Bitbucket MCP
Provides tools for interacting with Bitbucket Cloud, focusing on pull request review workflows including listing repositories, pull requests, diffs, comments, commits, exploring file trees, and performing actions like commenting, approving, or requesting changes on pull requests.
bitbucket-mcp
English · Português (BR)
MCP server for Bitbucket Cloud, focused on the first pass of pull-request review. stdio transport, for use with Claude Code or Claude Desktop.
Why an API token (and not an app password)
Bitbucket Cloud app passwords have been in brownout since 2026-06-09 and are removed on 2026-07-28. This server uses an API token, and the HTTP Basic pair is email:token — the Bitbucket REST API requires the Atlassian account email, not the username. Using the username results in a silent 401.
Related MCP server: Bitbucket MCP Server
1. Create the API token
Bitbucket top bar → Settings → Atlassian account settings → Security.
Create and manage API tokens → Create API token with scopes.
Name it, set an expiry, and select Bitbucket as the app.
Minimum scopes for PR review:
read:repository:bitbucket(read repositories, diffs, files)read:pullrequest:bitbucket(read PRs and comments)write:pullrequest:bitbucket(comment, approve, request changes)
Copy the token (shown only once).
2. Install and build
npm install
npm run buildThis generates dist/index.js (the server binary).
3. Configure in Claude Code
Add this to the project's .mcp.json (or to your global Claude Code config):
{
"mcpServers": {
"bitbucket": {
"command": "node",
"args": ["/absolute/path/to/bitbucket-mcp/dist/index.js"],
"env": {
"BITBUCKET_EMAIL": "your-email@domain.com",
"BITBUCKET_API_TOKEN": "your_api_token",
"BITBUCKET_WORKSPACE": "your_workspace"
}
}
}
}Alternative, via the CLI:
claude mcp add bitbucket \
-e BITBUCKET_EMAIL=your-email@domain.com \
-e BITBUCKET_API_TOKEN=your_api_token \
-e BITBUCKET_WORKSPACE=your_workspace \
-- node /absolute/path/to/bitbucket-mcp/dist/index.jsBITBUCKET_WORKSPACE is optional; if omitted, each tool must be given workspace explicitly.
Tools
Read (no side effects):
Tool | Purpose |
| Repositories in the workspace |
| PRs by state (OPEN/MERGED/DECLINED/SUPERSEDED) |
| PR metadata (description, branches, reviewers, approvals) |
| Unified diff — the basis for the review |
| Existing comments (general and inline) |
| PR commits |
| Lists the repo file tree at a commit/branch (explore the project) |
| Contents of a file (default branch if |
Write (mutate state in Bitbucket):
Tool | Purpose |
| Comment on the PR; |
| Approve the PR |
| Mark "request changes" |
Security note
The token grants read/write access to the workspace's PRs. Treat it as a secret: keep it in an environment variable / secret manager, and never commit it. For a first-pass subagent that only suggests review without mutating anything, use a read-only scoped token — that way approve/comment fail on permission rather than relying on prompt discipline.
License
MIT © José Danilo
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/daniloneto/bitbucket-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server