* feat(cookies): add direct cookie access methods and update translations
- Introduced new methods for direct cookie access: `bru.cookies.get`, `bru.cookies.has`, and `bru.cookies.toObject`.
- Updated translation mappings in `bruno-to-postman-translator` and `postman-to-bruno-translator` to support these new methods.
- Enhanced tests to verify correct translation between `bru` and `pm` cookie methods, including mixed usage scenarios.
- Updated `Bru` class to handle cookie access based on the current request URL.
* feat(cookies): enhance cookie management with new methods and refactor
- Added new cookie methods: `toString`, `clear`, `delete`, `one`, `all`, `idx`, `count`, `indexOf`, `find`, `filter`, `each`, `map`, and `reduce` to `bru.cookies`.
- Refactored `Bru` class to utilize a new `CookieList` for cookie management, improving structure and readability.
- Updated translation mappings in `bruno-to-postman-translator` and `postman-to-bruno-translator` to include new cookie methods.
- Introduced `PropertyList` and `ReadOnlyPropertyList` classes for better data structure management.
- Enhanced tests for comprehensive coverage of new cookie functionalities and their interactions.
* docs(readonly-property-list): clarify array usage in constructor comments
* feat(cookies): add direct cookie manipulation tests and methods
* feat(cookies): add hasCookie method for checking cookie existence
* fix
* refactor(cookies): simplify cookie method translations
* feat(cookies): expand cookie API with new methods and tests
- Added new cookie methods: `get`, `has`, `toString`, `clear`, `upsert`, `remove`, `idx`, and `indexOf` to enhance cookie management.
- Updated translation mappings for `bru.cookies` to include new methods in `bruno-to-postman-translator` and `postman-to-bruno-translator`.
- Introduced tests for new methods and their interactions, ensuring comprehensive coverage of cookie functionalities.
- Enhanced existing tests to validate correct behavior of cookie methods across different scenarios.
* refactor(cookies): update CookieList to extend PropertyList and improve error handling
* test(cookies): add regression tests for jar and direct cookie patterns
- Introduced regression tests to ensure that jar patterns are correctly prioritized over direct cookie access patterns in translations.
- Updated `CookieList` to extend `ReadOnlyPropertyList` instead of `PropertyList`, clarifying its functionality.
- Refactored cookie method handling in the `bru` shim to utilize a new asynchronous bridge for improved error handling and consistency.
* refactor(cookies): update translations and remove PropertyList
- Enhanced comments in `postman-translations.js` to clarify the order of cookie jar translations.
- Updated `cookie-list.js` comments to better describe the factory function for the cookie jar.
- Removed the `PropertyList` class and its associated tests, streamlining the codebase and focusing on `ReadOnlyPropertyList` and `CookieList` for cookie management.
* fix(cookies): normalize tough-cookie objects and improve remove method comments
- Updated `CookieList` to normalize tough-cookie instances to plain objects, preventing circular references and exposing internal structures.
- Enhanced comments in the `remove` method to clarify behavior when removing non-existent or empty-named cookies.
* test(cookies): update tests to use async/await for consistency
* test(cookies): use async/await in cookie tests for consistency
* refactor(readonly-property-list): update get and reduce methods for improved behavior
* fix(cookies): update cookie method signature in autocomplete hints and enhance translation comments
- Modified the autocomplete hint for `bru.cookies.has` to include the new signature with an optional value parameter.
- Improved comments in `postman-translations.js` to clarify the order of cookie jar translation patterns for better understanding.
* refactor(cookies): introduce PropertyList for enhanced cookie management
* refactor(property-list): simplify repopulate method and enhance item handling logic
* feat(cookies): implement PropertyList bridge for enhanced cookie management
- Introduced a new `createPropertyListBridge` utility to streamline the integration of cookie methods into the QuickJS VM.
- Replaced the previous async cookie bridge with a more flexible approach, allowing for both synchronous and asynchronous cookie operations.
- Added comprehensive tests to validate the functionality of the new cookie methods in both developer and safe modes.
- Updated existing cookie tests to ensure compatibility with the new PropertyList structure.
* fix(tests): correct expected passed requests in cookie tests
- Updated the expected number of passed requests in the cookie tests from 34 to 6 to reflect the correct validation results.
- Ensured consistency in test assertions across multiple test cases for the PropertyList API.
* fix(cookies): update cookie URLs to use localhost for testing
- Changed all cookie-related test scripts to use `{{localhost}}` instead of `{{host}}` for the ping URL, ensuring consistency in local testing environments.
- Updated the cookie test suite to reflect the new URL structure, enhancing the reliability of the tests.
- Removed outdated cookie test files to streamline the test suite.
* refactor(cookies): standardize cookie handling with localhost variable
- Updated cookie test scripts to utilize the `{{localhost}}` variable for setting and retrieving cookies, ensuring consistency across tests.
- Enhanced clarity in comments regarding cookie behavior for different domains.
- Improved test assertions to validate cookie management functionality more effectively.
* refactor(property-list, readonly-property-list): update methods to use private class fields
* feat(cookies): enhance CookieList API with detailed documentation and method improvements
- Updated the `CookieList` class to provide comprehensive documentation on cookie management methods, including `add`, `upsert`, `remove`, and `delete`.
- Improved method signatures to support both callback and Promise-based usage for asynchronous operations.
- Added detailed descriptions for read and write methods, including examples and expected behavior.
- Enhanced the integration of the `CookieList` with the QuickJS VM by updating the property list bridge to include `toJSON` in sync read object methods.
* feat(cookies): add detailed examples and improve async bridge documentation
- Enhanced the `createPropertyListBridge` function documentation with comprehensive examples for setting up cookie methods in QuickJS.
- Clarified the two-phase setup process for async write methods, detailing the registration of bridge functions and the generation of JavaScript code for method wrappers.
- Added a new test case for the `toJSON()` method to ensure it returns a cloned array of all cookies, validating the expected structure and properties.
* fix(assert-runtime): correct syntax error in response parser assignment
- Added a semicolon at the end of the response parser assignment to ensure proper syntax in the AssertRuntime class.
* feat: add OAuth 1.0 authentication support
Add full OAuth 1.0 (RFC 5849) authentication with support for
HMAC-SHA1/256/512, RSA-SHA1/256/512, and PLAINTEXT signature methods.
Includes UI components, bru/yml serialization, Postman import, code
generation, CLI support, and comprehensive playwright and unit tests.
* test: replace real-looking PEM literals with fake markers in oauth1 tests
Avoid tripping secret scanners by using obviously fake BEGIN/END markers
and non-sensitive base64 content in serialization and round-trip tests.
* fix: remove invalid OAuth1 placeholder header from code generator
OAuth1 requires runtime-computed nonce, timestamp, and signature that
cannot be pre-computed for a static code snippet. Return an empty array
instead of emitting an Authorization header with literal <signature>,
<timestamp>, <nonce> placeholders.
* fix: remove unreachable oauth1 case from WSAuth component
The oauth1 switch branch was dead code since it was not in
supportedAuthModes and the useEffect would reset it to 'none'
before it could render.
* fix: remove unused collectionPath param and use path.basename for filename extraction
* refactor: rename OAuth1 fields for clarity
- tokenSecret → accessTokenSecret
- signatureMethod → signatureEncoding
- addParamsTo value 'queryparams' → 'query'
* refactor: rename addParamsTo to placement in OAuth1 auth
* fix: add missing oauth1: null in buildOAuth2Config and upgrade @opencollection/types to 0.9.0
* test: add oauth1 import tests and fix missing oauth1: null in auth assertions
* ci: add auth playwright tests workflow for Linux, macOS, and Windows
* refactor: rename signatureEncoding to signatureMethod and fix timeline race condition
- Rename OAuth1 signatureEncoding to signatureMethod across all packages
- Fix timeline showing "No Headers/Body found" when request-sent IPC event
arrives after response by retroactively updating the timeline entry
- Store requestUid in timeline entries for precise matching
- Correct timeline entry timestamp on retroactive update for proper sort order
* ci: add OAuth1 CLI tests and reorganize auth actions under oauth1/
- Add CLI tests that run full BRU and YML collections via bru run
- Add start-test-server actions for Linux, macOS, and Windows
- Move auth e2e and setup actions under auth/oauth1/ directory
- Fix Windows Playwright failures caused by unescaped backslashes in collectionPath template variable
* ci: reorder auth tests to run E2E tests before CLI tests
* ci: start test server after E2E tests to fix port 8081 conflict
* refactor: update Bru constructor to accept a single options object for improved readability
- Changed the Bru class constructor to accept a single options object instead of multiple parameters, enhancing code clarity and maintainability.
- Updated all instances of Bru instantiation across the codebase to align with the new constructor format.
* docs: enhance Bru constructor documentation with additional certs and proxy configuration options
- Updated the documentation for the Bru class constructor to include new parameters related to certs and proxy configuration, improving clarity for users on available options.
- Added descriptions for collectionPath, options, clientCertificates, collectionLevelProxy, and systemProxyConfig to provide comprehensive guidance on their usage.
* docs: refine Bru constructor documentation for clarity and default values
- Updated the constructor documentation for the Bru class to enhance clarity by consolidating parameter descriptions into a single options object format.
- Added default values for optional parameters, improving guidance for users on expected input and usage.
* refactor: enhance error handling and context retrieval for script errors
- Updated the error formatter to utilize in-memory script content for error context, improving accuracy when users have unsaved changes.
- Introduced a new utility function, `getSourceContextFromContent`, to extract context lines from in-memory scripts.
- Enhanced tests to verify that draft script errors display the correct code context, ensuring users see the most relevant information during debugging.
- Added new Playwright tests to validate error handling in draft states across pre-request, post-response, and test scripts.
* refactor: enhance error context retrieval in error formatter
- Updated `getSourceContext` to accept in-memory content, improving context extraction for unsaved changes.
- Deprecated `getSourceContextFromContent` in favor of the new parameterized approach.
- Adjusted related tests to ensure accurate context handling for draft script errors.
* refactor: enhance error context handling for draft scripts
* refactor: streamline script error tests and enhance utility functions
- Consolidated helper functions for sending requests and waiting for responses into the actions module.
- Introduced new utility functions for selecting script sub-tabs and editing CodeMirror editors.
- Updated test cases to utilize the new utility functions, improving readability and maintainability.
- Enhanced locators for better integration with testing frameworks.
* refactor: improve script error context handling and utility functions
- Introduced a new utility function to streamline the retrieval of script block start lines for .bru and .yml files.
- Enhanced the error formatter to prioritize in-memory draft content when resolving error contexts, improving accuracy for unsaved changes.
- Consolidated context extraction logic into a single function to reduce redundancy and improve maintainability.
- Updated related tests to ensure accurate context handling for both draft and disk-based scripts.
* refactor: add comments to clarify line index calculations in error formatter
* feat: enhance ScriptError with source context, code snippets, and navigation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: remove auto-commenting of untranslated pm commands during import
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: update CodeSnippet styles to use theme colors for error and warning highlights
* fix: remove unused SCRIPT_TYPES import from network IPC module
* refactor: remove unused functions and clean up source-context utility
- Removed `getUnifiedScriptContext`, `getWarningSourceGroups`, and related helper functions from `source-context.js` to streamline the utility.
- Updated tests in `source-context.spec.js` to reflect the removal of unused functions, ensuring only relevant tests for `findLineInSource` and `getScriptContext` remain.
* refactor: simplify ScriptError component and update styles
* refactor: streamline tab management in Script components
* refactor: enhance tab management in ScriptError and add testsMetadata handling in prepare-request
* refactor: improve error source identification in ScriptError component
- Enhanced the logic for determining error source types by introducing separate checks for folder and collection files.
- Updated the handling of folder file names to ensure accurate UID retrieval and labeling.
- Streamlined the overall structure of the getErrorSourceInfo function for better readability and maintainability.
* refactor: improve ScriptError component and enhance styling
- Simplified the conditions for displaying the ScriptError component in ResponsePane.
- Updated navigation logic in ScriptErrorCard to ensure proper handling of source information.
- Adjusted styles in StyledWrapper to allow for visible overflow.
- Enhanced ScriptErrorIcon to accept additional class names for better styling flexibility.
- Minor layout adjustments in RunnerResults ResponsePane for improved UI consistency.
* refactor: simplify test description for untranslated pm commands and consolidate error formatter imports
* fixes
* refactor: update focusedTab logic in Script components to use collection and folder UIDthe respective collection and folder UID instead of the activeTabUid.
* feat: add buildErrorContext utility for enhanced error handling in network IPC
- Introduced a new utility function `buildErrorContext` to construct detailed error context from script errors.
- This function parses error locations, adjusts line numbers, and retrieves relevant source context, improving error reporting.
- Removed the previous inline error handling logic from the network IPC module to streamline the codebase.
* feat: added playwright test cases to test scriptError behavior
* refactor: enhance ScriptError component and improve error handling
- Updated labels for error source types in ScriptError to be more concise (e.g., "Request Script" to "Request").
- Improved navigation logic in ScriptErrorCard to ensure proper handling of navigable file paths.
- Enhanced styling in StyledWrapper for better visual consistency and user experience.
- Added tests to verify fallback behavior for missing error types and non-navigable file paths.
- Refined utility functions for better context extraction from script errors.
* refactor: normalize file paths for cross-platform compatibility in ScriptError component
* refactor: improve file path handling in ScriptError component
* refactor: enhance buildErrorContext for improved error handling
* docs: add detailed comments to build-error-context for better understanding of error handling
* refactor: enhance error block line detection in error formatter
- Updated `findScriptBlockEndLine` and `findYmlScriptBlockEndLine` functions to return null for empty or missing blocks, improving accuracy in line detection.
- Added comprehensive tests for both functions to ensure correct behavior across various scenarios, including handling of non-.bru and non-.yml files.
* refactor: improve error handling and testing in ScriptError and buildErrorContext
- Updated ScriptError component to streamline tab management by replacing focusTab with addTab for better request handling.
- Enhanced buildErrorContext to return null for empty or missing script blocks in .bru and .yml files, ensuring accurate error reporting.
- Added tests to validate behavior for empty script blocks and improved error context extraction in various scenarios.
* test: add new tests for script error navigation and handling
- Implemented tests for post-response file-path navigation to the Script tab and verification of active sub-tabs.
- Added keyboard navigation tests to trigger file-path navigation using the Enter key.
- Included a test for multiple error cards to ensure closing one does not affect others.
- Enhanced runner tests to verify navigation to the Tests tab from script error results.
* refactor: enhance CodeSnippet line rendering and remove unused source-context utilities
* refactor: update locators in script-errors tests for improved readability and maintainability
* test: enhance script-errors tests to verify error line content
* review fixes
* refactor: update RunnerResults component and enhance locators for improved testability
* refactor: remove buildErrorContext and replace with formatErrorWithContextV2
- Deleted the buildErrorContext function and its associated tests.
- Updated network IPC to utilize formatErrorWithContextV2 for improved error context handling.
- Enhanced error reporting by ensuring structured error context is returned for desktop UI.
* refactor: enhance tab components with data-testid attributes for improved testability
- Added data-testid attributes to tab elements in CollectionSettings and FolderSettings components for better integration with testing frameworks.
- Updated Tabs and ResponsiveTabs components to include data-testid attributes for tab triggers, enhancing the ability to select and verify tabs in tests.
- Modified script-errors tests to utilize new locators for improved readability and maintainability.
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: comment out unused API hints in autocomplete.js
* refactor: comment out unused API translations in postman and bruno translators
Temporarily disable certain API translations due to UI update issues affecting their functionality. A note has been added to restore these translations once the UI fixes are implemented.
* refactor: temporarily skip tests for collection variable translations due to UI update issues
Commented out tests related to `setCollectionVar`, `deleteCollectionVar`, and related functionalities until the necessary UI updates are implemented. A note has been added to restore these tests once the fixes are live.
* refactor: comment out variable deletion and retrieval methods due to UI sync issues
* revert: ping.bru
* refactor: update postman translation tests to enable previously skipped cases
* feat(): support multipart mixed
fix: support vars interpolation on mixed multi-part
Update packages/bruno-electron/src/ipc/network/interpolate-vars.js
Co-authored-by: Timon <39559178+Its-treason@users.noreply.github.com>
refactor: use startsWith
feat: best effort for other multipart/* contentypes
* feat: enhance variable interpolation for multipart requests
- Updated `interpolateVars` function to support interpolation in multipart/form-data and multipart/mixed requests.
- Added handling for empty multipart arrays and parts with missing or undefined values.
- Improved type checks for content types to ensure proper interpolation behavior.
Includes new tests to validate the interpolation functionality for multipart requests.
* fix: normalize error handling in sendRequest and improve test reliability
---------
Co-authored-by: Alfonso Presa <alfonso-presa@users.noreply.github.com>
* fix: oauth2 credential management improvements
Add bru.resetOauth2Credential() API for programmatic credential invalidation
from scripts, fix credential clearing to match on credentialsId, expose
oauth2 credential variables in test runtime, and add input validation
with deduplication to prevent redundant IPC messages. Remove unused
collectionGetOauth2CredentialsByUrlAndCredentialsId reducer.
* fix: handle invalid URLs in oauth2 callback redirect handler
Wrap new URL() calls in try-catch within onWindowRedirect to prevent
uncaught TypeError when redirect or callback URLs are invalid.
* Update packages/bruno-app/src/utils/codemirror/autocomplete.js
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fix: isJson assertion fails after res.setBody() with object in node-vm
Objects created inside Node's vm.createContext() have a different Object
constructor than the host realm. When res.setBody() is called with a JS
object from a script, _.cloneDeep preserves the cross-realm prototype,
causing obj.constructor === Object to fail in the isJson assertion.
Replace with Object.prototype.toString.call() which is cross-realm safe.
* fix: register isJson chai assertion in QuickJS test runtime
The bundled chai in QuickJS only exposes { expect, assert } via
requireObject — no Assertion class. Access the prototype through
Object.getPrototypeOf(expect(null)) and use Object.defineProperty
to register the json property directly.
* fix: enable assertion chaining on isJson in QuickJS runtime
The QuickJS isJson property getter was missing `return this`, preventing
chai assertion chaining (e.g. expect(body).to.be.json.and...).
* feat: add support for new variable management functions in Bruno
- Implemented methods to retrieve and delete all environment and global variables.
- Added corresponding translations for new functions in Postman and Bruno converters.
- Updated request handling to include header deletion functionality.
- Enhanced test cases to cover new variable management features.
* feat: add new scripts for environment and global variable management
- Introduced scripts to delete all environment and global variables.
- Added functionality to retrieve all environment and global variables.
- Implemented tests to validate the behavior of new variable management features.
* feat: implement collection variable management in Bruno
- Added methods for managing collection variables: set, get, has, delete, and retrieve all.
- Updated Postman translation functions to reflect new collection variable methods.
- Enhanced tests to validate the functionality of collection variable management.
- Refactored existing code to replace environment variable references with collection variable equivalents.
* feat: enhance collection variable translations in Bruno
- Updated translation functions for collection variable management to align with Postman API.
- Added tests for new collection variable methods: set, has, delete, retrieve all, and clear.
- Refactored existing tests to ensure accurate translation of collection variable operations.
* feat: expand API hints for variable management in Bruno
* fix: test cases
* fix: remove unnecessary return in deleteEnvVar function
* feat: add translations for direct cookie access methods
- Implement translations for pm.cookies.has, pm.cookies.get, and pm.cookies.toObject to their corresponding bru.cookies methods.
- Enhance the postman-to-bruno translator to handle these new cookie access patterns.
- Add unit tests to verify the correct conversion of cookie access methods in various scenarios.
* refactor: simplify optional member expression handling in postman-to-bruno translator
- Streamlined the code for handling optional member expressions in the translation of cookie access methods.
- Updated unit test to verify the correct output format for pm.cookies.toObject() conversion.
* refactor: enhance handling of await expressions in cookie translations
- Updated the postman-to-bruno translator to wrap await expressions in parentheses for improved clarity and consistency.
- Adjusted unit tests to reflect the new output format for cookie access methods, ensuring accurate translation of pm.cookies.get calls.
* refactor: update cookie access translations to use hasCookie method
- Modified translations for pm.cookies.has to utilize the new bru.cookies.hasCookie method for improved clarity and functionality.
- Updated related unit tests to reflect changes in expected output for cookie existence checks.
- Added new tests to validate the behavior of the hasCookie method in various scenarios.
* fix(node-vm): scripting context and module resolution issues
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): use vm.createContext for true isolation and fix prototype mismatches
- Replace vm.compileFunction with vm.createContext + runInContext for true isolation
- Remove ECMAScript built-ins from safeGlobals (VM provides its own versions)
- This fixes prototype chain mismatches that broke libraries like @faker-js/faker
- Add sanitized process object (allows env, blocks exit/kill)
- Add global/globalThis pointing to isolated context (not host)
- Extract safe globals to constants.js for maintainability
- Remove typed-arrays mixin (VM provides TypedArrays)
- Add comprehensive isolation tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): remove process, add Error types and TypedArrays mixin, add jose test
- Remove process object from script context (security hardening)
- Remove createSanitizedProcess function from constants.js
- Add Error types to safeGlobals for instanceof checks with host errors
- Add TypedArrays mixin for host API compatibility (TextEncoder, crypto, Buffer)
- Add jose library and test for JWT sign/verify functionality
- Update tests to reflect process removal
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): handle circular dependencies and failed module caching
- Pre-populate module cache before execution to support circular requires
- Cache moduleObj instead of moduleObj.exports to handle module.exports reassignment
- Remove failed modules from cache to allow retry
- Add test for circular dependency handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): spread all context properties in buildScriptContext
Instead of explicitly listing each context property, spread all
properties from the context input to support future additions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): add filtered process object to script context
Expose a sanitized process object with only safe read-only properties
(argv, version, arch, platform, pid, features) while keeping env empty
for security.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test(node-vm): add comprehensive tests for Node.js builtins
Add 18 test files for Node.js builtin APIs in developer sandbox mode:
- Buffer, URL, TextEncoder/TextDecoder, btoa/atob
- Web Crypto API and node:crypto module
- Timers (setTimeout, setInterval, setImmediate, queueMicrotask)
- Fetch API (Request, Response, Headers, FormData, Blob)
- Intl formatters, JSON, Events (Event, EventTarget, CustomEvent)
- Node modules: fs, path, os, util, stream, zlib, querystring
All tests skip in safe mode using bru.runner.skipRequest().
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): address CodeRabbit review feedback
- Block absolute paths from bypassing security by routing through loadLocalModule
- Fix process tests to expect sanitized object instead of undefined
- Fix cache test to verify module executes only once
- Add tests for absolute path handling (block outside, allow within roots)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: lint issues
* fix(node-vm): recontextualize host objects for cross-context deep equality
Objects passed from the host context into the Node VM have different
Object/Array constructors than objects created inside the VM. This breaks
deep equality checks in libraries like AJV, where fast-deep-equal fails
on `a.constructor !== b.constructor` for structurally identical objects.
Add recontextualizeScript to utils.js that wraps getter methods (res.getBody,
res.getHeaders, req.getBody, req.getHeaders, req.getPathParams, req.getTags,
bru.getVar) to JSON round-trip returned objects inside the VM, giving them
VM-native prototypes.
Add external-lib-with-bru-req-res-objects package and tests to verify
bru/req/res accessibility from npm modules. Update ajv.bru tests to
validate res.getBody() against AJV schemas with enum on nested objects.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(node-vm): update spec to use saved mock refs after recontextualize
The recontextualizeScript wraps res.getBody with a JSON round-trip
function, replacing the jest mock on the context object. Save mock
references before calling runScriptInNodeVm so assertions work.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(node-vm): shallow-copy mutable process properties in sandbox
process.argv, process.versions, and process.features were passed by
reference, allowing sandboxed scripts to mutate the host process.
Shallow-copy these properties to prevent leaking mutable references.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(node-vm): use recursive clone in toVMNative instead of JSON round-trip
JSON.stringify converts undefined to null in arrays, breaking tests like
res.setBody([..., undefined, ...]). Replace with recursive clone that
creates new VM-native objects/arrays while preserving undefined values.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(node-vm): generalize recontextualize to wrap all bru/req/res methods
Instead of hardcoding specific method names, walk the prototype chain
with Object.getOwnPropertyNames to discover and wrap all methods that
return Objects/Arrays. Async methods (sendRequest, runRequest) get their
resolved values wrapped. The res callable and res.body/res.headers are
also recontextualized for direct access and query usage.
Adds integration tests for VM-native prototype checks across res, req,
bru APIs, res() callable queries, and bru.sendRequest patterns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* revert(node-vm): remove recontextualizeScript and related tests
The recontextualize approach of wrapping all bru/req/res methods
to return VM-native objects is being reverted in favor of a
different solution to the cross-context prototype mismatch issue.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(node-vm): expose full process object in developer sandbox via safeGlobals
* test(node-vm): update process tests for full process object in developer sandbox
* test(node-vm): update spec to verify process.nextTick availability
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* Mark test script errors as failed in runner
and CLI
* Unify handling of post-response and pre-request script errors in both CLI and Electron
* feat: Enhance error handling in script execution by preserving partial results for pre-request and post-response scripts across CLI and Electron. This ensures that tests passing before an error are still reported.
* Preserving stopExecution in test script error handler
---------
Co-authored-by: Pragadesh-45 <temporaryg7904@gmail.com>
* feat: add certs and proxy config to bru.sendRequest API
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: handle URL string argument in bru.sendRequest
When bru.sendRequest is called with a plain URL string instead of a
config object, the function now normalizes it to { url: string } before
processing. This fixes the case where spreading a string created an
invalid config object.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add variable interpolation to bru.sendRequest certs and proxy config
Interpolate environment variables in clientCertificates and proxy
configuration for bru.sendRequest API, enabling use of variables like
{{CERT_PATH}} or {{PROXY_HOST}} in certificate paths and proxy settings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: use interpolateObject for certs and proxy config interpolation
- Add interpolateObject to electron's interpolate-string.js using
buildCombinedVars pattern (matches CLI implementation)
- Simplify cert-utils.js by using interpolateObject instead of
manual field-by-field interpolation
- Add interpolation for clientCertificates and proxy config in CLI's
run-single-request.js for bru.sendRequest
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: add all variable types to sendRequest interpolation options
- Add globalEnvVars, collectionVariables, folderVariables, requestVariables
to sendRequestInterpolationOptions for complete variable support
- Use cached system proxy instead of redundant getSystemProxy() call
- Remove duplicate getOptions() call
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: skip CA cert loading when TLS verification is disabled
Only load CA certificates when shouldVerifyTls is true, since they
are not used for validation when TLS verification is disabled.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Add `isSafeMode()` to Bru API that returns `true` in
case the runtime is a sandbox.
This allows for scripts to test for and handle whether
running in sandbox or not:
```javascript
if (bru.isSafeMode()) {
throw new Error('This script requires Developer mode')
}
```
Co-authored-by: Anoop M D <anoop@usebruno.com>
* feat: apply modified dataBuffer to the response
* fix: ensure dataBuffer regeneration only occurs when res.setBody() is called
* refactor: update dataBuffer handling in BrunoResponse
When jsonwebtoken throws errors inside the NodeVM context, those errors
were instances of the VM's isolated Error class, which caused
instanceOf(Error) checks in tests to fail.
By adding Error constructors (Error, TypeError, ReferenceError,
SyntaxError, RangeError) from the global scope to the scriptContext,
errors thrown by jsonwebtoken and other modules now use the same Error
class that tests check against, ensuring instanceOf checks pass correctly.
This fixes jsonwebtoken test failures when using the NodeVM runtime.
* fix: enhance cleanJson to support serialization of typed arrays
* fix: correctness of inference based checks
* fix: remove duplicate Uint8Array reference
* fix: correct export syntax for mixinTypedArrays
Updated the export statement to use 'exports' instead of 'export' for proper module export functionality.
* chore: code cleanup
* test: add basics tests for cleanJson
- Added interpolation to setVar method's value field.
- Added playwright test to test the fix.
- Added jest test to test out the fix.
---
Playwright - PASS
Jest - PASS
---
* Import WSDL to bruno collection
* feat(wsdl-import): remove unused code and minor refactor
---------
Co-authored-by: Bijin Bruno <bijin@usebruno.com>
