* fix: update system proxy fetching to use finally (#7652)
* fix: update system proxy fetching to use finally for improved reliability
* Update packages/bruno-electron/src/index.js
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix: allow file selection in multipart form without entering a key first (#7640)
* fix: close previous SSE connection before sending new request
When resending an SSE (Server-Sent Events) request using Cmd+Enter,
the previous connection was not being closed, causing connection leaks.
Changes:
- Add SSE cancellation logic to sendRequest action - checks for running
stream and cancels it before sending new request
- Add return to cancelRequest action to make it properly chainable
- Simplify RequestTabPanel by removing duplicate cancel logic (now
handled centrally in sendRequest)
- Add SSE endpoints to test server for e2e testing
- Add Playwright e2e test to verify SSE connection cancellation
* fix: address PR review feedback for SSE connection cancellation
- Use platform-aware modifier (Meta on macOS, Control on Linux/Windows)
instead of hardcoded Meta+Enter for cross-platform CI compatibility
- Replace waitForTimeout with expect.poll for deterministic assertions
- Remove dead try/catch around cancelRequest (errors already swallowed
by cancelRequest's internal .catch)
* fix: updated the test to check of connectionIds
---------
Co-authored-by: Sid <siddharth@usebruno.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Pooja <pooja@usebruno.com>
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
* fix(js): support response query filters in safe mode
* feat: add tests and improve bruno-response shim for query argument handling
- Introduced a new test suite for the bruno-response shim to validate query filtering and function callback behavior.
- Refactored the `res` function to enhance argument handling, allowing for better marshalling of QuickJS function handles and other values.
- Improved error handling within the response processing to ensure robust behavior during query execution.
* fix: correct argument handling in bruno-response shim for function callbacks
- Updated the `toHostQueryArg` function to use `vm.undefined` instead of `vm.global` when calling the provided function argument. This change ensures proper context handling during function execution, improving the reliability of query argument processing.
* chore: clean up .gitignore and enhance error handling in bruno-response tests
- Removed redundant entries from .gitignore to streamline ignored files.
- Improved error handling in the `afterEach` and `afterAll` hooks of the bruno-response tests to ensure proper disposal of resources, preventing potential memory leaks.
---------
Co-authored-by: cryst <230207759+cryst-hq@users.noreply.github.com>
* fix(assert-runtime): update JSON validation to allow arrays and enhance test coverage
- Modified the JSON validation logic to accept arrays as valid JSON objects.
- Updated tests to ensure correct behavior for various array scenarios, including empty arrays and arrays of strings and objects.
* fix(assert-runtime): refine JSON validation logic to correctly handle arrays
- Updated the JSON validation to allow arrays as valid JSON objects, ensuring compatibility with various data structures.
- Adjusted the test assertions to reflect the new validation criteria.
* perf: optimize DNS resolution to reduce request latency by ~31%
Replace default dns.lookup (libuv thread pool) with async dns.resolve4/6
(c-ares) that bypasses the thread pool bottleneck, falling back to
dns.lookup for /etc/hosts and mDNS hostnames.
* fix: address PR review feedback for DNS optimization
- Guard against undefined options in fastLookup to prevent runtime errors
- Document that options.family is not yet respected (safe today, noted for future)
- Replace callback as any with proper typed forwarding wrapper
- Extract shared agent config (defaultAgentOptions) to eliminate duplication
between axios-instance.ts and agent-cache.ts, with documented rationale
- Mock DNS in test to avoid real network calls to google.com in CI
* fix: removed explicit resolve6 in fastLookup
---------
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
* fix: add size and duration fields to CLI bru.runRequest() response
Add `size` and `duration` fields to the response object in CLI to match
GUI behavior, ensuring consistent API for bru.runRequest() across both
environments.
- `duration` is an alias for `responseTime` for GUI compatibility
- `size` is the byte length of the response buffer (0 for errors/skipped)
Fixes#7352
* fix: address PR review feedback for CLI response consistency
- Coerce responseTime header to number (was string from headers.get())
- Add comment explaining duration vs responseTime difference between
GUI (wall-clock) and CLI (approximation using responseTime)
- Add integration tests for duration/size fields across skipped,
success, and network error response paths
* fix: add missing setupProxyAgents mock in response-fields test
The success path calls setupProxyAgents which was missing from the
proxy-util mock, causing CI failure.
---------
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
* feat: add helper to ensure string conversion for non-string values in Postman to Bruno conversion
- Introduced `ensureString` function to convert numeric and non-string values to strings, defaulting null/undefined to an empty string.
- Updated request handling in `importPostmanV2CollectionItem` to utilize `ensureString` for headers, parameters, and body fields.
- Added tests to verify correct conversion of numeric values to strings in headers, query parameters, and body fields.
* test: add test for numeric value conversion in Postman to Bruno transformation
- Implemented a new test case to verify that numeric values in example request and response fields are correctly converted to strings during the Postman to Bruno conversion process.
- The test checks various components including request headers, query parameters, path parameters, and body fields to ensure proper string conversion.
* test: add multipart form value test for numeric conversion in Postman to Bruno transformation
- Added a new test case to verify that numeric values in multipart form data are correctly converted to strings during the Postman to Bruno conversion process.
- The test checks the conversion of numeric values in the request body to ensure proper handling in the transformation.
* feat: enhance header parsing in Postman to Bruno conversion
- Added `parseStringHeader` and `normalizeHeaders` functions to handle various header formats, including string headers and concatenated strings.
- Updated the request and response handling in `importPostmanV2CollectionItem` to utilize the new header normalization logic.
- Introduced tests to verify correct parsing of string headers, including cases with no values and concatenated headers.
* refactor: enhance ensureString function for flexible fallback values
- Updated the `ensureString` function to accept a fallback parameter, allowing for customizable default values instead of a fixed empty string for null/undefined inputs.
- Modified the usage of `ensureString` in the `processAuth` function to utilize the new fallback feature for various authentication fields, improving the handling of optional values.
* refactor: update ensureString function to handle empty values
- Modified the `ensureString` function to return the fallback for null, undefined, or empty string values, enhancing its flexibility in handling various input scenarios.
* chore: update ESLint configuration and enhance Postman to Bruno conversion tests
- Added 'no-case-declarations' rule to ESLint configuration to enforce stricter coding standards.
- Modified the `processAuth` function to ensure proper block scoping for OAuth2 case handling.
- Improved header parsing logic to check for string type in content-type header.
- Added new tests to verify conversion of numeric authentication values to strings in both array-backed and object-backed formats during Postman to Bruno transformation.
* chore: update ESLint configuration to enforce stricter rules
- Added 'no-case-declarations' rule to ESLint configuration to enhance code quality.
- Adjusted existing rules for consistency and clarity in the configuration.
---------
Co-authored-by: Bijin A B <bijin@usebruno.com>
* feat: add gRPC proxy support
* fix: respect channelOptions grpc.primary_user_agent over User-Agent header
* fix: remove non-standard grpc_proxy/no_grpc_proxy env var support
These are not recognized by any standard gRPC implementation. gRPC proxy
now uses the standard http_proxy/https_proxy/no_proxy variables like
grpc-core, grpc-go, and grpc-java.
* chore: add resolveGrpcProxyConfig tests and clean up grpc-client
Export resolveGrpcProxyConfig for testability and add unit tests covering
all proxy modes (off, on, system), auth encoding, protocol rejection,
bypass lists, and edge cases. Remove redundant cancelAndCloseConnection
call in startConnection (already guarded by addConnection). Document why
internal @grpc/grpc-js channel options are used for programmatic proxy.
Added event handlers to prevent the browser's autoscroll behavior when the middle mouse button is pressed in the ExampleTab and RequestTab components. This improves user experience by avoiding unintended scrolling during tab interactions.
* feat: add support for examples in collection items
- Enhanced the processCollectionItems function to include examples from imported collection items.
- Added a new test case to verify that examples are correctly written to the output file during collection creation.
* fix: coerce response status to number in collection creation tests
Updated the test for createCollectionFromBrunoObject to ensure the response status is compared as a number, improving type consistency in assertions.
- Implemented a new _onBlur method to set the cursor position when the editor loses focus.
- Updated event listeners to include the blur event for both MultiLineEditor and SingleLineEditor, enhancing user experience by preserving cursor position.
- Ensured proper cleanup of event listeners during component unmounting to prevent memory leaks.
When axios receives a 4XX/5XX response it throws an error, causing
execution to jump to the catch block. saveCookies() was only called
in the try block (2XX path), so error-status cookies were silently
dropped in collection runs.
Fix applied to both affected code paths:
- packages/bruno-cli/src/runner/run-single-request.js (CLI runner)
- packages/bruno-electron/src/ipc/network/index.js (app collection runner)
Manual single-request execution was already correct — saveCookies() is
called after the try/catch there, so both status paths were covered.
Fixes#7475
Updated the bruToJson function to coerce the tags property into an array, ensuring consistent data structure when processing JSON input. This change enhances the reliability of the function by preventing potential errors when tags are not provided as an array.
Updated the parseBruRequest function to guarantee that the tags extracted from the JSON input are always returned as an array, improving data consistency and preventing potential errors when handling non-array values.
* fix: cURL paste not updating request tab editors visually
Remove the focus-based guard from PR#7098 that blocked editor value
updates when the editor had focus. This caused cURL paste to not
reflect in the request tab until switching tabs. Editors now always
accept incoming prop values and preserve cursor position. Also set
cursor to end of new URL after cURL paste using setTimeout.
* fix: added optional chaining
---------
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
When a request redirected from HTTP to HTTPS (or vice versa), the
original httpAgent/httpsAgent leaked into the redirect config. The
httpsAgent — which carries custom CA certificates and TLS options — was
never created for the redirect URL, causing UNABLE_TO_VERIFY_LEAF_SIGNATURE.
Changes:
- setupProxyAgents (electron) now deletes stale agents at the top of
every call so they are always recreated for the current URL
- setupProxyAgents extracted to bruno-cli/proxy-util.js (mirrors the
electron version) and called on every redirect in the CLI path
- Removed the else-branch in bruno-requests/http-https-agents.ts that
only created one agent based on initial protocol
- Added HTTP→HTTPS redirect test server and request to the
custom-ca-certs SSL test suite
* feat: add helper to ensure string conversion for non-string values in Postman to Bruno conversion
- Introduced `ensureString` function to convert numeric and non-string values to strings, defaulting null/undefined to an empty string.
- Updated request handling in `importPostmanV2CollectionItem` to utilize `ensureString` for headers, parameters, and body fields.
- Added tests to verify correct conversion of numeric values to strings in headers, query parameters, and body fields.
* test: add test for numeric value conversion in Postman to Bruno transformation
- Implemented a new test case to verify that numeric values in example request and response fields are correctly converted to strings during the Postman to Bruno conversion process.
- The test checks various components including request headers, query parameters, path parameters, and body fields to ensure proper string conversion.
* test: add multipart form value test for numeric conversion in Postman to Bruno transformation
- Added a new test case to verify that numeric values in multipart form data are correctly converted to strings during the Postman to Bruno conversion process.
- The test checks the conversion of numeric values in the request body to ensure proper handling in the transformation.
* chore: basic annotation support
* chore: string and escape cases
* feat: add basic multiline support
* fix: simplify dedentation logic in annotation multiline text block
* chore: fix asserts
* feat: add annotation support to env and collection
* feat: enhance annotation parsing with support for quoted arguments and nested parentheses
* refactor: feedback, remove inline annotations
* feat: move serializeAnnotations function to utils and update imports
* fix: app crash on clicking close button \n Added collection, workspace, and api spec watcher cleanup on app close method
* fix: close file watchers before app exit to prevent crash on macOS
Close all chokidar file watchers (collection, workspace, apiSpec) before
the Node environment is torn down. The native FSEvents watchers run on
their own threads and their cleanup races with FreeEnvironment, causing
an abort when fse_instance_destroy tries to lock a destroyed mutex.
Watchers are closed in both mainWindow.on('close') and app.on('before-quit')
to cover the native close button path and the app.exit() path.
* fix: move watcher cleanup from close handler to before-quit only
The close event is cancelable — if the user cancels the unsaved changes
dialog, watchers would remain closed for the rest of the session.
Move closeAllWatchers() to before-quit which only fires on actual quit.
---------
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
* chore: pin axios version
* limit it to the max mentioned by the repo
* chore: pin to 1.13.6
* chore: pin transitive
* chore: update axios version to 1.13.6
* chore: min release age for deps
- Replaced the static file name display with a SingleLineEditor for better readability and consistency.
- Removed unnecessary padding in StyledWrapper for a cleaner layout.
- Enhanced value interpolation logic to handle arrays in interpolate-vars.js for improved data processing.
Postman collections can contain numeric header values (e.g., status code 200),
which fail Bruno's schema validation expecting strings. Wrap header.value in
String() for example request and response headers, matching the existing
pattern used for regular request headers.
When executing requests with pre-request or post-response scripts, the
global environment color property was being stripped from YAML files.
This happened because the save operation only passed `variables` through
the IPC chain, and the workspace-environments store created a new
environment object without preserving the existing `color` property.
The fix passes the `color` property through the entire IPC chain:
- Redux actions now include `color` in the save-global-environment IPC call
- IPC handler accepts and forwards `color` to both stores
- workspace-environments store includes `color` when creating the environment object
- global-environments store preserves `color` when updating
Fixes#7348
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
Use themed styled-component classes instead of hardcoded Tailwind colors
for the drafts confirmation modal, add text truncation for long collection
names, and lower EditableTable resize-handle z-index so it no longer
renders above modals.
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
* feat(cookies): add direct cookie access methods and update translations
- Introduced new methods for direct cookie access: `bru.cookies.get`, `bru.cookies.has`, and `bru.cookies.toObject`.
- Updated translation mappings in `bruno-to-postman-translator` and `postman-to-bruno-translator` to support these new methods.
- Enhanced tests to verify correct translation between `bru` and `pm` cookie methods, including mixed usage scenarios.
- Updated `Bru` class to handle cookie access based on the current request URL.
* feat(cookies): enhance cookie management with new methods and refactor
- Added new cookie methods: `toString`, `clear`, `delete`, `one`, `all`, `idx`, `count`, `indexOf`, `find`, `filter`, `each`, `map`, and `reduce` to `bru.cookies`.
- Refactored `Bru` class to utilize a new `CookieList` for cookie management, improving structure and readability.
- Updated translation mappings in `bruno-to-postman-translator` and `postman-to-bruno-translator` to include new cookie methods.
- Introduced `PropertyList` and `ReadOnlyPropertyList` classes for better data structure management.
- Enhanced tests for comprehensive coverage of new cookie functionalities and their interactions.
* docs(readonly-property-list): clarify array usage in constructor comments
* feat(cookies): add direct cookie manipulation tests and methods
* feat(cookies): add hasCookie method for checking cookie existence
* fix
* refactor(cookies): simplify cookie method translations
* feat(cookies): expand cookie API with new methods and tests
- Added new cookie methods: `get`, `has`, `toString`, `clear`, `upsert`, `remove`, `idx`, and `indexOf` to enhance cookie management.
- Updated translation mappings for `bru.cookies` to include new methods in `bruno-to-postman-translator` and `postman-to-bruno-translator`.
- Introduced tests for new methods and their interactions, ensuring comprehensive coverage of cookie functionalities.
- Enhanced existing tests to validate correct behavior of cookie methods across different scenarios.
* refactor(cookies): update CookieList to extend PropertyList and improve error handling
* test(cookies): add regression tests for jar and direct cookie patterns
- Introduced regression tests to ensure that jar patterns are correctly prioritized over direct cookie access patterns in translations.
- Updated `CookieList` to extend `ReadOnlyPropertyList` instead of `PropertyList`, clarifying its functionality.
- Refactored cookie method handling in the `bru` shim to utilize a new asynchronous bridge for improved error handling and consistency.
* refactor(cookies): update translations and remove PropertyList
- Enhanced comments in `postman-translations.js` to clarify the order of cookie jar translations.
- Updated `cookie-list.js` comments to better describe the factory function for the cookie jar.
- Removed the `PropertyList` class and its associated tests, streamlining the codebase and focusing on `ReadOnlyPropertyList` and `CookieList` for cookie management.
* fix(cookies): normalize tough-cookie objects and improve remove method comments
- Updated `CookieList` to normalize tough-cookie instances to plain objects, preventing circular references and exposing internal structures.
- Enhanced comments in the `remove` method to clarify behavior when removing non-existent or empty-named cookies.
* test(cookies): update tests to use async/await for consistency
* test(cookies): use async/await in cookie tests for consistency
* refactor(readonly-property-list): update get and reduce methods for improved behavior
* fix(cookies): update cookie method signature in autocomplete hints and enhance translation comments
- Modified the autocomplete hint for `bru.cookies.has` to include the new signature with an optional value parameter.
- Improved comments in `postman-translations.js` to clarify the order of cookie jar translation patterns for better understanding.
* refactor(cookies): introduce PropertyList for enhanced cookie management
* refactor(property-list): simplify repopulate method and enhance item handling logic
* feat(cookies): implement PropertyList bridge for enhanced cookie management
- Introduced a new `createPropertyListBridge` utility to streamline the integration of cookie methods into the QuickJS VM.
- Replaced the previous async cookie bridge with a more flexible approach, allowing for both synchronous and asynchronous cookie operations.
- Added comprehensive tests to validate the functionality of the new cookie methods in both developer and safe modes.
- Updated existing cookie tests to ensure compatibility with the new PropertyList structure.
* fix(tests): correct expected passed requests in cookie tests
- Updated the expected number of passed requests in the cookie tests from 34 to 6 to reflect the correct validation results.
- Ensured consistency in test assertions across multiple test cases for the PropertyList API.
* fix(cookies): update cookie URLs to use localhost for testing
- Changed all cookie-related test scripts to use `{{localhost}}` instead of `{{host}}` for the ping URL, ensuring consistency in local testing environments.
- Updated the cookie test suite to reflect the new URL structure, enhancing the reliability of the tests.
- Removed outdated cookie test files to streamline the test suite.
* refactor(cookies): standardize cookie handling with localhost variable
- Updated cookie test scripts to utilize the `{{localhost}}` variable for setting and retrieving cookies, ensuring consistency across tests.
- Enhanced clarity in comments regarding cookie behavior for different domains.
- Improved test assertions to validate cookie management functionality more effectively.
* refactor(property-list, readonly-property-list): update methods to use private class fields
* feat(cookies): enhance CookieList API with detailed documentation and method improvements
- Updated the `CookieList` class to provide comprehensive documentation on cookie management methods, including `add`, `upsert`, `remove`, and `delete`.
- Improved method signatures to support both callback and Promise-based usage for asynchronous operations.
- Added detailed descriptions for read and write methods, including examples and expected behavior.
- Enhanced the integration of the `CookieList` with the QuickJS VM by updating the property list bridge to include `toJSON` in sync read object methods.
* feat(cookies): add detailed examples and improve async bridge documentation
- Enhanced the `createPropertyListBridge` function documentation with comprehensive examples for setting up cookie methods in QuickJS.
- Clarified the two-phase setup process for async write methods, detailing the registration of bridge functions and the generation of JavaScript code for method wrappers.
- Added a new test case for the `toJSON()` method to ensure it returns a cloned array of all cookies, validating the expected structure and properties.
* fix(assert-runtime): correct syntax error in response parser assignment
- Added a semicolon at the end of the response parser assignment to ensure proper syntax in the AssertRuntime class.
* feat: add OAuth 1.0 authentication support
Add full OAuth 1.0 (RFC 5849) authentication with support for
HMAC-SHA1/256/512, RSA-SHA1/256/512, and PLAINTEXT signature methods.
Includes UI components, bru/yml serialization, Postman import, code
generation, CLI support, and comprehensive playwright and unit tests.
* test: replace real-looking PEM literals with fake markers in oauth1 tests
Avoid tripping secret scanners by using obviously fake BEGIN/END markers
and non-sensitive base64 content in serialization and round-trip tests.
* fix: remove invalid OAuth1 placeholder header from code generator
OAuth1 requires runtime-computed nonce, timestamp, and signature that
cannot be pre-computed for a static code snippet. Return an empty array
instead of emitting an Authorization header with literal <signature>,
<timestamp>, <nonce> placeholders.
* fix: remove unreachable oauth1 case from WSAuth component
The oauth1 switch branch was dead code since it was not in
supportedAuthModes and the useEffect would reset it to 'none'
before it could render.
* fix: remove unused collectionPath param and use path.basename for filename extraction
* refactor: rename OAuth1 fields for clarity
- tokenSecret → accessTokenSecret
- signatureMethod → signatureEncoding
- addParamsTo value 'queryparams' → 'query'
* refactor: rename addParamsTo to placement in OAuth1 auth
* fix: add missing oauth1: null in buildOAuth2Config and upgrade @opencollection/types to 0.9.0
* test: add oauth1 import tests and fix missing oauth1: null in auth assertions
* ci: add auth playwright tests workflow for Linux, macOS, and Windows
* refactor: rename signatureEncoding to signatureMethod and fix timeline race condition
- Rename OAuth1 signatureEncoding to signatureMethod across all packages
- Fix timeline showing "No Headers/Body found" when request-sent IPC event
arrives after response by retroactively updating the timeline entry
- Store requestUid in timeline entries for precise matching
- Correct timeline entry timestamp on retroactive update for proper sort order
* ci: add OAuth1 CLI tests and reorganize auth actions under oauth1/
- Add CLI tests that run full BRU and YML collections via bru run
- Add start-test-server actions for Linux, macOS, and Windows
- Move auth e2e and setup actions under auth/oauth1/ directory
- Fix Windows Playwright failures caused by unescaped backslashes in collectionPath template variable
* ci: reorder auth tests to run E2E tests before CLI tests
* ci: start test server after E2E tests to fix port 8081 conflict
* refactor: update Bru constructor to accept a single options object for improved readability
- Changed the Bru class constructor to accept a single options object instead of multiple parameters, enhancing code clarity and maintainability.
- Updated all instances of Bru instantiation across the codebase to align with the new constructor format.
* docs: enhance Bru constructor documentation with additional certs and proxy configuration options
- Updated the documentation for the Bru class constructor to include new parameters related to certs and proxy configuration, improving clarity for users on available options.
- Added descriptions for collectionPath, options, clientCertificates, collectionLevelProxy, and systemProxyConfig to provide comprehensive guidance on their usage.
* docs: refine Bru constructor documentation for clarity and default values
- Updated the constructor documentation for the Bru class to enhance clarity by consolidating parameter descriptions into a single options object format.
- Added default values for optional parameters, improving guidance for users on expected input and usage.
