[codex] Sanitize Bitbucket API failures

[juliusmarminge]

Summary

• keep raw Bitbucket error response bodies out of domain messages
• retain HTTP status and response body length as structured diagnostics
• preserve response-body read failures as causes behind a stable message

Verification

• vp test apps/server/src/sourceControl/BitbucketApi.test.ts
• vp check
• vp run typecheck

---

Note

Low Risk
Narrow change to error formatting in the Bitbucket client; reduces credential leakage risk with a small behavioral change for anyone relying on body text in error detail.

Overview
Bitbucket HTTP error handling no longer surfaces raw response bodies in BitbucketApiError messages or detail, so API error payloads (which may contain secrets) are not leaked into logs or UI.

responseError now sets a generic detail (Bitbucket returned HTTP <status>.) and optional responseBodyLength instead of appending the body text. BitbucketApiError gains that structured field. When reading the error body fails, the failure is a dedicated BitbucketApiError with a stable detail string and the read error on cause, replacing the previous silent empty-body fallback.

New tests assert secrets stay out of message for both a 403 body and a failing response stream.

^{Reviewed by Cursor Bugbot for commit d0debd7. Bugbot is set up for automated code reviews on this repo. Configure here.}

Note

Sanitize Bitbucket API error responses to exclude response body content from diagnostics

• responseError in BitbucketApi.ts no longer includes the raw response body in BitbucketApiError.detail; instead it logs a generic "Bitbucket returned HTTP <status>." message and records responseBodyLength.
• If the response body cannot be read, the error now carries "Failed to read the Bitbucket error response body." as the detail with the underlying cause attached, rather than silently falling back to an empty string.
• Tests cover both cases: a 403 with a secret-containing body and a 502 with a stream read failure.
• Behavioral Change: callers that previously extracted error detail to surface response body content will now receive only the generic message and body length.

^{Macroscope summarized d0debd7.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 6cb93cfc-639d-4883-b651-a0cbd3018ca4

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/sanitize-bitbucket-api-errors

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Approvability

Verdict: Needs human review

This PR modifies security-sensitive error handling to prevent credential leakage in Bitbucket API error messages. While the change appears to be a security improvement, modifications affecting how sensitive data is handled in error paths warrant human verification.

^{You can customize Macroscope's approvability policy. Learn more.}