* fix: enable SSL session caching for faster consecutive requests (#6929)
* fix: enable SSL session caching for faster consecutive requests
Previously, Bruno created a new HTTPS agent for every request, which meant
SSL/TLS sessions couldn't be reused. This caused the full TLS handshake
(~450ms) to run on every request, even to the same endpoint.
Changes:
- Add agent caching based on TLS configuration (certs, proxy, SSL options)
- Reuse cached agents for requests with matching configuration
- SSL sessions are now cached and reused, significantly reducing
response time for consecutive requests to the same host
The fix maintains backward compatibility:
- Timeline logging moved to setup phase (before agent creation)
- Proxy and SSL validation behavior unchanged
- Added clearAgentCache() for testing and configuration changes
Fixes#5574
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address review feedback for SSL session caching
- Add passphrase to cache key to prevent incorrect agent reuse
- Add MAX_AGENT_CACHE_SIZE (100) with LRU-style eviction
- Use consistent node: prefix for crypto import
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: lohit <lohit@usebruno.com>
* feat(bruno-requests): add timeline agent for TLS event logging
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): add agent cache for SSL session reuse
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test(bruno-requests): add tests for agent cache
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): integrate agent cache into http-https-agents
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(bruno-electron): use shared agent cache from bruno-requests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-cli): use agent cache for SSL session reuse
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): add HTTP agent timeline support
Add createTimelineHttpAgentClass for logging HTTP connection events
including proxy usage, DNS lookups, and connection establishment.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(bruno-requests): extract shared agent caching logic
Add getOrCreateAgentInternal helper to reduce code duplication
between getOrCreateAgent and getOrCreateHttpAgent functions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): use HTTP agent cache for connection reuse
Export getOrCreateHttpAgent and use it in http-https-agents for
HTTP requests to enable connection pooling.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(bruno-cli): improve HTTP agent handling and error logging
- Use { keepAlive: true } instead of tlsOptions for HTTP agents
- Add warning log for system proxy configuration errors
- Fix brace style consistency
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(bruno-electron): improve HTTP agent handling
- Use { keepAlive: true } instead of tlsOptions for HTTP agents
- Fix brace style consistency
- Add missing newline at EOF
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(bruno-requests): address code review findings for agent caching
- Fix Buffer hashing bug: properly handle Buffer values in hashValue()
- Add CA array support: new hashCaValue() handles string[] | Buffer[]
- Fix timeline race condition: capture timeline reference in closure
at createConnection start to isolate concurrent requests
- Fix SSL verify message: check socket.authorized for accurate status
- Fix HTTP/HTTPS agent logic: only set httpsAgent for HTTPS requests
- Add tests for concurrent requests timeline isolation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bruno-requests): log when reusing cached agent
- HTTPS agents: "Reusing cached agent (SSL session reuse enabled)"
- HTTP agents: "Reusing cached agent (connection reuse enabled)"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(preferences): add cache.httpHttpsAgents.enabled preference
* feat(agent-cache): add disableCache option to getOrCreateAgent
* feat(proxy-util): respect httpHttpsAgents cache preference
* refactor(agent-cache): use named props for getOrCreateAgent and getOrCreateHttpAgent
* feat(ipc): add renderer:clear-http-https-agent-cache handler
* feat(redux): add cache.httpHttpsAgents preferences to initial state
* feat(ui): add Cache tab to Preferences
* feat(cli): add --disable-http-https-agents-cache flag
* refactor(cache): replace window.ipcRenderer calls with redux actions
Add getCacheStats, purgeCache, and clearHttpHttpsAgentCache thunks to
the app slice. Update the Cache preferences component to dispatch these
actions instead of calling window.ipcRenderer directly.
Also move handleSave and handleSaveRef above useFormik to fix declaration
order — onSubmit closes over handleSaveRef, so the ref must be initialized
before useFormik is called.
* fix: tests
* fix(cache): thread disableCache and hostname through all agent-creation paths
- Forward disableHttpHttpsAgentsCache through getHttpHttpsAgents → createAgents
so OAuth2 token requests and bru.sendRequest honour the CLI flag
- Add hostname to agent cache keys (getAgentCacheKey, getHttpAgentCacheKey)
for per-host TLS session reuse; extract hostname at every call site in
run-single-request.js, proxy-util.js, and http-https-agents.ts
- Add extractHostname helper in http-https-agents.ts to safely parse hostnames
- Add test coverage for cert, key, pfx, passphrase, and hostname cache-key
differentiation in agent-cache.spec.ts
* refactor(cache): rename getOrCreateAgent to getOrCreateHttpsAgent
* refactor: simplify UI labels, optimize agent timeline wrapping, silence proxy errors
* fix: tests
* fix(proxy): fix proxy agent construction and CA cert handling
Three fixes:
1. Proxy agents (HttpsProxyAgent, HttpProxyAgent, SocksProxyAgent) expect
(proxyUri, options) constructor signature, but the agent cache was packing
proxyUri into options as a single argument. Fixed the non-timeline code
path in getOrCreateAgentInternal.
2. HTTP requests through an HTTPS proxy need TLS options (ca certs) to
validate the proxy's certificate. All getOrCreateHttpAgent call sites
now pass TLS options when the proxy protocol is HTTPS.
3. Setting the `ca` option on any Node.js TLS connection replaces the
default OpenSSL trust store entirely. CAs only in the OpenSSL default
trust store (e.g. /etc/ssl/cert.pem) but not in tls.rootCertificates
were lost. Fixed by converting `ca` to a secureContext via addCACert(),
which appends custom CAs on top of the OpenSSL defaults instead of
replacing them.
Also simplified PatchedHttpsProxyAgent to selectively forward only the
relevant TLS options (cert, key, pfx, passphrase, rejectUnauthorized,
secureContext) to the target TLS upgrade instead of blindly merging all
constructor options.
* fix(tls): load client certs into secureContext to prevent silent drop
Add Cache tab to Preferences UI
* fix(proxy): align proxy auth check to use auth.disabled field consistently
* refactor(cache): rename CLI flag to --cache-ssl-session and disable caching by default
- Rename --disable-http-https-agents-cache to --cache-ssl-session (opt-in)
- Rename disableHttpHttpsAgentsCache to cacheSslSession across CLI and bruno-requests
- Default caching to disabled in both bruno-electron and bruno-cli
- Add cacheSslSession to buildCertsAndProxyConfig for bru.sendRequest
- Update Preferences UI labels to "Cache SSL Session"
* refactor(cache): rename httpHttpsAgents to sslSession across preferences and UI
* refactor(cache): remove unused getCacheStats and purgeCache IPC actions
---------
Co-authored-by: karthik <47263234+kxbnb@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(): support multipart mixed
fix: support vars interpolation on mixed multi-part
Update packages/bruno-electron/src/ipc/network/interpolate-vars.js
Co-authored-by: Timon <39559178+Its-treason@users.noreply.github.com>
refactor: use startsWith
feat: best effort for other multipart/* contentypes
* feat: enhance variable interpolation for multipart requests
- Updated `interpolateVars` function to support interpolation in multipart/form-data and multipart/mixed requests.
- Added handling for empty multipart arrays and parts with missing or undefined values.
- Improved type checks for content types to ensure proper interpolation behavior.
Includes new tests to validate the interpolation functionality for multipart requests.
* fix: normalize error handling in sendRequest and improve test reliability
---------
Co-authored-by: Alfonso Presa <alfonso-presa@users.noreply.github.com>
* feat: add options to skip request and response bodies in reporter output
- Introduced `--reporter-skip-request-body` and `--reporter-skip-response-body` flags to omit respective bodies from the reporter output.
- Updated examples in the CLI documentation to reflect new options.
- Refactored result sanitization to handle new flags.
* feat: add shorthand option to skip both request and response bodies in reporter output
- Introduced `--reporter-skip-body` as a shorthand for omitting both request and response bodies from the reporter output.
- Updated CLI documentation examples to include the new shorthand option.
- Adjusted result sanitization to accommodate the new option.
* refactor: simplify documentation and tests for reporter-skip-body option
- Updated the description of the `--reporter-skip-body` option to remove redundancy.
- Removed outdated shorthand references from the test suite for clarity.
- Cleaned up examples in the CLI documentation to focus on the current functionality.
* fix: handle optional chaining for request and response properties in result sanitization
- Updated the `sanitizeResultsForReporter` function to use optional chaining when accessing request and response headers and data.
- This change prevents potential errors when these properties are undefined.
* test: enhance reporter-skip-body tests for JSON and HTML outputs
- Added comprehensive tests for the `--reporter-skip-request-body` and `--reporter-skip-response-body` options in both JSON and HTML report formats.
- Verified that the appropriate request and response bodies are included or excluded based on the specified flags.
- Improved test coverage for scenarios where both flags are used simultaneously.
* fix: remove optional chaining for request and response headers in result sanitization
- Updated the `sanitizeResultsForReporter` function to directly assign empty objects to request and response headers, ensuring consistent behavior regardless of their initial state.
- This change simplifies the code and maintains functionality for skipping headers.
* fix: openapi cli import
* chore: seperate bru and opencollection by a flag
* fix: pass down format correctly
* fix: pass format option correctly in collection tests
* Add opencollection version for YAML format
Set opencollection version for YAML format.
---------
Co-authored-by: Sid <siddharth@usebruno.com>
Add shell-env integration to fetch environment variables from the user's
shell config files (.zshrc, .zshenv, etc.) so that proxy settings and
other exports are available in process.env for both Electron and CLI.
* fix: oauth2 credential management improvements
Add bru.resetOauth2Credential() API for programmatic credential invalidation
from scripts, fix credential clearing to match on credentialsId, expose
oauth2 credential variables in test runtime, and add input validation
with deduplication to prevent redundant IPC messages. Remove unused
collectionGetOauth2CredentialsByUrlAndCredentialsId reducer.
* fix: handle invalid URLs in oauth2 callback redirect handler
Wrap new URL() calls in try-catch within onWindowRedirect to prevent
uncaught TypeError when redirect or callback URLs are invalid.
* Update packages/bruno-app/src/utils/codemirror/autocomplete.js
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fix(cli): preserve request type when importing collections
* fix(cli): fail fast on unsupported imported item types
* fix(cli): force BRU format when writing imported files
* chore: apply code rabbit fixes
* chore: adress review comment - keep changes minimal
* add additional test to test bru folder format
* agree with coderabbit, error handling is required
---------
Co-authored-by: Ramesh Sunkara <rs@rsunkara.com>
* fix: update placeholder text for environment variable input
* fix: handle undefined color in environment objects
Don't export if `undefined`
* fix: update collection import logic for YML and BRU formats
* fix: ensure error icon is not visible after header validation
* fix: specify format for collection and environment serialization
* fix: Enhance error handling for script execution by introducing isScriptError flag in test results
Enhance error reporting in script execution by adding isScriptError flag to error responses
fix: Mark pre-request script errors as failures in runner summary
* Mark test script errors as failed in runner
and CLI
* Unify handling of post-response and pre-request script errors in both CLI and Electron
* feat: Enhance error handling in script execution by preserving partial results for pre-request and post-response scripts across CLI and Electron. This ensures that tests passing before an error are still reported.
* Preserving stopExecution in test script error handler
---------
Co-authored-by: Pragadesh-45 <temporaryg7904@gmail.com>
* feat: add certs and proxy config to bru.sendRequest API
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: handle URL string argument in bru.sendRequest
When bru.sendRequest is called with a plain URL string instead of a
config object, the function now normalizes it to { url: string } before
processing. This fixes the case where spreading a string created an
invalid config object.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add variable interpolation to bru.sendRequest certs and proxy config
Interpolate environment variables in clientCertificates and proxy
configuration for bru.sendRequest API, enabling use of variables like
{{CERT_PATH}} or {{PROXY_HOST}} in certificate paths and proxy settings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: use interpolateObject for certs and proxy config interpolation
- Add interpolateObject to electron's interpolate-string.js using
buildCombinedVars pattern (matches CLI implementation)
- Simplify cert-utils.js by using interpolateObject instead of
manual field-by-field interpolation
- Add interpolation for clientCertificates and proxy config in CLI's
run-single-request.js for bru.sendRequest
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: add all variable types to sendRequest interpolation options
- Add globalEnvVars, collectionVariables, folderVariables, requestVariables
to sendRequestInterpolationOptions for complete variable support
- Use cached system proxy instead of redundant getSystemProxy() call
- Remove duplicate getOptions() call
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: skip CA cert loading when TLS verification is disabled
Only load CA certificates when shouldVerifyTls is true, since they
are not used for validation when TLS verification is disabled.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- bruno-cli: fetch system proxy once before request loop and store in options
- bruno-electron: initialize system proxy cache at app startup
- Add refresh button in preferences to manually update cached system proxy
- Replace per-request getSystemProxy() calls with cached values
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add support for skipped files in run command and update HTML report template
* refactor: enhance skipped file handling in run command
* fix: improve error display in HTML report for skipped requests
* test: add unit test for HTML report generation of skipped requests with parsing errors
* test: update HTML report generation tests to check for skipped request summaries
* refactor: extract skipped result creation logic into a separate utility function
* refactor: enhance skipped result processing in run command to include additional metadata
* refactor: rename and enhance createSkippedResults function for improved skipped file processing
* refactor: remove unused stripExtension import from run command
* refactor: rename createSkippedResults to createSkippedFileResults for clarity and consistency
* feat: add file attribute to Junit testsuite report
* test: update tests to include file attribute
* fix: update playwright tests to support the new file attribute
---------
Co-authored-by: Thomas Vackier <thomas.vackier@inthepocket.com>
Co-authored-by: Bijin A B <bijin@usebruno.com>
* Partial Revert "remove: presets and response var (#6195)"
This reverts commit 786a3414b8 while keeping code related to presets deleted
* revert: remove global environment variables assignment
