Skip to content

feat(bitbucket): add read-only branch restrictions fetch#857

Open
KatalKavya96 wants to merge 3 commits into
apache:mainfrom
KatalKavya96:feat-bitbucket-repo-restrictions
Open

feat(bitbucket): add read-only branch restrictions fetch#857
KatalKavya96 wants to merge 3 commits into
apache:mainfrom
KatalKavya96:feat-bitbucket-repo-restrictions

Conversation

@KatalKavya96

Copy link
Copy Markdown
Contributor

Summary

  • Adds magpie-bitbucket repo restrictions as a read-only Bitbucket repository branch restriction / branch permission context command.
  • Fetches Bitbucket Cloud branch restrictions and Bitbucket Data Center branch permissions through read-only endpoints, including pagination.
  • Normalizes branch restriction policy context into stable fields while keeping the adapter partial read-only and avoiding any repository permission or branch-rule mutation path.

Type of change

  • Skill change (.claude/skills/<name>/) — eval fixtures updated below
  • Tool / bridge contract (tools/<system>/*.md)
  • Python package (tools/*/ with pyproject.toml)
  • Groovy reference impl
  • Cross-cutting (RFC, AGENTS.md, sandbox, privacy-LLM)
  • Documentation (docs/, README.md, CONTRIBUTING.md)
  • Project template (projects/_template/)
  • CI / dev loop (prek, workflows, validators`)
  • Other:

Test plan

  • prek run --all-files passes
  • For Python packages touched: PYTHONPATH=src uv run --group dev pytest tests/test_bitbucket.py -q
  • For Python packages touched: PYTHONPATH=src uv run --group dev pytest tests/test_bitbucket.py -q -k "restrictions"
  • For Python packages touched: uv run --group dev ruff check src tests --fix
  • For Python packages touched: uv run --group dev ruff format src tests
  • For Python packages touched: uv run --group dev mypy src tests
  • For Groovy bridges touched: command-line invocation tested end-to-end
  • For skill changes: eval suite passes for the affected skill
    (PYTHONPATH=tools/skill-evals/src python3 -m skill_evals.runner tools/skill-evals/evals/<skill>/)
  • For skill behaviour changes: a new or updated eval fixture is included in this PR
    (a regression test for the bug fixed / the behaviour added — see CONTRIBUTING.md)
  • Other:

RFC-AI-0004 compliance

  • HITL — no mutation behaviour is added; the new command is read-only
  • Sandbox — no new unrestricted host access; Bitbucket network reach remains declared in the adapter
  • Vendor neutrality — extends the existing Bitbucket contract:change-request / Coverage: partial-read-only adapter without introducing a complete Bitbucket-specific source-control contract
  • Conversational + correctable — agentic-override path remains documented for adopter-tunable behaviour
  • Write-access discipline — this PR only reads branch restriction / branch permission context and does not create, update, delete, or bypass repository rules
  • Privacy LLM — fetched branch restriction policy, users/groups/access keys where exposed, and raw Bitbucket payloads remain external data and are emitted as read-only bridge output for the caller to handle under existing privacy/approved-LLM rules

Linked issues

Refs #606

Notes for reviewers

This follows the recently merged Bitbucket read-only PR review-state and merge-check context commands and targets the next repository-context gap from the partial read-only roadmap.

The new command is:

magpie-bitbucket repo restrictions

It fetches repository-level branch restriction / branch permission context:

  • Bitbucket Cloud: repository branch restrictions with pagination
  • Bitbucket Data Center: repository branch permissions search with pagination

The normalized output includes restriction kind/type, branch matcher or pattern context, users, groups, access keys where exposed, permission-required metadata for Data Center, and raw backend payloads.

This is intentionally partial and read-only. Bitbucket Data Center branch permission search may require REPO_ADMIN, so the README documents that the command is permission-dependent. This PR does not mutate branch restrictions, repository permissions, access rules, pull requests, builds, issues, or repository content.

@KatalKavya96

Copy link
Copy Markdown
Contributor Author

Hi @potiuk, I opened the next Bitbucket follow-up for #606.

This PR adds:

magpie-bitbucket repo restrictions

It fetches read-only repository branch restriction / branch permission context for Bitbucket Cloud and Data Center, including pagination, and normalizes restriction kind/type, branch pattern/matcher, users, groups, access keys where exposed, and raw payloads.

This remains partial read-only. Data Center may require REPO_ADMIN, and the command does not mutate branch rules, repository permissions, PRs, builds, issues, or repository content.

prek run --all-files and targeted Bitbucket pytest/ruff/mypy checks are passing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant