* feat: introduce OpenAPI Sync beta feedback feature
- Added a feedback section in the OpenAPISyncTab and ConnectSpecForm to encourage user input during the beta phase.
- Styled the feedback message and button for better visibility.
- Updated the beta features list to include OpenAPI Sync and adjusted related components to reflect its beta status with appropriate badges.
- Enhanced the StatusBadge component to support a new 'xs' size for better integration in various UI elements.
* feat: integrate OpenAPI Sync beta feature toggle
- Updated the ImportCollectionLocation component to conditionally enable the "Check for Spec Updates" option based on the OpenAPI Sync beta feature status.
- Modified default preferences to disable OpenAPI Sync by default, ensuring users are not prompted for updates unless explicitly enabled.
* feat: enhance beta features integration in Preferences
- Updated the BETA_FEATURES array to use constants from utils/beta-features for better maintainability.
- Improved the handling of beta preferences by merging new preferences with existing ones, ensuring a smoother user experience when toggling features.
* feat: enhance OpenAPI Sync polling with beta feature toggle
- Integrated a beta feature toggle for OpenAPI Sync polling, allowing conditional activation based on user settings.
- Updated the pollingEnabled logic to incorporate the new beta feature status, ensuring better control over sync behavior.
* Revert "feat(phase-1): allow user to customize keybindings (#7163)"
This reverts commit 14532b48a6.
* Revert "chore: UI Polish for Zoom and Keybindings panel (#7376)"
This reverts commit 5151d29aac.
* fix: cookie wrapper callback mode returns never-resolving Promise
tough-cookie's createPromiseCallback() intentionally never resolves the
returned Promise when a callback is provided — only the callback fires.
The cookie jar wrapper was propagating this never-resolving Promise via
`return cookieJar.getCookies(url, cb)` in callback-mode paths. When user
scripts did `await jar.getCookie(url, name, callback)` in the Node VM
(developer sandbox), the await hung forever, blocking the CLI runner.
Fix: drop the return value in all callback-mode paths so the wrapper
returns void (undefined). `await undefined` resolves immediately.
Affected methods: getCookie, getCookies, hasCookie, clear, deleteCookies.
* fix: validation-error callback paths also return void instead of callback result
The validation guards (e.g. missing URL) did `return callback(error)` which
leaks whatever the user's callback returns. Apply the same pattern used for
the main callback paths: call the callback, then return void.
Also makes deleteCookie's `return executeDelete(callback)` consistent
(executeDelete already returns void, but the explicit pattern is clearer).
Without path normalization, collections appear stuck in "mounting" state on Windows
because workspace YAML uses forward slashes while Redux uses backslashes.
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
* feat(request-pane): restore body tab scroll position on tab switch
When editing large request bodies (JSON/XML/text/sparql), switching to
another tab (params, headers, auth, etc.) and back would reset the
CodeMirror editor scroll position to the top.
Fix by persisting the scroll position to Redux on editor unmount (via
CodeEditor's onScroll prop) and restoring it on mount (via initialScroll),
mirroring the existing scroll restoration pattern in QueryResultPreview.
* test: add playwright tests for body scroll restoration
---------
Co-authored-by: naman-bruno <naman@usebruno.com>
* Enhance OpenAPISyncTab functionality with error handling and UI improvements
- Updated ConnectSpecForm to include error handling for invalid OpenAPI specifications when uploading files.
- Added a sync info notice in CollectionStatusSection to inform users about tracked changes.
- Improved styling in StyledWrapper for better visual feedback and layout consistency.
- Adjusted button colors and properties in ConfirmSyncModal and ConnectionSettingsModal for better UX.
- Refactored useOpenAPISync hook to validate URLs before syncing, ensuring only valid OpenAPI specs are processed.
- Enhanced parameter handling in openapi-to-bruno.js to support enum and default values more effectively.
* Refactor OpenAPISyncTab components for improved URL validation and error handling
- Updated ConnectSpecForm to streamline file upload error handling for OpenAPI specifications.
- Enhanced OpenAPISyncHeader to utilize isHttpUrl for better URL validation.
- Refactored useOpenAPISync hook to replace isValidUrl with isHttpUrl for consistency in URL checks.
- Improved file parsing logic in file-reader.js to handle case-insensitive JSON file extensions.
- Added isHttpUrl utility function to validate HTTP/HTTPS URLs effectively.
* Enhance file parsing logic in file-reader.js to improve error handling for JSON and YAML files
- Updated parseFileAsJsonOrYaml function to handle case-insensitive JSON file extensions more robustly.
- Added error handling to ensure the document root is an object and not an array, improving data validation.
* Update StatusBadge component to include new 'xs' size preset and adjust documentation accordingly
- Added 'xs' size preset with specific font size and padding for minimal use cases.
- Updated documentation to reflect the new size options available for the StatusBadge component.
* fix: refocus collection name input on error and resolve missing default location folder
* revert: remove focus refocus logic from InlineCollectionCreator
Reverts the setTimeout focus change that was causing test failures.
Keeps the preferences.js fix for default location validation.
Made-with: Cursor
* fix: update default-collection-location test to use project path
Use {{projectRoot}} template variable for defaultLocation so the path
exists when the app validates it with fs.existsSync.
Made-with: Cursor
* fix: improve save test to use alternate path and verify persistence
Made-with: Cursor
---------
Co-authored-by: naman-bruno <naman@usebruno.com>
- Updated OpenAPISyncTab to utilize Redux state for active tab management, improving state consistency.
- Removed unnecessary loading state checks from OverviewSection and SpecStatusSection for cleaner logic.
- Streamlined prop usage in OverviewSection by eliminating the isLoading prop.
- Cleaned up useOpenAPISync hook by removing unused state clearing logic on unmount.
- Improved file handling in openapi-sync IPC by ensuring new files are created in the appropriate folder based on tags.
- Removed the `viewMode` state and associated logic from OpenAPISyncTab and useSyncFlow, streamlining the component's functionality.
- Eliminated the `review-active` class from StyledWrapper, cleaning up the styling.
- Updated Redux state management by removing `viewMode` from the tab UI state structure, reducing complexity.
* fix: update button colors and streamline props in OpenAPISyncTab and CollectionHeader
- Changed button color from 'warning' to 'primary' in OpenAPISyncTab for better visual consistency.
- Simplified prop usage for OpenAPISyncIcon in CollectionHeader by removing unnecessary function wrapper.
* fix: update StatusBadge variant in OpenAPISyncHeader for improved styling
- Changed StatusBadge in OpenAPISyncHeader to use 'outline' variant for better visual distinction of version information.
* fix: enable SSL session caching for faster consecutive requests (#6929)
* fix: enable SSL session caching for faster consecutive requests
Previously, Bruno created a new HTTPS agent for every request, which meant
SSL/TLS sessions couldn't be reused. This caused the full TLS handshake
(~450ms) to run on every request, even to the same endpoint.
Changes:
- Add agent caching based on TLS configuration (certs, proxy, SSL options)
- Reuse cached agents for requests with matching configuration
- SSL sessions are now cached and reused, significantly reducing
response time for consecutive requests to the same host
The fix maintains backward compatibility:
- Timeline logging moved to setup phase (before agent creation)
- Proxy and SSL validation behavior unchanged
- Added clearAgentCache() for testing and configuration changes
Fixes#5574
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address review feedback for SSL session caching
- Add passphrase to cache key to prevent incorrect agent reuse
- Add MAX_AGENT_CACHE_SIZE (100) with LRU-style eviction
- Use consistent node: prefix for crypto import
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: lohit <lohit@usebruno.com>
* feat(bruno-requests): add timeline agent for TLS event logging
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): add agent cache for SSL session reuse
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test(bruno-requests): add tests for agent cache
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): integrate agent cache into http-https-agents
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(bruno-electron): use shared agent cache from bruno-requests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-cli): use agent cache for SSL session reuse
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): add HTTP agent timeline support
Add createTimelineHttpAgentClass for logging HTTP connection events
including proxy usage, DNS lookups, and connection establishment.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(bruno-requests): extract shared agent caching logic
Add getOrCreateAgentInternal helper to reduce code duplication
between getOrCreateAgent and getOrCreateHttpAgent functions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): use HTTP agent cache for connection reuse
Export getOrCreateHttpAgent and use it in http-https-agents for
HTTP requests to enable connection pooling.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(bruno-cli): improve HTTP agent handling and error logging
- Use { keepAlive: true } instead of tlsOptions for HTTP agents
- Add warning log for system proxy configuration errors
- Fix brace style consistency
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(bruno-electron): improve HTTP agent handling
- Use { keepAlive: true } instead of tlsOptions for HTTP agents
- Fix brace style consistency
- Add missing newline at EOF
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(bruno-requests): address code review findings for agent caching
- Fix Buffer hashing bug: properly handle Buffer values in hashValue()
- Add CA array support: new hashCaValue() handles string[] | Buffer[]
- Fix timeline race condition: capture timeline reference in closure
at createConnection start to isolate concurrent requests
- Fix SSL verify message: check socket.authorized for accurate status
- Fix HTTP/HTTPS agent logic: only set httpsAgent for HTTPS requests
- Add tests for concurrent requests timeline isolation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): log when reusing cached agent
- HTTPS agents: "Reusing cached agent (SSL session reuse enabled)"
- HTTP agents: "Reusing cached agent (connection reuse enabled)"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(preferences): add cache.httpHttpsAgents.enabled preference
* feat(agent-cache): add disableCache option to getOrCreateAgent
* feat(proxy-util): respect httpHttpsAgents cache preference
* refactor(agent-cache): use named props for getOrCreateAgent and getOrCreateHttpAgent
* feat(ipc): add renderer:clear-http-https-agent-cache handler
* feat(redux): add cache.httpHttpsAgents preferences to initial state
* feat(ui): add Cache tab to Preferences
* feat(cli): add --disable-http-https-agents-cache flag
* refactor(cache): replace window.ipcRenderer calls with redux actions
Add getCacheStats, purgeCache, and clearHttpHttpsAgentCache thunks to
the app slice. Update the Cache preferences component to dispatch these
actions instead of calling window.ipcRenderer directly.
Also move handleSave and handleSaveRef above useFormik to fix declaration
order — onSubmit closes over handleSaveRef, so the ref must be initialized
before useFormik is called.
* fix: tests
* fix(cache): thread disableCache and hostname through all agent-creation paths
- Forward disableHttpHttpsAgentsCache through getHttpHttpsAgents → createAgents
so OAuth2 token requests and bru.sendRequest honour the CLI flag
- Add hostname to agent cache keys (getAgentCacheKey, getHttpAgentCacheKey)
for per-host TLS session reuse; extract hostname at every call site in
run-single-request.js, proxy-util.js, and http-https-agents.ts
- Add extractHostname helper in http-https-agents.ts to safely parse hostnames
- Add test coverage for cert, key, pfx, passphrase, and hostname cache-key
differentiation in agent-cache.spec.ts
* refactor(cache): rename getOrCreateAgent to getOrCreateHttpsAgent
* refactor: simplify UI labels, optimize agent timeline wrapping, silence proxy errors
* fix: tests
* fix(proxy): fix proxy agent construction and CA cert handling
Three fixes:
1. Proxy agents (HttpsProxyAgent, HttpProxyAgent, SocksProxyAgent) expect
(proxyUri, options) constructor signature, but the agent cache was packing
proxyUri into options as a single argument. Fixed the non-timeline code
path in getOrCreateAgentInternal.
2. HTTP requests through an HTTPS proxy need TLS options (ca certs) to
validate the proxy's certificate. All getOrCreateHttpAgent call sites
now pass TLS options when the proxy protocol is HTTPS.
3. Setting the `ca` option on any Node.js TLS connection replaces the
default OpenSSL trust store entirely. CAs only in the OpenSSL default
trust store (e.g. /etc/ssl/cert.pem) but not in tls.rootCertificates
were lost. Fixed by converting `ca` to a secureContext via addCACert(),
which appends custom CAs on top of the OpenSSL defaults instead of
replacing them.
Also simplified PatchedHttpsProxyAgent to selectively forward only the
relevant TLS options (cert, key, pfx, passphrase, rejectUnauthorized,
secureContext) to the target TLS upgrade instead of blindly merging all
constructor options.
* fix(tls): load client certs into secureContext to prevent silent drop
Add Cache tab to Preferences UI
* fix(proxy): align proxy auth check to use auth.disabled field consistently
* refactor(cache): rename CLI flag to --cache-ssl-session and disable caching by default
- Rename --disable-http-https-agents-cache to --cache-ssl-session (opt-in)
- Rename disableHttpHttpsAgentsCache to cacheSslSession across CLI and bruno-requests
- Default caching to disabled in both bruno-electron and bruno-cli
- Add cacheSslSession to buildCertsAndProxyConfig for bru.sendRequest
- Update Preferences UI labels to "Cache SSL Session"
* refactor(cache): rename httpHttpsAgents to sslSession across preferences and UI
* refactor(cache): remove unused getCacheStats and purgeCache IPC actions
---------
Co-authored-by: karthik <47263234+kxbnb@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- Added sync status logic to determine if the collection is in sync with the spec, displaying appropriate indicators in the UI.
- Updated OpenAPISyncHeader to include linked collection information and sync status icons.
- Refined styling in StyledWrapper for better layout and visual feedback on sync status.
- Removed unused styles and components to streamline the codebase.
* feat: implement OpenAPI Sync
* feat: enhance focus styles and error handling across components
- Added focus-visible styles for buttons and tags in Swagger and Modal components to improve accessibility.
- Updated ConnectSpecForm to ensure source URL is set only if the file path is valid.
- Enhanced clipboard copy functionality in SpecInfoCard with error handling and success notifications.
- Improved ExpandableEndpointRow to handle loading state more robustly.
- Refined SyncReviewPage to ensure correct filtering of updated endpoints.
- Updated file handling in OpenAPI Sync IPC to support both .yml and .yaml extensions.
* fix: improve filename sanitization in OpenAPI Sync IPC
- Updated filename sanitization logic to ensure proper handling of both `name` and `filename` properties, enhancing compatibility with various file formats.
- Adjusted the logic to derive the base name from the filename when necessary, ensuring consistent output for generated files.
* feat: enhance OpenAPI Sync tab with new overview and header components
- Introduced OverviewSection to display summary of collection and spec status, including total endpoints, in-sync counts, and pending updates.
- Added OpenAPISyncHeader for improved navigation and actions related to the OpenAPI spec.
- Updated CollectionStatusSection to better handle and display collection drift information.
- Refined styling for status banners and added new visual elements for better user experience.
- Enhanced tooltip functionality in Help component for improved accessibility.
* refactor: remove VisualDiffViewer components and add diff package
- Deleted VisualDiffViewer components including VisualDiffMeta, VisualDiffDocs, VisualDiffVars, and others to streamline the codebase.
- Introduced the 'diff' package in package-lock.json to enhance diff functionality.
- Updated utility functions to improve diff status handling and maintainability.
* refactor: comment out unused API hints in autocomplete.js
* refactor: comment out unused API translations in postman and bruno translators
Temporarily disable certain API translations due to UI update issues affecting their functionality. A note has been added to restore these translations once the UI fixes are implemented.
* refactor: temporarily skip tests for collection variable translations due to UI update issues
Commented out tests related to `setCollectionVar`, `deleteCollectionVar`, and related functionalities until the necessary UI updates are implemented. A note has been added to restore these tests once the fixes are live.
* refactor: comment out variable deletion and retrieval methods due to UI sync issues
* revert: ping.bru
* refactor: update postman translation tests to enable previously skipped cases
* feat: enhance API spec export with environment variables support
- Updated `exportApiSpec` function to accept and process environment variables for multi-server exports.
- Added logic to convert environment variables into a structured format for OpenAPI server entries.
- Enhanced the `CreateApiSpec` component to include environments in the exported YAML content.
- Introduced unit tests to validate the handling of server variables and their integration into the exported API specifications.
* refactor: streamline API spec export logic and improve variable handling
- Simplified variable extraction in `exportApiSpec` by directly assigning capture groups.
- Updated URL interpolation to use request variables instead of global variables for better accuracy.
- Enhanced handling of request body types by replacing early returns with breaks for clearer flow control.
- Adjusted tests to ensure backward compatibility with OpenAPI specifications and server variable handling.
* refactor: improve variable handling and URL processing in OpenAPI exporters
- Streamlined server variable assignment in `exportApiSpec` to handle undefined values more gracefully.
- Enhanced URL path extraction to ensure leading slashes are preserved in `getDefaultUrl` and `extractServerVars`.
- Updated string replacement logic to use `replaceAll` for consistent variable substitution in URLs.
* feat(sidebar): show "Add request" cta when collection or folder is empty
* fix: add connector lines and keyboard accessibility to empty-state CTA
* fix: debounce empty collection state to prevent flicker
Add 300ms delay before showing "Add request" button for empty collections.
This fixes a race condition where isLoading becomes false before the
items batch arrives from IPC, causing a brief flicker of the empty state.
Made-with: Cursor
---------
Co-authored-by: naman-bruno <naman@usebruno.com>
getCachedSystemProxy now awaits the initialization promise, preventing a race
condition where API calls made early in startup would bypass the system proxy.
* feat: add tokenType support for OAuth2
* refactor: rename tokenType to source in OpenCollection OAuth2 mapping
* refactor: rename tokenType to source in OAuth2 configuration
* chore: bump @opencollection/types to ~0.8.0
* fix: correct OAuth2 token type label in token viewer
* refactor: replace Dropdown with MenuDropdown in OAuth2 components
Migrate all 12 dropdown instances across 5 OAuth2 auth components to use
the MenuDropdown component, removing manual tippy ref management and
forwardRef icon patterns in favor of a declarative items-based API.
* fix(oauth2): prevent false callback matches on root path URLs and handle errors first
Move error check before callback URL matching in onWindowRedirect so
OAuth error responses are rejected immediately. Remove redundant error
param check from matchesCallbackUrl and require a code param or hash
fragment to match, preventing false positives on intermediate pages
when the callback URL is a root path like https://hostname/.
* fix(oauth2): clarify error handling comment
Remove "on the callback URL" from comment since error checking
now happens before callback URL matching.
* fix: multipart form-data file param export/import for Postman
* fix: Postman import compatibility for multipart form-data file params
This commit fixes two issues that caused Postman to fail importing
Bruno-exported collections with multipart form-data file parameters:
1. Changed `src` field format to match Postman's export format:
- Single file: export as string (e.g., "/path/to/file")
- Multiple files: export as array (e.g., ["/path/a", "/path/b"])
- Empty/null: export as null
Previously, Bruno always exported `src` as an array, but Postman's
importer expects a string for single files and fails to recognize
the file type and path when given an array.
2. Added `protocolProfileBehavior.disableBodyPruning` for GET/HEAD/OPTIONS
requests that have a body:
By default, Postman discards request bodies for HTTP methods that
typically don't have bodies (GET, HEAD, OPTIONS). Without this flag,
importing a GET request with a form-data body would result in the
body being silently dropped, making Postman unable to identify that
the request has a formdata body at all.
Both changes align Bruno's Postman export format with Postman's own
export format, ensuring full import compatibility.
---------
Co-authored-by: Chirag Chandrashekhar <cchirag85@gmail.com>
