* feat(): support multipart mixed
fix: support vars interpolation on mixed multi-part
Update packages/bruno-electron/src/ipc/network/interpolate-vars.js
Co-authored-by: Timon <39559178+Its-treason@users.noreply.github.com>
refactor: use startsWith
feat: best effort for other multipart/* contentypes
* feat: enhance variable interpolation for multipart requests
- Updated `interpolateVars` function to support interpolation in multipart/form-data and multipart/mixed requests.
- Added handling for empty multipart arrays and parts with missing or undefined values.
- Improved type checks for content types to ensure proper interpolation behavior.
Includes new tests to validate the interpolation functionality for multipart requests.
* fix: normalize error handling in sendRequest and improve test reliability
---------
Co-authored-by: Alfonso Presa <alfonso-presa@users.noreply.github.com>
* fix: isJson assertion fails after res.setBody() with object in node-vm
Objects created inside Node's vm.createContext() have a different Object
constructor than the host realm. When res.setBody() is called with a JS
object from a script, _.cloneDeep preserves the cross-realm prototype,
causing obj.constructor === Object to fail in the isJson assertion.
Replace with Object.prototype.toString.call() which is cross-realm safe.
* fix: register isJson chai assertion in QuickJS test runtime
The bundled chai in QuickJS only exposes { expect, assert } via
requireObject — no Assertion class. Access the prototype through
Object.getPrototypeOf(expect(null)) and use Object.defineProperty
to register the json property directly.
* fix: enable assertion chaining on isJson in QuickJS runtime
The QuickJS isJson property getter was missing `return this`, preventing
chai assertion chaining (e.g. expect(body).to.be.json.and...).
* feat: add support for new variable management functions in Bruno
- Implemented methods to retrieve and delete all environment and global variables.
- Added corresponding translations for new functions in Postman and Bruno converters.
- Updated request handling to include header deletion functionality.
- Enhanced test cases to cover new variable management features.
* feat: add new scripts for environment and global variable management
- Introduced scripts to delete all environment and global variables.
- Added functionality to retrieve all environment and global variables.
- Implemented tests to validate the behavior of new variable management features.
* feat: implement collection variable management in Bruno
- Added methods for managing collection variables: set, get, has, delete, and retrieve all.
- Updated Postman translation functions to reflect new collection variable methods.
- Enhanced tests to validate the functionality of collection variable management.
- Refactored existing code to replace environment variable references with collection variable equivalents.
* feat: enhance collection variable translations in Bruno
- Updated translation functions for collection variable management to align with Postman API.
- Added tests for new collection variable methods: set, has, delete, retrieve all, and clear.
- Refactored existing tests to ensure accurate translation of collection variable operations.
* feat: expand API hints for variable management in Bruno
* fix: test cases
* fix: remove unnecessary return in deleteEnvVar function
* feat: add translations for direct cookie access methods
- Implement translations for pm.cookies.has, pm.cookies.get, and pm.cookies.toObject to their corresponding bru.cookies methods.
- Enhance the postman-to-bruno translator to handle these new cookie access patterns.
- Add unit tests to verify the correct conversion of cookie access methods in various scenarios.
* refactor: simplify optional member expression handling in postman-to-bruno translator
- Streamlined the code for handling optional member expressions in the translation of cookie access methods.
- Updated unit test to verify the correct output format for pm.cookies.toObject() conversion.
* refactor: enhance handling of await expressions in cookie translations
- Updated the postman-to-bruno translator to wrap await expressions in parentheses for improved clarity and consistency.
- Adjusted unit tests to reflect the new output format for cookie access methods, ensuring accurate translation of pm.cookies.get calls.
* refactor: update cookie access translations to use hasCookie method
- Modified translations for pm.cookies.has to utilize the new bru.cookies.hasCookie method for improved clarity and functionality.
- Updated related unit tests to reflect changes in expected output for cookie existence checks.
- Added new tests to validate the behavior of the hasCookie method in various scenarios.
* fix(node-vm): scripting context and module resolution issues
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): use vm.createContext for true isolation and fix prototype mismatches
- Replace vm.compileFunction with vm.createContext + runInContext for true isolation
- Remove ECMAScript built-ins from safeGlobals (VM provides its own versions)
- This fixes prototype chain mismatches that broke libraries like @faker-js/faker
- Add sanitized process object (allows env, blocks exit/kill)
- Add global/globalThis pointing to isolated context (not host)
- Extract safe globals to constants.js for maintainability
- Remove typed-arrays mixin (VM provides TypedArrays)
- Add comprehensive isolation tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): remove process, add Error types and TypedArrays mixin, add jose test
- Remove process object from script context (security hardening)
- Remove createSanitizedProcess function from constants.js
- Add Error types to safeGlobals for instanceof checks with host errors
- Add TypedArrays mixin for host API compatibility (TextEncoder, crypto, Buffer)
- Add jose library and test for JWT sign/verify functionality
- Update tests to reflect process removal
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): handle circular dependencies and failed module caching
- Pre-populate module cache before execution to support circular requires
- Cache moduleObj instead of moduleObj.exports to handle module.exports reassignment
- Remove failed modules from cache to allow retry
- Add test for circular dependency handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): spread all context properties in buildScriptContext
Instead of explicitly listing each context property, spread all
properties from the context input to support future additions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): add filtered process object to script context
Expose a sanitized process object with only safe read-only properties
(argv, version, arch, platform, pid, features) while keeping env empty
for security.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test(node-vm): add comprehensive tests for Node.js builtins
Add 18 test files for Node.js builtin APIs in developer sandbox mode:
- Buffer, URL, TextEncoder/TextDecoder, btoa/atob
- Web Crypto API and node:crypto module
- Timers (setTimeout, setInterval, setImmediate, queueMicrotask)
- Fetch API (Request, Response, Headers, FormData, Blob)
- Intl formatters, JSON, Events (Event, EventTarget, CustomEvent)
- Node modules: fs, path, os, util, stream, zlib, querystring
All tests skip in safe mode using bru.runner.skipRequest().
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(node-vm): address CodeRabbit review feedback
- Block absolute paths from bypassing security by routing through loadLocalModule
- Fix process tests to expect sanitized object instead of undefined
- Fix cache test to verify module executes only once
- Add tests for absolute path handling (block outside, allow within roots)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: lint issues
* fix(node-vm): recontextualize host objects for cross-context deep equality
Objects passed from the host context into the Node VM have different
Object/Array constructors than objects created inside the VM. This breaks
deep equality checks in libraries like AJV, where fast-deep-equal fails
on `a.constructor !== b.constructor` for structurally identical objects.
Add recontextualizeScript to utils.js that wraps getter methods (res.getBody,
res.getHeaders, req.getBody, req.getHeaders, req.getPathParams, req.getTags,
bru.getVar) to JSON round-trip returned objects inside the VM, giving them
VM-native prototypes.
Add external-lib-with-bru-req-res-objects package and tests to verify
bru/req/res accessibility from npm modules. Update ajv.bru tests to
validate res.getBody() against AJV schemas with enum on nested objects.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(node-vm): update spec to use saved mock refs after recontextualize
The recontextualizeScript wraps res.getBody with a JSON round-trip
function, replacing the jest mock on the context object. Save mock
references before calling runScriptInNodeVm so assertions work.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(node-vm): shallow-copy mutable process properties in sandbox
process.argv, process.versions, and process.features were passed by
reference, allowing sandboxed scripts to mutate the host process.
Shallow-copy these properties to prevent leaking mutable references.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(node-vm): use recursive clone in toVMNative instead of JSON round-trip
JSON.stringify converts undefined to null in arrays, breaking tests like
res.setBody([..., undefined, ...]). Replace with recursive clone that
creates new VM-native objects/arrays while preserving undefined values.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(node-vm): generalize recontextualize to wrap all bru/req/res methods
Instead of hardcoding specific method names, walk the prototype chain
with Object.getOwnPropertyNames to discover and wrap all methods that
return Objects/Arrays. Async methods (sendRequest, runRequest) get their
resolved values wrapped. The res callable and res.body/res.headers are
also recontextualized for direct access and query usage.
Adds integration tests for VM-native prototype checks across res, req,
bru APIs, res() callable queries, and bru.sendRequest patterns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* revert(node-vm): remove recontextualizeScript and related tests
The recontextualize approach of wrapping all bru/req/res methods
to return VM-native objects is being reverted in favor of a
different solution to the cross-context prototype mismatch issue.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(node-vm): expose full process object in developer sandbox via safeGlobals
* test(node-vm): update process tests for full process object in developer sandbox
* test(node-vm): update spec to verify process.nextTick availability
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: Support @contentType for multiline values
Fixes the issue where the @contentType annotation broke the parsing of multiline values.
* chore: add dotall flag to fileExtractContentType
Not strictly needed since body:file uses single-line values in practice,
but doesn't hurt and matches what multipartExtractContentType does.
---------
Co-authored-by: Márk Dániel Seres <markdaniel.seres@tesco.com>
* fix: standardize URL formatting in insomnia test files
* feat: add mix router for handling custom redirects and cookies
* fix: add validation for redirect count to prevent infinite loops
* fix: update test URLs to use local server and add query parameters for improved testing
* fix: update test URLs from httpbin to echo.usebruno.com across multiple test files
* fix: standardize URL formatting in insomnia test files
* chore: standardize URL formatting in insomnia test files
* Import WSDL to bruno collection
* feat(wsdl-import): remove unused code and minor refactor
---------
Co-authored-by: Bijin Bruno <bijin@usebruno.com>
* init
* fix: header saving in ws
* fix: retrieve auth value correctly
* feat: ws settings
* fix: text for inherited auth
* feat: pass down options/settings for ws
* fix: handle run handling on url
* fix: send initial message
* fix: fix header movement and minor cleanup
* fix: message queue
* refactor: faster flushing
* feat: ws tab specific additions
close tab should close connection
`ws` shown in the tab
* chore: remove unused icon
* feat: simplify query URL rendering
* fix: only add to settings if they were added
* chore: revert to original
* fix: restyle web ui
* feat: implement WebSocket response sorting and enhance message handling
- Added WSResponseSortOrder component for toggling message sort order.
- Updated WSMessagesList to accept and utilize sort order.
- Refactored message handling to use 'type' instead of 'direction'.
- Enhanced response state management to include sort order.
* feat: enhance WebSocket handling with redirect and upgrade events
- Added support for 'ws:redirect' and 'ws:upgrade' events in the WebSocket client.
- Updated WSResponseHeaders to format headers correctly.
- Modified WSResponsePane to display headers in the response.
- Improved message handling in the Redux slice for WebSocket events.
* fix: correct fallback for URL retrieval in bruRequestToJson
* feat: enhance WebSocket message handling and styling
- Add new styling for incoming messages in StyledWrapper.
- Update WSMessagesList to handle message sorting and focus.
- Refactor response sort order handling in WSResponseSortOrder.
- Improve WebSocket connection management in ws-client.
* fix: adjust styling for message display
* fix: imports for ws files
* fix: visually simplify the message list
* chore: pkg updates
* fix: remove unused content-type check in WebSocket request preparation
* fix: avoid duplicate messages
avoid message getting queued and sent twice
* feat: beautify the code editor in each message
* feat(websockets): add websocket tests
* tests(websockets): move it a folder up
* fix: hexdump on sent messages
* fix: make the view a lot more compact
* feat: enhance WebSocket message handling and styling
* formatting fixes - batch 1
* chore: formatting fixes batch 2
* chore: format changes batch 3
* chore: format settings batch 4
* chore: clean up
* chore: for now avoid oauth2
* chore: formatting changes batch 6
* test(websocket): add headers handling in tests
- Implemented logic to send headers in websocket messages.
- Added tests for websocket connections and message handling.
- Created locators for common elements in websocket tests.
* chore: cleanup
* test(websocket): refactor to use constant for BRU_FILE_NAME
Updated the test cases to utilize a constant for the BRU_FILE_NAME regex pattern for better maintainability and readability.
* test(websocket): update BRU_FILE_NAME to use regex
Changed BRU_FILE_NAME from a string to a regex pattern for better matching.
* fix(ws-client): rename timeout to handshakeTimeout
Updated the WebSocket connection options to use 'handshakeTimeout' instead of 'timeout' for clarity.
* chore: cleanup
* fix(ShareCollection): update non-exportable request types handling
Refactor hasGrpcRequests to hasNonExportableRequestTypes,
returning an object with a flag and types of requests that
will not be exported.
* feat: inherit timeout from app prefs
* fix: faster queue
* feat: add WSRequestBodyMode component and language detection
- Introduced a new component for selecting request body modes (JSON, XML, TEXT).
- Implemented auto-detection of language for the request body content.
- Created a styled wrapper for improved UI presentation.
* feat: enhance WebSocket message handling with decoder support
- Added decoder field to WebSocket messages in various components.
- Updated prettify functionality to handle XML and JSON formats.
- Modified Redux state to include decoder information.
- Adjusted schema validation to accommodate decoder field.
* refactor: replace decoder with type in WebSocket message handling
* fix: use `body` directly
* chore: reset formatting
* chore: reformat
* chore: reformat
* chore: reformat
* chore: reformat
* chore: base format
* chore: fix lang constructs
* chore: fix message queue flush logic
Ensure that the flushQueue method checks for the existence of the message queue before processing.
Refactor WebSocket test fixtures for better readability by correcting indentation and structure.
* fix: typo
* chore: lint fixes
* chore: lint fixes
* chore: rediff utils
* chore: rediff utils
* chore: remove from CLI
* chore: rediff utils
* chore: rediff utils
* chore: rediff utils
* chore: rediff utils
* chore: fix formatting
* tests(websocket): add websocket persistence tests
* chore: format
* feat(eslint): add TypeScript support and update test file patterns
* fix: turn off single line jsx expressions
* revert lang `ws` removal
* chore: reformat
* feat: better subprotocol support and tests
* chore: reformat
* chore: reformat
* clean up ununsed components
* refactor: locators, tests, new request design
* chore: close app for each test to start afresh
* Revert "chore: close app for each test to start afresh"
This reverts commit 5c2e3bec81.
* refactor: simplify dropdown mode selection
* chore: remove unused changes
* refactor: simplify
* chore: simplify
* fix: loading pulse animation
* refactor: update lodash import syntax
* fix: comments and sanitisation
* refactor: rename BRU_FILE_NAME to BRU_REQ_NAME for consistency
Updated variable names across websocket tests to improve clarity and maintain consistency in naming conventions.
* fix: null check for the initialisation of websocket client
* fix: add poller to check for saved state
* fix: variable message time check for tests
* fix: force wait for elements
* fix: use nth locators instead of wait (draft attempt)
* chore: reformat
* fix: update beta preferences to include websocket support
* feat: GA
* feat: rename `connectionTimeout` to `timeout` and better form
* feat: update WebSocket IPC channel names to use 'renderer' prefix
* feat: add 'oauth2' to supported authentication modes
* chore: add default `json` type in ws
* test: add tests for bruToJson and jsonToBru parsers
- Implemented smoke tests for the bruToJson parser to validate message inference and settings.
* refactor: improve timeout handling in WebSocket client
---------
Co-authored-by: Siddharth Gelera <siddharthgelera@Siddharths-MacBook-Air.local>
Co-authored-by: Sid <siddharth@usebruno.com>
* feat: bru.sendRequest api
* updated the postman-translations logic to handle `pm.sendRequest` to `bru.sendRequest` translations, and added unit tests
* ~ removed `maxRedirects` and `proxy` values for sendRequest axios-instance
~ fixed the imports for the `send-request-transformer` function
~ `sendRequest` and `runRequest` will return same response object in both safe and developer mode
~ sendRequest function optimization
* revert sendRequest to async function, added a testcase for sendRequest with url string
* sendRequest callback errors handling
* updated tests and added await for the callbacks
---------
Co-authored-by: lohit <lohit@usebruno.com>
* feat: enhance variable highlighting in CodeMirror and update interpolation method
* feat: add interpolate function to bru shim and corresponding tests
- Implemented the `interpolate` function in the bru shim to handle variable interpolation.
- Added a new test case for the `interpolate` function to verify its functionality with mock variables.
* feat: enhance interpolate function to support object interpolation
* feat: add translation support for pm.variables.replaceIn to bru.interpolate
* revert: eslint config changes
* revert: eslint config changes
* fix: update method call to use correct interpolation function in Bru class
* refactor: added jsdoc to codemirror highlighting code
* fix: higlighting for multiline editor
