* Add proxy .pac file resolver
chore(dependencies): update package-lock.json with new dependencies and version upgrades
- Added new dependencies: ajv, git-url-parse, @opencollection/types, and storybook packages.
- Updated existing dependencies to their latest versions, including eslint and babel packages.
- Removed deprecated entries and cleaned up the package-lock structure for better maintainability.
* tests
* wip
* wip
* wip
* wip
* feat: file upload .pac
* wip
* wip
* wip
* wip
* wip
* wip
* wip
* wip
* feat: Refactor proxy settings to use a new structure for PAC configuration. Introduced 'source' field to determine proxy type (manual or PAC) and updated related validation and state management. Removed deprecated 'pacUrl' field in favor of 'pac.source'. Updated preferences schema and test data accordingly.
* fix: Update proxy settings to correctly reference 'source' field for PAC configuration. Adjusted state management and validation logic to align with new structure. Enhanced tests for backward compatibility and new format handling.
* feat: Enhance proxy configuration by adding 'proxyModeReason' to provide context for proxy settings. Updated related functions to accommodate the new parameter and improved logging for proxy mode changes.
* wip
* refactor: Update proxy settings to remove 'inherit' field and replace it with 'source' for better clarity. Adjusted validation schema, default preferences, and migration logic to align with the new structure. Enhanced tests to ensure compatibility with the updated proxy configuration.
* wip
* wip
* wip
* wip
* wip
* chore: consistent path check
* chore: consistency
* tests(pac): fix unit params
---------
Co-authored-by: Gianluca D'Abrosca <gianluca.dabrosca.1999@gmail.com>
Co-authored-by: Sid <siddharth@usebruno.com>
* feat: add OAuth 1.0 authentication support
Add full OAuth 1.0 (RFC 5849) authentication with support for
HMAC-SHA1/256/512, RSA-SHA1/256/512, and PLAINTEXT signature methods.
Includes UI components, bru/yml serialization, Postman import, code
generation, CLI support, and comprehensive playwright and unit tests.
* test: replace real-looking PEM literals with fake markers in oauth1 tests
Avoid tripping secret scanners by using obviously fake BEGIN/END markers
and non-sensitive base64 content in serialization and round-trip tests.
* fix: remove invalid OAuth1 placeholder header from code generator
OAuth1 requires runtime-computed nonce, timestamp, and signature that
cannot be pre-computed for a static code snippet. Return an empty array
instead of emitting an Authorization header with literal <signature>,
<timestamp>, <nonce> placeholders.
* fix: remove unreachable oauth1 case from WSAuth component
The oauth1 switch branch was dead code since it was not in
supportedAuthModes and the useEffect would reset it to 'none'
before it could render.
* fix: remove unused collectionPath param and use path.basename for filename extraction
* refactor: rename OAuth1 fields for clarity
- tokenSecret → accessTokenSecret
- signatureMethod → signatureEncoding
- addParamsTo value 'queryparams' → 'query'
* refactor: rename addParamsTo to placement in OAuth1 auth
* fix: add missing oauth1: null in buildOAuth2Config and upgrade @opencollection/types to 0.9.0
* test: add oauth1 import tests and fix missing oauth1: null in auth assertions
* ci: add auth playwright tests workflow for Linux, macOS, and Windows
* refactor: rename signatureEncoding to signatureMethod and fix timeline race condition
- Rename OAuth1 signatureEncoding to signatureMethod across all packages
- Fix timeline showing "No Headers/Body found" when request-sent IPC event
arrives after response by retroactively updating the timeline entry
- Store requestUid in timeline entries for precise matching
- Correct timeline entry timestamp on retroactive update for proper sort order
* ci: add OAuth1 CLI tests and reorganize auth actions under oauth1/
- Add CLI tests that run full BRU and YML collections via bru run
- Add start-test-server actions for Linux, macOS, and Windows
- Move auth e2e and setup actions under auth/oauth1/ directory
- Fix Windows Playwright failures caused by unescaped backslashes in collectionPath template variable
* ci: reorder auth tests to run E2E tests before CLI tests
* ci: start test server after E2E tests to fix port 8081 conflict
* fix: enable SSL session caching for faster consecutive requests (#6929)
* fix: enable SSL session caching for faster consecutive requests
Previously, Bruno created a new HTTPS agent for every request, which meant
SSL/TLS sessions couldn't be reused. This caused the full TLS handshake
(~450ms) to run on every request, even to the same endpoint.
Changes:
- Add agent caching based on TLS configuration (certs, proxy, SSL options)
- Reuse cached agents for requests with matching configuration
- SSL sessions are now cached and reused, significantly reducing
response time for consecutive requests to the same host
The fix maintains backward compatibility:
- Timeline logging moved to setup phase (before agent creation)
- Proxy and SSL validation behavior unchanged
- Added clearAgentCache() for testing and configuration changes
Fixes#5574
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address review feedback for SSL session caching
- Add passphrase to cache key to prevent incorrect agent reuse
- Add MAX_AGENT_CACHE_SIZE (100) with LRU-style eviction
- Use consistent node: prefix for crypto import
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: lohit <lohit@usebruno.com>
* feat(bruno-requests): add timeline agent for TLS event logging
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): add agent cache for SSL session reuse
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test(bruno-requests): add tests for agent cache
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): integrate agent cache into http-https-agents
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(bruno-electron): use shared agent cache from bruno-requests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-cli): use agent cache for SSL session reuse
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): add HTTP agent timeline support
Add createTimelineHttpAgentClass for logging HTTP connection events
including proxy usage, DNS lookups, and connection establishment.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(bruno-requests): extract shared agent caching logic
Add getOrCreateAgentInternal helper to reduce code duplication
between getOrCreateAgent and getOrCreateHttpAgent functions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): use HTTP agent cache for connection reuse
Export getOrCreateHttpAgent and use it in http-https-agents for
HTTP requests to enable connection pooling.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(bruno-cli): improve HTTP agent handling and error logging
- Use { keepAlive: true } instead of tlsOptions for HTTP agents
- Add warning log for system proxy configuration errors
- Fix brace style consistency
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(bruno-electron): improve HTTP agent handling
- Use { keepAlive: true } instead of tlsOptions for HTTP agents
- Fix brace style consistency
- Add missing newline at EOF
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(bruno-requests): address code review findings for agent caching
- Fix Buffer hashing bug: properly handle Buffer values in hashValue()
- Add CA array support: new hashCaValue() handles string[] | Buffer[]
- Fix timeline race condition: capture timeline reference in closure
at createConnection start to isolate concurrent requests
- Fix SSL verify message: check socket.authorized for accurate status
- Fix HTTP/HTTPS agent logic: only set httpsAgent for HTTPS requests
- Add tests for concurrent requests timeline isolation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): log when reusing cached agent
- HTTPS agents: "Reusing cached agent (SSL session reuse enabled)"
- HTTP agents: "Reusing cached agent (connection reuse enabled)"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(preferences): add cache.httpHttpsAgents.enabled preference
* feat(agent-cache): add disableCache option to getOrCreateAgent
* feat(proxy-util): respect httpHttpsAgents cache preference
* refactor(agent-cache): use named props for getOrCreateAgent and getOrCreateHttpAgent
* feat(ipc): add renderer:clear-http-https-agent-cache handler
* feat(redux): add cache.httpHttpsAgents preferences to initial state
* feat(ui): add Cache tab to Preferences
* feat(cli): add --disable-http-https-agents-cache flag
* refactor(cache): replace window.ipcRenderer calls with redux actions
Add getCacheStats, purgeCache, and clearHttpHttpsAgentCache thunks to
the app slice. Update the Cache preferences component to dispatch these
actions instead of calling window.ipcRenderer directly.
Also move handleSave and handleSaveRef above useFormik to fix declaration
order — onSubmit closes over handleSaveRef, so the ref must be initialized
before useFormik is called.
* fix: tests
* fix(cache): thread disableCache and hostname through all agent-creation paths
- Forward disableHttpHttpsAgentsCache through getHttpHttpsAgents → createAgents
so OAuth2 token requests and bru.sendRequest honour the CLI flag
- Add hostname to agent cache keys (getAgentCacheKey, getHttpAgentCacheKey)
for per-host TLS session reuse; extract hostname at every call site in
run-single-request.js, proxy-util.js, and http-https-agents.ts
- Add extractHostname helper in http-https-agents.ts to safely parse hostnames
- Add test coverage for cert, key, pfx, passphrase, and hostname cache-key
differentiation in agent-cache.spec.ts
* refactor(cache): rename getOrCreateAgent to getOrCreateHttpsAgent
* refactor: simplify UI labels, optimize agent timeline wrapping, silence proxy errors
* fix: tests
* fix(proxy): fix proxy agent construction and CA cert handling
Three fixes:
1. Proxy agents (HttpsProxyAgent, HttpProxyAgent, SocksProxyAgent) expect
(proxyUri, options) constructor signature, but the agent cache was packing
proxyUri into options as a single argument. Fixed the non-timeline code
path in getOrCreateAgentInternal.
2. HTTP requests through an HTTPS proxy need TLS options (ca certs) to
validate the proxy's certificate. All getOrCreateHttpAgent call sites
now pass TLS options when the proxy protocol is HTTPS.
3. Setting the `ca` option on any Node.js TLS connection replaces the
default OpenSSL trust store entirely. CAs only in the OpenSSL default
trust store (e.g. /etc/ssl/cert.pem) but not in tls.rootCertificates
were lost. Fixed by converting `ca` to a secureContext via addCACert(),
which appends custom CAs on top of the OpenSSL defaults instead of
replacing them.
Also simplified PatchedHttpsProxyAgent to selectively forward only the
relevant TLS options (cert, key, pfx, passphrase, rejectUnauthorized,
secureContext) to the target TLS upgrade instead of blindly merging all
constructor options.
* fix(tls): load client certs into secureContext to prevent silent drop
Add Cache tab to Preferences UI
* fix(proxy): align proxy auth check to use auth.disabled field consistently
* refactor(cache): rename CLI flag to --cache-ssl-session and disable caching by default
- Rename --disable-http-https-agents-cache to --cache-ssl-session (opt-in)
- Rename disableHttpHttpsAgentsCache to cacheSslSession across CLI and bruno-requests
- Default caching to disabled in both bruno-electron and bruno-cli
- Add cacheSslSession to buildCertsAndProxyConfig for bru.sendRequest
- Update Preferences UI labels to "Cache SSL Session"
* refactor(cache): rename httpHttpsAgents to sslSession across preferences and UI
* refactor(cache): remove unused getCacheStats and purgeCache IPC actions
---------
Co-authored-by: karthik <47263234+kxbnb@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Add shell-env integration to fetch environment variables from the user's
shell config files (.zshrc, .zshenv, etc.) so that proxy settings and
other exports are available in process.env for both Electron and CLI.
* init
* fix: header saving in ws
* fix: retrieve auth value correctly
* feat: ws settings
* fix: text for inherited auth
* feat: pass down options/settings for ws
* fix: handle run handling on url
* fix: send initial message
* fix: fix header movement and minor cleanup
* fix: message queue
* refactor: faster flushing
* feat: ws tab specific additions
close tab should close connection
`ws` shown in the tab
* chore: remove unused icon
* feat: simplify query URL rendering
* fix: only add to settings if they were added
* chore: revert to original
* fix: restyle web ui
* feat: implement WebSocket response sorting and enhance message handling
- Added WSResponseSortOrder component for toggling message sort order.
- Updated WSMessagesList to accept and utilize sort order.
- Refactored message handling to use 'type' instead of 'direction'.
- Enhanced response state management to include sort order.
* feat: enhance WebSocket handling with redirect and upgrade events
- Added support for 'ws:redirect' and 'ws:upgrade' events in the WebSocket client.
- Updated WSResponseHeaders to format headers correctly.
- Modified WSResponsePane to display headers in the response.
- Improved message handling in the Redux slice for WebSocket events.
* fix: correct fallback for URL retrieval in bruRequestToJson
* feat: enhance WebSocket message handling and styling
- Add new styling for incoming messages in StyledWrapper.
- Update WSMessagesList to handle message sorting and focus.
- Refactor response sort order handling in WSResponseSortOrder.
- Improve WebSocket connection management in ws-client.
* fix: adjust styling for message display
* fix: imports for ws files
* fix: visually simplify the message list
* chore: pkg updates
* fix: remove unused content-type check in WebSocket request preparation
* fix: avoid duplicate messages
avoid message getting queued and sent twice
* feat: beautify the code editor in each message
* feat(websockets): add websocket tests
* tests(websockets): move it a folder up
* fix: hexdump on sent messages
* fix: make the view a lot more compact
* feat: enhance WebSocket message handling and styling
* formatting fixes - batch 1
* chore: formatting fixes batch 2
* chore: format changes batch 3
* chore: format settings batch 4
* chore: clean up
* chore: for now avoid oauth2
* chore: formatting changes batch 6
* test(websocket): add headers handling in tests
- Implemented logic to send headers in websocket messages.
- Added tests for websocket connections and message handling.
- Created locators for common elements in websocket tests.
* chore: cleanup
* test(websocket): refactor to use constant for BRU_FILE_NAME
Updated the test cases to utilize a constant for the BRU_FILE_NAME regex pattern for better maintainability and readability.
* test(websocket): update BRU_FILE_NAME to use regex
Changed BRU_FILE_NAME from a string to a regex pattern for better matching.
* fix(ws-client): rename timeout to handshakeTimeout
Updated the WebSocket connection options to use 'handshakeTimeout' instead of 'timeout' for clarity.
* chore: cleanup
* fix(ShareCollection): update non-exportable request types handling
Refactor hasGrpcRequests to hasNonExportableRequestTypes,
returning an object with a flag and types of requests that
will not be exported.
* feat: inherit timeout from app prefs
* fix: faster queue
* feat: add WSRequestBodyMode component and language detection
- Introduced a new component for selecting request body modes (JSON, XML, TEXT).
- Implemented auto-detection of language for the request body content.
- Created a styled wrapper for improved UI presentation.
* feat: enhance WebSocket message handling with decoder support
- Added decoder field to WebSocket messages in various components.
- Updated prettify functionality to handle XML and JSON formats.
- Modified Redux state to include decoder information.
- Adjusted schema validation to accommodate decoder field.
* refactor: replace decoder with type in WebSocket message handling
* fix: use `body` directly
* chore: reset formatting
* chore: reformat
* chore: reformat
* chore: reformat
* chore: reformat
* chore: base format
* chore: fix lang constructs
* chore: fix message queue flush logic
Ensure that the flushQueue method checks for the existence of the message queue before processing.
Refactor WebSocket test fixtures for better readability by correcting indentation and structure.
* fix: typo
* chore: lint fixes
* chore: lint fixes
* chore: rediff utils
* chore: rediff utils
* chore: remove from CLI
* chore: rediff utils
* chore: rediff utils
* chore: rediff utils
* chore: rediff utils
* chore: fix formatting
* tests(websocket): add websocket persistence tests
* chore: format
* feat(eslint): add TypeScript support and update test file patterns
* fix: turn off single line jsx expressions
* revert lang `ws` removal
* chore: reformat
* feat: better subprotocol support and tests
* chore: reformat
* chore: reformat
* clean up ununsed components
* refactor: locators, tests, new request design
* chore: close app for each test to start afresh
* Revert "chore: close app for each test to start afresh"
This reverts commit 5c2e3bec81.
* refactor: simplify dropdown mode selection
* chore: remove unused changes
* refactor: simplify
* chore: simplify
* fix: loading pulse animation
* refactor: update lodash import syntax
* fix: comments and sanitisation
* refactor: rename BRU_FILE_NAME to BRU_REQ_NAME for consistency
Updated variable names across websocket tests to improve clarity and maintain consistency in naming conventions.
* fix: null check for the initialisation of websocket client
* fix: add poller to check for saved state
* fix: variable message time check for tests
* fix: force wait for elements
* fix: use nth locators instead of wait (draft attempt)
* chore: reformat
* fix: update beta preferences to include websocket support
* feat: GA
* feat: rename `connectionTimeout` to `timeout` and better form
* feat: update WebSocket IPC channel names to use 'renderer' prefix
* feat: add 'oauth2' to supported authentication modes
* chore: add default `json` type in ws
* test: add tests for bruToJson and jsonToBru parsers
- Implemented smoke tests for the bruToJson parser to validate message inference and settings.
* refactor: improve timeout handling in WebSocket client
---------
Co-authored-by: Siddharth Gelera <siddharthgelera@Siddharths-MacBook-Air.local>
Co-authored-by: Sid <siddharth@usebruno.com>
* feat: bru.sendRequest api
* updated the postman-translations logic to handle `pm.sendRequest` to `bru.sendRequest` translations, and added unit tests
* ~ removed `maxRedirects` and `proxy` values for sendRequest axios-instance
~ fixed the imports for the `send-request-transformer` function
~ `sendRequest` and `runRequest` will return same response object in both safe and developer mode
~ sendRequest function optimization
* revert sendRequest to async function, added a testcase for sendRequest with url string
* sendRequest callback errors handling
* updated tests and added await for the callbacks
---------
Co-authored-by: lohit <lohit@usebruno.com>