feat(bitbucket): add Code Reviewer support#4291
Conversation
Code Review SummaryStatus: No Issues Found | Recommendation: Merge Executive SummaryThe incremental change only adjusts a test fixture's Files Reviewed (1 file)
Previous Review Summaries (21 snapshots, latest commit 5014845)Current summary above is authoritative. Previous snapshots are kept for context only. Previous review (commit 5014845)Status: No Issues Found | Recommendation: Merge Executive SummaryThe incremental change adds the previously-missing Files Reviewed (2 files)
Previous review (commit 97b1b7b)Status: No Issues Found | Recommendation: Merge Files Reviewed (2 files)
Previous review (commit 521fef5)Status: 1 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Files Reviewed (4 files)
Fix these issues in Kilo Cloud Previous review (commit 9fc4df2)Status: 1 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Files Reviewed (121 files)
Fix these issues in Kilo Cloud Previous review (commit 482376c)Status: 1 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Files Reviewed (121 files)
Fix these issues in Kilo Cloud Previous review (commit 0453a5c)Status: 1 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Files Reviewed (121 files)
Fix these issues in Kilo Cloud Previous review (commit 5454917)Status: 1 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Files Reviewed (121 files)
Fix these issues in Kilo Cloud Previous review (commit ab11862)Status: No Issues Found | Recommendation: Merge Files Reviewed (2 files)
Previous review (commit 7714a46)Status: 3 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Fix these issues in Kilo Cloud Files Reviewed (22 files)
Previous review (commit 6f231ec)Status: No Issues Found | Recommendation: Merge Files Reviewed (2 files)
Previous review (commit 503811b)Status: No Issues Found | Recommendation: Merge Files Reviewed (7 files)
Previous review (commit d2a203f)Status: No Issues Found | Recommendation: Merge Files Reviewed (1 files)
Previous review (commit 58becd7)Status: 2 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Fix these issues in Kilo Cloud Files Reviewed (4 files)
Previous review (commit 0ea0dfd)Status: 1 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Fix these issues in Kilo Cloud Files Reviewed (2 files)
Previous review (commit 1de3291)Status: 1 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Fix these issues in Kilo Cloud Files Reviewed (7 files)
Previous review (commit 4cc5450)Status: 2 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Fix these issues in Kilo Cloud Files Reviewed (15 files)
Previous review (commit b944a7b)Status: 1 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Fix these issues in Kilo Cloud Files Reviewed (3 files)
Previous review (commit a01f56b)Status: 2 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Fix these issues in Kilo Cloud Files Reviewed (3 files)
Previous review (commit a3e5861)Status: 2 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Fix these issues in Kilo Cloud Files Reviewed (4 files)
Previous review (commit f642092)Status: No Issues Found | Recommendation: Merge Files Reviewed (1 files)
Previous review (commit 15e3d51)Status: 2 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Fix these issues in Kilo Cloud Files Reviewed (123 files)
Reviewed by claude-sonnet-5-20260630 · Input: 6.2K · Output: 7.2K · Cached: 1.2M Review guidance: REVIEW.md from base branch |
0453a5c to
482376c
Compare
jeanduplessis
left a comment
There was a problem hiding this comment.
Reviewed at head 97b1b7b. Solid feature work — webhook signature verification (timing-safe compare, sha256=<64hex> format, key rotation), webhook lifecycle idempotency + advisory locking + in-transaction lifecycle re-validation, the strict CLI command allowlist, and integration-scoped disconnect cleanup all look correct. No blocking issues found.
Leaving two non-blocking suggestions inline (both safe to defer):
- Bitbucket
reviewScopeomitsplatformIntegrationId(diverges from GitHub/GitLab). SessionInputwire contract is hand-duplicated across the web↔worker boundary.
Approving. 👍
| } | ||
|
|
||
| const ownerWithBot = { type: 'org' as const, id: organizationId, userId: codeReviewerBot.id }; | ||
| const reviewScope = { |
There was a problem hiding this comment.
Suggestion (non-blocking): This reviewScope omits platformIntegrationId, unlike the GitHub (pull-request-handler.ts:157-163) and GitLab (merge-request-handler.ts:166-171) handlers, which both set it.
In reviewScopeConditions / cancelReviewsForPR (code-reviews.ts), an undefined platformIntegrationId drops both the platform_integration_id = … filter and the manual_config IS NULL guard, so findExistingReviewInTransaction / cancelSupersededReviewsForPRInTransaction / cancelActiveReviewsForPRInTransaction match only on org + platform + repo_full_name + pr_number. The row is still inserted with platform_integration_id set, so writes are scoped but matching/cancellation isn't.
Impact is narrow today (needs two active same-workspace Bitbucket integrations in one org to collide, and Bitbucket currently creates no manual_config rows), so this is consistency / defense-in-depth rather than a live bug. Suggest setting platformIntegrationId: integration.id here for symmetry with the other platforms.
Same applies to manual-code-review-trigger.ts:397.
| gitToken?: string; | ||
| /** Git platform type for correct token/env var handling */ | ||
| platform?: 'github' | 'gitlab'; | ||
| platform?: 'github' | 'gitlab' | 'bitbucket'; |
There was a problem hiding this comment.
Suggestion (non-blocking): This SessionInput (producer) is a hand-maintained duplicate of the consumer SessionInput in services/code-review-infra/src/types.ts:13 — nothing ties them at compile time across the HTTP/queue boundary. This PR extends both copies with the same 7 Bitbucket fields consistently, but future edits can drift silently (a rename or optionality change compiles on one side while emitting a payload the other no longer matches).
Consider promoting SessionInput to a single shared package type imported by both sides. This extends a pre-existing pattern, so it's fine to defer.
Summary
Verification
N/A
Visual Changes
N/A
Reviewer Notes
Review focus: Bitbucket webhook lifecycle, command guard allowlist, and integration disconnect cleanup.