinning and Reordering
 
@@ -77,6 +77,10 @@ Star counts appear in repo group headers, fetched as part of the standard data r
 
 Create named filtered views over the existing Issues, PRs, and Actions data. Each custom tab has a name, a base type (Issues, PRs, or Actions), an optional org/repo scope, and optional filter presets. An "exclusive" toggle hides matching items from the standard tabs so they only appear in the custom tab. Up to 10 custom tabs can be created. Manage them via the "+" button in the tab bar or in **Settings > Custom Tabs**.
 
+### Jira Cloud Integration
+
+Opt-in Jira Cloud integration: auto-detect Jira issue keys in GitHub issue and PR titles and display inline status badges, view your assigned Jira issues in a dedicated tab with status/priority filters, and bookmark Jira issues to the Tracked tab alongside GitHub items. Supports OAuth 2.0 (3LO) and API token authentication.
+
 ### Themes
 
 9 themes: auto (follows system), corporate, cupcake, light, nord, dim, dracula, dark, forest. Theme is applied immediately on selection with no page reload.
@@ -87,7 +91,7 @@ Hide specific items with a persistent ignore list. An "N ignored" badge on the r
 
 ### ETag Caching and Auto-Refresh
 
-Conditional requests using `If-None-Match` headers — GitHub doesn't count 304 responses against the rate limit. Background polling keeps data fresh even when the tab is hidden (when the notifications scope is available for efficient change detection).
+Conditional requests using `If-None-Match` headers — GitHub doesn't count 304 responses against the rate limit. A 60-second events poll uses ETag requests to detect changes and trigger targeted per-repo refreshes, keeping data fresh even in background tabs at zero rate-limit cost.
 
 ## Tech Stack