Bitbucket

Live

OAUTH 2.0

DEVELOPER TOOLS

Developer Tools

Every repository, pipeline, and pull request your team runs in Bitbucket. Bitbucket MCP gives your agent authenticated access to repos scoped to the user who authorized it.

  • Acts as the user: Access and write actions stay tied to the Bitbucket account that authorized the agent.
  • Credentials stay vaulted: AES-256, resolved at request time, never in LLM context.
  • Scoped before every call: User permissions enforced. 90-day audit trail.
Bitbucket
agent · Acme Q3
Run
What pull requests are open in the platform repo and who is reviewing each?
S
bitbucket_pull_requests_list
73ms
DevOps agent
5 open PRs in platform. #412 (auth refactor, James reviewing 2d), #408 (rate limit, Sarah 1d), #401 (webhook retry, Maria 3d), #398 (logging, David 1d), #395 (config split, Lisa 4d).
Sources: 5 pull requests, platform repo
bitbucketmcp
5 PRs
18:29
Message Claude...

Tools your devops agent reaches for on Bitbucket, scoped per user.

CALL ANY TOOL
List repos, pull requests, pipelines, and issues. Track reviewers and CI status.
bitbucket_branch_create
Create branch
Creates a new branch in a Bitbucket repository from a specified commit hash or branch.
Parameters
Name
Type
Required
Description
name
string
Required
Name for the new branch.
repo_slug
string
Required
The repository slug or UUID.
target_hash
string
Required
The commit hash to create the branch from.
workspace
string
Required
The workspace slug or UUID.
bitbucket_branch_delete
Delete branch
bitbucket_branch_get
Get branch
bitbucket_branch_restriction_create
Create branch restriction
bitbucket_branch_restriction_delete
Delete branch restriction
bitbucket_branch_restriction_get
Get branch restriction
bitbucket_branch_restriction_update
Update branch restriction
bitbucket_branch_restrictions_list
List branch restrictions
bitbucket_branches_list
List branches
bitbucket_branching_model_get
Get branching model
bitbucket_branching_model_settings_get
Get branching model settings
bitbucket_branching_model_settings_update
Update branching model settings
bitbucket_commit_approve
Approve commit
bitbucket_commit_build_status_create
Create commit build status
bitbucket_commit_build_status_get
Get commit build status
bitbucket_commit_build_status_update
Update commit build status
bitbucket_commit_comment_create
Create commit comment
bitbucket_commit_comment_delete
Delete commit comment
bitbucket_commit_comment_get
Get commit comment
bitbucket_commit_comment_update
Update commit comment
bitbucket_commit_comments_list
List commit comments
bitbucket_commit_get
Get commit
bitbucket_commit_statuses_list
List commit statuses
bitbucket_commit_unapprove
Commit Unapprove
bitbucket_commits_list
List commits
bitbucket_component_get
Get component
bitbucket_components_list
List components
bitbucket_default_reviewer_add
Default Reviewer Add
bitbucket_default_reviewer_get
Get default reviewer
bitbucket_default_reviewer_remove
Default Reviewer Remove

For more tools, view docs.

Build your Agent
Drop the toolkit in, point it at the user, and your devops agent can use Bitbucket from the first run.
Python · LlamaIndex
import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
filter: { connectionNames: ["bitbucket"], toolNames: ["bitbucket_repos_list", "bitbucket_pull_requests_list", "bitbucket_pull_request_get"] },
pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
name: t.tool.definition.name,
description: t.tool.definition.description,
schema: z.object({}).passthrough(),
func: async (args) => {
const { data } = await sk.tools.executeTool({
toolName: t.tool.definition.name,
identifier: "user_123",
params: args,
});
return JSON.stringify(data);
},
}));

const agent = createReactAgent({ llm, tools: lcTools });
import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
filter: { connectionNames: ["bitbucket"], toolNames: ["bitbucket_repos_list", "bitbucket_pull_requests_list", "bitbucket_pull_request_get"] },
pageSize: 100,
});

const llmTools = tools.map((t) => ({
type: "function",
function: {
name: t.tool.definition.name,
description: t.tool.definition.description,
parameters: t.tool.definition.input_schema,
},
}));

const resp = await openai.responses.create({
model: "gpt-4o", input: prompt, tools: llmTools,
});
import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
filter: { connectionNames: ["bitbucket"], toolNames: ["bitbucket_repos_list", "bitbucket_pull_requests_list", "bitbucket_pull_request_get"] },
pageSize: 100,
});

const llmTools = tools.map((t) => ({
name: t.tool.definition.name,
description: t.tool.definition.description,
input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
model: "claude-sonnet-4-6", max_tokens: 1024,
tools: llmTools,
messages: [{ role: "user", content: prompt }],
});
import { Agent } from "@google/adk/agents";
import {
MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
connectionParams: new StreamableHTTPConnectionParams({
url: "https://mcp.scalekit.com/bitbucket",
headers: { Authorization: `Bearer ${userScopedToken}` },
}),
});

const agent = new Agent({
name: "agent", model: "gemini-2.0-flash",
tools: await toolset.getTools(),
});
Try these prompts
Paste any prompt into your agent to start using Bitbucket.
Search & recall
Copy the prompt
Copied
List all open PRs in [repo].
Copy the prompt
Copied
Show me failed pipelines in the last 24 hours.
Copy the prompt
Copied
Which PRs are assigned to me?
Copy the prompt
Copied
Get the status of pipeline [pipeline_id].
Action & reviews
Copy the prompt
Copied
Approve PR #[id] in [repo].
Copy the prompt
Copied
Comment on PR #[id]: [text].
Copy the prompt
Copied
Trigger a pipeline on [branch].
Copy the prompt
Copied
Create an issue in [repo]: [title].
CI & releases
Copy the prompt
Copied
Which builds are running right now?
Copy the prompt
Copied
List all merged PRs this week.
Copy the prompt
Copied
Get the latest pipeline status on main.
Copy the prompt
Copied
Compare CI run times by stage in [repo].
SEE HOW AUTH WORKS
Users authorize Bitbucket once. Their credentials stay vaulted, every call is checked, and every action is logged.
1
Authorize
Your user connects
Bitbucket
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
Bitbucket
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
Bitbucket
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
Bitbucket
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
Same per-user auth pattern across other devops agents and MCP connectors. Working code, live demos, fork what fits.
ENGINEERING
Auto-release notes agent
Group merged GitHub PRs by feature, fix, or chore and publish release notes per tag. No manual changelog grooming.
ENGINEERING
DevOps assistant agent
Triage GitHub incidents, open Linear tickets, and notify the on-call channel in Slack with context already attached.
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought. Scalekit starts with user identity, scope enforcement, and audit.
01.
PR reviews attributed to a bot account
A shared Bitbucket token looks fine in a demo. In production, every PR comment, pipeline trigger, and repo write logs as the integration. Workspace attribution breaks. Reviewer identity breaks. Scalekit resolves the actual developer's token so every Bitbucket action is attributed correctly.
// shared token
audit → bot_service_account
user_filter → broken

// scalekit
audit → user_abc
scope → enforced ✓
02.
Authentication is not authorization
03.
Multi-tenancy is architectural
04.
Bitbucket today. GitHub, GitLab, Linear tomorrow.
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
FAQs
Frequently Asked Questions
Does the agent access Bitbucket as the user or as a shared key?
As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.
Where is the Bitbucket oauth 2.0 stored?
In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.
Can I limit what the agent is allowed to do in Bitbucket?
Yes. Pass a tool name filter to listScopedTools so the DevOps agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Bitbucket.
What happens when a user revokes Bitbucket access?
The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.
Does the agent respect Bitbucket workspace and repo roles?
Yes. Every call runs as the authorizing user with their Bitbucket role. Workspace admin, repo write, and read scopes all apply. Private repos and pipelines remain inaccessible without explicit grants.
Start in your coding agent
Up and running in one command
Install the Scalekit skill in your editor of choice. Connector, auth, tools, prompt, all wired up
Claude Code REPL
/plugin marketplace add scalekit-inc/claude-code-authstack
/plugin install agentkit@scalekit-auth-stack
Cursor Code REPL
# ~/.cursor/mcp.json
{
""mcpServers"": {
""bitbucket"": {
""url"": ""https://mcp.scalekit.com/bitbucket"",
""headers"": { ""Authorization"": ""Bearer $SCALEKIT_TOKEN"" }
}
}
}
Codex Code REPL
# ~/.codex/config.toml
[mcp_servers.bitbucket]
url = ""https://mcp.scalekit.com/bitbucket""
auth_env = ""SCALEKIT_TOKEN""
Copilot Code REPL
# .vscode/mcp.json
{
""servers"": {
""bitbucket"": {
""url"": ""https://mcp.scalekit.com/bitbucket"",
""type"": ""http""
}
}
}