* refactor: update headerList methods and translations for consistency
- Renamed methods in req.headerList and res.headerList from 'forEach' to 'each' for consistency with the new API.
- Updated method translations in the Postman converters to reflect the new method names: 'append' to 'add', 'set' to 'upsert', and 'delete' to 'remove'.
- Adjusted related tests to ensure they validate the new method names and functionality.
- Removed deprecated test cases for 'append' and 'set', replacing them with tests for 'add' and 'upsert'.
- Enhanced documentation to clarify the changes in method names and their usage.
* test: add new tests for HeaderList methods and behavior
- Introduced tests to verify that the 'idx' property is undefined in HeaderList, ensuring compliance with the updated API.
- Added tests to confirm that positional methods (prepend, insert, insertAfter) do not exist in HeaderList, reflecting the recent refactor.
- Implemented a test to check that the two-argument form of the 'add' method correctly overwrites existing headers, enhancing the robustness of header management tests.
* refactor: remove 'idx' method from headerList and update related tests
- Eliminated the 'idx' method from both req.headerList and res.headerList to streamline header management.
- Updated associated tests and documentation to reflect the removal, ensuring clarity in the API usage and maintaining consistency across the header management system.
* refactor: block unimplemented HeaderList methods with error messages
- Added error handling for unimplemented methods in HeaderList, including idx, add, upsert, remove, each, prepend, insert, and insertAfter.
- Each method now throws a descriptive error indicating the appropriate alternative methods to use, enhancing clarity in the API and guiding users towards correct usage.
* refactor: update error message in idx() method of HeaderList for clarity
- Modified the error message in the idx() method to guide users towards using all()[index] or get(name) instead of the unsupported idx() method, enhancing the clarity of the API documentation.
* refactor: update HeaderList to extend ReadOnlyPropertyList and remove unimplemented methods
- Changed HeaderList to extend ReadOnlyPropertyList instead of PropertyList, streamlining its functionality.
- Removed unimplemented methods (prepend, insert, insertAfter) from HeaderList, clarifying the API and guiding users towards using supported methods.
- Updated related tests to reflect these changes, ensuring consistency and accuracy in header management.
* test: add translations for pm.request.headers methods in request tests
- Introduced new tests to validate the translation of pm.request.headers methods (prepend, insert, insertAfter) to their corresponding req.headerList.append method.
- Enhanced existing tests to ensure accurate conversion and functionality of header management in the Bruno converters.
* feat: enhance header translation methods for pm.request.headers
- Added translations for additional pm.request.headers methods (get, has, one, all, count, indexOf, find, filter, each, map, reduce, toObject, clear) to their corresponding req.headerList methods.
- Updated tests to validate the new translations and ensure accurate header management functionality in the Bruno converters.
* feat: introduce HeaderList for dynamic header management in BrunoRequest and BrunoResponse
- Implemented HeaderList to provide a dynamic API for managing request headers, allowing real-time reflection of changes.
- Updated BrunoRequest and BrunoResponse to utilize HeaderList for header access, enhancing consistency and usability.
- Added a headers proxy to maintain backward compatibility with existing header access patterns.
- Introduced tests for HeaderList to ensure functionality and reliability across various header operations.
* refactor: update createHeadersProxy to accept a getter function for raw headers
- Modified createHeadersProxy to allow passing a function that retrieves raw headers, enhancing flexibility in header management.
- Updated HeaderList to utilize the new getter function, ensuring consistent behavior when headers are modified.
- Added a test to verify that bracket access reflects changes made via BrunoRequest.setHeaders.
* refactor: enhance headers proxy and syncWriteMethods for improved header management
- Updated createHeadersProxy to clarify precedence of PropertyList methods over header names in bracket access.
- Expanded syncWriteMethods in bruno-request shim to include additional methods for better header manipulation.
- Implemented a custom remove method in property-list-bridge to handle function predicates in-VM, improving the native bridge's functionality.
* refactor: update header management in BrunoRequest and BrunoResponse
- Renamed `req.headers` to `req.headerList` for improved clarity and consistency in header operations.
- Enhanced `HeaderList` to support both dynamic and static modes for header management.
- Updated shims for `req` and `res` to reflect the new header access patterns.
- Modified tests to validate the new header access methods and ensure backward compatibility with raw headers.
* refactor: enhance header translation methods for BrunoRequest and BrunoResponse
- Added comprehensive translations for `req.headerList` and `res.headerList` methods to their respective Postman equivalents, improving consistency in header management.
- Updated tests to validate the new translation methods, ensuring accurate conversion between Bruno and Postman header operations.
- Enhanced existing tests to cover additional header manipulation scenarios, reinforcing the reliability of the header management system.
* refactor: streamline headerList implementation in BrunoRequest and BrunoResponse
- Replaced lazy initialization of `headerList` with direct instantiation in both classes for improved performance and clarity.
- Removed redundant getter methods for `headerList`, simplifying the API.
- Updated tests to reflect changes in headerList instantiation and ensure proper functionality.
* refactor: remove header proxy
* feat: add comprehensive headerList tests for request and response
- Introduced multiple test files for `req.headerList` and `res.headerList` methods, covering various operations such as add, remove, clear, populate, and search methods.
- Implemented tests for both dynamic and read-only scenarios, ensuring robust validation of header management functionalities.
- Enhanced existing headerList methods with detailed assertions to improve reliability and maintainability of the header management system.
* feat: expand STATIC_API_HINTS with additional headerList methods for req and res
- Added a comprehensive list of methods for `req.headerList` and `res.headerList` to enhance autocomplete functionality.
- Included various operations such as get, add, remove, and manipulation methods to improve developer experience and usability.
* feat: implement support for disabled headers in headerList
- Added functionality to track disabled headers in `req.headerList` and `res.headerList`, allowing for better management of header states.
- Updated the `prepareRequest` and `prepareGrpcRequest` functions to include a `disabledHeaders` property.
- Enhanced the `HeaderList` class to handle disabled headers, including methods to filter, count, and retrieve them.
- Introduced tests to validate the behavior of disabled headers, ensuring they are correctly included in the header list while being excluded from raw headers.
* feat: enhance HeaderList with case-insensitive key lookups and improved toObject method
- Implemented case-insensitive key lookups for methods such as get, one, has, and indexOf in HeaderList.
- Updated toObject method to support options for excluding disabled headers, handling duplicate keys, and skipping headers with falsy keys.
- Modified toString method to return headers in HTTP wire format, improving consistency with standard practices.
- Added comprehensive tests to validate new functionalities, ensuring robust header management and accurate behavior for both enabled and disabled headers.
* feat: add context binding to iteration methods in HeaderList
- Enhanced iteration methods (each, filter, find, map, reduce) in HeaderList to accept an optional context parameter, allowing for better control over the `this` binding in callback functions.
- Updated the remove method to support context binding for function predicates.
- Added comprehensive tests to validate the new context binding functionality across various iteration methods, ensuring robust header management.
* feat: enhance HeaderList with new methods for string handling and object support
- Added support for accepting an object with a key property in the `has` method, improving header existence checks.
- Updated `add` and `populate` methods to accept "Key: Value" strings and multi-line header strings, enhancing flexibility in header management.
- Modified `toString` method to ensure a trailing newline in the output, aligning with HTTP wire format standards.
- Introduced comprehensive tests to validate new functionalities, ensuring robust header management and accurate behavior for various input types.
* feat: enhance header management with support for disabled headers and context binding
- Updated `mergeHeaders` function to preserve disabled headers from the request item, improving header state management.
- Modified `addBrunoRequestShimToContext` and `addBrunoResponseShimToContext` to wrap eval code in blocks, preventing redeclaration conflicts.
- Enhanced iteration methods in `property-list-bridge` to support context binding, allowing for better control over `this` in callbacks.
- Added comprehensive tests for `req.headerList` and `res.headerList` to validate new functionalities and ensure robust header management.
* feat: improve header merging to preserve disabled headers from request items
- Enhanced the `mergeHeaders` function to retain disabled headers from the last entry in the request tree path, ensuring better management of header states.
- Updated the logic to include disabled headers while merging, improving the overall functionality of header management.
* feat: update header merging logic to consistently handle disabled headers
- Refactored the `mergeHeaders` function to utilize a separate array for disabled headers, ensuring they are preserved during the merging process.
- Simplified the logic for merging headers by directly combining enabled and disabled headers into the request object, enhancing clarity and maintainability.
* refactor: update disabled headers handling in mergeHeaders function
- Changed the implementation of disabled headers from an array to a Map for better performance and consistency.
- Updated the logic in the `mergeHeaders` function to ensure disabled headers are correctly merged into the request object.
- Enhanced tests to validate the handling of disabled headers, including new scenarios for folder-level and request-level overrides.
* feat: enhance mergeHeaders function to support optional inclusion of disabled headers
- Updated the `mergeHeaders` function to accept an options parameter, allowing for the inclusion of disabled headers in the merged result.
- Modified the logic to handle disabled headers more effectively, ensuring they can be returned based on the provided options.
- Adjusted calls to `mergeHeaders` in various modules to utilize the new functionality, improving header management consistency across the application.
* refactor: remove disabledHeaders from prepareGrpcRequest function
- Eliminated the handling of disabledHeaders in the prepareGrpcRequest function to streamline header management.
- Updated the headers processing logic to focus solely on enabled headers, enhancing clarity and reducing complexity.
* feat: add translations for req.headerList and res.headerList methods
- Introduced new tests to translate methods from req.headerList and res.headerList to their corresponding pm.request.headers and pm.response.headers methods.
- Added translations for methods: one, find, toObject, and upsert, enhancing the functionality of the header management system.
* docs: update HeaderList method aliases and add clarification notes
- Enhanced documentation for `prepend`, `append`, `insert`, and `insertAfter` methods to clarify that they are aliases for `add()` and include a note on the lack of support for ordering and duplicates.
- Updated method comments to reflect the internal handling of headers as a plain object, ensuring better understanding of header management behavior.
* fix: remove duplicate headerList initialization in BrunoRequest class
- Eliminated redundant initialization of headerList in the BrunoRequest constructor, ensuring cleaner code and preventing potential issues with header management.
- This change simplifies the constructor logic while maintaining the intended functionality of the headerList.
* refactor: remove unimplemented headerList methods and update documentation
- Removed the unimplemented methods `prepend`, `append`, `insert`, and `insertAfter` from the headerList, ensuring clarity in the API.
- Updated documentation to reflect that these methods are not implemented and provide guidance to use `add()` or `upsert()` instead.
- Adjusted tests to verify that calls to these methods throw appropriate not-implemented errors, enhancing the robustness of header management.
* refactor: remove unused headerList append method from pre-request script
- Eliminated the call to `req.headerList.append()` in the pre-request script, streamlining the header management process.
- This change aligns with the recent refactor to remove unimplemented methods, ensuring clarity and consistency in the API usage.
* test: update error messages for unimplemented headerList methods
- Changed error messages in tests for `append`, `prepend`, `insert`, and `insertAfter` methods to indicate they are "not yet implemented" instead of "not implemented".
- This update improves clarity in the test outputs, aligning with the current state of the headerList API.
* refactor: remove unimplemented headerList methods and update related tests
- Eliminated the unimplemented methods `prepend`, `append`, `insert`, and `insertAfter` from the HeaderList class and corresponding tests, clarifying the API usage.
- Updated the documentation to guide users towards using `add()` or `upsert()` instead.
- Adjusted tests to remove references to these methods, ensuring they accurately reflect the current state of the headerList API.
* refactor: update HeaderList to accept raw request and response objects
- Modified the HeaderList class to accept the raw request and response objects directly, simplifying the initialization process.
- Updated the BrunoRequest and BrunoResponse classes to reflect this change, ensuring consistent handling of headers.
- Enhanced internal methods to utilize the new structure, improving clarity and maintainability of the header management system.
* refactor: enhance HeaderList header management and update tests
- Updated HeaderList to track removed headers for axios interceptor, improving header casing handling.
- Added new syncWriteMethods to the BrunoResponse shim for better integration.
- Enhanced tests to verify the correct tracking of deleted headers and updated expectations for header management functionality.
* refactor: update header translations and improve HeaderList methods
- Removed unused 'idx' translations from both bruno-to-postman and postman-to-bruno translators to streamline header management.
- Enhanced the HeaderList class to skip existing keys when populating headers, ensuring that current values are preserved.
- Updated tests to reflect the new behavior of the populate method, verifying that existing headers are not overwritten and adjusting expectations accordingly.
* refactor: update headerList.populate behavior and adjust tests
- Modified the req.headerList.populate method to add new headers while preserving existing ones, ensuring that current values are not overwritten.
- Updated the associated test to reflect this new behavior, verifying that existing headers remain intact and new headers are correctly added.
* refactor: update HeaderList methods and translations for consistency
- Renamed `each` method to `forEach` in HeaderList for consistency with standard JavaScript array methods.
- Updated header management methods: replaced `add` with `append`, `upsert` with `set`, and `remove` with `delete` to better reflect their functionality.
- Enhanced translations in bruno-to-postman and postman-to-bruno converters to align with the new method names.
- Adjusted tests to verify the new method names and ensure correct header management behavior.
* refactor: remove unused headerList methods and update related shims
- Removed the `entries`, `keys`, and `values` methods from the HeaderList class to streamline the API and eliminate unused functionality.
- Updated the `bruno-request` and `bruno-response` shims to reflect the removal of these methods, ensuring consistency in header management.
- Adjusted tests to remove references to the deleted methods, maintaining alignment with the current state of the headerList API.
* fix: ensure re-added headers are removed from __headersToDelete
- Updated the HeaderList class to remove headers from the __headersToDelete array when they are re-added, preventing incorrect header deletion behavior.
- Added tests to verify that re-added headers do not remain in __headersToDelete and that their values are correctly set in the raw request headers.
Assigning `defaults.headers.common = { 'User-Agent': ... }` replaced the
entire common headers object, nuking axios's built-in default:
Accept: application/json, text/plain, */*
This caused servers relying on content-negotiation to receive requests
with no Accept header. Fix by extending the existing object with a
property assignment instead.
Add regression tests for both electron and CLI axios instances verifying
that Accept is preserved and User-Agent is set correctly.
Co-authored-by: Pragadesh-45 <temporaryg7904@gmail.com>
* Enhance JSON schema validation by integrating ajv-formats for additional format support in tests and runtime assertions.
* fix: update pre-request script to stop execution instead of running it
* fix: ensure newline at end of file in pre-request script for ping.bru
* refactor: update JSON schema validation tests to assert rejection of invalid formats
* refactor: streamline JSON schema validation by using a default AJV instance and enhance tests for various ajvOptions scenarios
* refactor: update JSON schema tests to use more descriptive property names and improve error handling for invalid formats
* feat: add support for Draft-07 JSON Schema validation and improve error handling for unsupported schema versions
* fix: improve error message for unsupported JSON Schema versions in runtime assertions and tests
* feat: enhance jsonBody translation handling in Postman to Bruno converter
* feat: implement jsonBody assertion for Postman compatibility and enhance translation handling
- Added custom Chai assertion for jsonBody to validate JSON structures, including deep equality and nested properties.
- Updated Postman to Bruno translation logic to utilize the new jsonBody assertion, improving the handling of response validations.
- Enhanced test coverage for jsonBody translations, including positive and negative cases for nested properties and deep equality checks.
* feat: enhance jsonBody assertion translations for Postman compatibility
- Added translations for `pm.response.not.to.have.jsonBody` and `pm.response.to.have.not.jsonBody` to the Postman to Bruno converter.
- Updated tests to cover new translation cases, ensuring proper handling of negation scenarios for JSON body assertions.
- Enhanced existing jsonBody assertion logic to support new translation patterns, improving overall compatibility with Postman syntax.
* feat: add advanced path parsing for jsonBody assertions
- Introduced a new `parsePath` function to handle various property path formats, including dot notation, numeric brackets, and quoted keys.
- Updated the `getNestedValue` function to utilize the new path parsing logic, enhancing the robustness of jsonBody assertions.
- Expanded test cases to cover a wide range of scenarios, including edge cases for bracket notation and keys with special characters.
* docs: add examples for parsePath function in jsonBody assertions
- Enhanced documentation for the `parsePath` function by including examples of various property path formats.
- Updated comments in both `assert-runtime.js` and `test.js` to clarify the handling of dot notation, numeric brackets, and quoted keys.
* fix: improve path handling in assertions for quoted keys
- Updated condition checks in `assert-runtime.js` and `test.js` to ensure proper handling of quoted keys in path parsing.
- Enhanced robustness of the path parsing logic to prevent potential out-of-bounds errors.
* feat: add JSON Schema validation support with custom chai assertion
- Introduced a new custom assertion for JSON Schema validation in chai, allowing users to validate response bodies against defined schemas.
- Updated the postman translation logic to translate `pm.response.to.have.jsonSchema` to the new assertion format.
- Enhanced tests to cover various scenarios for JSON Schema validation, ensuring accurate translations and functionality.
- Updated package dependencies to include the latest versions of relevant libraries.
* refactor: enhance JSON Schema validation assertion and add comprehensive test cases
* chore: add @rollup/plugin-json dependency and enhance JSON Schema validation tests
- Added @rollup/plugin-json as a development dependency in package.json and package-lock.json.
- Introduced new test cases for JSON Schema validation, covering various scenarios including valid schema matching, type mismatches, and required field checks.
- Updated existing assertions to utilize the new validation capabilities.
* refactor: streamline JSON Schema validation with default Ajv instance
- Updated the custom chai assertion for JSON Schema validation to utilize a default Ajv instance, improving consistency and reducing redundancy in the code.
- Enhanced the error messages in the assertion to include the actual data being validated, providing clearer feedback during validation failures.
* refactor: improve error messaging in JSON Schema validation assertion
- Enhanced the custom chai assertion for JSON Schema validation to provide clearer error messages by including a stringified version of the data being validated, improving feedback during validation failures.
* refactor: simplify Ajv instance creation in JSON Schema validation
- Removed the default Ajv instance and streamlined the creation of Ajv instances in the custom chai assertion for JSON Schema validation, ensuring consistent handling of ajvOptions across the codebase.
* feat: add support for negated JSON Schema assertions in Postman translations
- Introduced translations for `pm.response.to.not.have.jsonSchema`, `pm.response.not.to.have.jsonSchema`, and `pm.response.to.have.not.jsonSchema` to the new assertion format using `expect`.
- Enhanced the translation logic to handle these new patterns and added corresponding test cases to ensure accurate functionality.
- Updated existing tests to cover various scenarios for negated assertions, improving overall test coverage for JSON Schema validation.
* fix: improve error handling in JSON Schema validation assertions
- Added error handling for JSON schema compilation in the custom chai assertion, ensuring that any compilation errors are caught and reported with a clear message.
- Updated tests to verify that malformed schemas correctly trigger assertion errors, enhancing the robustness of JSON Schema validation.
* fix: update system proxy fetching to use finally (#7652)
* fix: update system proxy fetching to use finally for improved reliability
* Update packages/bruno-electron/src/index.js
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix: allow file selection in multipart form without entering a key first (#7640)
* fix: close previous SSE connection before sending new request
When resending an SSE (Server-Sent Events) request using Cmd+Enter,
the previous connection was not being closed, causing connection leaks.
Changes:
- Add SSE cancellation logic to sendRequest action - checks for running
stream and cancels it before sending new request
- Add return to cancelRequest action to make it properly chainable
- Simplify RequestTabPanel by removing duplicate cancel logic (now
handled centrally in sendRequest)
- Add SSE endpoints to test server for e2e testing
- Add Playwright e2e test to verify SSE connection cancellation
* fix: address PR review feedback for SSE connection cancellation
- Use platform-aware modifier (Meta on macOS, Control on Linux/Windows)
instead of hardcoded Meta+Enter for cross-platform CI compatibility
- Replace waitForTimeout with expect.poll for deterministic assertions
- Remove dead try/catch around cancelRequest (errors already swallowed
by cancelRequest's internal .catch)
* fix: updated the test to check of connectionIds
---------
Co-authored-by: Sid <siddharth@usebruno.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Pooja <pooja@usebruno.com>
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
* chore: pin axios version
* limit it to the max mentioned by the repo
* chore: pin to 1.13.6
* chore: pin transitive
* chore: update axios version to 1.13.6
* chore: min release age for deps
* feat(cookies): add direct cookie access methods and update translations
- Introduced new methods for direct cookie access: `bru.cookies.get`, `bru.cookies.has`, and `bru.cookies.toObject`.
- Updated translation mappings in `bruno-to-postman-translator` and `postman-to-bruno-translator` to support these new methods.
- Enhanced tests to verify correct translation between `bru` and `pm` cookie methods, including mixed usage scenarios.
- Updated `Bru` class to handle cookie access based on the current request URL.
* feat(cookies): enhance cookie management with new methods and refactor
- Added new cookie methods: `toString`, `clear`, `delete`, `one`, `all`, `idx`, `count`, `indexOf`, `find`, `filter`, `each`, `map`, and `reduce` to `bru.cookies`.
- Refactored `Bru` class to utilize a new `CookieList` for cookie management, improving structure and readability.
- Updated translation mappings in `bruno-to-postman-translator` and `postman-to-bruno-translator` to include new cookie methods.
- Introduced `PropertyList` and `ReadOnlyPropertyList` classes for better data structure management.
- Enhanced tests for comprehensive coverage of new cookie functionalities and their interactions.
* docs(readonly-property-list): clarify array usage in constructor comments
* feat(cookies): add direct cookie manipulation tests and methods
* feat(cookies): add hasCookie method for checking cookie existence
* fix
* refactor(cookies): simplify cookie method translations
* feat(cookies): expand cookie API with new methods and tests
- Added new cookie methods: `get`, `has`, `toString`, `clear`, `upsert`, `remove`, `idx`, and `indexOf` to enhance cookie management.
- Updated translation mappings for `bru.cookies` to include new methods in `bruno-to-postman-translator` and `postman-to-bruno-translator`.
- Introduced tests for new methods and their interactions, ensuring comprehensive coverage of cookie functionalities.
- Enhanced existing tests to validate correct behavior of cookie methods across different scenarios.
* refactor(cookies): update CookieList to extend PropertyList and improve error handling
* test(cookies): add regression tests for jar and direct cookie patterns
- Introduced regression tests to ensure that jar patterns are correctly prioritized over direct cookie access patterns in translations.
- Updated `CookieList` to extend `ReadOnlyPropertyList` instead of `PropertyList`, clarifying its functionality.
- Refactored cookie method handling in the `bru` shim to utilize a new asynchronous bridge for improved error handling and consistency.
* refactor(cookies): update translations and remove PropertyList
- Enhanced comments in `postman-translations.js` to clarify the order of cookie jar translations.
- Updated `cookie-list.js` comments to better describe the factory function for the cookie jar.
- Removed the `PropertyList` class and its associated tests, streamlining the codebase and focusing on `ReadOnlyPropertyList` and `CookieList` for cookie management.
* fix(cookies): normalize tough-cookie objects and improve remove method comments
- Updated `CookieList` to normalize tough-cookie instances to plain objects, preventing circular references and exposing internal structures.
- Enhanced comments in the `remove` method to clarify behavior when removing non-existent or empty-named cookies.
* test(cookies): update tests to use async/await for consistency
* test(cookies): use async/await in cookie tests for consistency
* refactor(readonly-property-list): update get and reduce methods for improved behavior
* fix(cookies): update cookie method signature in autocomplete hints and enhance translation comments
- Modified the autocomplete hint for `bru.cookies.has` to include the new signature with an optional value parameter.
- Improved comments in `postman-translations.js` to clarify the order of cookie jar translation patterns for better understanding.
* refactor(cookies): introduce PropertyList for enhanced cookie management
* refactor(property-list): simplify repopulate method and enhance item handling logic
* feat(cookies): implement PropertyList bridge for enhanced cookie management
- Introduced a new `createPropertyListBridge` utility to streamline the integration of cookie methods into the QuickJS VM.
- Replaced the previous async cookie bridge with a more flexible approach, allowing for both synchronous and asynchronous cookie operations.
- Added comprehensive tests to validate the functionality of the new cookie methods in both developer and safe modes.
- Updated existing cookie tests to ensure compatibility with the new PropertyList structure.
* fix(tests): correct expected passed requests in cookie tests
- Updated the expected number of passed requests in the cookie tests from 34 to 6 to reflect the correct validation results.
- Ensured consistency in test assertions across multiple test cases for the PropertyList API.
* fix(cookies): update cookie URLs to use localhost for testing
- Changed all cookie-related test scripts to use `{{localhost}}` instead of `{{host}}` for the ping URL, ensuring consistency in local testing environments.
- Updated the cookie test suite to reflect the new URL structure, enhancing the reliability of the tests.
- Removed outdated cookie test files to streamline the test suite.
* refactor(cookies): standardize cookie handling with localhost variable
- Updated cookie test scripts to utilize the `{{localhost}}` variable for setting and retrieving cookies, ensuring consistency across tests.
- Enhanced clarity in comments regarding cookie behavior for different domains.
- Improved test assertions to validate cookie management functionality more effectively.
* refactor(property-list, readonly-property-list): update methods to use private class fields
* feat(cookies): enhance CookieList API with detailed documentation and method improvements
- Updated the `CookieList` class to provide comprehensive documentation on cookie management methods, including `add`, `upsert`, `remove`, and `delete`.
- Improved method signatures to support both callback and Promise-based usage for asynchronous operations.
- Added detailed descriptions for read and write methods, including examples and expected behavior.
- Enhanced the integration of the `CookieList` with the QuickJS VM by updating the property list bridge to include `toJSON` in sync read object methods.
* feat(cookies): add detailed examples and improve async bridge documentation
- Enhanced the `createPropertyListBridge` function documentation with comprehensive examples for setting up cookie methods in QuickJS.
- Clarified the two-phase setup process for async write methods, detailing the registration of bridge functions and the generation of JavaScript code for method wrappers.
- Added a new test case for the `toJSON()` method to ensure it returns a cloned array of all cookies, validating the expected structure and properties.
* fix(assert-runtime): correct syntax error in response parser assignment
- Added a semicolon at the end of the response parser assignment to ensure proper syntax in the AssertRuntime class.
* feat: add OAuth 1.0 authentication support
Add full OAuth 1.0 (RFC 5849) authentication with support for
HMAC-SHA1/256/512, RSA-SHA1/256/512, and PLAINTEXT signature methods.
Includes UI components, bru/yml serialization, Postman import, code
generation, CLI support, and comprehensive playwright and unit tests.
* test: replace real-looking PEM literals with fake markers in oauth1 tests
Avoid tripping secret scanners by using obviously fake BEGIN/END markers
and non-sensitive base64 content in serialization and round-trip tests.
* fix: remove invalid OAuth1 placeholder header from code generator
OAuth1 requires runtime-computed nonce, timestamp, and signature that
cannot be pre-computed for a static code snippet. Return an empty array
instead of emitting an Authorization header with literal <signature>,
<timestamp>, <nonce> placeholders.
* fix: remove unreachable oauth1 case from WSAuth component
The oauth1 switch branch was dead code since it was not in
supportedAuthModes and the useEffect would reset it to 'none'
before it could render.
* fix: remove unused collectionPath param and use path.basename for filename extraction
* refactor: rename OAuth1 fields for clarity
- tokenSecret → accessTokenSecret
- signatureMethod → signatureEncoding
- addParamsTo value 'queryparams' → 'query'
* refactor: rename addParamsTo to placement in OAuth1 auth
* fix: add missing oauth1: null in buildOAuth2Config and upgrade @opencollection/types to 0.9.0
* test: add oauth1 import tests and fix missing oauth1: null in auth assertions
* ci: add auth playwright tests workflow for Linux, macOS, and Windows
* refactor: rename signatureEncoding to signatureMethod and fix timeline race condition
- Rename OAuth1 signatureEncoding to signatureMethod across all packages
- Fix timeline showing "No Headers/Body found" when request-sent IPC event
arrives after response by retroactively updating the timeline entry
- Store requestUid in timeline entries for precise matching
- Correct timeline entry timestamp on retroactive update for proper sort order
* ci: add OAuth1 CLI tests and reorganize auth actions under oauth1/
- Add CLI tests that run full BRU and YML collections via bru run
- Add start-test-server actions for Linux, macOS, and Windows
- Move auth e2e and setup actions under auth/oauth1/ directory
- Fix Windows Playwright failures caused by unescaped backslashes in collectionPath template variable
* ci: reorder auth tests to run E2E tests before CLI tests
* ci: start test server after E2E tests to fix port 8081 conflict
* fix: preserve user-defined boundary in multipart/mixed Content-Type header
When users specify a boundary parameter in their Content-Type header for
multipart/mixed requests with TEXT body mode, Bruno now preserves the
user-defined boundary instead of generating a new one.
Fixes: https://github.com/usebruno/bruno/issues/7523
* updated the test to use local server and changed the request method to GET
* fix: handle quoted boundary values in Content-Type header extraction
---------
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
* refactor: comment out unused API hints in autocomplete.js
* refactor: comment out unused API translations in postman and bruno translators
Temporarily disable certain API translations due to UI update issues affecting their functionality. A note has been added to restore these translations once the UI fixes are implemented.
* refactor: temporarily skip tests for collection variable translations due to UI update issues
Commented out tests related to `setCollectionVar`, `deleteCollectionVar`, and related functionalities until the necessary UI updates are implemented. A note has been added to restore these tests once the fixes are live.
* refactor: comment out variable deletion and retrieval methods due to UI sync issues
* revert: ping.bru
* refactor: update postman translation tests to enable previously skipped cases
* feat(): support multipart mixed
fix: support vars interpolation on mixed multi-part
Update packages/bruno-electron/src/ipc/network/interpolate-vars.js
Co-authored-by: Timon <39559178+Its-treason@users.noreply.github.com>
refactor: use startsWith
feat: best effort for other multipart/* contentypes
* feat: enhance variable interpolation for multipart requests
- Updated `interpolateVars` function to support interpolation in multipart/form-data and multipart/mixed requests.
- Added handling for empty multipart arrays and parts with missing or undefined values.
- Improved type checks for content types to ensure proper interpolation behavior.
Includes new tests to validate the interpolation functionality for multipart requests.
* fix: normalize error handling in sendRequest and improve test reliability
---------
Co-authored-by: Alfonso Presa <alfonso-presa@users.noreply.github.com>
* fix: isJson assertion fails after res.setBody() with object in node-vm
Objects created inside Node's vm.createContext() have a different Object
constructor than the host realm. When res.setBody() is called with a JS
object from a script, _.cloneDeep preserves the cross-realm prototype,
causing obj.constructor === Object to fail in the isJson assertion.
Replace with Object.prototype.toString.call() which is cross-realm safe.
* fix: register isJson chai assertion in QuickJS test runtime
The bundled chai in QuickJS only exposes { expect, assert } via
requireObject — no Assertion class. Access the prototype through
Object.getPrototypeOf(expect(null)) and use Object.defineProperty
to register the json property directly.
* fix: enable assertion chaining on isJson in QuickJS runtime
The QuickJS isJson property getter was missing `return this`, preventing
chai assertion chaining (e.g. expect(body).to.be.json.and...).
* feat: add support for new variable management functions in Bruno
- Implemented methods to retrieve and delete all environment and global variables.
- Added corresponding translations for new functions in Postman and Bruno converters.
- Updated request handling to include header deletion functionality.
- Enhanced test cases to cover new variable management features.
* feat: add new scripts for environment and global variable management
- Introduced scripts to delete all environment and global variables.
- Added functionality to retrieve all environment and global variables.
- Implemented tests to validate the behavior of new variable management features.
* feat: implement collection variable management in Bruno
- Added methods for managing collection variables: set, get, has, delete, and retrieve all.
- Updated Postman translation functions to reflect new collection variable methods.
- Enhanced tests to validate the functionality of collection variable management.
- Refactored existing code to replace environment variable references with collection variable equivalents.
* feat: enhance collection variable translations in Bruno
- Updated translation functions for collection variable management to align with Postman API.
- Added tests for new collection variable methods: set, has, delete, retrieve all, and clear.
- Refactored existing tests to ensure accurate translation of collection variable operations.
* feat: expand API hints for variable management in Bruno
* fix: test cases
* fix: remove unnecessary return in deleteEnvVar function
* feat: add translations for direct cookie access methods
- Implement translations for pm.cookies.has, pm.cookies.get, and pm.cookies.toObject to their corresponding bru.cookies methods.
- Enhance the postman-to-bruno translator to handle these new cookie access patterns.
- Add unit tests to verify the correct conversion of cookie access methods in various scenarios.
* refactor: simplify optional member expression handling in postman-to-bruno translator
- Streamlined the code for handling optional member expressions in the translation of cookie access methods.
- Updated unit test to verify the correct output format for pm.cookies.toObject() conversion.
* refactor: enhance handling of await expressions in cookie translations
- Updated the postman-to-bruno translator to wrap await expressions in parentheses for improved clarity and consistency.
- Adjusted unit tests to reflect the new output format for cookie access methods, ensuring accurate translation of pm.cookies.get calls.
* refactor: update cookie access translations to use hasCookie method
- Modified translations for pm.cookies.has to utilize the new bru.cookies.hasCookie method for improved clarity and functionality.
- Updated related unit tests to reflect changes in expected output for cookie existence checks.
- Added new tests to validate the behavior of the hasCookie method in various scenarios.
* fix(node-vm): scripting context and module resolution issues
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): use vm.createContext for true isolation and fix prototype mismatches
- Replace vm.compileFunction with vm.createContext + runInContext for true isolation
- Remove ECMAScript built-ins from safeGlobals (VM provides its own versions)
- This fixes prototype chain mismatches that broke libraries like @faker-js/faker
- Add sanitized process object (allows env, blocks exit/kill)
- Add global/globalThis pointing to isolated context (not host)
- Extract safe globals to constants.js for maintainability
- Remove typed-arrays mixin (VM provides TypedArrays)
- Add comprehensive isolation tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): remove process, add Error types and TypedArrays mixin, add jose test
- Remove process object from script context (security hardening)
- Remove createSanitizedProcess function from constants.js
- Add Error types to safeGlobals for instanceof checks with host errors
- Add TypedArrays mixin for host API compatibility (TextEncoder, crypto, Buffer)
- Add jose library and test for JWT sign/verify functionality
- Update tests to reflect process removal
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): handle circular dependencies and failed module caching
- Pre-populate module cache before execution to support circular requires
- Cache moduleObj instead of moduleObj.exports to handle module.exports reassignment
- Remove failed modules from cache to allow retry
- Add test for circular dependency handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): spread all context properties in buildScriptContext
Instead of explicitly listing each context property, spread all
properties from the context input to support future additions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): add filtered process object to script context
Expose a sanitized process object with only safe read-only properties
(argv, version, arch, platform, pid, features) while keeping env empty
for security.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test(node-vm): add comprehensive tests for Node.js builtins
Add 18 test files for Node.js builtin APIs in developer sandbox mode:
- Buffer, URL, TextEncoder/TextDecoder, btoa/atob
- Web Crypto API and node:crypto module
- Timers (setTimeout, setInterval, setImmediate, queueMicrotask)
- Fetch API (Request, Response, Headers, FormData, Blob)
- Intl formatters, JSON, Events (Event, EventTarget, CustomEvent)
- Node modules: fs, path, os, util, stream, zlib, querystring
All tests skip in safe mode using bru.runner.skipRequest().
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): address CodeRabbit review feedback
- Block absolute paths from bypassing security by routing through loadLocalModule
- Fix process tests to expect sanitized object instead of undefined
- Fix cache test to verify module executes only once
- Add tests for absolute path handling (block outside, allow within roots)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: lint issues
* fix(node-vm): recontextualize host objects for cross-context deep equality
Objects passed from the host context into the Node VM have different
Object/Array constructors than objects created inside the VM. This breaks
deep equality checks in libraries like AJV, where fast-deep-equal fails
on `a.constructor !== b.constructor` for structurally identical objects.
Add recontextualizeScript to utils.js that wraps getter methods (res.getBody,
res.getHeaders, req.getBody, req.getHeaders, req.getPathParams, req.getTags,
bru.getVar) to JSON round-trip returned objects inside the VM, giving them
VM-native prototypes.
Add external-lib-with-bru-req-res-objects package and tests to verify
bru/req/res accessibility from npm modules. Update ajv.bru tests to
validate res.getBody() against AJV schemas with enum on nested objects.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(node-vm): update spec to use saved mock refs after recontextualize
The recontextualizeScript wraps res.getBody with a JSON round-trip
function, replacing the jest mock on the context object. Save mock
references before calling runScriptInNodeVm so assertions work.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(node-vm): shallow-copy mutable process properties in sandbox
process.argv, process.versions, and process.features were passed by
reference, allowing sandboxed scripts to mutate the host process.
Shallow-copy these properties to prevent leaking mutable references.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(node-vm): use recursive clone in toVMNative instead of JSON round-trip
JSON.stringify converts undefined to null in arrays, breaking tests like
res.setBody([..., undefined, ...]). Replace with recursive clone that
creates new VM-native objects/arrays while preserving undefined values.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(node-vm): generalize recontextualize to wrap all bru/req/res methods
Instead of hardcoding specific method names, walk the prototype chain
with Object.getOwnPropertyNames to discover and wrap all methods that
return Objects/Arrays. Async methods (sendRequest, runRequest) get their
resolved values wrapped. The res callable and res.body/res.headers are
also recontextualized for direct access and query usage.
Adds integration tests for VM-native prototype checks across res, req,
bru APIs, res() callable queries, and bru.sendRequest patterns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* revert(node-vm): remove recontextualizeScript and related tests
The recontextualize approach of wrapping all bru/req/res methods
to return VM-native objects is being reverted in favor of a
different solution to the cross-context prototype mismatch issue.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(node-vm): expose full process object in developer sandbox via safeGlobals
* test(node-vm): update process tests for full process object in developer sandbox
* test(node-vm): update spec to verify process.nextTick availability
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: Support @contentType for multiline values
Fixes the issue where the @contentType annotation broke the parsing of multiline values.
* chore: add dotall flag to fileExtractContentType
Not strictly needed since body:file uses single-line values in practice,
but doesn't hurt and matches what multipartExtractContentType does.
---------
Co-authored-by: Márk Dániel Seres <markdaniel.seres@tesco.com>
* fix: standardize URL formatting in insomnia test files
* feat: add mix router for handling custom redirects and cookies
* fix: add validation for redirect count to prevent infinite loops
* fix: update test URLs to use local server and add query parameters for improved testing
* fix: update test URLs from httpbin to echo.usebruno.com across multiple test files
* fix: standardize URL formatting in insomnia test files
* chore: standardize URL formatting in insomnia test files
* Import WSDL to bruno collection
* feat(wsdl-import): remove unused code and minor refactor
---------
Co-authored-by: Bijin Bruno <bijin@usebruno.com>
* init
* fix: header saving in ws
* fix: retrieve auth value correctly
* feat: ws settings
* fix: text for inherited auth
* feat: pass down options/settings for ws
* fix: handle run handling on url
* fix: send initial message
* fix: fix header movement and minor cleanup
* fix: message queue
* refactor: faster flushing
* feat: ws tab specific additions
close tab should close connection
`ws` shown in the tab
* chore: remove unused icon
* feat: simplify query URL rendering
* fix: only add to settings if they were added
* chore: revert to original
* fix: restyle web ui
* feat: implement WebSocket response sorting and enhance message handling
- Added WSResponseSortOrder component for toggling message sort order.
- Updated WSMessagesList to accept and utilize sort order.
- Refactored message handling to use 'type' instead of 'direction'.
- Enhanced response state management to include sort order.
* feat: enhance WebSocket handling with redirect and upgrade events
- Added support for 'ws:redirect' and 'ws:upgrade' events in the WebSocket client.
- Updated WSResponseHeaders to format headers correctly.
- Modified WSResponsePane to display headers in the response.
- Improved message handling in the Redux slice for WebSocket events.
* fix: correct fallback for URL retrieval in bruRequestToJson
* feat: enhance WebSocket message handling and styling
- Add new styling for incoming messages in StyledWrapper.
- Update WSMessagesList to handle message sorting and focus.
- Refactor response sort order handling in WSResponseSortOrder.
- Improve WebSocket connection management in ws-client.
* fix: adjust styling for message display
* fix: imports for ws files
* fix: visually simplify the message list
* chore: pkg updates
* fix: remove unused content-type check in WebSocket request preparation
* fix: avoid duplicate messages
avoid message getting queued and sent twice
* feat: beautify the code editor in each message
* feat(websockets): add websocket tests
* tests(websockets): move it a folder up
* fix: hexdump on sent messages
* fix: make the view a lot more compact
* feat: enhance WebSocket message handling and styling
* formatting fixes - batch 1
* chore: formatting fixes batch 2
* chore: format changes batch 3
* chore: format settings batch 4
* chore: clean up
* chore: for now avoid oauth2
* chore: formatting changes batch 6
* test(websocket): add headers handling in tests
- Implemented logic to send headers in websocket messages.
- Added tests for websocket connections and message handling.
- Created locators for common elements in websocket tests.
* chore: cleanup
* test(websocket): refactor to use constant for BRU_FILE_NAME
Updated the test cases to utilize a constant for the BRU_FILE_NAME regex pattern for better maintainability and readability.
* test(websocket): update BRU_FILE_NAME to use regex
Changed BRU_FILE_NAME from a string to a regex pattern for better matching.
* fix(ws-client): rename timeout to handshakeTimeout
Updated the WebSocket connection options to use 'handshakeTimeout' instead of 'timeout' for clarity.
* chore: cleanup
* fix(ShareCollection): update non-exportable request types handling
Refactor hasGrpcRequests to hasNonExportableRequestTypes,
returning an object with a flag and types of requests that
will not be exported.
* feat: inherit timeout from app prefs
* fix: faster queue
* feat: add WSRequestBodyMode component and language detection
- Introduced a new component for selecting request body modes (JSON, XML, TEXT).
- Implemented auto-detection of language for the request body content.
- Created a styled wrapper for improved UI presentation.
* feat: enhance WebSocket message handling with decoder support
- Added decoder field to WebSocket messages in various components.
- Updated prettify functionality to handle XML and JSON formats.
- Modified Redux state to include decoder information.
- Adjusted schema validation to accommodate decoder field.
* refactor: replace decoder with type in WebSocket message handling
* fix: use `body` directly
* chore: reset formatting
* chore: reformat
* chore: reformat
* chore: reformat
* chore: reformat
* chore: base format
* chore: fix lang constructs
* chore: fix message queue flush logic
Ensure that the flushQueue method checks for the existence of the message queue before processing.
Refactor WebSocket test fixtures for better readability by correcting indentation and structure.
* fix: typo
* chore: lint fixes
* chore: lint fixes
* chore: rediff utils
* chore: rediff utils
* chore: remove from CLI
* chore: rediff utils
* chore: rediff utils
* chore: rediff utils
* chore: rediff utils
* chore: fix formatting
* tests(websocket): add websocket persistence tests
* chore: format
* feat(eslint): add TypeScript support and update test file patterns
* fix: turn off single line jsx expressions
* revert lang `ws` removal
* chore: reformat
* feat: better subprotocol support and tests
* chore: reformat
* chore: reformat
* clean up ununsed components
* refactor: locators, tests, new request design
* chore: close app for each test to start afresh
* Revert "chore: close app for each test to start afresh"
This reverts commit 5c2e3bec81.
* refactor: simplify dropdown mode selection
* chore: remove unused changes
* refactor: simplify
* chore: simplify
* fix: loading pulse animation
* refactor: update lodash import syntax
* fix: comments and sanitisation
* refactor: rename BRU_FILE_NAME to BRU_REQ_NAME for consistency
Updated variable names across websocket tests to improve clarity and maintain consistency in naming conventions.
* fix: null check for the initialisation of websocket client
* fix: add poller to check for saved state
* fix: variable message time check for tests
* fix: force wait for elements
* fix: use nth locators instead of wait (draft attempt)
* chore: reformat
* fix: update beta preferences to include websocket support
* feat: GA
* feat: rename `connectionTimeout` to `timeout` and better form
* feat: update WebSocket IPC channel names to use 'renderer' prefix
* feat: add 'oauth2' to supported authentication modes
* chore: add default `json` type in ws
* test: add tests for bruToJson and jsonToBru parsers
- Implemented smoke tests for the bruToJson parser to validate message inference and settings.
* refactor: improve timeout handling in WebSocket client
---------
Co-authored-by: Siddharth Gelera <siddharthgelera@Siddharths-MacBook-Air.local>
Co-authored-by: Sid <siddharth@usebruno.com>
