Turn Your Bitbucket Server to MCP — Leverage Your Performance as a Team Lead

Why Bitbucket + MCP for Team Leads?

As a team lead you’re constantly switching between code, PRs, pipelines, and chat. The Model Context Protocol (MCP) lets AI assistants talk to your tools through a standard interface. When Bitbucket Server is exposed as an MCP server, you can ask your assistant to list open PRs, summarize a branch, or find stale branches—without opening the Bitbucket UI. That means fewer tabs, faster status checks, and more time for actual leadership and feedback.

What You Gain

How It Works

An MCP server wraps the Bitbucket Server (or Data Center) REST API and exposes tools and resources that MCP clients can call. You run the server (or host it internally), point your AI-enabled IDE or chat at it, and then use natural language to ask for repo lists, PR details, or branch summaries. The assistant uses the MCP tools to fetch data and gives you a concise answer. No copy-pasting PR URLs or digging through the UI.

Code Reference: MCP-Ready Bitbucket API on Spring Boot

A practical way to build the backend that will back your MCP tools is a small Spring Boot app that handles Bitbucket auth and exposes the Bitbucket REST API. The polisua-mentat-api project is a good reference: it uses OAuth2 with Bitbucket (Cloud or Server), obtains an access token, and calls Bitbucket APIs. You can then expose those calls as MCP tools (e.g. “list repos”, “get open PRs”). Below are the key pieces; for Bitbucket Server you’d point URLs and scopes to your server instance and may use a personal access token instead of OAuth2.

Dependencies (pom.xml)

<dependencies>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
  </dependency>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
  </dependency>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-client</artifactId>
  </dependency>
</dependencies>

Bitbucket OAuth2 config (application.yml)

For Bitbucket Cloud the provider URIs are as below. For Bitbucket Server, set authorization-uri, token-uri, and user-info-uri to your server base (e.g. https://bitbucket.yourcompany.com) and use the same OAuth2 flow, or use a personal access token and skip OAuth2.

spring:
  security:
    oauth2:
      client:
        registration:
          bitbucket:
            client-id: ${BITBUCKET_CLIENT_ID}
            client-secret: ${BITBUCKET_CLIENT_SECRET}
            authorization-grant-type: authorization_code
            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
            scope: repository,pullrequest
        provider:
          bitbucket:
            authorization-uri: https://bitbucket.org/site/oauth2/authorize
            token-uri: https://bitbucket.org/site/oauth2/access_token
            user-info-uri: https://api.bitbucket.org/2.0/user

Security: allow token and callback (OAuth2Config)

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
  http
    .authorizeHttpRequests(authorize -> authorize
      .requestMatchers("/login/oauth2/code/bitbucket", "/token").permitAll()
      .anyRequest().authenticated()
    )
    .oauth2Login(oauth2 -> oauth2
      .loginPage("/oauth2/authorization/bitbucket")
      .defaultSuccessUrl("/", true)
    )
    .csrf(csrf -> csrf
      .ignoringRequestMatchers("/login/oauth2/code/bitbucket", "/token")
    );
  return http.build();
}

Bitbucket API client (BitbucketOAuth2Service)

Exchange the OAuth2 code for an access token, then call Bitbucket REST APIs. This pattern is the same for Bitbucket Server: use your server’s base URL (e.g. /rest/api/1.0/repos, /rest/api/1.0/projects/{project}/repos) and the token in the Authorization header.

public Map<String, Object> exchangeCodeForToken(String code) {
  HttpHeaders headers = new HttpHeaders();
  headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
  headers.setBasicAuth(clientId, clientSecret);
  MultiValueMap<String, String> body = new LinkedMultiValueMap<>();
  body.add("grant_type", "authorization_code");
  body.add("code", code);
  body.add("redirect_uri", redirectUri);
  HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(body, headers);
  return restTemplate.postForObject(tokenUri, request, Map.class);
}

public Map<String, Object> getUserInfo(String accessToken) {
  HttpHeaders headers = new HttpHeaders();
  headers.setBearerAuth(accessToken);
  return restTemplate.getForObject(userInfoUri, Map.class);
}

// For MCP: add methods that call Bitbucket Server REST API, e.g.:
// GET /rest/api/1.0/projects?limit=100
// GET /rest/api/1.0/projects/{projectKey}/repos
// GET /rest/api/1.0/projects/{projectKey}/repos/{repo}/pull-requests

Exposing the token to your MCP client

The reference app exposes a /token endpoint so an authenticated user can retrieve their access token. Your MCP server (or the client that talks to Bitbucket) can then use this token to call the Bitbucket APIs. Alternatively, use a service account or PAT stored in the MCP server config so the AI always has a consistent identity. Either way, the Spring Boot app gives you a reusable Bitbucket API layer that your MCP tools can call.

Example: Check out all repos into a folder via MCP

A common team lead task is cloning every repo in a project to a local directory (e.g. for audits, search, or bulk operations). With MCP you can ask the assistant to list repos, then run a script that clones each into a target folder.

1. Use MCP to get the repo list. In your MCP-enabled client (e.g. Cursor), prompt: “List all repository clone URLs for project MYPROJECT.” The MCP server calls Bitbucket’s API (e.g. /rest/api/1.0/projects/{projectKey}/repos) and returns the clone URLs. You might get output like:

https://bitbucket.company.com/scm/MYPROJECT/backend.git
https://bitbucket.company.com/scm/MYPROJECT/frontend.git
https://bitbucket.company.com/scm/MYPROJECT/libs.git

2. Check out all repos into a specific folder. Save the URLs (or pipe the MCP tool output) and run a script that clones each repo into a subfolder. Example:

# Target folder for all repos (e.g. ./my-project-repos)
TARGET_DIR="${HOME}/workspace/myproject-repos"
mkdir -p "$TARGET_DIR" && cd "$TARGET_DIR"

# List of clone URLs from MCP (or paste the list here)
REPO_URLS=(
  "https://bitbucket.company.com/scm/MYPROJECT/backend.git"
  "https://bitbucket.company.com/scm/MYPROJECT/frontend.git"
  "https://bitbucket.company.com/scm/MYPROJECT/libs.git"
)

for url in "${REPO_URLS[@]}"; do
  name=$(basename "$url" .git)
  if [ ! -d "$name" ]; then
    git clone "$url" "$name"
  else
    echo "Already exists: $name"
  fi
done

You can also have the AI generate this script for you: “Generate a bash script that clones these repos into ~/workspace/myproject-repos.” Once the MCP server exposes repo listing, the assistant has the URLs and can produce the exact script for your target folder.

Getting Started

You’ll need a Bitbucket Server (or Data Center) instance and an MCP server implementation that speaks the Bitbucket API. Use a personal access token or app password with the right scopes (repositories, pull requests, read access). Configure the MCP server in your client (e.g. Cursor or another MCP-compatible tool), then try prompts like “list open PRs in project X” or “summarize the last commits on branch Y.” Start with read-only usage; once you’re comfortable, you can explore tools that create branches or comment on PRs if your setup supports it.

Security and Governance

The MCP server uses your Bitbucket credentials and respects existing permissions: the AI only sees what your token can access. Keep tokens scoped to the minimum needed (e.g. read-only for repos and PRs) and rotate them regularly. If you’re in a regulated environment, run the MCP server on-prem and allowlist the clients that can connect. That way you leverage AI for team lead workflows without widening the blast radius.