Tweak font sizes

Co-authored-by: Claude <noreply@anthropic.com>

.gitattributes

@@ -1,2 +1,5 @@
 src-tauri/vendored/**/* linguist-generated=true
 src-tauri/gen/schemas/**/* linguist-generated=true
+
+# Ensure consistent line endings for test files that check exact content
+src-tauri/yaak-http/tests/test.txt text eol=lf

.github/FUNDING.yml

@@ -1,15 +1,3 @@
 # These are supported funding model platforms
 
 github: gschier
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
-polar: # Replace with a single Polar username
-buy_me_a_coffee: # Replace with a single Buy Me a Coffee username
-thanks_dev: # Replace with a single thanks.dev username
-custom: https://yaak.app/pricing

.github/workflows/ci-js.yml

@@ -1,18 +0,0 @@
-on:
-  pull_request:
-    branches: [develop]
-
-name: CI (JS)
-
-jobs:
-  test:
-    name: Lint/Test
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-      - run: npm ci
-      - run: npm run lint
-      - run: npm test

.github/workflows/ci-rust.yml

@@ -1,36 +0,0 @@
-on:
-  pull_request:
-    branches: [develop]
-    paths:
-      - src-tauri/**
-      - .github/workflows/**
-
-name: CI (Rust)
-
-defaults:
-  run:
-    working-directory: src-tauri
-
-jobs:
-  test:
-    name: Check/Test
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - run: |
-          sudo apt-get update
-          sudo apt-get install -y libwebkit2gtk-4.1-dev
-      - uses: dtolnay/rust-toolchain@stable
-      - uses: actions/cache@v3
-        continue-on-error: false
-        with:
-          path: |
-            ~/.cargo/bin/
-            ~/.cargo/registry/index/
-            ~/.cargo/registry/cache/
-            ~/.cargo/git/db/
-            target/
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
-          restore-keys: ${{ runner.os }}-cargo-
-      - run: cargo check --all
-      - run: cargo test --all

.github/workflows/ci.yml

@@ -0,0 +1,31 @@
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+name: Lint and Test
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: Lint/Test
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: 'src-tauri'
+          shared-key: ci
+          cache-on-failure: true
+
+      - run: npm ci
+      - run: npm run lint
+      - name: Run JS Tests
+        run: npm test
+      - name: Run Rust Tests
+        run: cargo test --all
+        working-directory: src-tauri

.github/workflows/release.yml

@@ -16,15 +16,34 @@ jobs:
           - platform: 'macos-latest' # for Arm-based Macs (M1 and above).
             args: '--target aarch64-apple-darwin'
             yaak_arch: 'arm64'
+            os: 'macos'
+            targets: 'aarch64-apple-darwin'
           - platform: 'macos-latest' # for Intel-based Macs.
             args: '--target x86_64-apple-darwin'
             yaak_arch: 'x64'
+            os: 'macos'
+            targets: 'x86_64-apple-darwin'
           - platform: 'ubuntu-22.04'
             args: ''
             yaak_arch: 'x64'
+            os: 'ubuntu'
+            targets: ''
+          - platform: 'ubuntu-22.04-arm'
+            args: ''
+            yaak_arch: 'arm64'
+            os: 'ubuntu'
+            targets: ''
           - platform: 'windows-latest'
             args: ''
             yaak_arch: 'x64'
+            os: 'windows'
+            targets: ''
+          # Windows ARM64
+          - platform: 'windows-latest'
+            args: '--target aarch64-pc-windows-msvc'
+            yaak_arch: 'arm64'
+            os: 'windows'
+            targets: 'aarch64-pc-windows-msvc'
     runs-on: ${{ matrix.platform }}
     timeout-minutes: 40
     steps:
@@ -33,54 +52,49 @@ jobs:
 
       - name: Setup Node
         uses: actions/setup-node@v4
-        with:
-          node-version: 22
 
       - name: install Rust stable
         uses: dtolnay/rust-toolchain@stable
         with:
-          # Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds.
-          targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}
+          targets: ${{ matrix.targets }}
 
-      - uses: actions/cache@v3
-        continue-on-error: false
+      - uses: Swatinem/rust-cache@v2
         with:
-          path: |
-            ~/.cargo/bin/
-            ~/.cargo/registry/index/
-            ~/.cargo/registry/cache/
-            ~/.cargo/git/db/
-            src-tauri/target/
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
-          restore-keys: ${{ runner.os }}-cargo-
+          workspaces: 'src-tauri'
+          shared-key: ci
+          cache-on-failure: true
 
-      - name: install dependencies (ubuntu only)
-        if: matrix.platform == 'ubuntu-22.04' # This must match the platform value defined above.
+      - name: install dependencies (Linux only)
+        if: matrix.os == 'ubuntu'
         run: |
           sudo apt-get update
-          sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
-
-      - name: install dependencies (windows only)
-        if: matrix.platform == 'windows-latest'
-        run: cargo install --force trusted-signing-cli
-
-      - name: Install NPM Dependencies
-        run: npm ci
+          sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf xdg-utils
 
       - name: Install Protoc for plugin-runtime
         uses: arduino/setup-protoc@v3
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
-      # Some things (eg. WASM package) requires building before lint will work
-      - name: Run bootstrap
-        run: npm run bootstrap
+      - name: Install trusted-signing-cli (Windows only)
+        if: matrix.os == 'windows'
+        shell: pwsh
+        run: |
+          $ErrorActionPreference = 'Stop'
+          $dir = "$env:USERPROFILE\trusted-signing"
+          New-Item -ItemType Directory -Force -Path $dir | Out-Null
+          $url = "https://github.com/Levminer/trusted-signing-cli/releases/download/0.8.0/trusted-signing-cli.exe"
+          $exe = Join-Path $dir "trusted-signing-cli.exe"
+          Invoke-WebRequest -Uri $url -OutFile $exe
+          echo $dir >> $env:GITHUB_PATH
+          & $exe --version
 
-      - name: Run lint
-        run: npm run lint
-
-      - name: Run tests
+      - run: npm ci
+      - run: npm run lint
+      - name: Run JS Tests
         run: npm test
+      - name: Run Rust Tests
+        run: cargo test --all
+        working-directory: src-tauri
 
       - name: Set version
         run: npm run replace-version
@@ -97,21 +111,21 @@ jobs:
           TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
 
           # Apple signing stuff
-          APPLE_CERTIFICATE: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_CERTIFICATE }}
-          APPLE_CERTIFICATE_PASSWORD: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_CERTIFICATE_PASSWORD }}
-          APPLE_ID: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_ID }}
-          APPLE_PASSWORD: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_PASSWORD }}
-          APPLE_SIGNING_IDENTITY: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_SIGNING_IDENTITY }}
-          APPLE_TEAM_ID: ${{ matrix.platform == 'macos-latest' && secrets.APPLE_TEAM_ID }}
+          APPLE_CERTIFICATE: ${{ matrix.os == 'macos' && secrets.APPLE_CERTIFICATE }}
+          APPLE_CERTIFICATE_PASSWORD: ${{ matrix.os == 'macos' && secrets.APPLE_CERTIFICATE_PASSWORD }}
+          APPLE_ID: ${{ matrix.os == 'macos' && secrets.APPLE_ID }}
+          APPLE_PASSWORD: ${{ matrix.os == 'macos' && secrets.APPLE_PASSWORD }}
+          APPLE_SIGNING_IDENTITY: ${{ matrix.os == 'macos' && secrets.APPLE_SIGNING_IDENTITY }}
+          APPLE_TEAM_ID: ${{ matrix.os == 'macos' && secrets.APPLE_TEAM_ID }}
 
           # Windows signing stuff
-          AZURE_CLIENT_ID: ${{ matrix.platform == 'windows-latest' && secrets.AZURE_CLIENT_ID }}
-          AZURE_CLIENT_SECRET: ${{ matrix.platform == 'windows-latest' && secrets.AZURE_CLIENT_SECRET }}
-          AZURE_TENANT_ID: ${{ matrix.platform == 'windows-latest' && secrets.AZURE_TENANT_ID }}
+          AZURE_CLIENT_ID: ${{ matrix.os == 'windows' && secrets.AZURE_CLIENT_ID }}
+          AZURE_CLIENT_SECRET: ${{ matrix.os == 'windows' && secrets.AZURE_CLIENT_SECRET }}
+          AZURE_TENANT_ID: ${{ matrix.os == 'windows' && secrets.AZURE_TENANT_ID }}
         with:
           tagName: 'v__VERSION__'
           releaseName: 'Release __VERSION__'
           releaseBody: '[Changelog __VERSION__](https://yaak.app/blog/__VERSION__)'
           releaseDraft: true
           prerelease: true
-          args: '${{ matrix.args }} --config ./src-tauri/tauri.commercial.conf.json'
+          args: '${{ matrix.args }} --config ./src-tauri/tauri.release.conf.json'

.github/workflows/sponsors.yml

@@ -40,4 +40,5 @@ jobs:
         uses: JamesIves/github-pages-deploy-action@v4
         with:
           branch: main
+          force: false
           folder: '.'

.gitignore

@@ -15,6 +15,8 @@ dist-ssr
 # Editor directories and files
 .vscode/*
 !.vscode/extensions.json
+!.vscode/settings.json
+!.vscode/launch.json
 .idea
 .DS_Store
 *.suo
@@ -23,6 +25,7 @@ dist-ssr
 *.sln
 *.sw?
 .eslintcache
+out
 
 *.sqlite
 *.sqlite-*
@@ -31,3 +34,5 @@ dist-ssr
 
 .tmp
 tmp
+.zed
+codebook.toml

.prettierignore

@@ -1,4 +0,0 @@
-node_modules/
-dist/
-out/
-.prettierrc.cjs

.prettierrc.js

@@ -1,8 +0,0 @@
-export default {
-  "trailingComma": "all",
-  "tabWidth": 2,
-  "semi": true,
-  "singleQuote": true,
-  "printWidth": 100,
-  "bracketSpacing": true
-}

.vscode/extensions.json

@@ -0,0 +1,3 @@
+{
+  "recommendations": ["biomejs.biome", "rust-lang.rust-analyzer", "bradlc.vscode-tailwindcss"]
+}

.vscode/launch.json

@@ -0,0 +1,26 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Dev App",
+      "runtimeExecutable": "npm",
+      "runtimeArgs": ["run", "start"]
+    },
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Build App",
+      "runtimeExecutable": "npm",
+      "runtimeArgs": ["run", "start"]
+    },
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Bootstrap",
+      "runtimeExecutable": "npm",
+      "runtimeArgs": ["run", "bootstrap"]
+    }
+  ]
+}

.vscode/settings.json

@@ -0,0 +1,6 @@
+{
+  "editor.defaultFormatter": "biomejs.biome",
+  "editor.formatOnSave": true,
+  "biome.enabled": true,
+  "biome.lint.format.enable": true
+}

DEVELOPMENT.md

@@ -54,9 +54,35 @@ Rerun the app to apply the migrations.
 
 _Note: For safety, development builds use a separate database location from production builds._
 
-## Lezer Grammer Generation
+## Lezer Grammar Generation
 
 ```sh
 # Example
 lezer-generator components/core/Editor/<LANG>/<LANG>.grammar > components/core/Editor/<LANG>/<LANG>.ts
 ```
+
+## Linting & Formatting
+
+This repo uses Biome for linting and formatting (replacing ESLint + Prettier).
+
+- Lint the entire repo:
+
+```sh
+npm run lint
+```
+
+- Auto-fix lint issues where possible:
+
+```sh
+npm run lint:fix
+```
+
+- Format code:
+
+```sh
+npm run format
+```
+
+Notes:
+- Many workspace packages also expose the same scripts (`lint`, `lint:fix`, and `format`).
+- TypeScript type-checking still runs separately via `tsc --noEmit` in relevant packages.

README.md

@@ -19,10 +19,10 @@
 
 
 <p align="center">
-  <!-- sponsors-premium --><a href="https://github.com/MVST-Solutions"><img src="https:&#x2F;&#x2F;github.com&#x2F;MVST-Solutions.png" width="80px" alt="User avatar: MVST-Solutions" /></a>&nbsp;&nbsp;<a href="https://github.com/dharsanb"><img src="https:&#x2F;&#x2F;github.com&#x2F;dharsanb.png" width="80px" alt="User avatar: dharsanb" /></a>&nbsp;&nbsp;<a href="https://github.com/railwayapp"><img src="https:&#x2F;&#x2F;github.com&#x2F;railwayapp.png" width="80px" alt="User avatar: railwayapp" /></a>&nbsp;&nbsp;<a href="https://github.com/caseyamcl"><img src="https:&#x2F;&#x2F;github.com&#x2F;caseyamcl.png" width="80px" alt="User avatar: caseyamcl" /></a>&nbsp;&nbsp;<a href="https://github.com/andriyor"><img src="https:&#x2F;&#x2F;github.com&#x2F;andriyor.png" width="80px" alt="User avatar: andriyor" /></a>&nbsp;&nbsp;<a href="https://github.com/"><img src="https:&#x2F;&#x2F;raw.githubusercontent.com&#x2F;JamesIves&#x2F;github-sponsors-readme-action&#x2F;dev&#x2F;.github&#x2F;assets&#x2F;placeholder.png" width="80px" alt="User avatar: " /></a>&nbsp;&nbsp;<!-- sponsors-premium -->
+  <!-- sponsors-premium --><a href="https://github.com/MVST-Solutions"><img src="https:&#x2F;&#x2F;github.com&#x2F;MVST-Solutions.png" width="80px" alt="User avatar: MVST-Solutions" /></a>&nbsp;&nbsp;<a href="https://github.com/dharsanb"><img src="https:&#x2F;&#x2F;github.com&#x2F;dharsanb.png" width="80px" alt="User avatar: dharsanb" /></a>&nbsp;&nbsp;<a href="https://github.com/railwayapp"><img src="https:&#x2F;&#x2F;github.com&#x2F;railwayapp.png" width="80px" alt="User avatar: railwayapp" /></a>&nbsp;&nbsp;<a href="https://github.com/caseyamcl"><img src="https:&#x2F;&#x2F;github.com&#x2F;caseyamcl.png" width="80px" alt="User avatar: caseyamcl" /></a>&nbsp;&nbsp;<a href="https://github.com/"><img src="https:&#x2F;&#x2F;raw.githubusercontent.com&#x2F;JamesIves&#x2F;github-sponsors-readme-action&#x2F;dev&#x2F;.github&#x2F;assets&#x2F;placeholder.png" width="80px" alt="User avatar: " /></a>&nbsp;&nbsp;<!-- sponsors-premium -->
 </p>
 <p align="center">
-  <!-- sponsors-base --><a href="https://github.com/seanwash"><img src="https:&#x2F;&#x2F;github.com&#x2F;seanwash.png" width="50px" alt="User avatar: seanwash" /></a>&nbsp;&nbsp;<a href="https://github.com/jerath"><img src="https:&#x2F;&#x2F;github.com&#x2F;jerath.png" width="50px" alt="User avatar: jerath" /></a>&nbsp;&nbsp;<a href="https://github.com/itsa-sh"><img src="https:&#x2F;&#x2F;github.com&#x2F;itsa-sh.png" width="50px" alt="User avatar: itsa-sh" /></a>&nbsp;&nbsp;<a href="https://github.com/dmmulroy"><img src="https:&#x2F;&#x2F;github.com&#x2F;dmmulroy.png" width="50px" alt="User avatar: dmmulroy" /></a>&nbsp;&nbsp;<a href="https://github.com/timcole"><img src="https:&#x2F;&#x2F;github.com&#x2F;timcole.png" width="50px" alt="User avatar: timcole" /></a>&nbsp;&nbsp;<a href="https://github.com/VLZH"><img src="https:&#x2F;&#x2F;github.com&#x2F;VLZH.png" width="50px" alt="User avatar: VLZH" /></a>&nbsp;&nbsp;<a href="https://github.com/terasaka2k"><img src="https:&#x2F;&#x2F;github.com&#x2F;terasaka2k.png" width="50px" alt="User avatar: terasaka2k" /></a>&nbsp;&nbsp;<!-- sponsors-base -->
+  <!-- sponsors-base --><a href="https://github.com/seanwash"><img src="https:&#x2F;&#x2F;github.com&#x2F;seanwash.png" width="50px" alt="User avatar: seanwash" /></a>&nbsp;&nbsp;<a href="https://github.com/jerath"><img src="https:&#x2F;&#x2F;github.com&#x2F;jerath.png" width="50px" alt="User avatar: jerath" /></a>&nbsp;&nbsp;<a href="https://github.com/itsa-sh"><img src="https:&#x2F;&#x2F;github.com&#x2F;itsa-sh.png" width="50px" alt="User avatar: itsa-sh" /></a>&nbsp;&nbsp;<a href="https://github.com/dmmulroy"><img src="https:&#x2F;&#x2F;github.com&#x2F;dmmulroy.png" width="50px" alt="User avatar: dmmulroy" /></a>&nbsp;&nbsp;<a href="https://github.com/timcole"><img src="https:&#x2F;&#x2F;github.com&#x2F;timcole.png" width="50px" alt="User avatar: timcole" /></a>&nbsp;&nbsp;<a href="https://github.com/VLZH"><img src="https:&#x2F;&#x2F;github.com&#x2F;VLZH.png" width="50px" alt="User avatar: VLZH" /></a>&nbsp;&nbsp;<a href="https://github.com/terasaka2k"><img src="https:&#x2F;&#x2F;github.com&#x2F;terasaka2k.png" width="50px" alt="User avatar: terasaka2k" /></a>&nbsp;&nbsp;<a href="https://github.com/andriyor"><img src="https:&#x2F;&#x2F;github.com&#x2F;andriyor.png" width="50px" alt="User avatar: andriyor" /></a>&nbsp;&nbsp;<a href="https://github.com/majudhu"><img src="https:&#x2F;&#x2F;github.com&#x2F;majudhu.png" width="50px" alt="User avatar: majudhu" /></a>&nbsp;&nbsp;<a href="https://github.com/axelrindle"><img src="https:&#x2F;&#x2F;github.com&#x2F;axelrindle.png" width="50px" alt="User avatar: axelrindle" /></a>&nbsp;&nbsp;<a href="https://github.com/jirizverina"><img src="https:&#x2F;&#x2F;github.com&#x2F;jirizverina.png" width="50px" alt="User avatar: jirizverina" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="50px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/GRAYAH"><img src="https:&#x2F;&#x2F;github.com&#x2F;GRAYAH.png" width="50px" alt="User avatar: GRAYAH" /></a>&nbsp;&nbsp;<!-- sponsors-base -->
 </p>
 
 ![Yaak API Client](https://yaak.app/static/screenshot.png)
@@ -42,7 +42,7 @@ Built with [Tauri](https://tauri.app), Rust, and React, it’s fast, lightweight
 
 ### 🔐 Stay secure
 - Use OAuth 2.0, JWT, Basic Auth, or custom plugins for authentication.
-- Secure sensitive values with end-to-end encryption.
+- Secure sensitive values with encrypted secrets. 
 - Store secrets in your OS keychain.
 
 ### ☁️ Organize & collaborate
@@ -58,7 +58,7 @@ Built with [Tauri](https://tauri.app), Rust, and React, it’s fast, lightweight
 
 ## Contribution Policy
 
-Yaak is open source, but only accepting contributions for bug fixes. To get started, 
+Yaak is open source but only accepting contributions for bug fixes. To get started, 
 visit [`DEVELOPMENT.md`](DEVELOPMENT.md) for tips on setting up your environment.
 
 ## Useful Resources
@@ -68,4 +68,3 @@ visit [`DEVELOPMENT.md`](DEVELOPMENT.md) for tips on setting up your environment
 - [Yaak vs Postman](https://yaak.app/alternatives/postman)
 - [Yaak vs Bruno](https://yaak.app/alternatives/bruno)
 - [Yaak vs Insomnia](https://yaak.app/alternatives/insomnia)
-

biome.json

@@ -0,0 +1,51 @@
+{
+  "$schema": "https://biomejs.dev/schemas/2.3.7/schema.json",
+  "linter": {
+    "enabled": true,
+    "rules": {
+      "recommended": true,
+      "a11y": {
+        "useKeyWithClickEvents": "off"
+      }
+    }
+  },
+  "formatter": {
+    "enabled": true,
+    "indentStyle": "space",
+    "indentWidth": 2,
+    "lineWidth": 100,
+    "bracketSpacing": true
+  },
+  "css": {
+    "parser": {
+      "tailwindDirectives": true
+    },
+    "linter": {
+      "enabled": false
+    }
+  },
+  "javascript": {
+    "formatter": {
+      "quoteStyle": "single",
+      "jsxQuoteStyle": "double",
+      "trailingCommas": "all",
+      "semicolons": "always"
+    }
+  },
+  "files": {
+    "includes": [
+      "**",
+      "!**/node_modules",
+      "!**/dist",
+      "!**/build",
+      "!scripts",
+      "!packages/plugin-runtime",
+      "!packages/plugin-runtime-types",
+      "!src-tauri",
+      "!src-web/tailwind.config.cjs",
+      "!src-web/postcss.config.cjs",
+      "!src-web/vite.config.ts",
+      "!src-web/routeTree.gen.ts"
+    ]
+  }
+}

eslint.config.cjs

@@ -1,89 +0,0 @@
-const { defineConfig, globalIgnores } = require('eslint/config');
-
-const { fixupConfigRules } = require('@eslint/compat');
-
-const reactRefresh = require('eslint-plugin-react-refresh');
-const tsParser = require('@typescript-eslint/parser');
-const js = require('@eslint/js');
-
-const { FlatCompat } = require('@eslint/eslintrc');
-
-const compat = new FlatCompat({
-  baseDirectory: __dirname,
-  recommendedConfig: js.configs.recommended,
-  allConfig: js.configs.all,
-});
-
-module.exports = defineConfig([
-  {
-    extends: fixupConfigRules(
-      compat.extends(
-        'eslint:recommended',
-        'plugin:react/recommended',
-        'plugin:react-hooks/recommended',
-        'plugin:import/recommended',
-        'plugin:jsx-a11y/recommended',
-        'plugin:@typescript-eslint/recommended',
-        'eslint-config-prettier',
-      ),
-    ),
-
-    plugins: {
-      'react-refresh': reactRefresh,
-    },
-
-    languageOptions: {
-      parser: tsParser,
-
-      parserOptions: {
-        project: ['./tsconfig.json'],
-      },
-    },
-
-    settings: {
-      react: {
-        version: 'detect',
-      },
-
-      'import/resolver': {
-        node: {
-          paths: ['src-web'],
-          extensions: ['.ts', '.tsx'],
-        },
-      },
-    },
-
-    rules: {
-      'react-refresh/only-export-components': 'error',
-      'jsx-a11y/no-autofocus': 'off',
-      'react/react-in-jsx-scope': 'off',
-      'import/no-unresolved': 'off',
-
-      '@typescript-eslint/consistent-type-imports': [
-        'error',
-        {
-          prefer: 'type-imports',
-          disallowTypeAnnotations: true,
-          fixStyle: 'separate-type-imports',
-        },
-      ],
-    },
-  },
-  globalIgnores([
-    'scripts/**/*',
-    'packages/plugin-runtime/**/*',
-    'packages/plugin-runtime-types/**/*',
-    'src-tauri/**/*',
-    'src-web/tailwind.config.cjs',
-    'src-web/vite.config.ts',
-  ]),
-  globalIgnores([
-    '**/node_modules/',
-    '**/dist/',
-    '**/build/',
-    '**/.eslintrc.cjs',
-    '**/.prettierrc.cjs',
-    'src-web/postcss.config.cjs',
-    'src-web/vite.config.ts',
-  ]),
-]);

package.json

@@ -7,40 +7,47 @@
     "url": "git+https://github.com/mountain-loop/yaak.git"
   },
   "workspaces": [
+    "packages/common-lib",
     "packages/plugin-runtime",
     "packages/plugin-runtime-types",
-    "packages/common-lib",
+    "plugins/action-copy-curl",
+    "plugins/action-copy-grpcurl",
     "plugins/auth-apikey",
+    "plugins/auth-aws",
     "plugins/auth-basic",
     "plugins/auth-bearer",
     "plugins/auth-jwt",
+    "plugins/auth-ntlm",
     "plugins/auth-oauth2",
-    "plugins/action-copy-curl",
-    "plugins/action-copy-grpcurl",
+    "plugins/auth-oauth1",
     "plugins/filter-jsonpath",
     "plugins/filter-xpath",
     "plugins/importer-curl",
     "plugins/importer-insomnia",
     "plugins/importer-openapi",
     "plugins/importer-postman",
+    "plugins/importer-postman-environment",
     "plugins/importer-yaak",
+    "plugins/template-function-1password",
     "plugins/template-function-cookie",
-    "plugins/template-function-timestamp",
+    "plugins/template-function-ctx",
     "plugins/template-function-encode",
     "plugins/template-function-fs",
     "plugins/template-function-hash",
     "plugins/template-function-json",
     "plugins/template-function-prompt",
+    "plugins/template-function-random",
     "plugins/template-function-regex",
-    "plugins/template-function-request",
-    "plugins/template-function-response",
+    "plugins/template-function-timestamp",
     "plugins/template-function-uuid",
     "plugins/template-function-xml",
+    "plugins/template-function-request",
+    "plugins/template-function-response",
     "plugins/themes-yaak",
     "src-tauri",
     "src-tauri/yaak-crypto",
-    "src-tauri/yaak-git",
     "src-tauri/yaak-fonts",
+    "src-tauri/yaak-git",
     "src-tauri/yaak-license",
     "src-tauri/yaak-mac-window",
     "src-tauri/yaak-models",
@@ -60,38 +67,31 @@
     "build-plugins": "npm run --workspaces --if-present build",
     "test": "npm run --workspaces --if-present test",
     "icons": "run-p icons:*",
-    "icons:dev": "tauri icon src-tauri/icons/icon.png --output src-tauri/icons/release",
-    "icons:release": "tauri icon src-tauri/icons/icon-dev.png --output src-tauri/icons/dev",
-    "bootstrap": "run-p bootstrap:* && npm run --workspaces --if-present bootstrap",
-    "bootstrap:vendor-node": "node scripts/vendor-node.cjs",
-    "bootstrap:vendor-plugins": "node scripts/vendor-plugins.cjs",
-    "bootstrap:vendor-protoc": "node scripts/vendor-protoc.cjs",
-    "lint": "npm run --workspaces --if-present lint",
+    "icons:dev": "tauri icon src-tauri/icons/icon-dev.png --output src-tauri/icons/dev",
+    "icons:release": "tauri icon src-tauri/icons/icon.png --output src-tauri/icons/release",
+    "bootstrap": "run-s bootstrap:*",
+    "bootstrap:install-wasm-pack": "node scripts/install-wasm-pack.cjs",
+    "bootstrap:build": "npm run build",
+    "bootstrap:vendor": "npm run vendor",
+    "vendor": "run-p vendor:*",
+    "vendor:vendor-plugins": "node scripts/vendor-plugins.cjs",
+    "vendor:vendor-protoc": "node scripts/vendor-protoc.cjs",
+    "vendor:vendor-node": "node scripts/vendor-node.cjs",
+    "lint": "run-p lint:*",
+    "lint:biome": "biome lint",
+    "lint:extra": "npm run --workspaces --if-present lint",
+    "format": "biome format --write .",
     "replace-version": "node scripts/replace-version.cjs",
     "tauri": "tauri",
-    "tauri-before-build": "npm run bootstrap && npm run --workspaces --if-present build",
+    "tauri-before-build": "npm run bootstrap",
     "tauri-before-dev": "workspaces-run --parallel -- npm run --workspaces --if-present dev"
   },
-  "dependencies": {
-    "jotai": "^2.12.2"
-  },
   "devDependencies": {
-    "@eslint/compat": "^1.3.0",
-    "@eslint/eslintrc": "^3.3.1",
-    "@eslint/js": "^9.29.0",
-    "@tauri-apps/cli": "^2.8.4",
-    "@typescript-eslint/eslint-plugin": "^8.27.0",
-    "@typescript-eslint/parser": "^8.27.0",
-    "@yaakapp/cli": "^0.2.7",
-    "eslint": "^9.29.0",
-    "eslint-config-prettier": "^10.1.5",
-    "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-jsx-a11y": "^6.10.2",
-    "eslint-plugin-react": "^7.37.5",
-    "eslint-plugin-react-hooks": "^5.2.0",
+    "@biomejs/biome": "^2.3.7",
+    "@tauri-apps/cli": "^2.9.6",
+    "@yaakapp/cli": "^0.3.4",
     "nodejs-file-downloader": "^4.13.0",
     "npm-run-all": "^4.1.5",
-    "prettier": "^3.4.2",
     "typescript": "^5.8.3",
     "vitest": "^3.2.4",
     "workspaces-run": "^1.0.2"

packages/common-lib/debounce.ts

@@ -1,12 +1,12 @@
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
+// biome-ignore lint/suspicious/noExplicitAny: none
 export function debounce(fn: (...args: any[]) => void, delay = 500) {
   let timer: ReturnType<typeof setTimeout>;
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  const result = function (...args: any[]) {
+  // biome-ignore lint/suspicious/noExplicitAny: none
+  const result = (...args: any[]) => {
     clearTimeout(timer);
     timer = setTimeout(() => fn(...args), delay);
   };
-  result.cancel = function () {
+  result.cancel = () => {
     clearTimeout(timer);
   };
   return result;

packages/common-lib/formatSize.ts

@@ -1,20 +1,20 @@
 export function formatSize(bytes: number): string {
-    let num;
-    let unit;
+  let num: number;
+  let unit: string;
 
-    if (bytes > 1000 * 1000 * 1000) {
-        num = bytes / 1000 / 1000 / 1000;
-        unit = 'GB';
-    } else if (bytes > 1000 * 1000) {
-        num = bytes / 1000 / 1000;
-        unit = 'MB';
-    } else if (bytes > 1000) {
-        num = bytes / 1000;
-        unit = 'KB';
-    } else {
-        num = bytes;
-        unit = 'B';
-    }
+  if (bytes > 1000 * 1000 * 1000) {
+    num = bytes / 1000 / 1000 / 1000;
+    unit = 'GB';
+  } else if (bytes > 1000 * 1000) {
+    num = bytes / 1000 / 1000;
+    unit = 'MB';
+  } else if (bytes > 1000) {
+    num = bytes / 1000;
+    unit = 'KB';
+  } else {
+    num = bytes;
+    unit = 'B';
+  }
 
-    return `${Math.round(num * 10) / 10} ${unit}`;
+  return `${Math.round(num * 10) / 10} ${unit}`;
 }

packages/common-lib/index.ts

@@ -1 +1,3 @@
 export * from './debounce';
+export * from './formatSize';
+export * from './templateFunction';

packages/common-lib/templateFunction.ts

@@ -0,0 +1,49 @@
+import type {
+  CallTemplateFunctionArgs,
+  JsonPrimitive,
+  TemplateFunctionArg,
+} from '@yaakapp-internal/plugins';
+
+export function validateTemplateFunctionArgs(
+  fnName: string,
+  args: TemplateFunctionArg[],
+  values: CallTemplateFunctionArgs['values'],
+): string | null {
+  for (const arg of args) {
+    if ('inputs' in arg && arg.inputs) {
+      // Recurse down
+      const err = validateTemplateFunctionArgs(fnName, arg.inputs, values);
+      if (err) return err;
+    }
+    if (!('name' in arg)) continue;
+    if (arg.optional) continue;
+    if (arg.defaultValue != null) continue;
+    if (arg.hidden) continue;
+    if (values[arg.name] != null) continue;
+
+    return `Missing required argument "${arg.label || arg.name}" for template function ${fnName}()`;
+  }
+
+  return null;
+}
+
+/** Recursively apply form input defaults to a set of values */
+export function applyFormInputDefaults(
+  inputs: TemplateFunctionArg[],
+  values: { [p: string]: JsonPrimitive | undefined },
+) {
+  let newValues: { [p: string]: JsonPrimitive | undefined } = { ...values };
+  for (const input of inputs) {
+    if ('defaultValue' in input && values[input.name] === undefined) {
+      newValues[input.name] = input.defaultValue;
+    }
+    if (input.type === 'checkbox' && values[input.name] === undefined) {
+      newValues[input.name] = false;
+    }
+    // Recurse down to all child inputs
+    if ('inputs' in input) {
+      newValues = applyFormInputDefaults(input.inputs ?? [], newValues);
+    }
+  }
+  return newValues;
+}

packages/plugin-runtime-types/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yaakapp/api",
-  "version": "0.6.6",
+  "version": "0.7.1",
   "keywords": [
     "api-client",
     "insomnia-alternative",

packages/plugin-runtime-types/src/bindings/gen_api.ts

@@ -1,5 +1,5 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { PluginVersion } from "./gen_search.js";
+import type { PluginVersion } from "./gen_search";
 
 export type PluginNameVersion = { name: string, version: string, };
 

packages/plugin-runtime-types/src/bindings/gen_events.ts

@@ -1,6 +1,6 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { Environment, Folder, GrpcRequest, HttpRequest, HttpResponse, WebsocketRequest, Workspace } from "./gen_models.js";
-import type { JsonValue } from "./serde_json/JsonValue.js";
+import type { Environment, Folder, GrpcRequest, HttpRequest, HttpResponse, WebsocketRequest, Workspace } from "./gen_models";
+import type { JsonValue } from "./serde_json/JsonValue";
 
 export type BootRequest = { dir: string, watch: boolean, };
 
@@ -30,7 +30,7 @@ export type CallHttpRequestActionArgs = { httpRequest: HttpRequest, };
 
 export type CallHttpRequestActionRequest = { index: number, pluginRefId: string, args: CallHttpRequestActionArgs, };
 
-export type CallTemplateFunctionArgs = { purpose: RenderPurpose, values: { [key in string]?: JsonValue }, };
+export type CallTemplateFunctionArgs = { purpose: RenderPurpose, values: { [key in string]?: JsonPrimitive }, };
 
 export type CallTemplateFunctionRequest = { name: string, args: CallTemplateFunctionArgs, };
 
@@ -74,7 +74,7 @@ export type FindHttpResponsesRequest = { requestId: string, limit?: number, };
 
 export type FindHttpResponsesResponse = { httpResponses: Array<HttpResponse>, };
 
-export type FormInput = { "type": "text" } & FormInputText | { "type": "editor" } & FormInputEditor | { "type": "select" } & FormInputSelect | { "type": "checkbox" } & FormInputCheckbox | { "type": "file" } & FormInputFile | { "type": "http_request" } & FormInputHttpRequest | { "type": "accordion" } & FormInputAccordion | { "type": "banner" } & FormInputBanner | { "type": "markdown" } & FormInputMarkdown;
+export type FormInput = { "type": "text" } & FormInputText | { "type": "editor" } & FormInputEditor | { "type": "select" } & FormInputSelect | { "type": "checkbox" } & FormInputCheckbox | { "type": "file" } & FormInputFile | { "type": "http_request" } & FormInputHttpRequest | { "type": "accordion" } & FormInputAccordion | { "type": "h_stack" } & FormInputHStack | { "type": "banner" } & FormInputBanner | { "type": "markdown" } & FormInputMarkdown;
 
 export type FormInputAccordion = { label: string, inputs?: Array<FormInput>, hidden?: boolean, };
 
@@ -224,6 +224,8 @@ defaultValue?: string, disabled?: boolean,
  */
 description?: string, };
 
+export type FormInputHStack = { inputs?: Array<FormInput>, hidden?: boolean, };
+
 export type FormInputHttpRequest = { 
 /**
  * The name of the input. The value will be stored at this object attribute in the resulting data
@@ -361,7 +363,11 @@ export type GetKeyValueRequest = { key: string, };
 
 export type GetKeyValueResponse = { value?: string, };
 
-export type GetTemplateFunctionsResponse = { functions: Array<TemplateFunction>, pluginRefId: string, };
+export type GetTemplateFunctionConfigRequest = { contextId: string, name: string, values: { [key in string]?: JsonPrimitive }, };
+
+export type GetTemplateFunctionConfigResponse = { function: TemplateFunction, pluginRefId: string, };
+
+export type GetTemplateFunctionSummaryResponse = { functions: Array<TemplateFunction>, pluginRefId: string, };
 
 export type GetThemesRequest = Record<string, never>;
 
@@ -383,9 +389,9 @@ export type ImportResources = { workspaces: Array<Workspace>, environments: Arra
 
 export type ImportResponse = { resources: ImportResources, };
 
-export type InternalEvent = { id: string, pluginRefId: string, pluginName: string, replyId: string | null, windowContext: PluginWindowContext, payload: InternalEventPayload, };
+export type InternalEvent = { id: string, pluginRefId: string, pluginName: string, replyId: string | null, context: PluginContext, payload: InternalEventPayload, };
 
-export type InternalEventPayload = { "type": "boot_request" } & BootRequest | { "type": "boot_response" } | { "type": "reload_response" } & ReloadResponse | { "type": "terminate_request" } | { "type": "terminate_response" } | { "type": "import_request" } & ImportRequest | { "type": "import_response" } & ImportResponse | { "type": "filter_request" } & FilterRequest | { "type": "filter_response" } & FilterResponse | { "type": "export_http_request_request" } & ExportHttpRequestRequest | { "type": "export_http_request_response" } & ExportHttpRequestResponse | { "type": "send_http_request_request" } & SendHttpRequestRequest | { "type": "send_http_request_response" } & SendHttpRequestResponse | { "type": "list_cookie_names_request" } & ListCookieNamesRequest | { "type": "list_cookie_names_response" } & ListCookieNamesResponse | { "type": "get_cookie_value_request" } & GetCookieValueRequest | { "type": "get_cookie_value_response" } & GetCookieValueResponse | { "type": "get_http_request_actions_request" } & EmptyPayload | { "type": "get_http_request_actions_response" } & GetHttpRequestActionsResponse | { "type": "call_http_request_action_request" } & CallHttpRequestActionRequest | { "type": "get_grpc_request_actions_request" } & EmptyPayload | { "type": "get_grpc_request_actions_response" } & GetGrpcRequestActionsResponse | { "type": "call_grpc_request_action_request" } & CallGrpcRequestActionRequest | { "type": "get_template_functions_request" } | { "type": "get_template_functions_response" } & GetTemplateFunctionsResponse | { "type": "call_template_function_request" } & CallTemplateFunctionRequest | { "type": "call_template_function_response" } & CallTemplateFunctionResponse | { "type": "get_http_authentication_summary_request" } & EmptyPayload | { "type": "get_http_authentication_summary_response" } & GetHttpAuthenticationSummaryResponse | { "type": "get_http_authentication_config_request" } & GetHttpAuthenticationConfigRequest | { "type": "get_http_authentication_config_response" } & GetHttpAuthenticationConfigResponse | { "type": "call_http_authentication_request" } & CallHttpAuthenticationRequest | { "type": "call_http_authentication_response" } & CallHttpAuthenticationResponse | { "type": "call_http_authentication_action_request" } & CallHttpAuthenticationActionRequest | { "type": "call_http_authentication_action_response" } & EmptyPayload | { "type": "copy_text_request" } & CopyTextRequest | { "type": "copy_text_response" } & EmptyPayload | { "type": "render_http_request_request" } & RenderHttpRequestRequest | { "type": "render_http_request_response" } & RenderHttpRequestResponse | { "type": "render_grpc_request_request" } & RenderGrpcRequestRequest | { "type": "render_grpc_request_response" } & RenderGrpcRequestResponse | { "type": "get_key_value_request" } & GetKeyValueRequest | { "type": "get_key_value_response" } & GetKeyValueResponse | { "type": "set_key_value_request" } & SetKeyValueRequest | { "type": "set_key_value_response" } & SetKeyValueResponse | { "type": "delete_key_value_request" } & DeleteKeyValueRequest | { "type": "delete_key_value_response" } & DeleteKeyValueResponse | { "type": "open_window_request" } & OpenWindowRequest | { "type": "window_navigate_event" } & WindowNavigateEvent | { "type": "window_close_event" } | { "type": "close_window_request" } & CloseWindowRequest | { "type": "template_render_request" } & TemplateRenderRequest | { "type": "template_render_response" } & TemplateRenderResponse | { "type": "show_toast_request" } & ShowToastRequest | { "type": "show_toast_response" } & EmptyPayload | { "type": "prompt_text_request" } & PromptTextRequest | { "type": "prompt_text_response" } & PromptTextResponse | { "type": "get_http_request_by_id_request" } & GetHttpRequestByIdRequest | { "type": "get_http_request_by_id_response" } & GetHttpRequestByIdResponse | { "type": "find_http_responses_request" } & FindHttpResponsesRequest | { "type": "find_http_responses_response" } & FindHttpResponsesResponse | { "type": "get_themes_request" } & GetThemesRequest | { "type": "get_themes_response" } & GetThemesResponse | { "type": "empty_response" } & EmptyPayload | { "type": "error_response" } & ErrorResponse;
+export type InternalEventPayload = { "type": "boot_request" } & BootRequest | { "type": "boot_response" } | { "type": "reload_response" } & ReloadResponse | { "type": "terminate_request" } | { "type": "terminate_response" } | { "type": "import_request" } & ImportRequest | { "type": "import_response" } & ImportResponse | { "type": "filter_request" } & FilterRequest | { "type": "filter_response" } & FilterResponse | { "type": "export_http_request_request" } & ExportHttpRequestRequest | { "type": "export_http_request_response" } & ExportHttpRequestResponse | { "type": "send_http_request_request" } & SendHttpRequestRequest | { "type": "send_http_request_response" } & SendHttpRequestResponse | { "type": "list_cookie_names_request" } & ListCookieNamesRequest | { "type": "list_cookie_names_response" } & ListCookieNamesResponse | { "type": "get_cookie_value_request" } & GetCookieValueRequest | { "type": "get_cookie_value_response" } & GetCookieValueResponse | { "type": "get_http_request_actions_request" } & EmptyPayload | { "type": "get_http_request_actions_response" } & GetHttpRequestActionsResponse | { "type": "call_http_request_action_request" } & CallHttpRequestActionRequest | { "type": "get_grpc_request_actions_request" } & EmptyPayload | { "type": "get_grpc_request_actions_response" } & GetGrpcRequestActionsResponse | { "type": "call_grpc_request_action_request" } & CallGrpcRequestActionRequest | { "type": "get_template_function_summary_request" } & EmptyPayload | { "type": "get_template_function_summary_response" } & GetTemplateFunctionSummaryResponse | { "type": "get_template_function_config_request" } & GetTemplateFunctionConfigRequest | { "type": "get_template_function_config_response" } & GetTemplateFunctionConfigResponse | { "type": "call_template_function_request" } & CallTemplateFunctionRequest | { "type": "call_template_function_response" } & CallTemplateFunctionResponse | { "type": "get_http_authentication_summary_request" } & EmptyPayload | { "type": "get_http_authentication_summary_response" } & GetHttpAuthenticationSummaryResponse | { "type": "get_http_authentication_config_request" } & GetHttpAuthenticationConfigRequest | { "type": "get_http_authentication_config_response" } & GetHttpAuthenticationConfigResponse | { "type": "call_http_authentication_request" } & CallHttpAuthenticationRequest | { "type": "call_http_authentication_response" } & CallHttpAuthenticationResponse | { "type": "call_http_authentication_action_request" } & CallHttpAuthenticationActionRequest | { "type": "call_http_authentication_action_response" } & EmptyPayload | { "type": "copy_text_request" } & CopyTextRequest | { "type": "copy_text_response" } & EmptyPayload | { "type": "render_http_request_request" } & RenderHttpRequestRequest | { "type": "render_http_request_response" } & RenderHttpRequestResponse | { "type": "render_grpc_request_request" } & RenderGrpcRequestRequest | { "type": "render_grpc_request_response" } & RenderGrpcRequestResponse | { "type": "template_render_request" } & TemplateRenderRequest | { "type": "template_render_response" } & TemplateRenderResponse | { "type": "get_key_value_request" } & GetKeyValueRequest | { "type": "get_key_value_response" } & GetKeyValueResponse | { "type": "set_key_value_request" } & SetKeyValueRequest | { "type": "set_key_value_response" } & SetKeyValueResponse | { "type": "delete_key_value_request" } & DeleteKeyValueRequest | { "type": "delete_key_value_response" } & DeleteKeyValueResponse | { "type": "open_window_request" } & OpenWindowRequest | { "type": "window_navigate_event" } & WindowNavigateEvent | { "type": "window_close_event" } | { "type": "close_window_request" } & CloseWindowRequest | { "type": "show_toast_request" } & ShowToastRequest | { "type": "show_toast_response" } & EmptyPayload | { "type": "prompt_text_request" } & PromptTextRequest | { "type": "prompt_text_response" } & PromptTextResponse | { "type": "window_info_request" } & WindowInfoRequest | { "type": "window_info_response" } & WindowInfoResponse | { "type": "get_http_request_by_id_request" } & GetHttpRequestByIdRequest | { "type": "get_http_request_by_id_response" } & GetHttpRequestByIdResponse | { "type": "find_http_responses_request" } & FindHttpResponsesRequest | { "type": "find_http_responses_response" } & FindHttpResponsesResponse | { "type": "get_themes_request" } & GetThemesRequest | { "type": "get_themes_response" } & GetThemesResponse | { "type": "empty_response" } & EmptyPayload | { "type": "error_response" } & ErrorResponse;
 
 export type JsonPrimitive = string | number | boolean | null;
 
@@ -399,13 +405,13 @@ export type OpenWindowRequest = { url: string,
  */
 label: string, title?: string, size?: WindowSize, dataDirKey?: string, };
 
-export type PluginWindowContext = { "type": "none" } | { "type": "label", label: string, workspace_id: string | null, };
+export type PluginContext = { id: string, label: string | null, workspaceId: string | null, };
 
 export type PromptTextRequest = { id: string, title: string, label: string, description?: string, defaultValue?: string, placeholder?: string, 
 /**
  * Text to add to the confirmation button
  */
-confirmText?: string, 
+confirmText?: string, password?: boolean, 
 /**
  * Text to add to the cancel button
  */
@@ -437,20 +443,26 @@ export type SetKeyValueRequest = { key: string, value: string, };
 
 export type SetKeyValueResponse = {};
 
-export type ShowToastRequest = { message: string, color?: Color, icon?: Icon, };
+export type ShowToastRequest = { message: string, color?: Color, icon?: Icon, timeout?: number, };
 
-export type TemplateFunction = { name: string, description?: string, 
+export type TemplateFunction = { name: string, previewType?: TemplateFunctionPreviewType, description?: string, 
 /**
  * Also support alternative names. This is useful for not breaking existing
  * tags when changing the `name` property
  */
-aliases?: Array<string>, args: Array<TemplateFunctionArg>, };
+aliases?: Array<string>, args: Array<TemplateFunctionArg>, 
+/**
+ * A list of arg names to show in the inline preview. If not provided, none will be shown (for privacy reasons).
+ */
+previewArgs?: Array<string>, };
 
 /**
  * Similar to FormInput, but contains
  */
 export type TemplateFunctionArg = FormInput;
 
+export type TemplateFunctionPreviewType = "live" | "click" | "none";
+
 export type TemplateRenderRequest = { data: JsonValue, purpose: RenderPurpose, };
 
 export type TemplateRenderResponse = { data: JsonValue, };
@@ -481,6 +493,10 @@ export type ThemeComponentColors = { surface?: string, surfaceHighlight?: string
 
 export type ThemeComponents = { dialog?: ThemeComponentColors, menu?: ThemeComponentColors, toast?: ThemeComponentColors, sidebar?: ThemeComponentColors, responsePane?: ThemeComponentColors, appHeader?: ThemeComponentColors, button?: ThemeComponentColors, banner?: ThemeComponentColors, templateTag?: ThemeComponentColors, urlBar?: ThemeComponentColors, editor?: ThemeComponentColors, input?: ThemeComponentColors, };
 
+export type WindowInfoRequest = { label: string, };
+
+export type WindowInfoResponse = { requestId: string | null, environmentId: string | null, workspaceId: string | null, label: string, };
+
 export type WindowNavigateEvent = { url: string, };
 
 export type WindowSize = { width: number, height: number, };

packages/plugin-runtime-types/src/bindings/gen_models.ts

@@ -1,6 +1,6 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type Environment = { model: "environment", id: string, workspaceId: string, createdAt: string, updatedAt: string, name: string, public: boolean, variables: Array<EnvironmentVariable>, color: string | null, parentModel: string, parentId: string | null, };
+export type Environment = { model: "environment", id: string, workspaceId: string, createdAt: string, updatedAt: string, name: string, public: boolean, parentModel: string, parentId: string | null, variables: Array<EnvironmentVariable>, color: string | null, sortPriority: number, };
 
 export type EnvironmentVariable = { enabled?: boolean, name: string, value: string, id?: string, };
 

packages/plugin-runtime-types/src/plugins/AuthenticationPlugin.ts

@@ -3,22 +3,37 @@ import {
   CallHttpAuthenticationRequest,
   CallHttpAuthenticationResponse,
   FormInput,
-  GetHttpAuthenticationConfigRequest,
   GetHttpAuthenticationSummaryResponse,
   HttpAuthenticationAction,
 } from '../bindings/gen_events';
 import { MaybePromise } from '../helpers';
 import { Context } from './Context';
 
-type DynamicFormInput = FormInput & {
-  dynamic(
+type AddDynamicMethod<T> = {
+  dynamic?: (
     ctx: Context,
-    args: GetHttpAuthenticationConfigRequest,
-  ): MaybePromise<Partial<FormInput> | undefined | null>;
+    args: CallHttpAuthenticationActionArgs,
+  ) => MaybePromise<Partial<T> | null | undefined>;
 };
 
+type AddDynamic<T> = T extends any
+  ? T extends { inputs?: FormInput[] }
+    ? Omit<T, 'inputs'> & {
+        inputs: Array<AddDynamic<FormInput>>;
+        dynamic?: (
+          ctx: Context,
+          args: CallHttpAuthenticationActionArgs,
+        ) => MaybePromise<
+          Partial<Omit<T, 'inputs'> & { inputs: Array<AddDynamic<FormInput>> }> | null | undefined
+        >;
+      }
+    : T & AddDynamicMethod<T>
+  : never;
+
+export type DynamicAuthenticationArg = AddDynamic<FormInput>;
+
 export type AuthenticationPlugin = GetHttpAuthenticationSummaryResponse & {
-  args: (FormInput | DynamicFormInput)[];
+  args: DynamicAuthenticationArg[];
   onApply(
     ctx: Context,
     args: CallHttpAuthenticationRequest,

packages/plugin-runtime-types/src/plugins/Context.ts

@@ -18,7 +18,7 @@ import type {
   ShowToastRequest,
   TemplateRenderRequest,
 } from '../bindings/gen_events.ts';
-import { JsonValue } from '../bindings/serde_json/JsonValue';
+import type { JsonValue } from '../bindings/serde_json/JsonValue';
 
 export interface Context {
   clipboard: {
@@ -36,6 +36,9 @@ export interface Context {
     delete(key: string): Promise<boolean>;
   };
   window: {
+    requestId(): Promise<string | null>;
+    workspaceId(): Promise<string | null>;
+    environmentId(): Promise<string | null>;
     openUrl(
       args: OpenWindowRequest & {
         onNavigate?: (args: { url: string }) => void;

packages/plugin-runtime-types/src/plugins/TemplateFunctionPlugin.ts

@@ -1,12 +1,31 @@
-import {
-  CallTemplateFunctionArgs,
-  TemplateFunction,
-} from "../bindings/gen_events";
-import { Context } from "./Context";
+import { CallTemplateFunctionArgs, FormInput, TemplateFunction } from '../bindings/gen_events';
+import { MaybePromise } from '../helpers';
+import { Context } from './Context';
 
-export type TemplateFunctionPlugin = TemplateFunction & {
-  onRender(
+type AddDynamicMethod<T> = {
+  dynamic?: (
     ctx: Context,
     args: CallTemplateFunctionArgs,
-  ): Promise<string | null>;
+  ) => MaybePromise<Partial<T> | null | undefined>;
+};
+
+type AddDynamic<T> = T extends any
+  ? T extends { inputs?: FormInput[] }
+    ? Omit<T, 'inputs'> & {
+        inputs: Array<AddDynamic<FormInput>>;
+        dynamic?: (
+          ctx: Context,
+          args: CallTemplateFunctionArgs,
+        ) => MaybePromise<
+          Partial<Omit<T, 'inputs'> & { inputs: Array<AddDynamic<FormInput>> }> | null | undefined
+        >;
+      }
+    : T & AddDynamicMethod<T>
+  : never;
+
+export type DynamicTemplateFunctionArg = AddDynamic<FormInput>;
+
+export type TemplateFunctionPlugin = Omit<TemplateFunction, 'args'> & {
+  args: DynamicTemplateFunctionArg[];
+  onRender(ctx: Context, args: CallTemplateFunctionArgs): Promise<string | null>;
 };

packages/plugin-runtime-types/src/plugins/index.ts

@@ -1,4 +1,6 @@
 import { AuthenticationPlugin } from './AuthenticationPlugin';
+
+import type { Context } from './Context';
 import type { FilterPlugin } from './FilterPlugin';
 import { GrpcRequestActionPlugin } from './GrpcRequestActionPlugin';
 import type { HttpRequestActionPlugin } from './HttpRequestActionPlugin';
@@ -6,9 +8,10 @@ import type { ImporterPlugin } from './ImporterPlugin';
 import type { TemplateFunctionPlugin } from './TemplateFunctionPlugin';
 import type { ThemePlugin } from './ThemePlugin';
 
-import type { Context } from './Context';
-
 export type { Context };
+export type { DynamicTemplateFunctionArg } from './TemplateFunctionPlugin';
+export type { DynamicAuthenticationArg } from './AuthenticationPlugin';
+export type { TemplateFunctionPlugin };
 
 /**
  * The global structure of a Yaak plugin

packages/plugin-runtime/src/PluginHandle.ts

@@ -1,3 +1,4 @@
+import { PluginContext } from '@yaakapp-internal/plugins';
 import type { BootRequest, InternalEvent } from '@yaakapp/api';
 import type { EventChannel } from './EventChannel';
 import { PluginInstance, PluginWorkerData } from './PluginInstance';
@@ -6,14 +7,12 @@ export class PluginHandle {
   #instance: PluginInstance;
 
   constructor(
-    readonly pluginRefId: string,
-    readonly bootRequest: BootRequest,
-    readonly pluginToAppEvents: EventChannel,
+    pluginRefId: string,
+    context: PluginContext,
+    bootRequest: BootRequest,
+    pluginToAppEvents: EventChannel,
   ) {
-    const workerData: PluginWorkerData = {
-      pluginRefId: this.pluginRefId,
-      bootRequest: this.bootRequest,
-    };
+    const workerData: PluginWorkerData = { pluginRefId, context, bootRequest };
     this.#instance = new PluginInstance(workerData, pluginToAppEvents);
   }
 

packages/plugin-runtime/src/PluginInstance.ts

@@ -1,8 +1,8 @@
+import { applyFormInputDefaults, validateTemplateFunctionArgs } from '@yaakapp-internal/lib/templateFunction';
 import {
   BootRequest,
   DeleteKeyValueResponse,
   FindHttpResponsesResponse,
-  FormInput,
   GetCookieValueRequest,
   GetCookieValueResponse,
   GetHttpRequestByIdResponse,
@@ -13,32 +13,32 @@ import {
   InternalEvent,
   InternalEventPayload,
   ListCookieNamesResponse,
-  PluginWindowContext,
+  PluginContext,
   PromptTextResponse,
   RenderGrpcRequestResponse,
   RenderHttpRequestResponse,
   SendHttpRequestResponse,
   TemplateFunction,
-  TemplateFunctionArg,
   TemplateRenderResponse,
+  WindowInfoResponse,
 } from '@yaakapp-internal/plugins';
 import { Context, PluginDefinition } from '@yaakapp/api';
-import { JsonValue } from '@yaakapp/api/lib/bindings/serde_json/JsonValue';
 import console from 'node:console';
-import { readFileSync, type Stats, statSync, watch } from 'node:fs';
+import { type Stats, statSync, watch } from 'node:fs';
 import path from 'node:path';
+import { applyDynamicFormInput } from './common';
 import { EventChannel } from './EventChannel';
 import { migrateTemplateFunctionSelectOptions } from './migrations';
 
 export interface PluginWorkerData {
   bootRequest: BootRequest;
   pluginRefId: string;
+  context: PluginContext;
 }
 
 export class PluginInstance {
   #workerData: PluginWorkerData;
   #mod: PluginDefinition;
-  #pkg: { name?: string; version?: string };
   #pluginToAppEvents: EventChannel;
   #appToPluginEvents: EventChannel;
 
@@ -52,18 +52,14 @@ export class PluginInstance {
       await this.#onMessage(event);
     });
 
-    // Reload plugin if the JS or package.json changes
-    const windowContextNone: PluginWindowContext = { type: 'none' };
-
     this.#mod = {} as any;
-    this.#pkg = JSON.parse(readFileSync(this.#pathPkg(), 'utf8'));
 
     const fileChangeCallback = async () => {
       await this.#mod?.dispose?.();
       this.#importModule();
-      await this.#mod?.init?.(this.#newCtx({ type: 'none' }));
+      await this.#mod?.init?.(this.#newCtx(workerData.context));
       return this.#sendPayload(
-        windowContextNone,
+        workerData.context,
         {
           type: 'reload_response',
           silent: false,
@@ -90,14 +86,14 @@ export class PluginInstance {
   }
 
   async #onMessage(event: InternalEvent) {
-    const ctx = this.#newCtx(event.windowContext);
+    const ctx = this.#newCtx(event.context);
 
-    const { windowContext, payload, id: replyId } = event;
+    const { context, payload, id: replyId } = event;
 
     try {
       if (payload.type === 'boot_request') {
         await this.#mod?.init?.(ctx);
-        this.#sendPayload(windowContext, { type: 'boot_response' }, replyId);
+        this.#sendPayload(context, { type: 'boot_response' }, replyId);
         return;
       }
 
@@ -106,7 +102,7 @@ export class PluginInstance {
           type: 'terminate_response',
         };
         await this.terminate();
-        this.#sendPayload(windowContext, payload, replyId);
+        this.#sendPayload(context, payload, replyId);
         return;
       }
 
@@ -123,10 +119,10 @@ export class PluginInstance {
             // deno-lint-ignore no-explicit-any
             resources: reply.resources as any,
           };
-          this.#sendPayload(windowContext, replyPayload, replyId);
+          this.#sendPayload(context, replyPayload, replyId);
           return;
         } else {
-          // Continue, to send back an empty reply
+          // Send back an empty reply (below)
         }
       }
 
@@ -136,7 +132,7 @@ export class PluginInstance {
           payload: payload.content,
           mimeType: payload.type,
         });
-        this.#sendPayload(windowContext, { type: 'filter_response', ...reply }, replyId);
+        this.#sendPayload(context, { type: 'filter_response', ...reply }, replyId);
         return;
       }
 
@@ -154,7 +150,7 @@ export class PluginInstance {
           pluginRefId: this.#workerData.pluginRefId,
           actions: reply,
         };
-        this.#sendPayload(windowContext, replyPayload, replyId);
+        this.#sendPayload(context, replyPayload, replyId);
         return;
       }
 
@@ -172,7 +168,7 @@ export class PluginInstance {
           pluginRefId: this.#workerData.pluginRefId,
           actions: reply,
         };
-        this.#sendPayload(windowContext, replyPayload, replyId);
+        this.#sendPayload(context, replyPayload, replyId);
         return;
       }
 
@@ -181,55 +177,74 @@ export class PluginInstance {
           type: 'get_themes_response',
           themes: this.#mod.themes,
         };
-        this.#sendPayload(windowContext, replyPayload, replyId);
+        this.#sendPayload(context, replyPayload, replyId);
         return;
       }
 
       if (
-        payload.type === 'get_template_functions_request' &&
+        payload.type === 'get_template_function_summary_request' &&
         Array.isArray(this.#mod?.templateFunctions)
       ) {
-        const reply: TemplateFunction[] = this.#mod.templateFunctions.map((templateFunction) => {
-          return {
-            ...migrateTemplateFunctionSelectOptions(templateFunction),
-            // Add everything except render
-            onRender: undefined,
-          };
-        });
+        const functions: TemplateFunction[] = this.#mod.templateFunctions.map(
+          (templateFunction) => {
+            return {
+              ...migrateTemplateFunctionSelectOptions(templateFunction),
+              // Add everything except render
+              onRender: undefined,
+            };
+          },
+        );
         const replyPayload: InternalEventPayload = {
-          type: 'get_template_functions_response',
+          type: 'get_template_function_summary_response',
           pluginRefId: this.#workerData.pluginRefId,
-          functions: reply,
+          functions,
         };
-        this.#sendPayload(windowContext, replyPayload, replyId);
+        this.#sendPayload(context, replyPayload, replyId);
+        return;
+      }
+
+      if (
+        payload.type === 'get_template_function_config_request' &&
+        Array.isArray(this.#mod?.templateFunctions)
+      ) {
+        let templateFunction = this.#mod.templateFunctions.find((f) => f.name === payload.name);
+        if (templateFunction == null) {
+          this.#sendEmpty(context, replyId);
+          return;
+        }
+
+        const fn = {
+          ...migrateTemplateFunctionSelectOptions(templateFunction),
+          onRender: undefined,
+        };
+
+        payload.values = applyFormInputDefaults(fn.args, payload.values);
+        const p = { ...payload, purpose: 'preview' } as const;
+        const resolvedArgs = await applyDynamicFormInput(ctx, fn.args, p);
+
+        const replyPayload: InternalEventPayload = {
+          type: 'get_template_function_config_response',
+          pluginRefId: this.#workerData.pluginRefId,
+          function: { ...fn, args: resolvedArgs },
+        };
+        this.#sendPayload(context, replyPayload, replyId);
         return;
       }
 
       if (payload.type === 'get_http_authentication_summary_request' && this.#mod?.authentication) {
-        const { name, shortLabel, label } = this.#mod.authentication;
         const replyPayload: InternalEventPayload = {
           type: 'get_http_authentication_summary_response',
-          name,
-          label,
-          shortLabel,
+          ...this.#mod.authentication,
         };
 
-        this.#sendPayload(windowContext, replyPayload, replyId);
+        this.#sendPayload(context, replyPayload, replyId);
         return;
       }
 
       if (payload.type === 'get_http_authentication_config_request' && this.#mod?.authentication) {
         const { args, actions } = this.#mod.authentication;
-        const resolvedArgs: FormInput[] = [];
-        for (const v of args) {
-          if (v && 'dynamic' in v) {
-            const dynamicAttrs = await v.dynamic(ctx, payload);
-            const { dynamic, ...other } = v;
-            resolvedArgs.push({ ...other, ...dynamicAttrs } as FormInput);
-          } else if (v) {
-            resolvedArgs.push(v);
-          }
-        }
+        payload.values = applyFormInputDefaults(args, payload.values);
+        const resolvedArgs = await applyDynamicFormInput(ctx, args, payload);
         const resolvedActions: HttpAuthenticationAction[] = [];
         for (const { onSelect, ...action } of actions ?? []) {
           resolvedActions.push(action);
@@ -242,16 +257,17 @@ export class PluginInstance {
           pluginRefId: this.#workerData.pluginRefId,
         };
 
-        this.#sendPayload(windowContext, replyPayload, replyId);
+        this.#sendPayload(context, replyPayload, replyId);
         return;
       }
 
       if (payload.type === 'call_http_authentication_request' && this.#mod?.authentication) {
         const auth = this.#mod.authentication;
         if (typeof auth?.onApply === 'function') {
-          applyFormInputDefaults(auth.args, payload.values);
+          auth.args = await applyDynamicFormInput(ctx, auth.args, payload);
+          payload.values = applyFormInputDefaults(auth.args, payload.values);
           this.#sendPayload(
-            windowContext,
+            context,
             {
               type: 'call_http_authentication_response',
               ...(await auth.onApply(ctx, payload)),
@@ -269,7 +285,7 @@ export class PluginInstance {
         const action = this.#mod.authentication.actions?.[payload.index];
         if (typeof action?.onSelect === 'function') {
           await action.onSelect(ctx, payload.args);
-          this.#sendEmpty(windowContext, replyId);
+          this.#sendEmpty(context, replyId);
           return;
         }
       }
@@ -281,7 +297,7 @@ export class PluginInstance {
         const action = this.#mod.httpRequestActions[payload.index];
         if (typeof action?.onSelect === 'function') {
           await action.onSelect(ctx, payload.args);
-          this.#sendEmpty(windowContext, replyId);
+          this.#sendEmpty(context, replyId);
           return;
         }
       }
@@ -293,7 +309,7 @@ export class PluginInstance {
         const action = this.#mod.grpcRequestActions[payload.index];
         if (typeof action?.onSelect === 'function') {
           await action.onSelect(ctx, payload.args);
-          this.#sendEmpty(windowContext, replyId);
+          this.#sendEmpty(context, replyId);
           return;
         }
       }
@@ -303,21 +319,43 @@ export class PluginInstance {
         Array.isArray(this.#mod?.templateFunctions)
       ) {
         const fn = this.#mod.templateFunctions.find((a) => a.name === payload.name);
-        if (typeof fn?.onRender === 'function') {
-          applyFormInputDefaults(fn.args, payload.args.values);
-          try {
-            const result = await fn.onRender(ctx, payload.args);
+        if (
+          payload.args.purpose === 'preview' &&
+          (fn?.previewType === 'click' || fn?.previewType === 'none')
+        ) {
+          // Send empty render response
+          this.#sendPayload(
+            context,
+            {
+              type: 'call_template_function_response',
+              value: null,
+              error: 'Live preview disabled for this function',
+            },
+            replyId,
+          );
+        } else if (typeof fn?.onRender === 'function') {
+          const resolvedArgs = await applyDynamicFormInput(ctx, fn.args, payload.args);
+          const values = applyFormInputDefaults(resolvedArgs, payload.args.values);
+          const error = validateTemplateFunctionArgs(fn.name, resolvedArgs, values);
+          if (error && payload.args.purpose !== 'preview') {
             this.#sendPayload(
-              windowContext,
-              {
-                type: 'call_template_function_response',
-                value: result ?? null,
-              },
+              context,
+              { type: 'call_template_function_response', value: null, error },
+              replyId,
+            );
+            return;
+          }
+
+          try {
+            const result = await fn.onRender(ctx, { ...payload.args, values });
+            this.#sendPayload(
+              context,
+              { type: 'call_template_function_response', value: result ?? null },
               replyId,
             );
           } catch (err) {
             this.#sendPayload(
-              windowContext,
+              context,
               {
                 type: 'call_template_function_response',
                 value: null,
@@ -332,12 +370,12 @@ export class PluginInstance {
     } catch (err) {
       const error = `${err}`.replace(/^Error:\s*/g, '');
       console.log('Plugin call threw exception', payload.type, '→', error);
-      this.#sendPayload(windowContext, { type: 'error_response', error }, replyId);
+      this.#sendPayload(context, { type: 'error_response', error }, replyId);
       return;
     }
 
     // No matches, so send back an empty response so the caller doesn't block forever
-    this.#sendEmpty(windowContext, replyId);
+    this.#sendEmpty(context, replyId);
   }
 
   #pathMod() {
@@ -360,7 +398,7 @@ export class PluginInstance {
   }
 
   #buildEventToSend(
-    windowContext: PluginWindowContext,
+    context: PluginContext,
     payload: InternalEventPayload,
     replyId: string | null = null,
   ): InternalEvent {
@@ -370,16 +408,16 @@ export class PluginInstance {
       id: genId(),
       replyId,
       payload,
-      windowContext,
+      context,
     };
   }
 
   #sendPayload(
-    windowContext: PluginWindowContext,
+    context: PluginContext,
     payload: InternalEventPayload,
     replyId: string | null,
   ): string {
-    const event = this.#buildEventToSend(windowContext, payload, replyId);
+    const event = this.#buildEventToSend(context, payload, replyId);
     this.#sendEvent(event);
     return event.id;
   }
@@ -391,16 +429,16 @@ export class PluginInstance {
     this.#pluginToAppEvents.emit(event);
   }
 
-  #sendEmpty(windowContext: PluginWindowContext, replyId: string | null = null): string {
-    return this.#sendPayload(windowContext, { type: 'empty_response' }, replyId);
+  #sendEmpty(context: PluginContext, replyId: string | null = null): string {
+    return this.#sendPayload(context, { type: 'empty_response' }, replyId);
   }
 
-  #sendAndWaitForReply<T extends Omit<InternalEventPayload, 'type'>>(
-    windowContext: PluginWindowContext,
+  #sendForReply<T extends Omit<InternalEventPayload, 'type'>>(
+    context: PluginContext,
     payload: InternalEventPayload,
   ): Promise<T> {
     // 1. Build event to send
-    const eventToSend = this.#buildEventToSend(windowContext, payload, null);
+    const eventToSend = this.#buildEventToSend(context, payload, null);
 
     // 2. Spawn listener in background
     const promise = new Promise<T>((resolve) => {
@@ -422,12 +460,12 @@ export class PluginInstance {
   }
 
   #sendAndListenForEvents(
-    windowContext: PluginWindowContext,
+    context: PluginContext,
     payload: InternalEventPayload,
     onEvent: (event: InternalEventPayload) => void,
   ): void {
     // 1. Build event to send
-    const eventToSend = this.#buildEventToSend(windowContext, payload, null);
+    const eventToSend = this.#buildEventToSend(context, payload, null);
 
     // 2. Listen for replies in the background
     this.#appToPluginEvents.listen((event: InternalEvent) => {
@@ -440,11 +478,23 @@ export class PluginInstance {
     this.#sendEvent(eventToSend);
   }
 
-  #newCtx(windowContext: PluginWindowContext): Context {
+  #newCtx(context: PluginContext): Context {
+    const _windowInfo = async () => {
+      if (context.label == null) {
+        throw new Error("Can't get window context without an active window");
+      }
+      const payload: InternalEventPayload = {
+        type: 'window_info_request',
+        label: context.label,
+      };
+
+      return this.#sendForReply<WindowInfoResponse>(context, payload);
+    };
+
     return {
       clipboard: {
         copyText: async (text) => {
-          await this.#sendAndWaitForReply(windowContext, {
+          await this.#sendForReply(context, {
             type: 'copy_text_request',
             text,
           });
@@ -452,13 +502,24 @@ export class PluginInstance {
       },
       toast: {
         show: async (args) => {
-          await this.#sendAndWaitForReply(windowContext, {
+          await this.#sendForReply(context, {
             type: 'show_toast_request',
+            // Handle default here because null/undefined both convert to None in Rust translation
+            timeout: args.timeout === undefined ? 5000 : args.timeout,
             ...args,
           });
         },
       },
       window: {
+        requestId: async () => {
+          return (await _windowInfo()).requestId;
+        },
+        async workspaceId(): Promise<string | null> {
+          return (await _windowInfo()).workspaceId;
+        },
+        async environmentId(): Promise<string | null> {
+          return (await _windowInfo()).environmentId;
+        },
         openUrl: async ({ onNavigate, onClose, ...args }) => {
           args.label = args.label || `${Math.random()}`;
           const payload: InternalEventPayload = { type: 'open_window_request', ...args };
@@ -469,21 +530,21 @@ export class PluginInstance {
               onClose?.();
             }
           };
-          this.#sendAndListenForEvents(windowContext, payload, onEvent);
+          this.#sendAndListenForEvents(context, payload, onEvent);
           return {
             close: () => {
               const closePayload: InternalEventPayload = {
                 type: 'close_window_request',
                 label: args.label,
               };
-              this.#sendPayload(windowContext, closePayload, null);
+              this.#sendPayload(context, closePayload, null);
             },
           };
         },
       },
       prompt: {
         text: async (args) => {
-          const reply: PromptTextResponse = await this.#sendAndWaitForReply(windowContext, {
+          const reply: PromptTextResponse = await this.#sendForReply(context, {
             type: 'prompt_text_request',
             ...args,
           });
@@ -496,8 +557,8 @@ export class PluginInstance {
             type: 'find_http_responses_request',
             ...args,
           } as const;
-          const { httpResponses } = await this.#sendAndWaitForReply<FindHttpResponsesResponse>(
-            windowContext,
+          const { httpResponses } = await this.#sendForReply<FindHttpResponsesResponse>(
+            context,
             payload,
           );
           return httpResponses;
@@ -509,8 +570,8 @@ export class PluginInstance {
             type: 'render_grpc_request_request',
             ...args,
           } as const;
-          const { grpcRequest } = await this.#sendAndWaitForReply<RenderGrpcRequestResponse>(
-            windowContext,
+          const { grpcRequest } = await this.#sendForReply<RenderGrpcRequestResponse>(
+            context,
             payload,
           );
           return grpcRequest;
@@ -522,8 +583,8 @@ export class PluginInstance {
             type: 'get_http_request_by_id_request',
             ...args,
           } as const;
-          const { httpRequest } = await this.#sendAndWaitForReply<GetHttpRequestByIdResponse>(
-            windowContext,
+          const { httpRequest } = await this.#sendForReply<GetHttpRequestByIdResponse>(
+            context,
             payload,
           );
           return httpRequest;
@@ -533,8 +594,8 @@ export class PluginInstance {
             type: 'send_http_request_request',
             ...args,
           } as const;
-          const { httpResponse } = await this.#sendAndWaitForReply<SendHttpRequestResponse>(
-            windowContext,
+          const { httpResponse } = await this.#sendForReply<SendHttpRequestResponse>(
+            context,
             payload,
           );
           return httpResponse;
@@ -544,8 +605,8 @@ export class PluginInstance {
             type: 'render_http_request_request',
             ...args,
           } as const;
-          const { httpRequest } = await this.#sendAndWaitForReply<RenderHttpRequestResponse>(
-            windowContext,
+          const { httpRequest } = await this.#sendForReply<RenderHttpRequestResponse>(
+            context,
             payload,
           );
           return httpRequest;
@@ -557,18 +618,12 @@ export class PluginInstance {
             type: 'get_cookie_value_request',
             ...args,
           } as const;
-          const { value } = await this.#sendAndWaitForReply<GetCookieValueResponse>(
-            windowContext,
-            payload,
-          );
+          const { value } = await this.#sendForReply<GetCookieValueResponse>(context, payload);
           return value;
         },
         listNames: async () => {
           const payload = { type: 'list_cookie_names_request' } as const;
-          const { names } = await this.#sendAndWaitForReply<ListCookieNamesResponse>(
-            windowContext,
-            payload,
-          );
+          const { names } = await this.#sendForReply<ListCookieNamesResponse>(context, payload);
           return names;
         },
       },
@@ -579,20 +634,14 @@ export class PluginInstance {
          */
         render: async (args) => {
           const payload = { type: 'template_render_request', ...args } as const;
-          const result = await this.#sendAndWaitForReply<TemplateRenderResponse>(
-            windowContext,
-            payload,
-          );
+          const result = await this.#sendForReply<TemplateRenderResponse>(context, payload);
           return result.data as any;
         },
       },
       store: {
         get: async <T>(key: string) => {
           const payload = { type: 'get_key_value_request', key } as const;
-          const result = await this.#sendAndWaitForReply<GetKeyValueResponse>(
-            windowContext,
-            payload,
-          );
+          const result = await this.#sendForReply<GetKeyValueResponse>(context, payload);
           return result.value ? (JSON.parse(result.value) as T) : undefined;
         },
         set: async <T>(key: string, value: T) => {
@@ -602,20 +651,17 @@ export class PluginInstance {
             key,
             value: valueStr,
           };
-          await this.#sendAndWaitForReply<GetKeyValueResponse>(windowContext, payload);
+          await this.#sendForReply<GetKeyValueResponse>(context, payload);
         },
         delete: async (key: string) => {
           const payload = { type: 'delete_key_value_request', key } as const;
-          const result = await this.#sendAndWaitForReply<DeleteKeyValueResponse>(
-            windowContext,
-            payload,
-          );
+          const result = await this.#sendForReply<DeleteKeyValueResponse>(context, payload);
           return result.deleted;
         },
       },
       plugin: {
         reload: () => {
-          this.#sendPayload({ type: 'none' }, { type: 'reload_response', silent: true }, null);
+          this.#sendPayload(context, { type: 'reload_response', silent: true }, null);
         },
       },
     };
@@ -631,20 +677,6 @@ function genId(len = 5): string {
   return id;
 }
 
-/** Recursively apply form input defaults to a set of values */
-function applyFormInputDefaults(
-  inputs: TemplateFunctionArg[],
-  values: { [p: string]: JsonValue | undefined },
-) {
-  for (const input of inputs) {
-    if ('inputs' in input) {
-      applyFormInputDefaults(input.inputs ?? [], values);
-    } else if ('defaultValue' in input && values[input.name] === undefined) {
-      values[input.name] = input.defaultValue;
-    }
-  }
-}
-
 const watchedFiles: Record<string, Stats | null> = {};
 
 /**

packages/plugin-runtime/src/common.ts

@@ -0,0 +1,37 @@
+import { CallHttpAuthenticationActionArgs, CallTemplateFunctionArgs } from '@yaakapp-internal/plugins';
+import { Context, DynamicAuthenticationArg, DynamicTemplateFunctionArg } from '@yaakapp/api';
+
+export async function applyDynamicFormInput(
+  ctx: Context,
+  args: DynamicTemplateFunctionArg[],
+  callArgs: CallTemplateFunctionArgs,
+): Promise<DynamicTemplateFunctionArg[]>;
+
+export async function applyDynamicFormInput(
+  ctx: Context,
+  args: DynamicAuthenticationArg[],
+  callArgs: CallHttpAuthenticationActionArgs,
+): Promise<DynamicAuthenticationArg[]>;
+
+export async function applyDynamicFormInput(
+  ctx: Context,
+  args: (DynamicTemplateFunctionArg | DynamicAuthenticationArg)[],
+  callArgs: CallTemplateFunctionArgs | CallHttpAuthenticationActionArgs,
+): Promise<(DynamicTemplateFunctionArg | DynamicAuthenticationArg)[]> {
+  const resolvedArgs: any[] = [];
+  for (const { dynamic, ...arg } of args) {
+    const newArg: any = {
+      ...arg,
+      ...(typeof dynamic === 'function' ? await dynamic(ctx, callArgs as any) : undefined),
+    };
+    if ('inputs' in newArg && Array.isArray(newArg.inputs)) {
+      try {
+        newArg.inputs = await applyDynamicFormInput(ctx, newArg.inputs, callArgs as any);
+      } catch (e) {
+        console.error('Failed to apply dynamic form input', e);
+      }
+    }
+    resolvedArgs.push(newArg);
+  }
+  return resolvedArgs;
+}

packages/plugin-runtime/src/index.ts

@@ -8,10 +8,15 @@ if (!port) {
   throw new Error('Plugin runtime missing PORT')
 }
 
+const host = process.env.HOST;
+if (!host) {
+  throw new Error('Plugin runtime missing HOST')
+}
+
 const pluginToAppEvents = new EventChannel();
 const plugins: Record<string, PluginHandle> = {};
 
-const ws = new WebSocket(`ws://localhost:${port}`);
+const ws = new WebSocket(`ws://${host}:${port}`);
 
 ws.on('message', async (e: Buffer) => {
   try {
@@ -34,7 +39,7 @@ async function handleIncoming(msg: string) {
   const pluginEvent: InternalEvent = JSON.parse(msg);
   // Handle special event to bootstrap plugin
   if (pluginEvent.payload.type === 'boot_request') {
-    const plugin = new PluginHandle(pluginEvent.pluginRefId, pluginEvent.payload, pluginToAppEvents);
+    const plugin = new PluginHandle(pluginEvent.pluginRefId, pluginEvent.context, pluginEvent.payload, pluginToAppEvents);
     plugins[pluginEvent.pluginRefId] = plugin;
   }
 

packages/plugin-runtime/src/migrations.ts

@@ -1,6 +1,8 @@
-import { TemplateFunction } from '@yaakapp/api';
+import type { TemplateFunctionPlugin } from '@yaakapp/api';
 
-export function migrateTemplateFunctionSelectOptions(f: TemplateFunction): TemplateFunction {
+export function migrateTemplateFunctionSelectOptions(
+  f: TemplateFunctionPlugin,
+): TemplateFunctionPlugin {
   const migratedArgs = f.args.map((a) => {
     if (a.type === 'select') {
       a.options = a.options.map((o) => ({
@@ -11,8 +13,5 @@ export function migrateTemplateFunctionSelectOptions(f: TemplateFunction): Templ
     return a;
   });
 
-  return {
-    ...f,
-    args: migratedArgs,
-  };
+  return { ...f, args: migratedArgs };
 }

packages/plugin-runtime/tests/common.test.ts

@@ -0,0 +1,150 @@
+import { CallTemplateFunctionArgs } from '@yaakapp-internal/plugins';
+import { Context, DynamicTemplateFunctionArg } from '@yaakapp/api';
+import { describe, expect, test } from 'vitest';
+import { applyDynamicFormInput, applyFormInputDefaults } from '../src/common';
+
+describe('applyFormInputDefaults', () => {
+  test('Works with top-level select', () => {
+    const args: DynamicTemplateFunctionArg[] = [
+      {
+        type: 'select',
+        name: 'test',
+        options: [{ label: 'Option 1', value: 'one' }],
+        defaultValue: 'one',
+      },
+    ];
+    expect(applyFormInputDefaults(args, {})).toEqual({
+      test: 'one',
+    });
+  });
+
+  test('Works with existing value', () => {
+    const args: DynamicTemplateFunctionArg[] = [
+      {
+        type: 'select',
+        name: 'test',
+        options: [{ label: 'Option 1', value: 'one' }],
+        defaultValue: 'one',
+      },
+    ];
+    expect(applyFormInputDefaults(args, { test: 'explicit' })).toEqual({
+      test: 'explicit',
+    });
+  });
+
+  test('Works with recursive select', () => {
+    const args: DynamicTemplateFunctionArg[] = [
+      { type: 'text', name: 'dummy', defaultValue: 'top' },
+      {
+        type: 'accordion',
+        label: 'Test',
+        inputs: [
+          { type: 'text', name: 'name', defaultValue: 'hello' },
+          {
+            type: 'select',
+            name: 'test',
+            options: [{ label: 'Option 1', value: 'one' }],
+            defaultValue: 'one',
+          },
+        ],
+      },
+    ];
+    expect(applyFormInputDefaults(args, {})).toEqual({
+      dummy: 'top',
+      test: 'one',
+      name: 'hello',
+    });
+  });
+
+  test('Works with dynamic options', () => {
+    const args: DynamicTemplateFunctionArg[] = [
+      {
+        type: 'select',
+        name: 'test',
+        defaultValue: 'one',
+        options: [],
+        dynamic() {
+          return { options: [{ label: 'Option 1', value: 'one' }] };
+        },
+      },
+    ];
+    expect(applyFormInputDefaults(args, {})).toEqual({
+      test: 'one',
+    });
+    expect(applyFormInputDefaults(args, {})).toEqual({
+      test: 'one',
+    });
+  });
+});
+
+describe('applyDynamicFormInput', () => {
+  test('Works with plain input', async () => {
+    const ctx = {} as Context;
+    const args: DynamicTemplateFunctionArg[] = [
+      { type: 'text', name: 'name' },
+      { type: 'checkbox', name: 'checked' },
+    ];
+    const callArgs: CallTemplateFunctionArgs = {
+      values: {},
+      purpose: 'preview',
+    };
+    expect(await applyDynamicFormInput(ctx, args, callArgs)).toEqual([
+      { type: 'text', name: 'name' },
+      { type: 'checkbox', name: 'checked' },
+    ]);
+  });
+
+  test('Works with dynamic input', async () => {
+    const ctx = {} as Context;
+    const args: DynamicTemplateFunctionArg[] = [
+      {
+        type: 'text',
+        name: 'name',
+        async dynamic(_ctx, _args) {
+          return { hidden: true };
+        },
+      },
+    ];
+    const callArgs: CallTemplateFunctionArgs = {
+      values: {},
+      purpose: 'preview',
+    };
+    expect(await applyDynamicFormInput(ctx, args, callArgs)).toEqual([
+      { type: 'text', name: 'name', hidden: true },
+    ]);
+  });
+
+  test('Works with recursive dynamic input', async () => {
+    const ctx = {} as Context;
+    const callArgs: CallTemplateFunctionArgs = {
+      values: { hello: 'world' },
+      purpose: 'preview',
+    };
+    const args: DynamicTemplateFunctionArg[] = [
+      {
+        type: 'banner',
+        inputs: [
+          {
+            type: 'text',
+            name: 'name',
+            async dynamic(_ctx, args) {
+              return { hidden: args.values.hello === 'world' };
+            },
+          },
+        ],
+      },
+    ];
+    expect(await applyDynamicFormInput(ctx, args, callArgs)).toEqual([
+      {
+        type: 'banner',
+        inputs: [
+          {
+            type: 'text',
+            name: 'name',
+            hidden: true,
+          },
+        ],
+      },
+    ]);
+  });
+});

plugins/action-copy-curl/package.json

@@ -12,7 +12,6 @@
   "scripts": {
     "build": "yaakcli build",
     "dev": "yaakcli dev",
-    "lint": "tsc --noEmit && eslint . --ext .ts,.tsx",
     "test": "vitest --run tests"
   }
 }

plugins/action-copy-curl/src/index.ts

@@ -36,13 +36,33 @@ export async function convertToCurl(request: Partial<HttpRequest>) {
   if (urlParams.length > 0) {
     // Build url
     const [base, hash] = finalUrl.split('#');
-    const separator = base!.includes('?') ? '&' : '?';
+    const separator = base?.includes('?') ? '&' : '?';
     const queryString = urlParams
       .map((p) => `${encodeURIComponent(p.name)}=${encodeURIComponent(p.value)}`)
       .join('&');
     finalUrl = base + separator + queryString + (hash ? `#${hash}` : '');
   }
 
+  // Add API key authentication
+  if (request.authenticationType === 'apikey') {
+    if (request.authentication?.location === 'query') {
+      const sep = finalUrl.includes('?') ? '&' : '?';
+      finalUrl = [
+        finalUrl,
+        sep,
+        encodeURIComponent(request.authentication?.key ?? 'token'),
+        '=',
+        encodeURIComponent(request.authentication?.value ?? ''),
+      ].join('');
+    } else {
+      request.headers = request.headers ?? [];
+      request.headers.push({
+        name: request.authentication?.key ?? 'X-Api-Key',
+        value: request.authentication?.value ?? '',
+      });
+    }
+  }
+
   xs.push(quote(finalUrl));
   xs.push(NEWLINE);
 
@@ -82,21 +102,49 @@ export async function convertToCurl(request: Partial<HttpRequest>) {
   }
 
   // Add basic/digest authentication
-  if (request.authenticationType === 'basic' || request.authenticationType === 'digest') {
-    if (request.authenticationType === 'digest') xs.push('--digest');
-    xs.push(
-      '--user',
-      quote(`${request.authentication?.username ?? ''}:${request.authentication?.password ?? ''}`),
-    );
-    xs.push(NEWLINE);
-  }
+  if (request.authentication?.disabled !== true) {
+    if (request.authenticationType === 'basic' || request.authenticationType === 'digest') {
+      if (request.authenticationType === 'digest') xs.push('--digest');
+      xs.push(
+        '--user',
+        quote(
+          `${request.authentication?.username ?? ''}:${request.authentication?.password ?? ''}`,
+        ),
+      );
+      xs.push(NEWLINE);
+    }
 
-  // Add bearer authentication
-  if (request.authenticationType === 'bearer') {
-    const value =
-      `${request.authentication?.prefix ?? 'Bearer'} ${request.authentication?.token ?? ''}`.trim();
-    xs.push('--header', quote(`Authorization: ${value}`));
-    xs.push(NEWLINE);
+    // Add bearer authentication
+    if (request.authenticationType === 'bearer') {
+      const value =
+        `${request.authentication?.prefix ?? 'Bearer'} ${request.authentication?.token ?? ''}`.trim();
+      xs.push('--header', quote(`Authorization: ${value}`));
+      xs.push(NEWLINE);
+    }
+
+    if (request.authenticationType === 'auth-aws-sig-v4') {
+      xs.push(
+        '--aws-sigv4',
+        [
+          'aws',
+          'amz',
+          request.authentication?.region ?? '',
+          request.authentication?.service ?? '',
+        ].join(':'),
+      );
+      xs.push(NEWLINE);
+      xs.push(
+        '--user',
+        quote(
+          `${request.authentication?.accessKeyId ?? ''}:${request.authentication?.secretAccessKey ?? ''}`,
+        ),
+      );
+      if (request.authentication?.sessionToken) {
+        xs.push(NEWLINE);
+        xs.push('--header', quote(`X-Amz-Security-Token: ${request.authentication.sessionToken}`));
+      }
+      xs.push(NEWLINE);
+    }
   }
 
   // Remove trailing newline

plugins/action-copy-curl/tests/index.test.ts

@@ -12,7 +12,7 @@ describe('exporter-curl', () => {
           { name: 'c', value: 'ccc', enabled: false },
         ],
       }),
-    ).toEqual([`curl 'https://yaak.app?a=aaa&b=bbb'`].join(` \\n  `));
+    ).toEqual([`curl 'https://yaak.app?a=aaa&b=bbb'`].join(' \\n  '));
   });
 
   test('Exports GET with params and hash', async () => {
@@ -25,8 +25,9 @@ describe('exporter-curl', () => {
           { name: 'c', value: 'ccc', enabled: false },
         ],
       }),
-    ).toEqual([`curl 'https://yaak.app/path?a=aaa&b=bbb#section'`].join(` \\n  `));
+    ).toEqual([`curl 'https://yaak.app/path?a=aaa&b=bbb#section'`].join(' \\n  '));
   });
+
   test('Exports POST with url form data', async () => {
     expect(
       await convertToCurl({
@@ -42,7 +43,7 @@ describe('exporter-curl', () => {
         },
       }),
     ).toEqual(
-      [`curl -X POST 'https://yaak.app'`, `--data 'a=aaa'`, `--data 'b=bbb'`].join(` \\\n  `),
+      [`curl -X POST 'https://yaak.app'`, `--data 'a=aaa'`, `--data 'b=bbb'`].join(' \\\n  '),
     );
   });
 
@@ -61,7 +62,7 @@ describe('exporter-curl', () => {
       [
         `curl -X POST 'https://yaak.app'`,
         `--data '{"query":"{foo,bar}","variables":{"a":"aaa","b":"bbb"}}'`,
-      ].join(` \\\n  `),
+      ].join(' \\\n  '),
     );
   });
 
@@ -76,7 +77,7 @@ describe('exporter-curl', () => {
         },
       }),
     ).toEqual(
-      [`curl -X POST 'https://yaak.app'`, `--data '{"query":"{foo,bar}"}'`].join(` \\\n  `),
+      [`curl -X POST 'https://yaak.app'`, `--data '{"query":"{foo,bar}"}'`].join(' \\\n  '),
     );
   });
 
@@ -100,8 +101,8 @@ describe('exporter-curl', () => {
         `curl -X PUT 'https://yaak.app'`,
         `--form 'a=aaa'`,
         `--form 'b=bbb'`,
-        `--form f=@/foo/bar.png;type=image/png`,
-      ].join(` \\\n  `),
+        '--form f=@/foo/bar.png;type=image/png',
+      ].join(' \\\n  '),
     );
   });
 
@@ -121,7 +122,7 @@ describe('exporter-curl', () => {
         `curl -X POST 'https://yaak.app'`,
         `--header 'Content-Type: application/json'`,
         `--data '{"foo":"bar\\'s"}'`,
-      ].join(` \\\n  `),
+      ].join(' \\\n  '),
     );
   });
 
@@ -141,7 +142,7 @@ describe('exporter-curl', () => {
         `curl -X POST 'https://yaak.app'`,
         `--header 'Content-Type: application/json'`,
         `--data '{"foo":"bar",\n"baz":"qux"}'`,
-      ].join(` \\\n  `),
+      ].join(' \\\n  '),
     );
   });
 
@@ -154,7 +155,7 @@ describe('exporter-curl', () => {
           { name: 'c', value: 'ccc', enabled: false },
         ],
       }),
-    ).toEqual([`curl ''`, `--header 'a: aaa'`, `--header 'b: bbb'`].join(` \\\n  `));
+    ).toEqual([`curl ''`, `--header 'a: aaa'`, `--header 'b: bbb'`].join(' \\\n  '));
   });
 
   test('Basic auth', async () => {
@@ -167,7 +168,21 @@ describe('exporter-curl', () => {
           password: 'pass',
         },
       }),
-    ).toEqual([`curl 'https://yaak.app'`, `--user 'user:pass'`].join(` \\\n  `));
+    ).toEqual([`curl 'https://yaak.app'`, `--user 'user:pass'`].join(' \\\n  '));
+  });
+
+  test('Basic auth disabled', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        authenticationType: 'basic',
+        authentication: {
+          disabled: true,
+          username: 'user',
+          password: 'pass',
+        },
+      }),
+    ).toEqual([`curl 'https://yaak.app'`].join(' \\\n  '));
   });
 
   test('Broken basic auth', async () => {
@@ -177,7 +192,7 @@ describe('exporter-curl', () => {
         authenticationType: 'basic',
         authentication: {},
       }),
-    ).toEqual([`curl 'https://yaak.app'`, `--user ':'`].join(` \\\n  `));
+    ).toEqual([`curl 'https://yaak.app'`, `--user ':'`].join(' \\\n  '));
   });
 
   test('Digest auth', async () => {
@@ -190,7 +205,7 @@ describe('exporter-curl', () => {
           password: 'pass',
         },
       }),
-    ).toEqual([`curl 'https://yaak.app'`, `--digest --user 'user:pass'`].join(` \\\n  `));
+    ).toEqual([`curl 'https://yaak.app'`, `--digest --user 'user:pass'`].join(' \\\n  '));
   });
 
   test('Bearer auth', async () => {
@@ -202,7 +217,7 @@ describe('exporter-curl', () => {
           token: 'tok',
         },
       }),
-    ).toEqual([`curl 'https://yaak.app'`, `--header 'Authorization: Bearer tok'`].join(` \\\n  `));
+    ).toEqual([`curl 'https://yaak.app'`, `--header 'Authorization: Bearer tok'`].join(' \\\n  '));
   });
 
   test('Bearer auth with custom prefix', async () => {
@@ -216,7 +231,7 @@ describe('exporter-curl', () => {
         },
       }),
     ).toEqual(
-      [`curl 'https://yaak.app'`, `--header 'Authorization: Token abc123'`].join(` \\\n  `),
+      [`curl 'https://yaak.app'`, `--header 'Authorization: Token abc123'`].join(' \\\n  '),
     );
   });
 
@@ -230,7 +245,7 @@ describe('exporter-curl', () => {
           prefix: '',
         },
       }),
-    ).toEqual([`curl 'https://yaak.app'`, `--header 'Authorization: xyz789'`].join(` \\\n  `));
+    ).toEqual([`curl 'https://yaak.app'`, `--header 'Authorization: xyz789'`].join(' \\\n  '));
   });
 
   test('Broken bearer auth', async () => {
@@ -243,7 +258,146 @@ describe('exporter-curl', () => {
           password: 'pass',
         },
       }),
-    ).toEqual([`curl 'https://yaak.app'`, `--header 'Authorization: Bearer'`].join(` \\\n  `));
+    ).toEqual([`curl 'https://yaak.app'`, `--header 'Authorization: Bearer'`].join(' \\\n  '));
+  });
+
+  test('AWS v4 auth', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        authenticationType: 'auth-aws-sig-v4',
+        authentication: {
+          accessKeyId: 'ak',
+          secretAccessKey: 'sk',
+          sessionToken: '',
+          region: 'us-east-1',
+          service: 's3',
+        },
+      }),
+    ).toEqual(
+      [`curl 'https://yaak.app'`, '--aws-sigv4 aws:amz:us-east-1:s3', `--user 'ak:sk'`].join(
+        ' \\\n  ',
+      ),
+    );
+  });
+
+  test('AWS v4 auth with session', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        authenticationType: 'auth-aws-sig-v4',
+        authentication: {
+          accessKeyId: 'ak',
+          secretAccessKey: 'sk',
+          sessionToken: 'st',
+          region: 'us-east-1',
+          service: 's3',
+        },
+      }),
+    ).toEqual(
+      [
+        `curl 'https://yaak.app'`,
+        '--aws-sigv4 aws:amz:us-east-1:s3',
+        `--user 'ak:sk'`,
+        `--header 'X-Amz-Security-Token: st'`,
+      ].join(' \\\n  '),
+    );
+  });
+
+  test('API key auth header', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        authenticationType: 'apikey',
+        authentication: {
+          location: 'header',
+          key: 'X-Header',
+          value: 'my-token',
+        },
+      }),
+    ).toEqual([`curl 'https://yaak.app'`, `--header 'X-Header: my-token'`].join(' \\\n  '));
+  });
+
+  test('API key auth header query', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app?hi=there',
+        urlParameters: [{ name: 'param', value: 'hi' }],
+        authenticationType: 'apikey',
+        authentication: {
+          location: 'query',
+          key: 'foo',
+          value: 'bar',
+        },
+      }),
+    ).toEqual([`curl 'https://yaak.app?hi=there&param=hi&foo=bar'`].join(' \\\n  '));
+  });
+
+  test('API key auth header query with params', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        urlParameters: [{ name: 'param', value: 'hi' }],
+        authenticationType: 'apikey',
+        authentication: {
+          location: 'query',
+          key: 'foo',
+          value: 'bar',
+        },
+      }),
+    ).toEqual([`curl 'https://yaak.app?param=hi&foo=bar'`].join(' \\\n  '));
+  });
+
+  test('API key auth header default', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        authenticationType: 'apikey',
+        authentication: {
+          location: 'header',
+        },
+      }),
+    ).toEqual([`curl 'https://yaak.app'`, `--header 'X-Api-Key: '`].join(' \\\n  '));
+  });
+
+  test('API key auth query', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app',
+        authenticationType: 'apikey',
+        authentication: {
+          location: 'query',
+          key: 'foo',
+          value: 'bar-baz',
+        },
+      }),
+    ).toEqual([`curl 'https://yaak.app?foo=bar-baz'`].join(' \\\n  '));
+  });
+
+  test('API key auth query with existing', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app?foo=bar&baz=qux',
+        authenticationType: 'apikey',
+        authentication: {
+          location: 'query',
+          key: 'hi',
+          value: 'there',
+        },
+      }),
+    ).toEqual([`curl 'https://yaak.app?foo=bar&baz=qux&hi=there'`].join(' \\\n  '));
+  });
+
+  test('API key auth query default', async () => {
+    expect(
+      await convertToCurl({
+        url: 'https://yaak.app?foo=bar&baz=qux',
+        authenticationType: 'apikey',
+        authentication: {
+          location: 'query',
+        },
+      }),
+    ).toEqual([`curl 'https://yaak.app?foo=bar&baz=qux&token='`].join(' \\\n  '));
   });
 
   test('Stale body data', async () => {
@@ -255,6 +409,6 @@ describe('exporter-curl', () => {
           text: 'ignore me',
         },
       }),
-    ).toEqual([`curl 'https://yaak.app'`].join(` \\\n  `));
+    ).toEqual([`curl 'https://yaak.app'`].join(' \\\n  '));
   });
 });

plugins/action-copy-grpcurl/package.json

@@ -12,7 +12,6 @@
   "scripts": {
     "build": "yaakcli build",
     "dev": "yaakcli dev",
-    "lint":"tsc --noEmit && eslint . --ext .ts,.tsx",
     "test": "vitest --run tests"
   }
 }

plugins/action-copy-grpcurl/src/index.ts

@@ -1,5 +1,5 @@
-import type { GrpcRequest, PluginDefinition } from '@yaakapp/api';
 import path from 'node:path';
+import type { GrpcRequest, PluginDefinition } from '@yaakapp/api';
 
 const NEWLINE = '\\\n ';
 
@@ -68,16 +68,37 @@ export async function convert(request: Partial<GrpcRequest>, allProtoFiles: stri
   }
 
   // Add basic authentication
-  if (request.authenticationType === 'basic') {
-    const user = request.authentication?.username ?? '';
-    const pass = request.authentication?.password ?? '';
-    const encoded = btoa(`${user}:${pass}`);
-    xs.push('-H', quote(`Authorization: Basic ${encoded}`));
-    xs.push(NEWLINE);
-  } else if (request.authenticationType === 'bearer') {
-    // Add bearer authentication
-    xs.push('-H', quote(`Authorization: Bearer ${request.authentication?.token ?? ''}`));
-    xs.push(NEWLINE);
+  if (request.authentication?.disabled !== true) {
+    if (request.authenticationType === 'basic') {
+      const user = request.authentication?.username ?? '';
+      const pass = request.authentication?.password ?? '';
+      const encoded = btoa(`${user}:${pass}`);
+      xs.push('-H', quote(`Authorization: Basic ${encoded}`));
+      xs.push(NEWLINE);
+    } else if (request.authenticationType === 'bearer') {
+      // Add bearer authentication
+      xs.push('-H', quote(`Authorization: Bearer ${request.authentication?.token ?? ''}`));
+      xs.push(NEWLINE);
+    } else if (request.authenticationType === 'apikey') {
+      if (request.authentication?.location === 'query') {
+        const sep = request.url?.includes('?') ? '&' : '?';
+        request.url = [
+          request.url,
+          sep,
+          encodeURIComponent(request.authentication?.key ?? 'token'),
+          '=',
+          encodeURIComponent(request.authentication?.value ?? ''),
+        ].join('');
+      } else {
+        xs.push(
+          '-H',
+          quote(
+            `${request.authentication?.key ?? 'X-Api-Key'}: ${request.authentication?.value ?? ''}`,
+          ),
+        );
+      }
+      xs.push(NEWLINE);
+    }
   }
 
   // Add form params

plugins/action-copy-grpcurl/tests/index.test.ts

@@ -10,7 +10,7 @@ describe('exporter-curl', () => {
         },
         [],
       ),
-    ).toEqual([`grpcurl yaak.app`].join(` \\\n  `));
+    ).toEqual(['grpcurl yaak.app'].join(' \\\n  '));
   });
   test('Basic metadata', async () => {
     expect(
@@ -25,16 +25,65 @@ describe('exporter-curl', () => {
         },
         [],
       ),
-    ).toEqual([`grpcurl -H 'aaa: AAA'`, `-H 'bbb: BBB'`, `yaak.app`].join(` \\\n  `));
+    ).toEqual([`grpcurl -H 'aaa: AAA'`, `-H 'bbb: BBB'`, 'yaak.app'].join(' \\\n  '));
   });
+  test('Basic auth', async () => {
+    expect(
+      await convert(
+        {
+          url: 'https://yaak.app',
+          authenticationType: 'basic',
+          authentication: {
+            username: 'user',
+            password: 'pass',
+          },
+        },
+        [],
+      ),
+    ).toEqual([`grpcurl -H 'Authorization: Basic dXNlcjpwYXNz'`, 'yaak.app'].join(' \\\n  '));
+  });
+
+  test('API key auth', async () => {
+    expect(
+      await convert(
+        {
+          url: 'https://yaak.app',
+          authenticationType: 'apikey',
+          authentication: {
+            key: 'X-Token',
+            value: 'tok',
+          },
+        },
+        [],
+      ),
+    ).toEqual([`grpcurl -H 'X-Token: tok'`, 'yaak.app'].join(' \\\n  '));
+  });
+
+  test('API key auth', async () => {
+    expect(
+      await convert(
+        {
+          url: 'https://yaak.app',
+          authenticationType: 'apikey',
+          authentication: {
+            location: 'query',
+            key: 'token',
+            value: 'tok 1',
+          },
+        },
+        [],
+      ),
+    ).toEqual(['grpcurl', 'yaak.app?token=tok%201'].join(' \\\n  '));
+  });
+
   test('Single proto file', async () => {
     expect(await convert({ url: 'https://yaak.app' }, ['/foo/bar/baz.proto'])).toEqual(
       [
         `grpcurl -import-path '/foo/bar'`,
         `-import-path '/foo'`,
         `-proto '/foo/bar/baz.proto'`,
-        `yaak.app`,
-      ].join(` \\\n  `),
+        'yaak.app',
+      ].join(' \\\n  '),
     );
   });
   test('Multiple proto files, same dir', async () => {
@@ -46,8 +95,8 @@ describe('exporter-curl', () => {
         `-import-path '/foo'`,
         `-proto '/foo/bar/aaa.proto'`,
         `-proto '/foo/bar/bbb.proto'`,
-        `yaak.app`,
-      ].join(` \\\n  `),
+        'yaak.app',
+      ].join(' \\\n  '),
     );
   });
   test('Multiple proto files, different dir', async () => {
@@ -61,18 +110,18 @@ describe('exporter-curl', () => {
         `-import-path '/xxx'`,
         `-proto '/aaa/bbb/ccc.proto'`,
         `-proto '/xxx/yyy/zzz.proto'`,
-        `yaak.app`,
-      ].join(` \\\n  `),
+        'yaak.app',
+      ].join(' \\\n  '),
     );
   });
   test('Single include dir', async () => {
     expect(await convert({ url: 'https://yaak.app' }, ['/aaa/bbb'])).toEqual(
-      [`grpcurl -import-path '/aaa/bbb'`, `yaak.app`].join(` \\\n  `),
+      [`grpcurl -import-path '/aaa/bbb'`, 'yaak.app'].join(' \\\n  '),
     );
   });
   test('Multiple include dir', async () => {
     expect(await convert({ url: 'https://yaak.app' }, ['/aaa/bbb', '/xxx/yyy'])).toEqual(
-      [`grpcurl -import-path '/aaa/bbb'`, `-import-path '/xxx/yyy'`, `yaak.app`].join(` \\\n  `),
+      [`grpcurl -import-path '/aaa/bbb'`, `-import-path '/xxx/yyy'`, 'yaak.app'].join(' \\\n  '),
     );
   });
   test('Mixed proto and dirs', async () => {
@@ -85,8 +134,8 @@ describe('exporter-curl', () => {
         `-import-path '/foo'`,
         `-import-path '/'`,
         `-proto '/foo/bar.proto'`,
-        `yaak.app`,
-      ].join(` \\\n  `),
+        'yaak.app',
+      ].join(' \\\n  '),
     );
   });
   test('Sends data', async () => {
@@ -103,8 +152,8 @@ describe('exporter-curl', () => {
         `grpcurl -import-path '/'`,
         `-proto '/foo.proto'`,
         `-d '{"foo":"bar","baz":1}'`,
-        `yaak.app`,
-      ].join(` \\\n  `),
+        'yaak.app',
+      ].join(' \\\n  '),
     );
   });
 });

plugins/auth-apikey/package.json

@@ -11,7 +11,6 @@
   "version": "0.1.0",
   "scripts": {
     "build": "yaakcli build",
-    "dev": "yaakcli dev",
-    "lint":"tsc --noEmit && eslint . --ext .ts,.tsx"
+    "dev": "yaakcli dev"
   }
 }

plugins/auth-apikey/src/index.ts

@@ -21,13 +21,15 @@ export const plugin: PluginDefinition = {
         name: 'key',
         label: 'Key',
         dynamic: (_ctx, { values }) => {
-          return values.location === 'query' ? {
-            label: 'Parameter Name',
-            description: 'The name of the query parameter to add to the request',
-          } : {
-            label: 'Header Name',
-            description: 'The name of the header to add to the request',
-          };
+          return values.location === 'query'
+            ? {
+                label: 'Parameter Name',
+                description: 'The name of the query parameter to add to the request',
+              }
+            : {
+                label: 'Header Name',
+                description: 'The name of the header to add to the request',
+              };
         },
       },
       {
@@ -45,9 +47,8 @@ export const plugin: PluginDefinition = {
 
       if (location === 'query') {
         return { setQueryParameters: [{ name: key, value }] };
-      } else {
-        return { setHeaders: [{ name: key, value }] };
       }
+      return { setHeaders: [{ name: key, value }] };
     },
   },
 };

plugins/auth-aws/README.md

@@ -0,0 +1,49 @@
+# AWS Signature Version 4 Auth
+
+A plugin for authenticating AWS-compatible requests using the
+[AWS Signature Version 4 signing process](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).  
+This enables secure, signed requests to AWS services (or any S3-compatible APIs like
+Cloudflare R2).
+
+![Screenshot of AWS SigV4 UI](screenshot.png)
+
+## Overview
+
+This plugin provides AWS Signature authentication for API requests in Yaak. SigV4 is used
+by nearly all AWS APIs to verify the authenticity and integrity of requests using
+cryptographic signatures.
+
+With this plugin, you can securely sign requests to AWS services such as S3, STS, Lambda,
+API Gateway, DynamoDB, and more. You can also authenticate against S3-compatible services
+like **Cloudflare R2**, **MinIO**, or **Wasabi**.
+
+## How AWS Signature Version 4 Works
+
+SigV4 signs requests by creating a hash of key request components (method, URL, headers,
+and optionally the payload) using your AWS credentials. The resulting HMAC signature is
+added in the `Authorization` header along with credential scope metadata.
+
+Example header:
+
+```
+Authorization: AWS4-HMAC-SHA256 Credential=AKIA…/20251011/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-date, Signature=abcdef123456…
+```
+
+Each request must include a timestamp (`X-Amz-Date`) and may include a session token if
+using temporary credentials.
+
+## Configuration
+
+The plugin presents the following fields:
+
+- **Access Key ID** – Your AWS access key identifier
+- **Secret Access Key** – The secret associated with the access key
+- **Session Token** *(optional)* – Used for temporary or assumed-role credentials (treated as secret)
+- **Region** – AWS region (e.g., `us-east-1`)
+- **Service** – AWS service identifier (e.g., `sts`, `s3`, `execute-api`)
+
+## Usage
+
+1. Configure a request, folder, or workspace to use **AWS SigV4 Authentication**
+2. Enter your AWS credentials and target service/region
+3. The plugin will automatically sign outgoing requests with valid SigV4 headers

plugins/auth-aws/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "@yaak/auth-aws",
+  "displayName": "AWS SigV4",
+  "description": "Authenticate requests using AWS SigV4 signing",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mountain-loop/yaak.git",
+    "directory": "plugins/auth-aws"
+  },
+  "private": true,
+  "version": "0.1.0",
+  "scripts": {
+    "build": "yaakcli build",
+    "dev": "yaakcli dev"
+  },
+  "dependencies": {
+    "aws4": "^1.13.2"
+  },
+  "devDependencies": {
+    "@types/aws4": "^1.11.6"
+  }
+}

plugins/auth-aws/src/index.ts

@@ -0,0 +1,88 @@
+import { URL } from 'node:url';
+import type { PluginDefinition } from '@yaakapp/api';
+import type { CallHttpAuthenticationResponse } from '@yaakapp-internal/plugins';
+import type { Request } from 'aws4';
+import aws4 from 'aws4';
+
+export const plugin: PluginDefinition = {
+  authentication: {
+    name: 'awsv4',
+    label: 'AWS Signature',
+    shortLabel: 'AWS v4',
+    args: [
+      { name: 'accessKeyId', label: 'Access Key ID', type: 'text', password: true },
+      {
+        name: 'secretAccessKey',
+        label: 'Secret Access Key',
+        type: 'text',
+        password: true,
+      },
+      {
+        name: 'service',
+        label: 'Service Name',
+        type: 'text',
+        defaultValue: 'sts',
+        placeholder: 'sts',
+        description: 'The service that is receiving the request (sts, s3, sqs, ...)',
+      },
+      {
+        name: 'region',
+        label: 'Region',
+        type: 'text',
+        placeholder: 'us-east-1',
+        description: 'The region that is receiving the request (defaults to us-east-1)',
+        optional: true,
+      },
+      {
+        name: 'sessionToken',
+        label: 'Session Token',
+        type: 'text',
+        password: true,
+        optional: true,
+        description: 'Only required if you are using temporary credentials',
+      },
+    ],
+    onApply(_ctx, { values, ...args }): CallHttpAuthenticationResponse {
+      const accessKeyId = String(values.accessKeyId || '');
+      const secretAccessKey = String(values.secretAccessKey || '');
+      const sessionToken = String(values.sessionToken || '') || undefined;
+
+      const url = new URL(args.url);
+
+      const headers: NonNullable<Request['headers']> = {};
+      for (const headerName of ['content-type', 'host', 'x-amz-date', 'x-amz-security-token']) {
+        const v = args.headers.find((h) => h.name.toLowerCase() === headerName);
+        if (v != null) {
+          headers[headerName] = v.value;
+        }
+      }
+
+      const signature = aws4.sign(
+        {
+          host: url.host,
+          method: args.method,
+          path: url.pathname + (url.search || ''),
+          service: String(values.service || 'sts'),
+          region: values.region ? String(values.region) : undefined,
+          headers,
+          doNotEncodePath: true,
+        },
+        {
+          accessKeyId,
+          secretAccessKey,
+          sessionToken,
+        },
+      );
+
+      if (signature.headers == null) {
+        return {};
+      }
+
+      return {
+        setHeaders: Object.entries(signature.headers)
+          .filter(([name]) => name !== 'content-type') // Don't add this because we already have it
+          .map(([name, value]) => ({ name, value: String(value || '') })),
+      };
+    },
+  },
+};

plugins/auth-aws/tsconfig.json

@@ -0,0 +1,3 @@
+{
+  "extends": "../../tsconfig.json"
+}

plugins/auth-basic/package.json

@@ -11,7 +11,6 @@
   "version": "0.1.0",
   "scripts": {
     "build": "yaakcli build",
-    "dev": "yaakcli dev",
-    "lint":"tsc --noEmit && eslint . --ext .ts,.tsx"
+    "dev": "yaakcli dev"
   }
 }

plugins/auth-basic/src/index.ts

@@ -5,21 +5,24 @@ export const plugin: PluginDefinition = {
     name: 'basic',
     label: 'Basic Auth',
     shortLabel: 'Basic',
-    args: [{
-      type: 'text',
-      name: 'username',
-      label: 'Username',
-      optional: true,
-    }, {
-      type: 'text',
-      name: 'password',
-      label: 'Password',
-      optional: true,
-      password: true,
-    }],
+    args: [
+      {
+        type: 'text',
+        name: 'username',
+        label: 'Username',
+        optional: true,
+      },
+      {
+        type: 'text',
+        name: 'password',
+        label: 'Password',
+        optional: true,
+        password: true,
+      },
+    ],
     async onApply(_ctx, { values }) {
       const { username, password } = values;
-      const value = 'Basic ' + Buffer.from(`${username}:${password}`).toString('base64');
+      const value = `Basic ${Buffer.from(`${username}:${password}`).toString('base64')}`;
       return { setHeaders: [{ name: 'Authorization', value }] };
     },
   },

plugins/auth-bearer/package.json

@@ -12,7 +12,6 @@
   "scripts": {
     "build": "yaakcli build",
     "dev": "yaakcli dev",
-    "lint":"tsc --noEmit && eslint . --ext .ts,.tsx",
     "test": "vitest --run tests"
   }
 }

plugins/auth-bearer/src/index.ts

@@ -1,5 +1,5 @@
-import type { CallHttpAuthenticationRequest } from '@yaakapp-internal/plugins';
 import type { PluginDefinition } from '@yaakapp/api';
+import type { CallHttpAuthenticationRequest } from '@yaakapp-internal/plugins';
 
 export const plugin: PluginDefinition = {
   authentication: {

plugins/auth-bearer/tests/index.test.ts

@@ -7,7 +7,7 @@ const ctx = {} as Context;
 describe('auth-bearer', () => {
   test('No values', async () => {
     expect(
-      await plugin.authentication!.onApply(ctx, {
+      await plugin.authentication?.onApply(ctx, {
         values: {},
         headers: [],
         url: 'https://yaak.app',
@@ -19,7 +19,7 @@ describe('auth-bearer', () => {
 
   test('Only token', async () => {
     expect(
-      await plugin.authentication!.onApply(ctx, {
+      await plugin.authentication?.onApply(ctx, {
         values: { token: 'my-token' },
         headers: [],
         url: 'https://yaak.app',
@@ -31,7 +31,7 @@ describe('auth-bearer', () => {
 
   test('Only prefix', async () => {
     expect(
-      await plugin.authentication!.onApply(ctx, {
+      await plugin.authentication?.onApply(ctx, {
         values: { prefix: 'Hello' },
         headers: [],
         url: 'https://yaak.app',
@@ -43,7 +43,7 @@ describe('auth-bearer', () => {
 
   test('Prefix and token', async () => {
     expect(
-      await plugin.authentication!.onApply(ctx, {
+      await plugin.authentication?.onApply(ctx, {
         values: { prefix: 'Hello', token: 'my-token' },
         headers: [],
         url: 'https://yaak.app',
@@ -55,7 +55,7 @@ describe('auth-bearer', () => {
 
   test('Extra spaces', async () => {
     expect(
-      await plugin.authentication!.onApply(ctx, {
+      await plugin.authentication?.onApply(ctx, {
         values: { prefix: '\t Hello  ', token: ' \nmy-token  ' },
         headers: [],
         url: 'https://yaak.app',

plugins/auth-jwt/package.json

@@ -11,8 +11,7 @@
   "version": "0.1.0",
   "scripts": {
     "build": "yaakcli build",
-    "dev": "yaakcli dev",
-    "lint":"tsc --noEmit && eslint . --ext .ts,.tsx"
+    "dev": "yaakcli dev"
   },
   "dependencies": {
     "jsonwebtoken": "^9.0.2"

plugins/auth-jwt/src/index.ts

@@ -46,6 +46,49 @@ export const plugin: PluginDefinition = {
         name: 'secretBase64',
         label: 'Secret is base64 encoded',
       },
+      {
+        type: 'select',
+        name: 'location',
+        label: 'Behavior',
+        defaultValue: 'header',
+        options: [
+          { label: 'Insert Header', value: 'header' },
+          { label: 'Append Query Parameter', value: 'query' },
+        ],
+      },
+      {
+        type: 'text',
+        name: 'name',
+        label: 'Header Name',
+        defaultValue: 'Authorization',
+        optional: true,
+        dynamic(_ctx, args) {
+          if (args.values.location === 'query') {
+            return {
+              label: 'Parameter Name',
+              description: 'The name of the query parameter to add to the request',
+            };
+          }
+          return {
+            label: 'Header Name',
+            description: 'The name of the header to add to the request',
+          };
+        },
+      },
+      {
+        type: 'text',
+        name: 'headerPrefix',
+        label: 'Header Prefix',
+        optional: true,
+        defaultValue: 'Bearer',
+        dynamic(_ctx, args) {
+          if (args.values.location === 'query') {
+            return {
+              hidden: true,
+            };
+          }
+        },
+      },
       {
         type: 'editor',
         name: 'payload',
@@ -61,8 +104,16 @@ export const plugin: PluginDefinition = {
       const token = jwt.sign(`${payload}`, secret, {
         algorithm: algorithm as (typeof algorithms)[number],
       });
-      const value = `Bearer ${token}`;
-      return { setHeaders: [{ name: 'Authorization', value }] };
+
+      if (values.location === 'query') {
+        const paramName = String(values.name || 'token');
+        const paramValue = String(values.value || '');
+        return { setQueryParameters: [{ name: paramName, value: paramValue }] };
+      }
+      const headerPrefix = values.headerPrefix != null ? values.headerPrefix : 'Bearer';
+      const headerName = String(values.name || 'Authorization');
+      const headerValue = `${headerPrefix} ${token}`.trim();
+      return { setHeaders: [{ name: headerName, value: headerValue }] };
     },
   },
 };

plugins/auth-ntlm/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "@yaak/auth-ntlm",
+  "displayName": "NTLM Authentication",
+  "description": "Authenticate requests using NTLM authentication",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mountain-loop/yaak.git",
+    "directory": "plugins/auth-ntlm"
+  },
+  "private": true,
+  "version": "0.1.0",
+  "scripts": {
+    "build": "yaakcli build",
+    "dev": "yaakcli dev"
+  },
+  "dependencies": {
+    "httpntlm": "^1.8.13"
+  }
+}

plugins/auth-ntlm/src/index.ts

@@ -0,0 +1,87 @@
+import type { PluginDefinition } from '@yaakapp/api';
+
+import { ntlm } from 'httpntlm';
+
+export const plugin: PluginDefinition = {
+  authentication: {
+    name: 'windows',
+    label: 'NTLM Auth',
+    shortLabel: 'NTLM',
+    args: [
+      {
+        type: 'banner',
+        color: 'info',
+        inputs: [
+          {
+            type: 'markdown',
+            content:
+              'NTLM is still in beta. Please submit any issues to [Feedback](https://yaak.app/feedback).',
+          },
+        ],
+      },
+      {
+        type: 'text',
+        name: 'username',
+        label: 'Username',
+        optional: true,
+      },
+      {
+        type: 'text',
+        name: 'password',
+        label: 'Password',
+        optional: true,
+        password: true,
+      },
+      {
+        type: 'accordion',
+        label: 'Advanced',
+        inputs: [
+          { name: 'domain', label: 'Domain', type: 'text', optional: true },
+          { name: 'workstation', label: 'Workstation', type: 'text', optional: true },
+        ],
+      },
+    ],
+    async onApply(ctx, { values, method, url }) {
+      const username = values.username ? String(values.username) : undefined;
+      const password = values.password ? String(values.password) : undefined;
+      const domain = values.domain ? String(values.domain) : undefined;
+      const workstation = values.workstation ? String(values.workstation) : undefined;
+
+      const options = {
+        url,
+        username,
+        password,
+        workstation,
+        domain,
+      };
+
+      const type1 = ntlm.createType1Message(options);
+
+      const negotiateResponse = await ctx.httpRequest.send({
+        httpRequest: {
+          method,
+          url,
+          headers: [
+            { name: 'Authorization', value: type1 },
+            { name: 'Connection', value: 'keep-alive' },
+          ],
+        },
+      });
+
+      const wwwAuthenticateHeader = negotiateResponse.headers.find(
+        (h) => h.name.toLowerCase() === 'www-authenticate',
+      );
+
+      if (!wwwAuthenticateHeader?.value) {
+        throw new Error('Unable to find www-authenticate response header for NTLM');
+      }
+
+      const type2 = ntlm.parseType2Message(wwwAuthenticateHeader.value, (err: Error | null) => {
+        if (err != null) throw err;
+      });
+      const type3 = ntlm.createType3Message(type2, options);
+
+      return { setHeaders: [{ name: 'Authorization', value: type3 }] };
+    },
+  },
+};

plugins/auth-ntlm/src/modules.d.ts

@@ -0,0 +1 @@
+declare module 'httpntlm';

plugins/auth-ntlm/tsconfig.json

@@ -0,0 +1,3 @@
+{
+  "extends": "../../tsconfig.json"
+}

plugins/auth-oauth1/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "@yaak/auth-oauth1",
+  "displayName": "OAuth 1.0",
+  "description": "Authenticate requests using OAuth 1.0a",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mountain-loop/yaak.git",
+    "directory": "plugins/auth-oauth1"
+  },
+  "private": true,
+  "version": "0.1.0",
+  "scripts": {
+    "build": "yaakcli build",
+    "dev": "yaakcli dev"
+  },
+  "dependencies": {
+    "oauth-1.0a": "^2.2.6"
+  }
+}

plugins/auth-oauth1/src/index.ts

@@ -0,0 +1,210 @@
+import crypto from 'node:crypto';
+import type { Context, GetHttpAuthenticationConfigRequest, PluginDefinition } from '@yaakapp/api';
+import OAuth from 'oauth-1.0a';
+
+const signatures = {
+  HMAC_SHA1: 'HMAC-SHA1',
+  HMAC_SHA256: 'HMAC-SHA256',
+  HMAC_SHA512: 'HMAC-SHA512',
+  RSA_SHA1: 'RSA-SHA1',
+  RSA_SHA256: 'RSA-SHA256',
+  RSA_SHA512: 'RSA-SHA512',
+  PLAINTEXT: 'PLAINTEXT',
+} as const;
+const defaultSig = signatures.HMAC_SHA1;
+
+const pkSigs = Object.values(signatures).filter((k) => k.startsWith('RSA-'));
+const nonPkSigs = Object.values(signatures).filter((k) => !pkSigs.includes(k));
+
+type SigMethod = (typeof signatures)[keyof typeof signatures];
+
+function hiddenIfNot(
+  sigMethod: SigMethod[],
+  ...other: ((values: GetHttpAuthenticationConfigRequest['values']) => boolean)[]
+) {
+  return (_ctx: Context, { values }: GetHttpAuthenticationConfigRequest) => {
+    const hasGrantType = sigMethod.find((t) => t === String(values.signatureMethod ?? defaultSig));
+    const hasOtherBools = other.every((t) => t(values));
+    const show = hasGrantType && hasOtherBools;
+    return { hidden: !show };
+  };
+}
+
+export const plugin: PluginDefinition = {
+  authentication: {
+    name: 'oauth1',
+    label: 'OAuth 1.0',
+    shortLabel: 'OAuth 1',
+    args: [
+      {
+        type: 'banner',
+        color: 'info',
+        inputs: [
+          {
+            type: 'markdown',
+            content:
+              'OAuth 1.0 is still in beta. Please submit any issues to [Feedback](https://yaak.app/feedback).',
+          },
+        ],
+      },
+      {
+        name: 'signatureMethod',
+        label: 'Signature Method',
+        type: 'select',
+        defaultValue: defaultSig,
+        options: Object.values(signatures).map((v) => ({ label: v, value: v })),
+      },
+      { name: 'consumerKey', label: 'Consumer Key', type: 'text', password: true, optional: true },
+      {
+        name: 'consumerSecret',
+        label: 'Consumer Secret',
+        type: 'text',
+        password: true,
+        optional: true,
+      },
+      {
+        name: 'tokenKey',
+        label: 'Access Token',
+        type: 'text',
+        password: true,
+        optional: true,
+      },
+      {
+        name: 'tokenSecret',
+        label: 'Token Secret',
+        type: 'text',
+        password: true,
+        optional: true,
+        dynamic: hiddenIfNot(nonPkSigs),
+      },
+      {
+        name: 'privateKey',
+        label: 'Private Key (RSA-SHA1)',
+        type: 'text',
+        multiLine: true,
+        optional: true,
+        password: true,
+        placeholder:
+          '-----BEGIN RSA PRIVATE KEY-----\nPrivate key in PEM format\n-----END RSA PRIVATE KEY-----',
+        dynamic: hiddenIfNot(pkSigs),
+      },
+      {
+        type: 'accordion',
+        label: 'Advanced',
+        inputs: [
+          { name: 'callback', label: 'Callback Url', type: 'text', optional: true },
+          { name: 'verifier', label: 'Verifier', type: 'text', optional: true, password: true },
+          { name: 'timestamp', label: 'Timestamp', type: 'text', optional: true },
+          { name: 'nonce', label: 'Nonce', type: 'text', optional: true },
+          {
+            name: 'version',
+            label: 'OAuth Version',
+            type: 'text',
+            optional: true,
+            defaultValue: '1.0',
+          },
+          { name: 'realm', label: 'Realm', type: 'text', optional: true },
+        ],
+      },
+    ],
+
+    onApply(
+      _ctx,
+      { values, method, url },
+    ): {
+      setHeaders?: { name: string; value: string }[];
+      setQueryParameters?: { name: string; value: string }[];
+    } {
+      const consumerKey = String(values.consumerKey || '');
+      const consumerSecret = String(values.consumerSecret || '');
+
+      const signatureMethod = String(values.signatureMethod || signatures.HMAC_SHA1) as SigMethod;
+      const version = String(values.version || '1.0');
+      const realm = String(values.realm || '') || undefined;
+
+      const oauth = new OAuth({
+        consumer: { key: consumerKey, secret: consumerSecret },
+        signature_method: signatureMethod,
+        version,
+        hash_function: hashFunction(signatureMethod),
+        realm,
+      });
+
+      if (pkSigs.includes(signatureMethod)) {
+        oauth.getSigningKey = (tokenSecret?: string) => tokenSecret || '';
+      }
+
+      const requestUrl = new URL(url);
+
+      // Base request options passed to oauth-1.0a
+      const requestData: Omit<OAuth.RequestOptions, 'data'> & {
+        data: Record<string, string | string[]>;
+      } = {
+        method,
+        url: requestUrl.toString(),
+        includeBodyHash: false,
+        data: {},
+      };
+
+      // (1) Include existing query params in signature base string
+      for (const key of requestUrl.searchParams.keys()) {
+        if (key.startsWith('oauth_')) continue;
+        const all = requestUrl.searchParams.getAll(key);
+        const first = all[0];
+        if (first == null) continue;
+        requestData.data[key] = all.length > 1 ? all : first;
+      }
+
+      // (2) Manual oauth_* overrides
+      if (values.callback) requestData.data.oauth_callback = String(values.callback);
+      if (values.nonce) requestData.data.oauth_nonce = String(values.nonce);
+      if (values.timestamp) requestData.data.oauth_timestamp = String(values.timestamp);
+      if (values.verifier) requestData.data.oauth_verifier = String(values.verifier);
+
+      let token: OAuth.Token | { key: string } | undefined;
+
+      if (pkSigs.includes(signatureMethod)) {
+        token = {
+          key: String(values.tokenKey || ''),
+          secret: String(values.privateKey || ''),
+        };
+      } else if (values.tokenKey && values.tokenSecret) {
+        token = { key: String(values.tokenKey), secret: String(values.tokenSecret) };
+      } else if (values.tokenKey) {
+        token = { key: String(values.tokenKey) };
+      }
+
+      const authParams = oauth.authorize(requestData, token as OAuth.Token | undefined);
+      const { Authorization } = oauth.toHeader(authParams);
+      return { setHeaders: [{ name: 'Authorization', value: Authorization }] };
+    },
+  },
+};
+
+function hashFunction(signatureMethod: SigMethod) {
+  switch (signatureMethod) {
+    case signatures.HMAC_SHA1:
+      return (base: string, key: string) =>
+        crypto.createHmac('sha1', key).update(base).digest('base64');
+    case signatures.HMAC_SHA256:
+      return (base: string, key: string) =>
+        crypto.createHmac('sha256', key).update(base).digest('base64');
+    case signatures.HMAC_SHA512:
+      return (base: string, key: string) =>
+        crypto.createHmac('sha512', key).update(base).digest('base64');
+    case signatures.RSA_SHA1:
+      return (base: string, privateKey: string) =>
+        crypto.createSign('RSA-SHA1').update(base).sign(privateKey, 'base64');
+    case signatures.RSA_SHA256:
+      return (base: string, privateKey: string) =>
+        crypto.createSign('RSA-SHA256').update(base).sign(privateKey, 'base64');
+    case signatures.RSA_SHA512:
+      return (base: string, privateKey: string) =>
+        crypto.createSign('RSA-SHA512').update(base).sign(privateKey, 'base64');
+    case signatures.PLAINTEXT:
+      return (base: string) => base;
+    default:
+      return (base: string, key: string) =>
+        crypto.createHmac('sha1', key).update(base).digest('base64');
+  }
+}

plugins/auth-oauth1/tsconfig.json

@@ -0,0 +1,3 @@
+{
+  "extends": "../../tsconfig.json"
+}

plugins/auth-oauth2/package.json

@@ -12,6 +12,6 @@
   "scripts": {
     "build": "yaakcli build",
     "dev": "yaakcli dev",
-    "lint":"tsc --noEmit && eslint . --ext .ts,.tsx"
+    "test": "vitest --run tests"
   }
 }

plugins/auth-oauth2/src/fetchAccessToken.ts

@@ -1,5 +1,5 @@
-import type { Context, HttpRequest, HttpUrlParameter } from '@yaakapp/api';
 import { readFileSync } from 'node:fs';
+import type { Context, HttpRequest, HttpUrlParameter } from '@yaakapp/api';
 import type { AccessTokenRawResponse } from './store';
 
 export async function fetchAccessToken(
@@ -39,15 +39,15 @@ export async function fetchAccessToken(
     ],
   };
 
-  if (scope) httpRequest.body!.form.push({ name: 'scope', value: scope });
-  if (audience) httpRequest.body!.form.push({ name: 'audience', value: audience });
+  if (scope) httpRequest.body?.form.push({ name: 'scope', value: scope });
+  if (audience) httpRequest.body?.form.push({ name: 'audience', value: audience });
 
   if (credentialsInBody) {
-    httpRequest.body!.form.push({ name: 'client_id', value: clientId });
-    httpRequest.body!.form.push({ name: 'client_secret', value: clientSecret });
+    httpRequest.body?.form.push({ name: 'client_id', value: clientId });
+    httpRequest.body?.form.push({ name: 'client_secret', value: clientSecret });
   } else {
-    const value = 'Basic ' + Buffer.from(`${clientId}:${clientSecret}`).toString('base64');
-    httpRequest.headers!.push({ name: 'Authorization', value });
+    const value = `Basic ${Buffer.from(`${clientId}:${clientSecret}`).toString('base64')}`;
+    httpRequest.headers?.push({ name: 'Authorization', value });
   }
 
   httpRequest.authenticationType = 'none'; // Don't inherit workspace auth
@@ -58,12 +58,11 @@ export async function fetchAccessToken(
   const body = resp.bodyPath ? readFileSync(resp.bodyPath, 'utf8') : '';
 
   if (resp.status < 200 || resp.status >= 300) {
-    throw new Error(
-      'Failed to fetch access token with status=' + resp.status + ' and body=' + body,
-    );
+    throw new Error(`Failed to fetch access token with status=${resp.status} and body=${body}`);
   }
 
-  let response;
+  // biome-ignore lint/suspicious/noExplicitAny: none
+  let response: any;
   try {
     response = JSON.parse(body);
   } catch {
@@ -71,7 +70,7 @@ export async function fetchAccessToken(
   }
 
   if (response.error) {
-    throw new Error('Failed to fetch access token with ' + response.error);
+    throw new Error(`Failed to fetch access token with ${response.error}`);
   }
 
   return response;

plugins/auth-oauth2/src/getOrRefreshAccessToken.ts

@@ -1,5 +1,5 @@
-import type { Context, HttpRequest } from '@yaakapp/api';
 import { readFileSync } from 'node:fs';
+import type { Context, HttpRequest } from '@yaakapp/api';
 import type { AccessToken, AccessTokenRawResponse, TokenStoreArgs } from './store';
 import { deleteToken, getToken, storeToken } from './store';
 import { isTokenExpired } from './util';
@@ -58,23 +58,23 @@ export async function getOrRefreshAccessToken(
     ],
   };
 
-  if (scope) httpRequest.body!.form.push({ name: 'scope', value: scope });
+  if (scope) httpRequest.body?.form.push({ name: 'scope', value: scope });
 
   if (credentialsInBody) {
-    httpRequest.body!.form.push({ name: 'client_id', value: clientId });
-    httpRequest.body!.form.push({ name: 'client_secret', value: clientSecret });
+    httpRequest.body?.form.push({ name: 'client_id', value: clientId });
+    httpRequest.body?.form.push({ name: 'client_secret', value: clientSecret });
   } else {
-    const value = 'Basic ' + Buffer.from(`${clientId}:${clientSecret}`).toString('base64');
-    httpRequest.headers!.push({ name: 'Authorization', value });
+    const value = `Basic ${Buffer.from(`${clientId}:${clientSecret}`).toString('base64')}`;
+    httpRequest.headers?.push({ name: 'Authorization', value });
   }
 
   httpRequest.authenticationType = 'none'; // Don't inherit workspace auth
   const resp = await ctx.httpRequest.send({ httpRequest });
 
-  if (resp.status === 401) {
-    // Bad refresh token, so we'll force it to fetch a fresh access token by deleting
-    // and returning null;
-    console.log('[oauth2] Unauthorized refresh_token request');
+  if (resp.status >= 400 && resp.status < 500) {
+    // Client errors (4xx) indicate the refresh token is invalid, expired, or revoked
+    // Delete the token and return null to trigger a fresh authorization flow
+    console.log('[oauth2] Refresh token request failed with client error, deleting token');
     await deleteToken(ctx, tokenArgs);
     return null;
   }
@@ -84,12 +84,11 @@ export async function getOrRefreshAccessToken(
   console.log('[oauth2] Got refresh token response', resp.status);
 
   if (resp.status < 200 || resp.status >= 300) {
-    throw new Error(
-      'Failed to refresh access token with status=' + resp.status + ' and body=' + body,
-    );
+    throw new Error(`Failed to refresh access token with status=${resp.status} and body=${body}`);
   }
 
-  let response;
+  // biome-ignore lint/suspicious/noExplicitAny: none
+  let response: any;
   try {
     response = JSON.parse(body);
   } catch {

plugins/auth-oauth2/src/grants/authorizationCode.ts

@@ -1,9 +1,10 @@
-import type { Context } from '@yaakapp/api';
 import { createHash, randomBytes } from 'node:crypto';
+import type { Context } from '@yaakapp/api';
 import { fetchAccessToken } from '../fetchAccessToken';
 import { getOrRefreshAccessToken } from '../getOrRefreshAccessToken';
 import type { AccessToken, TokenStoreArgs } from '../store';
 import { getDataDirKey, storeToken } from '../store';
+import { extractCode } from '../util';
 
 export const PKCE_SHA256 = 'S256';
 export const PKCE_PLAIN = 'plain';
@@ -79,12 +80,11 @@ export async function getAuthorizationCode(
     authorizationUrl.searchParams.set('code_challenge_method', pkce.challengeMethod);
   }
 
-  const logsEnabled = (await ctx.store.get('enable_logs')) ?? false;
   const dataDirKey = await getDataDirKey(ctx, contextId);
   const authorizationUrlStr = authorizationUrl.toString();
   console.log('[oauth2] Authorizing', authorizationUrlStr);
 
-  // eslint-disable-next-line no-async-promise-executor
+  // biome-ignore lint/suspicious/noAsyncPromiseExecutor: none
   const code = await new Promise<string>(async (resolve, reject) => {
     let foundCode = false;
     const { close } = await ctx.window.openUrl({
@@ -97,18 +97,17 @@ export async function getAuthorizationCode(
         }
       },
       async onNavigate({ url: urlStr }) {
-        const url = new URL(urlStr);
-        if (logsEnabled) console.log('[oauth2] Navigated to', urlStr);
-
-        if (url.searchParams.has('error')) {
+        let code: string | null;
+        try {
+          code = extractCode(urlStr, redirectUri);
+        } catch (err) {
+          reject(err);
           close();
-          return reject(new Error(`Failed to authorize: ${url.searchParams.get('error')}`));
+          return;
         }
 
-        const code = url.searchParams.get('code');
         if (!code) {
-          console.log('[oauth2] Code not found');
-          return; // Could be one of many redirects in a chain, so skip it
+          return;
         }
 
         // Close the window here, because we don't need it anymore!

plugins/auth-oauth2/src/grants/implicit.ts

@@ -1,6 +1,6 @@
 import type { Context } from '@yaakapp/api';
-import type { AccessToken, AccessTokenRawResponse} from '../store';
-import  { getDataDirKey , getToken, storeToken } from '../store';
+import type { AccessToken, AccessTokenRawResponse } from '../store';
+import { getDataDirKey, getToken, storeToken } from '../store';
 import { isTokenExpired } from '../util';
 
 export async function getImplicit(
@@ -56,7 +56,7 @@ export async function getImplicit(
     );
   }
 
-  // eslint-disable-next-line no-async-promise-executor
+  // biome-ignore lint/suspicious/noAsyncPromiseExecutor: none
   const newToken = await new Promise<AccessToken>(async (resolve, reject) => {
     let foundAccessToken = false;
     const authorizationUrlStr = authorizationUrl.toString();

plugins/auth-oauth2/src/index.ts

@@ -6,8 +6,8 @@ import type {
   PluginDefinition,
 } from '@yaakapp/api';
 import {
-  genPkceCodeVerifier,
   DEFAULT_PKCE_METHOD,
+  genPkceCodeVerifier,
   getAuthorizationCode,
   PKCE_PLAIN,
   PKCE_SHA256,
@@ -27,7 +27,7 @@ const grantTypes: FormInputSelectOption[] = [
   { label: 'Client Credentials', value: 'client_credentials' },
 ];
 
-const defaultGrantType = grantTypes[0]!.value;
+const defaultGrantType = grantTypes[0]?.value;
 
 function hiddenIfNot(
   grantTypes: GrantType[],
@@ -125,24 +125,12 @@ export const plugin: PluginDefinition = {
           await resetDataDirKey(ctx, contextId);
         },
       },
-      {
-        label: 'Toggle Debug Logs',
-        async onSelect(ctx) {
-          const enableLogs = !(await ctx.store.get('enable_logs'));
-          await ctx.store.set('enable_logs', enableLogs);
-          await ctx.toast.show({
-            message: `Debug logs ${enableLogs ? 'enabled' : 'disabled'}`,
-            color: 'info',
-          });
-        },
-      },
     ],
     args: [
       {
         type: 'select',
         name: 'grantType',
         label: 'Grant Type',
-        hideLabel: true,
         defaultValue: defaultGrantType,
         options: grantTypes,
       },
@@ -271,6 +259,12 @@ export const plugin: PluginDefinition = {
         label: 'Advanced',
         inputs: [
           { type: 'text', name: 'scope', label: 'Scope', optional: true },
+          {
+            type: 'text',
+            name: 'headerName',
+            label: 'Header Name',
+            defaultValue: 'Authorization',
+          },
           {
             type: 'text',
             name: 'headerPrefix',
@@ -293,6 +287,7 @@ export const plugin: PluginDefinition = {
       {
         type: 'accordion',
         label: 'Access Token Response',
+        inputs: [],
         async dynamic(ctx, { contextId, values }) {
           const tokenArgs: TokenStoreArgs = {
             contextId,
@@ -309,6 +304,7 @@ export const plugin: PluginDefinition = {
             inputs: [
               {
                 type: 'editor',
+                name: 'response',
                 defaultValue: JSON.stringify(token.response, null, 2),
                 hideLabel: true,
                 readOnly: true,
@@ -394,18 +390,12 @@ export const plugin: PluginDefinition = {
           credentialsInBody,
         });
       } else {
-        throw new Error('Invalid grant type ' + grantType);
+        throw new Error(`Invalid grant type ${grantType}`);
       }
 
+      const headerName = stringArg(values, 'headerName') || 'Authorization';
       const headerValue = `${headerPrefix} ${token.response[tokenName]}`.trim();
-      return {
-        setHeaders: [
-          {
-            name: 'Authorization',
-            value: headerValue,
-          },
-        ],
-      };
+      return { setHeaders: [{ name: headerName, value: headerValue }] };
     },
   },
 };
@@ -415,7 +405,7 @@ function stringArgOrNull(
   name: string,
 ): string | null {
   const arg = values[name];
-  if (arg == null || arg == '') return null;
+  if (arg == null || arg === '') return null;
   return `${arg}`;
 }
 

plugins/auth-oauth2/src/store.ts

@@ -1,5 +1,5 @@
-import type { Context } from '@yaakapp/api';
 import { createHash } from 'node:crypto';
+import type { Context } from '@yaakapp/api';
 
 export async function storeToken(
   ctx: Context,

plugins/auth-oauth2/src/util.ts

@@ -3,3 +3,83 @@ import type { AccessToken } from './store';
 export function isTokenExpired(token: AccessToken) {
   return token.expiresAt && Date.now() > token.expiresAt;
 }
+
+export function extractCode(urlStr: string, redirectUri: string | null): string | null {
+  const url = new URL(urlStr);
+
+  if (!urlMatchesRedirect(url, redirectUri)) {
+    console.log('[oauth2] URL does not match redirect origin/path; skipping.');
+    return null;
+  }
+
+  // Prefer query param; fall back to fragment if query lacks it
+
+  const query = url.searchParams;
+  const queryError = query.get('error');
+  const queryDesc = query.get('error_description');
+  const queryUri = query.get('error_uri');
+
+  let hashParams: URLSearchParams | null = null;
+  if (url.hash && url.hash.length > 1) {
+    hashParams = new URLSearchParams(url.hash.slice(1));
+  }
+  const hashError = hashParams?.get('error');
+  const hashDesc = hashParams?.get('error_description');
+  const hashUri = hashParams?.get('error_uri');
+
+  const error = queryError || hashError;
+  if (error) {
+    const desc = queryDesc || hashDesc;
+    const uri = queryUri || hashUri;
+    let message = `Failed to authorize: ${error}`;
+    if (desc) message += ` (${desc})`;
+    if (uri) message += ` [${uri}]`;
+    throw new Error(message);
+  }
+
+  const queryCode = query.get('code');
+  if (queryCode) return queryCode;
+
+  const hashCode = hashParams?.get('code');
+  if (hashCode) return hashCode;
+
+  console.log('[oauth2] Code not found');
+  return null;
+}
+
+export function urlMatchesRedirect(url: URL, redirectUrl: string | null): boolean {
+  if (!redirectUrl) return true;
+
+  let redirect: URL;
+  try {
+    redirect = new URL(redirectUrl);
+  } catch {
+    console.log('[oauth2] Invalid redirect URI; skipping.');
+    return false;
+  }
+
+  const sameProtocol = url.protocol === redirect.protocol;
+
+  const sameHost = url.hostname.toLowerCase() === redirect.hostname.toLowerCase();
+
+  const normalizePort = (u: URL) =>
+    (u.protocol === 'https:' && (!u.port || u.port === '443')) ||
+    (u.protocol === 'http:' && (!u.port || u.port === '80'))
+      ? ''
+      : u.port;
+
+  const samePort = normalizePort(url) === normalizePort(redirect);
+
+  const normPath = (p: string) => {
+    const withLeading = p.startsWith('/') ? p : `/${p}`;
+    // strip trailing slashes, keep root as "/"
+    return withLeading.replace(/\/+$/g, '') || '/';
+  };
+
+  // Require redirect path to be a prefix of the navigated URL path
+  const urlPath = normPath(url.pathname);
+  const redirectPath = normPath(redirect.pathname);
+  const pathMatches = urlPath === redirectPath || urlPath.startsWith(`${redirectPath}/`);
+
+  return sameProtocol && sameHost && samePort && pathMatches;
+}

plugins/auth-oauth2/tests/util.test.ts

@@ -0,0 +1,109 @@
+import { describe, expect, test } from 'vitest';
+import { extractCode } from '../src/util';
+
+describe('extractCode', () => {
+  test('extracts code from query when same origin + path', () => {
+    const url = 'https://app.example.com/cb?code=abc123&state=xyz';
+    const redirect = 'https://app.example.com/cb';
+    expect(extractCode(url, redirect)).toBe('abc123');
+  });
+
+  test('extracts code from query with weird path', () => {
+    const url = 'https://app.example.com/cbwithextra?code=abc123&state=xyz';
+    const redirect = 'https://app.example.com/cb';
+    expect(extractCode(url, redirect)).toBeNull();
+  });
+
+  test('allows trailing slash differences', () => {
+    expect(extractCode('https://app.example.com/cb/?code=abc', 'https://app.example.com/cb')).toBe(
+      'abc',
+    );
+    expect(extractCode('https://app.example.com/cb?code=abc', 'https://app.example.com/cb/')).toBe(
+      'abc',
+    );
+  });
+
+  test('treats default ports as equal (https:443, http:80)', () => {
+    expect(
+      extractCode('https://app.example.com/cb?code=abc', 'https://app.example.com:443/cb'),
+    ).toBe('abc');
+    expect(extractCode('http://app.example.com/cb?code=abc', 'http://app.example.com:80/cb')).toBe(
+      'abc',
+    );
+  });
+
+  test('rejects different port', () => {
+    expect(
+      extractCode('https://app.example.com/cb?code=abc', 'https://app.example.com:8443/cb'),
+    ).toBeNull();
+  });
+
+  test('rejects different hostname (including subdomain changes)', () => {
+    expect(
+      extractCode('https://evil.example.com/cb?code=abc', 'https://app.example.com/cb'),
+    ).toBeNull();
+  });
+
+  test('requires path to start with redirect path (ignoring query/hash)', () => {
+    // same origin but wrong path -> null
+    expect(
+      extractCode('https://app.example.com/other?code=abc', 'https://app.example.com/cb'),
+    ).toBeNull();
+
+    // deeper subpath under the redirect path -> allowed (prefix match)
+    expect(
+      extractCode('https://app.example.com/cb/deep?code=abc', 'https://app.example.com/cb'),
+    ).toBe('abc');
+  });
+
+  test('works with custom schemes', () => {
+    expect(extractCode('myapp://cb?code=abc', 'myapp://cb')).toBe('abc');
+  });
+
+  test('prefers query over fragment when both present', () => {
+    const url = 'https://app.example.com/cb?code=queryCode#code=hashCode';
+    const redirect = 'https://app.example.com/cb';
+    expect(extractCode(url, redirect)).toBe('queryCode');
+  });
+
+  test('extracts code from fragment when query lacks code', () => {
+    const url = 'https://app.example.com/cb#code=fromHash&state=xyz';
+    const redirect = 'https://app.example.com/cb';
+    expect(extractCode(url, redirect)).toBe('fromHash');
+  });
+
+  test('returns null if no code present (query or fragment)', () => {
+    const url = 'https://app.example.com/cb?state=only';
+    const redirect = 'https://app.example.com/cb';
+    expect(extractCode(url, redirect)).toBeNull();
+  });
+
+  test('returns null when provider reports an error', () => {
+    const url = 'https://app.example.com/cb?error=access_denied&error_description=oopsy';
+    const redirect = 'https://app.example.com/cb';
+    expect(() => extractCode(url, redirect)).toThrow('Failed to authorize: access_denied');
+  });
+
+  test('when redirectUri is null, extracts code from any URL', () => {
+    expect(extractCode('https://random.example.com/whatever?code=abc', null)).toBe('abc');
+  });
+
+  test('handles extra params gracefully', () => {
+    const url = 'https://app.example.com/cb?foo=1&bar=2&code=abc&baz=3';
+    const redirect = 'https://app.example.com/cb';
+    expect(extractCode(url, redirect)).toBe('abc');
+  });
+
+  test('ignores fragment noise when code is in query', () => {
+    const url = 'https://app.example.com/cb?code=abc#some=thing';
+    const redirect = 'https://app.example.com/cb';
+    expect(extractCode(url, redirect)).toBe('abc');
+  });
+
+  // If you decide NOT to support fragment-based codes, flip these to expect null or mark as .skip
+  test('supports fragment-only code for response_mode=fragment providers', () => {
+    const url = 'https://app.example.com/cb#state=xyz&code=abc';
+    const redirect = 'https://app.example.com/cb';
+    expect(extractCode(url, redirect)).toBe('abc');
+  });
+});

plugins/filter-jsonpath/package.json

@@ -11,8 +11,7 @@
   "version": "0.1.0",
   "scripts": {
     "build": "yaakcli build",
-    "dev": "yaakcli dev",
-    "lint":"tsc --noEmit && eslint . --ext .ts,.tsx"
+    "dev": "yaakcli dev"
   },
   "dependencies": {
     "jsonpath-plus": "^10.3.0"

plugins/filter-xpath/package.json

@@ -6,8 +6,7 @@
   "version": "0.1.0",
   "scripts": {
     "build": "yaakcli build",
-    "dev": "yaakcli dev",
-    "lint":"tsc --noEmit && eslint . --ext .ts,.tsx"
+    "dev": "yaakcli dev"
   },
   "dependencies": {
     "@xmldom/xmldom": "^0.9.8",

plugins/filter-xpath/src/index.ts

@@ -7,16 +7,15 @@ export const plugin: PluginDefinition = {
     name: 'XPath',
     description: 'Filter XPath',
     onFilter(_ctx, args) {
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      // biome-ignore lint/suspicious/noExplicitAny: none
       const doc: any = new DOMParser().parseFromString(args.payload, 'text/xml');
       try {
         const result = xpath.select(args.filter, doc, false);
         if (Array.isArray(result)) {
           return { content: result.map((r) => String(r)).join('\n') };
-        } else {
-          // Not sure what cases this happens in (?)
-          return { content: String(result) };
         }
+        // Not sure what cases this happens in (?)
+        return { content: String(result) };
       } catch (err) {
         return { content: '', error: `Invalid filter: ${err}` };
       }

plugins/importer-curl/package.json

@@ -7,7 +7,6 @@
   "scripts": {
     "build": "yaakcli build",
     "dev": "yaakcli dev",
-    "lint": "tsc --noEmit && eslint . --ext .ts,.tsx",
     "test": "vitest --run tests"
   },
   "dependencies": {

plugins/importer-curl/src/index.ts

@@ -1,4 +1,12 @@
-import type { Context, Environment, Folder, HttpRequest, HttpUrlParameter, PluginDefinition, Workspace } from '@yaakapp/api';
+import type {
+  Context,
+  Environment,
+  Folder,
+  HttpRequest,
+  HttpUrlParameter,
+  PluginDefinition,
+  Workspace,
+} from '@yaakapp/api';
 import type { ControlOperator, ParseEntry } from 'shell-quote';
 import { parse } from 'shell-quote';
 
@@ -28,7 +36,7 @@ const SUPPORTED_FLAGS = [
   ['url-query'],
   ['user', 'u'], // Authentication
   DATA_FLAGS,
-].flatMap((v) => v);
+].flat();
 
 const BOOLEAN_FLAGS = ['G', 'get', 'digest'];
 
@@ -41,12 +49,40 @@ export const plugin: PluginDefinition = {
     name: 'cURL',
     description: 'Import cURL commands',
     onImport(_ctx: Context, args: { text: string }) {
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      // biome-ignore lint/suspicious/noExplicitAny: none
       return convertCurl(args.text) as any;
     },
   },
 };
 
+/**
+ * Decodes escape sequences in shell $'...' strings
+ * Handles Unicode escape sequences (\uXXXX) and common escape codes
+ */
+function decodeShellString(str: string): string {
+  return str
+    .replace(/\\u([0-9a-fA-F]{4})/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)))
+    .replace(/\\x([0-9a-fA-F]{2})/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)))
+    .replace(/\\n/g, '\n')
+    .replace(/\\r/g, '\r')
+    .replace(/\\t/g, '\t')
+    .replace(/\\'/g, "'")
+    .replace(/\\"/g, '"')
+    .replace(/\\\\/g, '\\');
+}
+
+/**
+ * Checks if a string might contain escape sequences that need decoding
+ * If so, decodes them; otherwise returns the string as-is
+ */
+function maybeDecodeEscapeSequences(str: string): string {
+  // Check if the string contains escape sequences that shell-quote might not handle
+  if (str.includes('\\u') || str.includes('\\x')) {
+    return decodeShellString(str);
+  }
+  return str;
+}
+
 export function convertCurl(rawData: string) {
   if (!rawData.match(/^\s*curl /)) {
     return null;
@@ -78,9 +114,11 @@ export function convertCurl(rawData: string) {
   for (const parseEntry of normalizedParseEntries) {
     if (typeof parseEntry === 'string') {
       if (parseEntry.startsWith('$')) {
-        currentCommand.push(parseEntry.slice(1));
+        // Handle $'...' strings from shell-quote - decode escape sequences
+        currentCommand.push(decodeShellString(parseEntry.slice(1)));
       } else {
-        currentCommand.push(parseEntry);
+        // Decode escape sequences that shell-quote might not handle
+        currentCommand.push(maybeDecodeEscapeSequences(parseEntry));
       }
       continue;
     }
@@ -100,7 +138,7 @@ export function convertCurl(rawData: string) {
 
     if (op?.startsWith('$')) {
       // Handle the case where literal like -H $'Header: \'Some Quoted Thing\''
-      const str = op.slice(2, op.length - 1).replace(/\\'/g, '\'');
+      const str = decodeShellString(op.slice(2, op.length - 1));
 
       currentCommand.push(str);
       continue;
@@ -153,7 +191,7 @@ function importCommand(parseEntries: ParseEntry[], workspaceId: string) {
         continue;
       }
 
-      let value;
+      let value: string | boolean;
       const nextEntry = parseEntries[i + 1];
       const hasValue = !BOOLEAN_FLAGS.includes(name);
       if (isSingleDash && name.length > 1) {
@@ -169,7 +207,7 @@ function importCommand(parseEntries: ParseEntry[], workspaceId: string) {
       }
 
       flagsByName[name] = flagsByName[name] || [];
-      flagsByName[name]!.push(value);
+      flagsByName[name]?.push(value);
     } else if (parseEntry) {
       singletons.push(parseEntry);
     }
@@ -184,7 +222,11 @@ function importCommand(parseEntries: ParseEntry[], workspaceId: string) {
   const urlParameters: HttpUrlParameter[] =
     search?.split('&').map((p) => {
       const v = splitOnce(p, '=');
-      return { name: decodeURIComponent(v[0] ?? ''), value: decodeURIComponent(v[1] ?? ''), enabled: true };
+      return {
+        name: decodeURIComponent(v[0] ?? ''),
+        value: decodeURIComponent(v[1] ?? ''),
+        enabled: true,
+      };
     }) ?? [];
 
   const url = baseUrl ?? urlArg;
@@ -209,15 +251,15 @@ function importCommand(parseEntries: ParseEntry[], workspaceId: string) {
   const authenticationType = username ? (isDigest ? 'digest' : 'basic') : null;
   const authentication = username
     ? {
-      username: username.trim(),
-      password: (password ?? '').trim(),
-    }
+        username: username.trim(),
+        password: (password ?? '').trim(),
+      }
     : {};
 
   // Headers
   const headers = [
-    ...((flagsByName['header'] as string[] | undefined) || []),
-    ...((flagsByName['H'] as string[] | undefined) || []),
+    ...((flagsByName.header as string[] | undefined) || []),
+    ...((flagsByName.H as string[] | undefined) || []),
   ].map((header) => {
     const [name, value] = header.split(/:(.*)$/);
     // remove final colon from header name if present
@@ -237,8 +279,8 @@ function importCommand(parseEntries: ParseEntry[], workspaceId: string) {
 
   // Cookies
   const cookieHeaderValue = [
-    ...((flagsByName['cookie'] as string[] | undefined) || []),
-    ...((flagsByName['b'] as string[] | undefined) || []),
+    ...((flagsByName.cookie as string[] | undefined) || []),
+    ...((flagsByName.b as string[] | undefined) || []),
   ]
     .map((str) => {
       const name = str.split('=', 1)[0];
@@ -269,8 +311,8 @@ function importCommand(parseEntries: ParseEntry[], workspaceId: string) {
 
   // Body (Multipart Form Data)
   const formDataParams = [
-    ...((flagsByName['form'] as string[] | undefined) || []),
-    ...((flagsByName['F'] as string[] | undefined) || []),
+    ...((flagsByName.form as string[] | undefined) || []),
+    ...((flagsByName.F as string[] | undefined) || []),
   ].map((str) => {
     const parts = str.split('=');
     const name = parts[0] ?? '';
@@ -281,9 +323,9 @@ function importCommand(parseEntries: ParseEntry[], workspaceId: string) {
     };
 
     if (value.indexOf('@') === 0) {
-      item['file'] = value.slice(1);
+      item.file = value.slice(1);
     } else {
-      item['value'] = value;
+      item.value = value;
     }
 
     return item;
@@ -384,7 +426,7 @@ function pairsToDataParameters(keyedPairs: FlagsByName): DataParameter[] {
 
     for (const p of pairs) {
       if (typeof p !== 'string') continue;
-      const params = p.split("&");
+      const params = p.split('&');
       for (const param of params) {
         const [name, value] = splitOnce(param, '=');
         if (param.startsWith('@')) {
@@ -398,7 +440,7 @@ function pairsToDataParameters(keyedPairs: FlagsByName): DataParameter[] {
         } else {
           dataParameters.push({
             name: name ?? '',
-            value: flagName === 'data-urlencode' ? encodeURIComponent(value ?? '') : value ?? '',
+            value: flagName === 'data-urlencode' ? encodeURIComponent(value ?? '') : (value ?? ''),
             enabled: true,
           });
         }
@@ -415,8 +457,8 @@ const getPairValue = <T extends string | boolean>(
   names: string[],
 ) => {
   for (const name of names) {
-    if (pairsByName[name] && pairsByName[name]!.length) {
-      return pairsByName[name]![0] as T;
+    if (pairsByName[name]?.length) {
+      return pairsByName[name]?.[0] as T;
     }
   }
 

plugins/importer-curl/tests/index.test.ts

@@ -374,7 +374,7 @@ describe('importer-curl', () => {
         httpRequests: [
           baseRequest({
             url: 'https://yaak.app',
-            method: "POST",
+            method: 'POST',
             bodyType: 'application/x-www-form-urlencoded',
             body: {
               form: [{ name: 'foo', value: 'bar=baz', enabled: true }],
@@ -391,6 +391,56 @@ describe('importer-curl', () => {
       },
     });
   });
+
+  test('Imports data with Unicode escape sequences', () => {
+    expect(
+      convertCurl(
+        `curl 'https://yaak.app' -H 'Content-Type: application/json' --data-raw $'{"query":"SearchQueryInput\\u0021"}' -X POST`,
+      ),
+    ).toEqual({
+      resources: {
+        workspaces: [baseWorkspace()],
+        httpRequests: [
+          baseRequest({
+            url: 'https://yaak.app',
+            method: 'POST',
+            headers: [{ name: 'Content-Type', value: 'application/json', enabled: true }],
+            bodyType: 'application/json',
+            body: { text: '{"query":"SearchQueryInput!"}' },
+          }),
+        ],
+      },
+    });
+  });
+
+  test('Imports data with multiple escape sequences', () => {
+    expect(
+      convertCurl(
+        `curl 'https://yaak.app' --data-raw $'Line1\\nLine2\\tTab\\u0021Exclamation' -X POST`,
+      ),
+    ).toEqual({
+      resources: {
+        workspaces: [baseWorkspace()],
+        httpRequests: [
+          baseRequest({
+            url: 'https://yaak.app',
+            method: 'POST',
+            bodyType: 'application/x-www-form-urlencoded',
+            body: {
+              form: [{ name: 'Line1\nLine2\tTab!Exclamation', value: '', enabled: true }],
+            },
+            headers: [
+              {
+                enabled: true,
+                name: 'Content-Type',
+                value: 'application/x-www-form-urlencoded',
+              },
+            ],
+          }),
+        ],
+      },
+    });
+  });
 });
 
 const idCount: Partial<Record<string, number>> = {};

plugins/importer-insomnia/package.json

@@ -7,7 +7,6 @@
   "scripts": {
     "build": "yaakcli build",
     "dev": "yaakcli dev",
-    "lint":"tsc --noEmit && eslint . --ext .ts,.tsx",
     "test": "vitest --run tests"
   },
   "dependencies": {

plugins/importer-insomnia/src/common.ts

@@ -1,9 +1,3 @@
-
-export function convertSyntax(variable: string): string {
-  if (!isJSString(variable)) return variable;
-  return variable.replaceAll(/{{\s*(_\.)?([^}]+)\s*}}/g, '${[$2]}');
-}
-
 export function isJSObject(obj: unknown) {
   return Object.prototype.toString.call(obj) === '[object Object]';
 }
@@ -22,13 +16,30 @@ export function convertId(id: string): string {
 export function deleteUndefinedAttrs<T>(obj: T): T {
   if (Array.isArray(obj) && obj != null) {
     return obj.map(deleteUndefinedAttrs) as T;
-  } else if (typeof obj === 'object' && obj != null) {
+  }
+  if (typeof obj === 'object' && obj != null) {
     return Object.fromEntries(
       Object.entries(obj)
         .filter(([, v]) => v !== undefined)
         .map(([k, v]) => [k, deleteUndefinedAttrs(v)]),
     ) as T;
-  } else {
-    return obj;
   }
+  return obj;
+}
+
+/** Recursively render all nested object properties */
+export function convertTemplateSyntax<T>(obj: T): T {
+  if (typeof obj === 'string') {
+    // biome-ignore lint/suspicious/noTemplateCurlyInString: Yaak template syntax
+    return obj.replaceAll(/{{\s*(_\.)?([^}]+)\s*}}/g, '${[$2]}') as T;
+  }
+  if (Array.isArray(obj) && obj != null) {
+    return obj.map(convertTemplateSyntax) as T;
+  }
+  if (typeof obj === 'object' && obj != null) {
+    return Object.fromEntries(
+      Object.entries(obj).map(([k, v]) => [k, convertTemplateSyntax(v)]),
+    ) as T;
+  }
+  return obj;
 }

plugins/importer-insomnia/src/v4.ts

@@ -1,6 +1,6 @@
-/* eslint-disable @typescript-eslint/no-explicit-any */
+// biome-ignore-all lint/suspicious/noExplicitAny: too flexible for strict types
 import type { PartialImportResources } from '@yaakapp/api';
-import { convertId, convertSyntax, isJSObject } from './common';
+import { convertId, convertTemplateSyntax, isJSObject } from './common';
 
 export function convertInsomniaV4(parsed: any) {
   if (!Array.isArray(parsed.resources)) return null;
@@ -60,7 +60,7 @@ export function convertInsomniaV4(parsed: any) {
   resources.environments = resources.environments.filter(Boolean);
   resources.workspaces = resources.workspaces.filter(Boolean);
 
-  return { resources };
+  return { resources: convertTemplateSyntax(resources) };
 }
 
 function importHttpRequest(r: any, workspaceId: string): PartialImportResources['httpRequests'][0] {
@@ -90,10 +90,10 @@ function importHttpRequest(r: any, workspaceId: string): PartialImportResources[
     };
   } else if (r.body?.mimeType === 'application/graphql') {
     bodyType = 'graphql';
-    body = { text: convertSyntax(r.body.text ?? '') };
+    body = { text: r.body.text ?? '' };
   } else if (r.body?.mimeType === 'application/json') {
     bodyType = 'application/json';
-    body = { text: convertSyntax(r.body.text ?? '') };
+    body = { text: r.body.text ?? '' };
   }
 
   let authenticationType: string | null = null;
@@ -101,13 +101,13 @@ function importHttpRequest(r: any, workspaceId: string): PartialImportResources[
   if (r.authentication.type === 'bearer') {
     authenticationType = 'bearer';
     authentication = {
-      token: convertSyntax(r.authentication.token),
+      token: r.authentication.token,
     };
   } else if (r.authentication.type === 'basic') {
     authenticationType = 'basic';
     authentication = {
-      username: convertSyntax(r.authentication.username),
-      password: convertSyntax(r.authentication.password),
+      username: r.authentication.username,
+      password: r.authentication.password,
     };
   }
 
@@ -121,7 +121,12 @@ function importHttpRequest(r: any, workspaceId: string): PartialImportResources[
     sortPriority: r.metaSortKey,
     name: r.name,
     description: r.description || undefined,
-    url: convertSyntax(r.url),
+    url: r.url,
+    urlParameters: (r.parameters ?? []).map((p: any) => ({
+      enabled: !p.disabled,
+      name: p.name ?? '',
+      value: p.value ?? '',
+    })),
     body,
     bodyType,
     authentication,
@@ -152,7 +157,7 @@ function importGrpcRequest(r: any, workspaceId: string): PartialImportResources[
     sortPriority: r.metaSortKey,
     name: r.name,
     description: r.description || undefined,
-    url: convertSyntax(r.url),
+    url: r.url,
     service,
     method,
     message: r.body?.text ?? '',
@@ -182,17 +187,17 @@ function importFolder(f: any, workspaceId: string): PartialImportResources['fold
 function importEnvironment(
   e: any,
   workspaceId: string,
-  isParent?: boolean,
+  isParentOg?: boolean,
 ): PartialImportResources['environments'][0] {
+  const isParent = isParentOg ?? e.parentId === workspaceId;
   return {
     id: convertId(e._id),
     createdAt: e.created ? new Date(e.created).toISOString().replace('Z', '') : undefined,
     updatedAt: e.modified ? new Date(e.modified).toISOString().replace('Z', '') : undefined,
     workspaceId: convertId(workspaceId),
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-expect-error
-    sortPriority: e.metaSortKey, // Will be added to Yaak later
-    base: isParent ?? e.parentId === workspaceId,
+    sortPriority: e.metaSortKey,
+    parentModel: isParent ? 'workspace' : 'environment',
+    parentId: null,
     model: 'environment',
     name: e.name,
     variables: Object.entries(e.data).map(([name, value]) => ({

plugins/importer-insomnia/src/v5.ts

@@ -1,6 +1,6 @@
-/* eslint-disable @typescript-eslint/no-explicit-any */
+// biome-ignore-all lint/suspicious/noExplicitAny: too flexible for strict types
 import type { PartialImportResources } from '@yaakapp/api';
-import { convertId, convertSyntax, isJSObject } from './common';
+import { convertId, convertTemplateSyntax, isJSObject } from './common';
 
 export function convertInsomniaV5(parsed: any) {
   // Assert parsed is object
@@ -69,7 +69,7 @@ export function convertInsomniaV5(parsed: any) {
   resources.environments = resources.environments.filter(Boolean);
   resources.workspaces = resources.workspaces.filter(Boolean);
 
-  return { resources };
+  return { resources: convertTemplateSyntax(resources) };
 }
 
 function importHttpRequest(
@@ -108,10 +108,10 @@ function importHttpRequest(
     };
   } else if (r.body?.mimeType === 'application/graphql') {
     bodyType = 'graphql';
-    body = { text: convertSyntax(r.body.text ?? '') };
+    body = { text: r.body.text ?? '' };
   } else if (r.body?.mimeType === 'application/json') {
     bodyType = 'application/json';
-    body = { text: convertSyntax(r.body.text ?? '') };
+    body = { text: r.body.text ?? '' };
   }
 
   return {
@@ -124,7 +124,12 @@ function importHttpRequest(
     model: 'http_request',
     name: r.name,
     description: r.meta?.description || undefined,
-    url: convertSyntax(r.url),
+    url: r.url,
+    urlParameters: (r.parameters ?? []).map((p: any) => ({
+      enabled: !p.disabled,
+      name: p.name ?? '',
+      value: p.value ?? '',
+    })),
     body,
     bodyType,
     method: r.method,
@@ -157,7 +162,7 @@ function importGrpcRequest(
     sortPriority: sortKey,
     name: r.name,
     description: r.description || undefined,
-    url: convertSyntax(r.url),
+    url: r.url,
     service,
     method,
     message: r.body?.text ?? '',
@@ -191,7 +196,7 @@ function importWebsocketRequest(
     sortPriority: sortKey,
     name: r.name,
     description: r.description || undefined,
-    url: convertSyntax(r.url),
+    url: r.url,
     message: r.body?.text ?? '',
     ...importHeaders(r),
     ...importAuthentication(r),
@@ -215,13 +220,13 @@ function importAuthentication(obj: any) {
   if (obj.authentication?.type === 'bearer') {
     authenticationType = 'bearer';
     authentication = {
-      token: convertSyntax(obj.authentication.token),
+      token: obj.authentication.token,
     };
   } else if (obj.authentication?.type === 'basic') {
     authenticationType = 'basic';
     authentication = {
-      username: convertSyntax(obj.authentication.username),
-      password: convertSyntax(obj.authentication.password),
+      username: obj.authentication.username,
+      password: obj.authentication.password,
     };
   }
 
@@ -244,7 +249,7 @@ function importFolder(
   let environment: PartialImportResources['environments'][0] | null = null;
   if (Object.keys(f.environment ?? {}).length > 0) {
     environment = {
-      id: convertId(id + 'folder'),
+      id: convertId(`${id}folder`),
       createdAt: created ? new Date(created).toISOString().replace('Z', '') : undefined,
       updatedAt: updated ? new Date(updated).toISOString().replace('Z', '') : undefined,
       workspaceId: convertId(workspaceId),
@@ -295,9 +300,7 @@ function importEnvironment(
     updatedAt: updated ? new Date(updated).toISOString().replace('Z', '') : undefined,
     workspaceId: convertId(workspaceId),
     public: !e.isPrivate,
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-expect-error
-    sortPriority: sortKey, // Will be added to Yaak later
+    sortPriority: sortKey,
     parentModel: isParent ? 'workspace' : 'environment',
     parentId: null,
     model: 'environment',

plugins/importer-insomnia/tests/fixtures/basic.output.json

@@ -5,7 +5,8 @@
         "createdAt": "2025-01-13T15:15:43.767",
         "updatedAt": "2025-01-13T15:15:55.209",
         "sortPriority": 1736781343767,
-        "base": true,
+        "parentId": null,
+        "parentModel": "workspace",
         "id": "GENERATE_ID::env_16c0dec5b77c414ae0e419b8f10c3701300c5900",
         "model": "environment",
         "name": "Base Environment",
@@ -22,7 +23,8 @@
         "createdAt": "2025-01-13T15:15:58.515",
         "updatedAt": "2025-01-13T15:16:34.705",
         "sortPriority": 1736781358515,
-        "base": false,
+        "parentId": null,
+        "parentModel": "environment",
         "id": "GENERATE_ID::env_799ae3d723ef44af91b4817e5d057e6d",
         "model": "environment",
         "name": "Production",
@@ -39,7 +41,8 @@
         "createdAt": "2025-01-13T15:16:14.707",
         "updatedAt": "2025-01-13T15:16:31.078",
         "sortPriority": 1736781358565,
-        "base": false,
+        "parentId": null,
+        "parentModel": "environment",
         "id": "GENERATE_ID::env_030fbfdbb274426ebd78e2e6518f8553",
         "model": "environment",
         "name": "Staging",
@@ -110,6 +113,13 @@
         "model": "http_request",
         "name": "New Request",
         "url": "${[BASE_URL ]}/foo/:id",
+        "urlParameters": [
+          {
+            "name": "query",
+            "value": "qqq",
+            "enabled": true
+          }
+        ],
         "workspaceId": "GENERATE_ID::wrk_d4d92f7c0ee947b89159243506687019"
       }
     ],

plugins/importer-insomnia/tests/fixtures/version-5-minimal.output.json

@@ -76,6 +76,7 @@
         "sortPriority": -1747414129276,
         "updatedAt": "2025-05-16T16:48:49.313",
         "url": "https://httpbin.org/post",
+        "urlParameters": [],
         "workspaceId": "GENERATE_ID::wrk_9717dd1c9e0c4b2e9ed6d2abcf3bd45c"
       },
       {
@@ -98,6 +99,7 @@
         "name": "New Request",
         "sortPriority": -1747414160498,
         "updatedAt": "2025-05-16T16:49:20.497",
+        "urlParameters": [],
         "workspaceId": "GENERATE_ID::wrk_9717dd1c9e0c4b2e9ed6d2abcf3bd45c"
       }
     ],

plugins/importer-insomnia/tests/fixtures/version-5.input.yaml

@@ -46,6 +46,10 @@ collection:
             name: X-Header
             value: xxxx
             disabled: false
+          - id: pair_ab4b870278e943cba6babf5a73e213e3
+            name: "{{ _.ApiHeaderName }}"
+            value: "{{ _.ApiKey }}"
+            disabled: false
         authentication:
           type: basic
           useISO88591: false

plugins/importer-insomnia/tests/fixtures/version-5.output.json

@@ -127,6 +127,11 @@
             "enabled": true,
             "name": "X-Header",
             "value": "xxxx"
+          },
+          {
+            "enabled": true,
+            "name": "${[ApiHeaderName ]}",
+            "value": "${[ApiKey ]}"
           }
         ],
         "id": "GENERATE_ID::req_d72fff2a6b104b91a2ebe9de9edd2785",
@@ -135,6 +140,13 @@
         "name": "New Request",
         "sortPriority": -1736781406672,
         "url": "${[BASE_URL ]}/foo/:id",
+        "urlParameters": [
+          {
+            "name": "query",
+            "value": "qqq",
+            "enabled": true
+          }
+        ],
         "workspaceId": "GENERATE_ID::wrk_c1eacfa750a04f3ea9985ef28043fa53"
       }
     ],

plugins/importer-insomnia/tests/index.test.ts

@@ -13,9 +13,12 @@ describe('importer-yaak', () => {
       continue;
     }
 
-    test('Imports ' + fixture, () => {
+    test(`Imports ${fixture}`, () => {
       const contents = fs.readFileSync(path.join(p, fixture), 'utf-8');
-      const expected = fs.readFileSync(path.join(p, fixture.replace(/.input\..*/, '.output.json')), 'utf-8');
+      const expected = fs.readFileSync(
+        path.join(p, fixture.replace(/.input\..*/, '.output.json')),
+        'utf-8',
+      );
       const result = convertInsomnia(contents);
       // console.log(JSON.stringify(result, null, 2))
       expect(result).toEqual(parseJsonOrYaml(expected));

plugins/importer-openapi/package.json

@@ -7,7 +7,6 @@
   "scripts": {
     "build": "yaakcli build",
     "dev": "yaakcli dev",
-    "lint":"tsc --noEmit && eslint . --ext .ts,.tsx",
     "test": "vitest --run tests"
   },
   "dependencies": {

plugins/importer-openapi/src/index.ts

@@ -14,10 +14,11 @@ export const plugin: PluginDefinition = {
 };
 
 export async function convertOpenApi(contents: string): Promise<ImportPluginResponse | undefined> {
-  let postmanCollection;
+  // biome-ignore lint/suspicious/noExplicitAny: none
+  let postmanCollection: any;
   try {
     postmanCollection = await new Promise((resolve, reject) => {
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      // biome-ignore lint/suspicious/noExplicitAny: none
       convert({ type: 'string', data: contents }, {}, (err, result: any) => {
         if (err != null) reject(err);
 

plugins/importer-openapi/tests/index.test.ts

@@ -13,7 +13,7 @@ describe('importer-openapi', () => {
   });
 
   for (const fixture of fixtures) {
-    test('Imports ' + fixture, async () => {
+    test(`Imports ${fixture}`, async () => {
       const contents = fs.readFileSync(path.join(p, fixture), 'utf-8');
       const imported = await convertOpenApi(contents);
       expect(imported?.resources.workspaces).toEqual([

plugins/importer-postman-environment/package.json

@@ -0,0 +1,13 @@
+{
+  "name": "@yaak/importer-postman-environment",
+  "displayName": "Postman Environment Importer",
+  "description": "Import environments from Postman",
+  "private": true,
+  "version": "0.1.0",
+  "main": "./build/index.js",
+  "scripts": {
+    "build": "yaakcli build",
+    "dev": "yaakcli dev",
+    "test": "vitest --run tests"
+  }
+}

plugins/importer-postman-environment/src/index.ts

@@ -0,0 +1,136 @@
+import type {
+  Context,
+  Environment,
+  PartialImportResources,
+  PluginDefinition,
+  Workspace,
+} from '@yaakapp/api';
+import type { ImportPluginResponse } from '@yaakapp/api/lib/plugins/ImporterPlugin';
+
+type AtLeast<T, K extends keyof T> = Partial<T> & Pick<T, K>;
+
+interface ExportResources {
+  workspaces: AtLeast<Workspace, 'name' | 'id' | 'model'>[];
+  environments: AtLeast<Environment, 'name' | 'id' | 'model' | 'workspaceId'>[];
+}
+
+export const plugin: PluginDefinition = {
+  importer: {
+    name: 'Postman Environment',
+    description: 'Import postman environment exports',
+    onImport(_ctx: Context, args: { text: string }) {
+      return convertPostmanEnvironment(args.text);
+    },
+  },
+};
+
+export function convertPostmanEnvironment(contents: string): ImportPluginResponse | undefined {
+  const root = parseJSONToRecord(contents);
+  if (root == null) return;
+
+  // Validate that it looks like a Postman Environment export
+  const values = toArray<{
+    key?: string;
+    value?: unknown;
+    enabled?: boolean;
+    description?: string;
+    type?: string;
+  }>(root.values);
+  const scope = root._postman_variable_scope;
+  const hasEnvMarkers = typeof scope === 'string';
+
+  if (values.length === 0 || (!hasEnvMarkers && typeof root.name !== 'string')) {
+    // Not a Postman environment file, skip
+    return;
+  }
+
+  const exportResources: ExportResources = {
+    workspaces: [],
+    environments: [],
+  };
+
+  const envVariables = values
+    .map((v) => ({
+      enabled: v.enabled ?? true,
+      name: String(v.key ?? ''),
+      value: String(v.value),
+      description: v.description ? String(v.description) : null,
+    }))
+    .filter((v) => v.name.length > 0);
+
+  const environment: ExportResources['environments'][0] = {
+    model: 'environment',
+    id: generateId('environment'),
+    name: root.name ? String(root.name) : 'Environment',
+    workspaceId: 'CURRENT_WORKSPACE',
+    parentModel: 'environment',
+    parentId: null,
+    variables: envVariables,
+  };
+  exportResources.environments.push(environment);
+
+  const resources = deleteUndefinedAttrs(
+    convertTemplateSyntax(exportResources),
+  ) as PartialImportResources;
+
+  return { resources };
+}
+
+function parseJSONToRecord<T>(jsonStr: string): Record<string, T> | null {
+  try {
+    return toRecord(JSON.parse(jsonStr));
+  } catch {
+    return null;
+  }
+}
+
+function toRecord<T>(value: Record<string, T> | unknown): Record<string, T> {
+  if (value && typeof value === 'object' && !Array.isArray(value)) {
+    return value as Record<string, T>;
+  }
+  return {} as Record<string, T>;
+}
+
+function toArray<T>(value: unknown): T[] {
+  if (Object.prototype.toString.call(value) === '[object Array]') return value as T[];
+  return [] as T[];
+}
+
+/** Recursively render all nested object properties */
+function convertTemplateSyntax<T>(obj: T): T {
+  if (typeof obj === 'string') {
+    return obj.replace(/{{\s*(_\.)?([^}]*)\s*}}/g, (_m, _dot, expr) => `\${[${expr.trim()}]}`) as T;
+  }
+  if (Array.isArray(obj) && obj != null) {
+    return obj.map(convertTemplateSyntax) as T;
+  }
+  if (typeof obj === 'object' && obj != null) {
+    return Object.fromEntries(
+      Object.entries(obj as Record<string, unknown>).map(([k, v]) => [k, convertTemplateSyntax(v)]),
+    ) as T;
+  }
+  return obj;
+}
+
+function deleteUndefinedAttrs<T>(obj: T): T {
+  if (Array.isArray(obj) && obj != null) {
+    return obj.map(deleteUndefinedAttrs) as T;
+  }
+  if (typeof obj === 'object' && obj != null) {
+    return Object.fromEntries(
+      Object.entries(obj as Record<string, unknown>)
+        .filter(([, v]) => v !== undefined)
+        .map(([k, v]) => [k, deleteUndefinedAttrs(v)]),
+    ) as T;
+  }
+  return obj;
+}
+
+const idCount: Partial<Record<string, number>> = {};
+
+function generateId(model: string): string {
+  idCount[model] = (idCount[model] ?? -1) + 1;
+  return `GENERATE_ID::${model.toUpperCase()}_${idCount[model]}`;
+}
+
+export default plugin;

plugins/importer-postman-environment/tests/fixtures/environment.input.json

@@ -0,0 +1,27 @@
+{
+  "id": "123",
+  "name": "My Environment",
+  "values": [
+    {
+      "key": "baseUrl",
+      "value": "https://api.example.com",
+      "type": "default",
+      "enabled": true
+    },
+    {
+      "key": "token",
+      "value": "{{ access_token }}",
+      "type": "default",
+      "description": "Access token for the API.",
+      "enabled": true
+    },
+    {
+      "key": "disabled",
+      "type": "secret",
+      "value": "hello",
+      "enabled": false
+    }
+  ],
+  "_postman_variable_scope": "environment",
+  "_postman_exported_using": "PostmanRuntime/1.0.0"
+}

plugins/importer-postman-environment/tests/fixtures/environment.output.json

@@ -0,0 +1,35 @@
+{
+  "resources": {
+    "workspaces": [],
+    "environments": [
+      {
+        "id": "GENERATE_ID::ENVIRONMENT_0",
+        "model": "environment",
+        "name": "My Environment",
+        "variables": [
+          {
+            "enabled": true,
+            "description": null,
+            "name": "baseUrl",
+            "value": "https://api.example.com"
+          },
+          {
+            "enabled": true,
+            "description": "Access token for the API.",
+            "name": "token",
+            "value": "${[access_token]}"
+          },
+          {
+            "enabled": false,
+            "description": null,
+            "name": "disabled",
+            "value": "hello"
+          }
+        ],
+        "workspaceId": "CURRENT_WORKSPACE",
+        "parentId": null,
+        "parentModel": "environment"
+      }
+    ]
+  }
+}

plugins/importer-postman-environment/tests/index.test.ts

@@ -0,0 +1,22 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { describe, expect, test } from 'vitest';
+import { convertPostmanEnvironment } from '../src';
+
+describe('importer-postman-environment', () => {
+  const p = path.join(__dirname, 'fixtures');
+  const fixtures = fs.readdirSync(p);
+
+  for (const fixture of fixtures) {
+    if (fixture.includes('.output')) {
+      continue;
+    }
+
+    test(`Imports ${fixture}`, () => {
+      const contents = fs.readFileSync(path.join(p, fixture), 'utf-8');
+      const expected = fs.readFileSync(path.join(p, fixture.replace('.input', '.output')), 'utf-8');
+      const result = convertPostmanEnvironment(contents);
+      expect(result).toEqual(JSON.parse(expected));
+    });
+  }
+});

plugins/importer-postman-environment/tsconfig.json

@@ -0,0 +1,3 @@
+{
+  "extends": "../../tsconfig.json"
+}

plugins/importer-postman/package.json

@@ -8,7 +8,6 @@
   "scripts": {
     "build": "yaakcli build",
     "dev": "yaakcli dev",
-    "lint": "tsc --noEmit && eslint . --ext .ts,.tsx",
     "test": "vitest --run tests"
   }
 }

plugins/importer-postman/src/index.ts

@@ -68,6 +68,7 @@ export function convertPostman(contents: string): ImportPluginResponse | undefin
     id: generateId('workspace'),
     name: info.name ? String(info.name) : 'Postman Import',
     description,
+    ...globalAuth,
   };
   exportResources.workspaces.push(workspace);
 
@@ -105,8 +106,7 @@ export function convertPostman(contents: string): ImportPluginResponse | undefin
     } else if (typeof v.name === 'string' && 'request' in v) {
       const r = toRecord(v.request);
       const bodyPatch = importBody(r.body);
-      const requestAuthPath = importAuth(r.auth);
-      const authPatch = requestAuthPath.authenticationType == null ? globalAuth : requestAuthPath;
+      const requestAuth = importAuth(r.auth);
 
       const headers: HttpRequestHeader[] = toArray<{
         key: string;
@@ -145,10 +145,9 @@ export function convertPostman(contents: string): ImportPluginResponse | undefin
         urlParameters,
         body: bodyPatch.body,
         bodyType: bodyPatch.bodyType,
-        authentication: authPatch.authentication,
-        authenticationType: authPatch.authenticationType,
         sortPriority: sortPriorityIndex++,
         headers,
+        ...requestAuth,
       };
       exportResources.httpRequests.push(request);
     } else {
@@ -206,7 +205,7 @@ function convertUrl(rawUrl: string | unknown): Pick<HttpRequest, 'url' | 'urlPar
   if ('variable' in url && Array.isArray(url.variable) && url.variable.length > 0) {
     for (const v of url.variable) {
       params.push({
-        name: ':' + (v.key ?? ''),
+        name: `:${v.key ?? ''}`,
         value: v.value ?? '',
         enabled: !v.disabled,
       });
@@ -223,25 +222,159 @@ function convertUrl(rawUrl: string | unknown): Pick<HttpRequest, 'url' | 'urlPar
 }
 
 function importAuth(rawAuth: unknown): Pick<HttpRequest, 'authentication' | 'authenticationType'> {
-  const auth = toRecord<{ username?: string; password?: string; token?: string }>(rawAuth);
-  if ('basic' in auth) {
+  const auth = toRecord<Record<string, string>>(rawAuth);
+
+  // Helper: Postman stores auth params as an array of { key, value, ... }
+  const pmArrayToObj = (v: unknown): Record<string, unknown> => {
+    if (!Array.isArray(v)) return toRecord(v);
+    const o: Record<string, unknown> = {};
+    for (const i of v) {
+      const ii = toRecord(i);
+      if (typeof ii.key === 'string') {
+        o[ii.key] = ii.value;
+      }
+    }
+    return o;
+  };
+
+  const authType: string | undefined = auth.type ? String(auth.type) : undefined;
+
+  if (authType === 'noauth') {
+    return {
+      authenticationType: 'none',
+      authentication: {},
+    };
+  }
+
+  if ('basic' in auth && authType === 'basic') {
+    const b = pmArrayToObj(auth.basic);
     return {
       authenticationType: 'basic',
       authentication: {
-        username: auth.basic.username || '',
-        password: auth.basic.password || '',
+        username: String(b.username ?? ''),
+        password: String(b.password ?? ''),
       },
     };
-  } else if ('bearer' in auth) {
+  }
+
+  if ('bearer' in auth && authType === 'bearer') {
+    const b = pmArrayToObj(auth.bearer);
+    // Postman uses key "token"
     return {
       authenticationType: 'bearer',
       authentication: {
-        token: auth.bearer.token || '',
+        token: String(b.token ?? ''),
       },
     };
-  } else {
-    return { authenticationType: null, authentication: {} };
   }
+
+  if ('awsv4' in auth && authType === 'awsv4') {
+    const a = pmArrayToObj(auth.awsv4);
+    return {
+      authenticationType: 'awsv4',
+      authentication: {
+        accessKeyId: a.accessKey != null ? String(a.accessKey) : undefined,
+        secretAccessKey: a.secretKey != null ? String(a.secretKey) : undefined,
+        sessionToken: a.sessionToken != null ? String(a.sessionToken) : undefined,
+        region: a.region != null ? String(a.region) : undefined,
+        service: a.service != null ? String(a.service) : undefined,
+      },
+    };
+  }
+
+  if ('apikey' in auth && authType === 'apikey') {
+    const a = pmArrayToObj(auth.apikey);
+    return {
+      authenticationType: 'apikey',
+      authentication: {
+        location: a.in === 'query' ? 'query' : 'header',
+        key: a.value != null ? String(a.value) : undefined,
+        value: a.key != null ? String(a.key) : undefined,
+      },
+    };
+  }
+
+  if ('jwt' in auth && authType === 'jwt') {
+    const a = pmArrayToObj(auth.jwt);
+    return {
+      authenticationType: 'jwt',
+      authentication: {
+        algorithm: a.algorithm != null ? String(a.algorithm).toUpperCase() : undefined,
+        secret: a.secret != null ? String(a.secret) : undefined,
+        secretBase64: !!a.isSecretBase64Encoded,
+        payload: a.payload != null ? String(a.payload) : undefined,
+        headerPrefix: a.headerPrefix != null ? String(a.headerPrefix) : undefined,
+        location: a.addTokenTo === 'header' ? 'header' : 'query',
+      },
+    };
+  }
+
+  if ('oauth2' in auth && authType === 'oauth2') {
+    const o = pmArrayToObj(auth.oauth2);
+
+    let grantType = o.grant_type ? String(o.grant_type) : 'authorization_code';
+    let pkcePatch: Record<string, unknown> = {};
+
+    if (grantType === 'authorization_code_with_pkce') {
+      grantType = 'authorization_code';
+      pkcePatch =
+        o.grant_type === 'authorization_code_with_pkce'
+          ? {
+              usePkce: true,
+              pkceChallengeMethod: o.challengeAlgorithm ?? undefined,
+              pkceCodeVerifier: o.code_verifier != null ? String(o.code_verifier) : undefined,
+            }
+          : {};
+    } else if (grantType === 'password_credentials') {
+      grantType = 'password';
+    }
+
+    const accessTokenUrl = o.accessTokenUrl != null ? String(o.accessTokenUrl) : undefined;
+    const audience = o.audience != null ? String(o.audience) : undefined;
+    const authorizationUrl = o.authUrl != null ? String(o.authUrl) : undefined;
+    const clientId = o.clientId != null ? String(o.clientId) : undefined;
+    const clientSecret = o.clientSecret != null ? String(o.clientSecret) : undefined;
+    const credentials = o.client_authentication === 'body' ? 'body' : undefined;
+    const headerPrefix = o.headerPrefix ?? 'Bearer';
+    const password = o.password != null ? String(o.password) : undefined;
+    const redirectUri = o.redirect_uri != null ? String(o.redirect_uri) : undefined;
+    const scope = o.scope != null ? String(o.scope) : undefined;
+    const state = o.state != null ? String(o.state) : undefined;
+    const username = o.username != null ? String(o.username) : undefined;
+
+    let grantPatch: Record<string, unknown> = {};
+    if (grantType === 'authorization_code') {
+      grantPatch = {
+        clientSecret,
+        authorizationUrl,
+        accessTokenUrl,
+        redirectUri,
+        state,
+        ...pkcePatch,
+      };
+    } else if (grantType === 'implicit') {
+      grantPatch = { authorizationUrl, redirectUri, state };
+    } else if (grantType === 'password') {
+      grantPatch = { clientSecret, accessTokenUrl, username, password };
+    } else if (grantType === 'client_credentials') {
+      grantPatch = { clientSecret, accessTokenUrl };
+    }
+
+    const authentication = {
+      name: 'oauth2',
+      grantType,
+      audience,
+      clientId,
+      credentials,
+      headerPrefix,
+      scope,
+      ...grantPatch,
+    } as Record<string, unknown>;
+
+    return { authenticationType: 'oauth2', authentication };
+  }
+
+  return { authenticationType: null, authentication: {} };
 }
 
 function importBody(rawBody: unknown): Pick<HttpRequest, 'body' | 'bodyType' | 'headers'> {
@@ -281,7 +414,8 @@ function importBody(rawBody: unknown): Pick<HttpRequest, 'body' | 'bodyType' | '
         ),
       },
     };
-  } else if (body.mode === 'urlencoded') {
+  }
+  if (body.mode === 'urlencoded') {
     return {
       headers: [
         {
@@ -299,7 +433,8 @@ function importBody(rawBody: unknown): Pick<HttpRequest, 'body' | 'bodyType' | '
         })),
       },
     };
-  } else if (body.mode === 'formdata') {
+  }
+  if (body.mode === 'formdata') {
     return {
       headers: [
         {
@@ -326,7 +461,8 @@ function importBody(rawBody: unknown): Pick<HttpRequest, 'body' | 'bodyType' | '
         ),
       },
     };
-  } else if (body.mode === 'raw') {
+  }
+  if (body.mode === 'raw') {
     return {
       headers: [
         {
@@ -340,7 +476,8 @@ function importBody(rawBody: unknown): Pick<HttpRequest, 'body' | 'bodyType' | '
         text: body.raw ?? '',
       },
     };
-  } else if (body.mode === 'file') {
+  }
+  if (body.mode === 'file') {
     return {
       headers: [],
       bodyType: 'binary',
@@ -348,9 +485,8 @@ function importBody(rawBody: unknown): Pick<HttpRequest, 'body' | 'bodyType' | '
         filePath: body.file?.src,
       },
     };
-  } else {
-    return { headers: [], bodyType: null, body: {} };
   }
+  return { headers: [], bodyType: null, body: {} };
 }
 
 function parseJSONToRecord<T>(jsonStr: string): Record<string, T> | null {
@@ -370,36 +506,40 @@ function toRecord<T>(value: Record<string, T> | unknown): Record<string, T> {
 
 function toArray<T>(value: unknown): T[] {
   if (Object.prototype.toString.call(value) === '[object Array]') return value as T[];
-  else return [];
+  return [];
 }
 
 /** Recursively render all nested object properties */
 function convertTemplateSyntax<T>(obj: T): T {
   if (typeof obj === 'string') {
-    return obj.replace(/{{\s*(_\.)?([^}]+)\s*}}/g, '${[$2]}') as T;
-  } else if (Array.isArray(obj) && obj != null) {
+    return obj.replace(
+      /{{\s*(_\.)?([^}]*)\s*}}/g,
+      (_m, _dot, expr) => `\${[${expr.trim().replace(/^vault:/, '')}]}`,
+    ) as T;
+  }
+  if (Array.isArray(obj) && obj != null) {
     return obj.map(convertTemplateSyntax) as T;
-  } else if (typeof obj === 'object' && obj != null) {
+  }
+  if (typeof obj === 'object' && obj != null) {
     return Object.fromEntries(
       Object.entries(obj).map(([k, v]) => [k, convertTemplateSyntax(v)]),
     ) as T;
-  } else {
-    return obj;
   }
+  return obj;
 }
 
 function deleteUndefinedAttrs<T>(obj: T): T {
   if (Array.isArray(obj) && obj != null) {
     return obj.map(deleteUndefinedAttrs) as T;
-  } else if (typeof obj === 'object' && obj != null) {
+  }
+  if (typeof obj === 'object' && obj != null) {
     return Object.fromEntries(
       Object.entries(obj)
         .filter(([, v]) => v !== undefined)
         .map(([k, v]) => [k, deleteUndefinedAttrs(v)]),
     ) as T;
-  } else {
-    return obj;
   }
+  return obj;
 }
 
 const idCount: Partial<Record<string, number>> = {};

plugins/importer-postman/tests/fixtures/auth.input.json

@@ -0,0 +1,784 @@
+{
+  "info": {
+    "_postman_id": "9e6dfada-256c-49ea-a38f-7d1b05b7ca2d",
+    "name": "Authentication",
+    "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
+    "_exporter_id": "18798"
+  },
+  "item": [
+    {
+      "name": "No Auth",
+      "request": {
+        "auth": {
+          "type": "noauth"
+        },
+        "method": "GET",
+        "header": [],
+        "url": {
+          "raw": "https://yaak.app/x/echo",
+          "protocol": "https",
+          "host": ["yaak", "app"],
+          "path": ["x", "echo"]
+        }
+      },
+      "response": []
+    },
+    {
+      "name": "Inherit",
+      "request": {
+        "method": "GET",
+        "header": [],
+        "url": {
+          "raw": "https://yaak.app/x/echo",
+          "protocol": "https",
+          "host": ["yaak", "app"],
+          "path": ["x", "echo"]
+        }
+      },
+      "response": []
+    },
+    {
+      "name": "OAuth 2 Auth Code",
+      "protocolProfileBehavior": {
+        "disableBodyPruning": true
+      },
+      "request": {
+        "auth": {
+          "type": "oauth2",
+          "oauth2": [
+            {
+              "key": "grant_type",
+              "value": "authorization_code",
+              "type": "string"
+            },
+            {
+              "key": "headerPrefix",
+              "value": "Bearer",
+              "type": "string"
+            },
+            {
+              "key": "client_authentication",
+              "value": "header",
+              "type": "string"
+            },
+            {
+              "key": "challengeAlgorithm",
+              "value": "S256",
+              "type": "string"
+            },
+            {
+              "key": "refreshTokenUrl",
+              "value": "https://github.com/login/oauth/access_token",
+              "type": "string"
+            },
+            {
+              "key": "state",
+              "value": "state",
+              "type": "string"
+            },
+            {
+              "key": "scope",
+              "value": "scope",
+              "type": "string"
+            },
+            {
+              "key": "code_verifier",
+              "value": "verifier",
+              "type": "string"
+            },
+            {
+              "key": "clientSecret",
+              "value": "clientsecet",
+              "type": "string"
+            },
+            {
+              "key": "clientId",
+              "value": "cliend id",
+              "type": "string"
+            },
+            {
+              "key": "authUrl",
+              "value": "https://github.com/login/oauth/authorize",
+              "type": "string"
+            },
+            {
+              "key": "accessTokenUrl",
+              "value": "https://github.com/login/oauth/access_token",
+              "type": "string"
+            },
+            {
+              "key": "useBrowser",
+              "value": true,
+              "type": "boolean"
+            },
+            {
+              "key": "redirect_uri",
+              "value": "https://callback",
+              "type": "string"
+            },
+            {
+              "key": "tokenName",
+              "value": "name",
+              "type": "string"
+            },
+            {
+              "key": "addTokenTo",
+              "value": "header",
+              "type": "string"
+            }
+          ]
+        },
+        "method": "GET",
+        "header": [],
+        "body": {
+          "mode": "raw",
+          "raw": "{\n    \"hello\": \"world\"\n}",
+          "options": {
+            "raw": {
+              "language": "json"
+            }
+          }
+        },
+        "url": {
+          "raw": "{{vault:hello}}",
+          "host": ["{{vault:hello}}"]
+        }
+      },
+      "response": []
+    },
+    {
+      "name": "OAuth 2 Auth Code (PKCE)",
+      "protocolProfileBehavior": {
+        "disableBodyPruning": true
+      },
+      "request": {
+        "auth": {
+          "type": "oauth2",
+          "oauth2": [
+            {
+              "key": "headerPrefix",
+              "value": "Bearer",
+              "type": "string"
+            },
+            {
+              "key": "client_authentication",
+              "value": "header",
+              "type": "string"
+            },
+            {
+              "key": "challengeAlgorithm",
+              "value": "S256",
+              "type": "string"
+            },
+            {
+              "key": "refreshTokenUrl",
+              "value": "https://github.com/login/oauth/access_token",
+              "type": "string"
+            },
+            {
+              "key": "state",
+              "value": "state",
+              "type": "string"
+            },
+            {
+              "key": "scope",
+              "value": "scope",
+              "type": "string"
+            },
+            {
+              "key": "code_verifier",
+              "value": "verifier",
+              "type": "string"
+            },
+            {
+              "key": "grant_type",
+              "value": "authorization_code_with_pkce",
+              "type": "string"
+            },
+            {
+              "key": "clientSecret",
+              "value": "clientsecet",
+              "type": "string"
+            },
+            {
+              "key": "clientId",
+              "value": "cliend id",
+              "type": "string"
+            },
+            {
+              "key": "authUrl",
+              "value": "https://github.com/login/oauth/authorize",
+              "type": "string"
+            },
+            {
+              "key": "accessTokenUrl",
+              "value": "https://github.com/login/oauth/access_token",
+              "type": "string"
+            },
+            {
+              "key": "useBrowser",
+              "value": true,
+              "type": "boolean"
+            },
+            {
+              "key": "redirect_uri",
+              "value": "https://callback",
+              "type": "string"
+            },
+            {
+              "key": "tokenName",
+              "value": "name",
+              "type": "string"
+            },
+            {
+              "key": "addTokenTo",
+              "value": "header",
+              "type": "string"
+            }
+          ]
+        },
+        "method": "GET",
+        "header": [],
+        "body": {
+          "mode": "raw",
+          "raw": "{\n    \"hello\": \"world\"\n}",
+          "options": {
+            "raw": {
+              "language": "json"
+            }
+          }
+        },
+        "url": {
+          "raw": "{{vault:hello}}",
+          "host": ["{{vault:hello}}"]
+        }
+      },
+      "response": []
+    },
+    {
+      "name": "OAuth 2 Implicit",
+      "protocolProfileBehavior": {
+        "disableBodyPruning": true
+      },
+      "request": {
+        "auth": {
+          "type": "oauth2",
+          "oauth2": [
+            {
+              "key": "client_authentication",
+              "value": "header",
+              "type": "string"
+            },
+            {
+              "key": "redirect_uri",
+              "value": "https://yaak.app/x/echo",
+              "type": "string"
+            },
+            {
+              "key": "useBrowser",
+              "value": false,
+              "type": "boolean"
+            },
+            {
+              "key": "grant_type",
+              "value": "implicit",
+              "type": "string"
+            },
+            {
+              "key": "headerPrefix",
+              "value": "Bearer",
+              "type": "string"
+            },
+            {
+              "key": "challengeAlgorithm",
+              "value": "S256",
+              "type": "string"
+            },
+            {
+              "key": "refreshTokenUrl",
+              "value": "https://github.com/login/oauth/access_token",
+              "type": "string"
+            },
+            {
+              "key": "state",
+              "value": "state",
+              "type": "string"
+            },
+            {
+              "key": "scope",
+              "value": "scope",
+              "type": "string"
+            },
+            {
+              "key": "code_verifier",
+              "value": "verifier",
+              "type": "string"
+            },
+            {
+              "key": "clientSecret",
+              "value": "clientsecet",
+              "type": "string"
+            },
+            {
+              "key": "clientId",
+              "value": "cliend id",
+              "type": "string"
+            },
+            {
+              "key": "authUrl",
+              "value": "https://github.com/login/oauth/authorize",
+              "type": "string"
+            },
+            {
+              "key": "accessTokenUrl",
+              "value": "https://github.com/login/oauth/access_token",
+              "type": "string"
+            },
+            {
+              "key": "tokenName",
+              "value": "name",
+              "type": "string"
+            },
+            {
+              "key": "addTokenTo",
+              "value": "header",
+              "type": "string"
+            }
+          ]
+        },
+        "method": "GET",
+        "header": [],
+        "body": {
+          "mode": "raw",
+          "raw": "{\n    \"hello\": \"world\"\n}",
+          "options": {
+            "raw": {
+              "language": "json"
+            }
+          }
+        },
+        "url": {
+          "raw": "{{vault:hello}}",
+          "host": ["{{vault:hello}}"]
+        }
+      },
+      "response": []
+    },
+    {
+      "name": "OAuth 2 Password",
+      "protocolProfileBehavior": {
+        "disableBodyPruning": true
+      },
+      "request": {
+        "auth": {
+          "type": "oauth2",
+          "oauth2": [
+            {
+              "key": "password",
+              "value": "password",
+              "type": "string"
+            },
+            {
+              "key": "username",
+              "value": "username",
+              "type": "string"
+            },
+            {
+              "key": "clientSecret",
+              "value": "clientsecret",
+              "type": "string"
+            },
+            {
+              "key": "clientId",
+              "value": "clientid",
+              "type": "string"
+            },
+            {
+              "key": "grant_type",
+              "value": "password_credentials",
+              "type": "string"
+            },
+            {
+              "key": "client_authentication",
+              "value": "header",
+              "type": "string"
+            },
+            {
+              "key": "redirect_uri",
+              "value": "https://yaak.app/x/echo",
+              "type": "string"
+            },
+            {
+              "key": "useBrowser",
+              "value": false,
+              "type": "boolean"
+            },
+            {
+              "key": "headerPrefix",
+              "value": "Bearer",
+              "type": "string"
+            },
+            {
+              "key": "challengeAlgorithm",
+              "value": "S256",
+              "type": "string"
+            },
+            {
+              "key": "refreshTokenUrl",
+              "value": "https://github.com/login/oauth/access_token",
+              "type": "string"
+            },
+            {
+              "key": "state",
+              "value": "state",
+              "type": "string"
+            },
+            {
+              "key": "scope",
+              "value": "scope",
+              "type": "string"
+            },
+            {
+              "key": "code_verifier",
+              "value": "verifier",
+              "type": "string"
+            },
+            {
+              "key": "authUrl",
+              "value": "https://github.com/login/oauth/authorize",
+              "type": "string"
+            },
+            {
+              "key": "accessTokenUrl",
+              "value": "https://github.com/login/oauth/access_token",
+              "type": "string"
+            },
+            {
+              "key": "tokenName",
+              "value": "name",
+              "type": "string"
+            },
+            {
+              "key": "addTokenTo",
+              "value": "header",
+              "type": "string"
+            }
+          ]
+        },
+        "method": "GET",
+        "header": [],
+        "body": {
+          "mode": "raw",
+          "raw": "{\n    \"hello\": \"world\"\n}",
+          "options": {
+            "raw": {
+              "language": "json"
+            }
+          }
+        },
+        "url": {
+          "raw": "{{vault:hello}}",
+          "host": ["{{vault:hello}}"]
+        }
+      },
+      "response": []
+    },
+    {
+      "name": "OAuth 2 Client Credentials",
+      "protocolProfileBehavior": {
+        "disableBodyPruning": true
+      },
+      "request": {
+        "auth": {
+          "type": "oauth2",
+          "oauth2": [
+            {
+              "key": "grant_type",
+              "value": "client_credentials",
+              "type": "string"
+            },
+            {
+              "key": "password",
+              "value": "password",
+              "type": "string"
+            },
+            {
+              "key": "username",
+              "value": "username",
+              "type": "string"
+            },
+            {
+              "key": "clientSecret",
+              "value": "clientsecret",
+              "type": "string"
+            },
+            {
+              "key": "clientId",
+              "value": "clientid",
+              "type": "string"
+            },
+            {
+              "key": "client_authentication",
+              "value": "header",
+              "type": "string"
+            },
+            {
+              "key": "redirect_uri",
+              "value": "https://yaak.app/x/echo",
+              "type": "string"
+            },
+            {
+              "key": "useBrowser",
+              "value": false,
+              "type": "boolean"
+            },
+            {
+              "key": "headerPrefix",
+              "value": "Bearer",
+              "type": "string"
+            },
+            {
+              "key": "challengeAlgorithm",
+              "value": "S256",
+              "type": "string"
+            },
+            {
+              "key": "refreshTokenUrl",
+              "value": "https://github.com/login/oauth/access_token",
+              "type": "string"
+            },
+            {
+              "key": "state",
+              "value": "state",
+              "type": "string"
+            },
+            {
+              "key": "scope",
+              "value": "scope",
+              "type": "string"
+            },
+            {
+              "key": "code_verifier",
+              "value": "verifier",
+              "type": "string"
+            },
+            {
+              "key": "authUrl",
+              "value": "https://github.com/login/oauth/authorize",
+              "type": "string"
+            },
+            {
+              "key": "accessTokenUrl",
+              "value": "https://github.com/login/oauth/access_token",
+              "type": "string"
+            },
+            {
+              "key": "tokenName",
+              "value": "name",
+              "type": "string"
+            },
+            {
+              "key": "addTokenTo",
+              "value": "header",
+              "type": "string"
+            }
+          ]
+        },
+        "method": "GET",
+        "header": [],
+        "body": {
+          "mode": "raw",
+          "raw": "{\n    \"hello\": \"world\"\n}",
+          "options": {
+            "raw": {
+              "language": "json"
+            }
+          }
+        },
+        "url": {
+          "raw": "{{vault:hello}}",
+          "host": ["{{vault:hello}}"]
+        }
+      },
+      "response": []
+    },
+    {
+      "name": "AWS V4",
+      "request": {
+        "auth": {
+          "type": "awsv4",
+          "awsv4": [
+            {
+              "key": "sessionToken",
+              "value": "session",
+              "type": "string"
+            },
+            {
+              "key": "service",
+              "value": "s3",
+              "type": "string"
+            },
+            {
+              "key": "region",
+              "value": "us-west-1",
+              "type": "string"
+            },
+            {
+              "key": "secretKey",
+              "value": "secret",
+              "type": "string"
+            },
+            {
+              "key": "accessKey",
+              "value": "access",
+              "type": "string"
+            }
+          ]
+        },
+        "method": "GET",
+        "header": [],
+        "url": {
+          "raw": "https://yaak.app/x/echo",
+          "protocol": "https",
+          "host": ["yaak", "app"],
+          "path": ["x", "echo"]
+        }
+      },
+      "response": []
+    },
+    {
+      "name": "API Key",
+      "request": {
+        "auth": {
+          "type": "apikey",
+          "apikey": [
+            {
+              "key": "in",
+              "value": "query",
+              "type": "string"
+            },
+            {
+              "key": "value",
+              "value": "value",
+              "type": "string"
+            },
+            {
+              "key": "key",
+              "value": "key",
+              "type": "string"
+            }
+          ]
+        },
+        "method": "GET",
+        "header": [],
+        "url": {
+          "raw": "https://yaak.app/x/echo",
+          "protocol": "https",
+          "host": ["yaak", "app"],
+          "path": ["x", "echo"]
+        }
+      },
+      "response": []
+    },
+    {
+      "name": "JWT",
+      "request": {
+        "auth": {
+          "type": "jwt",
+          "jwt": [
+            {
+              "key": "header",
+              "value": "{\n    \"header\": \"foo\"\n}",
+              "type": "string"
+            },
+            {
+              "key": "headerPrefix",
+              "value": "Bearer",
+              "type": "string"
+            },
+            {
+              "key": "payload",
+              "value": "{\n    \"my\": \"payload\"\n}",
+              "type": "string"
+            },
+            {
+              "key": "isSecretBase64Encoded",
+              "value": false,
+              "type": "boolean"
+            },
+            {
+              "key": "secret",
+              "value": "mysecret",
+              "type": "string"
+            },
+            {
+              "key": "algorithm",
+              "value": "HS384",
+              "type": "string"
+            },
+            {
+              "key": "addTokenTo",
+              "value": "header",
+              "type": "string"
+            },
+            {
+              "key": "queryParamKey",
+              "value": "token",
+              "type": "string"
+            }
+          ]
+        },
+        "method": "GET",
+        "header": [],
+        "url": {
+          "raw": "https://yaak.app/x/echo",
+          "protocol": "https",
+          "host": ["yaak", "app"],
+          "path": ["x", "echo"]
+        }
+      },
+      "response": []
+    }
+  ],
+  "auth": {
+    "type": "basic",
+    "basic": [
+      {
+        "key": "password",
+        "value": "workspace_secret",
+        "type": "string"
+      },
+      {
+        "key": "username",
+        "value": "workspace",
+        "type": "string"
+      }
+    ]
+  },
+  "event": [
+    {
+      "listen": "prerequest",
+      "script": {
+        "type": "text/javascript",
+        "packages": {},
+        "requests": {},
+        "exec": [""]
+      }
+    },
+    {
+      "listen": "test",
+      "script": {
+        "type": "text/javascript",
+        "packages": {},
+        "requests": {},
+        "exec": [""]
+      }
+    }
+  ],
+  "variable": [
+    {
+      "key": "COLLECTION VARIABLE",
+      "value": "collection variable"
+    }
+  ]
+}