pluralsh · michaeljguarino · Feb 22, 2026 · Feb 22, 2026
diff --git a/assets/src/generated/graphql.ts b/assets/src/generated/graphql.ts
@@ -1441,6 +1441,19 @@ export type BindingAttributes = {
   userId?: InputMaybe<Scalars['ID']['input']>;
 };
 
+/** Requirements for Bitbucket Data Center / Server authentication */
+export type BitbucketDatacenterAttributes = {
+  /** the user slug for Bitbucket Data Center / Server */
+  userSlug: Scalars['String']['input'];
+};
+
+/** Bitbucket Data Center / Server connection configuration */
+export type BitbucketDatacenterConfiguration = {
+  __typename?: 'BitbucketDatacenterConfiguration';
+  /** the user slug for Bitbucket Data Center / Server */
+  userSlug: Scalars['String']['output'];
+};
+
 /** A restricted token meant only for use in registering clusters, esp for edge devices */
 export type BootstrapToken = {
   __typename?: 'BootstrapToken';
@@ -4308,6 +4321,33 @@ export type GlobalServiceEdge = {
   node?: Maybe<GlobalService>;
 };
 
+/** ServiceNow configuration for a pr governance controller */
+export type GovernanceServiceNow = {
+  __typename?: 'GovernanceServiceNow';
+  /** additional attributes sent with change requests */
+  attributes?: Maybe<Scalars['Map']['output']>;
+  /** the change request model/type */
+  changeModel?: Maybe<Scalars['String']['output']>;
+  /** the ServiceNow instance URL */
+  url: Scalars['String']['output'];
+  /** ServiceNow API username */
+  username: Scalars['String']['output'];
+};
+
+/** ServiceNow configuration for a pr governance controller */
+export type GovernanceServiceNowAttributes = {
+  /** additional attributes to send with change requests */
+  attributes?: InputMaybe<Scalars['Json']['input']>;
+  /** the change request model/type */
+  changeModel?: InputMaybe<Scalars['String']['input']>;
+  /** ServiceNow API password */
+  password: Scalars['String']['input'];
+  /** the ServiceNow instance URL */
+  url: Scalars['String']['input'];
+  /** ServiceNow API username */
+  username: Scalars['String']['input'];
+};
+
 /** The webhook configuration for a pr governance controller */
 export type GovernanceWebhook = {
   __typename?: 'GovernanceWebhook';
@@ -7317,6 +7357,7 @@ export type PrGovernance = {
   id: Scalars['ID']['output'];
   insertedAt?: Maybe<Scalars['DateTime']['output']>;
   name: Scalars['String']['output'];
+  type: PrGovernanceType;
   updatedAt?: Maybe<Scalars['DateTime']['output']>;
 };
 
@@ -7326,19 +7367,28 @@ export type PrGovernanceAttributes = {
   /** the scm connection to use for pr generation */
   connectionId: Scalars['ID']['input'];
   name: Scalars['String']['input'];
+  /** the type of pr governance controller to use */
+  type: PrGovernanceType;
 };
 
 /** The configuration for a pr governance controller */
 export type PrGovernanceConfiguration = {
   __typename?: 'PrGovernanceConfiguration';
+  serviceNow?: Maybe<GovernanceServiceNow>;
   webhook?: Maybe<GovernanceWebhook>;
 };
 
 /** The settings for configuring a pr governance controller */
 export type PrGovernanceConfigurationAttributes = {
+  serviceNow?: InputMaybe<GovernanceServiceNowAttributes>;
   webhook?: InputMaybe<GovernanceWebhookAttributes>;
 };
 
+export enum PrGovernanceType {
+  ServiceNow = 'SERVICE_NOW',
+  Webhook = 'WEBHOOK'
+}
+
 export type PrHelmVendorSpec = {
   __typename?: 'PrHelmVendorSpec';
   /** the name of the chart to use */
@@ -11360,6 +11410,8 @@ export type ScmConnection = {
   azure?: Maybe<AzureDevopsConfiguration>;
   /** base url for git clones for self-hosted versions */
   baseUrl?: Maybe<Scalars['String']['output']>;
+  /** the Bitbucket Data Center / Server attributes for this connection */
+  bitbucketDatacenter?: Maybe<BitbucketDatacenterConfiguration>;
   default?: Maybe<Scalars['Boolean']['output']>;
   id: Scalars['ID']['output'];
   insertedAt?: Maybe<Scalars['DateTime']['output']>;
@@ -11376,6 +11428,7 @@ export type ScmConnectionAttributes = {
   apiUrl?: InputMaybe<Scalars['String']['input']>;
   azure?: InputMaybe<AzureDevopsAttributes>;
   baseUrl?: InputMaybe<Scalars['String']['input']>;
+  bitbucketDatacenter?: InputMaybe<BitbucketDatacenterAttributes>;
   default?: InputMaybe<Scalars['Boolean']['input']>;
   github?: InputMaybe<GithubAppAttributes>;
   name: Scalars['String']['input'];

diff --git a/charts/console-rapid/charts/controller-0.0.169.tgz b/charts/console-rapid/charts/controller-0.0.169.tgz
diff --git a/charts/console-rapid/charts/kas-0.3.1.tgz b/charts/console-rapid/charts/kas-0.3.1.tgz
diff --git a/charts/console/charts/controller-0.0.169.tgz b/charts/console/charts/controller-0.0.169.tgz
diff --git a/charts/console/charts/kas-0.3.1.tgz b/charts/console/charts/kas-0.3.1.tgz
diff --git a/charts/controller/crds/deployments.plural.sh_prgovernances.yaml b/charts/controller/crds/deployments.plural.sh_prgovernances.yaml
@@ -55,9 +55,67 @@ spec:
                   This includes webhook configurations, approval requirements, and other policy enforcement
                   mechanisms that control how pull requests are managed and processed.
                 properties:
+                  serviceNow:
+                    description: |-
+                      ServiceNow defines ServiceNow change request integration for PR governance.
+                      When set, PRs will require a ServiceNow change request to be opened and approved
+                      before merge. The password is read from the referenced Secret.
+                    properties:
+                      attributes:
+                        description: Attributes is optional JSON passed as additional
+                          attributes when creating change requests.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      changeModel:
+                        description: |-
+                          ChangeModel is the change request model/type (e.g. "Standard"). If empty, "Standard" is used.
+                          We currently support the built-in ILI4 models, such as Standard, Normal, and Emergency.
+                        type: string
+                      passwordSecretKeyRef:
+                        description: |-
+                          PasswordSecretKeyRef references a key in a Secret containing the ServiceNow API password.
+                          For namespaced PrGovernance the secret is read from the same namespace; for cluster-scoped
+                          PrGovernance set SecretNamespace to the namespace where the secret lives.
+                        properties:
+                          key:
+                            description: The key of the secret to select from.  Must
+                              be a valid secret key.
+                            type: string
+                          name:
+                            default: ""
+                            description: |-
+                              Name of the referent.
+                              This field is effectively required, but due to backwards compatibility is
+                              allowed to be empty. Instances of this type with an empty value here are
+                              almost certainly wrong.
+                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                            type: string
+                          optional:
+                            description: Specify whether the Secret or its key must
+                              be defined
+                            type: boolean
+                        required:
+                        - key
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      secretNamespace:
+                        description: SecretNamespace is the namespace of the secret
+                          referenced by PasswordSecretKeyRef.
+                        type: string
+                      url:
+                        description: Url is the ServiceNow instance URL (e.g. https://instance.service-now.com).
+                        type: string
+                      username:
+                        description: Username is the ServiceNow API username for authentication.
+                        type: string
+                    required:
+                    - passwordSecretKeyRef
+                    - url
+                    - username
+                    type: object
                   webhook:
                     description: |-
-                      Webhooks defines webhook integration settings for governance enforcement.
+                      Webhook defines webhook integration settings for governance enforcement.
                       This enables the governance controller to receive notifications about pull request
                       events and respond with appropriate policy enforcement actions such as requiring
                       additional approvals, running compliance checks, or blocking merges.
@@ -73,8 +131,6 @@ spec:
                     required:
                     - url
                     type: object
-                required:
-                - webhook
                 type: object
               connectionRef:
                 description: ConnectionRef references an ScmConnection to reuse its
@@ -148,8 +204,16 @@ spec:
                     example: 5m30s
                     type: string
                 type: object
+              type:
+                description: Type specifies the type of PR governance controller to
+                  use.
+                enum:
+                - WEBHOOK
+                - SERVICE_NOW
+                type: string
             required:
             - connectionRef
+            - type
             type: object
           status:
             description: |-

diff --git a/charts/controller/crds/deployments.plural.sh_scmconnections.yaml b/charts/controller/crds/deployments.plural.sh_scmconnections.yaml
@@ -75,6 +75,16 @@ spec:
                 description: BaseUrl is a base URL for Git clones for self-hosted
                   versions.
                 type: string
+              bitbucketDatacenter:
+                description: Settings for configuring Bitbucket Data Center / Server
+                  authentication
+                properties:
+                  userSlug:
+                    description: The user slug for Bitbucket Data Center / Server
+                    type: string
+                required:
+                - userSlug
+                type: object
               default:
                 type: boolean
               github:

diff --git a/charts/controller/crds/deployments.plural.sh_sentinels.yaml b/charts/controller/crds/deployments.plural.sh_sentinels.yaml
@@ -56,6 +56,10 @@ spec:
                             this check
                           properties:
                             cases:
+                              description: A list of custom test cases to run for
+                                this check.  These can provide yaml-configurable targeted
+                                cases of things like coredns, load balancers, pvcs,
+                                etc.
                               items:
                                 properties:
                                   coredns:

diff --git a/config/prod.exs b/config/prod.exs
@@ -70,7 +70,6 @@ config :console, Console.Cron.Scheduler,
     {"15 1 * * *",     {Console.Deployments.Cron, :prune_cluster_audit_logs, []}},
     {"0 * * * *",      {Console.Deployments.Cron, :prune_policy, []}},
     {"15 * * * *",     {Console.Deployments.Cron, :prune_vuln_reports, []}},
-    {"*/15 * * * *",   {Console.Deployments.Cron, :pr_governance, []}},
     {"15 3 * * *",     {Console.Deployments.Cron, :prune_dangling_templates, []}},
     {"30 3 * * *",     {Console.Deployments.Cron, :prune_insight_components, []}},
     {"0 4 * * *",      {Console.Deployments.Cron, :prune_helm_repositories, []}},