npm - @aholbreich/agent-skills - Versions diffs - 0.8.0 → 0.9.0 - Mend

@aholbreich/agent-skills 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/CHANGELOG.md +6 -0
package/README.md +14 -2
package/SECURITY.md +4 -4
package/package.json +4 -3
package/skills/bitbucket-browser-fetch/SKILL.md +66 -0
package/skills/bitbucket-browser-fetch/references/distribution.md +25 -0
package/skills/bitbucket-browser-fetch/references/usage.md +84 -0
package/skills/bitbucket-browser-fetch/scripts/bitbucket-browser-fetch.js +344 -0
package/skills/bitbucket-browser-fetch/scripts/lib.js +113 -0

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,11 @@
 # Changelog
+## Unreleased
+Added:
+- New `bitbucket-browser-fetch` skill for browser-authenticated Bitbucket Cloud project repository inventory, SSH/HTTPS clone URL lists, Markdown summaries, and safe clone helper scripts.
 ## 0.8.0 - 2026-05-07
 Added:

package/README.md CHANGED Viewed

@@ -2,7 +2,7 @@
 Handcrafted [Agent Skills](https://agentskills.io/) for developer and LLM-wiki workflows. The package is intentionally a pure skills package with broad compatibility across Pi, Claude Code, Codex, OpenClaw/generic `.agents` setups, and other Agent Skills-compatible harnesses.
-This repository is a pure skills package. It currently contains browser-authenticated Atlassian fetch/update tools that work well when Jira/Confluence API-token authentication is unavailable because an organization uses Microsoft/SSO.
+This repository is a pure skills package. It currently contains browser-authenticated Atlassian fetch/update tools that work well when Jira/Confluence/Bitbucket API-token authentication is unavailable because an organization uses Microsoft/SSO.
 ## Skills
@@ -11,6 +11,7 @@ This repository is a pure skills package. It currently contains browser-authenti
 | [`jira-browser-fetch`](skills/jira-browser-fetch/) | Fetch Jira issue JSON, rendered HTML/XML, linked/referenced issues, Jira Software board backlogs, JQL result sets, and attachments through an authenticated Chrome session. |
 | [`confluence-browser-fetch`](skills/confluence-browser-fetch/) | Fetch Confluence page JSON, storage/view HTML, browser HTML, descendants, CQL result sets, and attachments through an authenticated Chrome session. |
 | [`confluence-update`](skills/confluence-update/) | Dry-run-first Confluence page updates, agent-owned block replacement, Markdown-to-storage conversion, and page creation through an authenticated browser session. |
+| [`bitbucket-browser-fetch`](skills/bitbucket-browser-fetch/) | Fetch Bitbucket Cloud project repository inventories and clone URL lists through an authenticated browser session. |
 ## Compatibility
@@ -177,6 +178,7 @@ agent-skills
 jira-browser-fetch
 confluence-browser-fetch
 confluence-update
+bitbucket-browser-fetch
 ```
 ## Reuse one Atlassian browser login
@@ -188,7 +190,17 @@ export ATLASSIAN_CHROME_PROFILE="$HOME/.local/share/atlassian-browser-fetch-chro
 export ATLASSIAN_CHROME_DEBUG_PORT=9223
 ```
-Skill-specific variables such as `JIRA_CHROME_PROFILE` or `CONFLUENCE_CHROME_PROFILE` still override the shared profile when needed.
+Skill-specific variables such as `JIRA_CHROME_PROFILE`, `CONFLUENCE_CHROME_PROFILE`, or `BITBUCKET_CHROME_PROFILE` still override the shared profile when needed.
+## Bitbucket examples
+Fetch all repositories in a Bitbucket project and write SSH clone URL lists:
+```bash
+bitbucket-browser-fetch \
+  'https://bitbucket.org/myneva/workspace/projects/SWI' \
+  --raw-dir ./raw
+```
 ## Confluence update examples

package/SECURITY.md CHANGED Viewed

@@ -2,16 +2,16 @@
 ## Read this before installing or running
-These skills are local automation tools. They can fetch potentially sensitive Jira and Confluence data into your filesystem, and `confluence-update` can write to Confluence when explicitly run with `--apply`.
+These skills are local automation tools. They can fetch potentially sensitive Jira, Confluence, and Bitbucket data into your filesystem, and `confluence-update` can write to Confluence when explicitly run with `--apply`.
 ## Browser authentication model
-The Jira and Confluence browser tools:
+The Jira, Confluence, and Bitbucket browser tools:
 1. launch or reuse a Chromium-compatible browser with a dedicated local profile,
 2. let you complete normal Atlassian SSO in the browser,
 3. read Atlassian cookies through the local Chrome DevTools protocol,
-4. verify those cookies represent an authenticated Jira/Confluence REST session,
+4. verify those cookies represent an authenticated Jira/Confluence/Bitbucket session,
 5. call Atlassian REST endpoints with those cookies.
 They do **not** require you to paste API tokens or cookies into chat.
@@ -20,7 +20,7 @@ They do **not** require you to paste API tokens or cookies into chat.
 - Do not paste Atlassian cookies, API tokens, passwords, or session headers into prompts, issues, logs, or commits.
 - Treat everything under `raw/` as confidential unless you know it is public.
-- Do not commit fetched Jira/Confluence exports, update audit files, or attachments to a public repository.
+- Do not commit fetched Jira/Confluence/Bitbucket exports, update audit files, clone URL lists, or attachments to a public repository.
 - Review generated `attachments.json` manifests before sharing; they may contain private URLs and filenames.
 - Chrome remote debugging is configured for `127.0.0.1`; do not expose it to a network interface.
 - Use dedicated browser profiles for fetch automation. If reusing SSO between Jira and Confluence, share only a dedicated automation profile via `ATLASSIAN_CHROME_PROFILE`, not your everyday browser profile.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aholbreich/agent-skills",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "description": "Handcrafted Agent Skills for browser-authenticated Jira and Confluence ingestion, LLM wiki workflows, and developer automation.",
   "license": "MIT",
   "type": "commonjs",
@@ -38,10 +38,11 @@
     "agent-skills": "bin/agent-skills.js",
     "jira-browser-fetch": "skills/jira-browser-fetch/scripts/jira-browser-fetch.js",
     "confluence-browser-fetch": "skills/confluence-browser-fetch/scripts/confluence-browser-fetch.js",
-    "confluence-update": "skills/confluence-update/scripts/confluence-update.js"
+    "confluence-update": "skills/confluence-update/scripts/confluence-update.js",
+    "bitbucket-browser-fetch": "skills/bitbucket-browser-fetch/scripts/bitbucket-browser-fetch.js"
   },
   "scripts": {
-    "check": "node --check bin/agent-skills.js && node --check skills/jira-browser-fetch/scripts/jira-browser-fetch.js && node --check skills/jira-browser-fetch/scripts/lib.js && node --check skills/confluence-browser-fetch/scripts/confluence-browser-fetch.js && node --check skills/confluence-browser-fetch/scripts/lib.js && node --check skills/confluence-update/scripts/confluence-update.js && node --check skills/confluence-update/scripts/lib.js",
+    "check": "node --check bin/agent-skills.js && node --check skills/jira-browser-fetch/scripts/jira-browser-fetch.js && node --check skills/jira-browser-fetch/scripts/lib.js && node --check skills/confluence-browser-fetch/scripts/confluence-browser-fetch.js && node --check skills/confluence-browser-fetch/scripts/lib.js && node --check skills/confluence-update/scripts/confluence-update.js && node --check skills/confluence-update/scripts/lib.js && node --check skills/bitbucket-browser-fetch/scripts/bitbucket-browser-fetch.js && node --check skills/bitbucket-browser-fetch/scripts/lib.js",
     "test": "node --test",
     "ci": "npm run check && npm test && npm pack --dry-run",
     "pack:dry": "npm pack --dry-run",

package/skills/bitbucket-browser-fetch/SKILL.md ADDED Viewed

@@ -0,0 +1,66 @@
+---
+name: bitbucket-browser-fetch
+description: Fetch Bitbucket Cloud project repository inventory through an authenticated browser session when API tokens/app passwords are unavailable, especially with Atlassian SSO. Use to list repositories in a Bitbucket workspace project and produce JSON, Markdown, SSH clone URL lists, HTTPS clone URL lists, and a safe clone helper script.
+license: MIT
+compatibility: Agent Skills standard. Tested with Pi; installable into Claude Code, Codex, OpenClaw/generic .agents skills directories. Requires Node.js 22+ with built-in fetch/WebSocket and a Chromium-compatible browser with remote debugging (Chrome, Chromium, Brave, Edge, or Vivaldi). No npm dependencies.
+---
+# Bitbucket Browser Fetch
+Use this skill when a user wants all repositories in a Bitbucket Cloud project inventoried through an authenticated browser session. This is useful when Bitbucket app passwords/API tokens are unavailable or inconvenient because the organization uses Atlassian SSO.
+The script opens/reuses Chrome with a dedicated profile, lets the user complete Bitbucket login once, extracts Bitbucket cookies via Chrome DevTools, verifies project access, and fetches the repository list using Bitbucket's browser/internal API.
+## Safety
+- Never ask the user to paste Bitbucket cookies, app passwords, or API tokens into chat.
+- The skill is read-only and does not clone repositories itself.
+- It writes clone URL lists and a helper script; review before executing any clone script.
+- Treat repository names/URLs as potentially confidential.
+## Script
+```bash
+scripts/bitbucket-browser-fetch.js <PROJECT_URL> [options]
+```
+Important options:
+```bash
+--workspace NAME   override workspace parsed from URL
+--project KEY      override project key parsed from URL
+--raw-dir DIR      output raw directory
+--pagelen N        internal API page size, default 100
+--wait SEC         SSO/session wait timeout
+--port PORT        Chrome DevTools port
+--profile-dir DIR  Chrome profile dir
+```
+## Example
+```bash
+scripts/bitbucket-browser-fetch.js \
+  'https://bitbucket.org/myneva/workspace/projects/SWI' \
+  --raw-dir ./raw
+```
+## Output
+```text
+raw/bitbucket/<workspace>/projects/<project-key>/
+├── repositories.json
+├── repositories.md
+├── clone-ssh.txt
+├── clone-https.txt
+├── clone-ssh.sh
+├── bitbucket-browser-fetch-run.json
+└── pages/
+    └── repositories-page-1.json
+```
+Agents should normally use `repositories.json` for metadata and `clone-ssh.txt` for selective checkout with normal Git SSH credentials.
+## References
+- [Usage reference](references/usage.md)
+- [Distribution guide](references/distribution.md)

package/skills/bitbucket-browser-fetch/references/distribution.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Bitbucket Browser Fetch Distribution
+This skill is distributed as part of `@aholbreich/agent-skills`.
+Directory layout:
+```text
+bitbucket-browser-fetch/
+├── SKILL.md
+├── references/
+│   ├── distribution.md
+│   └── usage.md
+└── scripts/
+    ├── bitbucket-browser-fetch.js
+    └── lib.js
+```
+Use directly by path or install a convenience symlink:
+```bash
+mkdir -p ~/.local/bin
+ln -sf ~/.pi/agent/skills/bitbucket-browser-fetch/scripts/bitbucket-browser-fetch.js ~/.local/bin/bitbucket-browser-fetch
+```
+The package exposes a `bitbucket-browser-fetch` npm bin when installed globally.

package/skills/bitbucket-browser-fetch/references/usage.md ADDED Viewed

@@ -0,0 +1,84 @@
+# Bitbucket Browser Fetch Usage
+## Why Browser Fetch?
+Bitbucket Cloud organizations often rely on Atlassian SSO. Browser fetch avoids pasted secrets by:
+1. Launching/reusing a dedicated Chromium-compatible browser profile.
+2. Letting the user complete normal Bitbucket/Atlassian login in the browser.
+3. Reading Bitbucket cookies through local Chrome DevTools.
+4. Verifying access to the requested Bitbucket project.
+5. Calling Bitbucket's browser/internal API to list project repositories.
+The official `api.bitbucket.org/2.0` API does not reliably accept browser cookies, so this skill uses the same internal API the Bitbucket UI uses for project repository lists.
+## Common Command
+```bash
+scripts/bitbucket-browser-fetch.js \
+  'https://bitbucket.org/myneva/workspace/projects/SWI' \
+  --raw-dir ./raw
+```
+## Output Files
+For `https://bitbucket.org/myneva/workspace/projects/SWI`:
+```text
+raw/bitbucket/myneva/projects/SWI/
+├── repositories.json              # normalized machine-readable inventory
+├── repositories.md                # human/LLM-friendly table
+├── clone-ssh.txt                  # one SSH git clone URL per line
+├── clone-https.txt                # one HTTPS git clone URL per line
+├── clone-ssh.sh                   # safe helper script; not executed automatically
+├── bitbucket-browser-fetch-run.json
+└── pages/
+    ├── repositories-page-1.json   # raw Bitbucket internal API responses
+    └── repositories-page-2.json
+```
+## Agent Checkout Workflow
+The skill does not clone automatically. After reviewing the output, agents can selectively clone with normal Git SSH credentials:
+```bash
+mkdir -p repos
+while read -r url; do
+  name="$(basename "$url" .git)"
+  [ -d "repos/$name/.git" ] && echo "SKIP $name" && continue
+  git clone "$url" "repos/$name"
+done < raw/bitbucket/myneva/projects/SWI/clone-ssh.txt
+```
+Or run the generated helper script after review:
+```bash
+raw/bitbucket/myneva/projects/SWI/clone-ssh.sh repos
+```
+## Environment Variables
+| Variable | Meaning |
+|---|---|
+| `BITBUCKET_RAW_DIR` | Default output raw directory |
+| `BITBUCKET_CHROME_DEBUG_PORT` | Chrome DevTools port; overrides `ATLASSIAN_CHROME_DEBUG_PORT` |
+| `ATLASSIAN_CHROME_DEBUG_PORT` | Shared DevTools port for Atlassian browser tools |
+| `BITBUCKET_CHROME_PROFILE` | Dedicated Chrome profile dir; overrides `ATLASSIAN_CHROME_PROFILE` |
+| `ATLASSIAN_CHROME_PROFILE` | Shared browser profile dir for Atlassian tools |
+| `BITBUCKET_FETCH_WAIT_SEC` | Wait timeout, default `900` |
+| `BITBUCKET_PAGELEN` | Internal API page size, default `100` |
+| `CHROME` / `CHROMIUM` | Browser executable path override |
+## Troubleshooting
+### Project not found / no access
+Complete Bitbucket/Atlassian login in the opened browser and confirm you can view the project URL manually.
+### Official API returns empty but UI shows repositories
+Expected in SSO/browser-cookie mode. This skill intentionally uses Bitbucket's browser/internal API.
+### Git clone fails
+Browser authentication and Git authentication are separate. Configure SSH keys or Git credentials for Bitbucket before cloning.

package/skills/bitbucket-browser-fetch/scripts/bitbucket-browser-fetch.js ADDED Viewed

@@ -0,0 +1,344 @@
+#!/usr/bin/env node
+'use strict';
+const fs = require('fs');
+const fsp = require('fs/promises');
+const os = require('os');
+const path = require('path');
+const { spawn } = require('child_process');
+const {
+  parseProjectInput,
+  repositoriesApiUrl,
+  normalizeRepo,
+  safeName,
+  repositoriesMarkdown,
+  cloneScript,
+} = require('./lib');
+function usage() {
+  console.log(`Usage: bitbucket-browser-fetch <PROJECT_URL> [options]
+Fetch Bitbucket Cloud project repository inventory through an authenticated browser session.
+Options:
+  --workspace NAME          Override workspace parsed from URL
+  --project KEY             Override project key parsed from URL
+  --raw-dir DIR             Output raw directory (default: BITBUCKET_RAW_DIR or ./raw)
+  --pagelen N               Internal API page size (default: 100)
+  --wait SEC                Wait time for login/session (default: 900)
+  --port PORT               Chrome DevTools port (default: BITBUCKET_CHROME_DEBUG_PORT, ATLASSIAN_CHROME_DEBUG_PORT, or 9224)
+  --profile-dir DIR         Chrome profile dir (default: BITBUCKET_CHROME_PROFILE, ATLASSIAN_CHROME_PROFILE, or ~/.local/share/bitbucket-browser-fetch-chrome)
+  --help                    Show this help
+Examples:
+  bitbucket-browser-fetch 'https://bitbucket.org/myneva/workspace/projects/SWI' --raw-dir raw
+`);
+}
+const opts = {
+  projectUrl: '',
+  workspace: '',
+  projectKey: '',
+  rawDir: process.env.BITBUCKET_RAW_DIR || path.resolve(process.cwd(), 'raw'),
+  port: Number(process.env.BITBUCKET_CHROME_DEBUG_PORT || process.env.ATLASSIAN_CHROME_DEBUG_PORT || 9224),
+  waitSec: Number(process.env.BITBUCKET_FETCH_WAIT_SEC || 900),
+  profileDir: process.env.BITBUCKET_CHROME_PROFILE || process.env.ATLASSIAN_CHROME_PROFILE || path.join(os.homedir(), '.local/share/bitbucket-browser-fetch-chrome'),
+  pagelen: Number(process.env.BITBUCKET_PAGELEN || 100),
+};
+const args = process.argv.slice(2);
+for (let i = 0; i < args.length; i++) {
+  const a = args[i];
+  if (a === '-h' || a === '--help') { usage(); process.exit(0); }
+  else if (a === '--workspace') opts.workspace = args[++i];
+  else if (a === '--project') opts.projectKey = args[++i].toUpperCase();
+  else if (a === '--raw-dir') opts.rawDir = args[++i];
+  else if (a === '--pagelen') opts.pagelen = Number(args[++i]);
+  else if (a === '--wait') opts.waitSec = Number(args[++i]);
+  else if (a === '--port') opts.port = Number(args[++i]);
+  else if (a === '--profile-dir') opts.profileDir = args[++i];
+  else if (!a.startsWith('-') && !opts.projectUrl) opts.projectUrl = a;
+  else { console.error(`Unknown argument: ${a}`); process.exit(2); }
+}
+if (!opts.projectUrl && (!opts.workspace || !opts.projectKey)) { usage(); process.exit(2); }
+let project = null;
+if (opts.projectUrl) project = parseProjectInput(opts.projectUrl);
+else project = { source: '', workspace: opts.workspace, projectKey: opts.projectKey, browseUrl: `https://bitbucket.org/${opts.workspace}/workspace/projects/${opts.projectKey}` };
+if (opts.workspace) project.workspace = opts.workspace;
+if (opts.projectKey) project.projectKey = opts.projectKey.toUpperCase();
+project.browseUrl = `https://bitbucket.org/${project.workspace}/workspace/projects/${project.projectKey}`;
+opts.rawDir = path.resolve(opts.rawDir);
+opts.pagelen = Math.min(100, Math.max(1, opts.pagelen || 100));
+const sleep = ms => new Promise(r => setTimeout(r, ms));
+async function endpoint(pathname) {
+  const res = await fetch(`http://127.0.0.1:${opts.port}${pathname}`);
+  if (!res.ok) throw new Error(`DevTools HTTP ${res.status} for ${pathname}`);
+  return res.json();
+}
+async function devtoolsReady() {
+  try { await endpoint('/json/version'); return true; } catch { return false; }
+}
+async function waitDevtools() {
+  for (let i = 0; i < 80; i++) {
+    if (await devtoolsReady()) return;
+    await sleep(250);
+  }
+  throw new Error('Chrome DevTools endpoint did not start');
+}
+async function openDevtoolsTab(url) {
+  const endpointUrl = `http://127.0.0.1:${opts.port}/json/new?${encodeURIComponent(url)}`;
+  for (const init of [{ method: 'PUT' }, {}]) {
+    try {
+      const res = await fetch(endpointUrl, init);
+      if (res.ok) { await sleep(1000); return true; }
+    } catch {}
+  }
+  return false;
+}
+async function hasBitbucketTab(url) {
+  const host = new URL(url).host;
+  const list = await endpoint('/json/list');
+  return list.some(t => t.type === 'page' && t.url && (() => {
+    try { return new URL(t.url).host === host; } catch { return false; }
+  })());
+}
+function isExecutable(file) {
+  try { fs.accessSync(file, fs.constants.X_OK); return true; } catch { return false; }
+}
+function resolveBrowserCandidate(candidate) {
+  if (!candidate) return null;
+  if (candidate.includes(path.sep)) return isExecutable(candidate) ? candidate : null;
+  for (const dir of String(process.env.PATH || '').split(path.delimiter)) {
+    if (!dir) continue;
+    const full = path.join(dir, candidate);
+    if (isExecutable(full)) return full;
+  }
+  return null;
+}
+function findBrowserExecutable() {
+  const candidates = [
+    process.env.CHROME,
+    process.env.CHROMIUM,
+    'google-chrome',
+    'google-chrome-stable',
+    'chromium',
+    'chromium-browser',
+    'brave-browser',
+    'brave',
+    'microsoft-edge',
+    'microsoft-edge-stable',
+    'vivaldi',
+    'vivaldi-stable',
+    '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome',
+    '/Applications/Chromium.app/Contents/MacOS/Chromium',
+    '/Applications/Brave Browser.app/Contents/MacOS/Brave Browser',
+    '/Applications/Microsoft Edge.app/Contents/MacOS/Microsoft Edge',
+    '/Applications/Vivaldi.app/Contents/MacOS/Vivaldi',
+  ];
+  for (const candidate of candidates) {
+    const resolved = resolveBrowserCandidate(candidate);
+    if (resolved) return resolved;
+  }
+  throw new Error('Could not find a Chromium-compatible browser. Install Chrome/Chromium/Brave/Edge/Vivaldi or set CHROME=/path/to/browser.');
+}
+function launchChrome(url) {
+  const browser = findBrowserExecutable();
+  const args = [
+    `--remote-debugging-port=${opts.port}`,
+    '--remote-debugging-address=127.0.0.1',
+    '--remote-allow-origins=*',
+    `--user-data-dir=${opts.profileDir}`,
+    '--no-first-run',
+    '--no-default-browser-check',
+    url,
+  ];
+  console.log(`Launching browser: ${browser}`);
+  const child = spawn(browser, args, { detached: true, stdio: 'ignore' });
+  child.on('error', err => console.error(`Failed to launch browser ${browser}: ${err.message}`));
+  child.unref();
+}
+async function ensureBrowser(openUrl) {
+  if (!(await devtoolsReady())) {
+    console.log(`Opening Chromium-compatible browser with reusable profile: ${opts.profileDir}`);
+    launchChrome(openUrl);
+  } else {
+    console.log(`Reusing Chrome DevTools on port ${opts.port}`);
+    if (await hasBitbucketTab(openUrl)) console.log(`Found existing Bitbucket tab for ${new URL(openUrl).host}; not opening another tab.`);
+    else if (await openDevtoolsTab(openUrl)) console.log(`Opened target URL in reused browser: ${openUrl}`);
+    else console.warn('Could not open target URL through DevTools; continuing with existing tabs.');
+  }
+  await waitDevtools();
+}
+async function getPageWsUrl() {
+  const list = await endpoint('/json/list');
+  const pages = list.filter(t => t.type === 'page' && t.webSocketDebuggerUrl);
+  const preferred = pages.find(t => (t.url || '').includes('bitbucket.org')) || pages[0];
+  return preferred && preferred.webSocketDebuggerUrl;
+}
+function connectCdp(wsUrl) {
+  return new Promise((resolve, reject) => {
+    const ws = new WebSocket(wsUrl);
+    let id = 0;
+    const pending = new Map();
+    const failTimer = setTimeout(() => reject(new Error('CDP websocket timeout')), 10000);
+    ws.addEventListener('open', () => {
+      clearTimeout(failTimer);
+      resolve({
+        send(method, params = {}) {
+          return new Promise((res, rej) => {
+            const msgId = ++id;
+            pending.set(msgId, { res, rej });
+            ws.send(JSON.stringify({ id: msgId, method, params }));
+          });
+        },
+        close() { try { ws.close(); } catch {} },
+      });
+    });
+    ws.addEventListener('message', ev => {
+      let data = ev.data;
+      if (typeof data !== 'string') data = Buffer.from(data).toString('utf8');
+      const msg = JSON.parse(data);
+      if (!msg.id || !pending.has(msg.id)) return;
+      const { res, rej } = pending.get(msg.id);
+      pending.delete(msg.id);
+      if (msg.error) rej(new Error(`${msg.error.message || 'CDP error'} ${JSON.stringify(msg.error)}`));
+      else res(msg.result);
+    });
+    ws.addEventListener('error', err => reject(err));
+  });
+}
+async function getCookieHeader() {
+  const wsUrl = await getPageWsUrl();
+  if (!wsUrl) return '';
+  const cdp = await connectCdp(wsUrl);
+  try {
+    await cdp.send('Network.enable');
+    const result = await cdp.send('Network.getCookies', { urls: ['https://bitbucket.org/'] });
+    return (result.cookies || [])
+      .filter(c => c.domain && (c.domain === 'bitbucket.org' || c.domain.endsWith('.bitbucket.org')))
+      .map(c => `${c.name}=${c.value}`)
+      .join('; ');
+  } finally {
+    cdp.close();
+  }
+}
+async function fetchJson(url, cookie) {
+  const res = await fetch(url, {
+    headers: { Cookie: cookie, Accept: 'application/json', 'User-Agent': 'bitbucket-browser-fetch/1.0' },
+    redirect: 'follow',
+  });
+  const text = await res.text();
+  let json = null;
+  try { json = JSON.parse(text); } catch {}
+  return { status: res.status, contentType: res.headers.get('content-type') || '', text, json };
+}
+async function verifyBitbucketSession(cookie) {
+  if (!cookie) return { ok: false, message: 'no Bitbucket cookies yet' };
+  const url = `https://bitbucket.org/!api/internal/menu/project/${encodeURIComponent(project.workspace)}/${encodeURIComponent(project.projectKey)}`;
+  const result = await fetchJson(url, cookie);
+  if (result.status === 200 && result.json) return { ok: true, url };
+  if (result.status === 401 || result.status === 403 || result.status === 404) {
+    return { ok: false, message: `not authenticated or no project access (${result.status} from ${url})` };
+  }
+  return { ok: false, message: `session probe HTTP ${result.status} from ${url}` };
+}
+async function getCookieWithWait() {
+  await ensureBrowser(project.browseUrl);
+  console.log(`If prompted in Chrome, complete Bitbucket/Atlassian login for: ${project.browseUrl}`);
+  const deadline = Date.now() + opts.waitSec * 1000;
+  let last = '';
+  let printedWait = false;
+  while (Date.now() < deadline) {
+    try {
+      const cookie = await getCookieHeader();
+      const session = await verifyBitbucketSession(cookie);
+      if (session.ok) {
+        if (process.stdout.isTTY) process.stdout.write('\n');
+        console.log(`Authenticated Bitbucket session verified via ${session.url}`);
+        return cookie;
+      }
+      last = session.message;
+    } catch (e) { last = e.message; }
+    if (process.stdout.isTTY) process.stdout.write(`\r${new Date().toLocaleTimeString()} ${last.padEnd(120).slice(0, 120)}`);
+    else if (!printedWait) { console.log(`Waiting up to ${opts.waitSec}s for Bitbucket session...`); printedWait = true; }
+    await sleep(3000);
+  }
+  if (process.stdout.isTTY) process.stdout.write('\n');
+  throw new Error(`Could not verify authenticated Bitbucket session. Last result: ${last}`);
+}
+async function fetchRepositories(cookie) {
+  const pages = [];
+  const repos = [];
+  let page = 1;
+  let nextUrl = repositoriesApiUrl(project.workspace, project.projectKey, page, opts.pagelen);
+  while (nextUrl) {
+    const result = await fetchJson(nextUrl, cookie);
+    if (result.status !== 200 || !result.json || !Array.isArray(result.json.values)) {
+      throw new Error(`Repository list failed HTTP ${result.status}: ${(result.text || '').slice(0, 500).replace(/\s+/g, ' ')}`);
+    }
+    pages.push(result.json);
+    repos.push(...result.json.values.map(normalizeRepo));
+    console.log(`Fetched Bitbucket repositories page ${result.json.page || page}: ${result.json.values.length} repo(s)`);
+    nextUrl = result.json.next || '';
+    page += 1;
+  }
+  return { pages, repos };
+}
+async function main() {
+  await fsp.mkdir(opts.rawDir, { recursive: true });
+  const cookie = await getCookieWithWait();
+  const { pages, repos } = await fetchRepositories(cookie);
+  const outDir = path.join(opts.rawDir, 'bitbucket', safeName(project.workspace), 'projects', safeName(project.projectKey));
+  await fsp.mkdir(path.join(outDir, 'pages'), { recursive: true });
+  const manifest = {
+    fetchedAt: new Date().toISOString(),
+    source: project.source || project.browseUrl,
+    browseUrl: project.browseUrl,
+    workspace: project.workspace,
+    projectKey: project.projectKey,
+    repositoryCount: repos.length,
+    repositories: repos,
+  };
+  await fsp.writeFile(path.join(outDir, 'repositories.json'), JSON.stringify(manifest, null, 2));
+  await fsp.writeFile(path.join(outDir, 'repositories.md'), repositoriesMarkdown(manifest));
+  await fsp.writeFile(path.join(outDir, 'clone-ssh.txt'), repos.map(r => r.clone && r.clone.ssh).filter(Boolean).join('\n') + '\n');
+  await fsp.writeFile(path.join(outDir, 'clone-https.txt'), repos.map(r => r.clone && r.clone.https).filter(Boolean).join('\n') + '\n');
+  await fsp.writeFile(path.join(outDir, 'clone-ssh.sh'), cloneScript(), { mode: 0o755 });
+  for (let i = 0; i < pages.length; i++) {
+    await fsp.writeFile(path.join(outDir, 'pages', `repositories-page-${i + 1}.json`), JSON.stringify(pages[i], null, 2));
+  }
+  const runMeta = { fetchedAt: manifest.fetchedAt, workspace: project.workspace, projectKey: project.projectKey, rawDir: outDir, repositoryCount: repos.length };
+  await fsp.writeFile(path.join(outDir, 'bitbucket-browser-fetch-run.json'), JSON.stringify(runMeta, null, 2));
+  console.log(`\nFetched ${repos.length} Bitbucket repos for ${project.workspace}/${project.projectKey}`);
+  console.log(`Saved ${path.join(outDir, 'repositories.json')}`);
+  console.log(`SSH clone list: ${path.join(outDir, 'clone-ssh.txt')}`);
+  for (const repo of repos) console.log(`- ${repo.fullName || repo.name}`);
+}
+main().catch(err => {
+  console.error(`\nERROR: ${err.stack || err.message}`);
+  process.exit(1);
+});

package/skills/bitbucket-browser-fetch/scripts/lib.js ADDED Viewed

@@ -0,0 +1,113 @@
+'use strict';
+function parseProjectInput(input) {
+  const source = String(input || '').trim();
+  if (!source) throw new Error('Missing Bitbucket project URL');
+  try {
+    const url = new URL(source);
+    if (url.hostname !== 'bitbucket.org') throw new Error('Expected bitbucket.org URL');
+    const parts = url.pathname.split('/').filter(Boolean);
+    // https://bitbucket.org/{workspace}/workspace/projects/{projectKey}
+    if (parts.length >= 4 && parts[1] === 'workspace' && parts[2] === 'projects') {
+      return { source, workspace: parts[0], projectKey: parts[3].toUpperCase(), browseUrl: `https://bitbucket.org/${parts[0]}/workspace/projects/${parts[3].toUpperCase()}` };
+    }
+  } catch (e) {
+    if (e.message !== 'Invalid URL') throw e;
+  }
+  throw new Error(`Could not parse Bitbucket project URL: ${input}`);
+}
+function repositoriesApiUrl(workspace, projectKey, page = 1, pagelen = 100) {
+  const url = new URL(`https://bitbucket.org/!api/internal/workspaces/${encodeURIComponent(workspace)}/projects/${encodeURIComponent(projectKey)}/repositories`);
+  url.searchParams.set('page', String(page));
+  url.searchParams.set('pagelen', String(pagelen));
+  url.searchParams.set('sort', 'name');
+  url.searchParams.set('fields', '+values.parent');
+  return url.toString().replace('%2Bvalues.parent', '%2Bvalues.parent');
+}
+function cloneLinks(repo) {
+  const links = (((repo || {}).links || {}).clone || []);
+  const out = {};
+  for (const link of links) {
+    if (link && link.name && link.href) out[link.name] = link.href;
+  }
+  const fullName = repo.full_name || (repo.workspace && repo.slug ? `${repo.workspace.slug}/${repo.slug}` : '');
+  if (fullName) {
+    if (!out.ssh) out.ssh = `git@bitbucket.org:${fullName}.git`;
+    if (!out.https) out.https = `https://bitbucket.org/${fullName}.git`;
+  }
+  return out;
+}
+function normalizeRepo(repo) {
+  const project = repo.project || {};
+  const links = repo.links || {};
+  const htmlUrl = links.html && links.html.href || (repo.full_name ? `https://bitbucket.org/${repo.full_name}` : '');
+  return {
+    uuid: repo.uuid,
+    name: repo.name,
+    slug: repo.slug,
+    fullName: repo.full_name,
+    projectKey: project.key,
+    projectName: project.name,
+    isPrivate: repo.is_private,
+    scm: repo.scm,
+    mainBranch: repo.mainbranch && repo.mainbranch.name,
+    createdOn: repo.created_on,
+    updatedOn: repo.updated_on,
+    size: repo.size,
+    language: repo.language,
+    htmlUrl,
+    clone: cloneLinks(repo),
+  };
+}
+function safeName(s) {
+  return String(s || 'unknown').replace(/[^a-zA-Z0-9._-]+/g, '-').replace(/^-+|-+$/g, '') || 'unknown';
+}
+function repositoriesMarkdown(manifest) {
+  const lines = [];
+  lines.push(`# Bitbucket repositories: ${manifest.workspace} / ${manifest.projectKey}`);
+  lines.push('');
+  lines.push(`Fetched: ${manifest.fetchedAt}`);
+  lines.push(`Count: ${manifest.repositoryCount}`);
+  lines.push('');
+  lines.push('| Repository | Private | SSH clone | URL |');
+  lines.push('|---|---:|---|---|');
+  for (const repo of manifest.repositories) {
+    lines.push(`| ${repo.fullName || repo.name || ''} | ${repo.isPrivate ? 'yes' : 'no'} | \`${repo.clone && repo.clone.ssh || ''}\` | ${repo.htmlUrl || ''} |`);
+  }
+  lines.push('');
+  return lines.join('\n');
+}
+function cloneScript() {
+  return `#!/usr/bin/env bash
+set -euo pipefail
+TARGET_DIR="\${1:-repos}"
+mkdir -p "$TARGET_DIR"
+SCRIPT_DIR="$(cd "$(dirname "\${BASH_SOURCE[0]}")" && pwd)"
+while IFS= read -r url; do
+  [ -n "$url" ] || continue
+  name="$(basename "$url" .git)"
+  if [ -d "$TARGET_DIR/$name/.git" ]; then
+    echo "SKIP $name"
+  else
+    echo "CLONE $url -> $TARGET_DIR/$name"
+    git clone "$url" "$TARGET_DIR/$name"
+  fi
+done < "$SCRIPT_DIR/clone-ssh.txt"
+`;
+}
+module.exports = {
+  parseProjectInput,
+  repositoriesApiUrl,
+  cloneLinks,
+  normalizeRepo,
+  safeName,
+  repositoriesMarkdown,
+  cloneScript,
+};