Bitbucket - Add Bitbucket Integration by eshurakov · Pull Request #4218 · Kilo-Org/cloud

eshurakov · 2026-06-23T21:14:20Z

Summary

Add personal and organization-owned Bitbucket Cloud OAuth connections with encrypted credential storage, workspace selection, repository caching, and GDPR cleanup.
Resolve Bitbucket contributor repositories and short-lived credentials through git-token-service, with live owner authorization checks and purpose-bound internal tokens.
Extend Cloud Agent session admission, persistence, clone, resume, and push flows to support stable Bitbucket workspace and repository identities.
Add Web integration management and repository selection, plus the database migration and production Worker configuration required for deployment.

Verification

Tested locally with Cloud Agent

kilo-code-bot · 2026-06-23T21:26:52Z

    const onlyAvailableRepo =
      !isLoadingGitHubRepos &&
      !isLoadingGitLabRepos &&
+      (organizationId || !isLoadingBitbucketRepos) &&


WARNING: Repository auto-selection can race Bitbucket loading

For personal sessions this effect still runs while the Bitbucket query is loading, and for organization sessions organizationId || !isLoadingBitbucketRepos explicitly treats the repository set as complete before Bitbucket finishes. Because getPreferredInitialRepo() still only tracks GitHub/GitLab loading, a saved or recent GitHub/GitLab repo can be auto-selected here and prevent the user’s Bitbucket repo from ever being chosen automatically.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

kilo-code-bot · 2026-06-23T21:26:52Z

+CREATE UNIQUE INDEX "UQ_platform_oauth_credentials_platform_integration_id" ON "platform_oauth_credentials" USING btree ("platform_integration_id");--> statement-breakpoint
+CREATE INDEX "IDX_platform_oauth_credentials_platform_subject" ON "platform_oauth_credentials" USING btree ("platform","provider_subject_id");--> statement-breakpoint
+CREATE INDEX "IDX_platform_oauth_credentials_authorized_by_user_id" ON "platform_oauth_credentials" USING btree ("authorized_by_user_id");--> statement-breakpoint
+CREATE UNIQUE INDEX "UQ_platform_integrations_user_bitbucket" ON "platform_integrations" USING btree ("owned_by_user_id","platform") WHERE "platform_integrations"."platform" = 'bitbucket' AND "platform_integrations"."owned_by_user_id" IS NOT NULL;--> statement-breakpoint


WARNING: Non-concurrent index creation can block writes on deploy

platform_integrations is an existing populated table, so these two CREATE UNIQUE INDEX statements will take a write-blocking lock while the migration runs. In production that can stall integration updates and other writes; this needs a concurrent rollout strategy instead of plain index creation.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

kilo-code-bot · 2026-06-23T21:27:02Z

Code Review Summary

Status: 3 Issues Found | Recommendation: Address before merge

Fix these issues in Kilo Cloud

Overview

Severity	Count
CRITICAL	0
WARNING	3
SUGGESTION	0

Issue Details (click to expand)

WARNING

File	Line	Issue
`packages/db/src/migrations/0173_wealthy_johnny_blaze.sql`	49	New indexes on populated `platform_integrations` are created without `CONCURRENTLY`, which can block writes during deploy.
`apps/web/src/components/cloud-agent-next/NewSessionPanel.tsx`	529	Bitbucket loading can still race repository auto-selection and lock in the wrong saved/recent repo.
`apps/web/src/components/shared/RepositoryCombobox.tsx`	21	Bitbucket selections are persisted but never restored because last-used repo parsing still rejects `platform: "bitbucket"`.

Files Reviewed (136 files)

packages/db/src/migrations/0173_wealthy_johnny_blaze.sql - 1 issue
apps/web/src/components/cloud-agent-next/NewSessionPanel.tsx - 1 issue
apps/web/src/components/shared/RepositoryCombobox.tsx - 1 issue
133 additional changed files - 0 issues

Previous Review Summaries (3 snapshots, latest commit d876fd8)

Current summary above is authoritative. Previous snapshots are kept for context only.

Previous review (commit `d876fd8`)

Status: 2 Issues Found | Recommendation: Address before merge

Fix these issues in Kilo Cloud

Overview

Severity	Count
CRITICAL	0
WARNING	2
SUGGESTION	0

Issue Details (click to expand)

WARNING

File	Line	Issue
`apps/web/src/components/cloud-agent-next/NewSessionPanel.tsx`	530	Bitbucket loading can race repository auto-selection and lock in the wrong saved/recent repo.
`packages/db/src/migrations/0173_handy_silver_samurai.sql`	51	New indexes on populated `platform_integrations` are created without `CONCURRENTLY`, which can block writes during deploy.

Files Reviewed (136 files)

apps/web/src/components/cloud-agent-next/NewSessionPanel.tsx - 1 issue
packages/db/src/migrations/0173_handy_silver_samurai.sql - 1 issue
134 additional changed files - 0 issues

Previous review (commit `eb72ecd`)

Status: No Issues Found | Recommendation: Merge

Files Reviewed (3 files)

apps/web/src/components/cloud-agent-next/utils/git-utils.ts
apps/web/src/lib/token.test.ts
apps/web/src/lib/tokens.ts

Previous review (commit `95af145`)

Status: 2 Issues Found | Recommendation: Address before merge

Fix these issues in Kilo Cloud

Overview

Severity	Count
CRITICAL	0
WARNING	2
SUGGESTION	0

Issue Details (click to expand)

WARNING

File	Line	Issue
`apps/web/src/components/cloud-agent-next/NewSessionPanel.tsx`	530	Bitbucket loading can race repository auto-selection and lock in the wrong saved/recent repo.
`packages/db/src/migrations/0173_cynical_the_executioner.sql`	25	New indexes on populated `platform_integrations` are created without `CONCURRENTLY`, which can block writes during deploy.

Files Reviewed (103 files)

apps/web/src/components/cloud-agent-next/NewSessionPanel.tsx - 1 issue
packages/db/src/migrations/0173_cynical_the_executioner.sql - 1 issue
101 additional changed files - 0 issues

_{Reviewed by gpt-5.4-20260305 · Input: 420.5K · Output: 28.5K · Cached: 2.4M}

_{Review guidance: REVIEW.md from base branch main}

Includes Bitbucket OAuth setup, repository selection support, token-service integration, worker secret handling, and organization Workspace Access Token authorization.

kilo-code-bot · 2026-06-24T21:30:02Z

    const onlyAvailableRepo =
      !isLoadingGitHubRepos &&
      !isLoadingGitLabRepos &&
+      (!organizationId || !isLoadingBitbucketRepos) &&


WARNING: Repository auto-selection can still beat Bitbucket loading

This effect now waits for Bitbucket before using the single-repo fallback, but getPreferredInitialRepo() still only tracks GitHub/GitLab loading. When a saved or recent GitHub/GitLab repo is already in unifiedRepositories, it can be auto-selected before Bitbucket finishes loading and prevent the intended Bitbucket repo from ever being chosen automatically.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

kilo-code-bot · 2026-06-24T21:30:02Z

+import { BitbucketLogo } from '@/components/auth/BitbucketLogo';

-export type RepositoryPlatform = 'github' | 'gitlab';
+export type RepositoryPlatform = 'github' | 'gitlab' | 'bitbucket';


WARNING: Saved Bitbucket repo preference is discarded on reload

Now that RepositoryPlatform includes bitbucket, setLastUsedRepo() can persist platform: "bitbucket" for org sessions, but parseLastUsedRepo() in model-preferences.ts still only accepts GitHub and GitLab. Reloading the panel drops the saved Bitbucket repo, so the new provider never benefits from last-used repo auto-selection.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

kilo-code-bot · 2026-06-24T21:30:02Z

+CREATE UNIQUE INDEX "UQ_platform_oauth_credentials_platform_integration_id" ON "platform_oauth_credentials" USING btree ("platform_integration_id");--> statement-breakpoint
+CREATE INDEX "IDX_platform_oauth_credentials_platform_subject" ON "platform_oauth_credentials" USING btree ("platform","provider_subject_id");--> statement-breakpoint
+CREATE INDEX "IDX_platform_oauth_credentials_authorized_by_user_id" ON "platform_oauth_credentials" USING btree ("authorized_by_user_id");--> statement-breakpoint
+CREATE UNIQUE INDEX "UQ_platform_integrations_user_bitbucket" ON "platform_integrations" USING btree ("owned_by_user_id","platform") WHERE "platform_integrations"."platform" = 'bitbucket' AND "platform_integrations"."owned_by_user_id" IS NOT NULL;--> statement-breakpoint


WARNING: Non-concurrent unique indexes can block writes on deploy

platform_integrations is an existing populated table, so these CREATE UNIQUE INDEX statements will take write-blocking locks while the migration runs. In production that can stall integration updates and other writes; this needs a concurrent rollout strategy instead of plain index creation.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

eshurakov changed the title ~~feat(bitbucket): add Cloud Agent integration~~ Bitbucket - Add Bitbucket Integration Jun 23, 2026

kilo-code-bot Bot reviewed Jun 23, 2026

View reviewed changes

eshurakov force-pushed the earthy-giant branch from eb72ecd to d876fd8 Compare June 24, 2026 15:37

feat(bitbucket): add Cloud Agent and WAT integrations

233d14f

Includes Bitbucket OAuth setup, repository selection support, token-service integration, worker secret handling, and organization Workspace Access Token authorization.

eshurakov force-pushed the earthy-giant branch from d876fd8 to 233d14f Compare June 24, 2026 21:22

kilo-code-bot Bot reviewed Jun 24, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bitbucket - Add Bitbucket Integration#4218

Bitbucket - Add Bitbucket Integration#4218
eshurakov wants to merge 1 commit into
mainfrom
earthy-giant

eshurakov commented Jun 23, 2026 •

edited

Loading

Uh oh!

kilo-code-bot Bot Jun 23, 2026

Uh oh!

kilo-code-bot Bot Jun 23, 2026

Uh oh!

kilo-code-bot Bot commented Jun 23, 2026 •

edited

Loading

WARNING

Previous review (commit `d876fd8`)

Overview

WARNING

Previous review (commit `eb72ecd`)

Previous review (commit `95af145`)

Overview

WARNING

Uh oh!

kilo-code-bot Bot Jun 24, 2026

Uh oh!

kilo-code-bot Bot Jun 24, 2026

Uh oh!

kilo-code-bot Bot Jun 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

eshurakov commented Jun 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Verification

Uh oh!

kilo-code-bot Bot Jun 23, 2026

Choose a reason for hiding this comment

Uh oh!

kilo-code-bot Bot Jun 23, 2026

Choose a reason for hiding this comment

Uh oh!

kilo-code-bot Bot commented Jun 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Code Review Summary

Overview

WARNING

Previous review (commit d876fd8)

Overview

WARNING

Previous review (commit eb72ecd)

Previous review (commit 95af145)

Overview

WARNING

Uh oh!

kilo-code-bot Bot Jun 24, 2026

Choose a reason for hiding this comment

Uh oh!

kilo-code-bot Bot Jun 24, 2026

Choose a reason for hiding this comment

Uh oh!

kilo-code-bot Bot Jun 24, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

eshurakov commented Jun 23, 2026 •

edited

Loading

kilo-code-bot Bot commented Jun 23, 2026 •

edited

Loading

Previous review (commit `d876fd8`)

Previous review (commit `eb72ecd`)

Previous review (commit `95af145`)