القائمة
Bitbucket Cloud: API tokens (replacing app passwords), REST API, git auth, repo/workspace management. Use for cloning, API access, CI/CD, managing Bitbucket repos.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Behavioral testing methodology — test what users experience, not how code is structured. Use when writing tests, reviewing test quality, planning test strategy for new features, or when existing tests are brittle/verbose/coupled to implementation details. Triggers: writing tests, TDD, test review, "tests keep breaking", "too many mocks", "tests are verbose", test coverage planning, behavior-driven development.
Summon 8–12 fictional but statistically plausible people from Kyrgyzstan to judge your web app. They take screenshots, click around, get confused, get delighted, and write honest reviews in Russian. Output: a single .md report with embedded screenshots. Use when you need brutal UX feedback from people who ride marshrutkas.
Artemy Lebedev-style бизнес-линч design review. Opens the site in a real browser, screenshots everything, then tears it apart (or praises it) in his signature voice — brutal, specific, visual. Use when you want a no-bullshit design review, 'линч', 'lebedev review', 'artemy review', or 'roast my site'.
Autonomous experiment loop — modify code, measure, keep/discard, repeat forever. Based on Karpathy's autoresearch pattern. Use when there's working code + a measurable metric to optimize. Agent works while you sleep.
Iterative deep research agent — recursive breadth×depth tree search that accumulates learnings, generates follow-ups, and produces cited reports. Uses exa + serper + subagents. Use when user says 'deep research', 'investigate', 'deep dive', 'thorough analysis', or needs multi-source synthesis with depth.
Detect and fix design system leaks — default shadcn/bootstrap/MUI styling breaking through your brand. Use when: UI feels 'template-y', 'looks like shadcn', 'too generic', buttons are inconsistent colors, cards look default, or after shipping many features fast. Also: 'audit my design', 'check consistency', 'brand leak', 'fix the defaults'.
| name | bitbucket |
| description | Bitbucket Cloud: API tokens (replacing app passwords), REST API, git auth, repo/workspace management. Use for cloning, API access, CI/CD, managing Bitbucket repos. |
App passwords deprecated Sept 9, 2025, disabled June 9, 2026. Use API tokens with scopes instead.
| Type | Created at | Scope | Username for git | API header |
|---|---|---|---|---|
| API Token (user) | Atlassian Account → Security → API tokens | User-level, custom scopes | {bitbucket_username} or x-bitbucket-api-token-auth | Authorization: Bearer <token> |
| Repository Access Token | Repo Settings → Access tokens | Single repo only | x-token-auth | Authorization: Bearer <token> |
| Workspace Access Token | Workspace Settings → Access tokens | All repos in workspace | x-token-auth | Authorization: Bearer <token> |
| Category | Scope | API scope string | What it does |
|---|---|---|---|
| Repositories | Read | read:repository:bitbucket | View repos, source code, file browser |
| Write | write:repository:bitbucket | Modify repos, push code | |
| Admin | admin:repository:bitbucket | Create repos, manage settings | |
| Delete | delete:repository:bitbucket | Delete repos | |
| Pull Requests | Read | read:pullrequest:bitbucket | View PRs, comment |
| Write | write:pullrequest:bitbucket | Create, approve, merge PRs | |
| Workspaces | Read | read:workspace:bitbucket | View workspace data |
| Admin | admin:workspace:bitbucket | Manage workspace | |
| Projects | Read | read:project:bitbucket | View projects |
| Admin | admin:project:bitbucket | Create/delete projects | |
| Pipelines | Read | read:pipeline:bitbucket | View pipeline info |
| Write | write:pipeline:bitbucket | Start/stop pipelines | |
| Admin | admin:pipeline:bitbucket | Manage pipeline variables | |
| Webhooks | Read/Write/Delete | read/write/delete:webhook:bitbucket | Manage webhooks |
| SSH Keys | Read/Write/Delete | read/write/delete:ssh-key:bitbucket | Manage SSH/deploy keys |
| User | Read | read:user:bitbucket | View current user data |
Note: Scopes don't cascade. write:repository does NOT include read:repository. Request both.
# Interactive prompt (token as password)
git clone https://{bitbucket_username}@bitbucket.org/{workspace}/{repo}.git
# Or with static username
git clone https://x-bitbucket-api-token-auth@bitbucket.org/{workspace}/{repo}.git
# Token in URL (CI/CD only, don't store in plain text)
git clone https://x-bitbucket-api-token-auth:{api_token}@bitbucket.org/{workspace}/{repo}.git
# Interactive
git clone https://x-token-auth@bitbucket.org/{workspace}/{repo}.git
# Token in URL
git clone https://x-token-auth:{access_token}@bitbucket.org/{workspace}/{repo}.git
git remote set-url origin https://x-bitbucket-api-token-auth@bitbucket.org/{workspace}/{repo}.git
# Cache for 1 hour
git config --global credential.helper 'cache --timeout=3600'
# Or use macOS Keychain
git config --global credential.helper osxkeychain
For API calls: use Basic auth with email + token:
curl -u "{email}:{api_token}" \
"https://api.bitbucket.org/2.0/repositories/{workspace}"
For git commands: use Basic auth with username + token:
git clone https://{bitbucket_username}:{api_token}@bitbucket.org/{workspace}/{repo}.git
Repo/Workspace access tokens (ATATT3xF prefix) use Bearer:
curl -H "Authorization: Bearer <access_token>" \
"https://api.bitbucket.org/2.0/repositories/{workspace}/{repo}"
Key distinction: Scoped API tokens use email for API, username for git. Bearer auth does NOT work with scoped API tokens — use Basic auth.
BASE="https://api.bitbucket.org/2.0"
AUTH="-H 'Authorization: Bearer TOKEN'"
# List repos in workspace
curl $AUTH "$BASE/repositories/{workspace}?pagelen=50"
# Get repo info
curl $AUTH "$BASE/repositories/{workspace}/{repo}"
# List branches
curl $AUTH "$BASE/repositories/{workspace}/{repo}/refs/branches"
# List commits
curl $AUTH "$BASE/repositories/{workspace}/{repo}/commits"
# Get file content
curl $AUTH "$BASE/repositories/{workspace}/{repo}/src/{branch}/{filepath}"
# List PRs
curl $AUTH "$BASE/repositories/{workspace}/{repo}/pullrequests?state=OPEN"
# List workspace members
curl $AUTH "$BASE/workspaces/{workspace}/members"
# List pipelines
curl $AUTH "$BASE/repositories/{workspace}/{repo}/pipelines/?pagelen=10&sort=-created_on"
# Download repo as zip
curl -L $AUTH "$BASE/repositories/{workspace}/{repo}/downloads" -o repo.zip
# Response includes: size, page, pagelen, next, previous
# Default pagelen=10, max=100
curl $AUTH "$BASE/repositories/{workspace}?pagelen=100&page=2"
# Auto-paginate all results
next_url="$BASE/repositories/{workspace}?pagelen=100"
while [ -n "$next_url" ]; do
response=$(curl -s $AUTH "$next_url")
echo "$response" | jq '.values[]'
next_url=$(echo "$response" | jq -r '.next // empty')
done
| Prefix | Type |
|---|---|
ATATT3xF | Repository/Workspace Access Token (old format) |
ATCTT3xF | OAuth 2.0 access token |
| No prefix | User API token (new format, 2025+) |
# Store
pass insert bitbucket/{project}/api-token
pass insert bitbucket/{project}/username
# Use in scripts
BB_TOKEN=$(pass show bitbucket/{project}/api-token)
BB_USER=$(pass show bitbucket/{project}/username)
git clone "https://${BB_USER}:${BB_TOKEN}@bitbucket.org/{workspace}/{repo}.git"
# bitbucket-pipelines.yml
image: python:3.11
pipelines:
default:
- step:
name: Deploy
script:
- pip install -r requirements.txt
- python manage.py test
# Access token auto-available as BITBUCKET_TOKEN in pipelines
curl -u "username:api_token" https://api.bitbucket.org/2.0/user