When executing requests with pre-request or post-response scripts, the
global environment color property was being stripped from YAML files.
This happened because the save operation only passed `variables` through
the IPC chain, and the workspace-environments store created a new
environment object without preserving the existing `color` property.
The fix passes the `color` property through the entire IPC chain:
- Redux actions now include `color` in the save-global-environment IPC call
- IPC handler accepts and forwards `color` to both stores
- workspace-environments store includes `color` when creating the environment object
- global-environments store preserves `color` when updating
Fixes#7348
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
* feat: add OAuth 1.0 authentication support
Add full OAuth 1.0 (RFC 5849) authentication with support for
HMAC-SHA1/256/512, RSA-SHA1/256/512, and PLAINTEXT signature methods.
Includes UI components, bru/yml serialization, Postman import, code
generation, CLI support, and comprehensive playwright and unit tests.
* test: replace real-looking PEM literals with fake markers in oauth1 tests
Avoid tripping secret scanners by using obviously fake BEGIN/END markers
and non-sensitive base64 content in serialization and round-trip tests.
* fix: remove invalid OAuth1 placeholder header from code generator
OAuth1 requires runtime-computed nonce, timestamp, and signature that
cannot be pre-computed for a static code snippet. Return an empty array
instead of emitting an Authorization header with literal <signature>,
<timestamp>, <nonce> placeholders.
* fix: remove unreachable oauth1 case from WSAuth component
The oauth1 switch branch was dead code since it was not in
supportedAuthModes and the useEffect would reset it to 'none'
before it could render.
* fix: remove unused collectionPath param and use path.basename for filename extraction
* refactor: rename OAuth1 fields for clarity
- tokenSecret → accessTokenSecret
- signatureMethod → signatureEncoding
- addParamsTo value 'queryparams' → 'query'
* refactor: rename addParamsTo to placement in OAuth1 auth
* fix: add missing oauth1: null in buildOAuth2Config and upgrade @opencollection/types to 0.9.0
* test: add oauth1 import tests and fix missing oauth1: null in auth assertions
* ci: add auth playwright tests workflow for Linux, macOS, and Windows
* refactor: rename signatureEncoding to signatureMethod and fix timeline race condition
- Rename OAuth1 signatureEncoding to signatureMethod across all packages
- Fix timeline showing "No Headers/Body found" when request-sent IPC event
arrives after response by retroactively updating the timeline entry
- Store requestUid in timeline entries for precise matching
- Correct timeline entry timestamp on retroactive update for proper sort order
* ci: add OAuth1 CLI tests and reorganize auth actions under oauth1/
- Add CLI tests that run full BRU and YML collections via bru run
- Add start-test-server actions for Linux, macOS, and Windows
- Move auth e2e and setup actions under auth/oauth1/ directory
- Fix Windows Playwright failures caused by unescaped backslashes in collectionPath template variable
* ci: reorder auth tests to run E2E tests before CLI tests
* ci: start test server after E2E tests to fix port 8081 conflict
* fix: preserve user-defined boundary in multipart/mixed Content-Type header
When users specify a boundary parameter in their Content-Type header for
multipart/mixed requests with TEXT body mode, Bruno now preserves the
user-defined boundary instead of generating a new one.
Fixes: https://github.com/usebruno/bruno/issues/7523
* updated the test to use local server and changed the request method to GET
* fix: handle quoted boundary values in Content-Type header extraction
---------
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
Close the open tab when a request is moved to a different collection
via drag and drop, preventing the "Request no longer exists" error.
Add format conversion when dragging requests between collections with
different formats (.bru vs .yml). A new IPC handler parses the source
file and re-serializes it in the target collection's format. Folder
cross-format moves are blocked with a toast error.
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
Use { recursive: true } in mkdirSync during collection import so that
directories which already exist (e.g. due to duplicate or case-colliding
path params like {customerID} vs {customerId}) do not throw EEXIST and
abort the import.
* refactor: enhance error handling and context retrieval for script errors
- Updated the error formatter to utilize in-memory script content for error context, improving accuracy when users have unsaved changes.
- Introduced a new utility function, `getSourceContextFromContent`, to extract context lines from in-memory scripts.
- Enhanced tests to verify that draft script errors display the correct code context, ensuring users see the most relevant information during debugging.
- Added new Playwright tests to validate error handling in draft states across pre-request, post-response, and test scripts.
* refactor: enhance error context retrieval in error formatter
- Updated `getSourceContext` to accept in-memory content, improving context extraction for unsaved changes.
- Deprecated `getSourceContextFromContent` in favor of the new parameterized approach.
- Adjusted related tests to ensure accurate context handling for draft script errors.
* refactor: enhance error context handling for draft scripts
* refactor: streamline script error tests and enhance utility functions
- Consolidated helper functions for sending requests and waiting for responses into the actions module.
- Introduced new utility functions for selecting script sub-tabs and editing CodeMirror editors.
- Updated test cases to utilize the new utility functions, improving readability and maintainability.
- Enhanced locators for better integration with testing frameworks.
* refactor: improve script error context handling and utility functions
- Introduced a new utility function to streamline the retrieval of script block start lines for .bru and .yml files.
- Enhanced the error formatter to prioritize in-memory draft content when resolving error contexts, improving accuracy for unsaved changes.
- Consolidated context extraction logic into a single function to reduce redundancy and improve maintainability.
- Updated related tests to ensure accurate context handling for both draft and disk-based scripts.
* refactor: add comments to clarify line index calculations in error formatter
- Updated ThemeProvider to send background color along with theme changes to the renderer.
- Introduced WindowStateStore methods for managing theme mode and background color.
- Set the main window's background color based on the stored theme during app initialization.
This improves the user experience by ensuring the application reflects the selected theme accurately.
* fix: quote values containing hash (#) in .env file serialization
Values containing # characters were being truncated when saved to .env
files because the dotenv parser interprets # as a comment character.
This fix adds a shared jsonToDotenv utility in bruno-common that properly
quotes values containing special characters (#, \n, ", ', \) to ensure
they are preserved through serialization and parsing.
- Add jsonToDotenv utility with comprehensive test coverage
- Update bruno-electron and bruno-app to use shared utility
- Remove duplicate serialization logic from multiple locations
Fixes https://github.com/usebruno/bruno/issues/7375
Fixes https://github.com/usebruno/bruno/issues/7327
* fix: escape carriage returns in .env file serialization for Windows CRLF handling
---------
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
* feat: enhance ScriptError with source context, code snippets, and navigation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: remove auto-commenting of untranslated pm commands during import
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: update CodeSnippet styles to use theme colors for error and warning highlights
* fix: remove unused SCRIPT_TYPES import from network IPC module
* refactor: remove unused functions and clean up source-context utility
- Removed `getUnifiedScriptContext`, `getWarningSourceGroups`, and related helper functions from `source-context.js` to streamline the utility.
- Updated tests in `source-context.spec.js` to reflect the removal of unused functions, ensuring only relevant tests for `findLineInSource` and `getScriptContext` remain.
* refactor: simplify ScriptError component and update styles
* refactor: streamline tab management in Script components
* refactor: enhance tab management in ScriptError and add testsMetadata handling in prepare-request
* refactor: improve error source identification in ScriptError component
- Enhanced the logic for determining error source types by introducing separate checks for folder and collection files.
- Updated the handling of folder file names to ensure accurate UID retrieval and labeling.
- Streamlined the overall structure of the getErrorSourceInfo function for better readability and maintainability.
* refactor: improve ScriptError component and enhance styling
- Simplified the conditions for displaying the ScriptError component in ResponsePane.
- Updated navigation logic in ScriptErrorCard to ensure proper handling of source information.
- Adjusted styles in StyledWrapper to allow for visible overflow.
- Enhanced ScriptErrorIcon to accept additional class names for better styling flexibility.
- Minor layout adjustments in RunnerResults ResponsePane for improved UI consistency.
* refactor: simplify test description for untranslated pm commands and consolidate error formatter imports
* fixes
* refactor: update focusedTab logic in Script components to use collection and folder UIDthe respective collection and folder UID instead of the activeTabUid.
* feat: add buildErrorContext utility for enhanced error handling in network IPC
- Introduced a new utility function `buildErrorContext` to construct detailed error context from script errors.
- This function parses error locations, adjusts line numbers, and retrieves relevant source context, improving error reporting.
- Removed the previous inline error handling logic from the network IPC module to streamline the codebase.
* feat: added playwright test cases to test scriptError behavior
* refactor: enhance ScriptError component and improve error handling
- Updated labels for error source types in ScriptError to be more concise (e.g., "Request Script" to "Request").
- Improved navigation logic in ScriptErrorCard to ensure proper handling of navigable file paths.
- Enhanced styling in StyledWrapper for better visual consistency and user experience.
- Added tests to verify fallback behavior for missing error types and non-navigable file paths.
- Refined utility functions for better context extraction from script errors.
* refactor: normalize file paths for cross-platform compatibility in ScriptError component
* refactor: improve file path handling in ScriptError component
* refactor: enhance buildErrorContext for improved error handling
* docs: add detailed comments to build-error-context for better understanding of error handling
* refactor: enhance error block line detection in error formatter
- Updated `findScriptBlockEndLine` and `findYmlScriptBlockEndLine` functions to return null for empty or missing blocks, improving accuracy in line detection.
- Added comprehensive tests for both functions to ensure correct behavior across various scenarios, including handling of non-.bru and non-.yml files.
* refactor: improve error handling and testing in ScriptError and buildErrorContext
- Updated ScriptError component to streamline tab management by replacing focusTab with addTab for better request handling.
- Enhanced buildErrorContext to return null for empty or missing script blocks in .bru and .yml files, ensuring accurate error reporting.
- Added tests to validate behavior for empty script blocks and improved error context extraction in various scenarios.
* test: add new tests for script error navigation and handling
- Implemented tests for post-response file-path navigation to the Script tab and verification of active sub-tabs.
- Added keyboard navigation tests to trigger file-path navigation using the Enter key.
- Included a test for multiple error cards to ensure closing one does not affect others.
- Enhanced runner tests to verify navigation to the Tests tab from script error results.
* refactor: enhance CodeSnippet line rendering and remove unused source-context utilities
* refactor: update locators in script-errors tests for improved readability and maintainability
* test: enhance script-errors tests to verify error line content
* review fixes
* refactor: update RunnerResults component and enhance locators for improved testability
* refactor: remove buildErrorContext and replace with formatErrorWithContextV2
- Deleted the buildErrorContext function and its associated tests.
- Updated network IPC to utilize formatErrorWithContextV2 for improved error context handling.
- Enhanced error reporting by ensuring structured error context is returned for desktop UI.
* refactor: enhance tab components with data-testid attributes for improved testability
- Added data-testid attributes to tab elements in CollectionSettings and FolderSettings components for better integration with testing frameworks.
- Updated Tabs and ResponsiveTabs components to include data-testid attributes for tab triggers, enhancing the ability to select and verify tabs in tests.
- Modified script-errors tests to utilize new locators for improved readability and maintainability.
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(OpenAPISyncTab): remove unused props and streamline IPC calls
- Eliminated unnecessary sourceUrl prop from various components and hooks in the OpenAPISyncTab.
- Improved pretty-printing logic in OpenAPISpecTab to handle non-JSON content gracefully.
- Updated IPC calls to remove redundant parameters, enhancing code clarity and maintainability.
* feat(OpenAPISyncTab): enhance user interaction and visual feedback
- Added onTabSelect prop to OpenAPISyncTab for improved tab navigation.
- Updated color properties in StyledWrapper for better consistency with theme.
- Replaced IconClock with IconAlertTriangle in CollectionStatusSection for clearer status indication.
- Enhanced messaging in OverviewSection and SpecStatusSection to provide clearer user guidance.
- Introduced handleRestoreSpec function in useSyncFlow for better spec restoration handling.
* fix(OpenAPISyncTab): update button labels for clarity in OverviewSection
- Changed button label from 'restore' to 'spec-details' for better context.
- Updated the button text from 'View Details' to 'Go to Spec Updates' to enhance user understanding of navigation options.
* refactor(OpenAPISyncTab): remove unused props and streamline component logic
- Eliminated unnecessary props from OpenAPISyncTab, CollectionStatusSection, and SpecStatusSection for cleaner code.
- Removed commented-out code in OverviewSection and SpecStatusSection to enhance readability.
- Introduced posixifyPath utility function in filesystem.js to standardize path formatting.
* fix(OpenAPISyncTab): update openapi config handling to support array format
- Modified the logic in loadBrunoConfig to handle openapi as an array, ensuring consistent resolution of source URLs for all entries. This change improves the configuration handling for OpenAPI specifications.
* fix(OpenAPISyncTab): improve openapi config handling and merge logic
- Updated loadBrunoConfig to ensure openapi is treated as an array, enhancing source URL resolution.
- Modified mergeWithUserValues to handle cases where specItems may be undefined, improving robustness in merging user values with specifications.
- Removed unused props and improved error handling in OpenAPISyncTab components.
- Updated messaging in CollectionStatusSection and OverviewSection for clarity.
- Enhanced the SpecDiffModal to provide better visual feedback on changes.
- Refactored sync flow logic to ensure accurate endpoint categorization and improved performance.
- Added new utility functions for better handling of spec changes and endpoint comparisons.
* fix: specify OpenAPI 3.x in error messages for file uploads and URL validation
Updated error messages in ConnectSpecForm and ConnectionSettingsModal to clarify that only OpenAPI 3.x specifications are valid. Enhanced useOpenAPISync hook to reflect the same specificity in error handling for invalid URLs.
* feat(OpenAPISpecTab): add pretty-printing for JSON content in API spec viewer
Implemented a new function to pretty-print JSON content for improved readability in the OpenAPISpecTab component. This enhancement ensures that JSON specifications are displayed in a more user-friendly format while leaving YAML content unchanged.
* feat(OpenAPISyncHeader): resolve and display absolute file paths for local sources
Added functionality to resolve relative file paths to absolute paths for better user experience in the OpenAPISyncHeader component. Implemented state management and side effects to handle path resolution based on the source URL, enhancing the display of local file paths.
* feat(OpenAPISyncTab): enhance collection status display and add endpoint counting utility
Refactored the CollectionStatusSection to streamline the display of collection drift status, integrating loading states and improved messaging for initial sync scenarios. Introduced a new utility function to count HTTP endpoints in OpenAPI specifications, enhancing the overall functionality of the OpenAPISyncTab. Additionally, updated the OpenAPISyncHeader and OverviewSection to utilize stored specification metadata for better user experience.
* refactor: improve OpenAPI Sync endpoint handling
- Enhanced the logic for adding new requests by ensuring existing files are verified before removal to prevent accidental deletions.
- Streamlined the process of adding new endpoints, including checks for existing files and merging requests to maintain user customizations.
- Added comments for clarity on the purpose of changes, particularly regarding filename collision prevention and file content verification.
* style(OpenAPISyncTab): update styles for improved visual feedback
- Changed background color for the 'type-spec-modified' class to a warning color for better distinction.
- Updated text color and background for the SyncReviewPage to enhance readability and visual hierarchy.
- Adjusted default expanded states for endpoint sections to improve user experience during sync reviews.
* chore: update .gitignore and enhance OpenAPISyncTab components
- Added new entries to .gitignore for agent-related files and skills-lock.json.
- Modified StyledWrapper to improve overflow handling and added sticky headers for better visibility.
- Introduced loading state in SpecDiffModal with a spinner for improved user feedback during rendering.
* feat(OpenAPISpecTab): integrate fast-json-format for improved JSON rendering
- Replaced the JSON parsing and stringifying logic with fast-json-format for better performance in pretty-printing API specifications.
- Updated StyledWrapper in OpenAPISyncTab to change background and text colors for enhanced visual consistency.
- Modified DisconnectSyncModal button to include a secondary color for improved visibility during user interactions.
* fix(OpenAPISyncTab): correct punctuation in status messages and subtitles
- Removed unnecessary trailing periods in messages related to syncing and restoring specifications across CollectionStatusSection and OverviewSection components.
- Updated SyncReviewPage to correct grammatical error in the description of spec updates.
* fix(OpenAPISyncTab): update URL validation to use isHttpUrl
- Replaced isValidUrl with isHttpUrl in ConnectSpecForm and ConnectionSettingsModal components to ensure only valid HTTP URLs are accepted.
- Updated the logic for enabling the save button based on the new URL validation method.
* fix(OpenAPISyncTab): normalize source URL before validation
- Trimmed the source URL in ConnectionSettingsModal to ensure consistent validation with isHttpUrl.
- Updated state initialization for URL and filePath to use the normalized source URL, improving handling of user input.
* fix(collection-watcher): guard against events firing after collection deletion
When deleting an OpenAPI-synced collection, saveBrunoConfig() writes to
bruno.json which creates buffered chokidar events (80ms stabilityThreshold).
If the collection directory is removed before those events fire,
getCollectionFormat() throws "No collection configuration found" for each
.bru file in the collection.
Add fs.existsSync(collectionPath) guards in the change, unlink, and
unlinkDir handlers to bail out early when the collection root no longer exists.
* fix(workspaces): ensure collection watcher stops before deletion
Added logic to remove the collection from the watcher when deleting files, preventing chokidar from firing events on a directory that is being removed. This change enhances stability during collection deletions by ensuring the watcher is properly managed.
* refactor(workspaces): remove redundant collection watcher logic during deletion
Eliminated the logic for stopping the collection watcher before deletion, streamlining the action for removing collections from workspaces. This change simplifies the code and maintains functionality without unnecessary complexity.
* test(collection): add integration test for collection deletion functionality
Introduced a new test suite to verify the deletion of collections from the workspace overview. The test ensures that collections are properly removed from both the UI and the file system, confirming the absence of any uncaught errors during the deletion process. This addition enhances the test coverage for collection management features.
* feat(collection): implement deleteCollectionFromOverview utility function
Added a new utility function to delete a collection directly from the workspace overview page. This function encapsulates the steps required to navigate the UI, confirm deletion, and ensure the collection is removed from both the interface and the file system. Updated the corresponding test to utilize this new function, enhancing code reusability and test clarity.
* fix(collection-watcher): add guards for collection path existence and error handling
Enhanced the unlink and unlinkDir functions to check for the existence of the collection path before proceeding. Added error handling for the getCollectionFormat function to prevent crashes when the collection format cannot be retrieved. These changes improve stability and robustness during collection deletion operations.
* feat: introduce OpenAPI Sync beta feedback feature
- Added a feedback section in the OpenAPISyncTab and ConnectSpecForm to encourage user input during the beta phase.
- Styled the feedback message and button for better visibility.
- Updated the beta features list to include OpenAPI Sync and adjusted related components to reflect its beta status with appropriate badges.
- Enhanced the StatusBadge component to support a new 'xs' size for better integration in various UI elements.
* feat: integrate OpenAPI Sync beta feature toggle
- Updated the ImportCollectionLocation component to conditionally enable the "Check for Spec Updates" option based on the OpenAPI Sync beta feature status.
- Modified default preferences to disable OpenAPI Sync by default, ensuring users are not prompted for updates unless explicitly enabled.
* feat: enhance beta features integration in Preferences
- Updated the BETA_FEATURES array to use constants from utils/beta-features for better maintainability.
- Improved the handling of beta preferences by merging new preferences with existing ones, ensuring a smoother user experience when toggling features.
* feat: enhance OpenAPI Sync polling with beta feature toggle
- Integrated a beta feature toggle for OpenAPI Sync polling, allowing conditional activation based on user settings.
- Updated the pollingEnabled logic to incorporate the new beta feature status, ensuring better control over sync behavior.
* Revert "feat(phase-1): allow user to customize keybindings (#7163)"
This reverts commit 14532b48a6.
* Revert "chore: UI Polish for Zoom and Keybindings panel (#7376)"
This reverts commit 5151d29aac.
* Enhance OpenAPISyncTab functionality with error handling and UI improvements
- Updated ConnectSpecForm to include error handling for invalid OpenAPI specifications when uploading files.
- Added a sync info notice in CollectionStatusSection to inform users about tracked changes.
- Improved styling in StyledWrapper for better visual feedback and layout consistency.
- Adjusted button colors and properties in ConfirmSyncModal and ConnectionSettingsModal for better UX.
- Refactored useOpenAPISync hook to validate URLs before syncing, ensuring only valid OpenAPI specs are processed.
- Enhanced parameter handling in openapi-to-bruno.js to support enum and default values more effectively.
* Refactor OpenAPISyncTab components for improved URL validation and error handling
- Updated ConnectSpecForm to streamline file upload error handling for OpenAPI specifications.
- Enhanced OpenAPISyncHeader to utilize isHttpUrl for better URL validation.
- Refactored useOpenAPISync hook to replace isValidUrl with isHttpUrl for consistency in URL checks.
- Improved file parsing logic in file-reader.js to handle case-insensitive JSON file extensions.
- Added isHttpUrl utility function to validate HTTP/HTTPS URLs effectively.
* Enhance file parsing logic in file-reader.js to improve error handling for JSON and YAML files
- Updated parseFileAsJsonOrYaml function to handle case-insensitive JSON file extensions more robustly.
- Added error handling to ensure the document root is an object and not an array, improving data validation.
* Update StatusBadge component to include new 'xs' size preset and adjust documentation accordingly
- Added 'xs' size preset with specific font size and padding for minimal use cases.
- Updated documentation to reflect the new size options available for the StatusBadge component.
* fix: refocus collection name input on error and resolve missing default location folder
* revert: remove focus refocus logic from InlineCollectionCreator
Reverts the setTimeout focus change that was causing test failures.
Keeps the preferences.js fix for default location validation.
Made-with: Cursor
* fix: update default-collection-location test to use project path
Use {{projectRoot}} template variable for defaultLocation so the path
exists when the app validates it with fs.existsSync.
Made-with: Cursor
* fix: improve save test to use alternate path and verify persistence
Made-with: Cursor
---------
Co-authored-by: naman-bruno <naman@usebruno.com>
- Updated OpenAPISyncTab to utilize Redux state for active tab management, improving state consistency.
- Removed unnecessary loading state checks from OverviewSection and SpecStatusSection for cleaner logic.
- Streamlined prop usage in OverviewSection by eliminating the isLoading prop.
- Cleaned up useOpenAPISync hook by removing unused state clearing logic on unmount.
- Improved file handling in openapi-sync IPC by ensuring new files are created in the appropriate folder based on tags.
* fix: enable SSL session caching for faster consecutive requests (#6929)
* fix: enable SSL session caching for faster consecutive requests
Previously, Bruno created a new HTTPS agent for every request, which meant
SSL/TLS sessions couldn't be reused. This caused the full TLS handshake
(~450ms) to run on every request, even to the same endpoint.
Changes:
- Add agent caching based on TLS configuration (certs, proxy, SSL options)
- Reuse cached agents for requests with matching configuration
- SSL sessions are now cached and reused, significantly reducing
response time for consecutive requests to the same host
The fix maintains backward compatibility:
- Timeline logging moved to setup phase (before agent creation)
- Proxy and SSL validation behavior unchanged
- Added clearAgentCache() for testing and configuration changes
Fixes#5574
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address review feedback for SSL session caching
- Add passphrase to cache key to prevent incorrect agent reuse
- Add MAX_AGENT_CACHE_SIZE (100) with LRU-style eviction
- Use consistent node: prefix for crypto import
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: lohit <lohit@usebruno.com>
* feat(bruno-requests): add timeline agent for TLS event logging
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): add agent cache for SSL session reuse
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test(bruno-requests): add tests for agent cache
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): integrate agent cache into http-https-agents
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(bruno-electron): use shared agent cache from bruno-requests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-cli): use agent cache for SSL session reuse
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): add HTTP agent timeline support
Add createTimelineHttpAgentClass for logging HTTP connection events
including proxy usage, DNS lookups, and connection establishment.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(bruno-requests): extract shared agent caching logic
Add getOrCreateAgentInternal helper to reduce code duplication
between getOrCreateAgent and getOrCreateHttpAgent functions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): use HTTP agent cache for connection reuse
Export getOrCreateHttpAgent and use it in http-https-agents for
HTTP requests to enable connection pooling.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(bruno-cli): improve HTTP agent handling and error logging
- Use { keepAlive: true } instead of tlsOptions for HTTP agents
- Add warning log for system proxy configuration errors
- Fix brace style consistency
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(bruno-electron): improve HTTP agent handling
- Use { keepAlive: true } instead of tlsOptions for HTTP agents
- Fix brace style consistency
- Add missing newline at EOF
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(bruno-requests): address code review findings for agent caching
- Fix Buffer hashing bug: properly handle Buffer values in hashValue()
- Add CA array support: new hashCaValue() handles string[] | Buffer[]
- Fix timeline race condition: capture timeline reference in closure
at createConnection start to isolate concurrent requests
- Fix SSL verify message: check socket.authorized for accurate status
- Fix HTTP/HTTPS agent logic: only set httpsAgent for HTTPS requests
- Add tests for concurrent requests timeline isolation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): log when reusing cached agent
- HTTPS agents: "Reusing cached agent (SSL session reuse enabled)"
- HTTP agents: "Reusing cached agent (connection reuse enabled)"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(preferences): add cache.httpHttpsAgents.enabled preference
* feat(agent-cache): add disableCache option to getOrCreateAgent
* feat(proxy-util): respect httpHttpsAgents cache preference
* refactor(agent-cache): use named props for getOrCreateAgent and getOrCreateHttpAgent
* feat(ipc): add renderer:clear-http-https-agent-cache handler
* feat(redux): add cache.httpHttpsAgents preferences to initial state
* feat(ui): add Cache tab to Preferences
* feat(cli): add --disable-http-https-agents-cache flag
* refactor(cache): replace window.ipcRenderer calls with redux actions
Add getCacheStats, purgeCache, and clearHttpHttpsAgentCache thunks to
the app slice. Update the Cache preferences component to dispatch these
actions instead of calling window.ipcRenderer directly.
Also move handleSave and handleSaveRef above useFormik to fix declaration
order — onSubmit closes over handleSaveRef, so the ref must be initialized
before useFormik is called.
* fix: tests
* fix(cache): thread disableCache and hostname through all agent-creation paths
- Forward disableHttpHttpsAgentsCache through getHttpHttpsAgents → createAgents
so OAuth2 token requests and bru.sendRequest honour the CLI flag
- Add hostname to agent cache keys (getAgentCacheKey, getHttpAgentCacheKey)
for per-host TLS session reuse; extract hostname at every call site in
run-single-request.js, proxy-util.js, and http-https-agents.ts
- Add extractHostname helper in http-https-agents.ts to safely parse hostnames
- Add test coverage for cert, key, pfx, passphrase, and hostname cache-key
differentiation in agent-cache.spec.ts
* refactor(cache): rename getOrCreateAgent to getOrCreateHttpsAgent
* refactor: simplify UI labels, optimize agent timeline wrapping, silence proxy errors
* fix: tests
* fix(proxy): fix proxy agent construction and CA cert handling
Three fixes:
1. Proxy agents (HttpsProxyAgent, HttpProxyAgent, SocksProxyAgent) expect
(proxyUri, options) constructor signature, but the agent cache was packing
proxyUri into options as a single argument. Fixed the non-timeline code
path in getOrCreateAgentInternal.
2. HTTP requests through an HTTPS proxy need TLS options (ca certs) to
validate the proxy's certificate. All getOrCreateHttpAgent call sites
now pass TLS options when the proxy protocol is HTTPS.
3. Setting the `ca` option on any Node.js TLS connection replaces the
default OpenSSL trust store entirely. CAs only in the OpenSSL default
trust store (e.g. /etc/ssl/cert.pem) but not in tls.rootCertificates
were lost. Fixed by converting `ca` to a secureContext via addCACert(),
which appends custom CAs on top of the OpenSSL defaults instead of
replacing them.
Also simplified PatchedHttpsProxyAgent to selectively forward only the
relevant TLS options (cert, key, pfx, passphrase, rejectUnauthorized,
secureContext) to the target TLS upgrade instead of blindly merging all
constructor options.
* fix(tls): load client certs into secureContext to prevent silent drop
Add Cache tab to Preferences UI
* fix(proxy): align proxy auth check to use auth.disabled field consistently
* refactor(cache): rename CLI flag to --cache-ssl-session and disable caching by default
- Rename --disable-http-https-agents-cache to --cache-ssl-session (opt-in)
- Rename disableHttpHttpsAgentsCache to cacheSslSession across CLI and bruno-requests
- Default caching to disabled in both bruno-electron and bruno-cli
- Add cacheSslSession to buildCertsAndProxyConfig for bru.sendRequest
- Update Preferences UI labels to "Cache SSL Session"
* refactor(cache): rename httpHttpsAgents to sslSession across preferences and UI
* refactor(cache): remove unused getCacheStats and purgeCache IPC actions
---------
Co-authored-by: karthik <47263234+kxbnb@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: implement OpenAPI Sync
* feat: enhance focus styles and error handling across components
- Added focus-visible styles for buttons and tags in Swagger and Modal components to improve accessibility.
- Updated ConnectSpecForm to ensure source URL is set only if the file path is valid.
- Enhanced clipboard copy functionality in SpecInfoCard with error handling and success notifications.
- Improved ExpandableEndpointRow to handle loading state more robustly.
- Refined SyncReviewPage to ensure correct filtering of updated endpoints.
- Updated file handling in OpenAPI Sync IPC to support both .yml and .yaml extensions.
* fix: improve filename sanitization in OpenAPI Sync IPC
- Updated filename sanitization logic to ensure proper handling of both `name` and `filename` properties, enhancing compatibility with various file formats.
- Adjusted the logic to derive the base name from the filename when necessary, ensuring consistent output for generated files.
* feat: enhance OpenAPI Sync tab with new overview and header components
- Introduced OverviewSection to display summary of collection and spec status, including total endpoints, in-sync counts, and pending updates.
- Added OpenAPISyncHeader for improved navigation and actions related to the OpenAPI spec.
- Updated CollectionStatusSection to better handle and display collection drift information.
- Refined styling for status banners and added new visual elements for better user experience.
- Enhanced tooltip functionality in Help component for improved accessibility.
* refactor: remove VisualDiffViewer components and add diff package
- Deleted VisualDiffViewer components including VisualDiffMeta, VisualDiffDocs, VisualDiffVars, and others to streamline the codebase.
- Introduced the 'diff' package in package-lock.json to enhance diff functionality.
- Updated utility functions to improve diff status handling and maintainability.
getCachedSystemProxy now awaits the initialization promise, preventing a race
condition where API calls made early in startup would bypass the system proxy.
* feat: add tokenType support for OAuth2
* refactor: rename tokenType to source in OpenCollection OAuth2 mapping
* refactor: rename tokenType to source in OAuth2 configuration
* chore: bump @opencollection/types to ~0.8.0
* fix: correct OAuth2 token type label in token viewer
* refactor: replace Dropdown with MenuDropdown in OAuth2 components
Migrate all 12 dropdown instances across 5 OAuth2 auth components to use
the MenuDropdown component, removing manual tippy ref management and
forwardRef icon patterns in favor of a declarative items-based API.
* fix(oauth2): prevent false callback matches on root path URLs and handle errors first
Move error check before callback URL matching in onWindowRedirect so
OAuth error responses are rejected immediately. Remove redundant error
param check from matchesCallbackUrl and require a code param or hash
fragment to match, preventing false positives on intermediate pages
when the callback URL is a root path like https://hostname/.
* fix(oauth2): clarify error handling comment
Remove "on the callback URL" from comment since error checking
now happens before callback URL matching.
* feat(): support multipart mixed
fix: support vars interpolation on mixed multi-part
Update packages/bruno-electron/src/ipc/network/interpolate-vars.js
Co-authored-by: Timon <39559178+Its-treason@users.noreply.github.com>
refactor: use startsWith
feat: best effort for other multipart/* contentypes
* feat: enhance variable interpolation for multipart requests
- Updated `interpolateVars` function to support interpolation in multipart/form-data and multipart/mixed requests.
- Added handling for empty multipart arrays and parts with missing or undefined values.
- Improved type checks for content types to ensure proper interpolation behavior.
Includes new tests to validate the interpolation functionality for multipart requests.
* fix: normalize error handling in sendRequest and improve test reliability
---------
Co-authored-by: Alfonso Presa <alfonso-presa@users.noreply.github.com>
* fix: storing status in example for yml file
* fix: temporary check for tests
* fix: temporary check for tests
* fix: temporary check for tests
* fix: temporary check for tests
* fix: temporary check for tests
* fix: temporary check for tests
* fix: temporary check for tests
* fix: temporary check for tests
* fix: temporary check for tests
* fix: temporary check for tests
* fix: temporary check for tests
* fix: temporary check for tests
* fix: test cases for status and statusText
* chore: removed logs
* fix: test cases for response status and text
* fix: test cases for response status and text
* fix: resolved comments
* fix: openapi test import test cases
* chore: removed console logs
* fix: status type in response example while import/export of collection
* fix: postman to bruno import
---------
Co-authored-by: shubh-bruno <shubh-bruno@shubh-bruno.local>
* Refactor: optimize collection updates with batch processing
- Introduced BatchAggregator to handle IPC events in batches, reducing Redux dispatch overhead during collection mounting.
- Updated collection watcher to utilize batch processing for adding files and directories, improving UI performance.
- Implemented ParsedFileCacheStore using LMDB for efficient caching of parsed file content, enhancing loading speed and reducing redundant parsing.
- Adjusted collection slice to support batch addition of items, minimizing re-renders and improving state management.
- Updated relevant components to reflect changes in loading states and collection data handling.
* feat: add cache management to preferences
- Introduced a new Cache component in the Preferences section to display cache statistics and allow users to purge the cache.
- Implemented IPC handlers for fetching cache stats and purging the cache in the Electron main process.
- Added styled components for better UI presentation of cache information.
- Updated Preferences component to include a new tab for cache management.
* fix: update package-lock.json to change 'devOptional' to 'dev' for several Babel dependencies
* refactor: update batch aggregation parameters for improved performance
- Increased DISPATCH_INTERVAL_MS from 150ms to 200ms for better timing control.
- Adjusted MAX_BATCH_SIZE from 200 to 300 items to enhance batch processing efficiency.
* feat: enhance collection loading state and improve batch aggregator functionality
- Added isLoading property to collections slice to manage loading state during collection operations.
- Updated getAggregator function calls in collection-watcher to include collectionUid for better context in batch processing.
- Normalized directory path handling in parsed-file-cache to ensure consistent prefix creation for cache keys.
* fix: update loading state and transient file handling in collections slice
- Changed isLoading property to false during collection initialization for accurate loading state representation.
- Introduced isTransient flag for directories and files to differentiate between transient and non-transient items.
- Enhanced logic for handling transient directories and files during collection processing to improve state management.
* feat: add batch processing support for file additions in task middleware
- Implemented a new listener for collectionBatchAddItems to handle batch file additions.
- Enhanced task management by checking for pending OPEN_REQUEST tasks that match added files.
- Improved tab management by dispatching addTab actions for matching files and removing corresponding tasks from the queue.
* feat: enable ASAR packaging and unpacking for LMDB binaries in Electron build configuration
- Added ASAR support to the Electron build configuration for the Bruno application.
- Specified unpacking rules for LMDB native binaries to ensure proper loading during runtime.
* feat: implement parsed file cache using IndexedDB for improved performance
- Introduced a new `parsedFileCacheStore` utilizing IndexedDB for caching parsed file data.
- Replaced the previous LMDB-based cache implementation to enhance performance and reliability.
- Updated IPC handlers to manage cache operations such as get, set, invalidate, and clear.
- Integrated the new cache store into various components, ensuring efficient data retrieval and storage.
- Added pruning functionality to remove outdated cache entries on startup.
* refactor: update collection root and item handling to preserve UIDs
- Modified the way collection roots and folder items are assigned by using `mergeRootWithPreservedUids` and `mergeRequestWithPreservedUids` to ensure UIDs are maintained during updates.
- This change enhances data integrity when managing collections and their associated files.
* refactor: pass mainWindow reference to parsedFileCacheStore initialization
- Updated the `initialize` method in `ParsedFileCacheStore` to accept a `mainWindow` parameter, allowing for direct access to the main window instance in IPC handlers.
- This change improves the handling of IPC requests by ensuring the correct window context is used for sending messages.
* refactor: optimize getStats method in parsedFileCacheStore for performance
- Replaced manual counting of total files with a direct count() call for O(1) performance.
- Updated the collection counting logic to utilize openKeyCursor with 'nextunique' for improved efficiency in counting unique collection paths.
- These changes enhance the performance of the getStats method by reducing the complexity of file and collection counting.
* fix: update key generation in parsedFileCache to use newline separator
- Changed the key generation logic in `generateKey` from a null character to a newline character for improved readability and consistency in cache keys.
* refactor: rename batch-aggregator to collection-tree-batcher and add tests
- Rename BatchAggregator class to CollectionTreeBatcher
- Rename getAggregator/removeAggregator to getBatcher/removeBatcher
- Update imports and variable names in collection-watcher.js
- Add backward-compatible aliases for old names
- Add 22 unit tests covering all functionality
* refactor: update key generation in parsedFileCache to use custom separator
- Changed the key generation logic in `generateKey` to use a custom separator (↝) instead of a newline character for improved readability and consistency in cache keys.
* fix: add missing reject handler and fix directory prefix collision
- Add reject to Promise and pendingRequests in parsed-file-cache-idb.js
- Normalize dirPath with trailing separator in invalidateDirectory to
prevent false matches (e.g., /foo/bar matching /foo/barley)
- Use platform-specific path.sep for cross-platform compatibility
* fix: add error handling in parsedFileCache and update window close event
- Added a catch block to handle errors in the database promise in parsedFileCache.
- Updated the window close event listener in collection-tree-batcher to use `once` for better resource management.
* fix: add LRU eviction when IndexedDB quota is exceeded
Handle QuotaExceededError in setEntry by automatically evicting
the oldest 20% of cache entries and retrying the write operation.
* fix: use once instead of on in mock window for batcher tests
---------
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
* feat: interface zoom control settings
* fix: allow zoom controls using shortcuts
* fix: maintain consitency in zoom shortcuts and ui interface
* fix: added min max to 50% and 150% for zoom
* fix: moved percentageToZoomLevel function in bruno-common
* chore: abstractions
---------
Co-authored-by: shubh-bruno <shubh-bruno@shubh-bruno.local>
* feat: implement workspace collection reordering functionality
feat: add tests and improve collection reordering functionality
fix: handle IPC errors during collection reordering and update tests for persistence validation
refactor: enhance collection reordering logic and update related tests for path consistency
fix: prevent unnecessary promise resolution in collection reordering when no collections are present
* fix: ensure consistent path normalization for workspace collections during reordering
Add shell-env integration to fetch environment variables from the user's
shell config files (.zshrc, .zshenv, etc.) so that proxy settings and
other exports are available in process.env for both Electron and CLI.
* fix: oauth2 credential management improvements
Add bru.resetOauth2Credential() API for programmatic credential invalidation
from scripts, fix credential clearing to match on credentialsId, expose
oauth2 credential variables in test runtime, and add input validation
with deduplication to prevent redundant IPC messages. Remove unused
collectionGetOauth2CredentialsByUrlAndCredentialsId reducer.
* fix: handle invalid URLs in oauth2 callback redirect handler
Wrap new URL() calls in try-catch within onWindowRedirect to prevent
uncaught TypeError when redirect or callback URLs are invalid.
* Update packages/bruno-app/src/utils/codemirror/autocomplete.js
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fix: change transient request directory from os temp to app data
Move transient request files from os.tmpdir() to app.getPath('userData')/transient
to prevent data loss when the OS clears temporary files.
Changes:
- Add helper functions for transient directory paths
- Update findCollectionPathByItemPath to use new transient path check
- Update renderer:mount-collection to create temp dirs in app data
- Update renderer:mount-workspace-scratch to create temp dirs in app data
- Update renderer:delete-transient-requests prefix validation
* change transient directory path to userData/tmp/transient
---------
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
Co-authored-by: naman-bruno <naman@usebruno.com>
