Prevent curl copy from using stale body data

https://feedback.yaak.app/p/copy-as-curl-includes-wrong-data-property

.eslintignore

@@ -1,5 +0,0 @@
-node_modules/
-dist/
-.prettierrc.cjs
-.eslintrc.cjs
-env.d.ts

.eslintrc.cjs

@@ -1,25 +0,0 @@
-module.exports = {
-    extends: [
-        'eslint:recommended',
-        'plugin:react/recommended',
-        'plugin:import/recommended',
-        'plugin:jsx-a11y/recommended',
-        'plugin:@typescript-eslint/recommended',
-        'eslint-config-prettier',
-    ],
-    ignorePatterns: ['src-tauri/**/*'],
-    settings: {
-        react: {
-            version: 'detect',
-        },
-        'import/resolver': {
-            node: {
-                paths: ['src-web'],
-                extensions: ['.js', '.jsx', '.ts', '.tsx'],
-            },
-        },
-    },
-    rules: {
-        "react/react-in-jsx-scope": "off",
-    },
-};

.gitattributes

@@ -0,0 +1,2 @@
+src-tauri/vendored/**/* linguist-generated=true
+src-tauri/gen/schemas/**/* linguist-generated=true

.github/FUNDING.yml

@@ -0,0 +1,15 @@
+# These are supported funding model platforms
+
+github: gschier
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+polar: # Replace with a single Polar username
+buy_me_a_coffee: # Replace with a single Buy Me a Coffee username
+thanks_dev: # Replace with a single thanks.dev username
+custom: https://yaak.app/pricing

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Bugs, Feedback, Feature Requests, and Questions
+    url: https://feedback.yaak.app
+    about: "Please report to Yaak's public feedback board. Issues will be created and linked here when applicable."

.github/workflows/ci-js.yml

@@ -0,0 +1,18 @@
+on:
+  pull_request:
+    branches: [develop]
+
+name: CI (JS)
+
+jobs:
+  test:
+    name: Lint/Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - run: npm ci
+      - run: npm run lint
+      - run: npm test

.github/workflows/ci-rust.yml

@@ -0,0 +1,36 @@
+on:
+  pull_request:
+    branches: [develop]
+    paths:
+      - src-tauri/**
+      - .github/workflows/**
+
+name: CI (Rust)
+
+defaults:
+  run:
+    working-directory: src-tauri
+
+jobs:
+  test:
+    name: Check/Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: |
+          sudo apt-get update
+          sudo apt-get install -y libwebkit2gtk-4.1-dev
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: actions/cache@v3
+        continue-on-error: false
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: ${{ runner.os }}-cargo-
+      - run: cargo check --all
+      - run: cargo test --all

.github/workflows/release.yml

@@ -0,0 +1,110 @@
+name: Generate Artifacts
+on:
+  push:
+    tags: [ v* ]
+
+jobs:
+  build-artifacts:
+    permissions:
+      contents: write
+
+    name: Build
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: 'macos-latest' # for Arm-based Macs (M1 and above).
+            args: '--target aarch64-apple-darwin'
+            yaak_arch: 'arm64'
+          - platform: 'macos-latest' # for Intel-based Macs.
+            args: '--target x86_64-apple-darwin'
+            yaak_arch: 'x64'
+          - platform: 'ubuntu-22.04'
+            args: ''
+            yaak_arch: 'x64'
+          - platform: 'windows-latest'
+            args: ''
+            yaak_arch: 'x64'
+    runs-on: ${{ matrix.platform }}
+    timeout-minutes: 40
+    steps:
+      - name: Checkout yaakapp/app
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: install Rust stable
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          # Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds.
+          targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}
+
+      - uses: actions/cache@v3
+        continue-on-error: false
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            src-tauri/target/
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: ${{ runner.os }}-cargo-
+
+      - name: install dependencies (ubuntu only)
+        if: matrix.platform == 'ubuntu-22.04' # This must match the platform value defined above.
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
+
+      - name: install dependencies (windows only)
+        if: matrix.platform == 'windows-latest'
+        run: cargo install --force trusted-signing-cli --version 0.5.0
+
+      - name: Install NPM Dependencies
+        run: npm ci
+
+      - name: Install Protoc for plugin-runtime
+        uses: arduino/setup-protoc@v3
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run lint
+        run: npm run lint
+
+      - name: Set version
+        run: npm run replace-version
+        env:
+          YAAK_VERSION: ${{ github.ref_name }}
+
+      - uses: tauri-apps/tauri-action@v0
+        env:
+          YAAK_TARGET_ARCH: ${{ matrix.yaak_arch }}
+
+          ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
+          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
+
+          # Apple signing stuff
+          APPLE_CERTIFICATE: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_CERTIFICATE }}
+          APPLE_CERTIFICATE_PASSWORD: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_CERTIFICATE_PASSWORD }}
+          APPLE_ID: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_ID }}
+          APPLE_PASSWORD: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_PASSWORD }}
+          APPLE_SIGNING_IDENTITY: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_SIGNING_IDENTITY }}
+          APPLE_TEAM_ID: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_TEAM_ID }}
+
+          # Windows signing stuff
+          AZURE_CLIENT_ID: ${{ matrix.platform == 'windows-latest' && secrets.AZURE_CLIENT_ID }}
+          AZURE_CLIENT_SECRET: ${{ matrix.platform == 'windows-latest' && secrets.AZURE_CLIENT_SECRET }}
+          AZURE_TENANT_ID: ${{ matrix.platform == 'windows-latest' && secrets.AZURE_TENANT_ID }}
+        with:
+          tagName: 'v__VERSION__'
+          releaseName: 'Release __VERSION__'
+          releaseBody: '[Changelog __VERSION__](https://yaak.app/blog/__VERSION__)'
+          releaseDraft: true
+          prerelease: false
+          args: ${{ matrix.args }}

.gitignore

@@ -22,5 +22,12 @@ dist-ssr
 *.njsproj
 *.sln
 *.sw?
+.eslintcache
 
-.rsw
+*.sqlite
+*.sqlite-*
+
+.cargo
+
+.tmp
+tmp

.nvmrc

@@ -1 +1 @@
-18
+20

.prettierignore

@@ -1,3 +1,4 @@
 node_modules/
 dist/
+out/
 .prettierrc.cjs

.prettierrc.cjs

@@ -1,8 +0,0 @@
-module.exports = {
-    "trailingComma": "all",
-    "tabWidth": 2,
-    "semi": true,
-    "singleQuote": true,
-    "printWidth": 100,
-    "bracketSpacing": true
-}

.prettierrc.js

@@ -0,0 +1,8 @@
+export default {
+  "trailingComma": "all",
+  "tabWidth": 2,
+  "semi": true,
+  "singleQuote": true,
+  "printWidth": 100,
+  "bracketSpacing": true
+}

DEVELOPMENT.md

@@ -0,0 +1,62 @@
+# Developer Setup
+
+Yaak is a combined Node.js and Rust monorepo. It is a [Tauri](https://tauri.app) project, so 
+uses Rust and HTML/CSS/JS for the main application but there is also a plugin system powered
+by a Node.js sidecar that communicates to the app over gRPC.
+
+Because of the moving parts, there are a few setup steps required before development can 
+begin.
+
+## Prerequisites
+
+Make sure you have the following tools installed:
+
+- [Node.js](https://nodejs.org/en/download/package-manager)
+- [Rust](https://www.rust-lang.org/tools/install)
+
+Check the installations with the following commands:
+
+```shell
+node -v
+npm -v
+rustc --version
+```
+
+Install the NPM dependencies:
+
+```shell
+npm install
+```
+
+Run the `bootstrap` command to do some initial setup:
+
+```shell
+npm run bootstrap
+```
+
+## Run the App
+
+After bootstrapping, start the app in development mode:
+
+```shell
+npm start
+```
+
+## SQLite Migrations
+
+New migrations can be created from the `src-tauri/` directory:
+   
+```shell
+npm run migration
+```
+
+Rerun the app to apply the migrations. 
+
+_Note: For safety, development builds use a separate database location from production builds._
+
+## Lezer Grammer Generation
+
+```sh
+# Example
+lezer-generator components/core/Editor/<LANG>/<LANG>.grammar > components/core/Editor/<LANG>/<LANG>.ts
+```

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Yaak
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,3 +1,34 @@
-# Tauri REST Client
+# Yaak API Client
 
-It's a REST client, yo.
+Yaak is a desktop API client for interacting with REST, GraphQL, Server Sent Events (SSE), WebSocket, and gRPC
+APIs. It's built using [Tauri](https://tauri.app), Rust, and ReactJS.
+
+![366149288-f18e963f-0b68-4ecb-b8b8-cb71aa9aec02](https://github.com/user-attachments/assets/ca83b7ad-5708-411b-8faf-e36b365841a4)
+
+## Contribution Policy
+
+Yaak is open source, but only accepting contributions for bug fixes. To get started, 
+visit [`DEVELOPMENT.md`](DEVELOPMENT.md) for tips on setting up your environment.
+
+## Feature Overview
+
+- 🪂 Import data from Postman, Insomnia, OpenAPI, Swagger, or Curl.<br/>
+- 📤 Send requests via REST, GraphQL, Server Sent Events (SSE), WebSockets, or gRPC.<br/>
+- 🔐 Automatically authorize requests with OAuth 2.0, JWT tokens, Basic Auth, and more.<br/>
+- 🔎 Filter response bodies using JSONPath or XPath queries.<br/>
+- ⛓️ Chain together multiple requests to dynamically reference values.<br/>
+- 📂 Organize requests into workspaces and nested folders.<br/>
+- 🧮 Use environment variables to easily switch between Prod and Dev.<br/>
+- 🛡️ Secure arbitrary text values with end-to-end encryption<br/>
+- 🏷️ Send dynamic values like UUIDs or timestamps using template tags.<br/>
+- 🎨 Choose from many of the included themes, or make your own.<br/>
+- 💽 Mirror workspace data to a directory for integration with Git or Dropbox.<br/>
+- 📜 View response history for each request.<br/>
+- 🔌 Create your own plugins for authentication, template tags, and more!<br/>
+- 🛜 Configure a proxy to access firewall-blocked APIs
+
+## Useful Resources
+
+- [Feedback and Bug Reports](https://feedback.yaak.app)
+- [Documentation](https://feedback.yaak.app/help)
+- [Yaak vs Postman](https://yaak.app/blog/postman-alternative)

eslint.config.cjs

@@ -0,0 +1,89 @@
+const { defineConfig, globalIgnores } = require('eslint/config');
+
+const { fixupConfigRules } = require('@eslint/compat');
+
+const reactRefresh = require('eslint-plugin-react-refresh');
+const tsParser = require('@typescript-eslint/parser');
+const js = require('@eslint/js');
+
+const { FlatCompat } = require('@eslint/eslintrc');
+
+const compat = new FlatCompat({
+  baseDirectory: __dirname,
+  recommendedConfig: js.configs.recommended,
+  allConfig: js.configs.all,
+});
+
+module.exports = defineConfig([
+  {
+    extends: fixupConfigRules(
+      compat.extends(
+        'eslint:recommended',
+        'plugin:react/recommended',
+        'plugin:react-hooks/recommended',
+        'plugin:import/recommended',
+        'plugin:jsx-a11y/recommended',
+        'plugin:@typescript-eslint/recommended',
+        'eslint-config-prettier',
+      ),
+    ),
+
+    plugins: {
+      'react-refresh': reactRefresh,
+    },
+
+    languageOptions: {
+      parser: tsParser,
+
+      parserOptions: {
+        project: ['./tsconfig.json'],
+      },
+    },
+
+    settings: {
+      react: {
+        version: 'detect',
+      },
+
+      'import/resolver': {
+        node: {
+          paths: ['src-web'],
+          extensions: ['.ts', '.tsx'],
+        },
+      },
+    },
+
+    rules: {
+      'react-refresh/only-export-components': 'error',
+      'jsx-a11y/no-autofocus': 'off',
+      'react/react-in-jsx-scope': 'off',
+      'import/no-unresolved': 'off',
+
+      '@typescript-eslint/consistent-type-imports': [
+        'error',
+        {
+          prefer: 'type-imports',
+          disallowTypeAnnotations: true,
+          fixStyle: 'separate-type-imports',
+        },
+      ],
+    },
+  },
+  globalIgnores([
+    'scripts/**/*',
+    'packages/plugin-runtime/**/*',
+    'packages/plugin-runtime-types/**/*',
+    'src-tauri/**/*',
+    'src-web/tailwind.config.cjs',
+    'src-web/vite.config.ts',
+  ]),
+  globalIgnores([
+    '**/node_modules/',
+    '**/dist/',
+    '**/build/',
+    '**/.eslintrc.cjs',
+    '**/.prettierrc.cjs',
+    'src-web/postcss.config.cjs',
+    'src-web/vite.config.ts',
+  ]),
+]);

index.html

@@ -1,15 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-  <head>
-    <meta charset="UTF-8" />
-    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Tauri + React + TS</title>
-  </head>
-
-  <body>
-    <div id="root"></div>
-    <div id="radix-portal"></div>
-    <script type="module" src="/src-web/main.tsx"></script>
-  </body>
-</html>

package.json

@@ -1,51 +1,97 @@
 {
-  "name": "tauri-app",
+  "name": "yaak-app",
   "private": true,
   "version": "0.0.0",
-  "type": "module",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/mountain-loop/yaak.git"
+  },
+  "workspaces": [
+    "packages/plugin-runtime",
+    "packages/plugin-runtime-types",
+    "packages/common-lib",
+    "plugins/auth-apikey",
+    "plugins/auth-basic",
+    "plugins/auth-bearer",
+    "plugins/auth-jwt",
+    "plugins/auth-oauth2",
+    "plugins/action-copy-curl",
+    "plugins/action-copy-grpcurl",
+    "plugins/filter-jsonpath",
+    "plugins/filter-xpath",
+    "plugins/importer-curl",
+    "plugins/importer-insomnia",
+    "plugins/importer-openapi",
+    "plugins/importer-postman",
+    "plugins/importer-yaak",
+    "plugins/template-function-cookie",
+    "plugins/template-function-timestamp",
+    "plugins/template-function-encode",
+    "plugins/template-function-fs",
+    "plugins/template-function-hash",
+    "plugins/template-function-json",
+    "plugins/template-function-prompt",
+    "plugins/template-function-regex",
+    "plugins/template-function-request",
+    "plugins/template-function-response",
+    "plugins/template-function-uuid",
+    "plugins/template-function-xml",
+    "plugins/themes-yaak",
+    "src-tauri/yaak-crypto",
+    "src-tauri/yaak-git",
+    "src-tauri/yaak-fonts",
+    "src-tauri/yaak-license",
+    "src-tauri/yaak-mac-window",
+    "src-tauri/yaak-models",
+    "src-tauri/yaak-plugins",
+    "src-tauri/yaak-sse",
+    "src-tauri/yaak-sync",
+    "src-tauri/yaak-templates",
+    "src-tauri/yaak-ws",
+    "src-web"
+  ],
   "scripts": {
-    "build": "rsw build && tsc && vite build",
-    "dev": "vite",
-    "lint": "eslint . --ext .ts,.tsx",
-    "preview": "vite preview",
-    "tauri-dev": "concurrently -n app,rsw \"tauri dev\" \"rsw watch\""
+    "start": "npm run app-dev",
+    "app-build": "tauri build",
+    "app-dev": "tauri dev --no-watch --config ./src-tauri/tauri-dev.conf.json",
+    "migration": "node scripts/create-migration.cjs",
+    "build": "npm run --workspaces --if-present build",
+    "build-plugins": "npm run --workspaces --if-present build",
+    "icons": "run-p icons:*",
+    "icons:dev": "tauri icon src-tauri/icons/icon.png --output src-tauri/icons/release",
+    "icons:release": "tauri icon src-tauri/icons/icon-dev.png --output src-tauri/icons/dev",
+    "bootstrap": "run-p bootstrap:* && npm run --workspaces --if-present bootstrap",
+    "bootstrap:vendor-node": "node scripts/vendor-node.cjs",
+    "bootstrap:vendor-plugins": "node scripts/vendor-plugins.cjs",
+    "bootstrap:vendor-protoc": "node scripts/vendor-protoc.cjs",
+    "lint": "npm run --workspaces --if-present lint",
+    "replace-version": "node scripts/replace-version.cjs",
+    "tauri": "tauri",
+    "tauri-before-build": "npm run bootstrap && npm run --workspaces --if-present build",
+    "tauri-before-dev": "workspaces-run --parallel -- npm run --workspaces --if-present dev"
   },
   "dependencies": {
-    "@codemirror/lang-html": "^6.4.2",
-    "@codemirror/lang-javascript": "^6.1.4",
-    "@codemirror/lang-json": "^6.0.1",
-    "@radix-ui/react-dropdown-menu": "^2.0.2",
-    "@radix-ui/react-icons": "^1.2.0",
-    "@radix-ui/react-popover": "1.0.3",
-    "@tauri-apps/api": "^1.2.0",
-    "@typescript-eslint/eslint-plugin": "^5.52.0",
-    "@typescript-eslint/parser": "^5.52.0",
-    "classnames": "^2.3.2",
-    "codemirror": "^6.0.1",
-    "eslint": "^8.34.0",
-    "eslint-config-prettier": "^8.6.0",
-    "eslint-plugin-import": "^2.27.5",
-    "eslint-plugin-jsx-a11y": "^6.7.1",
-    "eslint-plugin-react": "^7.32.2",
-    "framer-motion": "^9.0.4",
-    "prettier": "^2.8.4",
-    "react": "^18.2.0",
-    "react-dom": "^18.2.0",
-    "react-helmet-async": "^1.3.0"
+    "jotai": "^2.12.2"
   },
   "devDependencies": {
-    "@tauri-apps/cli": "^1.2.2",
-    "@types/node": "^18.7.10",
-    "@types/react": "^18.0.15",
-    "@types/react-dom": "^18.0.6",
-    "@vitejs/plugin-react": "^3.0.0",
-    "autoprefixer": "^10.4.13",
-    "concurrently": "^7.6.0",
-    "postcss": "^8.4.21",
-    "tailwindcss": "^3.2.7",
-    "typescript": "^4.6.4",
-    "vite": "^4.0.0",
-    "vite-plugin-rsw": "^2.0.11",
-    "vite-plugin-top-level-await": "^1.2.4"
+    "@eslint/compat": "^1.3.0",
+    "@eslint/eslintrc": "^3.3.1",
+    "@eslint/js": "^9.29.0",
+    "@tauri-apps/cli": "2.4.1",
+    "@typescript-eslint/eslint-plugin": "^8.27.0",
+    "@typescript-eslint/parser": "^8.27.0",
+    "@yaakapp/cli": "^0.2.7",
+    "eslint": "^9.29.0",
+    "eslint-config-prettier": "^10.1.5",
+    "eslint-plugin-import": "^2.32.0",
+    "eslint-plugin-jsx-a11y": "^6.10.2",
+    "eslint-plugin-react": "^7.37.5",
+    "eslint-plugin-react-hooks": "^5.2.0",
+    "nodejs-file-downloader": "^4.13.0",
+    "npm-run-all": "^4.1.5",
+    "prettier": "^3.4.2",
+    "typescript": "^5.8.3",
+    "vitest": "^3.2.4",
+    "workspaces-run": "^1.0.2"
   }
 }

packages/common-lib/debounce.ts

@@ -0,0 +1,13 @@
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export function debounce(fn: (...args: any[]) => void, delay = 500) {
+  let timer: ReturnType<typeof setTimeout>;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const result = function (...args: any[]) {
+    clearTimeout(timer);
+    timer = setTimeout(() => fn(...args), delay);
+  };
+  result.cancel = function () {
+    clearTimeout(timer);
+  };
+  return result;
+}

packages/common-lib/formatSize.ts

@@ -0,0 +1,20 @@
+export function formatSize(bytes: number): string {
+    let num;
+    let unit;
+
+    if (bytes > 1000 * 1000 * 1000) {
+        num = bytes / 1000 / 1000 / 1000;
+        unit = 'GB';
+    } else if (bytes > 1000 * 1000) {
+        num = bytes / 1000 / 1000;
+        unit = 'MB';
+    } else if (bytes > 1000) {
+        num = bytes / 1000;
+        unit = 'KB';
+    } else {
+        num = bytes;
+        unit = 'B';
+    }
+
+    return `${Math.round(num * 10) / 10} ${unit}`;
+}

packages/common-lib/index.ts

@@ -0,0 +1 @@
+export * from './debounce';

packages/common-lib/package.json

@@ -0,0 +1,6 @@
+{
+  "name": "@yaakapp-internal/lib",
+  "private": true,
+  "version": "1.0.0",
+  "main": "index.ts"
+}

packages/plugin-runtime-types/.gitignore

@@ -0,0 +1,2 @@
+lib
+node_modules

packages/plugin-runtime-types/README.md

@@ -0,0 +1,28 @@
+# Yaak Plugin API
+
+Yaak is a desktop [API client](https://yaak.app/blog/yet-another-api-client) for
+interacting with REST, GraphQL, Server Sent Events (SSE), WebSocket, and gRPC APIs. It's
+built using Tauri, Rust, and ReactJS.
+
+Plugins can be created in TypeScript, which are executed alongside Yaak in a NodeJS
+runtime. This package contains the TypeScript type definitions required to make building
+Yaak plugins a breeze.
+
+## Quick Start
+
+The easiest way to get started is by generating a plugin with the Yaak CLI:
+
+```shell
+npx @yaakapp/cli generate
+```
+
+For more details on creating plugins, check out
+the [Quick Start Guide](https://feedback.yaak.app/help/articles/6911763-plugins-quick-start)
+
+## Installation
+
+If you prefer starting from scratch, manually install the types package:
+
+```shell
+npm install -D @yaakapp/api
+```

packages/plugin-runtime-types/package-lock.json

@@ -0,0 +1,47 @@
+{
+  "name": "@yaakapp/api",
+  "version": "0.1.17",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "@yaakapp/api",
+      "version": "0.1.17",
+      "dependencies": {
+        "@types/node": "^22.5.4"
+      },
+      "devDependencies": {
+        "typescript": "^5.6.2"
+      }
+    },
+    "node_modules/@types/node": {
+      "version": "22.5.4",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.5.4.tgz",
+      "integrity": "sha512-FDuKUJQm/ju9fT/SeX/6+gBzoPzlVCzfzmGkwKvRHQVxi4BntVbyIwf6a4Xn62mrvndLiml6z/UBXIdEVjQLXg==",
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~6.19.2"
+      }
+    },
+    "node_modules/typescript": {
+      "version": "5.6.2",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.2.tgz",
+      "integrity": "sha512-NW8ByodCSNCwZeghjN3o+JX5OFH0Ojg6sadjEKY4huZ52TqbJTJnDo5+Tw98lSy63NZvi4n+ez5m2u5d4PkZyw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/undici-types": {
+      "version": "6.19.8",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz",
+      "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==",
+      "license": "MIT"
+    }
+  }
+}

packages/plugin-runtime-types/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "@yaakapp/api",
+  "version": "0.6.6",
+  "keywords": [
+    "api-client",
+    "insomnia-alternative",
+    "bruno-alternative",
+    "postman-alternative"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mountain-loop/yaak"
+  },
+  "bugs": {
+    "url": "https://feedback.yaak.app"
+  },
+  "homepage": "https://yaak.app",
+  "main": "lib/index.js",
+  "typings": "./lib/index.d.ts",
+  "files": [
+    "lib/**/*"
+  ],
+  "scripts": {
+    "bootstrap": "npm run build",
+    "build": "run-s build:copy-types build:tsc",
+    "build:tsc": "tsc",
+    "build:copy-types": "run-p build:copy-types:*",
+    "build:copy-types:root": "cpy --flat ../../src-tauri/yaak-plugins/bindings/*.ts ./src/bindings",
+    "build:copy-types:next": "cpy --flat ../../src-tauri/yaak-plugins/bindings/serde_json/*.ts ./src/bindings/serde_json",
+    "publish": "npm publish",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "@types/node": "^24.0.13"
+  },
+  "devDependencies": {
+    "cpy-cli": "^5.0.0"
+  }
+}

packages/plugin-runtime-types/src/bindings/gen_api.ts

@@ -0,0 +1,8 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { PluginVersion } from "./gen_search.js";
+
+export type PluginNameVersion = { name: string, version: string, };
+
+export type PluginSearchResponse = { plugins: Array<PluginVersion>, };
+
+export type PluginUpdatesResponse = { plugins: Array<PluginNameVersion>, };

packages/plugin-runtime-types/src/bindings/gen_events.ts

@@ -0,0 +1,486 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { Environment, Folder, GrpcRequest, HttpRequest, HttpResponse, WebsocketRequest, Workspace } from "./gen_models.js";
+import type { JsonValue } from "./serde_json/JsonValue.js";
+
+export type BootRequest = { dir: string, watch: boolean, };
+
+export type CallGrpcRequestActionArgs = { grpcRequest: GrpcRequest, protoFiles: Array<string>, };
+
+export type CallGrpcRequestActionRequest = { index: number, pluginRefId: string, args: CallGrpcRequestActionArgs, };
+
+export type CallHttpAuthenticationActionArgs = { contextId: string, values: { [key in string]?: JsonPrimitive }, };
+
+export type CallHttpAuthenticationActionRequest = { index: number, pluginRefId: string, args: CallHttpAuthenticationActionArgs, };
+
+export type CallHttpAuthenticationRequest = { contextId: string, values: { [key in string]?: JsonPrimitive }, method: string, url: string, headers: Array<HttpHeader>, };
+
+export type CallHttpAuthenticationResponse = { 
+/**
+ * HTTP headers to add to the request. Existing headers will be replaced, while
+ * new headers will be added.
+ */
+setHeaders?: Array<HttpHeader>, 
+/**
+ * Query parameters to add to the request. Existing params will be replaced, while
+ * new params will be added.
+ */
+setQueryParameters?: Array<HttpHeader>, };
+
+export type CallHttpRequestActionArgs = { httpRequest: HttpRequest, };
+
+export type CallHttpRequestActionRequest = { index: number, pluginRefId: string, args: CallHttpRequestActionArgs, };
+
+export type CallTemplateFunctionArgs = { purpose: RenderPurpose, values: { [key in string]?: JsonValue }, };
+
+export type CallTemplateFunctionRequest = { name: string, args: CallTemplateFunctionArgs, };
+
+export type CallTemplateFunctionResponse = { value: string | null, error?: string, };
+
+export type CloseWindowRequest = { label: string, };
+
+export type Color = "primary" | "secondary" | "info" | "success" | "notice" | "warning" | "danger";
+
+export type CompletionOptionType = "constant" | "variable";
+
+export type Content = { "type": "text", content: string, } | { "type": "markdown", content: string, };
+
+export type CopyTextRequest = { text: string, };
+
+export type DeleteKeyValueRequest = { key: string, };
+
+export type DeleteKeyValueResponse = { deleted: boolean, };
+
+export type EditorLanguage = "text" | "javascript" | "json" | "html" | "xml" | "graphql" | "markdown";
+
+export type EmptyPayload = {};
+
+export type ErrorResponse = { error: string, };
+
+export type ExportHttpRequestRequest = { httpRequest: HttpRequest, };
+
+export type ExportHttpRequestResponse = { content: string, };
+
+export type FileFilter = { name: string, 
+/**
+ * File extensions to require
+ */
+extensions: Array<string>, };
+
+export type FilterRequest = { content: string, filter: string, };
+
+export type FilterResponse = { content: string, error?: string, };
+
+export type FindHttpResponsesRequest = { requestId: string, limit?: number, };
+
+export type FindHttpResponsesResponse = { httpResponses: Array<HttpResponse>, };
+
+export type FormInput = { "type": "text" } & FormInputText | { "type": "editor" } & FormInputEditor | { "type": "select" } & FormInputSelect | { "type": "checkbox" } & FormInputCheckbox | { "type": "file" } & FormInputFile | { "type": "http_request" } & FormInputHttpRequest | { "type": "accordion" } & FormInputAccordion | { "type": "banner" } & FormInputBanner | { "type": "markdown" } & FormInputMarkdown;
+
+export type FormInputAccordion = { label: string, inputs?: Array<FormInput>, hidden?: boolean, };
+
+export type FormInputBanner = { inputs?: Array<FormInput>, hidden?: boolean, color?: Color, };
+
+export type FormInputBase = { 
+/**
+ * The name of the input. The value will be stored at this object attribute in the resulting data
+ */
+name: string, 
+/**
+ * Whether this input is visible for the given configuration. Use this to
+ * make branching forms.
+ */
+hidden?: boolean, 
+/**
+ * Whether the user must fill in the argument
+ */
+optional?: boolean, 
+/**
+ * The label of the input
+ */
+label?: string, 
+/**
+ * Visually hide the label of the input
+ */
+hideLabel?: boolean, 
+/**
+ * The default value
+ */
+defaultValue?: string, disabled?: boolean, 
+/**
+ * Longer description of the input, likely shown in a tooltip
+ */
+description?: string, };
+
+export type FormInputCheckbox = { 
+/**
+ * The name of the input. The value will be stored at this object attribute in the resulting data
+ */
+name: string, 
+/**
+ * Whether this input is visible for the given configuration. Use this to
+ * make branching forms.
+ */
+hidden?: boolean, 
+/**
+ * Whether the user must fill in the argument
+ */
+optional?: boolean, 
+/**
+ * The label of the input
+ */
+label?: string, 
+/**
+ * Visually hide the label of the input
+ */
+hideLabel?: boolean, 
+/**
+ * The default value
+ */
+defaultValue?: string, disabled?: boolean, 
+/**
+ * Longer description of the input, likely shown in a tooltip
+ */
+description?: string, };
+
+export type FormInputEditor = { 
+/**
+ * Placeholder for the text input
+ */
+placeholder?: string | null, 
+/**
+ * Don't show the editor gutter (line numbers, folds, etc.)
+ */
+hideGutter?: boolean, 
+/**
+ * Language for syntax highlighting
+ */
+language?: EditorLanguage, readOnly?: boolean, completionOptions?: Array<GenericCompletionOption>, 
+/**
+ * The name of the input. The value will be stored at this object attribute in the resulting data
+ */
+name: string, 
+/**
+ * Whether this input is visible for the given configuration. Use this to
+ * make branching forms.
+ */
+hidden?: boolean, 
+/**
+ * Whether the user must fill in the argument
+ */
+optional?: boolean, 
+/**
+ * The label of the input
+ */
+label?: string, 
+/**
+ * Visually hide the label of the input
+ */
+hideLabel?: boolean, 
+/**
+ * The default value
+ */
+defaultValue?: string, disabled?: boolean, 
+/**
+ * Longer description of the input, likely shown in a tooltip
+ */
+description?: string, };
+
+export type FormInputFile = { 
+/**
+ * The title of the file selection window
+ */
+title: string, 
+/**
+ * Allow selecting multiple files
+ */
+multiple?: boolean, directory?: boolean, defaultPath?: string, filters?: Array<FileFilter>, 
+/**
+ * The name of the input. The value will be stored at this object attribute in the resulting data
+ */
+name: string, 
+/**
+ * Whether this input is visible for the given configuration. Use this to
+ * make branching forms.
+ */
+hidden?: boolean, 
+/**
+ * Whether the user must fill in the argument
+ */
+optional?: boolean, 
+/**
+ * The label of the input
+ */
+label?: string, 
+/**
+ * Visually hide the label of the input
+ */
+hideLabel?: boolean, 
+/**
+ * The default value
+ */
+defaultValue?: string, disabled?: boolean, 
+/**
+ * Longer description of the input, likely shown in a tooltip
+ */
+description?: string, };
+
+export type FormInputHttpRequest = { 
+/**
+ * The name of the input. The value will be stored at this object attribute in the resulting data
+ */
+name: string, 
+/**
+ * Whether this input is visible for the given configuration. Use this to
+ * make branching forms.
+ */
+hidden?: boolean, 
+/**
+ * Whether the user must fill in the argument
+ */
+optional?: boolean, 
+/**
+ * The label of the input
+ */
+label?: string, 
+/**
+ * Visually hide the label of the input
+ */
+hideLabel?: boolean, 
+/**
+ * The default value
+ */
+defaultValue?: string, disabled?: boolean, 
+/**
+ * Longer description of the input, likely shown in a tooltip
+ */
+description?: string, };
+
+export type FormInputMarkdown = { content: string, hidden?: boolean, };
+
+export type FormInputSelect = { 
+/**
+ * The options that will be available in the select input
+ */
+options: Array<FormInputSelectOption>, 
+/**
+ * The name of the input. The value will be stored at this object attribute in the resulting data
+ */
+name: string, 
+/**
+ * Whether this input is visible for the given configuration. Use this to
+ * make branching forms.
+ */
+hidden?: boolean, 
+/**
+ * Whether the user must fill in the argument
+ */
+optional?: boolean, 
+/**
+ * The label of the input
+ */
+label?: string, 
+/**
+ * Visually hide the label of the input
+ */
+hideLabel?: boolean, 
+/**
+ * The default value
+ */
+defaultValue?: string, disabled?: boolean, 
+/**
+ * Longer description of the input, likely shown in a tooltip
+ */
+description?: string, };
+
+export type FormInputSelectOption = { label: string, value: string, };
+
+export type FormInputText = { 
+/**
+ * Placeholder for the text input
+ */
+placeholder?: string | null, 
+/**
+ * Placeholder for the text input
+ */
+password?: boolean, 
+/**
+ * Whether to allow newlines in the input, like a <textarea/>
+ */
+multiLine?: boolean, completionOptions?: Array<GenericCompletionOption>, 
+/**
+ * The name of the input. The value will be stored at this object attribute in the resulting data
+ */
+name: string, 
+/**
+ * Whether this input is visible for the given configuration. Use this to
+ * make branching forms.
+ */
+hidden?: boolean, 
+/**
+ * Whether the user must fill in the argument
+ */
+optional?: boolean, 
+/**
+ * The label of the input
+ */
+label?: string, 
+/**
+ * Visually hide the label of the input
+ */
+hideLabel?: boolean, 
+/**
+ * The default value
+ */
+defaultValue?: string, disabled?: boolean, 
+/**
+ * Longer description of the input, likely shown in a tooltip
+ */
+description?: string, };
+
+export type GenericCompletionOption = { label: string, detail?: string, info?: string, type?: CompletionOptionType, boost?: number, };
+
+export type GetCookieValueRequest = { name: string, };
+
+export type GetCookieValueResponse = { value: string | null, };
+
+export type GetGrpcRequestActionsResponse = { actions: Array<GrpcRequestAction>, pluginRefId: string, };
+
+export type GetHttpAuthenticationConfigRequest = { contextId: string, values: { [key in string]?: JsonPrimitive }, };
+
+export type GetHttpAuthenticationConfigResponse = { args: Array<FormInput>, pluginRefId: string, actions?: Array<HttpAuthenticationAction>, };
+
+export type GetHttpAuthenticationSummaryResponse = { name: string, label: string, shortLabel: string, };
+
+export type GetHttpRequestActionsResponse = { actions: Array<HttpRequestAction>, pluginRefId: string, };
+
+export type GetHttpRequestByIdRequest = { id: string, };
+
+export type GetHttpRequestByIdResponse = { httpRequest: HttpRequest | null, };
+
+export type GetKeyValueRequest = { key: string, };
+
+export type GetKeyValueResponse = { value?: string, };
+
+export type GetTemplateFunctionsResponse = { functions: Array<TemplateFunction>, pluginRefId: string, };
+
+export type GetThemesRequest = Record<string, never>;
+
+export type GetThemesResponse = { themes: Array<Theme>, };
+
+export type GrpcRequestAction = { label: string, icon?: Icon, };
+
+export type HttpAuthenticationAction = { label: string, icon?: Icon, };
+
+export type HttpHeader = { name: string, value: string, };
+
+export type HttpRequestAction = { label: string, icon?: Icon, };
+
+export type Icon = "alert_triangle" | "check" | "check_circle" | "chevron_down" | "copy" | "info" | "pin" | "search" | "trash" | "_unknown";
+
+export type ImportRequest = { content: string, };
+
+export type ImportResources = { workspaces: Array<Workspace>, environments: Array<Environment>, folders: Array<Folder>, httpRequests: Array<HttpRequest>, grpcRequests: Array<GrpcRequest>, websocketRequests: Array<WebsocketRequest>, };
+
+export type ImportResponse = { resources: ImportResources, };
+
+export type InternalEvent = { id: string, pluginRefId: string, pluginName: string, replyId: string | null, windowContext: PluginWindowContext, payload: InternalEventPayload, };
+
+export type InternalEventPayload = { "type": "boot_request" } & BootRequest | { "type": "boot_response" } | { "type": "reload_response" } & ReloadResponse | { "type": "terminate_request" } | { "type": "terminate_response" } | { "type": "import_request" } & ImportRequest | { "type": "import_response" } & ImportResponse | { "type": "filter_request" } & FilterRequest | { "type": "filter_response" } & FilterResponse | { "type": "export_http_request_request" } & ExportHttpRequestRequest | { "type": "export_http_request_response" } & ExportHttpRequestResponse | { "type": "send_http_request_request" } & SendHttpRequestRequest | { "type": "send_http_request_response" } & SendHttpRequestResponse | { "type": "list_cookie_names_request" } & ListCookieNamesRequest | { "type": "list_cookie_names_response" } & ListCookieNamesResponse | { "type": "get_cookie_value_request" } & GetCookieValueRequest | { "type": "get_cookie_value_response" } & GetCookieValueResponse | { "type": "get_http_request_actions_request" } & EmptyPayload | { "type": "get_http_request_actions_response" } & GetHttpRequestActionsResponse | { "type": "call_http_request_action_request" } & CallHttpRequestActionRequest | { "type": "get_grpc_request_actions_request" } & EmptyPayload | { "type": "get_grpc_request_actions_response" } & GetGrpcRequestActionsResponse | { "type": "call_grpc_request_action_request" } & CallGrpcRequestActionRequest | { "type": "get_template_functions_request" } | { "type": "get_template_functions_response" } & GetTemplateFunctionsResponse | { "type": "call_template_function_request" } & CallTemplateFunctionRequest | { "type": "call_template_function_response" } & CallTemplateFunctionResponse | { "type": "get_http_authentication_summary_request" } & EmptyPayload | { "type": "get_http_authentication_summary_response" } & GetHttpAuthenticationSummaryResponse | { "type": "get_http_authentication_config_request" } & GetHttpAuthenticationConfigRequest | { "type": "get_http_authentication_config_response" } & GetHttpAuthenticationConfigResponse | { "type": "call_http_authentication_request" } & CallHttpAuthenticationRequest | { "type": "call_http_authentication_response" } & CallHttpAuthenticationResponse | { "type": "call_http_authentication_action_request" } & CallHttpAuthenticationActionRequest | { "type": "call_http_authentication_action_response" } & EmptyPayload | { "type": "copy_text_request" } & CopyTextRequest | { "type": "copy_text_response" } & EmptyPayload | { "type": "render_http_request_request" } & RenderHttpRequestRequest | { "type": "render_http_request_response" } & RenderHttpRequestResponse | { "type": "render_grpc_request_request" } & RenderGrpcRequestRequest | { "type": "render_grpc_request_response" } & RenderGrpcRequestResponse | { "type": "get_key_value_request" } & GetKeyValueRequest | { "type": "get_key_value_response" } & GetKeyValueResponse | { "type": "set_key_value_request" } & SetKeyValueRequest | { "type": "set_key_value_response" } & SetKeyValueResponse | { "type": "delete_key_value_request" } & DeleteKeyValueRequest | { "type": "delete_key_value_response" } & DeleteKeyValueResponse | { "type": "open_window_request" } & OpenWindowRequest | { "type": "window_navigate_event" } & WindowNavigateEvent | { "type": "window_close_event" } | { "type": "close_window_request" } & CloseWindowRequest | { "type": "template_render_request" } & TemplateRenderRequest | { "type": "template_render_response" } & TemplateRenderResponse | { "type": "show_toast_request" } & ShowToastRequest | { "type": "show_toast_response" } & EmptyPayload | { "type": "prompt_text_request" } & PromptTextRequest | { "type": "prompt_text_response" } & PromptTextResponse | { "type": "get_http_request_by_id_request" } & GetHttpRequestByIdRequest | { "type": "get_http_request_by_id_response" } & GetHttpRequestByIdResponse | { "type": "find_http_responses_request" } & FindHttpResponsesRequest | { "type": "find_http_responses_response" } & FindHttpResponsesResponse | { "type": "get_themes_request" } & GetThemesRequest | { "type": "get_themes_response" } & GetThemesResponse | { "type": "empty_response" } & EmptyPayload | { "type": "error_response" } & ErrorResponse;
+
+export type JsonPrimitive = string | number | boolean | null;
+
+export type ListCookieNamesRequest = {};
+
+export type ListCookieNamesResponse = { names: Array<string>, };
+
+export type OpenWindowRequest = { url: string, 
+/**
+ * Label for the window. If not provided, a random one will be generated.
+ */
+label: string, title?: string, size?: WindowSize, dataDirKey?: string, };
+
+export type PluginWindowContext = { "type": "none" } | { "type": "label", label: string, workspace_id: string | null, };
+
+export type PromptTextRequest = { id: string, title: string, label: string, description?: string, defaultValue?: string, placeholder?: string, 
+/**
+ * Text to add to the confirmation button
+ */
+confirmText?: string, 
+/**
+ * Text to add to the cancel button
+ */
+cancelText?: string, 
+/**
+ * Require the user to enter a non-empty value
+ */
+required?: boolean, };
+
+export type PromptTextResponse = { value: string | null, };
+
+export type ReloadResponse = { silent: boolean, };
+
+export type RenderGrpcRequestRequest = { grpcRequest: GrpcRequest, purpose: RenderPurpose, };
+
+export type RenderGrpcRequestResponse = { grpcRequest: GrpcRequest, };
+
+export type RenderHttpRequestRequest = { httpRequest: HttpRequest, purpose: RenderPurpose, };
+
+export type RenderHttpRequestResponse = { httpRequest: HttpRequest, };
+
+export type RenderPurpose = "send" | "preview";
+
+export type SendHttpRequestRequest = { httpRequest: Partial<HttpRequest>, };
+
+export type SendHttpRequestResponse = { httpResponse: HttpResponse, };
+
+export type SetKeyValueRequest = { key: string, value: string, };
+
+export type SetKeyValueResponse = {};
+
+export type ShowToastRequest = { message: string, color?: Color, icon?: Icon, };
+
+export type TemplateFunction = { name: string, description?: string, 
+/**
+ * Also support alternative names. This is useful for not breaking existing
+ * tags when changing the `name` property
+ */
+aliases?: Array<string>, args: Array<TemplateFunctionArg>, };
+
+/**
+ * Similar to FormInput, but contains
+ */
+export type TemplateFunctionArg = FormInput;
+
+export type TemplateRenderRequest = { data: JsonValue, purpose: RenderPurpose, };
+
+export type TemplateRenderResponse = { data: JsonValue, };
+
+export type Theme = { 
+/**
+ * How the theme is identified. This should never be changed
+ */
+id: string, 
+/**
+ * The friendly name of the theme to be displayed to the user
+ */
+label: string, 
+/**
+ * Whether the theme will be used for dark or light appearance
+ */
+dark: boolean, 
+/**
+ * The default top-level colors for the theme
+ */
+base: ThemeComponentColors, 
+/**
+ * Optionally override theme for individual UI components for more control
+ */
+components?: ThemeComponents, };
+
+export type ThemeComponentColors = { surface?: string, surfaceHighlight?: string, surfaceActive?: string, text?: string, textSubtle?: string, textSubtlest?: string, border?: string, borderSubtle?: string, borderFocus?: string, shadow?: string, backdrop?: string, selection?: string, primary?: string, secondary?: string, info?: string, success?: string, notice?: string, warning?: string, danger?: string, };
+
+export type ThemeComponents = { dialog?: ThemeComponentColors, menu?: ThemeComponentColors, toast?: ThemeComponentColors, sidebar?: ThemeComponentColors, responsePane?: ThemeComponentColors, appHeader?: ThemeComponentColors, button?: ThemeComponentColors, banner?: ThemeComponentColors, templateTag?: ThemeComponentColors, urlBar?: ThemeComponentColors, editor?: ThemeComponentColors, input?: ThemeComponentColors, };
+
+export type WindowNavigateEvent = { url: string, };
+
+export type WindowSize = { width: number, height: number, };

packages/plugin-runtime-types/src/bindings/gen_models.ts

@@ -0,0 +1,25 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type Environment = { model: "environment", id: string, workspaceId: string, createdAt: string, updatedAt: string, name: string, public: boolean, base: boolean, variables: Array<EnvironmentVariable>, color: string | null, };
+
+export type EnvironmentVariable = { enabled?: boolean, name: string, value: string, id?: string, };
+
+export type Folder = { model: "folder", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, sortPriority: number, };
+
+export type GrpcRequest = { model: "grpc_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authenticationType: string | null, authentication: Record<string, any>, description: string, message: string, metadata: Array<HttpRequestHeader>, method: string | null, name: string, service: string | null, sortPriority: number, url: string, };
+
+export type HttpRequest = { model: "http_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, body: Record<string, any>, bodyType: string | null, description: string, headers: Array<HttpRequestHeader>, method: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };
+
+export type HttpRequestHeader = { enabled?: boolean, name: string, value: string, id?: string, };
+
+export type HttpResponse = { model: "http_response", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, bodyPath: string | null, contentLength: number | null, elapsed: number, elapsedHeaders: number, error: string | null, headers: Array<HttpResponseHeader>, remoteAddr: string | null, status: number, statusReason: string | null, state: HttpResponseState, url: string, version: string | null, };
+
+export type HttpResponseHeader = { name: string, value: string, };
+
+export type HttpResponseState = "initialized" | "connected" | "closed";
+
+export type HttpUrlParameter = { enabled?: boolean, name: string, value: string, id?: string, };
+
+export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };
+
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };

packages/plugin-runtime-types/src/bindings/gen_search.ts

@@ -0,0 +1,5 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type PluginMetadata = { version: string, name: string, displayName: string, description: string | null, homepageUrl: string | null, repositoryUrl: string | null, };
+
+export type PluginVersion = { id: string, version: string, url: string, description: string | null, name: string, displayName: string, homepageUrl: string | null, repositoryUrl: string | null, checksum: string, readme: string | null, yanked: boolean, };

packages/plugin-runtime-types/src/bindings/serde_json/JsonValue.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type JsonValue = number | string | boolean | Array<JsonValue> | { [key in string]?: JsonValue } | null;

packages/plugin-runtime-types/src/helpers.ts

@@ -0,0 +1,2 @@
+export type AtLeast<T, K extends keyof T> = Partial<T> & Pick<T, K>;
+export type MaybePromise<T> = Promise<T> | T;

packages/plugin-runtime-types/src/index.ts

@@ -0,0 +1,9 @@
+export type * from './plugins';
+export type * from './themes';
+
+export * from './bindings/gen_models';
+export * from './bindings/gen_events';
+
+// Some extras for utility
+
+export type { PartialImportResources } from './plugins/ImporterPlugin';

packages/plugin-runtime-types/src/plugins/AuthenticationPlugin.ts

@@ -0,0 +1,29 @@
+import {
+  CallHttpAuthenticationActionArgs,
+  CallHttpAuthenticationRequest,
+  CallHttpAuthenticationResponse,
+  FormInput,
+  GetHttpAuthenticationConfigRequest,
+  GetHttpAuthenticationSummaryResponse,
+  HttpAuthenticationAction,
+} from '../bindings/gen_events';
+import { MaybePromise } from '../helpers';
+import { Context } from './Context';
+
+type DynamicFormInput = FormInput & {
+  dynamic(
+    ctx: Context,
+    args: GetHttpAuthenticationConfigRequest,
+  ): MaybePromise<Partial<FormInput> | undefined | null>;
+};
+
+export type AuthenticationPlugin = GetHttpAuthenticationSummaryResponse & {
+  args: (FormInput | DynamicFormInput)[];
+  onApply(
+    ctx: Context,
+    args: CallHttpAuthenticationRequest,
+  ): MaybePromise<CallHttpAuthenticationResponse>;
+  actions?: (HttpAuthenticationAction & {
+    onSelect(ctx: Context, args: CallHttpAuthenticationActionArgs): Promise<void> | void;
+  })[];
+};

packages/plugin-runtime-types/src/plugins/Context.ts

@@ -0,0 +1,67 @@
+import type {
+  FindHttpResponsesRequest,
+  FindHttpResponsesResponse,
+  GetCookieValueRequest,
+  GetCookieValueResponse,
+  GetHttpRequestByIdRequest,
+  GetHttpRequestByIdResponse,
+  ListCookieNamesResponse,
+  OpenWindowRequest,
+  PromptTextRequest,
+  PromptTextResponse,
+  RenderGrpcRequestRequest,
+  RenderGrpcRequestResponse,
+  RenderHttpRequestRequest,
+  RenderHttpRequestResponse,
+  SendHttpRequestRequest,
+  SendHttpRequestResponse,
+  ShowToastRequest,
+  TemplateRenderRequest,
+} from '../bindings/gen_events.ts';
+import { JsonValue } from '../bindings/serde_json/JsonValue';
+
+export interface Context {
+  clipboard: {
+    copyText(text: string): Promise<void>;
+  };
+  toast: {
+    show(args: ShowToastRequest): Promise<void>;
+  };
+  prompt: {
+    text(args: PromptTextRequest): Promise<PromptTextResponse['value']>;
+  };
+  store: {
+    set<T>(key: string, value: T): Promise<void>;
+    get<T>(key: string): Promise<T | undefined>;
+    delete(key: string): Promise<boolean>;
+  };
+  window: {
+    openUrl(
+      args: OpenWindowRequest & {
+        onNavigate?: (args: { url: string }) => void;
+        onClose?: () => void;
+      },
+    ): Promise<{ close: () => void }>;
+  };
+  cookies: {
+    listNames(): Promise<ListCookieNamesResponse['names']>;
+    getValue(args: GetCookieValueRequest): Promise<GetCookieValueResponse['value']>;
+  };
+  grpcRequest: {
+    render(args: RenderGrpcRequestRequest): Promise<RenderGrpcRequestResponse['grpcRequest']>;
+  };
+  httpRequest: {
+    send(args: SendHttpRequestRequest): Promise<SendHttpRequestResponse['httpResponse']>;
+    getById(args: GetHttpRequestByIdRequest): Promise<GetHttpRequestByIdResponse['httpRequest']>;
+    render(args: RenderHttpRequestRequest): Promise<RenderHttpRequestResponse['httpRequest']>;
+  };
+  httpResponse: {
+    find(args: FindHttpResponsesRequest): Promise<FindHttpResponsesResponse['httpResponses']>;
+  };
+  templates: {
+    render<T extends JsonValue>(args: TemplateRenderRequest & { data: T }): Promise<T>;
+  };
+  plugin: {
+    reload(): void;
+  };
+}

packages/plugin-runtime-types/src/plugins/FilterPlugin.ts

@@ -0,0 +1,11 @@
+import { FilterResponse } from '../bindings/gen_events';
+import type { Context } from './Context';
+
+export type FilterPlugin = {
+  name: string;
+  description?: string;
+  onFilter(
+    ctx: Context,
+    args: { payload: string; filter: string; mimeType: string },
+  ): Promise<FilterResponse> | FilterResponse;
+};

packages/plugin-runtime-types/src/plugins/GrpcRequestActionPlugin.ts

@@ -0,0 +1,6 @@
+import { CallGrpcRequestActionArgs, GrpcRequestAction } from '../bindings/gen_events';
+import type { Context } from './Context';
+
+export type GrpcRequestActionPlugin = GrpcRequestAction & {
+  onSelect(ctx: Context, args: CallGrpcRequestActionArgs): Promise<void> | void;
+};

packages/plugin-runtime-types/src/plugins/HttpRequestActionPlugin.ts

@@ -0,0 +1,6 @@
+import type { CallHttpRequestActionArgs, HttpRequestAction } from '../bindings/gen_events';
+import type { Context } from './Context';
+
+export type HttpRequestActionPlugin = HttpRequestAction & {
+  onSelect(ctx: Context, args: CallHttpRequestActionArgs): Promise<void> | void;
+};

packages/plugin-runtime-types/src/plugins/ImporterPlugin.ts

@@ -0,0 +1,28 @@
+import { ImportResources } from '../bindings/gen_events';
+import { AtLeast, MaybePromise } from '../helpers';
+import type { Context } from './Context';
+
+type RootFields = 'name' | 'id' | 'model';
+type CommonFields = RootFields | 'workspaceId';
+
+export type PartialImportResources = {
+  workspaces: Array<AtLeast<ImportResources['workspaces'][0], RootFields>>;
+  environments: Array<AtLeast<ImportResources['environments'][0], CommonFields>>;
+  folders: Array<AtLeast<ImportResources['folders'][0], CommonFields>>;
+  httpRequests: Array<AtLeast<ImportResources['httpRequests'][0], CommonFields>>;
+  grpcRequests: Array<AtLeast<ImportResources['grpcRequests'][0], CommonFields>>;
+  websocketRequests: Array<AtLeast<ImportResources['websocketRequests'][0], CommonFields>>;
+};
+
+export type ImportPluginResponse = null | {
+  resources: PartialImportResources;
+};
+
+export type ImporterPlugin = {
+  name: string;
+  description?: string;
+  onImport(
+    ctx: Context,
+    args: { text: string },
+  ): MaybePromise<ImportPluginResponse | null | undefined>;
+};

packages/plugin-runtime-types/src/plugins/TemplateFunctionPlugin.ts

@@ -0,0 +1,12 @@
+import {
+  CallTemplateFunctionArgs,
+  TemplateFunction,
+} from "../bindings/gen_events";
+import { Context } from "./Context";
+
+export type TemplateFunctionPlugin = TemplateFunction & {
+  onRender(
+    ctx: Context,
+    args: CallTemplateFunctionArgs,
+  ): Promise<string | null>;
+};

packages/plugin-runtime-types/src/plugins/ThemePlugin.ts

@@ -0,0 +1,3 @@
+import { Theme } from '../bindings/gen_events';
+
+export type ThemePlugin = Theme;

packages/plugin-runtime-types/src/plugins/index.ts

@@ -0,0 +1,26 @@
+import { AuthenticationPlugin } from './AuthenticationPlugin';
+import type { FilterPlugin } from './FilterPlugin';
+import { GrpcRequestActionPlugin } from './GrpcRequestActionPlugin';
+import type { HttpRequestActionPlugin } from './HttpRequestActionPlugin';
+import type { ImporterPlugin } from './ImporterPlugin';
+import type { TemplateFunctionPlugin } from './TemplateFunctionPlugin';
+import type { ThemePlugin } from './ThemePlugin';
+
+import type { Context } from './Context';
+
+export type { Context };
+
+/**
+ * The global structure of a Yaak plugin
+ */
+export type PluginDefinition = {
+  init?: (ctx: Context) => void | Promise<void>;
+  dispose?: () => void | Promise<void>;
+  importer?: ImporterPlugin;
+  themes?: ThemePlugin[];
+  filter?: FilterPlugin;
+  authentication?: AuthenticationPlugin;
+  httpRequestActions?: HttpRequestActionPlugin[];
+  grpcRequestActions?: GrpcRequestActionPlugin[];
+  templateFunctions?: TemplateFunctionPlugin[];
+};

packages/plugin-runtime-types/src/themes/index.ts

@@ -0,0 +1,44 @@
+export type Colors = {
+  surface: string;
+  surfaceHighlight?: string;
+  surfaceActive?: string;
+
+  text: string;
+  textSubtle?: string;
+  textSubtlest?: string;
+
+  border?: string;
+  borderSubtle?: string;
+  borderFocus?: string;
+
+  shadow?: string;
+  backdrop?: string;
+  selection?: string;
+
+  primary?: string;
+  secondary?: string;
+  info?: string;
+  success?: string;
+  notice?: string;
+  warning?: string;
+  danger?: string;
+};
+
+export type Index = Colors & {
+  id: string;
+  name: string;
+  components?: Partial<{
+    dialog: Partial<Colors>;
+    menu: Partial<Colors>;
+    toast: Partial<Colors>;
+    sidebar: Partial<Colors>;
+    responsePane: Partial<Colors>;
+    appHeader: Partial<Colors>;
+    button: Partial<Colors>;
+    banner: Partial<Colors>;
+    placeholder: Partial<Colors>;
+    urlBar: Partial<Colors>;
+    editor: Partial<Colors>;
+    input: Partial<Colors>;
+  }>;
+};

packages/plugin-runtime-types/tsconfig.json

@@ -0,0 +1,20 @@
+{
+  "compilerOptions": {
+    "module": "node16",
+    "target": "es6",
+    "lib": [
+      "es2021",
+      "dom"
+    ],
+    "declaration": true,
+    "declarationDir": "./lib",
+    "outDir": "./lib",
+    "strict": true,
+    "types": [
+      "node"
+    ]
+  },
+  "files": [
+    "src/index.ts"
+  ]
+}

packages/plugin-runtime/package-lock.json

@@ -0,0 +1,10 @@
+{
+  "name": "@yaakapp-internal/plugin-runtime",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "@yaakapp-internal/plugin-runtime"
+    }
+  }
+}

packages/plugin-runtime/package.json

@@ -0,0 +1,14 @@
+{
+  "name": "@yaakapp-internal/plugin-runtime",
+  "scripts": {
+    "bootstrap": "npm run build",
+    "build": "run-p build:*",
+    "build:main": "esbuild src/index.ts --bundle --platform=node --outfile=../../src-tauri/vendored/plugin-runtime/index.cjs"
+  },
+  "dependencies": {
+    "ws": "^8.18.0"
+  },
+  "devDependencies": {
+    "@types/ws": "^8.5.13"
+  }
+}

packages/plugin-runtime/src/EventChannel.ts

@@ -0,0 +1,19 @@
+import type { InternalEvent } from '@yaakapp/api';
+
+export class EventChannel {
+  #listeners = new Set<(event: InternalEvent) => void>();
+
+  emit(e: InternalEvent) {
+    for (const l of this.#listeners) {
+      l(e);
+    }
+  }
+
+  listen(cb: (e: InternalEvent) => void) {
+    this.#listeners.add(cb);
+  }
+
+  unlisten(cb: (e: InternalEvent) => void) {
+    this.#listeners.delete(cb);
+  }
+}

packages/plugin-runtime/src/PluginHandle.ts

@@ -0,0 +1,27 @@
+import type { BootRequest, InternalEvent } from '@yaakapp/api';
+import type { EventChannel } from './EventChannel';
+import { PluginInstance, PluginWorkerData } from './PluginInstance';
+
+export class PluginHandle {
+  #instance: PluginInstance;
+
+  constructor(
+    readonly pluginRefId: string,
+    readonly bootRequest: BootRequest,
+    readonly pluginToAppEvents: EventChannel,
+  ) {
+    const workerData: PluginWorkerData = {
+      pluginRefId: this.pluginRefId,
+      bootRequest: this.bootRequest,
+    };
+    this.#instance = new PluginInstance(workerData, pluginToAppEvents);
+  }
+
+  sendToWorker(event: InternalEvent) {
+    this.#instance.postMessage(event);
+  }
+
+  async terminate() {
+    await this.#instance.terminate();
+  }
+}

packages/plugin-runtime/src/PluginInstance.ts

@@ -0,0 +1,664 @@
+import {
+  BootRequest,
+  DeleteKeyValueResponse,
+  FindHttpResponsesResponse,
+  FormInput,
+  GetCookieValueRequest,
+  GetCookieValueResponse,
+  GetHttpRequestByIdResponse,
+  GetKeyValueResponse,
+  GrpcRequestAction,
+  HttpAuthenticationAction,
+  HttpRequestAction,
+  InternalEvent,
+  InternalEventPayload,
+  ListCookieNamesResponse,
+  PluginWindowContext,
+  PromptTextResponse,
+  RenderGrpcRequestResponse,
+  RenderHttpRequestResponse,
+  SendHttpRequestResponse,
+  TemplateFunction,
+  TemplateFunctionArg,
+  TemplateRenderResponse,
+} from '@yaakapp-internal/plugins';
+import { Context, PluginDefinition } from '@yaakapp/api';
+import { JsonValue } from '@yaakapp/api/lib/bindings/serde_json/JsonValue';
+import console from 'node:console';
+import { readFileSync, type Stats, statSync, watch } from 'node:fs';
+import path from 'node:path';
+import { EventChannel } from './EventChannel';
+import { migrateTemplateFunctionSelectOptions } from './migrations';
+
+export interface PluginWorkerData {
+  bootRequest: BootRequest;
+  pluginRefId: string;
+}
+
+export class PluginInstance {
+  #workerData: PluginWorkerData;
+  #mod: PluginDefinition;
+  #pkg: { name?: string; version?: string };
+  #pluginToAppEvents: EventChannel;
+  #appToPluginEvents: EventChannel;
+
+  constructor(workerData: PluginWorkerData, pluginEvents: EventChannel) {
+    this.#workerData = workerData;
+    this.#pluginToAppEvents = pluginEvents;
+    this.#appToPluginEvents = new EventChannel();
+
+    // Forward incoming events to onMessage()
+    this.#appToPluginEvents.listen(async (event) => {
+      await this.#onMessage(event);
+    });
+
+    // Reload plugin if the JS or package.json changes
+    const windowContextNone: PluginWindowContext = { type: 'none' };
+
+    this.#mod = {} as any;
+    this.#pkg = JSON.parse(readFileSync(this.#pathPkg(), 'utf8'));
+
+    const fileChangeCallback = async () => {
+      await this.#mod?.dispose?.();
+      this.#importModule();
+      await this.#mod?.init?.(this.#newCtx({ type: 'none' }));
+      return this.#sendPayload(
+        windowContextNone,
+        {
+          type: 'reload_response',
+          silent: false,
+        },
+        null,
+      );
+    };
+
+    if (this.#workerData.bootRequest.watch) {
+      watchFile(this.#pathMod(), fileChangeCallback);
+      watchFile(this.#pathPkg(), fileChangeCallback);
+    }
+
+    this.#importModule();
+  }
+
+  postMessage(event: InternalEvent) {
+    this.#appToPluginEvents.emit(event);
+  }
+
+  async terminate() {
+    await this.#mod?.dispose?.();
+    this.#unimportModule();
+  }
+
+  async #onMessage(event: InternalEvent) {
+    const ctx = this.#newCtx(event.windowContext);
+
+    const { windowContext, payload, id: replyId } = event;
+
+    try {
+      if (payload.type === 'boot_request') {
+        await this.#mod?.init?.(ctx);
+        this.#sendPayload(windowContext, { type: 'boot_response' }, replyId);
+        return;
+      }
+
+      if (payload.type === 'terminate_request') {
+        const payload: InternalEventPayload = {
+          type: 'terminate_response',
+        };
+        await this.terminate();
+        this.#sendPayload(windowContext, payload, replyId);
+        return;
+      }
+
+      if (
+        payload.type === 'import_request' &&
+        typeof this.#mod?.importer?.onImport === 'function'
+      ) {
+        const reply = await this.#mod.importer.onImport(ctx, {
+          text: payload.content,
+        });
+        if (reply != null) {
+          const replyPayload: InternalEventPayload = {
+            type: 'import_response',
+            // deno-lint-ignore no-explicit-any
+            resources: reply.resources as any,
+          };
+          this.#sendPayload(windowContext, replyPayload, replyId);
+          return;
+        } else {
+          // Continue, to send back an empty reply
+        }
+      }
+
+      if (payload.type === 'filter_request' && typeof this.#mod?.filter?.onFilter === 'function') {
+        const reply = await this.#mod.filter.onFilter(ctx, {
+          filter: payload.filter,
+          payload: payload.content,
+          mimeType: payload.type,
+        });
+        this.#sendPayload(windowContext, { type: 'filter_response', ...reply }, replyId);
+        return;
+      }
+
+      if (
+        payload.type === 'get_grpc_request_actions_request' &&
+        Array.isArray(this.#mod?.grpcRequestActions)
+      ) {
+        const reply: GrpcRequestAction[] = this.#mod.grpcRequestActions.map((a) => ({
+          ...a,
+          // Add everything except onSelect
+          onSelect: undefined,
+        }));
+        const replyPayload: InternalEventPayload = {
+          type: 'get_grpc_request_actions_response',
+          pluginRefId: this.#workerData.pluginRefId,
+          actions: reply,
+        };
+        this.#sendPayload(windowContext, replyPayload, replyId);
+        return;
+      }
+
+      if (
+        payload.type === 'get_http_request_actions_request' &&
+        Array.isArray(this.#mod?.httpRequestActions)
+      ) {
+        const reply: HttpRequestAction[] = this.#mod.httpRequestActions.map((a) => ({
+          ...a,
+          // Add everything except onSelect
+          onSelect: undefined,
+        }));
+        const replyPayload: InternalEventPayload = {
+          type: 'get_http_request_actions_response',
+          pluginRefId: this.#workerData.pluginRefId,
+          actions: reply,
+        };
+        this.#sendPayload(windowContext, replyPayload, replyId);
+        return;
+      }
+
+      if (payload.type === 'get_themes_request' && Array.isArray(this.#mod?.themes)) {
+        const replyPayload: InternalEventPayload = {
+          type: 'get_themes_response',
+          themes: this.#mod.themes,
+        };
+        this.#sendPayload(windowContext, replyPayload, replyId);
+        return;
+      }
+
+      if (
+        payload.type === 'get_template_functions_request' &&
+        Array.isArray(this.#mod?.templateFunctions)
+      ) {
+        const reply: TemplateFunction[] = this.#mod.templateFunctions.map((templateFunction) => {
+          return {
+            ...migrateTemplateFunctionSelectOptions(templateFunction),
+            // Add everything except render
+            onRender: undefined,
+          };
+        });
+        const replyPayload: InternalEventPayload = {
+          type: 'get_template_functions_response',
+          pluginRefId: this.#workerData.pluginRefId,
+          functions: reply,
+        };
+        this.#sendPayload(windowContext, replyPayload, replyId);
+        return;
+      }
+
+      if (payload.type === 'get_http_authentication_summary_request' && this.#mod?.authentication) {
+        const { name, shortLabel, label } = this.#mod.authentication;
+        const replyPayload: InternalEventPayload = {
+          type: 'get_http_authentication_summary_response',
+          name,
+          label,
+          shortLabel,
+        };
+
+        this.#sendPayload(windowContext, replyPayload, replyId);
+        return;
+      }
+
+      if (payload.type === 'get_http_authentication_config_request' && this.#mod?.authentication) {
+        const { args, actions } = this.#mod.authentication;
+        const resolvedArgs: FormInput[] = [];
+        for (const v of args) {
+          if (v && 'dynamic' in v) {
+            const dynamicAttrs = await v.dynamic(ctx, payload);
+            const { dynamic, ...other } = v;
+            resolvedArgs.push({ ...other, ...dynamicAttrs } as FormInput);
+          } else if (v) {
+            resolvedArgs.push(v);
+          }
+        }
+        const resolvedActions: HttpAuthenticationAction[] = [];
+        for (const { onSelect, ...action } of actions ?? []) {
+          resolvedActions.push(action);
+        }
+
+        const replyPayload: InternalEventPayload = {
+          type: 'get_http_authentication_config_response',
+          args: resolvedArgs,
+          actions: resolvedActions,
+          pluginRefId: this.#workerData.pluginRefId,
+        };
+
+        this.#sendPayload(windowContext, replyPayload, replyId);
+        return;
+      }
+
+      if (payload.type === 'call_http_authentication_request' && this.#mod?.authentication) {
+        const auth = this.#mod.authentication;
+        if (typeof auth?.onApply === 'function') {
+          applyFormInputDefaults(auth.args, payload.values);
+          this.#sendPayload(
+            windowContext,
+            {
+              type: 'call_http_authentication_response',
+              ...(await auth.onApply(ctx, payload)),
+            },
+            replyId,
+          );
+          return;
+        }
+      }
+
+      if (
+        payload.type === 'call_http_authentication_action_request' &&
+        this.#mod.authentication != null
+      ) {
+        const action = this.#mod.authentication.actions?.[payload.index];
+        if (typeof action?.onSelect === 'function') {
+          await action.onSelect(ctx, payload.args);
+          this.#sendEmpty(windowContext, replyId);
+          return;
+        }
+      }
+
+      if (
+        payload.type === 'call_http_request_action_request' &&
+        Array.isArray(this.#mod.httpRequestActions)
+      ) {
+        const action = this.#mod.httpRequestActions[payload.index];
+        if (typeof action?.onSelect === 'function') {
+          await action.onSelect(ctx, payload.args);
+          this.#sendEmpty(windowContext, replyId);
+          return;
+        }
+      }
+
+      if (
+        payload.type === 'call_grpc_request_action_request' &&
+        Array.isArray(this.#mod.grpcRequestActions)
+      ) {
+        const action = this.#mod.grpcRequestActions[payload.index];
+        if (typeof action?.onSelect === 'function') {
+          await action.onSelect(ctx, payload.args);
+          this.#sendEmpty(windowContext, replyId);
+          return;
+        }
+      }
+
+      if (
+        payload.type === 'call_template_function_request' &&
+        Array.isArray(this.#mod?.templateFunctions)
+      ) {
+        const fn = this.#mod.templateFunctions.find((a) => a.name === payload.name);
+        if (typeof fn?.onRender === 'function') {
+          applyFormInputDefaults(fn.args, payload.args.values);
+          try {
+            const result = await fn.onRender(ctx, payload.args);
+            this.#sendPayload(
+              windowContext,
+              {
+                type: 'call_template_function_response',
+                value: result ?? null,
+              },
+              replyId,
+            );
+          } catch (err) {
+            this.#sendPayload(
+              windowContext,
+              {
+                type: 'call_template_function_response',
+                value: null,
+                error: `${err}`.replace(/^Error:\s*/g, ''),
+              },
+              replyId,
+            );
+          }
+          return;
+        }
+      }
+    } catch (err) {
+      const error = `${err}`.replace(/^Error:\s*/g, '');
+      console.log('Plugin call threw exception', payload.type, '→', error);
+      this.#sendPayload(windowContext, { type: 'error_response', error }, replyId);
+      return;
+    }
+
+    // No matches, so send back an empty response so the caller doesn't block forever
+    this.#sendEmpty(windowContext, replyId);
+  }
+
+  #pathMod() {
+    return path.posix.join(this.#workerData.bootRequest.dir, 'build', 'index.js');
+  }
+
+  #pathPkg() {
+    return path.join(this.#workerData.bootRequest.dir, 'package.json');
+  }
+
+  #unimportModule() {
+    const id = require.resolve(this.#pathMod());
+    delete require.cache[id];
+  }
+
+  #importModule() {
+    const id = require.resolve(this.#pathMod());
+    delete require.cache[id];
+    this.#mod = require(id).plugin;
+  }
+
+  #buildEventToSend(
+    windowContext: PluginWindowContext,
+    payload: InternalEventPayload,
+    replyId: string | null = null,
+  ): InternalEvent {
+    return {
+      pluginRefId: this.#workerData.pluginRefId,
+      pluginName: path.basename(this.#workerData.bootRequest.dir),
+      id: genId(),
+      replyId,
+      payload,
+      windowContext,
+    };
+  }
+
+  #sendPayload(
+    windowContext: PluginWindowContext,
+    payload: InternalEventPayload,
+    replyId: string | null,
+  ): string {
+    const event = this.#buildEventToSend(windowContext, payload, replyId);
+    this.#sendEvent(event);
+    return event.id;
+  }
+
+  #sendEvent(event: InternalEvent) {
+    // if (event.payload.type !== 'empty_response') {
+    //   console.log('Sending event to app', this.#pkg.name, event.id, event.payload.type);
+    // }
+    this.#pluginToAppEvents.emit(event);
+  }
+
+  #sendEmpty(windowContext: PluginWindowContext, replyId: string | null = null): string {
+    return this.#sendPayload(windowContext, { type: 'empty_response' }, replyId);
+  }
+
+  #sendAndWaitForReply<T extends Omit<InternalEventPayload, 'type'>>(
+    windowContext: PluginWindowContext,
+    payload: InternalEventPayload,
+  ): Promise<T> {
+    // 1. Build event to send
+    const eventToSend = this.#buildEventToSend(windowContext, payload, null);
+
+    // 2. Spawn listener in background
+    const promise = new Promise<T>((resolve) => {
+      const cb = (event: InternalEvent) => {
+        if (event.replyId === eventToSend.id) {
+          this.#appToPluginEvents.unlisten(cb); // Unlisten, now that we're done
+          const { type: _, ...payload } = event.payload;
+          resolve(payload as T);
+        }
+      };
+      this.#appToPluginEvents.listen(cb);
+    });
+
+    // 3. Send the event after we start listening (to prevent race)
+    this.#sendEvent(eventToSend);
+
+    // 4. Return the listener promise
+    return promise as unknown as Promise<T>;
+  }
+
+  #sendAndListenForEvents(
+    windowContext: PluginWindowContext,
+    payload: InternalEventPayload,
+    onEvent: (event: InternalEventPayload) => void,
+  ): void {
+    // 1. Build event to send
+    const eventToSend = this.#buildEventToSend(windowContext, payload, null);
+
+    // 2. Listen for replies in the background
+    this.#appToPluginEvents.listen((event: InternalEvent) => {
+      if (event.replyId === eventToSend.id) {
+        onEvent(event.payload);
+      }
+    });
+
+    // 3. Send the event after we start listening (to prevent race)
+    this.#sendEvent(eventToSend);
+  }
+
+  #newCtx(windowContext: PluginWindowContext): Context {
+    return {
+      clipboard: {
+        copyText: async (text) => {
+          await this.#sendAndWaitForReply(windowContext, {
+            type: 'copy_text_request',
+            text,
+          });
+        },
+      },
+      toast: {
+        show: async (args) => {
+          await this.#sendAndWaitForReply(windowContext, {
+            type: 'show_toast_request',
+            ...args,
+          });
+        },
+      },
+      window: {
+        openUrl: async ({ onNavigate, onClose, ...args }) => {
+          args.label = args.label || `${Math.random()}`;
+          const payload: InternalEventPayload = { type: 'open_window_request', ...args };
+          const onEvent = (event: InternalEventPayload) => {
+            if (event.type === 'window_navigate_event') {
+              onNavigate?.(event);
+            } else if (event.type === 'window_close_event') {
+              onClose?.();
+            }
+          };
+          this.#sendAndListenForEvents(windowContext, payload, onEvent);
+          return {
+            close: () => {
+              const closePayload: InternalEventPayload = {
+                type: 'close_window_request',
+                label: args.label,
+              };
+              this.#sendPayload(windowContext, closePayload, null);
+            },
+          };
+        },
+      },
+      prompt: {
+        text: async (args) => {
+          const reply: PromptTextResponse = await this.#sendAndWaitForReply(windowContext, {
+            type: 'prompt_text_request',
+            ...args,
+          });
+          return reply.value;
+        },
+      },
+      httpResponse: {
+        find: async (args) => {
+          const payload = {
+            type: 'find_http_responses_request',
+            ...args,
+          } as const;
+          const { httpResponses } = await this.#sendAndWaitForReply<FindHttpResponsesResponse>(
+            windowContext,
+            payload,
+          );
+          return httpResponses;
+        },
+      },
+      grpcRequest: {
+        render: async (args) => {
+          const payload = {
+            type: 'render_grpc_request_request',
+            ...args,
+          } as const;
+          const { grpcRequest } = await this.#sendAndWaitForReply<RenderGrpcRequestResponse>(
+            windowContext,
+            payload,
+          );
+          return grpcRequest;
+        },
+      },
+      httpRequest: {
+        getById: async (args) => {
+          const payload = {
+            type: 'get_http_request_by_id_request',
+            ...args,
+          } as const;
+          const { httpRequest } = await this.#sendAndWaitForReply<GetHttpRequestByIdResponse>(
+            windowContext,
+            payload,
+          );
+          return httpRequest;
+        },
+        send: async (args) => {
+          const payload = {
+            type: 'send_http_request_request',
+            ...args,
+          } as const;
+          const { httpResponse } = await this.#sendAndWaitForReply<SendHttpRequestResponse>(
+            windowContext,
+            payload,
+          );
+          return httpResponse;
+        },
+        render: async (args) => {
+          const payload = {
+            type: 'render_http_request_request',
+            ...args,
+          } as const;
+          const { httpRequest } = await this.#sendAndWaitForReply<RenderHttpRequestResponse>(
+            windowContext,
+            payload,
+          );
+          return httpRequest;
+        },
+      },
+      cookies: {
+        getValue: async (args: GetCookieValueRequest) => {
+          const payload = {
+            type: 'get_cookie_value_request',
+            ...args,
+          } as const;
+          const { value } = await this.#sendAndWaitForReply<GetCookieValueResponse>(
+            windowContext,
+            payload,
+          );
+          return value;
+        },
+        listNames: async () => {
+          const payload = { type: 'list_cookie_names_request' } as const;
+          const { names } = await this.#sendAndWaitForReply<ListCookieNamesResponse>(
+            windowContext,
+            payload,
+          );
+          return names;
+        },
+      },
+      templates: {
+        /**
+         * Invoke Yaak's template engine to render a value. If the value is a nested type
+         * (eg. object), it will be recursively rendered.
+         */
+        render: async (args) => {
+          const payload = { type: 'template_render_request', ...args } as const;
+          const result = await this.#sendAndWaitForReply<TemplateRenderResponse>(
+            windowContext,
+            payload,
+          );
+          return result.data as any;
+        },
+      },
+      store: {
+        get: async <T>(key: string) => {
+          const payload = { type: 'get_key_value_request', key } as const;
+          const result = await this.#sendAndWaitForReply<GetKeyValueResponse>(
+            windowContext,
+            payload,
+          );
+          return result.value ? (JSON.parse(result.value) as T) : undefined;
+        },
+        set: async <T>(key: string, value: T) => {
+          const valueStr = JSON.stringify(value);
+          const payload: InternalEventPayload = {
+            type: 'set_key_value_request',
+            key,
+            value: valueStr,
+          };
+          await this.#sendAndWaitForReply<GetKeyValueResponse>(windowContext, payload);
+        },
+        delete: async (key: string) => {
+          const payload = { type: 'delete_key_value_request', key } as const;
+          const result = await this.#sendAndWaitForReply<DeleteKeyValueResponse>(
+            windowContext,
+            payload,
+          );
+          return result.deleted;
+        },
+      },
+      plugin: {
+        reload: () => {
+          this.#sendPayload({ type: 'none' }, { type: 'reload_response', silent: true }, null);
+        },
+      },
+    };
+  }
+}
+
+function genId(len = 5): string {
+  const alphabet = '01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+  let id = '';
+  for (let i = 0; i < len; i++) {
+    id += alphabet[Math.floor(Math.random() * alphabet.length)];
+  }
+  return id;
+}
+
+/** Recursively apply form input defaults to a set of values */
+function applyFormInputDefaults(
+  inputs: TemplateFunctionArg[],
+  values: { [p: string]: JsonValue | undefined },
+) {
+  for (const input of inputs) {
+    if ('inputs' in input) {
+      applyFormInputDefaults(input.inputs ?? [], values);
+    } else if ('defaultValue' in input && values[input.name] === undefined) {
+      values[input.name] = input.defaultValue;
+    }
+  }
+}
+
+const watchedFiles: Record<string, Stats | null> = {};
+
+/**
+ * Watch a file and trigger a callback on change.
+ *
+ * We also track the stat for each file because fs.watch() will
+ * trigger a "change" event when the access date changes.
+ */
+function watchFile(filepath: string, cb: () => void) {
+  watch(filepath, () => {
+    const stat = statSync(filepath, { throwIfNoEntry: false });
+    if (stat == null || stat.mtimeMs !== watchedFiles[filepath]?.mtimeMs) {
+      watchedFiles[filepath] = stat ?? null;
+      cb();
+    }
+  });
+}

packages/plugin-runtime/src/index.ts

@@ -0,0 +1,59 @@
+import type { InternalEvent } from '@yaakapp/api';
+import { EventChannel } from './EventChannel';
+import { PluginHandle } from './PluginHandle';
+import WebSocket from 'ws';
+
+const port = process.env.PORT;
+if (!port) {
+  throw new Error('Plugin runtime missing PORT')
+}
+
+const pluginToAppEvents = new EventChannel();
+const plugins: Record<string, PluginHandle> = {};
+
+const ws = new WebSocket(`ws://localhost:${port}`);
+
+ws.on('message', async (e: Buffer) => {
+  try {
+    await handleIncoming(e.toString());
+  } catch (err) {
+    console.log('Failed to handle incoming plugin event', err);
+  }
+});
+ws.on('open', () => console.log('Plugin runtime connected to websocket'));
+ws.on('error', (err: any) => console.error('Plugin runtime websocket error', err));
+ws.on('close', (code: number) => console.log('Plugin runtime websocket closed', code));
+
+// Listen for incoming events from plugins
+pluginToAppEvents.listen((e) => {
+  const eventStr = JSON.stringify(e);
+  ws.send(eventStr);
+});
+
+async function handleIncoming(msg: string) {
+  const pluginEvent: InternalEvent = JSON.parse(msg);
+  // Handle special event to bootstrap plugin
+  if (pluginEvent.payload.type === 'boot_request') {
+    const plugin = new PluginHandle(pluginEvent.pluginRefId, pluginEvent.payload, pluginToAppEvents);
+    plugins[pluginEvent.pluginRefId] = plugin;
+  }
+
+  // Once booted, forward all events to the plugin worker
+  const plugin = plugins[pluginEvent.pluginRefId];
+  if (!plugin) {
+    console.warn('Failed to get plugin for event by', pluginEvent.pluginRefId);
+    return;
+  }
+
+  if (pluginEvent.payload.type === 'terminate_request') {
+    await plugin.terminate();
+    console.log('Terminated plugin worker', pluginEvent.pluginRefId);
+    delete plugins[pluginEvent.pluginRefId];
+  }
+
+  plugin.sendToWorker(pluginEvent);
+}
+
+process.on('unhandledRejection', (reason, promise) => {
+  console.error('Unhandled Rejection at:', promise, 'reason:', reason);
+});

packages/plugin-runtime/src/interceptStdout.ts

@@ -0,0 +1,37 @@
+import process from "node:process";
+
+export function interceptStdout(
+  intercept: (text: string) => string,
+) {
+  const old_stdout_write = process.stdout.write;
+  const old_stderr_write = process.stderr.write;
+
+  process.stdout.write = (function (write) {
+    return function (text: string) {
+      arguments[0] = interceptor(text, intercept);
+      // deno-lint-ignore no-explicit-any
+      write.apply(process.stdout, arguments as any);
+      return true;
+    };
+  })(process.stdout.write);
+
+  process.stderr.write = (function (write) {
+    return function (text: string) {
+      arguments[0] = interceptor(text, intercept);
+      // deno-lint-ignore no-explicit-any
+      write.apply(process.stderr, arguments as any);
+      return true;
+    };
+  })(process.stderr.write);
+
+  // puts back to original
+  return function unhook() {
+    process.stdout.write = old_stdout_write;
+    process.stderr.write = old_stderr_write;
+  };
+}
+
+function interceptor(text: string, fn: (text: string) => string) {
+  return fn(text).replace(/\n$/, "") +
+    (fn(text) && /\n$/.test(text) ? "\n" : "");
+}

packages/plugin-runtime/src/migrations.ts

@@ -0,0 +1,18 @@
+import { TemplateFunction } from '@yaakapp/api';
+
+export function migrateTemplateFunctionSelectOptions(f: TemplateFunction): TemplateFunction {
+  const migratedArgs = f.args.map((a) => {
+    if (a.type === 'select') {
+      a.options = a.options.map((o) => ({
+        ...o,
+        label: o.label || (o as any).name,
+      }));
+    }
+    return a;
+  });
+
+  return {
+    ...f,
+    args: migratedArgs,
+  };
+}

packages/plugin-runtime/tsconfig.json

@@ -0,0 +1,25 @@
+{
+  "compilerOptions": {
+    "module": "node16",
+    "strict": true,
+    "esModuleInterop": true,
+    "allowSyntheticDefaultImports": true,
+    "target": "es2021",
+    "lib": ["es2021"],
+    "noImplicitAny": false,
+    "moduleResolution": "node16",
+    "resolveJsonModule": true,
+    "sourceMap": true,
+    "outDir": "build",
+    "baseUrl": ".",
+    "paths": {
+      "*": [
+        "node_modules/*",
+        "src/types/*"
+      ]
+    }
+  },
+  "include": [
+    "src"
+  ]
+}

plugins/.gitignore

@@ -0,0 +1 @@
+*/build

plugins/action-copy-curl/README.md

@@ -0,0 +1,68 @@
+# Copy as cUrl
+
+A request action plugin for Yaak that converts HTTP requests into [curl](https://curl.se)
+commands, making it easy to share, debug, and execute requests outside Yaak.
+
+![Screenshot of context menu](screenshot.png)
+
+## Overview
+
+This plugin adds a 'Copy as Curl' action to HTTP requests, converting any request into its
+equivalent curl command. This is useful for debugging, sharing requests with team members,
+and executing requests in terminal environments where `curl` is available.
+
+## How It Works
+
+The plugin analyzes the given HTTP request and generates a properly formatted curl command
+that includes:
+
+- HTTP method (GET, POST, PUT, DELETE, etc.)
+- Request URL with query parameters
+- Headers (including authentication headers)
+- Request body (for POST, PUT, PATCH requests)
+- Authentication credentials
+
+## Usage
+
+1. Configure an HTTP request as usual in Yaak
+2. Right-click on the request in the sidebar
+3. Select 'Copy as Curl'
+4. The command is copied to your clipboard
+5. Share or execute the command
+
+## Generated Curl Examples
+
+### Simple GET Request
+
+```bash
+curl -X GET 'https://api.example.com/users' \
+  --header 'Accept: application/json'
+```
+
+### POST Request with JSON Data
+
+```bash
+curl -X POST 'https://api.example.com/users' \
+  --header 'Content-Type: application/json' \
+  --header 'Accept: application/json' \
+  --data '{
+    "name": "John Doe",
+    "email": "john@example.com"
+  }'
+```
+
+### Request with Multi-part Form Data
+
+```bash
+curl -X POST 'yaak.app' \
+  --header 'Content-Type: multipart/form-data' \
+  --form 'hello=world' \
+  --form file=@/path/to/file.json
+```
+
+### Request with Authentication
+
+```bash
+curl -X GET 'https://api.example.com/protected' \
+  --user 'username:password'
+```

plugins/action-copy-curl/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "@yaak/action-copy-curl",
+  "displayName": "Copy as Curl",
+  "description": "Copy request as a curl command",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mountain-loop/yaak.git",
+    "directory": "plugins/action-copy-curl"
+  },
+  "private": true,
+  "version": "0.1.0",
+  "scripts": {
+    "build": "yaakcli build",
+    "dev": "yaakcli dev",
+    "lint": "eslint . --ext .ts,.tsx"
+  }
+}

plugins/action-copy-curl/src/index.ts

@@ -0,0 +1,123 @@
+import type { HttpRequest, PluginDefinition } from '@yaakapp/api';
+
+const NEWLINE = '\\\n ';
+
+export const plugin: PluginDefinition = {
+  httpRequestActions: [
+    {
+      label: 'Copy as Curl',
+      icon: 'copy',
+      async onSelect(ctx, args) {
+        const rendered_request = await ctx.httpRequest.render({
+          httpRequest: args.httpRequest,
+          purpose: 'preview',
+        });
+        const data = await convertToCurl(rendered_request);
+        await ctx.clipboard.copyText(data);
+        await ctx.toast.show({
+          message: 'Command copied to clipboard',
+          icon: 'copy',
+          color: 'success',
+        });
+      },
+    },
+  ],
+};
+
+export async function convertToCurl(request: Partial<HttpRequest>) {
+  const xs = ['curl'];
+
+  // Add method and URL all on first line
+  if (request.method) xs.push('-X', request.method);
+
+  // Build final URL with parameters (compatible with old curl)
+  let finalUrl = request.url || '';
+  const urlParams = (request.urlParameters ?? []).filter(onlyEnabled);
+  if (urlParams.length > 0) {
+    // Build url
+    const [base, hash] = finalUrl.split('#');
+    const separator = base!.includes('?') ? '&' : '?';
+    const queryString = urlParams
+      .map((p) => `${encodeURIComponent(p.name)}=${encodeURIComponent(p.value)}`)
+      .join('&');
+    finalUrl = base + separator + queryString + (hash ? `#${hash}` : '');
+  }
+
+  xs.push(quote(finalUrl));
+  xs.push(NEWLINE);
+
+  // Add headers
+  for (const h of (request.headers ?? []).filter(onlyEnabled)) {
+    xs.push('--header', quote(`${h.name}: ${h.value}`));
+    xs.push(NEWLINE);
+  }
+
+  // Add form params
+  const type = request.bodyType ?? 'none';
+  if (
+    (type === 'multipart/form-data' || type === 'application/x-www-form-urlencoded') &&
+    Array.isArray(request.body?.form)
+  ) {
+    const flag = request.bodyType === 'multipart/form-data' ? '--form' : '--data';
+    for (const p of (request.body?.form ?? []).filter(onlyEnabled)) {
+      if (p.file) {
+        let v = `${p.name}=@${p.file}`;
+        v += p.contentType ? `;type=${p.contentType}` : '';
+        xs.push(flag, v);
+      } else {
+        xs.push(flag, quote(`${p.name}=${p.value}`));
+      }
+      xs.push(NEWLINE);
+    }
+  } else if (type === 'graphql' && typeof request.body?.query === 'string') {
+    const body = {
+      query: request.body.query || '',
+      variables: maybeParseJSON(request.body.variables, undefined),
+    };
+    xs.push('--data', quote(JSON.stringify(body)));
+    xs.push(NEWLINE);
+  } else if (type !== 'none' && typeof request.body?.text === 'string') {
+    xs.push('--data', quote(request.body.text));
+    xs.push(NEWLINE);
+  }
+
+  // Add basic/digest authentication
+  if (request.authenticationType === 'basic' || request.authenticationType === 'digest') {
+    if (request.authenticationType === 'digest') xs.push('--digest');
+    xs.push(
+      '--user',
+      quote(`${request.authentication?.username ?? ''}:${request.authentication?.password ?? ''}`),
+    );
+    xs.push(NEWLINE);
+  }
+
+  // Add bearer authentication
+  if (request.authenticationType === 'bearer') {
+    xs.push('--header', quote(`Authorization: Bearer ${request.authentication?.token ?? ''}`));
+    xs.push(NEWLINE);
+  }
+
+  // Remove trailing newline
+  if (xs[xs.length - 1] === NEWLINE) {
+    xs.splice(xs.length - 1, 1);
+  }
+
+  return xs.join(' ');
+}
+
+function quote(arg: string): string {
+  const escaped = arg.replace(/'/g, "\\'");
+  return `'${escaped}'`;
+}
+
+function onlyEnabled(v: { name?: string; enabled?: boolean }): boolean {
+  return v.enabled !== false && !!v.name;
+}
+
+function maybeParseJSON<T>(v: string, fallback: T) {
+  try {
+    return JSON.parse(v);
+  } catch {
+    return fallback;
+  }
+}

plugins/action-copy-curl/tests/index.test.ts

@@ -0,0 +1,233 @@
+import { describe, expect, test } from 'vitest';
+import { convertToCurl } from '../src';
+
+describe('exporter-curl', () => {
+  test('Exports GET with params', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        urlParameters: [
+          { name: 'a', value: 'aaa' },
+          { name: 'b', value: 'bbb', enabled: true },
+          { name: 'c', value: 'ccc', enabled: false },
+        ],
+      }),
+    ).toEqual(
+      [`curl 'https://yaak.app?a=aaa&b=bbb'`].join(` \\n  `),
+    );
+  });
+
+  test('Exports GET with params and hash', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app/path#section',
+        urlParameters: [
+          { name: 'a', value: 'aaa' },
+          { name: 'b', value: 'bbb', enabled: true },
+          { name: 'c', value: 'ccc', enabled: false },
+        ],
+      }),
+    ).toEqual(
+      [`curl 'https://yaak.app/path?a=aaa&b=bbb#section'`].join(` \\n  `),
+    );
+  });
+  test('Exports POST with url form data', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        method: 'POST',
+        bodyType: 'application/x-www-form-urlencoded',
+        body: {
+          form: [
+            { name: 'a', value: 'aaa' },
+            { name: 'b', value: 'bbb', enabled: true },
+            { name: 'c', value: 'ccc', enabled: false },
+          ],
+        },
+      }),
+    ).toEqual(
+      [`curl -X POST 'https://yaak.app'`, `--data 'a=aaa'`, `--data 'b=bbb'`].join(` \\\n  `),
+    );
+  });
+
+  test('Exports POST with GraphQL data', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        method: 'POST',
+        bodyType: 'graphql',
+        body: {
+          query: '{foo,bar}',
+          variables: '{"a": "aaa", "b": "bbb"}',
+        },
+      }),
+    ).toEqual(
+      [`curl -X POST 'https://yaak.app'`, `--data '{"query":"{foo,bar}","variables":{"a":"aaa","b":"bbb"}}'`].join(` \\\n  `),
+    );
+  });
+
+  test('Exports POST with GraphQL data no variables', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        method: 'POST',
+        bodyType: 'graphql',
+        body: {
+          query: '{foo,bar}',
+        },
+      }),
+    ).toEqual(
+      [`curl -X POST 'https://yaak.app'`, `--data '{"query":"{foo,bar}"}'`].join(` \\\n  `),
+    );
+  });
+
+  test('Exports PUT with multipart form', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        method: 'PUT',
+        bodyType: 'multipart/form-data',
+        body: {
+          form: [
+            { name: 'a', value: 'aaa' },
+            { name: 'b', value: 'bbb', enabled: true },
+            { name: 'c', value: 'ccc', enabled: false },
+            { name: 'f', file: '/foo/bar.png', contentType: 'image/png' },
+          ],
+        },
+      }),
+    ).toEqual(
+      [
+        `curl -X PUT 'https://yaak.app'`,
+        `--form 'a=aaa'`,
+        `--form 'b=bbb'`,
+        `--form f=@/foo/bar.png;type=image/png`,
+      ].join(` \\\n  `),
+    );
+  });
+
+  test('Exports JSON body', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        method: 'POST',
+        bodyType: 'application/json',
+        body: {
+          text: `{"foo":"bar's"}`,
+        },
+        headers: [{ name: 'Content-Type', value: 'application/json' }],
+      }),
+    ).toEqual(
+      [
+        `curl -X POST 'https://yaak.app'`,
+        `--header 'Content-Type: application/json'`,
+        `--data '{"foo":"bar\\'s"}'`,
+      ].join(` \\\n  `),
+    );
+  });
+
+  test('Exports multi-line JSON body', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        method: 'POST',
+        bodyType: 'application/json',
+        body: {
+          text: `{"foo":"bar",\n"baz":"qux"}`,
+        },
+        headers: [{ name: 'Content-Type', value: 'application/json' }],
+      }),
+    ).toEqual(
+      [
+        `curl -X POST 'https://yaak.app'`,
+        `--header 'Content-Type: application/json'`,
+        `--data '{"foo":"bar",\n"baz":"qux"}'`,
+      ].join(` \\\n  `),
+    );
+  });
+
+  test('Exports headers', async () => {
+    expect(
+      await convertToCurl({
+        headers: [
+          { name: 'a', value: 'aaa' },
+          { name: 'b', value: 'bbb', enabled: true },
+          { name: 'c', value: 'ccc', enabled: false },
+        ],
+      }),
+    ).toEqual([`curl ''`, `--header 'a: aaa'`, `--header 'b: bbb'`].join(` \\\n  `));
+  });
+
+  test('Basic auth', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        authenticationType: 'basic',
+        authentication: {
+          username: 'user',
+          password: 'pass',
+        },
+      }),
+    ).toEqual([`curl 'https://yaak.app'`, `--user 'user:pass'`].join(` \\\n  `));
+  });
+
+  test('Broken basic auth', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        authenticationType: 'basic',
+        authentication: {},
+      }),
+    ).toEqual([`curl 'https://yaak.app'`, `--user ':'`].join(` \\\n  `));
+  });
+
+  test('Digest auth', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        authenticationType: 'digest',
+        authentication: {
+          username: 'user',
+          password: 'pass',
+        },
+      }),
+    ).toEqual([`curl 'https://yaak.app'`, `--digest --user 'user:pass'`].join(` \\\n  `));
+  });
+
+  test('Bearer auth', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        authenticationType: 'bearer',
+        authentication: {
+          token: 'tok',
+        },
+      }),
+    ).toEqual([`curl 'https://yaak.app'`, `--header 'Authorization: Bearer tok'`].join(` \\\n  `));
+  });
+
+  test('Broken bearer auth', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        authenticationType: 'bearer',
+        authentication: {
+          username: 'user',
+          password: 'pass',
+        },
+      }),
+    ).toEqual([`curl 'https://yaak.app'`, `--header 'Authorization: Bearer '`].join(` \\\n  `));
+  });
+
+  test('Stale body data', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        bodyType: 'none',
+        body: {
+          text: 'ignore me',
+        }
+      }),
+    ).toEqual([`curl 'https://yaak.app'`].join(` \\\n  `));
+  });
+});

plugins/action-copy-curl/tsconfig.json

@@ -0,0 +1,3 @@
+{
+  "extends": "../../tsconfig.json"
+}

plugins/action-copy-grpcurl/README.md

@@ -0,0 +1,76 @@
+# Copy as gRPCurl
+
+An HTTP request action plugin that converts gRPC requests
+into [gRPCurl](https://github.com/fullstorydev/grpcurl) commands, enabling easy sharing,
+debugging, and execution of gRPC calls outside Yaak.
+
+![Screenshot of context menu](screenshot.png)
+
+## Overview
+
+This plugin adds a "Copy as gRPCurl" action to gRPC requests, converting any gRPC request
+into its equivalent executable command. This is useful for debugging gRPC services,
+sharing requests with team members, or executing gRPC calls in terminal environments where
+`grpcurl` is available.
+
+## How It Works
+
+The plugin analyzes your gRPC request configuration and generates a properly formatted
+`grpcurl` command that includes:
+
+- gRPC service and method names
+- Server address and port
+- Request message data (JSON format)
+- Metadata (headers)
+- Authentication credentials
+- Protocol buffer definitions
+
+## Usage
+
+1. Configure a gRPC request as usual in Yaak
+2. Right-click on the request sidebar item
+3. Select "Copy as gRPCurl" from the available actions
+4. The command is copied to your clipboard
+5. Share or execute the command
+
+## Generated gRPCurl Examples
+
+### Simple Unary Call
+
+
+```bash
+grpcurl -plaintext \
+  -d '{"name": "John Doe"}' \
+  localhost:9090 \
+  user.UserService/GetUser
+```
+
+### Call with Metadata
+
+```bash
+grpcurl -plaintext \
+  -H "authorization: Bearer my-token" \
+  -H "x-api-version: v1" \
+  -d '{"user_id": "12345"}' \
+  api.example.com:443 \
+  user.UserService/GetUserProfile
+```
+
+### Call with TLS
+
+```bash
+grpcurl \
+  -d '{"query": "search term"}' \
+  secure-api.example.com:443 \
+  search.SearchService/Search
+```
+
+### Call with Proto Files
+
+```bash
+grpcurl -import-path /path/to/protos \
+  -proto /other/path/to/user.proto \
+  -d '{"email": "user@example.com"}' \
+  localhost:9090 \
+  user.UserService/CreateUser
+```

plugins/action-copy-grpcurl/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "@yaak/action-copy-grpcurl",
+  "displayName": "Copy as gRPCurl",
+  "description": "Copy gRPC request as a grpcurl command",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mountain-loop/yaak.git",
+    "directory": "plugins/action-copy-grpcurl"
+  },
+  "private": true,
+  "version": "0.1.0",
+  "scripts": {
+    "build": "yaakcli build",
+    "dev": "yaakcli dev",
+    "lint": "eslint . --ext .ts,.tsx"
+  }
+}

plugins/action-copy-grpcurl/src/index.ts

@@ -0,0 +1,134 @@
+import type { GrpcRequest, PluginDefinition } from '@yaakapp/api';
+import path from 'node:path';
+
+const NEWLINE = '\\\n ';
+
+export const plugin: PluginDefinition = {
+  grpcRequestActions: [
+    {
+      label: 'Copy as gRPCurl',
+      icon: 'copy',
+      async onSelect(ctx, args) {
+        const rendered_request = await ctx.grpcRequest.render({
+          grpcRequest: args.grpcRequest,
+          purpose: 'preview',
+        });
+        const data = await convert(rendered_request, args.protoFiles);
+        await ctx.clipboard.copyText(data);
+        await ctx.toast.show({
+          message: 'Command copied to clipboard',
+          icon: 'copy',
+          color: 'success',
+        });
+      },
+    },
+  ],
+};
+
+export async function convert(request: Partial<GrpcRequest>, allProtoFiles: string[]) {
+  const xs = ['grpcurl'];
+
+  if (request.url?.startsWith('http://')) {
+    xs.push('-plaintext');
+  }
+
+  const protoIncludes = allProtoFiles.filter((f) => !f.endsWith('.proto'));
+  const protoFiles = allProtoFiles.filter((f) => f.endsWith('.proto'));
+
+  const inferredIncludes = new Set<string>();
+  for (const f of protoFiles) {
+    const protoDir = findParentProtoDir(f);
+    if (protoDir) {
+      inferredIncludes.add(protoDir);
+    } else {
+      inferredIncludes.add(path.join(f, '..'));
+      inferredIncludes.add(path.join(f, '..', '..'));
+    }
+  }
+
+  for (const f of protoIncludes) {
+    xs.push('-import-path', quote(f));
+    xs.push(NEWLINE);
+  }
+
+  for (const f of inferredIncludes.values()) {
+    xs.push('-import-path', quote(f));
+    xs.push(NEWLINE);
+  }
+
+  for (const f of protoFiles) {
+    xs.push('-proto', quote(f));
+    xs.push(NEWLINE);
+  }
+
+  // Add headers
+  for (const h of (request.metadata ?? []).filter(onlyEnabled)) {
+    xs.push('-H', quote(`${h.name}: ${h.value}`));
+    xs.push(NEWLINE);
+  }
+
+  // Add basic authentication
+  if (request.authenticationType === 'basic') {
+    const user = request.authentication?.username ?? '';
+    const pass = request.authentication?.password ?? '';
+    const encoded = btoa(`${user}:${pass}`);
+    xs.push('-H', quote(`Authorization: Basic ${encoded}`));
+    xs.push(NEWLINE);
+  } else if (request.authenticationType === 'bearer') {
+    // Add bearer authentication
+    xs.push('-H', quote(`Authorization: Bearer ${request.authentication?.token ?? ''}`));
+    xs.push(NEWLINE);
+  }
+
+  // Add form params
+  if (request.message) {
+    xs.push('-d', `${quote(JSON.stringify(JSON.parse(request.message)))}`);
+    xs.push(NEWLINE);
+  }
+
+  // Add the server address
+  if (request.url) {
+    const server = request.url.replace(/^https?:\/\//, ''); // remove protocol
+    xs.push(server);
+    xs.push(NEWLINE);
+  }
+
+  // Add service + method
+  if (request.service && request.method) {
+    xs.push(`${request.service}/${request.method}`);
+    xs.push(NEWLINE);
+  }
+
+  // Remove trailing newline
+  if (xs[xs.length - 1] === NEWLINE) {
+    xs.splice(xs.length - 1, 1);
+  }
+
+  return xs.join(' ');
+}
+
+function quote(arg: string): string {
+  const escaped = arg.replace(/'/g, "\\'");
+  return `'${escaped}'`;
+}
+
+function onlyEnabled(v: { name?: string; enabled?: boolean }): boolean {
+  return v.enabled !== false && !!v.name;
+}
+
+function findParentProtoDir(startPath: string): string | null {
+  let dir = path.resolve(startPath);
+
+  while (true) {
+    if (path.basename(dir) === 'proto') {
+      return dir;
+    }
+
+    const parent = path.dirname(dir);
+    if (parent === dir) {
+      return null; // Reached root
+    }
+
+    dir = parent;
+  }
+}

plugins/action-copy-grpcurl/tests/index.test.ts

@@ -0,0 +1,110 @@
+import { describe, expect, test } from 'vitest';
+import { convert } from '../src';
+
+describe('exporter-curl', () => {
+  test('Simple example', async () => {
+    expect(
+      await convert(
+        {
+          url: 'https://yaak.app',
+        },
+        [],
+      ),
+    ).toEqual([`grpcurl yaak.app`].join(` \\\n  `));
+  });
+  test('Basic metadata', async () => {
+    expect(
+      await convert(
+        {
+          url: 'https://yaak.app',
+          metadata: [
+            { name: 'aaa', value: 'AAA' },
+            { enabled: true, name: 'bbb', value: 'BBB' },
+            { enabled: false, name: 'disabled', value: 'ddd' },
+          ],
+        },
+        [],
+      ),
+    ).toEqual([`grpcurl -H 'aaa: AAA'`, `-H 'bbb: BBB'`, `yaak.app`].join(` \\\n  `));
+  });
+  test('Single proto file', async () => {
+    expect(await convert({ url: 'https://yaak.app' }, ['/foo/bar/baz.proto'])).toEqual(
+      [
+        `grpcurl -import-path '/foo/bar'`,
+        `-import-path '/foo'`,
+        `-proto '/foo/bar/baz.proto'`,
+        `yaak.app`,
+      ].join(` \\\n  `),
+    );
+  });
+  test('Multiple proto files, same dir', async () => {
+    expect(
+      await convert({ url: 'https://yaak.app' }, ['/foo/bar/aaa.proto', '/foo/bar/bbb.proto']),
+    ).toEqual(
+      [
+        `grpcurl -import-path '/foo/bar'`,
+        `-import-path '/foo'`,
+        `-proto '/foo/bar/aaa.proto'`,
+        `-proto '/foo/bar/bbb.proto'`,
+        `yaak.app`,
+      ].join(` \\\n  `),
+    );
+  });
+  test('Multiple proto files, different dir', async () => {
+    expect(
+      await convert({ url: 'https://yaak.app' }, ['/aaa/bbb/ccc.proto', '/xxx/yyy/zzz.proto']),
+    ).toEqual(
+      [
+        `grpcurl -import-path '/aaa/bbb'`,
+        `-import-path '/aaa'`,
+        `-import-path '/xxx/yyy'`,
+        `-import-path '/xxx'`,
+        `-proto '/aaa/bbb/ccc.proto'`,
+        `-proto '/xxx/yyy/zzz.proto'`,
+        `yaak.app`,
+      ].join(` \\\n  `),
+    );
+  });
+  test('Single include dir', async () => {
+    expect(await convert({ url: 'https://yaak.app' }, ['/aaa/bbb'])).toEqual(
+      [`grpcurl -import-path '/aaa/bbb'`, `yaak.app`].join(` \\\n  `),
+    );
+  });
+  test('Multiple include dir', async () => {
+    expect(await convert({ url: 'https://yaak.app' }, ['/aaa/bbb', '/xxx/yyy'])).toEqual(
+      [`grpcurl -import-path '/aaa/bbb'`, `-import-path '/xxx/yyy'`, `yaak.app`].join(` \\\n  `),
+    );
+  });
+  test('Mixed proto and dirs', async () => {
+    expect(
+      await convert({ url: 'https://yaak.app' }, ['/aaa/bbb', '/xxx/yyy', '/foo/bar.proto']),
+    ).toEqual(
+      [
+        `grpcurl -import-path '/aaa/bbb'`,
+        `-import-path '/xxx/yyy'`,
+        `-import-path '/foo'`,
+        `-import-path '/'`,
+        `-proto '/foo/bar.proto'`,
+        `yaak.app`,
+      ].join(` \\\n  `),
+    );
+  });
+  test('Sends data', async () => {
+    expect(
+      await convert(
+        {
+          url: 'https://yaak.app',
+          message: JSON.stringify({ foo: 'bar', baz: 1.0 }, null, 2),
+        },
+        ['/foo.proto'],
+      ),
+    ).toEqual(
+      [
+        `grpcurl -import-path '/'`,
+        `-proto '/foo.proto'`,
+        `-d '{"foo":"bar","baz":1}'`,
+        `yaak.app`,
+      ].join(` \\\n  `),
+    );
+  });
+});

plugins/action-copy-grpcurl/tsconfig.json

@@ -0,0 +1,3 @@
+{
+  "extends": "../../tsconfig.json"
+}

plugins/auth-apikey/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "@yaak/auth-apikey",
+  "displayName": "API Key Authentication",
+  "description": "Authenticate requests using an API key",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mountain-loop/yaak.git",
+    "directory": "plugins/auth-apikey"
+  },
+  "private": true,
+  "version": "0.1.0",
+  "scripts": {
+    "build": "yaakcli build",
+    "dev": "yaakcli dev",
+    "lint": "eslint . --ext .ts,.tsx"
+  }
+}

plugins/auth-apikey/src/index.ts

@@ -0,0 +1,53 @@
+import type { PluginDefinition } from '@yaakapp/api';
+
+export const plugin: PluginDefinition = {
+  authentication: {
+    name: 'apikey',
+    label: 'API Key',
+    shortLabel: 'API Key',
+    args: [
+      {
+        type: 'select',
+        name: 'location',
+        label: 'Behavior',
+        defaultValue: 'header',
+        options: [
+          { label: 'Insert Header', value: 'header' },
+          { label: 'Append Query Parameter', value: 'query' },
+        ],
+      },
+      {
+        type: 'text',
+        name: 'key',
+        label: 'Key',
+        dynamic: (_ctx, { values }) => {
+          return values.location === 'query' ? {
+            label: 'Parameter Name',
+            description: 'The name of the query parameter to add to the request',
+          } : {
+            label: 'Header Name',
+            description: 'The name of the header to add to the request',
+          };
+        },
+      },
+      {
+        type: 'text',
+        name: 'value',
+        label: 'API Key',
+        optional: true,
+        password: true,
+      },
+    ],
+    async onApply(_ctx, { values }) {
+      const key = String(values.key ?? '');
+      const value = String(values.value ?? '');
+      const location = String(values.location);
+
+      if (location === 'query') {
+        return { setQueryParameters: [{ name: key, value }] };
+      } else {
+        return { setHeaders: [{ name: key, value }] };
+      }
+    },
+  },
+};

plugins/auth-apikey/tsconfig.json

@@ -0,0 +1,3 @@
+{
+  "extends": "../../tsconfig.json"
+}

plugins/auth-basic/README.md

@@ -0,0 +1,44 @@
+# Basic Authentication 
+
+A simple Basic Authentication plugin that implements HTTP Basic Auth according
+to [RFC 7617](https://datatracker.ietf.org/doc/html/rfc7617), enabling secure
+authentication with username and password credentials.
+
+![Screenshot of basic auth UI](screenshot.png)
+
+## Overview
+
+This plugin provides HTTP Basic Authentication support for API requests in Yaak. Basic
+Auth is one of the most widely supported authentication methods, making it ideal for APIs
+that require simple username/password authentication without the complexity of OAuth
+flows.
+
+## How Basic Authentication Works
+
+Basic Authentication encodes your username and password credentials using Base64 encoding
+and sends them in the `Authorization` header with each request. The format is:
+
+```
+Authorization: Basic <base64-encoded-credentials>
+```
+
+Where `<base64-encoded-credentials>` is the Base64 encoding of `username:password`.
+
+## Configuration
+
+The plugin presents two fields:
+
+- **Username**: Username or user identifier
+- **Password**: Password or authentication token
+
+## Usage
+
+1. Configure the request, folder, or workspace to use Basic Authentication
+2. Enter your username and password in the authentication configuration
+3. The plugin will automatically add the proper `Authorization` header to your requests
+
+## Troubleshooting
+
+- **401 Unauthorized**: Verify your username and password are correct
+- **403 Forbidden**: Check if your account has the necessary permissions
+- **Connection Issues**: Ensure you're using HTTPS for secure transmission

plugins/auth-basic/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "@yaak/auth-basic",
+  "displayName": "Basic Authentication",
+  "description": "Authenticate requests using Basic Auth",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mountain-loop/yaak.git",
+    "directory": "plugins/auth-basic"
+  },
+  "private": true,
+  "version": "0.1.0",
+  "scripts": {
+    "build": "yaakcli build",
+    "dev": "yaakcli dev",
+    "lint": "eslint . --ext .ts,.tsx"
+  }
+}

plugins/auth-basic/src/index.ts

@@ -0,0 +1,26 @@
+import type { PluginDefinition } from '@yaakapp/api';
+
+export const plugin: PluginDefinition = {
+  authentication: {
+    name: 'basic',
+    label: 'Basic Auth',
+    shortLabel: 'Basic',
+    args: [{
+      type: 'text',
+      name: 'username',
+      label: 'Username',
+      optional: true,
+    }, {
+      type: 'text',
+      name: 'password',
+      label: 'Password',
+      optional: true,
+      password: true,
+    }],
+    async onApply(_ctx, { values }) {
+      const { username, password } = values;
+      const value = 'Basic ' + Buffer.from(`${username}:${password}`).toString('base64');
+      return { setHeaders: [{ name: 'Authorization', value }] };
+    },
+  },
+};

plugins/auth-basic/tsconfig.json

@@ -0,0 +1,3 @@
+{
+  "extends": "../../tsconfig.json"
+}

plugins/auth-bearer/README.md

@@ -0,0 +1,47 @@
+# Bearer Token Authentication Plugin
+
+A Bearer Token authentication plugin for Yaak that
+implements [RFC 6750](https://datatracker.ietf.org/doc/html/rfc6750), enabling secure API
+access using tokens, API keys, and other bearer credentials.
+
+![Screenshot of bearer auth UI](screenshot.png)
+
+## Overview
+
+This plugin provides Bearer Token authentication support for your API requests in Yaak.
+Bearer Token authentication is widely used in modern APIs, especially those following REST
+principles and OAuth 2.0 standards. It's the preferred method for APIs that issue access
+tokens, API keys, or other bearer credentials.
+
+## How Bearer Token Authentication Works
+
+Bearer Token authentication sends your token in the `Authorization` header with each
+request using the Bearer scheme:
+
+```
+Authorization: Bearer <your-token>
+```
+
+The token is transmitted as-is without any additional encoding, making it simple and
+efficient for API authentication.
+
+## Configuration
+
+The plugin requires only one field:
+
+- **Token**: Your bearer token, access token, API key, or other credential
+- **Prefix**: The prefix to use for the Authorization header, which will be of the
+  format "<PREFIX> <TOKEN>"
+
+## Usage
+
+1. Configure the request, folder, or workspace to use Bearer Authentication
+2. Enter the token and optional prefix in the authentication configuration
+3. The plugin will automatically add the proper `Authorization` header to your requests
+
+## Troubleshooting
+
+- **401 Unauthorized**: Verify your token is valid and not expired
+- **403 Forbidden**: Check if your token has the necessary permissions/scopes
+- **Invalid Token Format**: Ensure you're using the complete token without truncation
+- **Token Expiration**: Refresh or regenerate expired tokens

plugins/auth-bearer/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "@yaak/auth-bearer",
+  "displayName": "Bearer Authentication",
+  "description": "Authenticate requests using bearer authentication",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mountain-loop/yaak.git",
+    "directory": "plugins/auth-bearer"
+  },
+  "private": true,
+  "version": "0.1.0",
+  "scripts": {
+    "build": "yaakcli build",
+    "dev": "yaakcli dev",
+    "lint": "eslint . --ext .ts,.tsx"
+  }
+}

plugins/auth-bearer/src/index.ts

@@ -0,0 +1,39 @@
+import type { CallHttpAuthenticationRequest } from '@yaakapp-internal/plugins';
+import type { PluginDefinition } from '@yaakapp/api';
+
+export const plugin: PluginDefinition = {
+  authentication: {
+    name: 'bearer',
+    label: 'Bearer Token',
+    shortLabel: 'Bearer',
+    args: [
+      {
+        type: 'text',
+        name: 'token',
+        label: 'Token',
+        optional: true,
+        password: true,
+      },
+      {
+        type: 'text',
+        name: 'prefix',
+        label: 'Prefix',
+        optional: true,
+        placeholder: '',
+        defaultValue: 'Bearer',
+        description:
+          'The prefix to use for the Authorization header, which will be of the format "<PREFIX> <TOKEN>".',
+      },
+    ],
+    async onApply(_ctx, { values }) {
+      return { setHeaders: [generateAuthorizationHeader(values)] };
+    },
+  },
+};
+
+function generateAuthorizationHeader(values: CallHttpAuthenticationRequest['values']) {
+  const token = String(values.token || '').trim();
+  const prefix = String(values.prefix || '').trim();
+  const value = `${prefix} ${token}`.trim();
+  return { name: 'Authorization', value };
+}

plugins/auth-bearer/tests/index.test.ts

@@ -0,0 +1,67 @@
+import type { Context } from '@yaakapp/api';
+import { describe, expect, test } from 'vitest';
+import { plugin } from '../src';
+
+const ctx = {} as Context;
+
+describe('auth-bearer', () => {
+  test('No values', async () => {
+    expect(
+      await plugin.authentication!.onApply(ctx, {
+        values: {},
+        headers: [],
+        url: 'https://yaak.app',
+        method: 'POST',
+        contextId: '111',
+      }),
+    ).toEqual({ setHeaders: [{ name: 'Authorization', value: '' }] });
+  });
+
+  test('Only token', async () => {
+    expect(
+      await plugin.authentication!.onApply(ctx, {
+        values: { token: 'my-token' },
+        headers: [],
+        url: 'https://yaak.app',
+        method: 'POST',
+        contextId: '111',
+      }),
+    ).toEqual({ setHeaders: [{ name: 'Authorization', value: 'my-token' }] });
+  });
+
+  test('Only prefix', async () => {
+    expect(
+      await plugin.authentication!.onApply(ctx, {
+        values: { prefix: 'Hello' },
+        headers: [],
+        url: 'https://yaak.app',
+        method: 'POST',
+        contextId: '111',
+      }),
+    ).toEqual({ setHeaders: [{ name: 'Authorization', value: 'Hello' }] });
+  });
+
+  test('Prefix and token', async () => {
+    expect(
+      await plugin.authentication!.onApply(ctx, {
+        values: { prefix: 'Hello', token: 'my-token' },
+        headers: [],
+        url: 'https://yaak.app',
+        method: 'POST',
+        contextId: '111',
+      }),
+    ).toEqual({ setHeaders: [{ name: 'Authorization', value: 'Hello my-token' }] });
+  });
+
+  test('Extra spaces', async () => {
+    expect(
+      await plugin.authentication!.onApply(ctx, {
+        values: { prefix: '\t Hello  ', token: ' \nmy-token  ' },
+        headers: [],
+        url: 'https://yaak.app',
+        method: 'POST',
+        contextId: '111',
+      }),
+    ).toEqual({ setHeaders: [{ name: 'Authorization', value: 'Hello my-token' }] });
+  });
+});

plugins/auth-bearer/tsconfig.json

@@ -0,0 +1,3 @@
+{
+  "extends": "../../tsconfig.json"
+}

plugins/auth-jwt/README.md

@@ -0,0 +1,53 @@
+# JSON Web Token (JWT) Authentication
+
+A [JSON Web Token](https://datatracker.ietf.org/doc/html/rfc7519) (JWT) authentication
+plugin that supports token generation, signing, and automatic header management.
+
+![Screenshot of JWT auth UI](screenshot.png)
+
+## Overview
+
+This plugin provides JWT authentication support for API requests. JWT is a compact,
+URL-safe means of representing claims between two parties, commonly used for
+authentication and information exchange in modern web applications and APIs.
+
+## How JWT Authentication Works
+
+JWT authentication involves creating a signed token containing claims about the user or
+application. The token is sent in the `Authorization` header:
+
+```
+Authorization: Bearer <jwt-token>
+```
+
+A JWT consists of three parts separated by dots:
+
+- **Header**: Contains the token type and signing algorithm
+- **Payload**: Contains the claims (user data, permissions, expiration, etc.)
+- **Signature**: Ensures the token hasn't been tampered with
+
+## Usage
+
+1. Configure the request, folder, or workspace to use JWT Authentication
+2. Set up your signing algorithm and secret/key
+3. Configure the required claims for your JWT
+4. The plugin will generate, sign, and include the JWT in your requests
+
+## Common Use Cases
+
+JWT authentication is commonly used for:
+
+- **Microservices Authentication**: Service-to-service communication
+- **API Gateway Integration**: Authenticating with API gateways
+- **Single Sign-On (SSO)**: Sharing authentication across applications
+- **Stateless Authentication**: No server-side session storage required
+- **Mobile App APIs**: Secure authentication for mobile applications
+- **Third-party Integrations**: Authenticating with external services
+
+## Troubleshooting
+
+- **Invalid Signature**: Check your secret/key and algorithm configuration
+- **Token Expired**: Verify expiration time settings
+- **Invalid Claims**: Ensure required claims are properly configured
+- **Algorithm Mismatch**: Verify the algorithm matches what the API expects
+- **Key Format Issues**: Ensure RSA keys are in the correct PEM format

plugins/auth-jwt/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "@yaak/auth-jwt",
+  "displayName": "JSON Web Tokens",
+  "description": "Authenticate requests using JSON web tokens (JWT)",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mountain-loop/yaak.git",
+    "directory": "plugins/auth-jwt"
+  },
+  "private": true,
+  "version": "0.1.0",
+  "scripts": {
+    "build": "yaakcli build",
+    "dev": "yaakcli dev",
+    "lint": "eslint . --ext .ts,.tsx"
+  },
+  "dependencies": {
+    "jsonwebtoken": "^9.0.2"
+  },
+  "devDependencies": {
+    "@types/jsonwebtoken": "^9.0.7"
+  }
+}

plugins/auth-jwt/src/index.ts

@@ -0,0 +1,68 @@
+import type { PluginDefinition } from '@yaakapp/api';
+import jwt from 'jsonwebtoken';
+
+const algorithms = [
+  'HS256',
+  'HS384',
+  'HS512',
+  'RS256',
+  'RS384',
+  'RS512',
+  'PS256',
+  'PS384',
+  'PS512',
+  'ES256',
+  'ES384',
+  'ES512',
+  'none',
+] as const;
+
+const defaultAlgorithm = algorithms[0];
+
+export const plugin: PluginDefinition = {
+  authentication: {
+    name: 'jwt',
+    label: 'JWT Bearer',
+    shortLabel: 'JWT',
+    args: [
+      {
+        type: 'select',
+        name: 'algorithm',
+        label: 'Algorithm',
+        hideLabel: true,
+        defaultValue: defaultAlgorithm,
+        options: algorithms.map((value) => ({ label: value === 'none' ? 'None' : value, value })),
+      },
+      {
+        type: 'text',
+        name: 'secret',
+        label: 'Secret or Private Key',
+        password: true,
+        optional: true,
+        multiLine: true,
+      },
+      {
+        type: 'checkbox',
+        name: 'secretBase64',
+        label: 'Secret is base64 encoded',
+      },
+      {
+        type: 'editor',
+        name: 'payload',
+        label: 'Payload',
+        language: 'json',
+        defaultValue: '{\n  "foo": "bar"\n}',
+        placeholder: '{ }',
+      },
+    ],
+    async onApply(_ctx, { values }) {
+      const { algorithm, secret: _secret, secretBase64, payload } = values;
+      const secret = secretBase64 ? Buffer.from(`${_secret}`, 'base64') : `${_secret}`;
+      const token = jwt.sign(`${payload}`, secret, {
+        algorithm: algorithm as (typeof algorithms)[number],
+      });
+      const value = `Bearer ${token}`;
+      return { setHeaders: [{ name: 'Authorization', value }] };
+    },
+  },
+};

plugins/auth-jwt/tsconfig.json

@@ -0,0 +1,3 @@
+{
+  "extends": "../../tsconfig.json"
+}

plugins/auth-oauth2/README.md

@@ -0,0 +1,72 @@
+# OAuth 2.0 Authentication
+
+An [OAuth 2.0](https://datatracker.ietf.org/doc/html/rfc6749) authentication plugin that
+supports multiple grant types and flows, enabling secure API authentication with OAuth 2.0
+providers.
+
+![Screenshot of OAuth 2.0 auth UI](screenshot.png)
+
+## Overview
+
+This plugin implements OAuth 2.0 authentication for requests, supporting the most common
+OAuth 2.0 grant types used in modern API integrations. It handles token management,
+automatic refresh, and [PKCE](https://datatracker.ietf.org/doc/html/rfc7636) (Proof Key
+for Code Exchange) for enhanced security.
+
+## Supported Grant Types
+
+### Authorization Code Flow
+
+The most secure and commonly used OAuth 2.0 flow for web applications.
+
+- Standard Authorization Code flow
+- Optional PKCE (Proof Key for Code Exchange) for enhanced security
+- Supports automatic token refresh
+
+### Client Credentials Flow
+
+Ideal for server-to-server authentication where no user interaction is required. 
+
+### Implicit Flow
+
+Legacy flow for single-page applications (deprecated but still supported):
+
+- Direct access token retrieval
+- No refresh token support
+- Suitable for legacy integrations
+
+### Resource Owner Password Credentials Flow
+
+Direct username/password authentication.
+
+- User credentials are exchanged directly for tokens
+- Should only be used with trusted applications
+- Supports automatic token refresh
+
+## Features
+
+- **Automatic Token Management**: Handles token storage, expiration, and refresh
+  automatically
+- **PKCE Support**: Enhanced security for Authorization Code flow
+- **Token Persistence**: Stores tokens between sessions
+- **Flexible Configuration**: Supports custom authorization and token endpoints
+- **Scope Management**: Configure required OAuth scopes for your API
+- **Error Handling**: Comprehensive error handling and user feedback
+
+## Usage
+
+1. Configure the request, folder, or workspace to use OAuth 2.0 Authentication
+2. Select the appropriate grant type for your use case
+3. Fill in the required OAuth 2.0 parameters from your API provider
+4. The plugin will handle the authentication flow and token management automatically
+
+## Compatibility
+
+This plugin is compatible with OAuth 2.0 providers including:
+
+- Google APIs
+- Microsoft Graph
+- GitHub API
+- Auth0
+- Okta
+- And many other OAuth 2.0 compliant services

plugins/auth-oauth2/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "@yaak/auth-oauth2",
+  "displayName": "OAuth 2.0",
+  "description": "Authenticate requests using OAuth 2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mountain-loop/yaak.git",
+    "directory": "plugins/auth-oauth2"
+  },
+  "private": true,
+  "version": "0.1.0",
+  "scripts": {
+    "build": "yaakcli build",
+    "dev": "yaakcli dev",
+    "lint": "eslint . --ext .ts,.tsx"
+  }
+}

plugins/auth-oauth2/src/fetchAccessToken.ts

@@ -0,0 +1,78 @@
+import type { Context, HttpRequest, HttpUrlParameter } from '@yaakapp/api';
+import { readFileSync } from 'node:fs';
+import type { AccessTokenRawResponse } from './store';
+
+export async function fetchAccessToken(
+  ctx: Context,
+  {
+    accessTokenUrl,
+    scope,
+    audience,
+    params,
+    grantType,
+    credentialsInBody,
+    clientId,
+    clientSecret,
+  }: {
+    clientId: string;
+    clientSecret: string;
+    grantType: string;
+    accessTokenUrl: string;
+    scope: string | null;
+    audience: string | null;
+    credentialsInBody: boolean;
+    params: HttpUrlParameter[];
+  },
+): Promise<AccessTokenRawResponse> {
+  console.log('[oauth2] Getting access token', accessTokenUrl);
+  const httpRequest: Partial<HttpRequest> = {
+    method: 'POST',
+    url: accessTokenUrl,
+    bodyType: 'application/x-www-form-urlencoded',
+    body: {
+      form: [{ name: 'grant_type', value: grantType }, ...params],
+    },
+    headers: [
+      { name: 'User-Agent', value: 'yaak' },
+      { name: 'Accept', value: 'application/x-www-form-urlencoded, application/json' },
+      { name: 'Content-Type', value: 'application/x-www-form-urlencoded' },
+    ],
+  };
+
+  if (scope) httpRequest.body!.form.push({ name: 'scope', value: scope });
+  if (audience) httpRequest.body!.form.push({ name: 'audience', value: audience });
+
+  if (credentialsInBody) {
+    httpRequest.body!.form.push({ name: 'client_id', value: clientId });
+    httpRequest.body!.form.push({ name: 'client_secret', value: clientSecret });
+  } else {
+    const value = 'Basic ' + Buffer.from(`${clientId}:${clientSecret}`).toString('base64');
+    httpRequest.headers!.push({ name: 'Authorization', value });
+  }
+
+  httpRequest.authenticationType = 'none'; // Don't inherit workspace auth
+  const resp = await ctx.httpRequest.send({ httpRequest });
+
+  console.log('[oauth2] Got access token response', resp.status);
+
+  const body = resp.bodyPath ? readFileSync(resp.bodyPath, 'utf8') : '';
+
+  if (resp.status < 200 || resp.status >= 300) {
+    throw new Error(
+      'Failed to fetch access token with status=' + resp.status + ' and body=' + body,
+    );
+  }
+
+  let response;
+  try {
+    response = JSON.parse(body);
+  } catch {
+    response = Object.fromEntries(new URLSearchParams(body));
+  }
+
+  if (response.error) {
+    throw new Error('Failed to fetch access token with ' + response.error);
+  }
+
+  return response;
+}

plugins/auth-oauth2/src/getOrRefreshAccessToken.ts

@@ -0,0 +1,112 @@
+import type { Context, HttpRequest } from '@yaakapp/api';
+import { readFileSync } from 'node:fs';
+import type { AccessToken, AccessTokenRawResponse, TokenStoreArgs } from './store';
+import { deleteToken, getToken, storeToken } from './store';
+import { isTokenExpired } from './util';
+
+export async function getOrRefreshAccessToken(
+  ctx: Context,
+  tokenArgs: TokenStoreArgs,
+  {
+    scope,
+    accessTokenUrl,
+    credentialsInBody,
+    clientId,
+    clientSecret,
+    forceRefresh,
+  }: {
+    scope: string | null;
+    accessTokenUrl: string;
+    credentialsInBody: boolean;
+    clientId: string;
+    clientSecret: string;
+    forceRefresh?: boolean;
+  },
+): Promise<AccessToken | null> {
+  const token = await getToken(ctx, tokenArgs);
+  if (token == null) {
+    return null;
+  }
+
+  const isExpired = isTokenExpired(token);
+
+  // Return the current access token if it's still valid
+  if (!isExpired && !forceRefresh) {
+    return token;
+  }
+
+  // Token is expired, but there's no refresh token :(
+  if (!token.response.refresh_token) {
+    return null;
+  }
+
+  // Access token is expired, so get a new one
+  const httpRequest: Partial<HttpRequest> = {
+    method: 'POST',
+    url: accessTokenUrl,
+    bodyType: 'application/x-www-form-urlencoded',
+    body: {
+      form: [
+        { name: 'grant_type', value: 'refresh_token' },
+        { name: 'refresh_token', value: token.response.refresh_token },
+      ],
+    },
+    headers: [
+      { name: 'User-Agent', value: 'yaak' },
+      { name: 'Accept', value: 'application/x-www-form-urlencoded, application/json' },
+      { name: 'Content-Type', value: 'application/x-www-form-urlencoded' },
+    ],
+  };
+
+  if (scope) httpRequest.body!.form.push({ name: 'scope', value: scope });
+
+  if (credentialsInBody) {
+    httpRequest.body!.form.push({ name: 'client_id', value: clientId });
+    httpRequest.body!.form.push({ name: 'client_secret', value: clientSecret });
+  } else {
+    const value = 'Basic ' + Buffer.from(`${clientId}:${clientSecret}`).toString('base64');
+    httpRequest.headers!.push({ name: 'Authorization', value });
+  }
+
+  httpRequest.authenticationType = 'none'; // Don't inherit workspace auth
+  const resp = await ctx.httpRequest.send({ httpRequest });
+
+  if (resp.status === 401) {
+    // Bad refresh token, so we'll force it to fetch a fresh access token by deleting
+    // and returning null;
+    console.log('[oauth2] Unauthorized refresh_token request');
+    await deleteToken(ctx, tokenArgs);
+    return null;
+  }
+
+  const body = resp.bodyPath ? readFileSync(resp.bodyPath, 'utf8') : '';
+
+  console.log('[oauth2] Got refresh token response', resp.status);
+
+  if (resp.status < 200 || resp.status >= 300) {
+    throw new Error(
+      'Failed to refresh access token with status=' + resp.status + ' and body=' + body,
+    );
+  }
+
+  let response;
+  try {
+    response = JSON.parse(body);
+  } catch {
+    response = Object.fromEntries(new URLSearchParams(body));
+  }
+
+  if (response.error) {
+    throw new Error(
+      `Failed to fetch access token with ${response.error} -> ${response.error_description}`,
+    );
+  }
+
+  const newResponse: AccessTokenRawResponse = {
+    ...response,
+    // Assign a new one or keep the old one,
+    refresh_token: response.refresh_token ?? token.response.refresh_token,
+  };
+
+  return storeToken(ctx, tokenArgs, newResponse);
+}

plugins/auth-oauth2/src/grants/authorizationCode.ts

@@ -0,0 +1,163 @@
+import type { Context } from '@yaakapp/api';
+import { createHash, randomBytes } from 'node:crypto';
+import { fetchAccessToken } from '../fetchAccessToken';
+import { getOrRefreshAccessToken } from '../getOrRefreshAccessToken';
+import type { AccessToken, TokenStoreArgs } from '../store';
+import { getDataDirKey, storeToken } from '../store';
+
+export const PKCE_SHA256 = 'S256';
+export const PKCE_PLAIN = 'plain';
+export const DEFAULT_PKCE_METHOD = PKCE_SHA256;
+
+export async function getAuthorizationCode(
+  ctx: Context,
+  contextId: string,
+  {
+    authorizationUrl: authorizationUrlRaw,
+    accessTokenUrl,
+    clientId,
+    clientSecret,
+    redirectUri,
+    scope,
+    state,
+    audience,
+    credentialsInBody,
+    pkce,
+    tokenName,
+  }: {
+    authorizationUrl: string;
+    accessTokenUrl: string;
+    clientId: string;
+    clientSecret: string;
+    redirectUri: string | null;
+    scope: string | null;
+    state: string | null;
+    audience: string | null;
+    credentialsInBody: boolean;
+    pkce: {
+      challengeMethod: string;
+      codeVerifier: string;
+    } | null;
+    tokenName: 'access_token' | 'id_token';
+  },
+): Promise<AccessToken> {
+  const tokenArgs: TokenStoreArgs = {
+    contextId,
+    clientId,
+    accessTokenUrl,
+    authorizationUrl: authorizationUrlRaw,
+  };
+
+  const token = await getOrRefreshAccessToken(ctx, tokenArgs, {
+    accessTokenUrl,
+    scope,
+    clientId,
+    clientSecret,
+    credentialsInBody,
+  });
+  if (token != null) {
+    return token;
+  }
+
+  let authorizationUrl: URL;
+  try {
+    authorizationUrl = new URL(`${authorizationUrlRaw ?? ''}`);
+  } catch {
+    throw new Error(`Invalid authorization URL "${authorizationUrlRaw}"`);
+  }
+  authorizationUrl.searchParams.set('response_type', 'code');
+  authorizationUrl.searchParams.set('client_id', clientId);
+  if (redirectUri) authorizationUrl.searchParams.set('redirect_uri', redirectUri);
+  if (scope) authorizationUrl.searchParams.set('scope', scope);
+  if (state) authorizationUrl.searchParams.set('state', state);
+  if (audience) authorizationUrl.searchParams.set('audience', audience);
+  if (pkce) {
+    authorizationUrl.searchParams.set(
+      'code_challenge',
+      pkceCodeChallenge(pkce.codeVerifier, pkce.challengeMethod),
+    );
+    authorizationUrl.searchParams.set('code_challenge_method', pkce.challengeMethod);
+  }
+
+  const logsEnabled = (await ctx.store.get('enable_logs')) ?? false;
+  const dataDirKey = await getDataDirKey(ctx, contextId);
+  const authorizationUrlStr = authorizationUrl.toString();
+  console.log('[oauth2] Authorizing', authorizationUrlStr);
+
+  // eslint-disable-next-line no-async-promise-executor
+  const code = await new Promise<string>(async (resolve, reject) => {
+    let foundCode = false;
+    const { close } = await ctx.window.openUrl({
+      url: authorizationUrlStr,
+      label: 'oauth-authorization-url',
+      dataDirKey,
+      async onClose() {
+        if (!foundCode) {
+          reject(new Error('Authorization window closed'));
+        }
+      },
+      async onNavigate({ url: urlStr }) {
+        const url = new URL(urlStr);
+        if (logsEnabled) console.log('[oauth2] Navigated to', urlStr);
+
+        if (url.searchParams.has('error')) {
+          close();
+          return reject(new Error(`Failed to authorize: ${url.searchParams.get('error')}`));
+        }
+
+        const code = url.searchParams.get('code');
+        if (!code) {
+          console.log('[oauth2] Code not found');
+          return; // Could be one of many redirects in a chain, so skip it
+        }
+
+        // Close the window here, because we don't need it anymore!
+        foundCode = true;
+        close();
+        resolve(code);
+      },
+    });
+  });
+
+  console.log('[oauth2] Code found');
+  const response = await fetchAccessToken(ctx, {
+    grantType: 'authorization_code',
+    accessTokenUrl,
+    clientId,
+    clientSecret,
+    scope,
+    audience,
+    credentialsInBody,
+    params: [
+      { name: 'code', value: code },
+      ...(pkce ? [{ name: 'code_verifier', value: pkce.codeVerifier }] : []),
+      ...(redirectUri ? [{ name: 'redirect_uri', value: redirectUri }] : []),
+    ],
+  });
+
+  return storeToken(ctx, tokenArgs, response, tokenName);
+}
+
+export function genPkceCodeVerifier() {
+  return encodeForPkce(randomBytes(32));
+}
+
+function pkceCodeChallenge(verifier: string, method: string) {
+  if (method === 'plain') {
+    return verifier;
+  }
+
+  const hash = encodeForPkce(createHash('sha256').update(verifier).digest());
+  return hash
+    .replace(/=/g, '') // Remove padding '='
+    .replace(/\+/g, '-') // Replace '+' with '-'
+    .replace(/\//g, '_'); // Replace '/' with '_'
+}
+
+function encodeForPkce(bytes: Buffer) {
+  return bytes
+    .toString('base64')
+    .replace(/=/g, '') // Remove padding '='
+    .replace(/\+/g, '-') // Replace '+' with '-'
+    .replace(/\//g, '_'); // Replace '/' with '_'
+}

plugins/auth-oauth2/src/grants/clientCredentials.ts

@@ -0,0 +1,49 @@
+import type { Context } from '@yaakapp/api';
+import { fetchAccessToken } from '../fetchAccessToken';
+import type { TokenStoreArgs } from '../store';
+import { getToken, storeToken } from '../store';
+import { isTokenExpired } from '../util';
+
+export async function getClientCredentials(
+  ctx: Context,
+  contextId: string,
+  {
+    accessTokenUrl,
+    clientId,
+    clientSecret,
+    scope,
+    audience,
+    credentialsInBody,
+  }: {
+    accessTokenUrl: string;
+    clientId: string;
+    clientSecret: string;
+    scope: string | null;
+    audience: string | null;
+    credentialsInBody: boolean;
+  },
+) {
+  const tokenArgs: TokenStoreArgs = {
+    contextId,
+    clientId,
+    accessTokenUrl,
+    authorizationUrl: null,
+  };
+  const token = await getToken(ctx, tokenArgs);
+  if (token && !isTokenExpired(token)) {
+    return token;
+  }
+
+  const response = await fetchAccessToken(ctx, {
+    grantType: 'client_credentials',
+    accessTokenUrl,
+    audience,
+    clientId,
+    clientSecret,
+    scope,
+    credentialsInBody,
+    params: [],
+  });
+
+  return storeToken(ctx, tokenArgs, response);
+}

plugins/auth-oauth2/src/grants/implicit.ts

@@ -0,0 +1,100 @@
+import type { Context } from '@yaakapp/api';
+import type { AccessToken, AccessTokenRawResponse } from '../store';
+import { getToken, storeToken } from '../store';
+import { isTokenExpired } from '../util';
+
+export async function getImplicit(
+  ctx: Context,
+  contextId: string,
+  {
+    authorizationUrl: authorizationUrlRaw,
+    responseType,
+    clientId,
+    redirectUri,
+    scope,
+    state,
+    audience,
+    tokenName,
+  }: {
+    authorizationUrl: string;
+    responseType: string;
+    clientId: string;
+    redirectUri: string | null;
+    scope: string | null;
+    state: string | null;
+    audience: string | null;
+    tokenName: 'access_token' | 'id_token';
+  },
+): Promise<AccessToken> {
+  const tokenArgs = {
+    contextId,
+    clientId,
+    accessTokenUrl: null,
+    authorizationUrl: authorizationUrlRaw,
+  };
+  const token = await getToken(ctx, tokenArgs);
+  if (token != null && !isTokenExpired(token)) {
+    return token;
+  }
+
+  let authorizationUrl: URL;
+  try {
+    authorizationUrl = new URL(`${authorizationUrlRaw ?? ''}`);
+  } catch {
+    throw new Error(`Invalid authorization URL "${authorizationUrlRaw}"`);
+  }
+  authorizationUrl.searchParams.set('response_type', 'token');
+  authorizationUrl.searchParams.set('client_id', clientId);
+  if (redirectUri) authorizationUrl.searchParams.set('redirect_uri', redirectUri);
+  if (scope) authorizationUrl.searchParams.set('scope', scope);
+  if (state) authorizationUrl.searchParams.set('state', state);
+  if (audience) authorizationUrl.searchParams.set('audience', audience);
+  if (responseType.includes('id_token')) {
+    authorizationUrl.searchParams.set(
+      'nonce',
+      String(Math.floor(Math.random() * 9999999999999) + 1),
+    );
+  }
+
+  // eslint-disable-next-line no-async-promise-executor
+  const newToken = await new Promise<AccessToken>(async (resolve, reject) => {
+    let foundAccessToken = false;
+    const authorizationUrlStr = authorizationUrl.toString();
+    const { close } = await ctx.window.openUrl({
+      url: authorizationUrlStr,
+      label: 'oauth-authorization-url',
+      async onClose() {
+        if (!foundAccessToken) {
+          reject(new Error('Authorization window closed'));
+        }
+      },
+      async onNavigate({ url: urlStr }) {
+        const url = new URL(urlStr);
+        if (url.searchParams.has('error')) {
+          return reject(Error(`Failed to authorize: ${url.searchParams.get('error')}`));
+        }
+
+        const hash = url.hash.slice(1);
+        const params = new URLSearchParams(hash);
+
+        const accessToken = params.get(tokenName);
+        if (!accessToken) {
+          return;
+        }
+        foundAccessToken = true;
+
+        // Close the window here, because we don't need it anymore
+        close();
+
+        const response = Object.fromEntries(params) as unknown as AccessTokenRawResponse;
+        try {
+          resolve(storeToken(ctx, tokenArgs, response));
+        } catch (err) {
+          reject(err);
+        }
+      },
+    });
+  });
+
+  return newToken;
+}

plugins/auth-oauth2/src/grants/password.ts

@@ -0,0 +1,62 @@
+import type { Context } from '@yaakapp/api';
+import { fetchAccessToken } from '../fetchAccessToken';
+import { getOrRefreshAccessToken } from '../getOrRefreshAccessToken';
+import type { AccessToken, TokenStoreArgs } from '../store';
+import { storeToken } from '../store';
+
+export async function getPassword(
+  ctx: Context,
+  contextId: string,
+  {
+    accessTokenUrl,
+    clientId,
+    clientSecret,
+    username,
+    password,
+    credentialsInBody,
+    audience,
+    scope,
+  }: {
+    accessTokenUrl: string;
+    clientId: string;
+    clientSecret: string;
+    username: string;
+    password: string;
+    scope: string | null;
+    audience: string | null;
+    credentialsInBody: boolean;
+  },
+): Promise<AccessToken> {
+  const tokenArgs: TokenStoreArgs = {
+    contextId,
+    clientId,
+    accessTokenUrl,
+    authorizationUrl: null,
+  };
+  const token = await getOrRefreshAccessToken(ctx, tokenArgs, {
+    accessTokenUrl,
+    scope,
+    clientId,
+    clientSecret,
+    credentialsInBody,
+  });
+  if (token != null) {
+    return token;
+  }
+
+  const response = await fetchAccessToken(ctx, {
+    accessTokenUrl,
+    clientId,
+    clientSecret,
+    scope,
+    audience,
+    grantType: 'password',
+    credentialsInBody,
+    params: [
+      { name: 'username', value: username },
+      { name: 'password', value: password },
+    ],
+  });
+
+  return storeToken(ctx, tokenArgs, response);
+}

plugins/auth-oauth2/src/index.ts

@@ -0,0 +1,426 @@
+import type {
+  Context,
+  FormInputSelectOption,
+  GetHttpAuthenticationConfigRequest,
+  JsonPrimitive,
+  PluginDefinition,
+} from '@yaakapp/api';
+import {
+  genPkceCodeVerifier,
+  DEFAULT_PKCE_METHOD,
+  getAuthorizationCode,
+  PKCE_PLAIN,
+  PKCE_SHA256,
+} from './grants/authorizationCode';
+import { getClientCredentials } from './grants/clientCredentials';
+import { getImplicit } from './grants/implicit';
+import { getPassword } from './grants/password';
+import type { AccessToken, TokenStoreArgs } from './store';
+import { deleteToken, getToken, resetDataDirKey } from './store';
+
+type GrantType = 'authorization_code' | 'implicit' | 'password' | 'client_credentials';
+
+const grantTypes: FormInputSelectOption[] = [
+  { label: 'Authorization Code', value: 'authorization_code' },
+  { label: 'Implicit', value: 'implicit' },
+  { label: 'Resource Owner Password Credential', value: 'password' },
+  { label: 'Client Credentials', value: 'client_credentials' },
+];
+
+const defaultGrantType = grantTypes[0]!.value;
+
+function hiddenIfNot(
+  grantTypes: GrantType[],
+  ...other: ((values: GetHttpAuthenticationConfigRequest['values']) => boolean)[]
+) {
+  return (_ctx: Context, { values }: GetHttpAuthenticationConfigRequest) => {
+    const hasGrantType = grantTypes.find((t) => t === String(values.grantType ?? defaultGrantType));
+    const hasOtherBools = other.every((t) => t(values));
+    const show = hasGrantType && hasOtherBools;
+    return { hidden: !show };
+  };
+}
+
+const authorizationUrls = [
+  'https://github.com/login/oauth/authorize',
+  'https://account.box.com/api/oauth2/authorize',
+  'https://accounts.google.com/o/oauth2/v2/auth',
+  'https://api.imgur.com/oauth2/authorize',
+  'https://bitly.com/oauth/authorize',
+  'https://gitlab.example.com/oauth/authorize',
+  'https://medium.com/m/oauth/authorize',
+  'https://public-api.wordpress.com/oauth2/authorize',
+  'https://slack.com/oauth/authorize',
+  'https://todoist.com/oauth/authorize',
+  'https://www.dropbox.com/oauth2/authorize',
+  'https://www.linkedin.com/oauth/v2/authorization',
+  'https://MY_SHOP.myshopify.com/admin/oauth/access_token',
+  'https://appcenter.intuit.com/app/connect/oauth2/authorize',
+];
+
+const accessTokenUrls = [
+  'https://github.com/login/oauth/access_token',
+  'https://api-ssl.bitly.com/oauth/access_token',
+  'https://api.box.com/oauth2/token',
+  'https://api.dropboxapi.com/oauth2/token',
+  'https://api.imgur.com/oauth2/token',
+  'https://api.medium.com/v1/tokens',
+  'https://gitlab.example.com/oauth/token',
+  'https://public-api.wordpress.com/oauth2/token',
+  'https://slack.com/api/oauth.access',
+  'https://todoist.com/oauth/access_token',
+  'https://www.googleapis.com/oauth2/v4/token',
+  'https://www.linkedin.com/oauth/v2/accessToken',
+  'https://MY_SHOP.myshopify.com/admin/oauth/authorize',
+  'https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer',
+];
+
+export const plugin: PluginDefinition = {
+  authentication: {
+    name: 'oauth2',
+    label: 'OAuth 2.0',
+    shortLabel: 'OAuth 2',
+    actions: [
+      {
+        label: 'Copy Current Token',
+        async onSelect(ctx, { contextId, values }) {
+          const tokenArgs: TokenStoreArgs = {
+            contextId,
+            authorizationUrl: stringArg(values, 'authorizationUrl'),
+            accessTokenUrl: stringArg(values, 'accessTokenUrl'),
+            clientId: stringArg(values, 'clientId'),
+          };
+          const token = await getToken(ctx, tokenArgs);
+          if (token == null) {
+            await ctx.toast.show({ message: 'No token to copy', color: 'warning' });
+          } else {
+            await ctx.clipboard.copyText(token.response.access_token);
+            await ctx.toast.show({
+              message: 'Token copied to clipboard',
+              icon: 'copy',
+              color: 'success',
+            });
+          }
+        },
+      },
+      {
+        label: 'Delete Token',
+        async onSelect(ctx, { contextId, values }) {
+          const tokenArgs: TokenStoreArgs = {
+            contextId,
+            authorizationUrl: stringArg(values, 'authorizationUrl'),
+            accessTokenUrl: stringArg(values, 'accessTokenUrl'),
+            clientId: stringArg(values, 'clientId'),
+          };
+          if (await deleteToken(ctx, tokenArgs)) {
+            await ctx.toast.show({ message: 'Token deleted', color: 'success' });
+          } else {
+            await ctx.toast.show({ message: 'No token to delete', color: 'warning' });
+          }
+        },
+      },
+      {
+        label: 'Clear Window Session',
+        async onSelect(ctx, { contextId }) {
+          await resetDataDirKey(ctx, contextId);
+        },
+      },
+      {
+        label: 'Toggle Debug Logs',
+        async onSelect(ctx) {
+          const enableLogs = !(await ctx.store.get('enable_logs'));
+          await ctx.store.set('enable_logs', enableLogs);
+          await ctx.toast.show({
+            message: `Debug logs ${enableLogs ? 'enabled' : 'disabled'}`,
+            color: 'info',
+          });
+        },
+      },
+    ],
+    args: [
+      {
+        type: 'select',
+        name: 'grantType',
+        label: 'Grant Type',
+        hideLabel: true,
+        defaultValue: defaultGrantType,
+        options: grantTypes,
+      },
+
+      // Always-present fields
+      {
+        type: 'text',
+        name: 'clientId',
+        label: 'Client ID',
+        optional: true,
+      },
+      {
+        type: 'text',
+        name: 'clientSecret',
+        label: 'Client Secret',
+        optional: true,
+        password: true,
+        dynamic: hiddenIfNot(['authorization_code', 'password', 'client_credentials']),
+      },
+      {
+        type: 'text',
+        name: 'authorizationUrl',
+        optional: true,
+        label: 'Authorization URL',
+        dynamic: hiddenIfNot(['authorization_code', 'implicit']),
+        placeholder: authorizationUrls[0],
+        completionOptions: authorizationUrls.map((url) => ({ label: url, value: url })),
+      },
+      {
+        type: 'text',
+        name: 'accessTokenUrl',
+        optional: true,
+        label: 'Access Token URL',
+        placeholder: accessTokenUrls[0],
+        dynamic: hiddenIfNot(['authorization_code', 'password', 'client_credentials']),
+        completionOptions: accessTokenUrls.map((url) => ({ label: url, value: url })),
+      },
+      {
+        type: 'text',
+        name: 'redirectUri',
+        label: 'Redirect URI',
+        optional: true,
+        dynamic: hiddenIfNot(['authorization_code', 'implicit']),
+      },
+      {
+        type: 'text',
+        name: 'state',
+        label: 'State',
+        optional: true,
+        dynamic: hiddenIfNot(['authorization_code', 'implicit']),
+      },
+      {
+        type: 'text',
+        name: 'audience',
+        label: 'Audience',
+        optional: true,
+      },
+      {
+        type: 'select',
+        name: 'tokenName',
+        label: 'Token for authorization',
+        description:
+          'Select which token to send in the "Authorization: Bearer" header. Most APIs expect ' +
+          'access_token, but some (like OpenID Connect) require id_token.',
+        defaultValue: 'access_token',
+        options: [
+          { label: 'access_token', value: 'access_token' },
+          { label: 'id_token', value: 'id_token' },
+        ],
+        dynamic: hiddenIfNot(['authorization_code', 'implicit']),
+      },
+      {
+        type: 'checkbox',
+        name: 'usePkce',
+        label: 'Use PKCE',
+        dynamic: hiddenIfNot(['authorization_code']),
+      },
+      {
+        type: 'select',
+        name: 'pkceChallengeMethod',
+        label: 'Code Challenge Method',
+        options: [
+          { label: 'SHA-256', value: PKCE_SHA256 },
+          { label: 'Plain', value: PKCE_PLAIN },
+        ],
+        defaultValue: DEFAULT_PKCE_METHOD,
+        dynamic: hiddenIfNot(['authorization_code'], ({ usePkce }) => !!usePkce),
+      },
+      {
+        type: 'text',
+        name: 'pkceCodeChallenge',
+        label: 'Code Verifier',
+        placeholder: 'Automatically generated when not set',
+        optional: true,
+        dynamic: hiddenIfNot(['authorization_code'], ({ usePkce }) => !!usePkce),
+      },
+      {
+        type: 'text',
+        name: 'username',
+        label: 'Username',
+        optional: true,
+        dynamic: hiddenIfNot(['password']),
+      },
+      {
+        type: 'text',
+        name: 'password',
+        label: 'Password',
+        password: true,
+        optional: true,
+        dynamic: hiddenIfNot(['password']),
+      },
+      {
+        type: 'select',
+        name: 'responseType',
+        label: 'Response Type',
+        defaultValue: 'token',
+        options: [
+          { label: 'Access Token', value: 'token' },
+          { label: 'ID Token', value: 'id_token' },
+          { label: 'ID and Access Token', value: 'id_token token' },
+        ],
+        dynamic: hiddenIfNot(['implicit']),
+      },
+      {
+        type: 'accordion',
+        label: 'Advanced',
+        inputs: [
+          { type: 'text', name: 'scope', label: 'Scope', optional: true },
+          {
+            type: 'text',
+            name: 'headerPrefix',
+            label: 'Header Prefix',
+            optional: true,
+            defaultValue: 'Bearer',
+          },
+          {
+            type: 'select',
+            name: 'credentials',
+            label: 'Send Credentials',
+            defaultValue: 'body',
+            options: [
+              { label: 'In Request Body', value: 'body' },
+              { label: 'As Basic Authentication', value: 'basic' },
+            ],
+          },
+        ],
+      },
+      {
+        type: 'accordion',
+        label: 'Access Token Response',
+        async dynamic(ctx, { contextId, values }) {
+          const tokenArgs: TokenStoreArgs = {
+            contextId,
+            authorizationUrl: stringArg(values, 'authorizationUrl'),
+            accessTokenUrl: stringArg(values, 'accessTokenUrl'),
+            clientId: stringArg(values, 'clientId'),
+          };
+          const token = await getToken(ctx, tokenArgs);
+          if (token == null) {
+            return { hidden: true };
+          }
+          return {
+            label: 'Access Token Response',
+            inputs: [
+              {
+                type: 'editor',
+                defaultValue: JSON.stringify(token.response, null, 2),
+                hideLabel: true,
+                readOnly: true,
+                language: 'json',
+              },
+            ],
+          };
+        },
+      },
+    ],
+    async onApply(ctx, { values, contextId }) {
+      const headerPrefix = stringArg(values, 'headerPrefix');
+      const grantType = stringArg(values, 'grantType') as GrantType;
+      const credentialsInBody = values.credentials === 'body';
+      const tokenName = values.tokenName === 'id_token' ? 'id_token' : 'access_token';
+
+      let token: AccessToken;
+      if (grantType === 'authorization_code') {
+        const authorizationUrl = stringArg(values, 'authorizationUrl');
+        const accessTokenUrl = stringArg(values, 'accessTokenUrl');
+        token = await getAuthorizationCode(ctx, contextId, {
+          accessTokenUrl:
+            accessTokenUrl === '' || accessTokenUrl.match(/^https?:\/\//)
+              ? accessTokenUrl
+              : `https://${accessTokenUrl}`,
+          authorizationUrl:
+            authorizationUrl === '' || authorizationUrl.match(/^https?:\/\//)
+              ? authorizationUrl
+              : `https://${authorizationUrl}`,
+          clientId: stringArg(values, 'clientId'),
+          clientSecret: stringArg(values, 'clientSecret'),
+          redirectUri: stringArgOrNull(values, 'redirectUri'),
+          scope: stringArgOrNull(values, 'scope'),
+          audience: stringArgOrNull(values, 'audience'),
+          state: stringArgOrNull(values, 'state'),
+          credentialsInBody,
+          pkce: values.usePkce
+            ? {
+                challengeMethod: stringArg(values, 'pkceChallengeMethod') || DEFAULT_PKCE_METHOD,
+                codeVerifier: stringArg(values, 'pkceCodeVerifier') || genPkceCodeVerifier(),
+              }
+            : null,
+          tokenName: tokenName,
+        });
+      } else if (grantType === 'implicit') {
+        const authorizationUrl = stringArg(values, 'authorizationUrl');
+        token = await getImplicit(ctx, contextId, {
+          authorizationUrl: authorizationUrl.match(/^https?:\/\//)
+            ? authorizationUrl
+            : `https://${authorizationUrl}`,
+          clientId: stringArg(values, 'clientId'),
+          redirectUri: stringArgOrNull(values, 'redirectUri'),
+          responseType: stringArg(values, 'responseType'),
+          scope: stringArgOrNull(values, 'scope'),
+          audience: stringArgOrNull(values, 'audience'),
+          state: stringArgOrNull(values, 'state'),
+          tokenName: tokenName,
+        });
+      } else if (grantType === 'client_credentials') {
+        const accessTokenUrl = stringArg(values, 'accessTokenUrl');
+        token = await getClientCredentials(ctx, contextId, {
+          accessTokenUrl: accessTokenUrl.match(/^https?:\/\//)
+            ? accessTokenUrl
+            : `https://${accessTokenUrl}`,
+          clientId: stringArg(values, 'clientId'),
+          clientSecret: stringArg(values, 'clientSecret'),
+          scope: stringArgOrNull(values, 'scope'),
+          audience: stringArgOrNull(values, 'audience'),
+          credentialsInBody,
+        });
+      } else if (grantType === 'password') {
+        const accessTokenUrl = stringArg(values, 'accessTokenUrl');
+        token = await getPassword(ctx, contextId, {
+          accessTokenUrl: accessTokenUrl.match(/^https?:\/\//)
+            ? accessTokenUrl
+            : `https://${accessTokenUrl}`,
+          clientId: stringArg(values, 'clientId'),
+          clientSecret: stringArg(values, 'clientSecret'),
+          username: stringArg(values, 'username'),
+          password: stringArg(values, 'password'),
+          scope: stringArgOrNull(values, 'scope'),
+          audience: stringArgOrNull(values, 'audience'),
+          credentialsInBody,
+        });
+      } else {
+        throw new Error('Invalid grant type ' + grantType);
+      }
+
+      const headerValue = `${headerPrefix} ${token.response[tokenName]}`.trim();
+      return {
+        setHeaders: [
+          {
+            name: 'Authorization',
+            value: headerValue,
+          },
+        ],
+      };
+    },
+  },
+};
+
+function stringArgOrNull(
+  values: Record<string, JsonPrimitive | undefined>,
+  name: string,
+): string | null {
+  const arg = values[name];
+  if (arg == null || arg == '') return null;
+  return `${arg}`;
+}
+
+function stringArg(values: Record<string, JsonPrimitive | undefined>, name: string): string {
+  const arg = stringArgOrNull(values, name);
+  if (!arg) return '';
+  return arg;
+}

plugins/auth-oauth2/src/store.ts

@@ -0,0 +1,80 @@
+import type { Context } from '@yaakapp/api';
+import { createHash } from 'node:crypto';
+
+export async function storeToken(
+  ctx: Context,
+  args: TokenStoreArgs,
+  response: AccessTokenRawResponse,
+  tokenName: 'access_token' | 'id_token' = 'access_token',
+) {
+  if (!response[tokenName]) {
+    throw new Error(`${tokenName} not found in response ${Object.keys(response).join(', ')}`);
+  }
+
+  const expiresAt = response.expires_in ? Date.now() + response.expires_in * 1000 : null;
+  const token: AccessToken = {
+    response,
+    expiresAt,
+  };
+  await ctx.store.set<AccessToken>(tokenStoreKey(args), token);
+  return token;
+}
+
+export async function getToken(ctx: Context, args: TokenStoreArgs) {
+  return ctx.store.get<AccessToken>(tokenStoreKey(args));
+}
+
+export async function deleteToken(ctx: Context, args: TokenStoreArgs) {
+  return ctx.store.delete(tokenStoreKey(args));
+}
+
+export async function resetDataDirKey(ctx: Context, contextId: string) {
+  const key = new Date().toISOString();
+  return ctx.store.set<string>(dataDirStoreKey(contextId), key);
+}
+
+export async function getDataDirKey(ctx: Context, contextId: string) {
+  const key = (await ctx.store.get<string>(dataDirStoreKey(contextId))) ?? 'default';
+  return `${contextId}::${key}`;
+}
+
+export interface TokenStoreArgs {
+  contextId: string;
+  clientId: string;
+  accessTokenUrl: string | null;
+  authorizationUrl: string | null;
+}
+
+/**
+ * Generate a store key to use based on some arguments. The arguments will be normalized a bit to
+ * account for slight variations (like domains with and without a protocol scheme).
+ */
+function tokenStoreKey(args: TokenStoreArgs) {
+  const hash = createHash('md5');
+  if (args.contextId) hash.update(args.contextId.trim());
+  if (args.clientId) hash.update(args.clientId.trim());
+  if (args.accessTokenUrl) hash.update(args.accessTokenUrl.trim().replace(/^https?:\/\//, ''));
+  if (args.authorizationUrl) hash.update(args.authorizationUrl.trim().replace(/^https?:\/\//, ''));
+  const key = hash.digest('hex');
+  return ['token', key].join('::');
+}
+
+function dataDirStoreKey(contextId: string) {
+  return ['data_dir', contextId].join('::');
+}
+
+export interface AccessToken {
+  response: AccessTokenRawResponse;
+  expiresAt: number | null;
+}
+
+export interface AccessTokenRawResponse {
+  access_token: string;
+  id_token?: string;
+  token_type?: string;
+  expires_in?: number;
+  refresh_token?: string;
+  error?: string;
+  error_description?: string;
+  scope?: string;
+}

plugins/auth-oauth2/src/util.ts

@@ -0,0 +1,5 @@
+import type { AccessToken } from './store';
+
+export function isTokenExpired(token: AccessToken) {
+  return token.expiresAt && Date.now() > token.expiresAt;
+}