fix(auth): resolve host alias review follow-up

[vriesdemichael]

Summary

• enforce alias ownership during login saves so discovered aliases cannot be attached to multiple server contexts
• keep auth alias JSON outputs and stored server contexts on empty alias arrays instead of null values
• rebuild HTTPS clone fallback URLs from the canonical Bitbucket host after alias matches and cover the regression with targeted tests

Validation

• task quality:check

[Copilot]

Pull request overview

This PR tightens Bitbucket host alias handling in stored config and ensures CLI outputs consistently represent aliases as arrays, while fixing an HTTPS clone fallback regression when an SSH clone URL matches a stored host alias.

Changes:

• Enforce alias ownership checks during auth login saves, preventing the same alias from being associated with multiple stored server contexts.
• Normalize alias handling to prefer non-nil empty slices (and JSON empty arrays) over nil/null across config and CLI surfaces.
• Rebuild HTTPS clone fallback URLs using the canonical matched Bitbucket host after alias resolution, with targeted regression tests.

Reviewed changes

Copilot reviewed 6 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
internal/config/config.go	Adds alias-ownership enforcement to login saves; normalizes empty alias slices to non-nil.
internal/config/config_test.go	Expands coverage for alias conflicts during login and non-nil empty alias slice behavior.
internal/cli/repo_clone.go	Enhances stored-auth resolution to return canonical host and rebuild HTTPS clone base after alias match.
internal/cli/repo_clone_test.go	Adds regression tests for canonical-host HTTPS retry and base URL normalization.
internal/cli/cmd/auth/auth_test.go	Adds assertions that JSON outputs encode aliases as empty arrays (not null).
docs/quality/coverage.combined.scoped.out	Updates committed combined coverage artifact.
docs/quality/coverage-report.json	Updates committed coverage report metrics.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The decision to rebuild httpCloneURL only checks sameCloneHost(httpCloneURL, resolvedHTTPCloneHost), which ignores the URL path. If the canonical/stored Bitbucket URL includes a context path (e.g. https://host/context) but httpCloneURL was built without it (because normalizeHTTPCloneHost clears Path), this condition will be true and the rebuild will be skipped, producing an HTTPS clone URL missing the context path. Consider comparing normalized base URLs including the path (e.g., host endpoint + trimmed base path) and rebuild when the base path differs, not just when the host:port differs.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 88.88889% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.51%. Comparing base (d7d3aac) to head (2ac9861).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/cli/repo_clone.go	83.33%	3 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #141      +/-   ##
==========================================
- Coverage   83.00%   82.51%   -0.49%     
==========================================
  Files          78       78              
  Lines       15836    15833       -3     
==========================================
- Hits        13144    13065      -79     
- Misses       1950     1990      +40     
- Partials      742      778      +36     

Flag	Coverage Δ
combined_scoped	82.51% <88.88%> (-0.49%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.