95de14adcb
* feat: add OAuth 1.0 authentication support Add full OAuth 1.0 (RFC 5849) authentication with support for HMAC-SHA1/256/512, RSA-SHA1/256/512, and PLAINTEXT signature methods. Includes UI components, bru/yml serialization, Postman import, code generation, CLI support, and comprehensive playwright and unit tests. * test: replace real-looking PEM literals with fake markers in oauth1 tests Avoid tripping secret scanners by using obviously fake BEGIN/END markers and non-sensitive base64 content in serialization and round-trip tests. * fix: remove invalid OAuth1 placeholder header from code generator OAuth1 requires runtime-computed nonce, timestamp, and signature that cannot be pre-computed for a static code snippet. Return an empty array instead of emitting an Authorization header with literal <signature>, <timestamp>, <nonce> placeholders. * fix: remove unreachable oauth1 case from WSAuth component The oauth1 switch branch was dead code since it was not in supportedAuthModes and the useEffect would reset it to 'none' before it could render. * fix: remove unused collectionPath param and use path.basename for filename extraction * refactor: rename OAuth1 fields for clarity - tokenSecret → accessTokenSecret - signatureMethod → signatureEncoding - addParamsTo value 'queryparams' → 'query' * refactor: rename addParamsTo to placement in OAuth1 auth * fix: add missing oauth1: null in buildOAuth2Config and upgrade @opencollection/types to 0.9.0 * test: add oauth1 import tests and fix missing oauth1: null in auth assertions * ci: add auth playwright tests workflow for Linux, macOS, and Windows * refactor: rename signatureEncoding to signatureMethod and fix timeline race condition - Rename OAuth1 signatureEncoding to signatureMethod across all packages - Fix timeline showing "No Headers/Body found" when request-sent IPC event arrives after response by retroactively updating the timeline entry - Store requestUid in timeline entries for precise matching - Correct timeline entry timestamp on retroactive update for proper sort order * ci: add OAuth1 CLI tests and reorganize auth actions under oauth1/ - Add CLI tests that run full BRU and YML collections via bru run - Add start-test-server actions for Linux, macOS, and Windows - Move auth e2e and setup actions under auth/oauth1/ directory - Fix Windows Playwright failures caused by unescaped backslashes in collectionPath template variable * ci: reorder auth tests to run E2E tests before CLI tests * ci: start test server after E2E tests to fix port 8081 conflict
Bruno CLI
With Bruno CLI, you can now run your API collections with ease using simple command line commands.
This makes it easier to test your APIs in different environments, automate your testing process, and integrate your API tests with your continuous integration and deployment workflows.
For detailed documentation, visit Bruno CLI Documentation.
Installation
To install the Bruno CLI, use the node package manager of your choice, such as NPM:
npm install -g @usebruno/cli
Getting started
Navigate to the directory where your API collection resides, and then run:
bru run
This command will run all the requests in your collection. You can also run a single request by specifying its filename:
bru run request.bru
Or run all requests in a collection's subfolder:
bru run folder
If you need to use an environment, you can specify it with the --env option:
bru run folder --env Local
If you need to collect the results of your API tests, you can specify the --output option:
bru run folder --output results.json
If you need to run a set of requests that connect to peers with both publicly and privately signed certificates respectively, you can add private CA certificates via the --cacert option. By default, these certificates will be used in addition to the default truststore:
bru run folder --cacert myCustomCA.pem
If you need to limit the trusted CA to a specified set when validating the request peer, provide them via --cacert and in addition use --ignore-truststore to disable the default truststore:
bru run request.bru --cacert myCustomCA.pem --ignore-truststore
Importing Collections
You can import collections from other formats, such as OpenAPI, using the import command:
bru import openapi --source api.yml --output ~/Desktop/my-collection --collection-name "My API"
You can also use the shorter form with aliases:
bru import openapi -s api.yml -o ~/Desktop/my-collection -n "My API"
This creates a Bruno collection directory that can be opened in Bruno.
You can also import directly from a URL:
bru import openapi --source https://example.com/api-spec.json --output ~/Desktop --collection-name "Remote API"
You can also export the collection as a JSON file:
bru import openapi --source api.yml --output-file ~/Desktop/my-collection.json --collection-name "My API"
Import Options:
| Option | Details |
|---|---|
| --source, -s | Path to the source file or URL (required) |
| --output, -o | Path to the output directory |
| --output-file, -f | Path to the output JSON file |
| --collection-name, -n | Name for the imported collection |
| --insecure | Skip SSL certificate validation when fetching from URLs |
Command Line Options
| Option | Details |
|---|---|
| -h, --help | Show help |
| --version | Show version number |
| -r | Indicates a recursive run (default: false) |
| --cacert [string] | CA certificate to verify peer against |
| --env [string] | Specify environment to run with |
| --env-var [string] | Overwrite a single environment variable, multiple usages possible |
| -o, --output [string] | Path to write file results to |
| -f, --format [string] | Format of the file results; available formats are "json" (default) or "junit" |
| --reporter-json [string] | Path to generate a JSON report |
| --reporter-junit [string] | Path to generate a JUnit report |
| --reporter-html [string] | Path to generate an HTML report |
| --insecure | Allow insecure server connections |
| --tests-only | Only run requests that have tests |
| --bail | Stop execution after a failure of a request, test, or assertion |
| --csv-file-path | CSV file to run the collection with |
| --reporter--skip-all-headers | Skip all headers in the report |
| --reporter-skip-headers | Skip specific headers in the report |
| --client-cert-config | Client certificate configuration by passing a JSON file |
| --delay [number] | Add delay to each request |
Scripting
Bruno cli returns the following exit status codes:
0-- execution successful1-- an assertion, test, or request in the executed collection failed2-- the specified output directory does not exist3-- the request chain seems to loop endlessly4-- bru was called outside of a collection root directory5-- the specified input file does not exist6-- the specified environment does not exist7-- the environment override was not a string or object8-- an environment override is malformed9-- an invalid output format was requested255-- another error occurred
Demo
Support
If you encounter any issues or have any feedback or suggestions, please raise them on our GitHub repository
Thank you for using Bruno CLI!
Changelog
See https://github.com/usebruno/bruno/releases