Skip to content

feat(bitbucket): add Code Reviewer support#4291

Merged
eshurakov merged 6 commits into
mainfrom
faceted-plank
Jul 1, 2026
Merged

feat(bitbucket): add Code Reviewer support#4291
eshurakov merged 6 commits into
mainfrom
faceted-plank

Conversation

@eshurakov

Copy link
Copy Markdown
Contributor

Summary

  • Adds Bitbucket Code Reviewer support across web, worker, git-token-service, code-review infra, and wrapper CLI.
  • Installs workspace webhooks using supported Bitbucket pull request events, verifies signed delivery, queues reviews, and publishes inline Code Review Findings through batch comments.
  • Cleans up Bitbucket Code Reviewer state, queued/running reviews, and workspace webhooks when Code Reviewer is disabled or a Workspace Access Token is disconnected.

Verification

N/A

Visual Changes

N/A

Reviewer Notes

Review focus: Bitbucket webhook lifecycle, command guard allowlist, and integration disconnect cleanup.

Comment thread services/cloud-agent-next/src/session-service.ts Fixed
Comment thread packages/db/src/migrations/0174_absent_rumiko_fujikawa.sql Outdated
Comment thread services/git-token-service/wrangler.jsonc
@kilo-code-bot

kilo-code-bot Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Executive Summary

The incremental change only adjusts a test fixture's trial_ends_at date to avoid flakiness from comparing against the current date; no new issues found.

Files Reviewed (1 file)
  • apps/web/src/routers/kiloclaw-router.test.ts
Previous Review Summaries (21 snapshots, latest commit 5014845)

Current summary above is authoritative. Previous snapshots are kept for context only.

Previous review (commit 5014845)

Status: No Issues Found | Recommendation: Merge

Executive Summary

The incremental change adds the previously-missing platformIntegrationId to the Bitbucket ReviewScope used for lookup/cancellation, correctly closing the cross-instance scoping gap; no new issues found.

Files Reviewed (2 files)
  • apps/web/src/app/api/webhooks/bitbucket/[integrationId]/route.ts
  • apps/web/src/lib/integrations/platforms/bitbucket/manual-code-review-trigger.ts

Previous review (commit 97b1b7b)

Status: No Issues Found | Recommendation: Merge

Files Reviewed (2 files)
  • apps/web/src/lib/code-reviews/db/code-reviews.test.ts
  • apps/web/src/lib/code-reviews/db/code-reviews.ts

Previous review (commit 521fef5)

Status: 1 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
apps/web/src/lib/code-reviews/db/code-reviews.test.ts 918 The updated supersession test now expects cross-integration cancellation, so it hides that cancelSupersededReviewsForPR() still ignores platformIntegrationId and can cancel another integration's review stream.
Files Reviewed (4 files)
  • apps/web/src/lib/code-reviews/db/code-reviews.test.ts - 1 issue
  • apps/web/src/lib/code-reviews/triggers/prepare-review-payload.test.ts
  • apps/web/src/lib/integrations/platforms/github/webhook-handlers/pull-request-handler.test.ts
  • apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.test.ts

Fix these issues in Kilo Cloud

Previous review (commit 9fc4df2)

Status: 1 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
apps/web/src/app/api/webhooks/bitbucket/[integrationId]/route.ts 430 Bitbucket webhook dedupe still keys review scope on selectedRepository.fullName, so a repository rename or transfer can stop matching the earlier review for the same repository UUID and PR.
Files Reviewed (121 files)
  • apps/web/src/app/api/webhooks/bitbucket/[integrationId]/route.ts - 1 issue
  • Remaining 120 changed files reviewed with no additional high-confidence findings

Fix these issues in Kilo Cloud

Previous review (commit 482376c)

Status: 1 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
apps/web/src/app/api/webhooks/bitbucket/[integrationId]/route.ts 430 Bitbucket webhook dedupe still keys review scope on selectedRepository.fullName, so a repository rename or transfer can stop matching the earlier review for the same repository UUID and PR.
Files Reviewed (121 files)
  • apps/web/src/app/api/webhooks/bitbucket/[integrationId]/route.ts - 1 issue
  • Remaining 120 changed files reviewed with no additional high-confidence findings

Fix these issues in Kilo Cloud

Previous review (commit 0453a5c)

Status: 1 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
services/cloud-agent-next/src/services/git-token-service-client.ts 226 getBitbucketToken() is still called without expectedIntegrationId, so Bitbucket code-review sessions can bind to the wrong integration when an org has multiple matching workspace tokens.
Files Reviewed (121 files)
  • services/cloud-agent-next/src/services/git-token-service-client.ts - 1 issue
  • Remaining 120 changed files reviewed with no additional high-confidence findings

Fix these issues in Kilo Cloud

Previous review (commit 5454917)

Status: 1 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
services/cloud-agent-next/src/services/git-token-service-client.ts 226 getBitbucketToken() is still called without expectedIntegrationId, so Bitbucket code-review sessions can bind to the wrong integration when an org has multiple matching workspace tokens.
Files Reviewed (121 files)
  • services/cloud-agent-next/src/services/git-token-service-client.ts - 1 issue
  • Remaining 120 changed files reviewed with no additional high-confidence findings

Fix these issues in Kilo Cloud

Previous review (commit ab11862)

Status: No Issues Found | Recommendation: Merge

Files Reviewed (2 files)
  • apps/web/src/lib/code-reviews/db/code-reviews.test.ts
  • apps/web/src/lib/code-reviews/db/code-reviews.ts

Previous review (commit 7714a46)

Status: 3 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 3
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
apps/web/src/lib/code-reviews/db/code-reviews.ts 1406 The new owner/platform-scoped conflict lookup can now throw Code review conflict winner not found when an existing row already owns the same repo_full_name/PR/SHA tuple.
apps/web/src/app/api/webhooks/bitbucket/[integrationId]/route.ts 430 Bitbucket review dedupe now keys on selectedRepository.fullName, so a repo rename or transfer can stop matching the existing review for the same repository UUID and PR.
apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.ts 169 GitLab review scope now keys only on project.path_with_namespace, so two connected GitLab instances with the same path can dedupe, cancel, or continue the wrong MR review.

Fix these issues in Kilo Cloud

Files Reviewed (22 files)
  • apps/web/src/lib/code-reviews/db/code-reviews.ts - 1 issue
  • apps/web/src/app/api/webhooks/bitbucket/[integrationId]/route.ts - 1 issue
  • apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.ts - 1 issue
  • Remaining 19 changed files reviewed with no additional high-confidence findings

Previous review (commit 6f231ec)

Status: No Issues Found | Recommendation: Merge

Files Reviewed (2 files)
  • dev/local/cli.ts
  • services/cloud-agent-next/src/session-service.ts

Previous review (commit 503811b)

Status: No Issues Found | Recommendation: Merge

Files Reviewed (7 files)
  • apps/web/src/lib/code-reviews/db/code-reviews.test.ts
  • apps/web/src/lib/code-reviews/db/code-reviews.ts
  • apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.test.ts
  • apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.ts
  • services/cloud-agent-next/src/router/schemas.test.ts
  • services/cloud-agent-next/src/session-service.ts
  • services/cloud-agent-next/src/types.ts

Previous review (commit d2a203f)

Status: No Issues Found | Recommendation: Merge

Files Reviewed (1 files)
  • services/git-token-service/worker-configuration.d.ts

Previous review (commit 58becd7)

Status: 2 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 2
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.ts 515 Selecting the oldest active row can cancel the actual running review while keeping a stale pending/queued duplicate.
apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.ts 523 Duplicate fallback reviews are cancelled before the survivor is safely migrated, so a later migration failure can leave the new head with no live review.

Fix these issues in Kilo Cloud

Files Reviewed (4 files)
  • apps/web/src/lib/code-reviews/db/code-reviews.test.ts - 0 issues
  • apps/web/src/lib/code-reviews/db/code-reviews.ts - 0 issues
  • apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.test.ts - 0 issues
  • apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.ts - 2 issues

Previous review (commit 0ea0dfd)

Status: 1 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.ts 498 Migrating multiple active reviews to the same new head can trip the repo-scoped uniqueness key, leaving later reviews pinned to the old SHA.

Fix these issues in Kilo Cloud

Files Reviewed (2 files)
  • apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.test.ts - 0 issues
  • apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.ts - 1 issue

Previous review (commit 1de3291)

Status: 1 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.ts 164 Repo-scoped GitLab review matching can return multiple active reviews across integrations, but merge-commit continuation still repoints only the first one to the new SHA.

Fix these issues in Kilo Cloud

Files Reviewed (7 files)
  • apps/web/src/lib/code-reviews/db/code-reviews.test.ts - 0 issues
  • apps/web/src/lib/code-reviews/triggers/prepare-review-payload.test.ts - 0 issues
  • apps/web/src/lib/integrations/platforms/gitlab/instance-url.test.ts - 0 issues
  • apps/web/src/lib/integrations/platforms/gitlab/instance-url.ts - 0 issues
  • apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.test.ts - 0 issues
  • apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.ts - 1 issue
  • packages/db/src/migrations/0174_wonderful_shooting_star.sql - 0 issues

Previous review (commit 4cc5450)

Status: 2 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 2
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
apps/web/src/lib/code-reviews/db/code-reviews.ts 98 Dropping platform_integration_id from review scope makes GitLab reviews collide across different GitLab instances that share the same numeric project ID.
packages/db/src/schema.ts 4144 The new unique index omits GitLab instance scoping, so distinct reviews from separate GitLab integrations can conflict on the same project/PR/SHA tuple.

Fix these issues in Kilo Cloud

Files Reviewed (15 files)
  • apps/web/src/app/api/webhooks/bitbucket/[integrationId]/route.ts - 0 issues
  • apps/web/src/lib/code-reviews/db/code-reviews.test.ts - 0 issues
  • apps/web/src/lib/code-reviews/db/code-reviews.ts - 1 issue
  • apps/web/src/lib/code-reviews/dispatch/dispatch-pending-reviews.test.ts - 0 issues
  • apps/web/src/lib/code-reviews/triggers/prepare-review-payload.test.ts - 0 issues
  • apps/web/src/lib/code-reviews/triggers/prepare-review-payload.ts - 0 issues
  • apps/web/src/lib/integrations/platforms/bitbucket/manual-code-review-trigger.ts - 0 issues
  • apps/web/src/lib/integrations/platforms/github/webhook-handlers/pull-request-handler.test.ts - 0 issues
  • apps/web/src/lib/integrations/platforms/github/webhook-handlers/pull-request-handler.ts - 0 issues
  • apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.test.ts - 0 issues
  • apps/web/src/lib/integrations/platforms/gitlab/webhook-handlers/merge-request-handler.ts - 0 issues
  • packages/db/src/migrations/0174_wonderful_shooting_star.sql - 0 issues
  • packages/db/src/migrations/meta/0174_snapshot.json - 0 issues
  • packages/db/src/migrations/meta/_journal.json - 0 issues
  • packages/db/src/schema.ts - 1 issue

Previous review (commit b944a7b)

Status: 1 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
services/cloud-agent-next/src/types.ts 52 parseCanonicalBitbucketCloneUrl() now accepts ssh:// URLs, which broadens Bitbucket code-review admission past the repo's canonical HTTPS clone-url contract.

Fix these issues in Kilo Cloud

Files Reviewed (3 files)
  • services/cloud-agent-next/src/session-service.test.ts - 0 issues
  • services/cloud-agent-next/src/session-service.ts - 0 issues
  • services/cloud-agent-next/src/types.ts - 1 issue

Previous review (commit a01f56b)

Status: 2 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 2
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
packages/db/src/migrations/0174_absent_rumiko_fujikawa.sql 13 The new unique indexes are still created without CONCURRENTLY, so this migration can block writes on the populated cloud_agent_code_reviews table during deploy.
services/cloud-agent-next/src/session-service.ts 1107 The SSH fallback only covers scp-style git@host:path clone URLs; valid ssh://git@... GitLab and Bitbucket URLs still return undefined, so those legacy sessions keep missing the provider env vars they rely on.

Fix these issues in Kilo Cloud

Files Reviewed (3 files)
  • packages/db/src/migrations/0174_absent_rumiko_fujikawa.sql - 1 issue
  • services/cloud-agent-next/src/session-service.ts - 1 issue
  • services/cloud-agent-next/src/session-service.test.ts - 0 issues

Previous review (commit a3e5861)

Status: 2 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 2
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
packages/db/src/migrations/0174_absent_rumiko_fujikawa.sql 13 The new unique indexes are still created without CONCURRENTLY, so this migration can block writes on the populated cloud_agent_code_reviews table during deploy.
services/cloud-agent-next/src/session-service.ts 1107 Restricting fallback inference to https: URLs drops legacy SSH GitLab and Bitbucket clone URLs, so platform-less sessions stop receiving the provider env vars they still rely on.

Fix these issues in Kilo Cloud

Files Reviewed (4 files)
  • packages/db/src/migrations/0174_absent_rumiko_fujikawa.sql - 1 issue
  • services/cloud-agent-next/src/session-service.ts - 1 issue
  • services/cloud-agent-next/src/session-service.test.ts - 0 issues
  • services/git-token-service/wrangler.jsonc - 0 issues

Previous review (commit f642092)

Status: No Issues Found | Recommendation: Merge

Files Reviewed (1 files)
  • apps/web/src/lib/cloud-agent/bitbucket-integration-helpers.ts

Previous review (commit 15e3d51)

Status: 2 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 2
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
packages/db/src/migrations/0174_absent_rumiko_fujikawa.sql 4 Replacement unique indexes are created before platform_repository_id is backfilled, so duplicate reviews can slip through while the new key column is still NULL.
services/git-token-service/wrangler.jsonc 61 The BITBUCKET_OAUTH_CREDENTIAL_ACTIVE_KEY_ID binding was removed even though runtime decryption still requires it, which leaves Bitbucket review lookups unavailable after deploy.

Fix these issues in Kilo Cloud

Files Reviewed (123 files)
  • packages/db/src/migrations/0174_absent_rumiko_fujikawa.sql - 1 issue
  • services/git-token-service/wrangler.jsonc - 1 issue
  • Remaining 121 changed files reviewed with no additional high-confidence findings

Reviewed by claude-sonnet-5-20260630 · Input: 6.2K · Output: 7.2K · Cached: 1.2M

Review guidance: REVIEW.md from base branch main

Comment thread packages/db/src/migrations/0174_absent_rumiko_fujikawa.sql Outdated
Comment thread services/cloud-agent-next/src/session-service.ts Outdated
Comment thread services/cloud-agent-next/src/types.ts Outdated
Comment thread apps/web/src/lib/code-reviews/db/code-reviews.ts Outdated
Comment thread packages/db/src/schema.ts Outdated
Comment thread apps/web/src/lib/code-reviews/db/code-reviews.ts Outdated
Comment thread apps/web/src/app/api/webhooks/bitbucket/[integrationId]/route.ts
Comment thread services/cloud-agent-next/src/services/git-token-service-client.ts
@eshurakov eshurakov force-pushed the faceted-plank branch 2 times, most recently from 0453a5c to 482376c Compare June 30, 2026 11:04
Comment thread apps/web/src/lib/code-reviews/db/code-reviews.test.ts

@jeanduplessis jeanduplessis left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed at head 97b1b7b. Solid feature work — webhook signature verification (timing-safe compare, sha256=<64hex> format, key rotation), webhook lifecycle idempotency + advisory locking + in-transaction lifecycle re-validation, the strict CLI command allowlist, and integration-scoped disconnect cleanup all look correct. No blocking issues found.

Leaving two non-blocking suggestions inline (both safe to defer):

  1. Bitbucket reviewScope omits platformIntegrationId (diverges from GitHub/GitLab).
  2. SessionInput wire contract is hand-duplicated across the web↔worker boundary.

Approving. 👍

}

const ownerWithBot = { type: 'org' as const, id: organizationId, userId: codeReviewerBot.id };
const reviewScope = {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion (non-blocking): This reviewScope omits platformIntegrationId, unlike the GitHub (pull-request-handler.ts:157-163) and GitLab (merge-request-handler.ts:166-171) handlers, which both set it.

In reviewScopeConditions / cancelReviewsForPR (code-reviews.ts), an undefined platformIntegrationId drops both the platform_integration_id = … filter and the manual_config IS NULL guard, so findExistingReviewInTransaction / cancelSupersededReviewsForPRInTransaction / cancelActiveReviewsForPRInTransaction match only on org + platform + repo_full_name + pr_number. The row is still inserted with platform_integration_id set, so writes are scoped but matching/cancellation isn't.

Impact is narrow today (needs two active same-workspace Bitbucket integrations in one org to collide, and Bitbucket currently creates no manual_config rows), so this is consistency / defense-in-depth rather than a live bug. Suggest setting platformIntegrationId: integration.id here for symmetry with the other platforms.

Same applies to manual-code-review-trigger.ts:397.

gitToken?: string;
/** Git platform type for correct token/env var handling */
platform?: 'github' | 'gitlab';
platform?: 'github' | 'gitlab' | 'bitbucket';

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion (non-blocking): This SessionInput (producer) is a hand-maintained duplicate of the consumer SessionInput in services/code-review-infra/src/types.ts:13 — nothing ties them at compile time across the HTTP/queue boundary. This PR extends both copies with the same 7 Bitbucket fields consistently, but future edits can drift silently (a rename or optionality change compiles on one side while emitting a payload the other no longer matches).

Consider promoting SessionInput to a single shared package type imported by both sides. This extends a pre-existing pattern, so it's fine to defer.

@eshurakov eshurakov merged commit a5032d9 into main Jul 1, 2026
62 checks passed
@eshurakov eshurakov deleted the faceted-plank branch July 1, 2026 13:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants