Remove some skills

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.claude/commands/release/check-out-pr.md

@@ -1,51 +0,0 @@
----
-description: Review a PR in a new worktree
-allowed-tools: Bash(git worktree:*), Bash(gh pr:*)
----
-
-Review a GitHub pull request in a new git worktree.
-
-## Usage
-
-```
-/review-pr <PR_NUMBER>
-```
-
-## What to do
-
-1. List all open pull requests and ask the user to select one
-2. Get PR information using `gh pr view <PR_NUMBER> --json number,headRefName`
-3. Extract the branch name from the PR
-4. Create a new worktree at `../yaak-worktrees/pr-<PR_NUMBER>` using `git worktree add` with a timeout of at least 300000ms (5 minutes) since the post-checkout hook runs a bootstrap script
-5. Checkout the PR branch in the new worktree using `gh pr checkout <PR_NUMBER>`
-6. The post-checkout hook will automatically:
-   - Create `.env.local` with unique ports
-   - Copy editor config folders
-   - Run `npm install && npm run bootstrap`
-7. Inform the user:
-   - Where the worktree was created
-   - What ports were assigned
-   - How to access it (cd command)
-   - How to run the dev server
-   - How to remove the worktree when done
-
-## Example Output
-
-```
-Created worktree for PR #123 at ../yaak-worktrees/pr-123
-Branch: feature-auth
-Ports: Vite (1421), MCP (64344)
-
-To start working:
-  cd ../yaak-worktrees/pr-123
-  npm run app-dev
-
-To remove when done:
-  git worktree remove ../yaak-worktrees/pr-123
-```
-
-## Error Handling
-
-- If the PR doesn't exist, show a helpful error
-- If the worktree already exists, inform the user and ask if they want to remove and recreate it
-- If `gh` CLI is not available, inform the user to install it

.claude/commands/release/generate-release-notes.md

@@ -43,5 +43,7 @@ The skill generates markdown-formatted release notes following this structure:
 After outputting the release notes, ask the user if they would like to create a draft GitHub release with these notes. If they confirm, create the release using:
 
 ```bash
-gh release create <tag> --draft --prerelease --title "<tag>" --notes '<release notes>'
+gh release create <tag> --draft --prerelease --title "Release <version>" --notes '<release notes>'
 ```
+
+**IMPORTANT**: The release title format is "Release XXXX" where XXXX is the version WITHOUT the `v` prefix. For example, tag `v2026.2.1-beta.1` gets title "Release 2026.2.1-beta.1".

.claude/skills/worktree.md

@@ -1,35 +0,0 @@
-# Worktree Management Skill
-
-## Creating Worktrees
-
-When creating git worktrees for this project, ALWAYS use the path format:
-```
-../yaak-worktrees/<NAME>
-```
-
-For example:
-- `git worktree add ../yaak-worktrees/feature-auth`
-- `git worktree add ../yaak-worktrees/bugfix-login`
-- `git worktree add ../yaak-worktrees/refactor-api`
-
-## What Happens Automatically
-
-The post-checkout hook will automatically:
-1. Create `.env.local` with unique ports (YAAK_DEV_PORT and YAAK_PLUGIN_MCP_SERVER_PORT)
-2. Copy gitignored editor config folders (.zed, .idea, etc.)
-3. Run `npm install && npm run bootstrap`
-
-## Deleting Worktrees
-
-```bash
-git worktree remove ../yaak-worktrees/<NAME>
-```
-
-## Port Assignments
-
-- Main worktree: 1420 (Vite), 64343 (MCP)
-- First worktree: 1421, 64344
-- Second worktree: 1422, 64345
-- etc.
-
-Each worktree can run `npm run app-dev` simultaneously without conflicts.

.codex/skills/release-generate-release-notes/SKILL.md

@@ -0,0 +1,48 @@
+---
+name: release-generate-release-notes
+description: Generate Yaak release notes from git history and PR metadata, including feedback links and full changelog compare links. Use when asked to run or replace the old Claude generate-release-notes command.
+---
+
+# Generate Release Notes
+
+Generate formatted markdown release notes for a Yaak tag.
+
+## Workflow
+
+1. Determine target tag.
+2. Determine previous comparable tag:
+   - Beta tag: compare against previous beta (if the root version is the same) or stable tag.
+   - Stable tag: compare against previous stable tag.
+3. Collect commits in range:
+   - `git log --oneline <prev_tag>..<target_tag>`
+4. For linked PRs, fetch metadata:
+   - `gh pr view <PR_NUMBER> --json number,title,body,author,url`
+5. Extract useful details:
+   - Feedback URLs (`feedback.yaak.app`)
+   - Plugin install links or other notable context
+6. Format notes using Yaak style:
+   - Changelog badge at top
+   - Bulleted items with PR links where available
+   - Feedback links where available
+   - Full changelog compare link at bottom
+
+## Formatting Rules
+
+- Wrap final notes in a markdown code fence.
+- Keep a blank line before and after the code fence.
+- Output the markdown code block last.
+- Do not append `by @gschier` for PRs authored by `@gschier`.
+
+## Release Creation Prompt
+
+After producing notes, ask whether to create a draft GitHub release.
+
+If confirmed and release does not yet exist, run:
+
+`gh release create <tag> --draft --prerelease --title "Release <version_without_v>" --notes '<release notes>'`
+
+If a draft release for the tag already exists, update it instead:
+
+`gh release edit <tag> --title "Release <version_without_v>" --notes-file <path_to_notes>`
+
+Use title format `Release <version_without_v>`, e.g. `v2026.2.1-beta.1` -> `Release 2026.2.1-beta.1`.

.github/pull_request_template.md

@@ -0,0 +1,18 @@
+## Summary
+
+<!-- Describe the bug and the fix in 1-3 sentences. -->
+
+## Submission
+
+- [ ] This PR is a bug fix or small-scope improvement.
+- [ ] If this PR is not a bug fix or small-scope improvement, I linked an approved feedback item below.
+- [ ] I have read and followed [`CONTRIBUTING.md`](CONTRIBUTING.md).
+- [ ] I tested this change locally.
+- [ ] I added or updated tests when reasonable.
+
+Approved feedback item (required if not a bug fix or small-scope improvement):
+<!-- https://yaak.app/feedback/... -->
+
+## Related
+
+<!-- Link related issues, discussions, or feedback items. -->

.github/workflows/release-api-npm.yml

@@ -0,0 +1,59 @@
+name: Release API to NPM
+
+on:
+  push:
+    tags: [yaak-api-*]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: API version to publish (for example 0.9.0 or v0.9.0)
+        required: true
+        type: string
+
+permissions:
+  contents: read
+
+jobs:
+  publish-npm:
+    name: Publish @yaakapp/api
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: lts/*
+          registry-url: https://registry.npmjs.org
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Set @yaakapp/api version
+        shell: bash
+        env:
+          WORKFLOW_VERSION: ${{ inputs.version }}
+        run: |
+          set -euo pipefail
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            VERSION="$WORKFLOW_VERSION"
+          else
+            VERSION="${GITHUB_REF_NAME#yaak-api-}"
+          fi
+          VERSION="${VERSION#v}"
+          echo "Preparing @yaakapp/api version: $VERSION"
+          cd packages/plugin-runtime-types
+          npm version "$VERSION" --no-git-tag-version --allow-same-version
+
+      - name: Build @yaakapp/api
+        working-directory: packages/plugin-runtime-types
+        run: npm run build
+
+      - name: Publish @yaakapp/api
+        working-directory: packages/plugin-runtime-types
+        run: npm publish --provenance --access public

.github/workflows/release-app.yml

@@ -1,4 +1,4 @@
-name: Generate Artifacts
+name: Release App Artifacts
 on:
   push:
     tags: [v*]
@@ -153,3 +153,27 @@ jobs:
           releaseDraft: true
           prerelease: true
           args: "${{ matrix.args }} --config ./crates-tauri/yaak-app/tauri.release.conf.json"
+
+      # Build a per-machine NSIS installer for enterprise deployment (PDQ, SCCM, Intune)
+      - name: Build and upload machine-wide installer (Windows only)
+        if: matrix.os == 'windows'
+        shell: pwsh
+        env:
+          YAAK_TARGET_ARCH: ${{ matrix.yaak_arch }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
+          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
+        run: |
+          Get-ChildItem -Recurse -Path target -File -Filter "*.exe.sig" | Remove-Item -Force
+          npx tauri bundle ${{ matrix.args }} --bundles nsis --config ./crates-tauri/yaak-app/tauri.release.conf.json --config '{"bundle":{"createUpdaterArtifacts":true,"windows":{"nsis":{"installMode":"perMachine"}}}}'
+          $setup = Get-ChildItem -Recurse -Path target -Filter "*setup*.exe" | Select-Object -First 1
+          $setupSig = "$($setup.FullName).sig"
+          $dest = $setup.FullName -replace '-setup\.exe$', '-setup-machine.exe'
+          $destSig = "$dest.sig"
+          Copy-Item $setup.FullName $dest
+          Copy-Item $setupSig $destSig
+          gh release upload "${{ github.ref_name }}" "$dest" --clobber
+          gh release upload "${{ github.ref_name }}" "$destSig" --clobber

.github/workflows/release-cli-npm.yml

@@ -0,0 +1,218 @@
+name: Release CLI to NPM
+
+on:
+  push:
+    tags: [yaak-cli-*]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: CLI version to publish (for example 0.4.0 or v0.4.0)
+        required: true
+        type: string
+
+permissions:
+  contents: read
+
+jobs:
+  prepare-vendored-assets:
+    name: Prepare vendored plugin assets
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: lts/*
+
+      - name: Install Rust stable
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build plugin assets
+        env:
+          SKIP_WASM_BUILD: "1"
+        run: |
+          npm run build
+          npm run vendor:vendor-plugins
+
+      - name: Upload vendored assets
+        uses: actions/upload-artifact@v4
+        with:
+          name: vendored-assets
+          path: |
+            crates-tauri/yaak-app/vendored/plugin-runtime/index.cjs
+            crates-tauri/yaak-app/vendored/plugins
+          if-no-files-found: error
+
+  build-binaries:
+    name: Build ${{ matrix.pkg }}
+    needs: prepare-vendored-assets
+    runs-on: ${{ matrix.runner }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - pkg: cli-darwin-arm64
+            runner: macos-latest
+            target: aarch64-apple-darwin
+            binary: yaak
+          - pkg: cli-darwin-x64
+            runner: macos-latest
+            target: x86_64-apple-darwin
+            binary: yaak
+          - pkg: cli-linux-arm64
+            runner: ubuntu-22.04-arm
+            target: aarch64-unknown-linux-gnu
+            binary: yaak
+          - pkg: cli-linux-x64
+            runner: ubuntu-22.04
+            target: x86_64-unknown-linux-gnu
+            binary: yaak
+          - pkg: cli-win32-arm64
+            runner: windows-latest
+            target: aarch64-pc-windows-msvc
+            binary: yaak.exe
+          - pkg: cli-win32-x64
+            runner: windows-latest
+            target: x86_64-pc-windows-msvc
+            binary: yaak.exe
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Rust stable
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.target }}
+
+      - name: Restore Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          shared-key: release-cli-npm
+          cache-on-failure: true
+
+      - name: Install Linux build dependencies
+        if: startsWith(matrix.runner, 'ubuntu')
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y pkg-config libdbus-1-dev
+
+      - name: Download vendored assets
+        uses: actions/download-artifact@v4
+        with:
+          name: vendored-assets
+          path: crates-tauri/yaak-app/vendored
+
+      - name: Set CLI build version
+        shell: bash
+        env:
+          WORKFLOW_VERSION: ${{ inputs.version }}
+        run: |
+          set -euo pipefail
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            VERSION="$WORKFLOW_VERSION"
+          else
+            VERSION="${GITHUB_REF_NAME#yaak-cli-}"
+          fi
+          VERSION="${VERSION#v}"
+          echo "Building yaak version: $VERSION"
+          echo "YAAK_CLI_VERSION=$VERSION" >> "$GITHUB_ENV"
+
+      - name: Build yaak
+        run: cargo build --locked --release -p yaak-cli --bin yaak --target ${{ matrix.target }}
+
+      - name: Stage binary artifact
+        shell: bash
+        run: |
+          set -euo pipefail
+          mkdir -p "npm/dist/${{ matrix.pkg }}"
+          cp "target/${{ matrix.target }}/release/${{ matrix.binary }}" "npm/dist/${{ matrix.pkg }}/${{ matrix.binary }}"
+
+      - name: Upload binary artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.pkg }}
+          path: npm/dist/${{ matrix.pkg }}/${{ matrix.binary }}
+          if-no-files-found: error
+
+  publish-npm:
+    name: Publish @yaakapp/cli packages
+    needs: build-binaries
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: lts/*
+          registry-url: https://registry.npmjs.org
+
+      - name: Download binary artifacts
+        uses: actions/download-artifact@v4
+        with:
+          pattern: cli-*
+          path: npm/dist
+          merge-multiple: false
+
+      - name: Prepare npm packages
+        shell: bash
+        env:
+          WORKFLOW_VERSION: ${{ inputs.version }}
+        run: |
+          set -euo pipefail
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            VERSION="$WORKFLOW_VERSION"
+          else
+            VERSION="${GITHUB_REF_NAME#yaak-cli-}"
+          fi
+          VERSION="${VERSION#v}"
+          if [[ "$VERSION" == *-* ]]; then
+            PRERELEASE="${VERSION#*-}"
+            NPM_TAG="${PRERELEASE%%.*}"
+          else
+            NPM_TAG="latest"
+          fi
+          echo "Preparing CLI npm packages for version: $VERSION"
+          echo "Publishing with npm dist-tag: $NPM_TAG"
+          echo "NPM_TAG=$NPM_TAG" >> "$GITHUB_ENV"
+          YAAK_CLI_VERSION="$VERSION" node npm/prepare-publish.js
+
+      - name: Publish @yaakapp/cli-darwin-arm64
+        run: npm publish --provenance --access public --tag "$NPM_TAG"
+        working-directory: npm/cli-darwin-arm64
+
+      - name: Publish @yaakapp/cli-darwin-x64
+        run: npm publish --provenance --access public --tag "$NPM_TAG"
+        working-directory: npm/cli-darwin-x64
+
+      - name: Publish @yaakapp/cli-linux-arm64
+        run: npm publish --provenance --access public --tag "$NPM_TAG"
+        working-directory: npm/cli-linux-arm64
+
+      - name: Publish @yaakapp/cli-linux-x64
+        run: npm publish --provenance --access public --tag "$NPM_TAG"
+        working-directory: npm/cli-linux-x64
+
+      - name: Publish @yaakapp/cli-win32-arm64
+        run: npm publish --provenance --access public --tag "$NPM_TAG"
+        working-directory: npm/cli-win32-arm64
+
+      - name: Publish @yaakapp/cli-win32-x64
+        run: npm publish --provenance --access public --tag "$NPM_TAG"
+        working-directory: npm/cli-win32-x64
+
+      - name: Publish @yaakapp/cli
+        run: npm publish --provenance --access public --tag "$NPM_TAG"
+        working-directory: npm/cli

.gitignore

@@ -51,3 +51,9 @@ flatpak-repo/
 flatpak/flatpak-builder-tools/
 flatpak/cargo-sources.json
 flatpak/node-sources.json
+
+# Local Codex desktop env state
+.codex/environments/environment.toml
+
+# Claude Code local settings
+.claude/settings.local.json

AGENTS.md

@@ -0,0 +1 @@
+- Tag safety: app releases use `v*` tags and CLI releases use `yaak-cli-*` tags; always confirm which one is requested before retagging.

CONTRIBUTING.md

@@ -0,0 +1,16 @@
+# Contributing to Yaak
+
+Yaak accepts community pull requests for:
+
+- Bug fixes
+- Small-scope improvements directly tied to existing behavior
+
+Pull requests that introduce broad new features, major redesigns, or large refactors are out of scope unless explicitly approved first.
+
+## Approval for Non-Bugfix Changes
+
+If your PR is not a bug fix or small-scope improvement, include a link to the approved [feedback item](https://yaak.app/feedback) where contribution approval was explicitly stated.
+
+## Development Setup
+
+For local setup and development workflows, see [`DEVELOPMENT.md`](DEVELOPMENT.md).

Cargo.toml

@@ -1,6 +1,7 @@
 [workspace]
 resolver = "2"
 members = [
+    "crates/yaak",
     # Shared crates (no Tauri dependency)
     "crates/yaak-core",
     "crates/yaak-common",
@@ -15,6 +16,7 @@ members = [
     "crates/yaak-templates",
     "crates/yaak-tls",
     "crates/yaak-ws",
+    "crates/yaak-api",
     # CLI crates
     "crates-cli/yaak-cli",
     # Tauri-specific crates
@@ -33,6 +35,7 @@ log = "0.4.29"
 reqwest = "0.12.20"
 rustls = { version = "0.23.34", default-features = false }
 rustls-platform-verifier = "0.6.2"
+schemars = { version = "0.8.22", features = ["chrono"] }
 serde = "1.0.228"
 serde_json = "1.0.145"
 sha2 = "0.10.9"
@@ -46,6 +49,7 @@ ts-rs = "11.1.0"
 
 # Internal crates - shared
 yaak-core = { path = "crates/yaak-core" }
+yaak = { path = "crates/yaak" }
 yaak-common = { path = "crates/yaak-common" }
 yaak-crypto = { path = "crates/yaak-crypto" }
 yaak-git = { path = "crates/yaak-git" }
@@ -58,6 +62,7 @@ yaak-sync = { path = "crates/yaak-sync" }
 yaak-templates = { path = "crates/yaak-templates" }
 yaak-tls = { path = "crates/yaak-tls" }
 yaak-ws = { path = "crates/yaak-ws" }
+yaak-api = { path = "crates/yaak-api" }
 
 # Internal crates - Tauri-specific
 yaak-fonts = { path = "crates-tauri/yaak-fonts" }

README.md

@@ -22,7 +22,7 @@
   <!-- sponsors-premium --><a href="https://github.com/MVST-Solutions"><img src="https:&#x2F;&#x2F;github.com&#x2F;MVST-Solutions.png" width="80px" alt="User avatar: MVST-Solutions" /></a>&nbsp;&nbsp;<a href="https://github.com/dharsanb"><img src="https:&#x2F;&#x2F;github.com&#x2F;dharsanb.png" width="80px" alt="User avatar: dharsanb" /></a>&nbsp;&nbsp;<a href="https://github.com/railwayapp"><img src="https:&#x2F;&#x2F;github.com&#x2F;railwayapp.png" width="80px" alt="User avatar: railwayapp" /></a>&nbsp;&nbsp;<a href="https://github.com/caseyamcl"><img src="https:&#x2F;&#x2F;github.com&#x2F;caseyamcl.png" width="80px" alt="User avatar: caseyamcl" /></a>&nbsp;&nbsp;<a href="https://github.com/bytebase"><img src="https:&#x2F;&#x2F;github.com&#x2F;bytebase.png" width="80px" alt="User avatar: bytebase" /></a>&nbsp;&nbsp;<a href="https://github.com/"><img src="https:&#x2F;&#x2F;raw.githubusercontent.com&#x2F;JamesIves&#x2F;github-sponsors-readme-action&#x2F;dev&#x2F;.github&#x2F;assets&#x2F;placeholder.png" width="80px" alt="User avatar: " /></a>&nbsp;&nbsp;<!-- sponsors-premium -->
 </p>
 <p align="center">
-  <!-- sponsors-base --><a href="https://github.com/seanwash"><img src="https:&#x2F;&#x2F;github.com&#x2F;seanwash.png" width="50px" alt="User avatar: seanwash" /></a>&nbsp;&nbsp;<a href="https://github.com/jerath"><img src="https:&#x2F;&#x2F;github.com&#x2F;jerath.png" width="50px" alt="User avatar: jerath" /></a>&nbsp;&nbsp;<a href="https://github.com/itsa-sh"><img src="https:&#x2F;&#x2F;github.com&#x2F;itsa-sh.png" width="50px" alt="User avatar: itsa-sh" /></a>&nbsp;&nbsp;<a href="https://github.com/dmmulroy"><img src="https:&#x2F;&#x2F;github.com&#x2F;dmmulroy.png" width="50px" alt="User avatar: dmmulroy" /></a>&nbsp;&nbsp;<a href="https://github.com/timcole"><img src="https:&#x2F;&#x2F;github.com&#x2F;timcole.png" width="50px" alt="User avatar: timcole" /></a>&nbsp;&nbsp;<a href="https://github.com/VLZH"><img src="https:&#x2F;&#x2F;github.com&#x2F;VLZH.png" width="50px" alt="User avatar: VLZH" /></a>&nbsp;&nbsp;<a href="https://github.com/terasaka2k"><img src="https:&#x2F;&#x2F;github.com&#x2F;terasaka2k.png" width="50px" alt="User avatar: terasaka2k" /></a>&nbsp;&nbsp;<a href="https://github.com/andriyor"><img src="https:&#x2F;&#x2F;github.com&#x2F;andriyor.png" width="50px" alt="User avatar: andriyor" /></a>&nbsp;&nbsp;<a href="https://github.com/majudhu"><img src="https:&#x2F;&#x2F;github.com&#x2F;majudhu.png" width="50px" alt="User avatar: majudhu" /></a>&nbsp;&nbsp;<a href="https://github.com/axelrindle"><img src="https:&#x2F;&#x2F;github.com&#x2F;axelrindle.png" width="50px" alt="User avatar: axelrindle" /></a>&nbsp;&nbsp;<a href="https://github.com/jirizverina"><img src="https:&#x2F;&#x2F;github.com&#x2F;jirizverina.png" width="50px" alt="User avatar: jirizverina" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="50px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/GRAYAH"><img src="https:&#x2F;&#x2F;github.com&#x2F;GRAYAH.png" width="50px" alt="User avatar: GRAYAH" /></a>&nbsp;&nbsp;<a href="https://github.com/flashblaze"><img src="https:&#x2F;&#x2F;github.com&#x2F;flashblaze.png" width="50px" alt="User avatar: flashblaze" /></a>&nbsp;&nbsp;<!-- sponsors-base -->
+  <!-- sponsors-base --><a href="https://github.com/seanwash"><img src="https:&#x2F;&#x2F;github.com&#x2F;seanwash.png" width="50px" alt="User avatar: seanwash" /></a>&nbsp;&nbsp;<a href="https://github.com/jerath"><img src="https:&#x2F;&#x2F;github.com&#x2F;jerath.png" width="50px" alt="User avatar: jerath" /></a>&nbsp;&nbsp;<a href="https://github.com/itsa-sh"><img src="https:&#x2F;&#x2F;github.com&#x2F;itsa-sh.png" width="50px" alt="User avatar: itsa-sh" /></a>&nbsp;&nbsp;<a href="https://github.com/dmmulroy"><img src="https:&#x2F;&#x2F;github.com&#x2F;dmmulroy.png" width="50px" alt="User avatar: dmmulroy" /></a>&nbsp;&nbsp;<a href="https://github.com/timcole"><img src="https:&#x2F;&#x2F;github.com&#x2F;timcole.png" width="50px" alt="User avatar: timcole" /></a>&nbsp;&nbsp;<a href="https://github.com/VLZH"><img src="https:&#x2F;&#x2F;github.com&#x2F;VLZH.png" width="50px" alt="User avatar: VLZH" /></a>&nbsp;&nbsp;<a href="https://github.com/terasaka2k"><img src="https:&#x2F;&#x2F;github.com&#x2F;terasaka2k.png" width="50px" alt="User avatar: terasaka2k" /></a>&nbsp;&nbsp;<a href="https://github.com/andriyor"><img src="https:&#x2F;&#x2F;github.com&#x2F;andriyor.png" width="50px" alt="User avatar: andriyor" /></a>&nbsp;&nbsp;<a href="https://github.com/majudhu"><img src="https:&#x2F;&#x2F;github.com&#x2F;majudhu.png" width="50px" alt="User avatar: majudhu" /></a>&nbsp;&nbsp;<a href="https://github.com/axelrindle"><img src="https:&#x2F;&#x2F;github.com&#x2F;axelrindle.png" width="50px" alt="User avatar: axelrindle" /></a>&nbsp;&nbsp;<a href="https://github.com/jirizverina"><img src="https:&#x2F;&#x2F;github.com&#x2F;jirizverina.png" width="50px" alt="User avatar: jirizverina" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="50px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/GRAYAH"><img src="https:&#x2F;&#x2F;github.com&#x2F;GRAYAH.png" width="50px" alt="User avatar: GRAYAH" /></a>&nbsp;&nbsp;<a href="https://github.com/flashblaze"><img src="https:&#x2F;&#x2F;github.com&#x2F;flashblaze.png" width="50px" alt="User avatar: flashblaze" /></a>&nbsp;&nbsp;<a href="https://github.com/Frostist"><img src="https:&#x2F;&#x2F;github.com&#x2F;Frostist.png" width="50px" alt="User avatar: Frostist" /></a>&nbsp;&nbsp;<!-- sponsors-base -->
 </p>
 
 ![Yaak API Client](https://yaak.app/static/screenshot.png)
@@ -58,8 +58,10 @@ Built with [Tauri](https://tauri.app), Rust, and React, it’s fast, lightweight
 
 ## Contribution Policy
 
-Yaak is open source but only accepting contributions for bug fixes. To get started, 
-visit [`DEVELOPMENT.md`](DEVELOPMENT.md) for tips on setting up your environment.
+> [!IMPORTANT]
+> Community PRs are currently limited to bug fixes and small-scope improvements.
+> If your PR is out of scope, link an approved feedback item from [yaak.app/feedback](https://yaak.app/feedback).
+> See [`CONTRIBUTING.md`](CONTRIBUTING.md) for policy details and [`DEVELOPMENT.md`](DEVELOPMENT.md) for local setup.
 
 ## Useful Resources
 

biome.json

@@ -47,7 +47,8 @@
       "!src-web/vite.config.ts",
       "!src-web/routeTree.gen.ts",
       "!packages/plugin-runtime-types/lib",
-      "!**/bindings"
+      "!**/bindings",
+      "!flatpak"
     ]
   }
 }

crates-cli/yaak-cli/Cargo.toml

@@ -5,18 +5,40 @@ edition = "2024"
 publish = false
 
 [[bin]]
-name = "yaakcli"
+name = "yaak"
 path = "src/main.rs"
 
 [dependencies]
+base64 = "0.22"
 clap = { version = "4", features = ["derive"] }
+console = "0.15"
 dirs = "6"
 env_logger = "0.11"
+futures = "0.3"
+hex = { workspace = true }
+include_dir = "0.7"
+keyring = { workspace = true, features = ["apple-native", "windows-native", "sync-secret-service"] }
 log = { workspace = true }
+rand = "0.8"
+reqwest = { workspace = true }
+rolldown = "0.1.0"
+oxc_resolver = "=11.10.0"
+schemars = { workspace = true }
+serde = { workspace = true }
 serde_json = { workspace = true }
-tokio = { workspace = true, features = ["rt-multi-thread", "macros"] }
+sha2 = { workspace = true }
+tokio = { workspace = true, features = ["rt-multi-thread", "macros", "io-util", "net", "signal", "time"] }
+walkdir = "2"
+webbrowser = "1"
+zip = "4"
+yaak = { workspace = true }
 yaak-crypto = { workspace = true }
 yaak-http = { workspace = true }
 yaak-models = { workspace = true }
 yaak-plugins = { workspace = true }
 yaak-templates = { workspace = true }
+
+[dev-dependencies]
+assert_cmd = "2"
+predicates = "3"
+tempfile = "3"

crates-cli/yaak-cli/README.md

@@ -0,0 +1,66 @@
+# Yaak CLI
+
+The `yaak` CLI for publishing plugins and creating/updating/sending requests. 
+
+## Installation
+
+```sh
+npm install @yaakapp/cli
+```
+
+## Agentic Workflows
+
+The `yaak` CLI is primarily meant to be used by AI agents, and has the following features:
+
+- `schema` subcommands to get the JSON Schema for any model (eg. `yaak request schema http`)
+- `--json '{...}'` input format to create and update data
+- `--verbose` mode for extracting debug info while sending requests
+- The ability to send entire workspaces and folders (Supports `--parallel` and `--fail-fast`)
+
+### Example Prompts
+
+Use the `yaak` CLI with agents like Claude or Codex to do useful things for you.
+
+Here are some example prompts:
+
+```text
+Scan my API routes and create a workspace (using yaak cli) with 
+all the requests needed for me to do manual testing?  
+```
+
+```text
+Send all the GraphQL requests in my workspace
+```
+
+## Description
+
+Here's the current print of `yaak --help`
+
+```text
+Yaak CLI - API client from the command line
+
+Usage: yaak [OPTIONS] <COMMAND>
+
+Commands:
+  auth         Authentication commands
+  plugin       Plugin development and publishing commands
+  send         Send a request, folder, or workspace by ID
+  workspace    Workspace commands
+  request      Request commands
+  folder       Folder commands
+  environment  Environment commands
+
+Options:
+      --data-dir <DATA_DIR>        Use a custom data directory
+  -e, --environment <ENVIRONMENT>  Environment ID to use for variable substitution
+  -v, --verbose                    Enable verbose send output (events and streamed response body)
+      --log [<LEVEL>]              Enable CLI logging; optionally set level (error|warn|info|debug|trace) [possible values: error, warn, info, debug, trace]
+  -h, --help                       Print help
+  -V, --version                    Print version
+
+Agent Hints:
+  - Template variable syntax is ${[ my_var ]}, not {{ ... }}
+  - Template function syntax is ${[ namespace.my_func(a='aaa',b='bbb') ]}
+  - View JSONSchema for models before creating or updating (eg. `yaak request schema http`)
+  - Deletion requires confirmation (--yes for non-interactive environments)
+```

crates-cli/yaak-cli/src/cli.rs

@@ -0,0 +1,435 @@
+use clap::{Args, Parser, Subcommand, ValueEnum};
+use std::path::PathBuf;
+
+#[derive(Parser)]
+#[command(name = "yaak")]
+#[command(about = "Yaak CLI - API client from the command line")]
+#[command(version = crate::version::cli_version())]
+#[command(disable_help_subcommand = true)]
+#[command(after_help = r#"Agent Hints:
+  - Template variable syntax is ${[ my_var ]}, not {{ ... }}
+  - Template function syntax is ${[ namespace.my_func(a='aaa',b='bbb') ]}
+  - View JSONSchema for models before creating or updating (eg. `yaak request schema http`)
+  - Deletion requires confirmation (--yes for non-interactive environments)
+  "#)]
+pub struct Cli {
+    /// Use a custom data directory
+    #[arg(long, global = true)]
+    pub data_dir: Option<PathBuf>,
+
+    /// Environment ID to use for variable substitution
+    #[arg(long, short, global = true)]
+    pub environment: Option<String>,
+
+    /// Enable verbose send output (events and streamed response body)
+    #[arg(long, short, global = true)]
+    pub verbose: bool,
+
+    /// Enable CLI logging; optionally set level (error|warn|info|debug|trace)
+    #[arg(long, global = true, value_name = "LEVEL", num_args = 0..=1, ignore_case = true)]
+    pub log: Option<Option<LogLevel>>,
+
+    #[command(subcommand)]
+    pub command: Commands,
+}
+
+#[derive(Subcommand)]
+pub enum Commands {
+    /// Authentication commands
+    Auth(AuthArgs),
+
+    /// Plugin development and publishing commands
+    Plugin(PluginArgs),
+
+    #[command(hide = true)]
+    Build(PluginPathArg),
+
+    #[command(hide = true)]
+    Dev(PluginPathArg),
+
+    /// Send a request, folder, or workspace by ID
+    Send(SendArgs),
+
+    /// Workspace commands
+    Workspace(WorkspaceArgs),
+
+    /// Request commands
+    Request(RequestArgs),
+
+    /// Folder commands
+    Folder(FolderArgs),
+
+    /// Environment commands
+    Environment(EnvironmentArgs),
+}
+
+#[derive(Args)]
+pub struct SendArgs {
+    /// Request, folder, or workspace ID
+    pub id: String,
+
+    /// Execute requests in parallel
+    #[arg(long)]
+    pub parallel: bool,
+
+    /// Stop on first request failure when sending folders/workspaces
+    #[arg(long, conflicts_with = "parallel")]
+    pub fail_fast: bool,
+}
+
+#[derive(Args)]
+#[command(disable_help_subcommand = true)]
+pub struct WorkspaceArgs {
+    #[command(subcommand)]
+    pub command: WorkspaceCommands,
+}
+
+#[derive(Subcommand)]
+pub enum WorkspaceCommands {
+    /// List all workspaces
+    List,
+
+    /// Output JSON schema for workspace create/update payloads
+    Schema {
+        /// Pretty-print schema JSON output
+        #[arg(long)]
+        pretty: bool,
+    },
+
+    /// Show a workspace as JSON
+    Show {
+        /// Workspace ID
+        workspace_id: String,
+    },
+
+    /// Create a workspace
+    Create {
+        /// Workspace name
+        #[arg(short, long)]
+        name: Option<String>,
+
+        /// JSON payload
+        #[arg(long, conflicts_with = "json_input")]
+        json: Option<String>,
+
+        /// JSON payload shorthand
+        #[arg(value_name = "JSON", conflicts_with = "json")]
+        json_input: Option<String>,
+    },
+
+    /// Update a workspace
+    Update {
+        /// JSON payload
+        #[arg(long, conflicts_with = "json_input")]
+        json: Option<String>,
+
+        /// JSON payload shorthand
+        #[arg(value_name = "JSON", conflicts_with = "json")]
+        json_input: Option<String>,
+    },
+
+    /// Delete a workspace
+    Delete {
+        /// Workspace ID
+        workspace_id: String,
+
+        /// Skip confirmation prompt
+        #[arg(short, long)]
+        yes: bool,
+    },
+}
+
+#[derive(Args)]
+#[command(disable_help_subcommand = true)]
+pub struct RequestArgs {
+    #[command(subcommand)]
+    pub command: RequestCommands,
+}
+
+#[derive(Subcommand)]
+pub enum RequestCommands {
+    /// List requests in a workspace
+    List {
+        /// Workspace ID
+        workspace_id: String,
+    },
+
+    /// Show a request as JSON
+    Show {
+        /// Request ID
+        request_id: String,
+    },
+
+    /// Send a request by ID
+    Send {
+        /// Request ID
+        request_id: String,
+    },
+
+    /// Output JSON schema for request create/update payloads
+    Schema {
+        #[arg(value_enum)]
+        request_type: RequestSchemaType,
+
+        /// Pretty-print schema JSON output
+        #[arg(long)]
+        pretty: bool,
+    },
+
+    /// Create a new HTTP request
+    Create {
+        /// Workspace ID (or positional JSON payload shorthand)
+        workspace_id: Option<String>,
+
+        /// Request name
+        #[arg(short, long)]
+        name: Option<String>,
+
+        /// HTTP method
+        #[arg(short, long)]
+        method: Option<String>,
+
+        /// URL
+        #[arg(short, long)]
+        url: Option<String>,
+
+        /// JSON payload
+        #[arg(long)]
+        json: Option<String>,
+    },
+
+    /// Update an HTTP request
+    Update {
+        /// JSON payload
+        #[arg(long, conflicts_with = "json_input")]
+        json: Option<String>,
+
+        /// JSON payload shorthand
+        #[arg(value_name = "JSON", conflicts_with = "json")]
+        json_input: Option<String>,
+    },
+
+    /// Delete a request
+    Delete {
+        /// Request ID
+        request_id: String,
+
+        /// Skip confirmation prompt
+        #[arg(short, long)]
+        yes: bool,
+    },
+}
+
+#[derive(Clone, Copy, Debug, ValueEnum)]
+pub enum RequestSchemaType {
+    Http,
+    Grpc,
+    Websocket,
+}
+
+#[derive(Clone, Copy, Debug, ValueEnum)]
+pub enum LogLevel {
+    Error,
+    Warn,
+    Info,
+    Debug,
+    Trace,
+}
+
+impl LogLevel {
+    pub fn as_filter(self) -> log::LevelFilter {
+        match self {
+            LogLevel::Error => log::LevelFilter::Error,
+            LogLevel::Warn => log::LevelFilter::Warn,
+            LogLevel::Info => log::LevelFilter::Info,
+            LogLevel::Debug => log::LevelFilter::Debug,
+            LogLevel::Trace => log::LevelFilter::Trace,
+        }
+    }
+}
+
+#[derive(Args)]
+#[command(disable_help_subcommand = true)]
+pub struct FolderArgs {
+    #[command(subcommand)]
+    pub command: FolderCommands,
+}
+
+#[derive(Subcommand)]
+pub enum FolderCommands {
+    /// List folders in a workspace
+    List {
+        /// Workspace ID
+        workspace_id: String,
+    },
+
+    /// Show a folder as JSON
+    Show {
+        /// Folder ID
+        folder_id: String,
+    },
+
+    /// Create a folder
+    Create {
+        /// Workspace ID (or positional JSON payload shorthand)
+        workspace_id: Option<String>,
+
+        /// Folder name
+        #[arg(short, long)]
+        name: Option<String>,
+
+        /// JSON payload
+        #[arg(long)]
+        json: Option<String>,
+    },
+
+    /// Update a folder
+    Update {
+        /// JSON payload
+        #[arg(long, conflicts_with = "json_input")]
+        json: Option<String>,
+
+        /// JSON payload shorthand
+        #[arg(value_name = "JSON", conflicts_with = "json")]
+        json_input: Option<String>,
+    },
+
+    /// Delete a folder
+    Delete {
+        /// Folder ID
+        folder_id: String,
+
+        /// Skip confirmation prompt
+        #[arg(short, long)]
+        yes: bool,
+    },
+}
+
+#[derive(Args)]
+#[command(disable_help_subcommand = true)]
+pub struct EnvironmentArgs {
+    #[command(subcommand)]
+    pub command: EnvironmentCommands,
+}
+
+#[derive(Subcommand)]
+pub enum EnvironmentCommands {
+    /// List environments in a workspace
+    List {
+        /// Workspace ID
+        workspace_id: String,
+    },
+
+    /// Output JSON schema for environment create/update payloads
+    Schema {
+        /// Pretty-print schema JSON output
+        #[arg(long)]
+        pretty: bool,
+    },
+
+    /// Show an environment as JSON
+    Show {
+        /// Environment ID
+        environment_id: String,
+    },
+
+    /// Create an environment
+    #[command(after_help = r#"Modes (choose one):
+  1) yaak environment create <workspace_id> --name <name>
+  2) yaak environment create --json '{"workspaceId":"wk_abc","name":"Production"}'
+  3) yaak environment create '{"workspaceId":"wk_abc","name":"Production"}'
+  4) yaak environment create <workspace_id> --json '{"name":"Production"}'
+"#)]
+    Create {
+        /// Workspace ID for flag-based mode, or positional JSON payload shorthand
+        #[arg(value_name = "WORKSPACE_ID_OR_JSON")]
+        workspace_id: Option<String>,
+
+        /// Environment name
+        #[arg(short, long)]
+        name: Option<String>,
+
+        /// JSON payload (use instead of WORKSPACE_ID/--name)
+        #[arg(long)]
+        json: Option<String>,
+    },
+
+    /// Update an environment
+    Update {
+        /// JSON payload
+        #[arg(long, conflicts_with = "json_input")]
+        json: Option<String>,
+
+        /// JSON payload shorthand
+        #[arg(value_name = "JSON", conflicts_with = "json")]
+        json_input: Option<String>,
+    },
+
+    /// Delete an environment
+    Delete {
+        /// Environment ID
+        environment_id: String,
+
+        /// Skip confirmation prompt
+        #[arg(short, long)]
+        yes: bool,
+    },
+}
+
+#[derive(Args)]
+#[command(disable_help_subcommand = true)]
+pub struct AuthArgs {
+    #[command(subcommand)]
+    pub command: AuthCommands,
+}
+
+#[derive(Subcommand)]
+pub enum AuthCommands {
+    /// Login to Yaak via web browser
+    Login,
+
+    /// Sign out of the Yaak CLI
+    Logout,
+
+    /// Print the current logged-in user's info
+    Whoami,
+}
+
+#[derive(Args)]
+#[command(disable_help_subcommand = true)]
+pub struct PluginArgs {
+    #[command(subcommand)]
+    pub command: PluginCommands,
+}
+
+#[derive(Subcommand)]
+pub enum PluginCommands {
+    /// Transpile code into a runnable plugin bundle
+    Build(PluginPathArg),
+
+    /// Build plugin bundle continuously when the filesystem changes
+    Dev(PluginPathArg),
+
+    /// Generate a "Hello World" Yaak plugin
+    Generate(GenerateArgs),
+
+    /// Publish a Yaak plugin version to the plugin registry
+    Publish(PluginPathArg),
+}
+
+#[derive(Args, Clone)]
+pub struct PluginPathArg {
+    /// Path to plugin directory (defaults to current working directory)
+    pub path: Option<PathBuf>,
+}
+
+#[derive(Args, Clone)]
+pub struct GenerateArgs {
+    /// Plugin name (defaults to a generated name in interactive mode)
+    #[arg(long)]
+    pub name: Option<String>,
+
+    /// Output directory for the generated plugin (defaults to ./<name> in interactive mode)
+    #[arg(long)]
+    pub dir: Option<PathBuf>,
+}

crates-cli/yaak-cli/src/commands/auth.rs

@@ -0,0 +1,528 @@
+use crate::cli::{AuthArgs, AuthCommands};
+use crate::ui;
+use crate::utils::http;
+use base64::Engine as _;
+use keyring::Entry;
+use rand::RngCore;
+use rand::rngs::OsRng;
+use reqwest::Url;
+use serde_json::Value;
+use sha2::{Digest, Sha256};
+use std::io::{self, IsTerminal, Write};
+use std::time::Duration;
+use tokio::io::{AsyncReadExt, AsyncWriteExt};
+use tokio::net::{TcpListener, TcpStream};
+
+const OAUTH_CLIENT_ID: &str = "a1fe44800c2d7e803cad1b4bf07a291c";
+const KEYRING_USER: &str = "yaak";
+const AUTH_TIMEOUT: Duration = Duration::from_secs(300);
+const MAX_REQUEST_BYTES: usize = 16 * 1024;
+
+type CommandResult<T = ()> = std::result::Result<T, String>;
+
+#[derive(Clone, Copy, Debug, Eq, PartialEq)]
+enum Environment {
+    Production,
+    Staging,
+    Development,
+}
+
+impl Environment {
+    fn app_base_url(self) -> &'static str {
+        match self {
+            Environment::Production => "https://yaak.app",
+            Environment::Staging => "https://todo.yaak.app",
+            Environment::Development => "http://localhost:9444",
+        }
+    }
+
+    fn api_base_url(self) -> &'static str {
+        match self {
+            Environment::Production => "https://api.yaak.app",
+            Environment::Staging => "https://todo.yaak.app",
+            Environment::Development => "http://localhost:9444",
+        }
+    }
+
+    fn keyring_service(self) -> &'static str {
+        match self {
+            Environment::Production => "app.yaak.cli.Token",
+            Environment::Staging => "app.yaak.cli.staging.Token",
+            Environment::Development => "app.yaak.cli.dev.Token",
+        }
+    }
+}
+
+struct OAuthFlow {
+    app_base_url: String,
+    auth_url: Url,
+    token_url: String,
+    redirect_url: String,
+    state: String,
+    code_verifier: String,
+}
+
+pub async fn run(args: AuthArgs) -> i32 {
+    let result = match args.command {
+        AuthCommands::Login => login().await,
+        AuthCommands::Logout => logout(),
+        AuthCommands::Whoami => whoami().await,
+    };
+
+    match result {
+        Ok(()) => 0,
+        Err(error) => {
+            ui::error(&error);
+            1
+        }
+    }
+}
+
+async fn login() -> CommandResult {
+    let environment = current_environment();
+
+    let listener = TcpListener::bind("127.0.0.1:0")
+        .await
+        .map_err(|e| format!("Failed to start OAuth callback server: {e}"))?;
+    let port = listener
+        .local_addr()
+        .map_err(|e| format!("Failed to determine callback server port: {e}"))?
+        .port();
+
+    let oauth = build_oauth_flow(environment, port)?;
+
+    ui::info(&format!("Initiating login to {}", oauth.auth_url));
+    if !confirm_open_browser()? {
+        ui::info("Login canceled");
+        return Ok(());
+    }
+
+    if let Err(err) = webbrowser::open(oauth.auth_url.as_ref()) {
+        ui::warning(&format!("Failed to open browser: {err}"));
+        ui::info(&format!("Open this URL manually:\n{}", oauth.auth_url));
+    }
+    ui::info("Waiting for authentication...");
+
+    let code = tokio::select! {
+        result = receive_oauth_code(listener, &oauth.state, &oauth.app_base_url) => result?,
+        _ = tokio::signal::ctrl_c() => {
+            return Err("Interrupted by user".to_string());
+        }
+        _ = tokio::time::sleep(AUTH_TIMEOUT) => {
+            return Err("Timeout waiting for authentication".to_string());
+        }
+    };
+
+    let token = exchange_access_token(&oauth, &code).await?;
+    store_auth_token(environment, &token)?;
+    ui::success("Authentication successful!");
+    Ok(())
+}
+
+fn logout() -> CommandResult {
+    delete_auth_token(current_environment())?;
+    ui::success("Signed out of Yaak");
+    Ok(())
+}
+
+async fn whoami() -> CommandResult {
+    let environment = current_environment();
+    let token = match get_auth_token(environment)? {
+        Some(token) => token,
+        None => {
+            ui::warning("Not logged in");
+            ui::info("Please run `yaak auth login`");
+            return Ok(());
+        }
+    };
+
+    let url = format!("{}/api/v1/whoami", environment.api_base_url());
+    let response = http::build_client(Some(&token))?
+        .get(url)
+        .send()
+        .await
+        .map_err(|e| format!("Failed to call whoami endpoint: {e}"))?;
+
+    let status = response.status();
+    let body =
+        response.text().await.map_err(|e| format!("Failed to read whoami response body: {e}"))?;
+
+    if !status.is_success() {
+        if status.as_u16() == 401 {
+            let _ = delete_auth_token(environment);
+            return Err(
+                "Unauthorized to access CLI. Run `yaak auth login` to refresh credentials."
+                    .to_string(),
+            );
+        }
+        return Err(http::parse_api_error(status.as_u16(), &body));
+    }
+
+    println!("{body}");
+    Ok(())
+}
+
+fn current_environment() -> Environment {
+    let value = std::env::var("ENVIRONMENT").ok();
+    parse_environment(value.as_deref())
+}
+
+fn parse_environment(value: Option<&str>) -> Environment {
+    match value {
+        Some("staging") => Environment::Staging,
+        Some("development") => Environment::Development,
+        _ => Environment::Production,
+    }
+}
+
+fn build_oauth_flow(environment: Environment, callback_port: u16) -> CommandResult<OAuthFlow> {
+    let code_verifier = random_hex(32);
+    let state = random_hex(24);
+    let redirect_url = format!("http://127.0.0.1:{callback_port}/oauth/callback");
+
+    let code_challenge = base64::engine::general_purpose::URL_SAFE_NO_PAD
+        .encode(Sha256::digest(code_verifier.as_bytes()));
+
+    let mut auth_url = Url::parse(&format!("{}/login/oauth/authorize", environment.app_base_url()))
+        .map_err(|e| format!("Failed to build OAuth authorize URL: {e}"))?;
+    auth_url
+        .query_pairs_mut()
+        .append_pair("response_type", "code")
+        .append_pair("client_id", OAUTH_CLIENT_ID)
+        .append_pair("redirect_uri", &redirect_url)
+        .append_pair("state", &state)
+        .append_pair("code_challenge_method", "S256")
+        .append_pair("code_challenge", &code_challenge);
+
+    Ok(OAuthFlow {
+        app_base_url: environment.app_base_url().to_string(),
+        auth_url,
+        token_url: format!("{}/login/oauth/access_token", environment.app_base_url()),
+        redirect_url,
+        state,
+        code_verifier,
+    })
+}
+
+async fn receive_oauth_code(
+    listener: TcpListener,
+    expected_state: &str,
+    app_base_url: &str,
+) -> CommandResult<String> {
+    loop {
+        let (mut stream, _) = listener
+            .accept()
+            .await
+            .map_err(|e| format!("OAuth callback server accept error: {e}"))?;
+
+        match parse_callback_request(&mut stream).await {
+            Ok((state, code)) => {
+                if state != expected_state {
+                    let _ = write_bad_request(&mut stream, "Invalid OAuth state").await;
+                    continue;
+                }
+
+                let success_redirect = format!("{app_base_url}/login/oauth/success");
+                write_redirect(&mut stream, &success_redirect)
+                    .await
+                    .map_err(|e| format!("Failed responding to OAuth callback: {e}"))?;
+                return Ok(code);
+            }
+            Err(error) => {
+                let _ = write_bad_request(&mut stream, &error).await;
+                if error.starts_with("OAuth provider returned error:") {
+                    return Err(error);
+                }
+            }
+        }
+    }
+}
+
+async fn parse_callback_request(stream: &mut TcpStream) -> CommandResult<(String, String)> {
+    let target = read_http_target(stream).await?;
+    if !target.starts_with("/oauth/callback") {
+        return Err("Expected /oauth/callback path".to_string());
+    }
+
+    let url = Url::parse(&format!("http://127.0.0.1{target}"))
+        .map_err(|e| format!("Failed to parse callback URL: {e}"))?;
+    let mut state: Option<String> = None;
+    let mut code: Option<String> = None;
+    let mut oauth_error: Option<String> = None;
+    let mut oauth_error_description: Option<String> = None;
+
+    for (k, v) in url.query_pairs() {
+        if k == "state" {
+            state = Some(v.into_owned());
+        } else if k == "code" {
+            code = Some(v.into_owned());
+        } else if k == "error" {
+            oauth_error = Some(v.into_owned());
+        } else if k == "error_description" {
+            oauth_error_description = Some(v.into_owned());
+        }
+    }
+
+    if let Some(error) = oauth_error {
+        let mut message = format!("OAuth provider returned error: {error}");
+        if let Some(description) = oauth_error_description.filter(|d| !d.is_empty()) {
+            message.push_str(&format!(" ({description})"));
+        }
+        return Err(message);
+    }
+
+    let state = state.ok_or_else(|| "Missing 'state' query parameter".to_string())?;
+    let code = code.ok_or_else(|| "Missing 'code' query parameter".to_string())?;
+
+    if code.is_empty() {
+        return Err("Missing 'code' query parameter".to_string());
+    }
+
+    Ok((state, code))
+}
+
+async fn read_http_target(stream: &mut TcpStream) -> CommandResult<String> {
+    let mut buf = vec![0_u8; MAX_REQUEST_BYTES];
+    let mut total_read = 0_usize;
+
+    loop {
+        let n = stream
+            .read(&mut buf[total_read..])
+            .await
+            .map_err(|e| format!("Failed reading callback request: {e}"))?;
+        if n == 0 {
+            break;
+        }
+        total_read += n;
+
+        if buf[..total_read].windows(4).any(|w| w == b"\r\n\r\n") {
+            break;
+        }
+
+        if total_read == MAX_REQUEST_BYTES {
+            return Err("OAuth callback request too large".to_string());
+        }
+    }
+
+    let req = String::from_utf8_lossy(&buf[..total_read]);
+    let request_line =
+        req.lines().next().ok_or_else(|| "Invalid callback request line".to_string())?;
+    let mut parts = request_line.split_whitespace();
+    let method = parts.next().unwrap_or_default();
+    let target = parts.next().unwrap_or_default();
+
+    if method != "GET" {
+        return Err(format!("Expected GET callback request, got '{method}'"));
+    }
+    if target.is_empty() {
+        return Err("Missing callback request target".to_string());
+    }
+
+    Ok(target.to_string())
+}
+
+async fn write_bad_request(stream: &mut TcpStream, message: &str) -> std::io::Result<()> {
+    let body = format!("Failed to authenticate: {message}");
+    let response = format!(
+        "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: {}\r\nConnection: close\r\n\r\n{}",
+        body.len(),
+        body
+    );
+    stream.write_all(response.as_bytes()).await?;
+    stream.shutdown().await
+}
+
+async fn write_redirect(stream: &mut TcpStream, location: &str) -> std::io::Result<()> {
+    let response = format!(
+        "HTTP/1.1 302 Found\r\nLocation: {location}\r\nContent-Length: 0\r\nConnection: close\r\n\r\n"
+    );
+    stream.write_all(response.as_bytes()).await?;
+    stream.shutdown().await
+}
+
+async fn exchange_access_token(oauth: &OAuthFlow, code: &str) -> CommandResult<String> {
+    let response = http::build_client(None)?
+        .post(&oauth.token_url)
+        .form(&[
+            ("grant_type", "authorization_code"),
+            ("client_id", OAUTH_CLIENT_ID),
+            ("code", code),
+            ("redirect_uri", oauth.redirect_url.as_str()),
+            ("code_verifier", oauth.code_verifier.as_str()),
+        ])
+        .send()
+        .await
+        .map_err(|e| format!("Failed to exchange OAuth code for access token: {e}"))?;
+
+    let status = response.status();
+    let body =
+        response.text().await.map_err(|e| format!("Failed to read token response body: {e}"))?;
+
+    if !status.is_success() {
+        return Err(format!(
+            "Failed to fetch access token: status={} body={}",
+            status.as_u16(),
+            body
+        ));
+    }
+
+    let parsed: Value =
+        serde_json::from_str(&body).map_err(|e| format!("Invalid token response JSON: {e}"))?;
+    let token = parsed
+        .get("access_token")
+        .and_then(Value::as_str)
+        .filter(|s| !s.is_empty())
+        .ok_or_else(|| format!("Token response missing access_token: {body}"))?;
+
+    Ok(token.to_string())
+}
+
+fn keyring_entry(environment: Environment) -> CommandResult<Entry> {
+    Entry::new(environment.keyring_service(), KEYRING_USER)
+        .map_err(|e| format!("Failed to initialize auth keyring entry: {e}"))
+}
+
+fn get_auth_token(environment: Environment) -> CommandResult<Option<String>> {
+    let entry = keyring_entry(environment)?;
+    match entry.get_password() {
+        Ok(token) => Ok(Some(token)),
+        Err(keyring::Error::NoEntry) => Ok(None),
+        Err(err) => Err(format!("Failed to read auth token: {err}")),
+    }
+}
+
+fn store_auth_token(environment: Environment, token: &str) -> CommandResult {
+    let entry = keyring_entry(environment)?;
+    entry.set_password(token).map_err(|e| format!("Failed to store auth token: {e}"))
+}
+
+fn delete_auth_token(environment: Environment) -> CommandResult {
+    let entry = keyring_entry(environment)?;
+    match entry.delete_credential() {
+        Ok(()) | Err(keyring::Error::NoEntry) => Ok(()),
+        Err(err) => Err(format!("Failed to delete auth token: {err}")),
+    }
+}
+
+fn random_hex(bytes: usize) -> String {
+    let mut data = vec![0_u8; bytes];
+    OsRng.fill_bytes(&mut data);
+    hex::encode(data)
+}
+
+fn confirm_open_browser() -> CommandResult<bool> {
+    if !io::stdin().is_terminal() {
+        return Ok(true);
+    }
+
+    loop {
+        print!("Open default browser? [Y/n]: ");
+        io::stdout().flush().map_err(|e| format!("Failed to flush stdout: {e}"))?;
+
+        let mut input = String::new();
+        io::stdin().read_line(&mut input).map_err(|e| format!("Failed to read input: {e}"))?;
+
+        match input.trim().to_ascii_lowercase().as_str() {
+            "" | "y" | "yes" => return Ok(true),
+            "n" | "no" => return Ok(false),
+            _ => ui::warning("Please answer y or n"),
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn environment_mapping() {
+        assert_eq!(parse_environment(Some("staging")), Environment::Staging);
+        assert_eq!(parse_environment(Some("development")), Environment::Development);
+        assert_eq!(parse_environment(Some("production")), Environment::Production);
+        assert_eq!(parse_environment(None), Environment::Production);
+    }
+
+    #[tokio::test]
+    async fn parses_callback_request() {
+        let listener = TcpListener::bind("127.0.0.1:0").await.expect("bind");
+        let addr = listener.local_addr().expect("local addr");
+
+        let server = tokio::spawn(async move {
+            let (mut stream, _) = listener.accept().await.expect("accept");
+            parse_callback_request(&mut stream).await
+        });
+
+        let mut client = TcpStream::connect(addr).await.expect("connect");
+        client
+            .write_all(
+                b"GET /oauth/callback?code=abc123&state=xyz HTTP/1.1\r\nHost: localhost\r\n\r\n",
+            )
+            .await
+            .expect("write");
+
+        let parsed = server.await.expect("join").expect("parse");
+        assert_eq!(parsed.0, "xyz");
+        assert_eq!(parsed.1, "abc123");
+    }
+
+    #[tokio::test]
+    async fn parse_callback_request_oauth_error() {
+        let listener = TcpListener::bind("127.0.0.1:0").await.expect("bind");
+        let addr = listener.local_addr().expect("local addr");
+
+        let server = tokio::spawn(async move {
+            let (mut stream, _) = listener.accept().await.expect("accept");
+            parse_callback_request(&mut stream).await
+        });
+
+        let mut client = TcpStream::connect(addr).await.expect("connect");
+        client
+            .write_all(
+                b"GET /oauth/callback?error=access_denied&error_description=User%20denied&state=xyz HTTP/1.1\r\nHost: localhost\r\n\r\n",
+            )
+            .await
+            .expect("write");
+
+        let err = server.await.expect("join").expect_err("should fail");
+        assert!(err.contains("OAuth provider returned error: access_denied"));
+        assert!(err.contains("User denied"));
+    }
+
+    #[tokio::test]
+    async fn receive_oauth_code_fails_fast_on_provider_error() {
+        let listener = TcpListener::bind("127.0.0.1:0").await.expect("bind");
+        let addr = listener.local_addr().expect("local addr");
+
+        let server = tokio::spawn(async move {
+            receive_oauth_code(listener, "expected-state", "http://localhost:9444").await
+        });
+
+        let mut client = TcpStream::connect(addr).await.expect("connect");
+        client
+            .write_all(
+                b"GET /oauth/callback?error=access_denied&state=expected-state HTTP/1.1\r\nHost: localhost\r\n\r\n",
+            )
+            .await
+            .expect("write");
+
+        let result = tokio::time::timeout(std::time::Duration::from_secs(2), server)
+            .await
+            .expect("should not timeout")
+            .expect("join");
+        let err = result.expect_err("should return oauth error");
+        assert!(err.contains("OAuth provider returned error: access_denied"));
+    }
+
+    #[test]
+    fn builds_oauth_flow_with_pkce() {
+        let flow = build_oauth_flow(Environment::Development, 8080).expect("flow");
+        assert!(flow.auth_url.as_str().contains("code_challenge_method=S256"));
+        assert!(
+            flow.auth_url
+                .as_str()
+                .contains("redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2Foauth%2Fcallback")
+        );
+        assert_eq!(flow.redirect_url, "http://127.0.0.1:8080/oauth/callback");
+        assert_eq!(flow.token_url, "http://localhost:9444/login/oauth/access_token");
+    }
+}

crates-cli/yaak-cli/src/commands/environment.rs

@@ -0,0 +1,169 @@
+use crate::cli::{EnvironmentArgs, EnvironmentCommands};
+use crate::context::CliContext;
+use crate::utils::confirm::confirm_delete;
+use crate::utils::json::{
+    apply_merge_patch, is_json_shorthand, merge_workspace_id_arg, parse_optional_json,
+    parse_required_json, require_id, validate_create_id,
+};
+use crate::utils::schema::append_agent_hints;
+use schemars::schema_for;
+use yaak_models::models::Environment;
+use yaak_models::util::UpdateSource;
+
+type CommandResult<T = ()> = std::result::Result<T, String>;
+
+pub fn run(ctx: &CliContext, args: EnvironmentArgs) -> i32 {
+    let result = match args.command {
+        EnvironmentCommands::List { workspace_id } => list(ctx, &workspace_id),
+        EnvironmentCommands::Schema { pretty } => schema(pretty),
+        EnvironmentCommands::Show { environment_id } => show(ctx, &environment_id),
+        EnvironmentCommands::Create { workspace_id, name, json } => {
+            create(ctx, workspace_id, name, json)
+        }
+        EnvironmentCommands::Update { json, json_input } => update(ctx, json, json_input),
+        EnvironmentCommands::Delete { environment_id, yes } => delete(ctx, &environment_id, yes),
+    };
+
+    match result {
+        Ok(()) => 0,
+        Err(error) => {
+            eprintln!("Error: {error}");
+            1
+        }
+    }
+}
+
+fn schema(pretty: bool) -> CommandResult {
+    let mut schema = serde_json::to_value(schema_for!(Environment))
+        .map_err(|e| format!("Failed to serialize environment schema: {e}"))?;
+    append_agent_hints(&mut schema);
+
+    let output =
+        if pretty { serde_json::to_string_pretty(&schema) } else { serde_json::to_string(&schema) }
+            .map_err(|e| format!("Failed to format environment schema JSON: {e}"))?;
+    println!("{output}");
+    Ok(())
+}
+
+fn list(ctx: &CliContext, workspace_id: &str) -> CommandResult {
+    let environments = ctx
+        .db()
+        .list_environments_ensure_base(workspace_id)
+        .map_err(|e| format!("Failed to list environments: {e}"))?;
+
+    if environments.is_empty() {
+        println!("No environments found in workspace {}", workspace_id);
+    } else {
+        for environment in environments {
+            println!("{} - {} ({})", environment.id, environment.name, environment.parent_model);
+        }
+    }
+    Ok(())
+}
+
+fn show(ctx: &CliContext, environment_id: &str) -> CommandResult {
+    let environment = ctx
+        .db()
+        .get_environment(environment_id)
+        .map_err(|e| format!("Failed to get environment: {e}"))?;
+    let output = serde_json::to_string_pretty(&environment)
+        .map_err(|e| format!("Failed to serialize environment: {e}"))?;
+    println!("{output}");
+    Ok(())
+}
+
+fn create(
+    ctx: &CliContext,
+    workspace_id: Option<String>,
+    name: Option<String>,
+    json: Option<String>,
+) -> CommandResult {
+    let json_shorthand =
+        workspace_id.as_deref().filter(|v| is_json_shorthand(v)).map(str::to_owned);
+    let workspace_id_arg = workspace_id.filter(|v| !is_json_shorthand(v));
+
+    let payload = parse_optional_json(json, json_shorthand, "environment create")?;
+
+    if let Some(payload) = payload {
+        if name.is_some() {
+            return Err("environment create cannot combine --name with JSON payload".to_string());
+        }
+
+        validate_create_id(&payload, "environment")?;
+        let mut environment: Environment = serde_json::from_value(payload)
+            .map_err(|e| format!("Failed to parse environment create JSON: {e}"))?;
+        merge_workspace_id_arg(
+            workspace_id_arg.as_deref(),
+            &mut environment.workspace_id,
+            "environment create",
+        )?;
+
+        if environment.parent_model.is_empty() {
+            environment.parent_model = "environment".to_string();
+        }
+
+        let created = ctx
+            .db()
+            .upsert_environment(&environment, &UpdateSource::Sync)
+            .map_err(|e| format!("Failed to create environment: {e}"))?;
+
+        println!("Created environment: {}", created.id);
+        return Ok(());
+    }
+
+    let workspace_id = workspace_id_arg.ok_or_else(|| {
+        "environment create requires workspace_id unless JSON payload is provided".to_string()
+    })?;
+    let name = name.ok_or_else(|| {
+        "environment create requires --name unless JSON payload is provided".to_string()
+    })?;
+
+    let environment = Environment {
+        workspace_id,
+        name,
+        parent_model: "environment".to_string(),
+        ..Default::default()
+    };
+
+    let created = ctx
+        .db()
+        .upsert_environment(&environment, &UpdateSource::Sync)
+        .map_err(|e| format!("Failed to create environment: {e}"))?;
+
+    println!("Created environment: {}", created.id);
+    Ok(())
+}
+
+fn update(ctx: &CliContext, json: Option<String>, json_input: Option<String>) -> CommandResult {
+    let patch = parse_required_json(json, json_input, "environment update")?;
+    let id = require_id(&patch, "environment update")?;
+
+    let existing = ctx
+        .db()
+        .get_environment(&id)
+        .map_err(|e| format!("Failed to get environment for update: {e}"))?;
+    let updated = apply_merge_patch(&existing, &patch, &id, "environment update")?;
+
+    let saved = ctx
+        .db()
+        .upsert_environment(&updated, &UpdateSource::Sync)
+        .map_err(|e| format!("Failed to update environment: {e}"))?;
+
+    println!("Updated environment: {}", saved.id);
+    Ok(())
+}
+
+fn delete(ctx: &CliContext, environment_id: &str, yes: bool) -> CommandResult {
+    if !yes && !confirm_delete("environment", environment_id) {
+        println!("Aborted");
+        return Ok(());
+    }
+
+    let deleted = ctx
+        .db()
+        .delete_environment_by_id(environment_id, &UpdateSource::Sync)
+        .map_err(|e| format!("Failed to delete environment: {e}"))?;
+
+    println!("Deleted environment: {}", deleted.id);
+    Ok(())
+}

crates-cli/yaak-cli/src/commands/folder.rs

@@ -0,0 +1,138 @@
+use crate::cli::{FolderArgs, FolderCommands};
+use crate::context::CliContext;
+use crate::utils::confirm::confirm_delete;
+use crate::utils::json::{
+    apply_merge_patch, is_json_shorthand, merge_workspace_id_arg, parse_optional_json,
+    parse_required_json, require_id, validate_create_id,
+};
+use yaak_models::models::Folder;
+use yaak_models::util::UpdateSource;
+
+type CommandResult<T = ()> = std::result::Result<T, String>;
+
+pub fn run(ctx: &CliContext, args: FolderArgs) -> i32 {
+    let result = match args.command {
+        FolderCommands::List { workspace_id } => list(ctx, &workspace_id),
+        FolderCommands::Show { folder_id } => show(ctx, &folder_id),
+        FolderCommands::Create { workspace_id, name, json } => {
+            create(ctx, workspace_id, name, json)
+        }
+        FolderCommands::Update { json, json_input } => update(ctx, json, json_input),
+        FolderCommands::Delete { folder_id, yes } => delete(ctx, &folder_id, yes),
+    };
+
+    match result {
+        Ok(()) => 0,
+        Err(error) => {
+            eprintln!("Error: {error}");
+            1
+        }
+    }
+}
+
+fn list(ctx: &CliContext, workspace_id: &str) -> CommandResult {
+    let folders =
+        ctx.db().list_folders(workspace_id).map_err(|e| format!("Failed to list folders: {e}"))?;
+    if folders.is_empty() {
+        println!("No folders found in workspace {}", workspace_id);
+    } else {
+        for folder in folders {
+            println!("{} - {}", folder.id, folder.name);
+        }
+    }
+    Ok(())
+}
+
+fn show(ctx: &CliContext, folder_id: &str) -> CommandResult {
+    let folder =
+        ctx.db().get_folder(folder_id).map_err(|e| format!("Failed to get folder: {e}"))?;
+    let output = serde_json::to_string_pretty(&folder)
+        .map_err(|e| format!("Failed to serialize folder: {e}"))?;
+    println!("{output}");
+    Ok(())
+}
+
+fn create(
+    ctx: &CliContext,
+    workspace_id: Option<String>,
+    name: Option<String>,
+    json: Option<String>,
+) -> CommandResult {
+    let json_shorthand =
+        workspace_id.as_deref().filter(|v| is_json_shorthand(v)).map(str::to_owned);
+    let workspace_id_arg = workspace_id.filter(|v| !is_json_shorthand(v));
+
+    let payload = parse_optional_json(json, json_shorthand, "folder create")?;
+
+    if let Some(payload) = payload {
+        if name.is_some() {
+            return Err("folder create cannot combine --name with JSON payload".to_string());
+        }
+
+        validate_create_id(&payload, "folder")?;
+        let mut folder: Folder = serde_json::from_value(payload)
+            .map_err(|e| format!("Failed to parse folder create JSON: {e}"))?;
+        merge_workspace_id_arg(
+            workspace_id_arg.as_deref(),
+            &mut folder.workspace_id,
+            "folder create",
+        )?;
+
+        let created = ctx
+            .db()
+            .upsert_folder(&folder, &UpdateSource::Sync)
+            .map_err(|e| format!("Failed to create folder: {e}"))?;
+
+        println!("Created folder: {}", created.id);
+        return Ok(());
+    }
+
+    let workspace_id = workspace_id_arg.ok_or_else(|| {
+        "folder create requires workspace_id unless JSON payload is provided".to_string()
+    })?;
+    let name = name.ok_or_else(|| {
+        "folder create requires --name unless JSON payload is provided".to_string()
+    })?;
+
+    let folder = Folder { workspace_id, name, ..Default::default() };
+
+    let created = ctx
+        .db()
+        .upsert_folder(&folder, &UpdateSource::Sync)
+        .map_err(|e| format!("Failed to create folder: {e}"))?;
+
+    println!("Created folder: {}", created.id);
+    Ok(())
+}
+
+fn update(ctx: &CliContext, json: Option<String>, json_input: Option<String>) -> CommandResult {
+    let patch = parse_required_json(json, json_input, "folder update")?;
+    let id = require_id(&patch, "folder update")?;
+
+    let existing =
+        ctx.db().get_folder(&id).map_err(|e| format!("Failed to get folder for update: {e}"))?;
+    let updated = apply_merge_patch(&existing, &patch, &id, "folder update")?;
+
+    let saved = ctx
+        .db()
+        .upsert_folder(&updated, &UpdateSource::Sync)
+        .map_err(|e| format!("Failed to update folder: {e}"))?;
+
+    println!("Updated folder: {}", saved.id);
+    Ok(())
+}
+
+fn delete(ctx: &CliContext, folder_id: &str, yes: bool) -> CommandResult {
+    if !yes && !confirm_delete("folder", folder_id) {
+        println!("Aborted");
+        return Ok(());
+    }
+
+    let deleted = ctx
+        .db()
+        .delete_folder_by_id(folder_id, &UpdateSource::Sync)
+        .map_err(|e| format!("Failed to delete folder: {e}"))?;
+
+    println!("Deleted folder: {}", deleted.id);
+    Ok(())
+}

crates-cli/yaak-cli/src/commands/mod.rs

@@ -0,0 +1,7 @@
+pub mod auth;
+pub mod environment;
+pub mod folder;
+pub mod plugin;
+pub mod request;
+pub mod send;
+pub mod workspace;

crates-cli/yaak-cli/src/commands/plugin.rs

@@ -0,0 +1,525 @@
+use crate::cli::{GenerateArgs, PluginArgs, PluginCommands, PluginPathArg};
+use crate::ui;
+use crate::utils::http;
+use keyring::Entry;
+use rand::Rng;
+use rolldown::{
+    Bundler, BundlerOptions, ExperimentalOptions, InputItem, LogLevel, OutputFormat, Platform,
+    WatchOption, Watcher,
+};
+use serde::Deserialize;
+use std::collections::HashSet;
+use std::fs;
+use std::io::{self, IsTerminal, Read, Write};
+use std::path::{Path, PathBuf};
+use std::sync::Arc;
+use tokio::sync::Mutex;
+use walkdir::WalkDir;
+use zip::CompressionMethod;
+use zip::write::SimpleFileOptions;
+
+type CommandResult<T = ()> = std::result::Result<T, String>;
+
+const KEYRING_USER: &str = "yaak";
+
+#[derive(Clone, Copy, Debug, Eq, PartialEq)]
+enum Environment {
+    Production,
+    Staging,
+    Development,
+}
+
+impl Environment {
+    fn api_base_url(self) -> &'static str {
+        match self {
+            Environment::Production => "https://api.yaak.app",
+            Environment::Staging => "https://todo.yaak.app",
+            Environment::Development => "http://localhost:9444",
+        }
+    }
+
+    fn keyring_service(self) -> &'static str {
+        match self {
+            Environment::Production => "app.yaak.cli.Token",
+            Environment::Staging => "app.yaak.cli.staging.Token",
+            Environment::Development => "app.yaak.cli.dev.Token",
+        }
+    }
+}
+
+pub async fn run_build(args: PluginPathArg) -> i32 {
+    match build(args).await {
+        Ok(()) => 0,
+        Err(error) => {
+            ui::error(&error);
+            1
+        }
+    }
+}
+
+pub async fn run(args: PluginArgs) -> i32 {
+    match args.command {
+        PluginCommands::Build(args) => run_build(args).await,
+        PluginCommands::Dev(args) => run_dev(args).await,
+        PluginCommands::Generate(args) => run_generate(args).await,
+        PluginCommands::Publish(args) => run_publish(args).await,
+    }
+}
+
+pub async fn run_dev(args: PluginPathArg) -> i32 {
+    match dev(args).await {
+        Ok(()) => 0,
+        Err(error) => {
+            ui::error(&error);
+            1
+        }
+    }
+}
+
+pub async fn run_generate(args: GenerateArgs) -> i32 {
+    match generate(args) {
+        Ok(()) => 0,
+        Err(error) => {
+            ui::error(&error);
+            1
+        }
+    }
+}
+
+pub async fn run_publish(args: PluginPathArg) -> i32 {
+    match publish(args).await {
+        Ok(()) => 0,
+        Err(error) => {
+            ui::error(&error);
+            1
+        }
+    }
+}
+
+async fn build(args: PluginPathArg) -> CommandResult {
+    let plugin_dir = resolve_plugin_dir(args.path)?;
+    ensure_plugin_build_inputs(&plugin_dir)?;
+
+    ui::info(&format!("Building plugin {}...", plugin_dir.display()));
+    let warnings = build_plugin_bundle(&plugin_dir).await?;
+    for warning in warnings {
+        ui::warning(&warning);
+    }
+    ui::success(&format!("Built plugin bundle at {}", plugin_dir.join("build/index.js").display()));
+    Ok(())
+}
+
+async fn dev(args: PluginPathArg) -> CommandResult {
+    let plugin_dir = resolve_plugin_dir(args.path)?;
+    ensure_plugin_build_inputs(&plugin_dir)?;
+
+    ui::info(&format!("Watching plugin {}...", plugin_dir.display()));
+    ui::info("Press Ctrl-C to stop");
+
+    let bundler = Bundler::new(bundler_options(&plugin_dir, true))
+        .map_err(|err| format!("Failed to initialize Rolldown watcher: {err}"))?;
+    let watcher = Watcher::new(vec![Arc::new(Mutex::new(bundler))], None)
+        .map_err(|err| format!("Failed to start Rolldown watcher: {err}"))?;
+
+    watcher.start().await;
+    Ok(())
+}
+
+fn generate(args: GenerateArgs) -> CommandResult {
+    let default_name = random_name();
+    let name = match args.name {
+        Some(name) => name,
+        None => prompt_with_default("Plugin name", &default_name)?,
+    };
+
+    let default_dir = format!("./{name}");
+    let output_dir = match args.dir {
+        Some(dir) => dir,
+        None => PathBuf::from(prompt_with_default("Plugin dir", &default_dir)?),
+    };
+
+    if output_dir.exists() {
+        return Err(format!("Plugin directory already exists: {}", output_dir.display()));
+    }
+
+    ui::info(&format!("Generating plugin in {}", output_dir.display()));
+    fs::create_dir_all(output_dir.join("src"))
+        .map_err(|e| format!("Failed creating plugin directory {}: {e}", output_dir.display()))?;
+
+    write_file(&output_dir.join(".gitignore"), TEMPLATE_GITIGNORE)?;
+    write_file(
+        &output_dir.join("package.json"),
+        &TEMPLATE_PACKAGE_JSON.replace("yaak-plugin-name", &name),
+    )?;
+    write_file(&output_dir.join("tsconfig.json"), TEMPLATE_TSCONFIG)?;
+    write_file(&output_dir.join("README.md"), &TEMPLATE_README.replace("yaak-plugin-name", &name))?;
+    write_file(
+        &output_dir.join("src/index.ts"),
+        &TEMPLATE_INDEX_TS.replace("yaak-plugin-name", &name),
+    )?;
+    write_file(&output_dir.join("src/index.test.ts"), TEMPLATE_INDEX_TEST_TS)?;
+
+    ui::success("Plugin scaffold generated");
+    ui::info("Next steps:");
+    println!("  1. cd {}", output_dir.display());
+    println!("  2. npm install");
+    println!("  3. yaak plugin build");
+    Ok(())
+}
+
+async fn publish(args: PluginPathArg) -> CommandResult {
+    let plugin_dir = resolve_plugin_dir(args.path)?;
+    ensure_plugin_build_inputs(&plugin_dir)?;
+
+    let environment = current_environment();
+    let token = get_auth_token(environment)?
+        .ok_or_else(|| "Not logged in. Run `yaak auth login`.".to_string())?;
+
+    ui::info(&format!("Building plugin {}...", plugin_dir.display()));
+    let warnings = build_plugin_bundle(&plugin_dir).await?;
+    for warning in warnings {
+        ui::warning(&warning);
+    }
+
+    ui::info("Archiving plugin");
+    let archive = create_publish_archive(&plugin_dir)?;
+
+    ui::info("Uploading plugin");
+    let url = format!("{}/api/v1/plugins/publish", environment.api_base_url());
+    let response = http::build_client(Some(&token))?
+        .post(url)
+        .header(reqwest::header::CONTENT_TYPE, "application/zip")
+        .body(archive)
+        .send()
+        .await
+        .map_err(|e| format!("Failed to upload plugin: {e}"))?;
+
+    let status = response.status();
+    let body =
+        response.text().await.map_err(|e| format!("Failed reading publish response body: {e}"))?;
+
+    if !status.is_success() {
+        return Err(http::parse_api_error(status.as_u16(), &body));
+    }
+
+    let published: PublishResponse = serde_json::from_str(&body)
+        .map_err(|e| format!("Failed parsing publish response JSON: {e}\nResponse: {body}"))?;
+    ui::success(&format!("Plugin published {}", published.version));
+    println!(" -> {}", published.url);
+    Ok(())
+}
+
+#[derive(Deserialize)]
+struct PublishResponse {
+    version: String,
+    url: String,
+}
+
+async fn build_plugin_bundle(plugin_dir: &Path) -> CommandResult<Vec<String>> {
+    prepare_build_output_dir(plugin_dir)?;
+    let mut bundler = Bundler::new(bundler_options(plugin_dir, false))
+        .map_err(|err| format!("Failed to initialize Rolldown: {err}"))?;
+    let output = bundler.write().await.map_err(|err| format!("Plugin build failed:\n{err}"))?;
+
+    Ok(output.warnings.into_iter().map(|w| w.to_string()).collect())
+}
+
+fn prepare_build_output_dir(plugin_dir: &Path) -> CommandResult {
+    let build_dir = plugin_dir.join("build");
+    if build_dir.exists() {
+        fs::remove_dir_all(&build_dir)
+            .map_err(|e| format!("Failed to clean build directory {}: {e}", build_dir.display()))?;
+    }
+    fs::create_dir_all(&build_dir)
+        .map_err(|e| format!("Failed to create build directory {}: {e}", build_dir.display()))
+}
+
+fn bundler_options(plugin_dir: &Path, watch: bool) -> BundlerOptions {
+    BundlerOptions {
+        input: Some(vec![InputItem { import: "./src/index.ts".to_string(), ..Default::default() }]),
+        cwd: Some(plugin_dir.to_path_buf()),
+        file: Some("build/index.js".to_string()),
+        format: Some(OutputFormat::Cjs),
+        platform: Some(Platform::Node),
+        log_level: Some(LogLevel::Info),
+        experimental: watch
+            .then_some(ExperimentalOptions { incremental_build: Some(true), ..Default::default() }),
+        watch: watch.then_some(WatchOption::default()),
+        ..Default::default()
+    }
+}
+
+fn resolve_plugin_dir(path: Option<PathBuf>) -> CommandResult<PathBuf> {
+    let cwd =
+        std::env::current_dir().map_err(|e| format!("Failed to read current directory: {e}"))?;
+    let candidate = match path {
+        Some(path) if path.is_absolute() => path,
+        Some(path) => cwd.join(path),
+        None => cwd,
+    };
+
+    if !candidate.exists() {
+        return Err(format!("Plugin directory does not exist: {}", candidate.display()));
+    }
+    if !candidate.is_dir() {
+        return Err(format!("Plugin path is not a directory: {}", candidate.display()));
+    }
+
+    candidate
+        .canonicalize()
+        .map_err(|e| format!("Failed to resolve plugin directory {}: {e}", candidate.display()))
+}
+
+fn ensure_plugin_build_inputs(plugin_dir: &Path) -> CommandResult {
+    let package_json = plugin_dir.join("package.json");
+    if !package_json.is_file() {
+        return Err(format!(
+            "{} does not exist. Ensure that you are in a plugin directory.",
+            package_json.display()
+        ));
+    }
+
+    let entry = plugin_dir.join("src/index.ts");
+    if !entry.is_file() {
+        return Err(format!("Required entrypoint missing: {}", entry.display()));
+    }
+
+    Ok(())
+}
+
+fn create_publish_archive(plugin_dir: &Path) -> CommandResult<Vec<u8>> {
+    let required_files = [
+        "README.md",
+        "package.json",
+        "build/index.js",
+        "src/index.ts",
+    ];
+    let optional_files = ["package-lock.json"];
+
+    let mut selected = HashSet::new();
+    for required in required_files {
+        let required_path = plugin_dir.join(required);
+        if !required_path.is_file() {
+            return Err(format!("Missing required file: {required}"));
+        }
+        selected.insert(required.to_string());
+    }
+    for optional in optional_files {
+        selected.insert(optional.to_string());
+    }
+
+    let cursor = std::io::Cursor::new(Vec::new());
+    let mut zip = zip::ZipWriter::new(cursor);
+    let options = SimpleFileOptions::default().compression_method(CompressionMethod::Deflated);
+
+    for entry in WalkDir::new(plugin_dir) {
+        let entry = entry.map_err(|e| format!("Failed walking plugin directory: {e}"))?;
+        if !entry.file_type().is_file() {
+            continue;
+        }
+
+        let path = entry.path();
+        let rel = path
+            .strip_prefix(plugin_dir)
+            .map_err(|e| format!("Failed deriving relative path for {}: {e}", path.display()))?;
+        let rel = rel.to_string_lossy().replace('\\', "/");
+
+        let keep = rel.starts_with("src/") || rel.starts_with("build/") || selected.contains(&rel);
+        if !keep {
+            continue;
+        }
+
+        zip.start_file(rel, options).map_err(|e| format!("Failed adding file to archive: {e}"))?;
+        let mut file = fs::File::open(path)
+            .map_err(|e| format!("Failed opening file {}: {e}", path.display()))?;
+        let mut contents = Vec::new();
+        file.read_to_end(&mut contents)
+            .map_err(|e| format!("Failed reading file {}: {e}", path.display()))?;
+        zip.write_all(&contents).map_err(|e| format!("Failed writing archive contents: {e}"))?;
+    }
+
+    let cursor = zip.finish().map_err(|e| format!("Failed finalizing plugin archive: {e}"))?;
+    Ok(cursor.into_inner())
+}
+
+fn write_file(path: &Path, contents: &str) -> CommandResult {
+    if let Some(parent) = path.parent() {
+        fs::create_dir_all(parent)
+            .map_err(|e| format!("Failed creating directory {}: {e}", parent.display()))?;
+    }
+    fs::write(path, contents).map_err(|e| format!("Failed writing file {}: {e}", path.display()))
+}
+
+fn prompt_with_default(label: &str, default: &str) -> CommandResult<String> {
+    if !io::stdin().is_terminal() {
+        return Ok(default.to_string());
+    }
+
+    print!("{label} [{default}]: ");
+    io::stdout().flush().map_err(|e| format!("Failed to flush stdout: {e}"))?;
+
+    let mut input = String::new();
+    io::stdin().read_line(&mut input).map_err(|e| format!("Failed to read input: {e}"))?;
+    let trimmed = input.trim();
+
+    if trimmed.is_empty() { Ok(default.to_string()) } else { Ok(trimmed.to_string()) }
+}
+
+fn current_environment() -> Environment {
+    match std::env::var("ENVIRONMENT").as_deref() {
+        Ok("staging") => Environment::Staging,
+        Ok("development") => Environment::Development,
+        _ => Environment::Production,
+    }
+}
+
+fn keyring_entry(environment: Environment) -> CommandResult<Entry> {
+    Entry::new(environment.keyring_service(), KEYRING_USER)
+        .map_err(|e| format!("Failed to initialize auth keyring entry: {e}"))
+}
+
+fn get_auth_token(environment: Environment) -> CommandResult<Option<String>> {
+    let entry = keyring_entry(environment)?;
+    match entry.get_password() {
+        Ok(token) => Ok(Some(token)),
+        Err(keyring::Error::NoEntry) => Ok(None),
+        Err(err) => Err(format!("Failed to read auth token: {err}")),
+    }
+}
+
+fn random_name() -> String {
+    const ADJECTIVES: &[&str] = &[
+        "young", "youthful", "yellow", "yielding", "yappy", "yawning", "yummy", "yucky", "yearly",
+        "yester", "yeasty", "yelling",
+    ];
+    const NOUNS: &[&str] = &[
+        "yak", "yarn", "year", "yell", "yoke", "yoga", "yam", "yacht", "yodel",
+    ];
+
+    let mut rng = rand::thread_rng();
+    let adjective = ADJECTIVES[rng.gen_range(0..ADJECTIVES.len())];
+    let noun = NOUNS[rng.gen_range(0..NOUNS.len())];
+    format!("{adjective}-{noun}")
+}
+
+const TEMPLATE_GITIGNORE: &str = "node_modules\n";
+
+const TEMPLATE_PACKAGE_JSON: &str = r#"{
+  "name": "yaak-plugin-name",
+  "private": true,
+  "version": "0.0.1",
+  "scripts": {
+    "build": "yaak plugin build",
+    "dev": "yaak plugin dev"
+  },
+  "devDependencies": {
+    "@types/node": "^24.10.1",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.14"
+  },
+  "dependencies": {
+    "@yaakapp/api": "^0.7.0"
+  }
+}
+"#;
+
+const TEMPLATE_TSCONFIG: &str = r#"{
+  "compilerOptions": {
+    "target": "es2021",
+    "lib": ["DOM", "DOM.Iterable", "ESNext"],
+    "useDefineForClassFields": true,
+    "allowJs": false,
+    "skipLibCheck": true,
+    "esModuleInterop": false,
+    "allowSyntheticDefaultImports": true,
+    "strict": true,
+    "noUncheckedIndexedAccess": true,
+    "forceConsistentCasingInFileNames": true,
+    "module": "ESNext",
+    "moduleResolution": "Node",
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "noEmit": true,
+    "jsx": "react-jsx"
+  },
+  "include": ["src"]
+}
+"#;
+
+const TEMPLATE_README: &str = r#"# yaak-plugin-name
+
+Describe what your plugin does.
+"#;
+
+const TEMPLATE_INDEX_TS: &str = r#"import type { PluginDefinition } from "@yaakapp/api";
+
+export const plugin: PluginDefinition = {
+  httpRequestActions: [
+    {
+      label: "Hello, From Plugin",
+      icon: "info",
+      async onSelect(ctx, args) {
+        await ctx.toast.show({
+          color: "success",
+          message: `You clicked the request ${args.httpRequest.id}`,
+        });
+      },
+    },
+  ],
+};
+"#;
+
+const TEMPLATE_INDEX_TEST_TS: &str = r#"import { describe, expect, test } from "vitest";
+import { plugin } from "./index";
+
+describe("Example Plugin", () => {
+  test("Exports plugin object", () => {
+    expect(plugin).toBeTypeOf("object");
+  });
+});
+"#;
+
+#[cfg(test)]
+mod tests {
+    use super::create_publish_archive;
+    use std::collections::HashSet;
+    use std::fs;
+    use std::io::Cursor;
+    use tempfile::TempDir;
+    use zip::ZipArchive;
+
+    #[test]
+    fn publish_archive_includes_required_and_optional_files() {
+        let dir = TempDir::new().expect("temp dir");
+        let root = dir.path();
+
+        fs::create_dir_all(root.join("src")).expect("create src");
+        fs::create_dir_all(root.join("build")).expect("create build");
+        fs::create_dir_all(root.join("ignored")).expect("create ignored");
+
+        fs::write(root.join("README.md"), "# Demo\n").expect("write README");
+        fs::write(root.join("package.json"), "{}").expect("write package.json");
+        fs::write(root.join("package-lock.json"), "{}").expect("write package-lock.json");
+        fs::write(root.join("src/index.ts"), "export const plugin = {};\n")
+            .expect("write src/index.ts");
+        fs::write(root.join("build/index.js"), "exports.plugin = {};\n")
+            .expect("write build/index.js");
+        fs::write(root.join("ignored/secret.txt"), "do-not-ship").expect("write ignored file");
+
+        let archive = create_publish_archive(root).expect("create archive");
+        let mut zip = ZipArchive::new(Cursor::new(archive)).expect("open zip");
+
+        let mut names = HashSet::new();
+        for i in 0..zip.len() {
+            let file = zip.by_index(i).expect("zip entry");
+            names.insert(file.name().to_string());
+        }
+
+        assert!(names.contains("README.md"));
+        assert!(names.contains("package.json"));
+        assert!(names.contains("package-lock.json"));
+        assert!(names.contains("src/index.ts"));
+        assert!(names.contains("build/index.js"));
+        assert!(!names.contains("ignored/secret.txt"));
+    }
+}

crates-cli/yaak-cli/src/commands/request.rs

@@ -0,0 +1,514 @@
+use crate::cli::{RequestArgs, RequestCommands, RequestSchemaType};
+use crate::context::CliContext;
+use crate::utils::confirm::confirm_delete;
+use crate::utils::json::{
+    apply_merge_patch, is_json_shorthand, merge_workspace_id_arg, parse_optional_json,
+    parse_required_json, require_id, validate_create_id,
+};
+use crate::utils::schema::append_agent_hints;
+use schemars::schema_for;
+use serde_json::{Map, Value, json};
+use std::collections::HashMap;
+use std::io::Write;
+use tokio::sync::mpsc;
+use yaak::send::{SendHttpRequestByIdWithPluginsParams, send_http_request_by_id_with_plugins};
+use yaak_http::sender::HttpResponseEvent as SenderHttpResponseEvent;
+use yaak_models::models::{GrpcRequest, HttpRequest, WebsocketRequest};
+use yaak_models::queries::any_request::AnyRequest;
+use yaak_models::util::UpdateSource;
+use yaak_plugins::events::{FormInput, FormInputBase, JsonPrimitive, PluginContext};
+
+type CommandResult<T = ()> = std::result::Result<T, String>;
+
+pub async fn run(
+    ctx: &CliContext,
+    args: RequestArgs,
+    environment: Option<&str>,
+    verbose: bool,
+) -> i32 {
+    let result = match args.command {
+        RequestCommands::List { workspace_id } => list(ctx, &workspace_id),
+        RequestCommands::Show { request_id } => show(ctx, &request_id),
+        RequestCommands::Send { request_id } => {
+            return match send_request_by_id(ctx, &request_id, environment, verbose).await {
+                Ok(()) => 0,
+                Err(error) => {
+                    eprintln!("Error: {error}");
+                    1
+                }
+            };
+        }
+        RequestCommands::Schema { request_type, pretty } => {
+            return match schema(ctx, request_type, pretty).await {
+                Ok(()) => 0,
+                Err(error) => {
+                    eprintln!("Error: {error}");
+                    1
+                }
+            };
+        }
+        RequestCommands::Create { workspace_id, name, method, url, json } => {
+            create(ctx, workspace_id, name, method, url, json)
+        }
+        RequestCommands::Update { json, json_input } => update(ctx, json, json_input),
+        RequestCommands::Delete { request_id, yes } => delete(ctx, &request_id, yes),
+    };
+
+    match result {
+        Ok(()) => 0,
+        Err(error) => {
+            eprintln!("Error: {error}");
+            1
+        }
+    }
+}
+
+fn list(ctx: &CliContext, workspace_id: &str) -> CommandResult {
+    let requests = ctx
+        .db()
+        .list_http_requests(workspace_id)
+        .map_err(|e| format!("Failed to list requests: {e}"))?;
+    if requests.is_empty() {
+        println!("No requests found in workspace {}", workspace_id);
+    } else {
+        for request in requests {
+            println!("{} - {} {}", request.id, request.method, request.name);
+        }
+    }
+    Ok(())
+}
+
+async fn schema(ctx: &CliContext, request_type: RequestSchemaType, pretty: bool) -> CommandResult {
+    let mut schema = match request_type {
+        RequestSchemaType::Http => serde_json::to_value(schema_for!(HttpRequest))
+            .map_err(|e| format!("Failed to serialize HTTP request schema: {e}"))?,
+        RequestSchemaType::Grpc => serde_json::to_value(schema_for!(GrpcRequest))
+            .map_err(|e| format!("Failed to serialize gRPC request schema: {e}"))?,
+        RequestSchemaType::Websocket => serde_json::to_value(schema_for!(WebsocketRequest))
+            .map_err(|e| format!("Failed to serialize WebSocket request schema: {e}"))?,
+    };
+
+    enrich_schema_guidance(&mut schema, request_type);
+    append_agent_hints(&mut schema);
+
+    if let Err(error) = merge_auth_schema_from_plugins(ctx, &mut schema).await {
+        eprintln!("Warning: Failed to enrich authentication schema from plugins: {error}");
+    }
+
+    let output =
+        if pretty { serde_json::to_string_pretty(&schema) } else { serde_json::to_string(&schema) }
+            .map_err(|e| format!("Failed to format schema JSON: {e}"))?;
+    println!("{output}");
+    Ok(())
+}
+
+fn enrich_schema_guidance(schema: &mut Value, request_type: RequestSchemaType) {
+    if !matches!(request_type, RequestSchemaType::Http) {
+        return;
+    }
+
+    let Some(properties) = schema.get_mut("properties").and_then(Value::as_object_mut) else {
+        return;
+    };
+
+    if let Some(url_schema) = properties.get_mut("url").and_then(Value::as_object_mut) {
+        append_description(
+            url_schema,
+            "For path segments like `/foo/:id/comments/:commentId`, put concrete values in `urlParameters` using names without `:` (for example `id`, `commentId`).",
+        );
+    }
+}
+
+fn append_description(schema: &mut Map<String, Value>, extra: &str) {
+    match schema.get_mut("description") {
+        Some(Value::String(existing)) if !existing.trim().is_empty() => {
+            if !existing.ends_with(' ') {
+                existing.push(' ');
+            }
+            existing.push_str(extra);
+        }
+        _ => {
+            schema.insert("description".to_string(), Value::String(extra.to_string()));
+        }
+    }
+}
+
+async fn merge_auth_schema_from_plugins(
+    ctx: &CliContext,
+    schema: &mut Value,
+) -> Result<(), String> {
+    let plugin_context = PluginContext::new_empty();
+    let plugin_manager = ctx.plugin_manager();
+    let summaries = plugin_manager
+        .get_http_authentication_summaries(&plugin_context)
+        .await
+        .map_err(|e| e.to_string())?;
+
+    let mut auth_variants = Vec::new();
+    for (_, summary) in summaries {
+        let config = match plugin_manager
+            .get_http_authentication_config(
+                &plugin_context,
+                &summary.name,
+                HashMap::<String, JsonPrimitive>::new(),
+                "yaakcli_request_schema",
+            )
+            .await
+        {
+            Ok(config) => config,
+            Err(error) => {
+                eprintln!(
+                    "Warning: Failed to load auth config for strategy '{}': {}",
+                    summary.name, error
+                );
+                continue;
+            }
+        };
+
+        auth_variants.push(auth_variant_schema(&summary.name, &summary.label, &config.args));
+    }
+
+    let Some(properties) = schema.get_mut("properties").and_then(Value::as_object_mut) else {
+        return Ok(());
+    };
+
+    let Some(auth_schema) = properties.get_mut("authentication") else {
+        return Ok(());
+    };
+
+    if !auth_variants.is_empty() {
+        let mut one_of = vec![auth_schema.clone()];
+        one_of.extend(auth_variants);
+        *auth_schema = json!({ "oneOf": one_of });
+    }
+
+    Ok(())
+}
+
+fn auth_variant_schema(auth_name: &str, auth_label: &str, args: &[FormInput]) -> Value {
+    let mut properties = Map::new();
+    let mut required = Vec::new();
+    for input in args {
+        add_input_schema(input, &mut properties, &mut required);
+    }
+
+    let mut schema = json!({
+        "title": auth_label,
+        "description": format!("Authentication values for strategy '{}'", auth_name),
+        "type": "object",
+        "properties": properties,
+        "additionalProperties": true
+    });
+
+    if !required.is_empty() {
+        schema["required"] = json!(required);
+    }
+
+    schema
+}
+
+fn add_input_schema(
+    input: &FormInput,
+    properties: &mut Map<String, Value>,
+    required: &mut Vec<String>,
+) {
+    match input {
+        FormInput::Text(v) => add_base_schema(
+            &v.base,
+            json!({
+                "type": "string",
+                "writeOnly": v.password.unwrap_or(false),
+            }),
+            properties,
+            required,
+        ),
+        FormInput::Editor(v) => add_base_schema(
+            &v.base,
+            json!({
+                "type": "string",
+                "x-editorLanguage": v.language.clone(),
+            }),
+            properties,
+            required,
+        ),
+        FormInput::Select(v) => {
+            let options: Vec<Value> =
+                v.options.iter().map(|o| Value::String(o.value.clone())).collect();
+            add_base_schema(
+                &v.base,
+                json!({
+                    "type": "string",
+                    "enum": options,
+                }),
+                properties,
+                required,
+            );
+        }
+        FormInput::Checkbox(v) => {
+            add_base_schema(&v.base, json!({ "type": "boolean" }), properties, required);
+        }
+        FormInput::File(v) => {
+            if v.multiple.unwrap_or(false) {
+                add_base_schema(
+                    &v.base,
+                    json!({
+                        "type": "array",
+                        "items": { "type": "string" },
+                    }),
+                    properties,
+                    required,
+                );
+            } else {
+                add_base_schema(&v.base, json!({ "type": "string" }), properties, required);
+            }
+        }
+        FormInput::HttpRequest(v) => {
+            add_base_schema(&v.base, json!({ "type": "string" }), properties, required);
+        }
+        FormInput::KeyValue(v) => {
+            add_base_schema(
+                &v.base,
+                json!({
+                    "type": "object",
+                    "additionalProperties": true,
+                }),
+                properties,
+                required,
+            );
+        }
+        FormInput::Accordion(v) => {
+            if let Some(children) = &v.inputs {
+                for child in children {
+                    add_input_schema(child, properties, required);
+                }
+            }
+        }
+        FormInput::HStack(v) => {
+            if let Some(children) = &v.inputs {
+                for child in children {
+                    add_input_schema(child, properties, required);
+                }
+            }
+        }
+        FormInput::Banner(v) => {
+            if let Some(children) = &v.inputs {
+                for child in children {
+                    add_input_schema(child, properties, required);
+                }
+            }
+        }
+        FormInput::Markdown(_) => {}
+    }
+}
+
+fn add_base_schema(
+    base: &FormInputBase,
+    mut schema: Value,
+    properties: &mut Map<String, Value>,
+    required: &mut Vec<String>,
+) {
+    if base.hidden.unwrap_or(false) || base.name.trim().is_empty() {
+        return;
+    }
+
+    if let Some(description) = &base.description {
+        schema["description"] = Value::String(description.clone());
+    }
+    if let Some(label) = &base.label {
+        schema["title"] = Value::String(label.clone());
+    }
+    if let Some(default_value) = &base.default_value {
+        schema["default"] = Value::String(default_value.clone());
+    }
+
+    let name = base.name.clone();
+    properties.insert(name.clone(), schema);
+    if !base.optional.unwrap_or(false) {
+        required.push(name);
+    }
+}
+
+fn create(
+    ctx: &CliContext,
+    workspace_id: Option<String>,
+    name: Option<String>,
+    method: Option<String>,
+    url: Option<String>,
+    json: Option<String>,
+) -> CommandResult {
+    let json_shorthand =
+        workspace_id.as_deref().filter(|v| is_json_shorthand(v)).map(str::to_owned);
+    let workspace_id_arg = workspace_id.filter(|v| !is_json_shorthand(v));
+
+    let payload = parse_optional_json(json, json_shorthand, "request create")?;
+
+    if let Some(payload) = payload {
+        if name.is_some() || method.is_some() || url.is_some() {
+            return Err("request create cannot combine simple flags with JSON payload".to_string());
+        }
+
+        validate_create_id(&payload, "request")?;
+        let mut request: HttpRequest = serde_json::from_value(payload)
+            .map_err(|e| format!("Failed to parse request create JSON: {e}"))?;
+        merge_workspace_id_arg(
+            workspace_id_arg.as_deref(),
+            &mut request.workspace_id,
+            "request create",
+        )?;
+
+        let created = ctx
+            .db()
+            .upsert_http_request(&request, &UpdateSource::Sync)
+            .map_err(|e| format!("Failed to create request: {e}"))?;
+
+        println!("Created request: {}", created.id);
+        return Ok(());
+    }
+
+    let workspace_id = workspace_id_arg.ok_or_else(|| {
+        "request create requires workspace_id unless JSON payload is provided".to_string()
+    })?;
+    let name = name.unwrap_or_default();
+    let url = url.unwrap_or_default();
+    let method = method.unwrap_or_else(|| "GET".to_string());
+
+    let request = HttpRequest {
+        workspace_id,
+        name,
+        method: method.to_uppercase(),
+        url,
+        ..Default::default()
+    };
+
+    let created = ctx
+        .db()
+        .upsert_http_request(&request, &UpdateSource::Sync)
+        .map_err(|e| format!("Failed to create request: {e}"))?;
+
+    println!("Created request: {}", created.id);
+    Ok(())
+}
+
+fn update(ctx: &CliContext, json: Option<String>, json_input: Option<String>) -> CommandResult {
+    let patch = parse_required_json(json, json_input, "request update")?;
+    let id = require_id(&patch, "request update")?;
+
+    let existing = ctx
+        .db()
+        .get_http_request(&id)
+        .map_err(|e| format!("Failed to get request for update: {e}"))?;
+    let updated = apply_merge_patch(&existing, &patch, &id, "request update")?;
+
+    let saved = ctx
+        .db()
+        .upsert_http_request(&updated, &UpdateSource::Sync)
+        .map_err(|e| format!("Failed to update request: {e}"))?;
+
+    println!("Updated request: {}", saved.id);
+    Ok(())
+}
+
+fn show(ctx: &CliContext, request_id: &str) -> CommandResult {
+    let request =
+        ctx.db().get_http_request(request_id).map_err(|e| format!("Failed to get request: {e}"))?;
+    let output = serde_json::to_string_pretty(&request)
+        .map_err(|e| format!("Failed to serialize request: {e}"))?;
+    println!("{output}");
+    Ok(())
+}
+
+fn delete(ctx: &CliContext, request_id: &str, yes: bool) -> CommandResult {
+    if !yes && !confirm_delete("request", request_id) {
+        println!("Aborted");
+        return Ok(());
+    }
+
+    let deleted = ctx
+        .db()
+        .delete_http_request_by_id(request_id, &UpdateSource::Sync)
+        .map_err(|e| format!("Failed to delete request: {e}"))?;
+    println!("Deleted request: {}", deleted.id);
+    Ok(())
+}
+
+/// Send a request by ID and print response in the same format as legacy `send`.
+pub async fn send_request_by_id(
+    ctx: &CliContext,
+    request_id: &str,
+    environment: Option<&str>,
+    verbose: bool,
+) -> Result<(), String> {
+    let request =
+        ctx.db().get_any_request(request_id).map_err(|e| format!("Failed to get request: {e}"))?;
+    match request {
+        AnyRequest::HttpRequest(http_request) => {
+            send_http_request_by_id(
+                ctx,
+                &http_request.id,
+                &http_request.workspace_id,
+                environment,
+                verbose,
+            )
+            .await
+        }
+        AnyRequest::GrpcRequest(_) => {
+            Err("gRPC request send is not implemented yet in yaak-cli".to_string())
+        }
+        AnyRequest::WebsocketRequest(_) => {
+            Err("WebSocket request send is not implemented yet in yaak-cli".to_string())
+        }
+    }
+}
+
+async fn send_http_request_by_id(
+    ctx: &CliContext,
+    request_id: &str,
+    workspace_id: &str,
+    environment: Option<&str>,
+    verbose: bool,
+) -> Result<(), String> {
+    let plugin_context = PluginContext::new(None, Some(workspace_id.to_string()));
+
+    let (event_tx, mut event_rx) = mpsc::channel::<SenderHttpResponseEvent>(100);
+    let (body_chunk_tx, mut body_chunk_rx) = mpsc::unbounded_channel::<Vec<u8>>();
+    let event_handle = tokio::spawn(async move {
+        while let Some(event) = event_rx.recv().await {
+            if verbose && !matches!(event, SenderHttpResponseEvent::ChunkReceived { .. }) {
+                println!("{}", event);
+            }
+        }
+    });
+    let body_handle = tokio::task::spawn_blocking(move || {
+        let mut stdout = std::io::stdout();
+        while let Some(chunk) = body_chunk_rx.blocking_recv() {
+            if stdout.write_all(&chunk).is_err() {
+                break;
+            }
+            let _ = stdout.flush();
+        }
+    });
+    let response_dir = ctx.data_dir().join("responses");
+
+    let result = send_http_request_by_id_with_plugins(SendHttpRequestByIdWithPluginsParams {
+        query_manager: ctx.query_manager(),
+        blob_manager: ctx.blob_manager(),
+        request_id,
+        environment_id: environment,
+        update_source: UpdateSource::Sync,
+        cookie_jar_id: None,
+        response_dir: &response_dir,
+        emit_events_to: Some(event_tx),
+        emit_response_body_chunks_to: Some(body_chunk_tx),
+        plugin_manager: ctx.plugin_manager(),
+        encryption_manager: ctx.encryption_manager.clone(),
+        plugin_context: &plugin_context,
+        cancelled_rx: None,
+        connection_manager: None,
+    })
+    .await;
+
+    let _ = event_handle.await;
+    let _ = body_handle.await;
+    result.map_err(|e| e.to_string())?;
+    Ok(())
+}

crates-cli/yaak-cli/src/commands/send.rs

@@ -0,0 +1,184 @@
+use crate::cli::SendArgs;
+use crate::commands::request;
+use crate::context::CliContext;
+use futures::future::join_all;
+
+enum ExecutionMode {
+    Sequential,
+    Parallel,
+}
+
+pub async fn run(
+    ctx: &CliContext,
+    args: SendArgs,
+    environment: Option<&str>,
+    verbose: bool,
+) -> i32 {
+    match send_target(ctx, args, environment, verbose).await {
+        Ok(()) => 0,
+        Err(error) => {
+            eprintln!("Error: {error}");
+            1
+        }
+    }
+}
+
+async fn send_target(
+    ctx: &CliContext,
+    args: SendArgs,
+    environment: Option<&str>,
+    verbose: bool,
+) -> Result<(), String> {
+    let mode = if args.parallel { ExecutionMode::Parallel } else { ExecutionMode::Sequential };
+
+    if ctx.db().get_any_request(&args.id).is_ok() {
+        return request::send_request_by_id(ctx, &args.id, environment, verbose).await;
+    }
+
+    if ctx.db().get_folder(&args.id).is_ok() {
+        let request_ids = collect_folder_request_ids(ctx, &args.id)?;
+        if request_ids.is_empty() {
+            println!("No requests found in folder {}", args.id);
+            return Ok(());
+        }
+        return send_many(ctx, request_ids, mode, args.fail_fast, environment, verbose).await;
+    }
+
+    if ctx.db().get_workspace(&args.id).is_ok() {
+        let request_ids = collect_workspace_request_ids(ctx, &args.id)?;
+        if request_ids.is_empty() {
+            println!("No requests found in workspace {}", args.id);
+            return Ok(());
+        }
+        return send_many(ctx, request_ids, mode, args.fail_fast, environment, verbose).await;
+    }
+
+    Err(format!("Could not resolve ID '{}' as request, folder, or workspace", args.id))
+}
+
+fn collect_folder_request_ids(ctx: &CliContext, folder_id: &str) -> Result<Vec<String>, String> {
+    let mut ids = Vec::new();
+
+    let mut http_ids = ctx
+        .db()
+        .list_http_requests_for_folder_recursive(folder_id)
+        .map_err(|e| format!("Failed to list HTTP requests in folder: {e}"))?
+        .into_iter()
+        .map(|r| r.id)
+        .collect::<Vec<_>>();
+    ids.append(&mut http_ids);
+
+    let mut grpc_ids = ctx
+        .db()
+        .list_grpc_requests_for_folder_recursive(folder_id)
+        .map_err(|e| format!("Failed to list gRPC requests in folder: {e}"))?
+        .into_iter()
+        .map(|r| r.id)
+        .collect::<Vec<_>>();
+    ids.append(&mut grpc_ids);
+
+    let mut websocket_ids = ctx
+        .db()
+        .list_websocket_requests_for_folder_recursive(folder_id)
+        .map_err(|e| format!("Failed to list WebSocket requests in folder: {e}"))?
+        .into_iter()
+        .map(|r| r.id)
+        .collect::<Vec<_>>();
+    ids.append(&mut websocket_ids);
+
+    Ok(ids)
+}
+
+fn collect_workspace_request_ids(
+    ctx: &CliContext,
+    workspace_id: &str,
+) -> Result<Vec<String>, String> {
+    let mut ids = Vec::new();
+
+    let mut http_ids = ctx
+        .db()
+        .list_http_requests(workspace_id)
+        .map_err(|e| format!("Failed to list HTTP requests in workspace: {e}"))?
+        .into_iter()
+        .map(|r| r.id)
+        .collect::<Vec<_>>();
+    ids.append(&mut http_ids);
+
+    let mut grpc_ids = ctx
+        .db()
+        .list_grpc_requests(workspace_id)
+        .map_err(|e| format!("Failed to list gRPC requests in workspace: {e}"))?
+        .into_iter()
+        .map(|r| r.id)
+        .collect::<Vec<_>>();
+    ids.append(&mut grpc_ids);
+
+    let mut websocket_ids = ctx
+        .db()
+        .list_websocket_requests(workspace_id)
+        .map_err(|e| format!("Failed to list WebSocket requests in workspace: {e}"))?
+        .into_iter()
+        .map(|r| r.id)
+        .collect::<Vec<_>>();
+    ids.append(&mut websocket_ids);
+
+    Ok(ids)
+}
+
+async fn send_many(
+    ctx: &CliContext,
+    request_ids: Vec<String>,
+    mode: ExecutionMode,
+    fail_fast: bool,
+    environment: Option<&str>,
+    verbose: bool,
+) -> Result<(), String> {
+    let mut success_count = 0usize;
+    let mut failures: Vec<(String, String)> = Vec::new();
+
+    match mode {
+        ExecutionMode::Sequential => {
+            for request_id in request_ids {
+                match request::send_request_by_id(ctx, &request_id, environment, verbose).await {
+                    Ok(()) => success_count += 1,
+                    Err(error) => {
+                        failures.push((request_id, error));
+                        if fail_fast {
+                            break;
+                        }
+                    }
+                }
+            }
+        }
+        ExecutionMode::Parallel => {
+            let tasks = request_ids
+                .iter()
+                .map(|request_id| async move {
+                    (
+                        request_id.clone(),
+                        request::send_request_by_id(ctx, request_id, environment, verbose).await,
+                    )
+                })
+                .collect::<Vec<_>>();
+
+            for (request_id, result) in join_all(tasks).await {
+                match result {
+                    Ok(()) => success_count += 1,
+                    Err(error) => failures.push((request_id, error)),
+                }
+            }
+        }
+    }
+
+    let failure_count = failures.len();
+    println!("Send summary: {success_count} succeeded, {failure_count} failed");
+
+    if failure_count == 0 {
+        return Ok(());
+    }
+
+    for (request_id, error) in failures {
+        eprintln!("  {}: {}", request_id, error);
+    }
+    Err("One or more requests failed".to_string())
+}

crates-cli/yaak-cli/src/commands/workspace.rs

@@ -0,0 +1,143 @@
+use crate::cli::{WorkspaceArgs, WorkspaceCommands};
+use crate::context::CliContext;
+use crate::utils::confirm::confirm_delete;
+use crate::utils::json::{
+    apply_merge_patch, parse_optional_json, parse_required_json, require_id, validate_create_id,
+};
+use crate::utils::schema::append_agent_hints;
+use schemars::schema_for;
+use yaak_models::models::Workspace;
+use yaak_models::util::UpdateSource;
+
+type CommandResult<T = ()> = std::result::Result<T, String>;
+
+pub fn run(ctx: &CliContext, args: WorkspaceArgs) -> i32 {
+    let result = match args.command {
+        WorkspaceCommands::List => list(ctx),
+        WorkspaceCommands::Schema { pretty } => schema(pretty),
+        WorkspaceCommands::Show { workspace_id } => show(ctx, &workspace_id),
+        WorkspaceCommands::Create { name, json, json_input } => create(ctx, name, json, json_input),
+        WorkspaceCommands::Update { json, json_input } => update(ctx, json, json_input),
+        WorkspaceCommands::Delete { workspace_id, yes } => delete(ctx, &workspace_id, yes),
+    };
+
+    match result {
+        Ok(()) => 0,
+        Err(error) => {
+            eprintln!("Error: {error}");
+            1
+        }
+    }
+}
+
+fn schema(pretty: bool) -> CommandResult {
+    let mut schema =
+        serde_json::to_value(schema_for!(Workspace)).map_err(|e| format!(
+            "Failed to serialize workspace schema: {e}"
+        ))?;
+    append_agent_hints(&mut schema);
+
+    let output = if pretty {
+        serde_json::to_string_pretty(&schema)
+    } else {
+        serde_json::to_string(&schema)
+    }
+    .map_err(|e| format!("Failed to format workspace schema JSON: {e}"))?;
+    println!("{output}");
+    Ok(())
+}
+
+fn list(ctx: &CliContext) -> CommandResult {
+    let workspaces =
+        ctx.db().list_workspaces().map_err(|e| format!("Failed to list workspaces: {e}"))?;
+    if workspaces.is_empty() {
+        println!("No workspaces found");
+    } else {
+        for workspace in workspaces {
+            println!("{} - {}", workspace.id, workspace.name);
+        }
+    }
+    Ok(())
+}
+
+fn show(ctx: &CliContext, workspace_id: &str) -> CommandResult {
+    let workspace = ctx
+        .db()
+        .get_workspace(workspace_id)
+        .map_err(|e| format!("Failed to get workspace: {e}"))?;
+    let output = serde_json::to_string_pretty(&workspace)
+        .map_err(|e| format!("Failed to serialize workspace: {e}"))?;
+    println!("{output}");
+    Ok(())
+}
+
+fn create(
+    ctx: &CliContext,
+    name: Option<String>,
+    json: Option<String>,
+    json_input: Option<String>,
+) -> CommandResult {
+    let payload = parse_optional_json(json, json_input, "workspace create")?;
+
+    if let Some(payload) = payload {
+        if name.is_some() {
+            return Err("workspace create cannot combine --name with JSON payload".to_string());
+        }
+
+        validate_create_id(&payload, "workspace")?;
+        let workspace: Workspace = serde_json::from_value(payload)
+            .map_err(|e| format!("Failed to parse workspace create JSON: {e}"))?;
+
+        let created = ctx
+            .db()
+            .upsert_workspace(&workspace, &UpdateSource::Sync)
+            .map_err(|e| format!("Failed to create workspace: {e}"))?;
+        println!("Created workspace: {}", created.id);
+        return Ok(());
+    }
+
+    let name = name.ok_or_else(|| {
+        "workspace create requires --name unless JSON payload is provided".to_string()
+    })?;
+
+    let workspace = Workspace { name, ..Default::default() };
+    let created = ctx
+        .db()
+        .upsert_workspace(&workspace, &UpdateSource::Sync)
+        .map_err(|e| format!("Failed to create workspace: {e}"))?;
+    println!("Created workspace: {}", created.id);
+    Ok(())
+}
+
+fn update(ctx: &CliContext, json: Option<String>, json_input: Option<String>) -> CommandResult {
+    let patch = parse_required_json(json, json_input, "workspace update")?;
+    let id = require_id(&patch, "workspace update")?;
+
+    let existing = ctx
+        .db()
+        .get_workspace(&id)
+        .map_err(|e| format!("Failed to get workspace for update: {e}"))?;
+    let updated = apply_merge_patch(&existing, &patch, &id, "workspace update")?;
+
+    let saved = ctx
+        .db()
+        .upsert_workspace(&updated, &UpdateSource::Sync)
+        .map_err(|e| format!("Failed to update workspace: {e}"))?;
+
+    println!("Updated workspace: {}", saved.id);
+    Ok(())
+}
+
+fn delete(ctx: &CliContext, workspace_id: &str, yes: bool) -> CommandResult {
+    if !yes && !confirm_delete("workspace", workspace_id) {
+        println!("Aborted");
+        return Ok(());
+    }
+
+    let deleted = ctx
+        .db()
+        .delete_workspace_by_id(workspace_id, &UpdateSource::Sync)
+        .map_err(|e| format!("Failed to delete workspace: {e}"))?;
+    println!("Deleted workspace: {}", deleted.id);
+    Ok(())
+}

crates-cli/yaak-cli/src/context.rs

@@ -0,0 +1,133 @@
+use crate::plugin_events::CliPluginEventBridge;
+use include_dir::{Dir, include_dir};
+use std::fs;
+use std::path::{Path, PathBuf};
+use std::sync::Arc;
+use tokio::sync::Mutex;
+use yaak_crypto::manager::EncryptionManager;
+use yaak_models::blob_manager::BlobManager;
+use yaak_models::db_context::DbContext;
+use yaak_models::query_manager::QueryManager;
+use yaak_plugins::events::PluginContext;
+use yaak_plugins::manager::PluginManager;
+
+const EMBEDDED_PLUGIN_RUNTIME: &str = include_str!(concat!(
+    env!("CARGO_MANIFEST_DIR"),
+    "/../../crates-tauri/yaak-app/vendored/plugin-runtime/index.cjs"
+));
+static EMBEDDED_VENDORED_PLUGINS: Dir<'_> =
+    include_dir!("$CARGO_MANIFEST_DIR/../../crates-tauri/yaak-app/vendored/plugins");
+
+pub struct CliContext {
+    data_dir: PathBuf,
+    query_manager: QueryManager,
+    blob_manager: BlobManager,
+    pub encryption_manager: Arc<EncryptionManager>,
+    plugin_manager: Option<Arc<PluginManager>>,
+    plugin_event_bridge: Mutex<Option<CliPluginEventBridge>>,
+}
+
+impl CliContext {
+    pub async fn initialize(data_dir: PathBuf, app_id: &str, with_plugins: bool) -> Self {
+        let db_path = data_dir.join("db.sqlite");
+        let blob_path = data_dir.join("blobs.sqlite");
+
+        let (query_manager, blob_manager, _rx) = yaak_models::init_standalone(&db_path, &blob_path)
+            .expect("Failed to initialize database");
+
+        let encryption_manager = Arc::new(EncryptionManager::new(query_manager.clone(), app_id));
+
+        let plugin_manager = if with_plugins {
+            let vendored_plugin_dir = data_dir.join("vendored-plugins");
+            let installed_plugin_dir = data_dir.join("installed-plugins");
+            let node_bin_path = PathBuf::from("node");
+
+            prepare_embedded_vendored_plugins(&vendored_plugin_dir)
+                .expect("Failed to prepare bundled plugins");
+
+            let plugin_runtime_main =
+                std::env::var("YAAK_PLUGIN_RUNTIME").map(PathBuf::from).unwrap_or_else(|_| {
+                    prepare_embedded_plugin_runtime(&data_dir)
+                        .expect("Failed to prepare embedded plugin runtime")
+                });
+
+            match PluginManager::new(
+                vendored_plugin_dir,
+                installed_plugin_dir,
+                node_bin_path,
+                plugin_runtime_main,
+                &query_manager,
+                &PluginContext::new_empty(),
+                false,
+            )
+            .await
+            {
+                Ok(plugin_manager) => Some(Arc::new(plugin_manager)),
+                Err(err) => {
+                    eprintln!("Warning: Failed to initialize plugins: {err}");
+                    None
+                }
+            }
+        } else {
+            None
+        };
+
+        let plugin_event_bridge = if let Some(plugin_manager) = &plugin_manager {
+            Some(CliPluginEventBridge::start(plugin_manager.clone(), query_manager.clone()).await)
+        } else {
+            None
+        };
+
+        Self {
+            data_dir,
+            query_manager,
+            blob_manager,
+            encryption_manager,
+            plugin_manager,
+            plugin_event_bridge: Mutex::new(plugin_event_bridge),
+        }
+    }
+
+    pub fn data_dir(&self) -> &Path {
+        &self.data_dir
+    }
+
+    pub fn db(&self) -> DbContext<'_> {
+        self.query_manager.connect()
+    }
+
+    pub fn query_manager(&self) -> &QueryManager {
+        &self.query_manager
+    }
+
+    pub fn blob_manager(&self) -> &BlobManager {
+        &self.blob_manager
+    }
+
+    pub fn plugin_manager(&self) -> Arc<PluginManager> {
+        self.plugin_manager.clone().expect("Plugin manager was not initialized for this command")
+    }
+
+    pub async fn shutdown(&self) {
+        if let Some(plugin_manager) = &self.plugin_manager {
+            if let Some(plugin_event_bridge) = self.plugin_event_bridge.lock().await.take() {
+                plugin_event_bridge.shutdown(plugin_manager).await;
+            }
+            plugin_manager.terminate().await;
+        }
+    }
+}
+
+fn prepare_embedded_plugin_runtime(data_dir: &Path) -> std::io::Result<PathBuf> {
+    let runtime_dir = data_dir.join("vendored").join("plugin-runtime");
+    fs::create_dir_all(&runtime_dir)?;
+    let runtime_main = runtime_dir.join("index.cjs");
+    fs::write(&runtime_main, EMBEDDED_PLUGIN_RUNTIME)?;
+    Ok(runtime_main)
+}
+
+fn prepare_embedded_vendored_plugins(vendored_plugin_dir: &Path) -> std::io::Result<()> {
+    fs::create_dir_all(vendored_plugin_dir)?;
+    EMBEDDED_VENDORED_PLUGINS.extract(vendored_plugin_dir)?;
+    Ok(())
+}

crates-cli/yaak-cli/src/main.rs

@@ -1,409 +1,101 @@
-use clap::{Parser, Subcommand};
-use log::info;
-use serde_json::Value;
-use std::collections::BTreeMap;
-use std::path::PathBuf;
-use std::sync::Arc;
-use tokio::sync::mpsc;
-use yaak_crypto::manager::EncryptionManager;
-use yaak_http::path_placeholders::apply_path_placeholders;
-use yaak_http::sender::{HttpSender, ReqwestSender};
-use yaak_http::types::{SendableHttpRequest, SendableHttpRequestOptions};
-use yaak_models::models::{HttpRequest, HttpRequestHeader, HttpUrlParameter};
-use yaak_models::render::make_vars_hashmap;
-use yaak_models::util::UpdateSource;
-use yaak_plugins::events::{PluginContext, RenderPurpose};
-use yaak_plugins::manager::PluginManager;
-use yaak_plugins::template_callback::PluginTemplateCallback;
-use yaak_templates::{RenderOptions, parse_and_render, render_json_value_raw};
+mod cli;
+mod commands;
+mod context;
+mod plugin_events;
+mod ui;
+mod utils;
+mod version;
 
-#[derive(Parser)]
-#[command(name = "yaakcli")]
-#[command(about = "Yaak CLI - API client from the command line")]
-struct Cli {
-    /// Use a custom data directory
-    #[arg(long, global = true)]
-    data_dir: Option<PathBuf>,
-
-    /// Environment ID to use for variable substitution
-    #[arg(long, short, global = true)]
-    environment: Option<String>,
-
-    /// Enable verbose logging
-    #[arg(long, short, global = true)]
-    verbose: bool,
-
-    #[command(subcommand)]
-    command: Commands,
-}
-
-#[derive(Subcommand)]
-enum Commands {
-    /// List all workspaces
-    Workspaces,
-    /// List requests in a workspace
-    Requests {
-        /// Workspace ID
-        workspace_id: String,
-    },
-    /// Send an HTTP request by ID
-    Send {
-        /// Request ID
-        request_id: String,
-    },
-    /// Send a GET request to a URL
-    Get {
-        /// URL to request
-        url: String,
-    },
-    /// Create a new HTTP request
-    Create {
-        /// Workspace ID
-        workspace_id: String,
-        /// Request name
-        #[arg(short, long)]
-        name: String,
-        /// HTTP method
-        #[arg(short, long, default_value = "GET")]
-        method: String,
-        /// URL
-        #[arg(short, long)]
-        url: String,
-    },
-}
-
-/// Render an HTTP request with template variables and plugin functions
-async fn render_http_request(
-    r: &HttpRequest,
-    environment_chain: Vec<yaak_models::models::Environment>,
-    cb: &PluginTemplateCallback,
-    opt: &RenderOptions,
-) -> yaak_templates::error::Result<HttpRequest> {
-    let vars = &make_vars_hashmap(environment_chain);
-
-    let mut url_parameters = Vec::new();
-    for p in r.url_parameters.clone() {
-        if !p.enabled {
-            continue;
-        }
-        url_parameters.push(HttpUrlParameter {
-            enabled: p.enabled,
-            name: parse_and_render(p.name.as_str(), vars, cb, opt).await?,
-            value: parse_and_render(p.value.as_str(), vars, cb, opt).await?,
-            id: p.id,
-        })
-    }
-
-    let mut headers = Vec::new();
-    for p in r.headers.clone() {
-        if !p.enabled {
-            continue;
-        }
-        headers.push(HttpRequestHeader {
-            enabled: p.enabled,
-            name: parse_and_render(p.name.as_str(), vars, cb, opt).await?,
-            value: parse_and_render(p.value.as_str(), vars, cb, opt).await?,
-            id: p.id,
-        })
-    }
-
-    let mut body = BTreeMap::new();
-    for (k, v) in r.body.clone() {
-        body.insert(k, render_json_value_raw(v, vars, cb, opt).await?);
-    }
-
-    let authentication = {
-        let mut disabled = false;
-        let mut auth = BTreeMap::new();
-        match r.authentication.get("disabled") {
-            Some(Value::Bool(true)) => {
-                disabled = true;
-            }
-            Some(Value::String(tmpl)) => {
-                disabled = parse_and_render(tmpl.as_str(), vars, cb, opt)
-                    .await
-                    .unwrap_or_default()
-                    .is_empty();
-                info!(
-                    "Rendering authentication.disabled as a template: {disabled} from \"{tmpl}\""
-                );
-            }
-            _ => {}
-        }
-        if disabled {
-            auth.insert("disabled".to_string(), Value::Bool(true));
-        } else {
-            for (k, v) in r.authentication.clone() {
-                if k == "disabled" {
-                    auth.insert(k, Value::Bool(false));
-                } else {
-                    auth.insert(k, render_json_value_raw(v, vars, cb, opt).await?);
-                }
-            }
-        }
-        auth
-    };
-
-    let url = parse_and_render(r.url.clone().as_str(), vars, cb, opt).await?;
-
-    // Apply path placeholders (e.g., /users/:id -> /users/123)
-    let (url, url_parameters) = apply_path_placeholders(&url, &url_parameters);
-
-    Ok(HttpRequest { url, url_parameters, headers, body, authentication, ..r.to_owned() })
-}
+use clap::Parser;
+use cli::{Cli, Commands, RequestCommands};
+use context::CliContext;
 
 #[tokio::main]
 async fn main() {
-    let cli = Cli::parse();
+    let Cli { data_dir, environment, verbose, log, command } = Cli::parse();
 
-    // Initialize logging
-    if cli.verbose {
-        env_logger::Builder::from_env(env_logger::Env::default().default_filter_or("info")).init();
+    if let Some(log_level) = log {
+        match log_level {
+            Some(level) => {
+                env_logger::Builder::new().filter_level(level.as_filter()).init();
+            }
+            None => {
+                env_logger::Builder::from_env(env_logger::Env::default().default_filter_or("info"))
+                    .init();
+            }
+        }
     }
 
-    // Use the same app_id for both data directory and keyring
     let app_id = if cfg!(debug_assertions) { "app.yaak.desktop.dev" } else { "app.yaak.desktop" };
 
-    let data_dir = cli.data_dir.unwrap_or_else(|| {
+    let data_dir = data_dir.unwrap_or_else(|| {
         dirs::data_dir().expect("Could not determine data directory").join(app_id)
     });
 
-    let db_path = data_dir.join("db.sqlite");
-    let blob_path = data_dir.join("blobs.sqlite");
-
-    let (query_manager, _blob_manager, _rx) =
-        yaak_models::init_standalone(&db_path, &blob_path).expect("Failed to initialize database");
-
-    let db = query_manager.connect();
-
-    // Initialize encryption manager for secure() template function
-    // Use the same app_id as the Tauri app for keyring access
-    let encryption_manager = Arc::new(EncryptionManager::new(query_manager.clone(), app_id));
-
-    // Initialize plugin manager for template functions
-    let vendored_plugin_dir = data_dir.join("vendored-plugins");
-    let installed_plugin_dir = data_dir.join("installed-plugins");
-
-    // Use system node for CLI (must be in PATH)
-    let node_bin_path = PathBuf::from("node");
-
-    // Find the plugin runtime - check YAAK_PLUGIN_RUNTIME env var, then fallback to development path
-    let plugin_runtime_main =
-        std::env::var("YAAK_PLUGIN_RUNTIME").map(PathBuf::from).unwrap_or_else(|_| {
-            // Development fallback: look relative to crate root
-            PathBuf::from(env!("CARGO_MANIFEST_DIR"))
-                .join("../../crates-tauri/yaak-app/vendored/plugin-runtime/index.cjs")
-        });
-
-    // Create plugin manager (plugins may not be available in CLI context)
-    let plugin_manager = Arc::new(
-        PluginManager::new(
-            vendored_plugin_dir,
-            installed_plugin_dir,
-            node_bin_path,
-            plugin_runtime_main,
-            false,
-        )
-        .await,
+    let needs_context = matches!(
+        &command,
+        Commands::Send(_)
+            | Commands::Workspace(_)
+            | Commands::Request(_)
+            | Commands::Folder(_)
+            | Commands::Environment(_)
     );
 
-    // Initialize plugins from database
-    let plugins = db.list_plugins().unwrap_or_default();
-    if !plugins.is_empty() {
-        let errors =
-            plugin_manager.initialize_all_plugins(plugins, &PluginContext::new_empty()).await;
-        for (plugin_dir, error_msg) in errors {
-            eprintln!("Warning: Failed to initialize plugin '{}': {}", plugin_dir, error_msg);
-        }
-    }
+    let needs_plugins = matches!(
+        &command,
+        Commands::Send(_)
+            | Commands::Request(cli::RequestArgs {
+                command: RequestCommands::Send { .. } | RequestCommands::Schema { .. },
+            })
+    );
 
-    match cli.command {
-        Commands::Workspaces => {
-            let workspaces = db.list_workspaces().expect("Failed to list workspaces");
-            if workspaces.is_empty() {
-                println!("No workspaces found");
-            } else {
-                for ws in workspaces {
-                    println!("{} - {}", ws.id, ws.name);
-                }
-            }
-        }
-        Commands::Requests { workspace_id } => {
-            let requests = db.list_http_requests(&workspace_id).expect("Failed to list requests");
-            if requests.is_empty() {
-                println!("No requests found in workspace {}", workspace_id);
-            } else {
-                for req in requests {
-                    println!("{} - {} {}", req.id, req.method, req.name);
-                }
-            }
-        }
-        Commands::Send { request_id } => {
-            let request = db.get_http_request(&request_id).expect("Failed to get request");
+    let context = if needs_context {
+        Some(CliContext::initialize(data_dir, app_id, needs_plugins).await)
+    } else {
+        None
+    };
 
-            // Resolve environment chain for variable substitution
-            let environment_chain = db
-                .resolve_environments(
-                    &request.workspace_id,
-                    request.folder_id.as_deref(),
-                    cli.environment.as_deref(),
-                )
-                .unwrap_or_default();
-
-            // Create template callback with plugin support
-            let plugin_context = PluginContext::new(None, Some(request.workspace_id.clone()));
-            let template_callback = PluginTemplateCallback::new(
-                plugin_manager.clone(),
-                encryption_manager.clone(),
-                &plugin_context,
-                RenderPurpose::Send,
-            );
-
-            // Render templates in the request
-            let rendered_request = render_http_request(
-                &request,
-                environment_chain,
-                &template_callback,
-                &RenderOptions::throw(),
+    let exit_code = match command {
+        Commands::Auth(args) => commands::auth::run(args).await,
+        Commands::Plugin(args) => commands::plugin::run(args).await,
+        Commands::Build(args) => commands::plugin::run_build(args).await,
+        Commands::Dev(args) => commands::plugin::run_dev(args).await,
+        Commands::Send(args) => {
+            commands::send::run(
+                context.as_ref().expect("context initialized for send"),
+                args,
+                environment.as_deref(),
+                verbose,
             )
             .await
-            .expect("Failed to render request templates");
-
-            if cli.verbose {
-                println!("> {} {}", rendered_request.method, rendered_request.url);
-            }
-
-            // Convert to sendable request
-            let sendable = SendableHttpRequest::from_http_request(
-                &rendered_request,
-                SendableHttpRequestOptions::default(),
+        }
+        Commands::Workspace(args) => commands::workspace::run(
+            context.as_ref().expect("context initialized for workspace"),
+            args,
+        ),
+        Commands::Request(args) => {
+            commands::request::run(
+                context.as_ref().expect("context initialized for request"),
+                args,
+                environment.as_deref(),
+                verbose,
             )
             .await
-            .expect("Failed to build request");
-
-            // Create event channel for progress
-            let (event_tx, mut event_rx) = mpsc::channel(100);
-
-            // Spawn task to print events if verbose
-            let verbose = cli.verbose;
-            let verbose_handle = if verbose {
-                Some(tokio::spawn(async move {
-                    while let Some(event) = event_rx.recv().await {
-                        println!("{}", event);
-                    }
-                }))
-            } else {
-                // Drain events silently
-                tokio::spawn(async move { while event_rx.recv().await.is_some() {} });
-                None
-            };
-
-            // Send the request
-            let sender = ReqwestSender::new().expect("Failed to create HTTP client");
-            let response = sender.send(sendable, event_tx).await.expect("Failed to send request");
-
-            // Wait for event handler to finish
-            if let Some(handle) = verbose_handle {
-                let _ = handle.await;
-            }
-
-            // Print response
-            if verbose {
-                println!();
-            }
-            println!(
-                "HTTP {} {}",
-                response.status,
-                response.status_reason.as_deref().unwrap_or("")
-            );
-
-            if verbose {
-                for (name, value) in &response.headers {
-                    println!("{}: {}", name, value);
-                }
-                println!();
-            }
-
-            // Print body
-            let (body, _stats) = response.text().await.expect("Failed to read response body");
-            println!("{}", body);
         }
-        Commands::Get { url } => {
-            if cli.verbose {
-                println!("> GET {}", url);
-            }
-
-            // Build a simple GET request
-            let sendable = SendableHttpRequest {
-                url: url.clone(),
-                method: "GET".to_string(),
-                headers: vec![],
-                body: None,
-                options: SendableHttpRequestOptions::default(),
-            };
-
-            // Create event channel for progress
-            let (event_tx, mut event_rx) = mpsc::channel(100);
-
-            // Spawn task to print events if verbose
-            let verbose = cli.verbose;
-            let verbose_handle = if verbose {
-                Some(tokio::spawn(async move {
-                    while let Some(event) = event_rx.recv().await {
-                        println!("{}", event);
-                    }
-                }))
-            } else {
-                tokio::spawn(async move { while event_rx.recv().await.is_some() {} });
-                None
-            };
-
-            // Send the request
-            let sender = ReqwestSender::new().expect("Failed to create HTTP client");
-            let response = sender.send(sendable, event_tx).await.expect("Failed to send request");
-
-            if let Some(handle) = verbose_handle {
-                let _ = handle.await;
-            }
-
-            // Print response
-            if verbose {
-                println!();
-            }
-            println!(
-                "HTTP {} {}",
-                response.status,
-                response.status_reason.as_deref().unwrap_or("")
-            );
-
-            if verbose {
-                for (name, value) in &response.headers {
-                    println!("{}: {}", name, value);
-                }
-                println!();
-            }
-
-            // Print body
-            let (body, _stats) = response.text().await.expect("Failed to read response body");
-            println!("{}", body);
+        Commands::Folder(args) => {
+            commands::folder::run(context.as_ref().expect("context initialized for folder"), args)
         }
-        Commands::Create { workspace_id, name, method, url } => {
-            let request = HttpRequest {
-                workspace_id,
-                name,
-                method: method.to_uppercase(),
-                url,
-                ..Default::default()
-            };
+        Commands::Environment(args) => commands::environment::run(
+            context.as_ref().expect("context initialized for environment"),
+            args,
+        ),
+    };
 
-            let created = db
-                .upsert_http_request(&request, &UpdateSource::Sync)
-                .expect("Failed to create request");
-
-            println!("Created request: {}", created.id);
-        }
+    if let Some(context) = &context {
+        context.shutdown().await;
     }
 
-    // Terminate plugin manager gracefully
-    plugin_manager.terminate().await;
+    if exit_code != 0 {
+        std::process::exit(exit_code);
+    }
 }

crates-cli/yaak-cli/src/plugin_events.rs

@@ -0,0 +1,212 @@
+use std::sync::Arc;
+use tokio::task::JoinHandle;
+use yaak::plugin_events::{
+    GroupedPluginEvent, HostRequest, SharedPluginEventContext, handle_shared_plugin_event,
+};
+use yaak_models::query_manager::QueryManager;
+use yaak_plugins::events::{
+    EmptyPayload, ErrorResponse, InternalEvent, InternalEventPayload, ListOpenWorkspacesResponse,
+    WorkspaceInfo,
+};
+use yaak_plugins::manager::PluginManager;
+
+pub struct CliPluginEventBridge {
+    rx_id: String,
+    task: JoinHandle<()>,
+}
+
+impl CliPluginEventBridge {
+    pub async fn start(plugin_manager: Arc<PluginManager>, query_manager: QueryManager) -> Self {
+        let (rx_id, mut rx) = plugin_manager.subscribe("cli").await;
+        let rx_id_for_task = rx_id.clone();
+        let pm = plugin_manager.clone();
+
+        let task = tokio::spawn(async move {
+            while let Some(event) = rx.recv().await {
+                // Events with reply IDs are replies to app-originated requests.
+                if event.reply_id.is_some() {
+                    continue;
+                }
+
+                let Some(plugin_handle) = pm.get_plugin_by_ref_id(&event.plugin_ref_id).await
+                else {
+                    eprintln!(
+                        "Warning: Ignoring plugin event with unknown plugin ref '{}'",
+                        event.plugin_ref_id
+                    );
+                    continue;
+                };
+
+                let plugin_name = plugin_handle.info().name;
+                let Some(reply_payload) = build_plugin_reply(&query_manager, &event, &plugin_name)
+                else {
+                    continue;
+                };
+
+                if let Err(err) = pm.reply(&event, &reply_payload).await {
+                    eprintln!("Warning: Failed replying to plugin event: {err}");
+                }
+            }
+
+            pm.unsubscribe(&rx_id_for_task).await;
+        });
+
+        Self { rx_id, task }
+    }
+
+    pub async fn shutdown(self, plugin_manager: &PluginManager) {
+        plugin_manager.unsubscribe(&self.rx_id).await;
+        self.task.abort();
+        let _ = self.task.await;
+    }
+}
+
+fn build_plugin_reply(
+    query_manager: &QueryManager,
+    event: &InternalEvent,
+    plugin_name: &str,
+) -> Option<InternalEventPayload> {
+    match handle_shared_plugin_event(
+        query_manager,
+        &event.payload,
+        SharedPluginEventContext {
+            plugin_name,
+            workspace_id: event.context.workspace_id.as_deref(),
+        },
+    ) {
+        GroupedPluginEvent::Handled(payload) => payload,
+        GroupedPluginEvent::ToHandle(host_request) => match host_request {
+            HostRequest::ErrorResponse(resp) => {
+                eprintln!("[plugin:{}] error: {}", plugin_name, resp.error);
+                None
+            }
+            HostRequest::ReloadResponse(_) => None,
+            HostRequest::ShowToast(req) => {
+                eprintln!("[plugin:{}] {}", plugin_name, req.message);
+                Some(InternalEventPayload::ShowToastResponse(EmptyPayload {}))
+            }
+            HostRequest::ListOpenWorkspaces(_) => {
+                let workspaces = match query_manager.connect().list_workspaces() {
+                    Ok(workspaces) => workspaces
+                        .into_iter()
+                        .map(|w| WorkspaceInfo { id: w.id.clone(), name: w.name, label: w.id })
+                        .collect(),
+                    Err(err) => {
+                        return Some(InternalEventPayload::ErrorResponse(ErrorResponse {
+                            error: format!("Failed to list workspaces in CLI: {err}"),
+                        }));
+                    }
+                };
+                Some(InternalEventPayload::ListOpenWorkspacesResponse(ListOpenWorkspacesResponse {
+                    workspaces,
+                }))
+            }
+            req => Some(InternalEventPayload::ErrorResponse(ErrorResponse {
+                error: format!("Unsupported plugin request in CLI: {}", req.type_name()),
+            })),
+        },
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use tempfile::TempDir;
+    use yaak_plugins::events::{GetKeyValueRequest, PluginContext, WindowInfoRequest};
+
+    fn query_manager_for_test() -> (QueryManager, TempDir) {
+        let temp_dir = TempDir::new().expect("Failed to create temp dir");
+        let db_path = temp_dir.path().join("db.sqlite");
+        let blob_path = temp_dir.path().join("blobs.sqlite");
+        let (query_manager, _blob_manager, _rx) =
+            yaak_models::init_standalone(&db_path, &blob_path).expect("Failed to initialize DB");
+        (query_manager, temp_dir)
+    }
+
+    fn event(payload: InternalEventPayload) -> InternalEvent {
+        InternalEvent {
+            id: "evt_1".to_string(),
+            plugin_ref_id: "plugin_ref_1".to_string(),
+            plugin_name: "@yaak/test-plugin".to_string(),
+            reply_id: None,
+            context: PluginContext::new_empty(),
+            payload,
+        }
+    }
+
+    #[test]
+    fn key_value_requests_round_trip() {
+        let (query_manager, _temp_dir) = query_manager_for_test();
+        let plugin_name = "@yaak/test-plugin";
+
+        let get_missing = build_plugin_reply(
+            &query_manager,
+            &event(InternalEventPayload::GetKeyValueRequest(GetKeyValueRequest {
+                key: "missing".to_string(),
+            })),
+            plugin_name,
+        );
+        match get_missing {
+            Some(InternalEventPayload::GetKeyValueResponse(r)) => assert_eq!(r.value, None),
+            other => panic!("unexpected payload for missing get: {other:?}"),
+        }
+
+        let set = build_plugin_reply(
+            &query_manager,
+            &event(InternalEventPayload::SetKeyValueRequest(
+                yaak_plugins::events::SetKeyValueRequest {
+                    key: "token".to_string(),
+                    value: "{\"access_token\":\"abc\"}".to_string(),
+                },
+            )),
+            plugin_name,
+        );
+        assert!(matches!(set, Some(InternalEventPayload::SetKeyValueResponse(_))));
+
+        let get_present = build_plugin_reply(
+            &query_manager,
+            &event(InternalEventPayload::GetKeyValueRequest(GetKeyValueRequest {
+                key: "token".to_string(),
+            })),
+            plugin_name,
+        );
+        match get_present {
+            Some(InternalEventPayload::GetKeyValueResponse(r)) => {
+                assert_eq!(r.value, Some("{\"access_token\":\"abc\"}".to_string()))
+            }
+            other => panic!("unexpected payload for present get: {other:?}"),
+        }
+
+        let delete = build_plugin_reply(
+            &query_manager,
+            &event(InternalEventPayload::DeleteKeyValueRequest(
+                yaak_plugins::events::DeleteKeyValueRequest { key: "token".to_string() },
+            )),
+            plugin_name,
+        );
+        match delete {
+            Some(InternalEventPayload::DeleteKeyValueResponse(r)) => assert!(r.deleted),
+            other => panic!("unexpected payload for delete: {other:?}"),
+        }
+    }
+
+    #[test]
+    fn unsupported_request_gets_error_reply() {
+        let (query_manager, _temp_dir) = query_manager_for_test();
+        let payload = build_plugin_reply(
+            &query_manager,
+            &event(InternalEventPayload::WindowInfoRequest(WindowInfoRequest {
+                label: "main".to_string(),
+            })),
+            "@yaak/test-plugin",
+        );
+
+        match payload {
+            Some(InternalEventPayload::ErrorResponse(err)) => {
+                assert!(err.error.contains("Unsupported plugin request in CLI"));
+                assert!(err.error.contains("window_info_request"));
+            }
+            other => panic!("unexpected payload for unsupported request: {other:?}"),
+        }
+    }
+}

crates-cli/yaak-cli/src/ui.rs

@@ -0,0 +1,34 @@
+use console::style;
+use std::io::{self, IsTerminal};
+
+pub fn info(message: &str) {
+    if io::stdout().is_terminal() {
+        println!("{:<8} {}", style("INFO").cyan().bold(), style(message).cyan());
+    } else {
+        println!("INFO     {message}");
+    }
+}
+
+pub fn warning(message: &str) {
+    if io::stdout().is_terminal() {
+        println!("{:<8} {}", style("WARNING").yellow().bold(), style(message).yellow());
+    } else {
+        println!("WARNING  {message}");
+    }
+}
+
+pub fn success(message: &str) {
+    if io::stdout().is_terminal() {
+        println!("{:<8} {}", style("SUCCESS").green().bold(), style(message).green());
+    } else {
+        println!("SUCCESS  {message}");
+    }
+}
+
+pub fn error(message: &str) {
+    if io::stderr().is_terminal() {
+        eprintln!("{:<8} {}", style("ERROR").red().bold(), style(message).red());
+    } else {
+        eprintln!("Error: {message}");
+    }
+}

crates-cli/yaak-cli/src/utils/confirm.rs

@@ -0,0 +1,16 @@
+use std::io::{self, IsTerminal, Write};
+
+pub fn confirm_delete(resource_name: &str, resource_id: &str) -> bool {
+    if !io::stdin().is_terminal() {
+        eprintln!("Refusing to delete in non-interactive mode without --yes");
+        std::process::exit(1);
+    }
+
+    print!("Delete {resource_name} {resource_id}? [y/N]: ");
+    io::stdout().flush().expect("Failed to flush stdout");
+
+    let mut input = String::new();
+    io::stdin().read_line(&mut input).expect("Failed to read confirmation");
+
+    matches!(input.trim().to_lowercase().as_str(), "y" | "yes")
+}

crates-cli/yaak-cli/src/utils/http.rs

@@ -0,0 +1,47 @@
+use reqwest::Client;
+use reqwest::header::{HeaderMap, HeaderName, HeaderValue, USER_AGENT};
+use serde_json::Value;
+
+pub fn build_client(session_token: Option<&str>) -> Result<Client, String> {
+    let mut headers = HeaderMap::new();
+    let user_agent = HeaderValue::from_str(&user_agent())
+        .map_err(|e| format!("Failed to build user-agent header: {e}"))?;
+    headers.insert(USER_AGENT, user_agent);
+
+    if let Some(token) = session_token {
+        let token_value = HeaderValue::from_str(token)
+            .map_err(|e| format!("Failed to build session header: {e}"))?;
+        headers.insert(HeaderName::from_static("x-yaak-session"), token_value);
+    }
+
+    Client::builder()
+        .default_headers(headers)
+        .build()
+        .map_err(|e| format!("Failed to initialize HTTP client: {e}"))
+}
+
+pub fn parse_api_error(status: u16, body: &str) -> String {
+    if let Ok(value) = serde_json::from_str::<Value>(body) {
+        if let Some(message) = value.get("message").and_then(Value::as_str) {
+            return message.to_string();
+        }
+        if let Some(error) = value.get("error").and_then(Value::as_str) {
+            return error.to_string();
+        }
+    }
+
+    format!("API error {status}: {body}")
+}
+
+fn user_agent() -> String {
+    format!("YaakCli/{} ({})", crate::version::cli_version(), ua_platform())
+}
+
+fn ua_platform() -> &'static str {
+    match std::env::consts::OS {
+        "windows" => "Win",
+        "darwin" => "Mac",
+        "linux" => "Linux",
+        _ => "Unknown",
+    }
+}

crates-cli/yaak-cli/src/utils/json.rs

@@ -0,0 +1,131 @@
+use serde::Serialize;
+use serde::de::DeserializeOwned;
+use serde_json::{Map, Value};
+
+type JsonResult<T> = std::result::Result<T, String>;
+
+pub fn is_json_shorthand(input: &str) -> bool {
+    input.trim_start().starts_with('{')
+}
+
+pub fn parse_json_object(raw: &str, context: &str) -> JsonResult<Value> {
+    let value: Value = serde_json::from_str(raw)
+        .map_err(|error| format!("Invalid JSON for {context}: {error}"))?;
+
+    if !value.is_object() {
+        return Err(format!("JSON payload for {context} must be an object"));
+    }
+
+    Ok(value)
+}
+
+pub fn parse_optional_json(
+    json_flag: Option<String>,
+    json_shorthand: Option<String>,
+    context: &str,
+) -> JsonResult<Option<Value>> {
+    match (json_flag, json_shorthand) {
+        (Some(_), Some(_)) => {
+            Err(format!("Cannot provide both --json and positional JSON for {context}"))
+        }
+        (Some(raw), None) => parse_json_object(&raw, context).map(Some),
+        (None, Some(raw)) => parse_json_object(&raw, context).map(Some),
+        (None, None) => Ok(None),
+    }
+}
+
+pub fn parse_required_json(
+    json_flag: Option<String>,
+    json_shorthand: Option<String>,
+    context: &str,
+) -> JsonResult<Value> {
+    parse_optional_json(json_flag, json_shorthand, context)?
+        .ok_or_else(|| format!("Missing JSON payload for {context}. Use --json or positional JSON"))
+}
+
+pub fn require_id(payload: &Value, context: &str) -> JsonResult<String> {
+    payload
+        .get("id")
+        .and_then(|value| value.as_str())
+        .filter(|value| !value.is_empty())
+        .map(|value| value.to_string())
+        .ok_or_else(|| format!("{context} requires a non-empty \"id\" field"))
+}
+
+pub fn validate_create_id(payload: &Value, context: &str) -> JsonResult<()> {
+    let Some(id_value) = payload.get("id") else {
+        return Ok(());
+    };
+
+    match id_value {
+        Value::String(id) if id.is_empty() => Ok(()),
+        _ => Err(format!("{context} create JSON must omit \"id\" or set it to an empty string")),
+    }
+}
+
+pub fn merge_workspace_id_arg(
+    workspace_id_from_arg: Option<&str>,
+    payload_workspace_id: &mut String,
+    context: &str,
+) -> JsonResult<()> {
+    if let Some(workspace_id_arg) = workspace_id_from_arg {
+        if payload_workspace_id.is_empty() {
+            *payload_workspace_id = workspace_id_arg.to_string();
+        } else if payload_workspace_id != workspace_id_arg {
+            return Err(format!(
+                "{context} got conflicting workspace_id values between positional arg and JSON payload"
+            ));
+        }
+    }
+
+    if payload_workspace_id.is_empty() {
+        return Err(format!(
+            "{context} requires non-empty \"workspaceId\" in JSON payload or positional workspace_id"
+        ));
+    }
+
+    Ok(())
+}
+
+pub fn apply_merge_patch<T>(existing: &T, patch: &Value, id: &str, context: &str) -> JsonResult<T>
+where
+    T: Serialize + DeserializeOwned,
+{
+    let mut base = serde_json::to_value(existing)
+        .map_err(|error| format!("Failed to serialize existing model for {context}: {error}"))?;
+    merge_patch(&mut base, patch);
+
+    let Some(base_object) = base.as_object_mut() else {
+        return Err(format!("Merged payload for {context} must be an object"));
+    };
+    base_object.insert("id".to_string(), Value::String(id.to_string()));
+
+    serde_json::from_value(base)
+        .map_err(|error| format!("Failed to deserialize merged payload for {context}: {error}"))
+}
+
+fn merge_patch(target: &mut Value, patch: &Value) {
+    match patch {
+        Value::Object(patch_map) => {
+            if !target.is_object() {
+                *target = Value::Object(Map::new());
+            }
+
+            let target_map =
+                target.as_object_mut().expect("merge_patch target expected to be object");
+
+            for (key, patch_value) in patch_map {
+                if patch_value.is_null() {
+                    target_map.remove(key);
+                    continue;
+                }
+
+                let target_entry = target_map.entry(key.clone()).or_insert(Value::Null);
+                merge_patch(target_entry, patch_value);
+            }
+        }
+        _ => {
+            *target = patch.clone();
+        }
+    }
+}

crates-cli/yaak-cli/src/utils/mod.rs

@@ -0,0 +1,4 @@
+pub mod confirm;
+pub mod http;
+pub mod json;
+pub mod schema;

crates-cli/yaak-cli/src/utils/schema.rs

@@ -0,0 +1,15 @@
+use serde_json::{Value, json};
+
+pub fn append_agent_hints(schema: &mut Value) {
+    let Some(schema_obj) = schema.as_object_mut() else {
+        return;
+    };
+
+    schema_obj.insert(
+        "x-yaak-agent-hints".to_string(),
+        json!({
+            "templateVariableSyntax": "${[ my_var ]}",
+            "templateFunctionSyntax": "${[ namespace.my_func(a='aaa',b='bbb') ]}",
+        }),
+    );
+}

crates-cli/yaak-cli/src/version.rs

@@ -0,0 +1,3 @@
+pub fn cli_version() -> &'static str {
+    option_env!("YAAK_CLI_VERSION").unwrap_or(env!("CARGO_PKG_VERSION"))
+}

crates-cli/yaak-cli/tests/common/http_server.rs

@@ -0,0 +1,64 @@
+use std::io::{Read, Write};
+use std::net::{SocketAddr, TcpListener, TcpStream};
+use std::sync::Arc;
+use std::sync::atomic::{AtomicBool, Ordering};
+use std::thread;
+use std::time::Duration;
+
+pub struct TestHttpServer {
+    pub url: String,
+    addr: SocketAddr,
+    shutdown: Arc<AtomicBool>,
+    handle: Option<thread::JoinHandle<()>>,
+}
+
+impl TestHttpServer {
+    pub fn spawn_ok(body: &'static str) -> Self {
+        let listener = TcpListener::bind("127.0.0.1:0").expect("Failed to bind test HTTP server");
+        let addr = listener.local_addr().expect("Failed to get local addr");
+        let url = format!("http://{addr}/test");
+        listener.set_nonblocking(true).expect("Failed to set test server listener nonblocking");
+
+        let shutdown = Arc::new(AtomicBool::new(false));
+        let shutdown_signal = Arc::clone(&shutdown);
+        let body_bytes = body.as_bytes().to_vec();
+
+        let handle = thread::spawn(move || {
+            while !shutdown_signal.load(Ordering::Relaxed) {
+                match listener.accept() {
+                    Ok((mut stream, _)) => {
+                        let _ = stream.set_read_timeout(Some(Duration::from_secs(1)));
+                        let mut request_buf = [0u8; 4096];
+                        let _ = stream.read(&mut request_buf);
+
+                        let response = format!(
+                            "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: {}\r\nConnection: close\r\n\r\n",
+                            body_bytes.len()
+                        );
+                        let _ = stream.write_all(response.as_bytes());
+                        let _ = stream.write_all(&body_bytes);
+                        let _ = stream.flush();
+                        break;
+                    }
+                    Err(err) if err.kind() == std::io::ErrorKind::WouldBlock => {
+                        thread::sleep(Duration::from_millis(10));
+                    }
+                    Err(_) => break,
+                }
+            }
+        });
+
+        Self { url, addr, shutdown, handle: Some(handle) }
+    }
+}
+
+impl Drop for TestHttpServer {
+    fn drop(&mut self) {
+        self.shutdown.store(true, Ordering::Relaxed);
+        let _ = TcpStream::connect(self.addr);
+
+        if let Some(handle) = self.handle.take() {
+            let _ = handle.join();
+        }
+    }
+}

crates-cli/yaak-cli/tests/common/mod.rs

@@ -0,0 +1,106 @@
+#![allow(dead_code)]
+
+pub mod http_server;
+
+use assert_cmd::Command;
+use assert_cmd::cargo::cargo_bin_cmd;
+use std::path::Path;
+use yaak_models::models::{Folder, GrpcRequest, HttpRequest, WebsocketRequest, Workspace};
+use yaak_models::query_manager::QueryManager;
+use yaak_models::util::UpdateSource;
+
+pub fn cli_cmd(data_dir: &Path) -> Command {
+    let mut cmd = cargo_bin_cmd!("yaak");
+    cmd.arg("--data-dir").arg(data_dir);
+    cmd
+}
+
+pub fn parse_created_id(stdout: &[u8], label: &str) -> String {
+    String::from_utf8_lossy(stdout)
+        .trim()
+        .split_once(": ")
+        .map(|(_, id)| id.to_string())
+        .unwrap_or_else(|| panic!("Expected id in '{label}' output"))
+}
+
+pub fn query_manager(data_dir: &Path) -> QueryManager {
+    let db_path = data_dir.join("db.sqlite");
+    let blob_path = data_dir.join("blobs.sqlite");
+    let (query_manager, _blob_manager, _rx) =
+        yaak_models::init_standalone(&db_path, &blob_path).expect("Failed to initialize DB");
+    query_manager
+}
+
+pub fn seed_workspace(data_dir: &Path, workspace_id: &str) {
+    let workspace = Workspace {
+        id: workspace_id.to_string(),
+        name: "Seed Workspace".to_string(),
+        description: "Seeded for integration tests".to_string(),
+        ..Default::default()
+    };
+
+    query_manager(data_dir)
+        .connect()
+        .upsert_workspace(&workspace, &UpdateSource::Sync)
+        .expect("Failed to seed workspace");
+}
+
+pub fn seed_request(data_dir: &Path, workspace_id: &str, request_id: &str) {
+    let request = HttpRequest {
+        id: request_id.to_string(),
+        workspace_id: workspace_id.to_string(),
+        name: "Seeded Request".to_string(),
+        method: "GET".to_string(),
+        url: "https://example.com".to_string(),
+        ..Default::default()
+    };
+
+    query_manager(data_dir)
+        .connect()
+        .upsert_http_request(&request, &UpdateSource::Sync)
+        .expect("Failed to seed request");
+}
+
+pub fn seed_folder(data_dir: &Path, workspace_id: &str, folder_id: &str) {
+    let folder = Folder {
+        id: folder_id.to_string(),
+        workspace_id: workspace_id.to_string(),
+        name: "Seed Folder".to_string(),
+        ..Default::default()
+    };
+
+    query_manager(data_dir)
+        .connect()
+        .upsert_folder(&folder, &UpdateSource::Sync)
+        .expect("Failed to seed folder");
+}
+
+pub fn seed_grpc_request(data_dir: &Path, workspace_id: &str, request_id: &str) {
+    let request = GrpcRequest {
+        id: request_id.to_string(),
+        workspace_id: workspace_id.to_string(),
+        name: "Seeded gRPC Request".to_string(),
+        url: "https://example.com".to_string(),
+        ..Default::default()
+    };
+
+    query_manager(data_dir)
+        .connect()
+        .upsert_grpc_request(&request, &UpdateSource::Sync)
+        .expect("Failed to seed gRPC request");
+}
+
+pub fn seed_websocket_request(data_dir: &Path, workspace_id: &str, request_id: &str) {
+    let request = WebsocketRequest {
+        id: request_id.to_string(),
+        workspace_id: workspace_id.to_string(),
+        name: "Seeded WebSocket Request".to_string(),
+        url: "wss://example.com/socket".to_string(),
+        ..Default::default()
+    };
+
+    query_manager(data_dir)
+        .connect()
+        .upsert_websocket_request(&request, &UpdateSource::Sync)
+        .expect("Failed to seed WebSocket request");
+}

crates-cli/yaak-cli/tests/environment_commands.rs

@@ -0,0 +1,146 @@
+mod common;
+
+use common::{cli_cmd, parse_created_id, query_manager, seed_workspace};
+use predicates::str::contains;
+use tempfile::TempDir;
+
+#[test]
+fn create_list_show_delete_round_trip() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+
+    cli_cmd(data_dir)
+        .args(["environment", "list", "wk_test"])
+        .assert()
+        .success()
+        .stdout(contains("Global Variables"));
+
+    let create_assert = cli_cmd(data_dir)
+        .args(["environment", "create", "wk_test", "--name", "Production"])
+        .assert()
+        .success();
+    let environment_id = parse_created_id(&create_assert.get_output().stdout, "environment create");
+
+    cli_cmd(data_dir)
+        .args(["environment", "list", "wk_test"])
+        .assert()
+        .success()
+        .stdout(contains(&environment_id))
+        .stdout(contains("Production"));
+
+    cli_cmd(data_dir)
+        .args(["environment", "show", &environment_id])
+        .assert()
+        .success()
+        .stdout(contains(format!("\"id\": \"{environment_id}\"")))
+        .stdout(contains("\"parentModel\": \"environment\""));
+
+    cli_cmd(data_dir)
+        .args(["environment", "delete", &environment_id, "--yes"])
+        .assert()
+        .success()
+        .stdout(contains(format!("Deleted environment: {environment_id}")));
+
+    assert!(query_manager(data_dir).connect().get_environment(&environment_id).is_err());
+}
+
+#[test]
+fn json_create_and_update_merge_patch_round_trip() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+
+    let create_assert = cli_cmd(data_dir)
+        .args([
+            "environment",
+            "create",
+            r#"{"workspaceId":"wk_test","name":"Json Environment"}"#,
+        ])
+        .assert()
+        .success();
+    let environment_id = parse_created_id(&create_assert.get_output().stdout, "environment create");
+
+    cli_cmd(data_dir)
+        .args([
+            "environment",
+            "update",
+            &format!(r##"{{"id":"{}","color":"#00ff00"}}"##, environment_id),
+        ])
+        .assert()
+        .success()
+        .stdout(contains(format!("Updated environment: {environment_id}")));
+
+    cli_cmd(data_dir)
+        .args(["environment", "show", &environment_id])
+        .assert()
+        .success()
+        .stdout(contains("\"name\": \"Json Environment\""))
+        .stdout(contains("\"color\": \"#00ff00\""));
+}
+
+#[test]
+fn create_merges_positional_workspace_id_into_json_payload() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+
+    let create_assert = cli_cmd(data_dir)
+        .args([
+            "environment",
+            "create",
+            "wk_test",
+            "--json",
+            r#"{"name":"Merged Environment"}"#,
+        ])
+        .assert()
+        .success();
+    let environment_id = parse_created_id(&create_assert.get_output().stdout, "environment create");
+
+    cli_cmd(data_dir)
+        .args(["environment", "show", &environment_id])
+        .assert()
+        .success()
+        .stdout(contains("\"workspaceId\": \"wk_test\""))
+        .stdout(contains("\"name\": \"Merged Environment\""));
+}
+
+#[test]
+fn create_rejects_conflicting_workspace_ids_between_arg_and_json() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+    seed_workspace(data_dir, "wk_other");
+
+    cli_cmd(data_dir)
+        .args([
+            "environment",
+            "create",
+            "wk_test",
+            "--json",
+            r#"{"workspaceId":"wk_other","name":"Mismatch"}"#,
+        ])
+        .assert()
+        .failure()
+        .stderr(contains(
+            "environment create got conflicting workspace_id values between positional arg and JSON payload",
+        ));
+}
+
+#[test]
+fn environment_schema_outputs_json_schema() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+
+    cli_cmd(data_dir)
+        .args(["environment", "schema"])
+        .assert()
+        .success()
+        .stdout(contains("\"type\":\"object\""))
+        .stdout(contains("\"x-yaak-agent-hints\""))
+        .stdout(contains("\"templateVariableSyntax\":\"${[ my_var ]}\""))
+        .stdout(contains(
+            "\"templateFunctionSyntax\":\"${[ namespace.my_func(a='aaa',b='bbb') ]}\"",
+        ))
+        .stdout(contains("\"workspaceId\""));
+}

crates-cli/yaak-cli/tests/folder_commands.rs

@@ -0,0 +1,122 @@
+mod common;
+
+use common::{cli_cmd, parse_created_id, query_manager, seed_workspace};
+use predicates::str::contains;
+use tempfile::TempDir;
+
+#[test]
+fn create_list_show_delete_round_trip() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+
+    let create_assert = cli_cmd(data_dir)
+        .args(["folder", "create", "wk_test", "--name", "Auth"])
+        .assert()
+        .success();
+    let folder_id = parse_created_id(&create_assert.get_output().stdout, "folder create");
+
+    cli_cmd(data_dir)
+        .args(["folder", "list", "wk_test"])
+        .assert()
+        .success()
+        .stdout(contains(&folder_id))
+        .stdout(contains("Auth"));
+
+    cli_cmd(data_dir)
+        .args(["folder", "show", &folder_id])
+        .assert()
+        .success()
+        .stdout(contains(format!("\"id\": \"{folder_id}\"")))
+        .stdout(contains("\"workspaceId\": \"wk_test\""));
+
+    cli_cmd(data_dir)
+        .args(["folder", "delete", &folder_id, "--yes"])
+        .assert()
+        .success()
+        .stdout(contains(format!("Deleted folder: {folder_id}")));
+
+    assert!(query_manager(data_dir).connect().get_folder(&folder_id).is_err());
+}
+
+#[test]
+fn json_create_and_update_merge_patch_round_trip() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+
+    let create_assert = cli_cmd(data_dir)
+        .args([
+            "folder",
+            "create",
+            r#"{"workspaceId":"wk_test","name":"Json Folder"}"#,
+        ])
+        .assert()
+        .success();
+    let folder_id = parse_created_id(&create_assert.get_output().stdout, "folder create");
+
+    cli_cmd(data_dir)
+        .args([
+            "folder",
+            "update",
+            &format!(r#"{{"id":"{}","description":"Folder Description"}}"#, folder_id),
+        ])
+        .assert()
+        .success()
+        .stdout(contains(format!("Updated folder: {folder_id}")));
+
+    cli_cmd(data_dir)
+        .args(["folder", "show", &folder_id])
+        .assert()
+        .success()
+        .stdout(contains("\"name\": \"Json Folder\""))
+        .stdout(contains("\"description\": \"Folder Description\""));
+}
+
+#[test]
+fn create_merges_positional_workspace_id_into_json_payload() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+
+    let create_assert = cli_cmd(data_dir)
+        .args([
+            "folder",
+            "create",
+            "wk_test",
+            "--json",
+            r#"{"name":"Merged Folder"}"#,
+        ])
+        .assert()
+        .success();
+    let folder_id = parse_created_id(&create_assert.get_output().stdout, "folder create");
+
+    cli_cmd(data_dir)
+        .args(["folder", "show", &folder_id])
+        .assert()
+        .success()
+        .stdout(contains("\"workspaceId\": \"wk_test\""))
+        .stdout(contains("\"name\": \"Merged Folder\""));
+}
+
+#[test]
+fn create_rejects_conflicting_workspace_ids_between_arg_and_json() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+    seed_workspace(data_dir, "wk_other");
+
+    cli_cmd(data_dir)
+        .args([
+            "folder",
+            "create",
+            "wk_test",
+            "--json",
+            r#"{"workspaceId":"wk_other","name":"Mismatch"}"#,
+        ])
+        .assert()
+        .failure()
+        .stderr(contains(
+            "folder create got conflicting workspace_id values between positional arg and JSON payload",
+        ));
+}

crates-cli/yaak-cli/tests/request_commands.rs

@@ -0,0 +1,291 @@
+mod common;
+
+use common::http_server::TestHttpServer;
+use common::{
+    cli_cmd, parse_created_id, query_manager, seed_grpc_request, seed_request,
+    seed_websocket_request, seed_workspace,
+};
+use predicates::str::contains;
+use tempfile::TempDir;
+use yaak_models::models::HttpResponseState;
+
+#[test]
+fn show_and_delete_yes_round_trip() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+
+    let create_assert = cli_cmd(data_dir)
+        .args([
+            "request",
+            "create",
+            "wk_test",
+            "--name",
+            "Smoke Test",
+            "--url",
+            "https://example.com",
+        ])
+        .assert()
+        .success();
+
+    let request_id = parse_created_id(&create_assert.get_output().stdout, "request create");
+
+    cli_cmd(data_dir)
+        .args(["request", "show", &request_id])
+        .assert()
+        .success()
+        .stdout(contains(format!("\"id\": \"{request_id}\"")))
+        .stdout(contains("\"workspaceId\": \"wk_test\""));
+
+    cli_cmd(data_dir)
+        .args(["request", "delete", &request_id, "--yes"])
+        .assert()
+        .success()
+        .stdout(contains(format!("Deleted request: {request_id}")));
+
+    assert!(query_manager(data_dir).connect().get_http_request(&request_id).is_err());
+}
+
+#[test]
+fn delete_without_yes_fails_in_non_interactive_mode() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+    seed_request(data_dir, "wk_test", "rq_seed_delete_noninteractive");
+
+    cli_cmd(data_dir)
+        .args(["request", "delete", "rq_seed_delete_noninteractive"])
+        .assert()
+        .failure()
+        .code(1)
+        .stderr(contains("Refusing to delete in non-interactive mode without --yes"));
+
+    assert!(
+        query_manager(data_dir).connect().get_http_request("rq_seed_delete_noninteractive").is_ok()
+    );
+}
+
+#[test]
+fn json_create_and_update_merge_patch_round_trip() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+
+    let create_assert = cli_cmd(data_dir)
+        .args([
+            "request",
+            "create",
+            r#"{"workspaceId":"wk_test","name":"Json Request","url":"https://example.com"}"#,
+        ])
+        .assert()
+        .success();
+    let request_id = parse_created_id(&create_assert.get_output().stdout, "request create");
+
+    cli_cmd(data_dir)
+        .args([
+            "request",
+            "update",
+            &format!(r#"{{"id":"{}","name":"Renamed Request"}}"#, request_id),
+        ])
+        .assert()
+        .success()
+        .stdout(contains(format!("Updated request: {request_id}")));
+
+    cli_cmd(data_dir)
+        .args(["request", "show", &request_id])
+        .assert()
+        .success()
+        .stdout(contains("\"name\": \"Renamed Request\""))
+        .stdout(contains("\"url\": \"https://example.com\""));
+}
+
+#[test]
+fn update_requires_id_in_json_payload() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+
+    cli_cmd(data_dir)
+        .args(["request", "update", r#"{"name":"No ID"}"#])
+        .assert()
+        .failure()
+        .stderr(contains("request update requires a non-empty \"id\" field"));
+}
+
+#[test]
+fn create_allows_workspace_only_with_empty_defaults() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+
+    let create_assert = cli_cmd(data_dir).args(["request", "create", "wk_test"]).assert().success();
+    let request_id = parse_created_id(&create_assert.get_output().stdout, "request create");
+
+    let request = query_manager(data_dir)
+        .connect()
+        .get_http_request(&request_id)
+        .expect("Failed to load created request");
+    assert_eq!(request.workspace_id, "wk_test");
+    assert_eq!(request.method, "GET");
+    assert_eq!(request.name, "");
+    assert_eq!(request.url, "");
+}
+
+#[test]
+fn create_merges_positional_workspace_id_into_json_payload() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+
+    let create_assert = cli_cmd(data_dir)
+        .args([
+            "request",
+            "create",
+            "wk_test",
+            "--json",
+            r#"{"name":"Merged Request","url":"https://example.com"}"#,
+        ])
+        .assert()
+        .success();
+    let request_id = parse_created_id(&create_assert.get_output().stdout, "request create");
+
+    cli_cmd(data_dir)
+        .args(["request", "show", &request_id])
+        .assert()
+        .success()
+        .stdout(contains("\"workspaceId\": \"wk_test\""))
+        .stdout(contains("\"name\": \"Merged Request\""));
+}
+
+#[test]
+fn create_rejects_conflicting_workspace_ids_between_arg_and_json() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+    seed_workspace(data_dir, "wk_other");
+
+    cli_cmd(data_dir)
+        .args([
+            "request",
+            "create",
+            "wk_test",
+            "--json",
+            r#"{"workspaceId":"wk_other","name":"Mismatch"}"#,
+        ])
+        .assert()
+        .failure()
+        .stderr(contains(
+            "request create got conflicting workspace_id values between positional arg and JSON payload",
+        ));
+}
+
+#[test]
+fn request_send_persists_response_body_and_events() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+
+    let server = TestHttpServer::spawn_ok("hello from integration test");
+
+    let create_assert = cli_cmd(data_dir)
+        .args([
+            "request",
+            "create",
+            "wk_test",
+            "--name",
+            "Send Test",
+            "--url",
+            &server.url,
+        ])
+        .assert()
+        .success();
+    let request_id = parse_created_id(&create_assert.get_output().stdout, "request create");
+
+    cli_cmd(data_dir)
+        .args(["request", "send", &request_id])
+        .assert()
+        .success()
+        .stdout(contains("hello from integration test"));
+
+    let qm = query_manager(data_dir);
+    let db = qm.connect();
+    let responses =
+        db.list_http_responses_for_request(&request_id, None).expect("Failed to load responses");
+    assert_eq!(responses.len(), 1, "expected exactly one persisted response");
+
+    let response = &responses[0];
+    assert_eq!(response.status, 200);
+    assert!(matches!(response.state, HttpResponseState::Closed));
+    assert!(response.error.is_none());
+
+    let body_path =
+        response.body_path.as_ref().expect("expected persisted response body path").to_string();
+    let body = std::fs::read_to_string(&body_path).expect("Failed to read response body file");
+    assert_eq!(body, "hello from integration test");
+
+    let events =
+        db.list_http_response_events(&response.id).expect("Failed to load response events");
+    assert!(!events.is_empty(), "expected at least one persisted response event");
+}
+
+#[test]
+fn request_schema_http_outputs_json_schema() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+
+    cli_cmd(data_dir)
+        .args(["request", "schema", "http"])
+        .assert()
+        .success()
+        .stdout(contains("\"type\":\"object\""))
+        .stdout(contains("\"x-yaak-agent-hints\""))
+        .stdout(contains("\"templateVariableSyntax\":\"${[ my_var ]}\""))
+        .stdout(contains(
+            "\"templateFunctionSyntax\":\"${[ namespace.my_func(a='aaa',b='bbb') ]}\"",
+        ))
+        .stdout(contains("\"authentication\":"))
+        .stdout(contains("/foo/:id/comments/:commentId"))
+        .stdout(contains("put concrete values in `urlParameters`"));
+}
+
+#[test]
+fn request_schema_http_pretty_prints_with_flag() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+
+    cli_cmd(data_dir)
+        .args(["request", "schema", "http", "--pretty"])
+        .assert()
+        .success()
+        .stdout(contains("\"type\": \"object\""))
+        .stdout(contains("\"authentication\""));
+}
+
+#[test]
+fn request_send_grpc_returns_explicit_nyi_error() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+    seed_grpc_request(data_dir, "wk_test", "gr_seed_nyi");
+
+    cli_cmd(data_dir)
+        .args(["request", "send", "gr_seed_nyi"])
+        .assert()
+        .failure()
+        .code(1)
+        .stderr(contains("gRPC request send is not implemented yet in yaak-cli"));
+}
+
+#[test]
+fn request_send_websocket_returns_explicit_nyi_error() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+    seed_websocket_request(data_dir, "wk_test", "wr_seed_nyi");
+
+    cli_cmd(data_dir)
+        .args(["request", "send", "wr_seed_nyi"])
+        .assert()
+        .failure()
+        .code(1)
+        .stderr(contains("WebSocket request send is not implemented yet in yaak-cli"));
+}

crates-cli/yaak-cli/tests/send_commands.rs

@@ -0,0 +1,79 @@
+mod common;
+
+use common::http_server::TestHttpServer;
+use common::{cli_cmd, query_manager, seed_folder, seed_workspace};
+use predicates::str::contains;
+use tempfile::TempDir;
+use yaak_models::models::HttpRequest;
+use yaak_models::util::UpdateSource;
+
+#[test]
+fn top_level_send_workspace_sends_http_requests_and_prints_summary() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+
+    let server = TestHttpServer::spawn_ok("workspace bulk send");
+    let request = HttpRequest {
+        id: "rq_workspace_send".to_string(),
+        workspace_id: "wk_test".to_string(),
+        name: "Workspace Send".to_string(),
+        method: "GET".to_string(),
+        url: server.url.clone(),
+        ..Default::default()
+    };
+    query_manager(data_dir)
+        .connect()
+        .upsert_http_request(&request, &UpdateSource::Sync)
+        .expect("Failed to seed workspace request");
+
+    cli_cmd(data_dir)
+        .args(["send", "wk_test"])
+        .assert()
+        .success()
+        .stdout(contains("workspace bulk send"))
+        .stdout(contains("Send summary: 1 succeeded, 0 failed"));
+}
+
+#[test]
+fn top_level_send_folder_sends_http_requests_and_prints_summary() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+    seed_workspace(data_dir, "wk_test");
+    seed_folder(data_dir, "wk_test", "fl_test");
+
+    let server = TestHttpServer::spawn_ok("folder bulk send");
+    let request = HttpRequest {
+        id: "rq_folder_send".to_string(),
+        workspace_id: "wk_test".to_string(),
+        folder_id: Some("fl_test".to_string()),
+        name: "Folder Send".to_string(),
+        method: "GET".to_string(),
+        url: server.url.clone(),
+        ..Default::default()
+    };
+    query_manager(data_dir)
+        .connect()
+        .upsert_http_request(&request, &UpdateSource::Sync)
+        .expect("Failed to seed folder request");
+
+    cli_cmd(data_dir)
+        .args(["send", "fl_test"])
+        .assert()
+        .success()
+        .stdout(contains("folder bulk send"))
+        .stdout(contains("Send summary: 1 succeeded, 0 failed"));
+}
+
+#[test]
+fn top_level_send_unknown_id_fails_with_clear_error() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+
+    cli_cmd(data_dir)
+        .args(["send", "does_not_exist"])
+        .assert()
+        .failure()
+        .code(1)
+        .stderr(contains("Could not resolve ID 'does_not_exist' as request, folder, or workspace"));
+}

crates-cli/yaak-cli/tests/workspace_commands.rs

@@ -0,0 +1,75 @@
+mod common;
+
+use common::{cli_cmd, parse_created_id, query_manager};
+use predicates::str::contains;
+use tempfile::TempDir;
+
+#[test]
+fn create_show_delete_round_trip() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+
+    let create_assert =
+        cli_cmd(data_dir).args(["workspace", "create", "--name", "WS One"]).assert().success();
+    let workspace_id = parse_created_id(&create_assert.get_output().stdout, "workspace create");
+
+    cli_cmd(data_dir)
+        .args(["workspace", "show", &workspace_id])
+        .assert()
+        .success()
+        .stdout(contains(format!("\"id\": \"{workspace_id}\"")))
+        .stdout(contains("\"name\": \"WS One\""));
+
+    cli_cmd(data_dir)
+        .args(["workspace", "delete", &workspace_id, "--yes"])
+        .assert()
+        .success()
+        .stdout(contains(format!("Deleted workspace: {workspace_id}")));
+
+    assert!(query_manager(data_dir).connect().get_workspace(&workspace_id).is_err());
+}
+
+#[test]
+fn json_create_and_update_merge_patch_round_trip() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+
+    let create_assert = cli_cmd(data_dir)
+        .args(["workspace", "create", r#"{"name":"Json Workspace"}"#])
+        .assert()
+        .success();
+    let workspace_id = parse_created_id(&create_assert.get_output().stdout, "workspace create");
+
+    cli_cmd(data_dir)
+        .args([
+            "workspace",
+            "update",
+            &format!(r#"{{"id":"{}","description":"Updated via JSON"}}"#, workspace_id),
+        ])
+        .assert()
+        .success()
+        .stdout(contains(format!("Updated workspace: {workspace_id}")));
+
+    cli_cmd(data_dir)
+        .args(["workspace", "show", &workspace_id])
+        .assert()
+        .success()
+        .stdout(contains("\"name\": \"Json Workspace\""))
+        .stdout(contains("\"description\": \"Updated via JSON\""));
+}
+
+#[test]
+fn workspace_schema_outputs_json_schema() {
+    let temp_dir = TempDir::new().expect("Failed to create temp dir");
+    let data_dir = temp_dir.path();
+
+    cli_cmd(data_dir)
+        .args(["workspace", "schema"])
+        .assert()
+        .success()
+        .stdout(contains("\"type\":\"object\""))
+        .stdout(contains("\"x-yaak-agent-hints\""))
+        .stdout(contains("\"templateVariableSyntax\":\"${[ my_var ]}\""))
+        .stdout(contains("\"templateFunctionSyntax\":\"${[ namespace.my_func(a='aaa',b='bbb') ]}\""))
+        .stdout(contains("\"name\""));
+}

crates-tauri/yaak-app/Cargo.toml

@@ -57,9 +57,11 @@ url = "2"
 tokio-util = { version = "0.7", features = ["codec"] }
 ts-rs = { workspace = true }
 uuid = "1.12.1"
+yaak-api = { workspace = true }
 yaak-common = { workspace = true }
 yaak-tauri-utils = { workspace = true }
 yaak-core = { workspace = true }
+yaak = { workspace = true }
 yaak-crypto = { workspace = true }
 yaak-fonts = { workspace = true }
 yaak-git = { workspace = true }

crates-tauri/yaak-app/src/error.rs

@@ -36,7 +36,7 @@ pub enum Error {
     PluginError(#[from] yaak_plugins::error::Error),
 
     #[error(transparent)]
-    TauriUtilsError(#[from] yaak_tauri_utils::error::Error),
+    ApiError(#[from] yaak_api::Error),
 
     #[error(transparent)]
     ClipboardError(#[from] tauri_plugin_clipboard_manager::Error),

crates-tauri/yaak-app/src/http_request.rs

@@ -3,45 +3,18 @@ use crate::error::Error::GenericError;
 use crate::error::Result;
 use crate::models_ext::BlobManagerExt;
 use crate::models_ext::QueryManagerExt;
-use crate::render::render_http_request;
-use log::{debug, warn};
-use std::pin::Pin;
+use log::warn;
 use std::sync::Arc;
-use std::sync::atomic::{AtomicI32, Ordering};
-use std::time::{Duration, Instant};
+use std::time::Instant;
 use tauri::{AppHandle, Manager, Runtime, WebviewWindow};
-use tokio::fs::{File, create_dir_all};
-use tokio::io::{AsyncRead, AsyncReadExt, AsyncWriteExt};
 use tokio::sync::watch::Receiver;
-use tokio_util::bytes::Bytes;
+use yaak::send::{SendHttpRequestWithPluginsParams, send_http_request_with_plugins};
 use yaak_crypto::manager::EncryptionManager;
-use yaak_http::client::{
-    HttpConnectionOptions, HttpConnectionProxySetting, HttpConnectionProxySettingAuth,
-};
-use yaak_http::cookies::CookieStore;
-use yaak_http::manager::{CachedClient, HttpConnectionManager};
-use yaak_http::sender::ReqwestSender;
-use yaak_http::tee_reader::TeeReader;
-use yaak_http::transaction::HttpTransaction;
-use yaak_http::types::{
-    SendableBody, SendableHttpRequest, SendableHttpRequestOptions, append_query_params,
-};
-use yaak_models::blob_manager::BodyChunk;
-use yaak_models::models::{
-    CookieJar, Environment, HttpRequest, HttpResponse, HttpResponseEvent, HttpResponseHeader,
-    HttpResponseState, ProxySetting, ProxySettingAuth,
-};
+use yaak_http::manager::HttpConnectionManager;
+use yaak_models::models::{CookieJar, Environment, HttpRequest, HttpResponse, HttpResponseState};
 use yaak_models::util::UpdateSource;
-use yaak_plugins::events::{
-    CallHttpAuthenticationRequest, HttpHeader, PluginContext, RenderPurpose,
-};
+use yaak_plugins::events::PluginContext;
 use yaak_plugins::manager::PluginManager;
-use yaak_plugins::template_callback::PluginTemplateCallback;
-use yaak_templates::RenderOptions;
-use yaak_tls::find_client_certificate;
-
-/// Chunk size for storing request bodies (1MB)
-const REQUEST_BODY_CHUNK_SIZE: usize = 1024 * 1024;
 
 /// Context for managing response state during HTTP transactions.
 /// Handles both persisted responses (stored in DB) and ephemeral responses (in-memory only).
@@ -168,148 +141,31 @@ async fn send_http_request_inner<R: Runtime>(
     let plugin_manager = Arc::new((*app_handle.state::<PluginManager>()).clone());
     let encryption_manager = Arc::new((*app_handle.state::<EncryptionManager>()).clone());
     let connection_manager = app_handle.state::<HttpConnectionManager>();
-    let settings = window.db().get_settings();
-    let workspace_id = &unrendered_request.workspace_id;
-    let folder_id = unrendered_request.folder_id.as_deref();
     let environment_id = environment.map(|e| e.id);
-    let workspace = window.db().get_workspace(workspace_id)?;
-    let (resolved, auth_context_id) = resolve_http_request(window, unrendered_request)?;
-    let cb = PluginTemplateCallback::new(
-        plugin_manager.clone(),
-        encryption_manager.clone(),
-        &plugin_context,
-        RenderPurpose::Send,
-    );
-    let env_chain =
-        window.db().resolve_environments(&workspace.id, folder_id, environment_id.as_deref())?;
-    let mut cancel_rx = cancelled_rx.clone();
-    let render_options = RenderOptions::throw();
-    let request = tokio::select! {
-        result = render_http_request(&resolved, env_chain, &cb, &render_options) => result?,
-        _ = cancel_rx.changed() => {
-            return Err(GenericError("Request canceled".to_string()));
-        }
-    };
+    let cookie_jar_id = cookie_jar.as_ref().map(|jar| jar.id.clone());
 
-    // Build the sendable request using the new SendableHttpRequest type
-    let options = SendableHttpRequestOptions {
-        follow_redirects: workspace.setting_follow_redirects,
-        timeout: if workspace.setting_request_timeout > 0 {
-            Some(Duration::from_millis(workspace.setting_request_timeout.unsigned_abs() as u64))
-        } else {
-            None
-        },
-    };
-    let mut sendable_request = SendableHttpRequest::from_http_request(&request, options).await?;
+    let response_dir = app_handle.path().app_data_dir()?.join("responses");
+    let result = send_http_request_with_plugins(SendHttpRequestWithPluginsParams {
+        query_manager: app_handle.db_manager().inner(),
+        blob_manager: app_handle.blob_manager().inner(),
+        request: unrendered_request.clone(),
+        environment_id: environment_id.as_deref(),
+        update_source: response_ctx.update_source.clone(),
+        cookie_jar_id,
+        response_dir: &response_dir,
+        emit_events_to: None,
+        emit_response_body_chunks_to: None,
+        existing_response: Some(response_ctx.response().clone()),
+        plugin_manager,
+        encryption_manager,
+        plugin_context,
+        cancelled_rx: Some(cancelled_rx.clone()),
+        connection_manager: Some(connection_manager.inner()),
+    })
+    .await
+    .map_err(|e| GenericError(e.to_string()))?;
 
-    debug!("Sending request to {} {}", sendable_request.method, sendable_request.url);
-
-    let proxy_setting = match settings.proxy {
-        None => HttpConnectionProxySetting::System,
-        Some(ProxySetting::Disabled) => HttpConnectionProxySetting::Disabled,
-        Some(ProxySetting::Enabled { http, https, auth, bypass, disabled }) => {
-            if disabled {
-                HttpConnectionProxySetting::System
-            } else {
-                HttpConnectionProxySetting::Enabled {
-                    http,
-                    https,
-                    bypass,
-                    auth: match auth {
-                        None => None,
-                        Some(ProxySettingAuth { user, password }) => {
-                            Some(HttpConnectionProxySettingAuth { user, password })
-                        }
-                    },
-                }
-            }
-        }
-    };
-
-    let client_certificate =
-        find_client_certificate(&sendable_request.url, &settings.client_certificates);
-
-    // Create cookie store if a cookie jar is specified
-    let maybe_cookie_store = match cookie_jar.clone() {
-        Some(CookieJar { id, .. }) => {
-            // NOTE: We need to refetch the cookie jar because a chained request might have
-            //  updated cookies when we rendered the request.
-            let cj = window.db().get_cookie_jar(&id)?;
-            let cookie_store = CookieStore::from_cookies(cj.cookies.clone());
-            Some((cookie_store, cj))
-        }
-        None => None,
-    };
-
-    let cached_client = connection_manager
-        .get_client(&HttpConnectionOptions {
-            id: plugin_context.id.clone(),
-            validate_certificates: workspace.setting_validate_certificates,
-            proxy: proxy_setting,
-            client_certificate,
-            dns_overrides: workspace.setting_dns_overrides.clone(),
-        })
-        .await?;
-
-    // Apply authentication to the request, racing against cancellation since
-    // auth plugins (e.g. OAuth2) can block indefinitely waiting for user action.
-    let mut cancel_rx = cancelled_rx.clone();
-    tokio::select! {
-        result = apply_authentication(
-            &window,
-            &mut sendable_request,
-            &request,
-            auth_context_id,
-            &plugin_manager,
-            plugin_context,
-        ) => result?,
-        _ = cancel_rx.changed() => {
-            return Err(GenericError("Request canceled".to_string()));
-        }
-    };
-
-    let cookie_store = maybe_cookie_store.as_ref().map(|(cs, _)| cs.clone());
-    let result = execute_transaction(
-        cached_client,
-        sendable_request,
-        response_ctx,
-        cancelled_rx.clone(),
-        cookie_store,
-    )
-    .await;
-
-    // Wait for blob writing to complete and check for errors
-    let final_result = match result {
-        Ok((response, maybe_blob_write_handle)) => {
-            // Check if blob writing failed
-            if let Some(handle) = maybe_blob_write_handle {
-                if let Ok(Err(e)) = handle.await {
-                    // Update response with the storage error
-                    let _ = response_ctx.update(|r| {
-                        let error_msg =
-                            format!("Request succeeded but failed to store request body: {}", e);
-                        r.error = Some(match &r.error {
-                            Some(existing) => format!("{}; {}", existing, error_msg),
-                            None => error_msg,
-                        });
-                    });
-                }
-            }
-            Ok(response)
-        }
-        Err(e) => Err(e),
-    };
-
-    // Persist cookies back to the database after the request completes
-    if let Some((cookie_store, mut cj)) = maybe_cookie_store {
-        let cookies = cookie_store.get_all_cookies();
-        cj.cookies = cookies;
-        if let Err(e) = window.db().upsert_cookie_jar(&cj, &UpdateSource::Background) {
-            warn!("Failed to persist cookies to database: {}", e);
-        }
-    }
-
-    final_result
+    Ok(result.response)
 }
 
 pub fn resolve_http_request<R: Runtime>(
@@ -328,395 +184,3 @@ pub fn resolve_http_request<R: Runtime>(
 
     Ok((new_request, authentication_context_id))
 }
-
-async fn execute_transaction<R: Runtime>(
-    cached_client: CachedClient,
-    mut sendable_request: SendableHttpRequest,
-    response_ctx: &mut ResponseContext<R>,
-    mut cancelled_rx: Receiver<bool>,
-    cookie_store: Option<CookieStore>,
-) -> Result<(HttpResponse, Option<tauri::async_runtime::JoinHandle<Result<()>>>)> {
-    let app_handle = &response_ctx.app_handle.clone();
-    let response_id = response_ctx.response().id.clone();
-    let workspace_id = response_ctx.response().workspace_id.clone();
-    let is_persisted = response_ctx.is_persisted();
-
-    // Keep a reference to the resolver for DNS timing events
-    let resolver = cached_client.resolver.clone();
-
-    let sender = ReqwestSender::with_client(cached_client.client);
-    let transaction = match cookie_store {
-        Some(cs) => HttpTransaction::with_cookie_store(sender, cs),
-        None => HttpTransaction::new(sender),
-    };
-    let start = Instant::now();
-
-    // Capture request headers before sending
-    let request_headers: Vec<HttpResponseHeader> = sendable_request
-        .headers
-        .iter()
-        .map(|(name, value)| HttpResponseHeader { name: name.clone(), value: value.clone() })
-        .collect();
-
-    // Update response with headers info
-    response_ctx.update(|r| {
-        r.url = sendable_request.url.clone();
-        r.request_headers = request_headers;
-    })?;
-
-    // Create bounded channel for receiving events and spawn a task to store them in DB
-    // Buffer size of 100 events provides back pressure if DB writes are slow
-    let (event_tx, mut event_rx) =
-        tokio::sync::mpsc::channel::<yaak_http::sender::HttpResponseEvent>(100);
-
-    // Set the event sender on the DNS resolver so it can emit DNS timing events
-    resolver.set_event_sender(Some(event_tx.clone())).await;
-
-    // Shared state to capture DNS timing from the event processing task
-    let dns_elapsed = Arc::new(AtomicI32::new(0));
-
-    // Write events to DB in a task (only for persisted responses)
-    if is_persisted {
-        let response_id = response_id.clone();
-        let app_handle = app_handle.clone();
-        let update_source = response_ctx.update_source.clone();
-        let workspace_id = workspace_id.clone();
-        let dns_elapsed = dns_elapsed.clone();
-        tokio::spawn(async move {
-            while let Some(event) = event_rx.recv().await {
-                // Capture DNS timing when we see a DNS event
-                if let yaak_http::sender::HttpResponseEvent::DnsResolved { duration, .. } = &event {
-                    dns_elapsed.store(*duration as i32, Ordering::SeqCst);
-                }
-                let db_event = HttpResponseEvent::new(&response_id, &workspace_id, event.into());
-                let _ = app_handle.db().upsert_http_response_event(&db_event, &update_source);
-            }
-        });
-    } else {
-        // For ephemeral responses, just drain the events but still capture DNS timing
-        let dns_elapsed = dns_elapsed.clone();
-        tokio::spawn(async move {
-            while let Some(event) = event_rx.recv().await {
-                if let yaak_http::sender::HttpResponseEvent::DnsResolved { duration, .. } = &event {
-                    dns_elapsed.store(*duration as i32, Ordering::SeqCst);
-                }
-            }
-        });
-    };
-
-    // Capture request body as it's sent (only for persisted responses)
-    let body_id = format!("{}.request", response_id);
-    let maybe_blob_write_handle = match sendable_request.body {
-        Some(SendableBody::Bytes(bytes)) => {
-            if is_persisted {
-                write_bytes_to_db_sync(response_ctx, &body_id, bytes.clone())?;
-            }
-            sendable_request.body = Some(SendableBody::Bytes(bytes));
-            None
-        }
-        Some(SendableBody::Stream { data: stream, content_length }) => {
-            // Wrap stream with TeeReader to capture data as it's read
-            // Use unbounded channel to ensure all data is captured without blocking the HTTP request
-            let (body_chunk_tx, body_chunk_rx) = tokio::sync::mpsc::unbounded_channel::<Vec<u8>>();
-            let tee_reader = TeeReader::new(stream, body_chunk_tx);
-            let pinned: Pin<Box<dyn AsyncRead + Send + 'static>> = Box::pin(tee_reader);
-
-            let handle = if is_persisted {
-                // Spawn task to write request body chunks to blob DB
-                let app_handle = app_handle.clone();
-                let response_id = response_id.clone();
-                let workspace_id = workspace_id.clone();
-                let body_id = body_id.clone();
-                let update_source = response_ctx.update_source.clone();
-                Some(tauri::async_runtime::spawn(async move {
-                    write_stream_chunks_to_db(
-                        app_handle,
-                        &body_id,
-                        &workspace_id,
-                        &response_id,
-                        &update_source,
-                        body_chunk_rx,
-                    )
-                    .await
-                }))
-            } else {
-                // For ephemeral responses, just drain the body chunks
-                tauri::async_runtime::spawn(async move {
-                    let mut rx = body_chunk_rx;
-                    while rx.recv().await.is_some() {}
-                });
-                None
-            };
-
-            sendable_request.body = Some(SendableBody::Stream { data: pinned, content_length });
-            handle
-        }
-        None => {
-            sendable_request.body = None;
-            None
-        }
-    };
-
-    // Execute the transaction with cancellation support
-    // This returns the response with headers, but body is not yet consumed
-    // Events (headers, settings, chunks) are sent through the channel
-    let mut http_response = transaction
-        .execute_with_cancellation(sendable_request, cancelled_rx.clone(), event_tx)
-        .await?;
-
-    // Prepare the response path before consuming the body
-    let body_path = if response_id.is_empty() {
-        // Ephemeral responses: use OS temp directory for automatic cleanup
-        let temp_dir = std::env::temp_dir().join("yaak-ephemeral-responses");
-        create_dir_all(&temp_dir).await?;
-        temp_dir.join(uuid::Uuid::new_v4().to_string())
-    } else {
-        // Persisted responses: use app data directory
-        let dir = app_handle.path().app_data_dir()?;
-        let base_dir = dir.join("responses");
-        create_dir_all(&base_dir).await?;
-        base_dir.join(&response_id)
-    };
-
-    // Extract metadata before consuming the body (headers are available immediately)
-    // Url might change, so update again
-    response_ctx.update(|r| {
-        r.body_path = Some(body_path.to_string_lossy().to_string());
-        r.elapsed_headers = start.elapsed().as_millis() as i32;
-        r.status = http_response.status as i32;
-        r.status_reason = http_response.status_reason.clone();
-        r.url = http_response.url.clone();
-        r.remote_addr = http_response.remote_addr.clone();
-        r.version = http_response.version.clone();
-        r.headers = http_response
-            .headers
-            .iter()
-            .map(|(name, value)| HttpResponseHeader { name: name.clone(), value: value.clone() })
-            .collect();
-        r.content_length = http_response.content_length.map(|l| l as i32);
-        r.state = HttpResponseState::Connected;
-        r.request_headers = http_response
-            .request_headers
-            .iter()
-            .map(|(n, v)| HttpResponseHeader { name: n.clone(), value: v.clone() })
-            .collect();
-    })?;
-
-    // Get the body stream for manual consumption
-    let mut body_stream = http_response.into_body_stream()?;
-
-    // Open file for writing
-    let mut file = File::options()
-        .create(true)
-        .truncate(true)
-        .write(true)
-        .open(&body_path)
-        .await
-        .map_err(|e| GenericError(format!("Failed to open file: {}", e)))?;
-
-    // Stream body to file, with throttled DB updates to avoid excessive writes
-    let mut written_bytes: usize = 0;
-    let mut last_update_time = start;
-    let mut buf = [0u8; 8192];
-
-    // Throttle settings: update DB at most every 100ms
-    const UPDATE_INTERVAL_MS: u128 = 100;
-
-    loop {
-        // Check for cancellation. If we already have headers/body, just close cleanly without error
-        if *cancelled_rx.borrow() {
-            break;
-        }
-
-        // Use select! to race between reading and cancellation, so cancellation is immediate
-        let read_result = tokio::select! {
-            biased;
-            _ = cancelled_rx.changed() => {
-                break;
-            }
-            result = body_stream.read(&mut buf) => result,
-        };
-
-        match read_result {
-            Ok(0) => break, // EOF
-            Ok(n) => {
-                file.write_all(&buf[..n])
-                    .await
-                    .map_err(|e| GenericError(format!("Failed to write to file: {}", e)))?;
-                file.flush()
-                    .await
-                    .map_err(|e| GenericError(format!("Failed to flush file: {}", e)))?;
-                written_bytes += n;
-
-                // Throttle DB updates: only update if enough time has passed
-                let now = Instant::now();
-                let elapsed_since_update = now.duration_since(last_update_time).as_millis();
-
-                if elapsed_since_update >= UPDATE_INTERVAL_MS {
-                    response_ctx.update(|r| {
-                        r.elapsed = start.elapsed().as_millis() as i32;
-                        r.content_length = Some(written_bytes as i32);
-                    })?;
-                    last_update_time = now;
-                }
-            }
-            Err(e) => {
-                return Err(GenericError(format!("Failed to read response body: {}", e)));
-            }
-        }
-    }
-
-    // Final update with closed state and accurate byte count
-    response_ctx.update(|r| {
-        r.elapsed = start.elapsed().as_millis() as i32;
-        r.elapsed_dns = dns_elapsed.load(Ordering::SeqCst);
-        r.content_length = Some(written_bytes as i32);
-        r.state = HttpResponseState::Closed;
-    })?;
-
-    // Clear the event sender from the resolver since this request is done
-    resolver.set_event_sender(None).await;
-
-    Ok((response_ctx.response().clone(), maybe_blob_write_handle))
-}
-
-fn write_bytes_to_db_sync<R: Runtime>(
-    response_ctx: &mut ResponseContext<R>,
-    body_id: &str,
-    data: Bytes,
-) -> Result<()> {
-    if data.is_empty() {
-        return Ok(());
-    }
-
-    // Write in chunks if data is large
-    let mut offset = 0;
-    let mut chunk_index = 0;
-    while offset < data.len() {
-        let end = std::cmp::min(offset + REQUEST_BODY_CHUNK_SIZE, data.len());
-        let chunk_data = data.slice(offset..end).to_vec();
-        let chunk = BodyChunk::new(body_id, chunk_index, chunk_data);
-        response_ctx.app_handle.blobs().insert_chunk(&chunk)?;
-        offset = end;
-        chunk_index += 1;
-    }
-
-    // Update the response with the total request body size
-    response_ctx.update(|r| {
-        r.request_content_length = Some(data.len() as i32);
-    })?;
-
-    Ok(())
-}
-
-async fn write_stream_chunks_to_db<R: Runtime>(
-    app_handle: AppHandle<R>,
-    body_id: &str,
-    workspace_id: &str,
-    response_id: &str,
-    update_source: &UpdateSource,
-    mut rx: tokio::sync::mpsc::UnboundedReceiver<Vec<u8>>,
-) -> Result<()> {
-    let mut buffer = Vec::with_capacity(REQUEST_BODY_CHUNK_SIZE);
-    let mut chunk_index = 0;
-    let mut total_bytes: usize = 0;
-
-    while let Some(data) = rx.recv().await {
-        total_bytes += data.len();
-        buffer.extend_from_slice(&data);
-
-        // Flush when buffer reaches chunk size
-        while buffer.len() >= REQUEST_BODY_CHUNK_SIZE {
-            debug!("Writing chunk {chunk_index} to DB");
-            let chunk_data: Vec<u8> = buffer.drain(..REQUEST_BODY_CHUNK_SIZE).collect();
-            let chunk = BodyChunk::new(body_id, chunk_index, chunk_data);
-            app_handle.blobs().insert_chunk(&chunk)?;
-            app_handle.db().upsert_http_response_event(
-                &HttpResponseEvent::new(
-                    response_id,
-                    workspace_id,
-                    yaak_http::sender::HttpResponseEvent::ChunkSent {
-                        bytes: REQUEST_BODY_CHUNK_SIZE,
-                    }
-                    .into(),
-                ),
-                update_source,
-            )?;
-            chunk_index += 1;
-        }
-    }
-
-    // Flush remaining data
-    if !buffer.is_empty() {
-        let chunk = BodyChunk::new(body_id, chunk_index, buffer);
-        debug!("Flushing remaining data {chunk_index} {}", chunk.data.len());
-        app_handle.blobs().insert_chunk(&chunk)?;
-        app_handle.db().upsert_http_response_event(
-            &HttpResponseEvent::new(
-                response_id,
-                workspace_id,
-                yaak_http::sender::HttpResponseEvent::ChunkSent { bytes: chunk.data.len() }.into(),
-            ),
-            update_source,
-        )?;
-    }
-
-    // Update the response with the total request body size
-    app_handle.with_tx(|tx| {
-        debug!("Updating final body length {total_bytes}");
-        if let Ok(mut response) = tx.get_http_response(&response_id) {
-            response.request_content_length = Some(total_bytes as i32);
-            tx.update_http_response_if_id(&response, update_source)?;
-        }
-        Ok(())
-    })?;
-
-    Ok(())
-}
-
-async fn apply_authentication<R: Runtime>(
-    _window: &WebviewWindow<R>,
-    sendable_request: &mut SendableHttpRequest,
-    request: &HttpRequest,
-    auth_context_id: String,
-    plugin_manager: &PluginManager,
-    plugin_context: &PluginContext,
-) -> Result<()> {
-    match &request.authentication_type {
-        None => {
-            // No authentication found. Not even inherited
-        }
-        Some(authentication_type) if authentication_type == "none" => {
-            // Explicitly no authentication
-        }
-        Some(authentication_type) => {
-            let req = CallHttpAuthenticationRequest {
-                context_id: format!("{:x}", md5::compute(auth_context_id)),
-                values: serde_json::from_value(serde_json::to_value(&request.authentication)?)?,
-                url: sendable_request.url.clone(),
-                method: sendable_request.method.clone(),
-                headers: sendable_request
-                    .headers
-                    .iter()
-                    .map(|(name, value)| HttpHeader {
-                        name: name.to_string(),
-                        value: value.to_string(),
-                    })
-                    .collect(),
-            };
-            let plugin_result = plugin_manager
-                .call_http_authentication(plugin_context, &authentication_type, req)
-                .await?;
-
-            for header in plugin_result.set_headers.unwrap_or_default() {
-                sendable_request.insert_header((header.name, header.value));
-            }
-
-            if let Some(params) = plugin_result.set_query_parameters {
-                let params = params.into_iter().map(|p| (p.name, p.value)).collect::<Vec<_>>();
-                sendable_request.url = append_query_params(&sendable_request.url, params);
-            }
-        }
-    }
-    Ok(())
-}

crates-tauri/yaak-app/src/lib.rs

@@ -1095,13 +1095,9 @@ async fn cmd_get_http_authentication_config<R: Runtime>(
 
     // Convert HashMap<String, JsonPrimitive> to serde_json::Value for rendering
     let values_json: serde_json::Value = serde_json::to_value(&values)?;
-    let rendered_json = render_json_value(
-        values_json,
-        environment_chain,
-        &cb,
-        &RenderOptions::return_empty(),
-    )
-    .await?;
+    let rendered_json =
+        render_json_value(values_json, environment_chain, &cb, &RenderOptions::return_empty())
+            .await?;
 
     // Convert back to HashMap<String, JsonPrimitive>
     let rendered_values: HashMap<String, JsonPrimitive> = serde_json::from_value(rendered_json)?;

crates-tauri/yaak-app/src/models_ext.rs

@@ -3,6 +3,9 @@
 //! This module provides the Tauri plugin initialization and extension traits
 //! that allow accessing QueryManager and BlobManager from Tauri's Manager types.
 
+use chrono::Utc;
+use log::error;
+use std::time::Duration;
 use tauri::plugin::TauriPlugin;
 use tauri::{Emitter, Manager, Runtime, State};
 use tauri_plugin_dialog::{DialogExt, MessageDialogKind};
@@ -13,6 +16,74 @@ use yaak_models::models::{AnyModel, GraphQlIntrospection, GrpcEvent, Settings, W
 use yaak_models::query_manager::QueryManager;
 use yaak_models::util::UpdateSource;
 
+const MODEL_CHANGES_RETENTION_HOURS: i64 = 1;
+const MODEL_CHANGES_POLL_INTERVAL_MS: u64 = 1000;
+const MODEL_CHANGES_POLL_BATCH_SIZE: usize = 200;
+
+struct ModelChangeCursor {
+    created_at: String,
+    id: i64,
+}
+
+impl ModelChangeCursor {
+    fn from_launch_time() -> Self {
+        Self {
+            created_at: Utc::now().naive_utc().format("%Y-%m-%d %H:%M:%S%.3f").to_string(),
+            id: 0,
+        }
+    }
+}
+
+fn drain_model_changes_batch<R: Runtime>(
+    query_manager: &QueryManager,
+    app_handle: &tauri::AppHandle<R>,
+    cursor: &mut ModelChangeCursor,
+) -> bool {
+    let changes = match query_manager.connect().list_model_changes_since(
+        &cursor.created_at,
+        cursor.id,
+        MODEL_CHANGES_POLL_BATCH_SIZE,
+    ) {
+        Ok(changes) => changes,
+        Err(err) => {
+            error!("Failed to poll model_changes rows: {err:?}");
+            return false;
+        }
+    };
+
+    if changes.is_empty() {
+        return false;
+    }
+
+    let fetched_count = changes.len();
+    for change in changes {
+        cursor.created_at = change.created_at;
+        cursor.id = change.id;
+
+        // Local window-originated writes are forwarded immediately from the
+        // in-memory model event channel.
+        if matches!(change.payload.update_source, UpdateSource::Window { .. }) {
+            continue;
+        }
+        if let Err(err) = app_handle.emit("model_write", change.payload) {
+            error!("Failed to emit model_write event: {err:?}");
+        }
+    }
+
+    fetched_count == MODEL_CHANGES_POLL_BATCH_SIZE
+}
+
+async fn run_model_change_poller<R: Runtime>(
+    query_manager: QueryManager,
+    app_handle: tauri::AppHandle<R>,
+    mut cursor: ModelChangeCursor,
+) {
+    loop {
+        while drain_model_changes_batch(&query_manager, &app_handle, &mut cursor) {}
+        tokio::time::sleep(Duration::from_millis(MODEL_CHANGES_POLL_INTERVAL_MS)).await;
+    }
+}
+
 /// Extension trait for accessing the QueryManager from Tauri Manager types.
 pub trait QueryManagerExt<'a, R> {
     fn db_manager(&'a self) -> State<'a, QueryManager>;
@@ -262,14 +333,37 @@ pub fn init<R: Runtime>() -> TauriPlugin<R> {
                     }
                 };
 
+            let db = query_manager.connect();
+            if let Err(err) = db.prune_model_changes_older_than_hours(MODEL_CHANGES_RETENTION_HOURS)
+            {
+                error!("Failed to prune model_changes rows on startup: {err:?}");
+            }
+            // Only stream writes that happen after this app launch.
+            let cursor = ModelChangeCursor::from_launch_time();
+
+            let poll_query_manager = query_manager.clone();
+
             app_handle.manage(query_manager);
             app_handle.manage(blob_manager);
 
-            // Forward model change events to the frontend
-            let app_handle = app_handle.clone();
+            // Poll model_changes so all writers (including external CLI processes) update the UI.
+            let app_handle_poll = app_handle.clone();
+            let query_manager = poll_query_manager;
+            tauri::async_runtime::spawn(async move {
+                run_model_change_poller(query_manager, app_handle_poll, cursor).await;
+            });
+
+            // Fast path for local app writes initiated by frontend windows. This keeps the
+            // current sync-model UX snappy, while DB polling handles external writers (CLI).
+            let app_handle_local = app_handle.clone();
             tauri::async_runtime::spawn(async move {
                 for payload in rx {
-                    app_handle.emit("model_write", payload).unwrap();
+                    if !matches!(payload.update_source, UpdateSource::Window { .. }) {
+                        continue;
+                    }
+                    if let Err(err) = app_handle_local.emit("model_write", payload) {
+                        error!("Failed to emit local model_write event: {err:?}");
+                    }
                 }
             });
 

crates-tauri/yaak-app/src/notifications.rs

@@ -8,9 +8,9 @@ use serde::{Deserialize, Serialize};
 use std::time::Instant;
 use tauri::{AppHandle, Emitter, Manager, Runtime, WebviewWindow};
 use ts_rs::TS;
+use yaak_api::yaak_api_client;
 use yaak_common::platform::get_os_str;
 use yaak_models::util::UpdateSource;
-use yaak_tauri_utils::api_client::yaak_api_client;
 
 // Check for updates every hour
 const MAX_UPDATE_CHECK_SECONDS: u64 = 60 * 60;
@@ -101,7 +101,8 @@ impl YaakNotifier {
         let license_check = "disabled".to_string();
 
         let launch_info = get_or_upsert_launch_info(app_handle);
-        let req = yaak_api_client(app_handle)?
+        let app_version = app_handle.package_info().version.to_string();
+        let req = yaak_api_client(&app_version)?
             .request(Method::GET, "https://notify.yaak.app/notifications")
             .query(&[
                 ("version", &launch_info.current_version),

crates-tauri/yaak-app/src/plugin_events.rs

@@ -15,18 +15,20 @@ use std::sync::Arc;
 use tauri::{AppHandle, Emitter, Listener, Manager, Runtime};
 use tauri_plugin_clipboard_manager::ClipboardExt;
 use tauri_plugin_opener::OpenerExt;
+use yaak::plugin_events::{
+    GroupedPluginEvent, HostRequest, SharedPluginEventContext, handle_shared_plugin_event,
+};
 use yaak_crypto::manager::EncryptionManager;
 use yaak_models::models::{AnyModel, HttpResponse, Plugin};
 use yaak_models::queries::any_request::AnyRequest;
 use yaak_models::util::UpdateSource;
 use yaak_plugins::error::Error::PluginErr;
 use yaak_plugins::events::{
-    Color, DeleteKeyValueResponse, EmptyPayload, ErrorResponse, FindHttpResponsesResponse,
-    GetCookieValueResponse, GetHttpRequestByIdResponse, GetKeyValueResponse, Icon, InternalEvent,
-    InternalEventPayload, ListCookieNamesResponse, ListHttpRequestsResponse,
-    ListWorkspacesResponse, RenderGrpcRequestResponse, RenderHttpRequestResponse,
-    SendHttpRequestResponse, SetKeyValueResponse, ShowToastRequest, TemplateRenderResponse,
-    WindowInfoResponse, WindowNavigateEvent, WorkspaceInfo,
+    Color, EmptyPayload, ErrorResponse, FindHttpResponsesResponse, GetCookieValueResponse, Icon,
+    InternalEvent, InternalEventPayload, ListCookieNamesResponse, ListOpenWorkspacesResponse,
+    RenderGrpcRequestResponse, RenderHttpRequestResponse, SendHttpRequestResponse,
+    ShowToastRequest, TemplateRenderResponse, WindowInfoResponse, WindowNavigateEvent,
+    WorkspaceInfo,
 };
 use yaak_plugins::manager::PluginManager;
 use yaak_plugins::plugin_handle::PluginHandle;
@@ -41,30 +43,112 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
 ) -> Result<Option<InternalEventPayload>> {
     // log::debug!("Got event to app {event:?}");
     let plugin_context = event.context.to_owned();
-    match event.clone().payload {
-        InternalEventPayload::CopyTextRequest(req) => {
+    let plugin_name = plugin_handle.info().name;
+    let fallback_workspace_id = plugin_context.workspace_id.clone().or_else(|| {
+        plugin_context
+            .label
+            .as_ref()
+            .and_then(|label| app_handle.get_webview_window(label))
+            .and_then(|window| workspace_from_window(&window).map(|workspace| workspace.id))
+    });
+
+    match handle_shared_plugin_event(
+        app_handle.db_manager().inner(),
+        &event.payload,
+        SharedPluginEventContext {
+            plugin_name: &plugin_name,
+            workspace_id: fallback_workspace_id.as_deref(),
+        },
+    ) {
+        GroupedPluginEvent::Handled(payload) => Ok(payload),
+        GroupedPluginEvent::ToHandle(host_request) => {
+            handle_host_plugin_request(
+                app_handle,
+                event,
+                plugin_handle,
+                &plugin_context,
+                host_request,
+            )
+            .await
+        }
+    }
+}
+
+async fn handle_host_plugin_request<R: Runtime>(
+    app_handle: &AppHandle<R>,
+    event: &InternalEvent,
+    plugin_handle: &PluginHandle,
+    plugin_context: &yaak_plugins::events::PluginContext,
+    host_request: HostRequest<'_>,
+) -> Result<Option<InternalEventPayload>> {
+    match host_request {
+        HostRequest::ErrorResponse(resp) => {
+            error!("Plugin error: {}: {:?}", resp.error, resp);
+            let toast_event = plugin_handle.build_event_to_send(
+                plugin_context,
+                &InternalEventPayload::ShowToastRequest(ShowToastRequest {
+                    message: format!(
+                        "Plugin error from {}: {}",
+                        plugin_handle.info().name,
+                        resp.error
+                    ),
+                    color: Some(Color::Danger),
+                    timeout: Some(30000),
+                    ..Default::default()
+                }),
+                None,
+            );
+            Box::pin(handle_plugin_event(app_handle, &toast_event, plugin_handle)).await
+        }
+        HostRequest::ReloadResponse(req) => {
+            let plugins = app_handle.db().list_plugins()?;
+            for plugin in plugins {
+                if plugin.directory != plugin_handle.dir {
+                    continue;
+                }
+
+                let new_plugin = Plugin { updated_at: Utc::now().naive_utc(), ..plugin };
+                app_handle.db().upsert_plugin(&new_plugin, &UpdateSource::Plugin)?;
+            }
+
+            if !req.silent {
+                let info = plugin_handle.info();
+                let toast_event = plugin_handle.build_event_to_send(
+                    plugin_context,
+                    &InternalEventPayload::ShowToastRequest(ShowToastRequest {
+                        message: format!("Reloaded plugin {}@{}", info.name, info.version),
+                        icon: Some(Icon::Info),
+                        timeout: Some(3000),
+                        ..Default::default()
+                    }),
+                    None,
+                );
+                Box::pin(handle_plugin_event(app_handle, &toast_event, plugin_handle)).await
+            } else {
+                Ok(None)
+            }
+        }
+        HostRequest::CopyText(req) => {
             app_handle.clipboard().write_text(req.text.as_str())?;
             Ok(Some(InternalEventPayload::CopyTextResponse(EmptyPayload {})))
         }
-        InternalEventPayload::ShowToastRequest(req) => {
-            match plugin_context.label {
+        HostRequest::ShowToast(req) => {
+            match &plugin_context.label {
                 Some(label) => app_handle.emit_to(label, "show_toast", req)?,
                 None => app_handle.emit("show_toast", req)?,
             };
             Ok(Some(InternalEventPayload::ShowToastResponse(EmptyPayload {})))
         }
-        InternalEventPayload::PromptTextRequest(_) => {
-            let window = get_window_from_plugin_context(app_handle, &plugin_context)?;
+        HostRequest::PromptText(_) => {
+            let window = get_window_from_plugin_context(app_handle, plugin_context)?;
             Ok(call_frontend(&window, event).await)
         }
-        InternalEventPayload::PromptFormRequest(_) => {
-            let window = get_window_from_plugin_context(app_handle, &plugin_context)?;
+        HostRequest::PromptForm(_) => {
+            let window = get_window_from_plugin_context(app_handle, plugin_context)?;
             if event.reply_id.is_some() {
-                // Follow-up update from plugin runtime with resolved inputs — forward to frontend
                 window.emit_to(window.label(), "plugin_event", event.clone())?;
                 Ok(None)
             } else {
-                // Initial request — set up bidirectional communication
                 window.emit_to(window.label(), "plugin_event", event.clone()).unwrap();
 
                 let event_id = event.id.clone();
@@ -72,17 +156,14 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
                 let plugin_context = plugin_context.clone();
                 let window = window.clone();
 
-                // Spawn async task to handle bidirectional form communication
                 tauri::async_runtime::spawn(async move {
                     let (tx, mut rx) = tokio::sync::mpsc::channel::<InternalEvent>(128);
 
-                    // Listen for replies from the frontend
                     let listener_id = window.listen(event_id, move |ev: tauri::Event| {
                         let resp: InternalEvent = serde_json::from_str(ev.payload()).unwrap();
                         let _ = tx.try_send(resp);
                     });
 
-                    // Forward each reply to the plugin runtime
                     while let Some(resp) = rx.recv().await {
                         let is_done = matches!(
                             &resp.payload,
@@ -109,7 +190,7 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
                 Ok(None)
             }
         }
-        InternalEventPayload::FindHttpResponsesRequest(req) => {
+        HostRequest::FindHttpResponses(req) => {
             let http_responses = app_handle
                 .db()
                 .list_http_responses_for_request(&req.request_id, req.limit.map(|l| l as u64))
@@ -118,32 +199,7 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
                 http_responses,
             })))
         }
-        InternalEventPayload::ListHttpRequestsRequest(req) => {
-            let w = get_window_from_plugin_context(app_handle, &plugin_context)?;
-            let workspace = workspace_from_window(&w)
-                .ok_or(PluginErr("Failed to get workspace from window".into()))?;
-
-            let http_requests = if let Some(folder_id) = req.folder_id {
-                app_handle.db().list_http_requests_for_folder_recursive(&folder_id)?
-            } else {
-                app_handle.db().list_http_requests(&workspace.id)?
-            };
-
-            Ok(Some(InternalEventPayload::ListHttpRequestsResponse(ListHttpRequestsResponse {
-                http_requests,
-            })))
-        }
-        InternalEventPayload::ListFoldersRequest(_req) => {
-            let w = get_window_from_plugin_context(app_handle, &plugin_context)?;
-            let workspace = workspace_from_window(&w)
-                .ok_or(PluginErr("Failed to get workspace from window".into()))?;
-            let folders = app_handle.db().list_folders(&workspace.id)?;
-
-            Ok(Some(InternalEventPayload::ListFoldersResponse(
-                yaak_plugins::events::ListFoldersResponse { folders },
-            )))
-        }
-        InternalEventPayload::UpsertModelRequest(req) => {
+        HostRequest::UpsertModel(req) => {
             use AnyModel::*;
             let model = match &req.model {
                 HttpRequest(m) => {
@@ -171,7 +227,7 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
                 yaak_plugins::events::UpsertModelResponse { model },
             )))
         }
-        InternalEventPayload::DeleteModelRequest(req) => {
+        HostRequest::DeleteModel(req) => {
             let model = match req.model.as_str() {
                 "http_request" => AnyModel::HttpRequest(
                     app_handle.db().delete_http_request_by_id(&req.id, &UpdateSource::Plugin)?,
@@ -199,14 +255,8 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
                 yaak_plugins::events::DeleteModelResponse { model },
             )))
         }
-        InternalEventPayload::GetHttpRequestByIdRequest(req) => {
-            let http_request = app_handle.db().get_http_request(&req.id).ok();
-            Ok(Some(InternalEventPayload::GetHttpRequestByIdResponse(GetHttpRequestByIdResponse {
-                http_request,
-            })))
-        }
-        InternalEventPayload::RenderGrpcRequestRequest(req) => {
-            let window = get_window_from_plugin_context(app_handle, &plugin_context)?;
+        HostRequest::RenderGrpcRequest(req) => {
+            let window = get_window_from_plugin_context(app_handle, plugin_context)?;
 
             let workspace =
                 workspace_from_window(&window).expect("Failed to get workspace_id from window URL");
@@ -221,8 +271,8 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
             let cb = PluginTemplateCallback::new(
                 plugin_manager,
                 encryption_manager,
-                &plugin_context,
-                req.purpose,
+                plugin_context,
+                req.purpose.clone(),
             );
             let opt = RenderOptions { error_behavior: RenderErrorBehavior::Throw };
             let grpc_request =
@@ -231,8 +281,8 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
                 grpc_request,
             })))
         }
-        InternalEventPayload::RenderHttpRequestRequest(req) => {
-            let window = get_window_from_plugin_context(app_handle, &plugin_context)?;
+        HostRequest::RenderHttpRequest(req) => {
+            let window = get_window_from_plugin_context(app_handle, plugin_context)?;
 
             let workspace =
                 workspace_from_window(&window).expect("Failed to get workspace_id from window URL");
@@ -247,18 +297,18 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
             let cb = PluginTemplateCallback::new(
                 plugin_manager,
                 encryption_manager,
-                &plugin_context,
-                req.purpose,
+                plugin_context,
+                req.purpose.clone(),
             );
             let opt = &RenderOptions { error_behavior: RenderErrorBehavior::Throw };
             let http_request =
-                render_http_request(&req.http_request, environment_chain, &cb, &opt).await?;
+                render_http_request(&req.http_request, environment_chain, &cb, opt).await?;
             Ok(Some(InternalEventPayload::RenderHttpRequestResponse(RenderHttpRequestResponse {
                 http_request,
             })))
         }
-        InternalEventPayload::TemplateRenderRequest(req) => {
-            let window = get_window_from_plugin_context(app_handle, &plugin_context)?;
+        HostRequest::TemplateRender(req) => {
+            let window = get_window_from_plugin_context(app_handle, plugin_context)?;
 
             let workspace =
                 workspace_from_window(&window).expect("Failed to get workspace_id from window URL");
@@ -283,65 +333,16 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
             let cb = PluginTemplateCallback::new(
                 plugin_manager,
                 encryption_manager,
-                &plugin_context,
-                req.purpose,
+                plugin_context,
+                req.purpose.clone(),
             );
             let opt = RenderOptions { error_behavior: RenderErrorBehavior::Throw };
-            let data = render_json_value(req.data, environment_chain, &cb, &opt).await?;
+            let data = render_json_value(req.data.clone(), environment_chain, &cb, &opt).await?;
             Ok(Some(InternalEventPayload::TemplateRenderResponse(TemplateRenderResponse { data })))
         }
-        InternalEventPayload::ErrorResponse(resp) => {
-            error!("Plugin error: {}: {:?}", resp.error, resp);
-            let toast_event = plugin_handle.build_event_to_send(
-                &plugin_context,
-                &InternalEventPayload::ShowToastRequest(ShowToastRequest {
-                    message: format!(
-                        "Plugin error from {}: {}",
-                        plugin_handle.info().name,
-                        resp.error
-                    ),
-                    color: Some(Color::Danger),
-                    timeout: Some(30000),
-                    ..Default::default()
-                }),
-                None,
-            );
-            Box::pin(handle_plugin_event(app_handle, &toast_event, plugin_handle)).await
-        }
-        InternalEventPayload::ReloadResponse(req) => {
-            let plugins = app_handle.db().list_plugins()?;
-            for plugin in plugins {
-                if plugin.directory != plugin_handle.dir {
-                    continue;
-                }
-
-                let new_plugin = Plugin {
-                    updated_at: Utc::now().naive_utc(), // TODO: Add reloaded_at field to use instead
-                    ..plugin
-                };
-                app_handle.db().upsert_plugin(&new_plugin, &UpdateSource::Plugin)?;
-            }
-
-            if !req.silent {
-                let info = plugin_handle.info();
-                let toast_event = plugin_handle.build_event_to_send(
-                    &plugin_context,
-                    &InternalEventPayload::ShowToastRequest(ShowToastRequest {
-                        message: format!("Reloaded plugin {}@{}", info.name, info.version),
-                        icon: Some(Icon::Info),
-                        timeout: Some(3000),
-                        ..Default::default()
-                    }),
-                    None,
-                );
-                Box::pin(handle_plugin_event(app_handle, &toast_event, plugin_handle)).await
-            } else {
-                Ok(None)
-            }
-        }
-        InternalEventPayload::SendHttpRequestRequest(req) => {
-            let window = get_window_from_plugin_context(app_handle, &plugin_context)?;
-            let mut http_request = req.http_request;
+        HostRequest::SendHttpRequest(req) => {
+            let window = get_window_from_plugin_context(app_handle, plugin_context)?;
+            let mut http_request = req.http_request.clone();
             let workspace =
                 workspace_from_window(&window).expect("Failed to get workspace_id from window URL");
             let cookie_jar = cookie_jar_from_window(&window);
@@ -361,7 +362,7 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
                         workspace_id: http_request.workspace_id.clone(),
                         ..Default::default()
                     },
-                    &UpdateSource::Plugin,
+                    &UpdateSource::from_window_label(window.label()),
                     &blobs,
                 )?
             };
@@ -372,8 +373,8 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
                 &http_response,
                 environment,
                 cookie_jar,
-                &mut tokio::sync::watch::channel(false).1, // No-op cancel channel
-                &plugin_context,
+                &mut tokio::sync::watch::channel(false).1,
+                plugin_context,
             )
             .await?;
 
@@ -381,7 +382,7 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
                 http_response,
             })))
         }
-        InternalEventPayload::OpenWindowRequest(req) => {
+        HostRequest::OpenWindow(req) => {
             let (navigation_tx, mut navigation_rx) = tokio::sync::mpsc::channel(128);
             let (close_tx, mut close_rx) = tokio::sync::mpsc::channel(128);
             let win_config = CreateWindowConfig {
@@ -396,7 +397,7 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
             };
             if let Err(e) = create_window(app_handle, win_config) {
                 let error_event = plugin_handle.build_event_to_send(
-                    &plugin_context,
+                    plugin_context,
                     &InternalEventPayload::ErrorResponse(ErrorResponse {
                         error: format!("Failed to create window: {:?}", e),
                     }),
@@ -414,7 +415,7 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
                     while let Some(url) = navigation_rx.recv().await {
                         let url = url.to_string();
                         let event_to_send = plugin_handle.build_event_to_send(
-                            &plugin_context, // NOTE: Sending existing context on purpose here
+                            &plugin_context,
                             &InternalEventPayload::WindowNavigateEvent(WindowNavigateEvent { url }),
                             Some(event_id.clone()),
                         );
@@ -428,7 +429,7 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
                 let plugin_handle = plugin_handle.clone();
                 let plugin_context = plugin_context.clone();
                 tauri::async_runtime::spawn(async move {
-                    while let Some(_) = close_rx.recv().await {
+                    while close_rx.recv().await.is_some() {
                         let event_to_send = plugin_handle.build_event_to_send(
                             &plugin_context,
                             &InternalEventPayload::WindowCloseEvent,
@@ -441,35 +442,33 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
 
             Ok(None)
         }
-        InternalEventPayload::CloseWindowRequest(req) => {
+        HostRequest::CloseWindow(req) => {
             if let Some(window) = app_handle.webview_windows().get(&req.label) {
                 window.close()?;
             }
             Ok(None)
         }
-        InternalEventPayload::OpenExternalUrlRequest(req) => {
+        HostRequest::OpenExternalUrl(req) => {
             app_handle.opener().open_url(&req.url, None::<&str>)?;
             Ok(Some(InternalEventPayload::OpenExternalUrlResponse(EmptyPayload {})))
         }
-        InternalEventPayload::SetKeyValueRequest(req) => {
-            let name = plugin_handle.info().name;
-            app_handle.db().set_plugin_key_value(&name, &req.key, &req.value);
-            Ok(Some(InternalEventPayload::SetKeyValueResponse(SetKeyValueResponse {})))
-        }
-        InternalEventPayload::GetKeyValueRequest(req) => {
-            let name = plugin_handle.info().name;
-            let value = app_handle.db().get_plugin_key_value(&name, &req.key).map(|v| v.value);
-            Ok(Some(InternalEventPayload::GetKeyValueResponse(GetKeyValueResponse { value })))
-        }
-        InternalEventPayload::DeleteKeyValueRequest(req) => {
-            let name = plugin_handle.info().name;
-            let deleted = app_handle.db().delete_plugin_key_value(&name, &req.key)?;
-            Ok(Some(InternalEventPayload::DeleteKeyValueResponse(DeleteKeyValueResponse {
-                deleted,
+        HostRequest::ListOpenWorkspaces(_) => {
+            let mut workspaces = Vec::new();
+            for (_, window) in app_handle.webview_windows() {
+                if let Some(workspace) = workspace_from_window(&window) {
+                    workspaces.push(WorkspaceInfo {
+                        id: workspace.id.clone(),
+                        name: workspace.name.clone(),
+                        label: window.label().to_string(),
+                    });
+                }
+            }
+            Ok(Some(InternalEventPayload::ListOpenWorkspacesResponse(ListOpenWorkspacesResponse {
+                workspaces,
             })))
         }
-        InternalEventPayload::ListCookieNamesRequest(_req) => {
-            let window = get_window_from_plugin_context(app_handle, &plugin_context)?;
+        HostRequest::ListCookieNames(_) => {
+            let window = get_window_from_plugin_context(app_handle, plugin_context)?;
             let names = match cookie_jar_from_window(&window) {
                 None => Vec::new(),
                 Some(j) => j
@@ -482,8 +481,8 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
                 names,
             })))
         }
-        InternalEventPayload::GetCookieValueRequest(req) => {
-            let window = get_window_from_plugin_context(app_handle, &plugin_context)?;
+        HostRequest::GetCookieValue(req) => {
+            let window = get_window_from_plugin_context(app_handle, plugin_context)?;
             let value = match cookie_jar_from_window(&window) {
                 None => None,
                 Some(j) => j.cookies.into_iter().find_map(|c| match Cookie::parse(c.raw_cookie) {
@@ -495,12 +494,11 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
             };
             Ok(Some(InternalEventPayload::GetCookieValueResponse(GetCookieValueResponse { value })))
         }
-        InternalEventPayload::WindowInfoRequest(req) => {
+        HostRequest::WindowInfo(req) => {
             let w = app_handle
                 .get_webview_window(&req.label)
                 .ok_or(PluginErr(format!("Failed to find window for {}", req.label)))?;
 
-            // Actually look up the data so we never return an invalid ID
             let environment_id = environment_from_window(&w).map(|m| m.id);
             let workspace_id = workspace_from_window(&w).map(|m| m.id);
             let request_id =
@@ -518,25 +516,13 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
                 environment_id,
             })))
         }
-
-        InternalEventPayload::ListWorkspacesRequest(_) => {
-            let mut workspaces = Vec::new();
-
-            for (_, window) in app_handle.webview_windows() {
-                if let Some(workspace) = workspace_from_window(&window) {
-                    workspaces.push(WorkspaceInfo {
-                        id: workspace.id.clone(),
-                        name: workspace.name.clone(),
-                        label: window.label().to_string(),
-                    });
-                }
-            }
-
-            Ok(Some(InternalEventPayload::ListWorkspacesResponse(ListWorkspacesResponse {
-                workspaces,
+        HostRequest::OtherRequest(req) => {
+            Ok(Some(InternalEventPayload::ErrorResponse(ErrorResponse {
+                error: format!(
+                    "Unsupported plugin request in app host handler: {}",
+                    req.type_name()
+                ),
             })))
         }
-
-        _ => Ok(None),
     }
 }

crates-tauri/yaak-app/src/plugins_ext.rs

@@ -21,17 +21,16 @@ use tauri::{
 };
 use tokio::sync::Mutex;
 use ts_rs::TS;
+use yaak_api::yaak_api_client;
 use yaak_models::models::Plugin;
-use yaak_models::util::UpdateSource;
 use yaak_plugins::api::{
     PluginNameVersion, PluginSearchResponse, PluginUpdatesResponse, check_plugin_updates,
     search_plugins,
 };
-use yaak_plugins::events::{Color, Icon, PluginContext, ShowToastRequest};
+use yaak_plugins::events::PluginContext;
 use yaak_plugins::install::{delete_and_uninstall, download_and_install};
 use yaak_plugins::manager::PluginManager;
 use yaak_plugins::plugin_meta::get_plugin_meta;
-use yaak_tauri_utils::api_client::yaak_api_client;
 
 static EXITING: AtomicBool = AtomicBool::new(false);
 
@@ -72,7 +71,8 @@ impl PluginUpdater {
 
         info!("Checking for plugin updates");
 
-        let http_client = yaak_api_client(window.app_handle())?;
+        let app_version = window.app_handle().package_info().version.to_string();
+        let http_client = yaak_api_client(&app_version)?;
         let plugins = window.app_handle().db().list_plugins()?;
         let updates = check_plugin_updates(&http_client, plugins.clone()).await?;
 
@@ -136,7 +136,8 @@ pub async fn cmd_plugins_search<R: Runtime>(
     app_handle: AppHandle<R>,
     query: &str,
 ) -> Result<PluginSearchResponse> {
-    let http_client = yaak_api_client(&app_handle)?;
+    let app_version = app_handle.package_info().version.to_string();
+    let http_client = yaak_api_client(&app_version)?;
     Ok(search_plugins(&http_client, query).await?)
 }
 
@@ -147,7 +148,8 @@ pub async fn cmd_plugins_install<R: Runtime>(
     version: Option<String>,
 ) -> Result<()> {
     let plugin_manager = Arc::new((*window.state::<PluginManager>()).clone());
-    let http_client = yaak_api_client(window.app_handle())?;
+    let app_version = window.app_handle().package_info().version.to_string();
+    let http_client = yaak_api_client(&app_version)?;
     let query_manager = window.state::<yaak_models::query_manager::QueryManager>();
     let plugin_context = window.plugin_context();
     download_and_install(
@@ -177,7 +179,8 @@ pub async fn cmd_plugins_uninstall<R: Runtime>(
 pub async fn cmd_plugins_updates<R: Runtime>(
     app_handle: AppHandle<R>,
 ) -> Result<PluginUpdatesResponse> {
-    let http_client = yaak_api_client(&app_handle)?;
+    let app_version = app_handle.package_info().version.to_string();
+    let http_client = yaak_api_client(&app_version)?;
     let plugins = app_handle.db().list_plugins()?;
     Ok(check_plugin_updates(&http_client, plugins).await?)
 }
@@ -186,7 +189,8 @@ pub async fn cmd_plugins_updates<R: Runtime>(
 pub async fn cmd_plugins_update_all<R: Runtime>(
     window: WebviewWindow<R>,
 ) -> Result<Vec<PluginNameVersion>> {
-    let http_client = yaak_api_client(window.app_handle())?;
+    let app_version = window.app_handle().package_info().version.to_string();
+    let http_client = yaak_api_client(&app_version)?;
     let plugins = window.db().list_plugins()?;
 
     // Get list of available updates (already filtered to only registry plugins)
@@ -263,6 +267,8 @@ pub fn init<R: Runtime>() -> TauriPlugin<R> {
                 .join("index.cjs");
 
             let dev_mode = is_dev();
+            let query_manager =
+                app_handle.state::<yaak_models::query_manager::QueryManager>().inner().clone();
 
             // Create plugin manager asynchronously
             let app_handle_clone = app_handle.clone();
@@ -272,53 +278,12 @@ pub fn init<R: Runtime>() -> TauriPlugin<R> {
                     installed_plugin_dir,
                     node_bin_path,
                     plugin_runtime_main,
+                    &query_manager,
+                    &PluginContext::new_empty(),
                     dev_mode,
                 )
-                .await;
-
-                // Initialize all plugins after manager is created
-                let bundled_dirs = manager
-                    .list_bundled_plugin_dirs()
-                    .await
-                    .expect("Failed to list bundled plugins");
-
-                // Ensure all bundled plugins make it into the database
-                let db = app_handle_clone.db();
-                for dir in &bundled_dirs {
-                    if db.get_plugin_by_directory(dir).is_none() {
-                        db.upsert_plugin(
-                            &Plugin {
-                                directory: dir.clone(),
-                                enabled: true,
-                                url: None,
-                                ..Default::default()
-                            },
-                            &UpdateSource::Background,
-                        )
-                        .expect("Failed to upsert bundled plugin");
-                    }
-                }
-
-                // Get all plugins from database and initialize
-                let plugins = db.list_plugins().expect("Failed to list plugins from database");
-                drop(db); // Explicitly drop the connection before await
-
-                let errors =
-                    manager.initialize_all_plugins(plugins, &PluginContext::new_empty()).await;
-
-                // Show toast for any failed plugins
-                for (plugin_dir, error_msg) in errors {
-                    let plugin_name = plugin_dir.split('/').last().unwrap_or(&plugin_dir);
-                    let toast = ShowToastRequest {
-                        message: format!("Failed to start plugin '{}': {}", plugin_name, error_msg),
-                        color: Some(Color::Danger),
-                        icon: Some(Icon::AlertTriangle),
-                        timeout: Some(10000),
-                    };
-                    if let Err(emit_err) = app_handle_clone.emit("show_toast", toast) {
-                        error!("Failed to emit toast for plugin error: {emit_err:?}");
-                    }
-                }
+                .await
+                .expect("Failed to initialize plugins");
 
                 app_handle_clone.manage(manager);
             });

crates-tauri/yaak-app/src/render.rs

@@ -1,10 +1,8 @@
 use log::info;
 use serde_json::Value;
 use std::collections::BTreeMap;
-use yaak_http::path_placeholders::apply_path_placeholders;
-use yaak_models::models::{
-    Environment, GrpcRequest, HttpRequest, HttpRequestHeader, HttpUrlParameter,
-};
+pub use yaak::render::render_http_request;
+use yaak_models::models::{Environment, GrpcRequest, HttpRequestHeader};
 use yaak_models::render::make_vars_hashmap;
 use yaak_templates::{RenderOptions, TemplateCallback, parse_and_render, render_json_value_raw};
 
@@ -85,151 +83,3 @@ pub async fn render_grpc_request<T: TemplateCallback>(
 
     Ok(GrpcRequest { url, metadata, authentication, ..r.to_owned() })
 }
-
-pub async fn render_http_request<T: TemplateCallback>(
-    r: &HttpRequest,
-    environment_chain: Vec<Environment>,
-    cb: &T,
-    opt: &RenderOptions,
-) -> yaak_templates::error::Result<HttpRequest> {
-    let vars = &make_vars_hashmap(environment_chain);
-
-    let mut url_parameters = Vec::new();
-    for p in r.url_parameters.clone() {
-        if !p.enabled {
-            continue;
-        }
-        url_parameters.push(HttpUrlParameter {
-            enabled: p.enabled,
-            name: parse_and_render(p.name.as_str(), vars, cb, &opt).await?,
-            value: parse_and_render(p.value.as_str(), vars, cb, &opt).await?,
-            id: p.id,
-        })
-    }
-
-    let mut headers = Vec::new();
-    for p in r.headers.clone() {
-        if !p.enabled {
-            continue;
-        }
-        headers.push(HttpRequestHeader {
-            enabled: p.enabled,
-            name: parse_and_render(p.name.as_str(), vars, cb, &opt).await?,
-            value: parse_and_render(p.value.as_str(), vars, cb, &opt).await?,
-            id: p.id,
-        })
-    }
-
-    let mut body = BTreeMap::new();
-    for (k, v) in r.body.clone() {
-        let v = if k == "form" { strip_disabled_form_entries(v) } else { v };
-        body.insert(k, render_json_value_raw(v, vars, cb, &opt).await?);
-    }
-
-    let authentication = {
-        let mut disabled = false;
-        let mut auth = BTreeMap::new();
-        match r.authentication.get("disabled") {
-            Some(Value::Bool(true)) => {
-                disabled = true;
-            }
-            Some(Value::String(tmpl)) => {
-                disabled = parse_and_render(tmpl.as_str(), vars, cb, &opt)
-                    .await
-                    .unwrap_or_default()
-                    .is_empty();
-                info!(
-                    "Rendering authentication.disabled as a template: {disabled} from \"{tmpl}\""
-                );
-            }
-            _ => {}
-        }
-        if disabled {
-            auth.insert("disabled".to_string(), Value::Bool(true));
-        } else {
-            for (k, v) in r.authentication.clone() {
-                if k == "disabled" {
-                    auth.insert(k, Value::Bool(false));
-                } else {
-                    auth.insert(k, render_json_value_raw(v, vars, cb, &opt).await?);
-                }
-            }
-        }
-        auth
-    };
-
-    let url = parse_and_render(r.url.clone().as_str(), vars, cb, &opt).await?;
-
-    // This doesn't fit perfectly with the concept of "rendering" but it kind of does
-    let (url, url_parameters) = apply_path_placeholders(&url, &url_parameters);
-
-    Ok(HttpRequest { url, url_parameters, headers, body, authentication, ..r.to_owned() })
-}
-
-/// Strip disabled entries from a JSON array of form objects.
-fn strip_disabled_form_entries(v: Value) -> Value {
-    match v {
-        Value::Array(items) => Value::Array(
-            items
-                .into_iter()
-                .filter(|item| item.get("enabled").and_then(|e| e.as_bool()).unwrap_or(true))
-                .collect(),
-        ),
-        v => v,
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use serde_json::json;
-
-    #[test]
-    fn test_strip_disabled_form_entries() {
-        let input = json!([
-            {"enabled": true, "name": "foo", "value": "bar"},
-            {"enabled": false, "name": "disabled", "value": "gone"},
-            {"enabled": true, "name": "baz", "value": "qux"},
-        ]);
-        let result = strip_disabled_form_entries(input);
-        assert_eq!(
-            result,
-            json!([
-                {"enabled": true, "name": "foo", "value": "bar"},
-                {"enabled": true, "name": "baz", "value": "qux"},
-            ])
-        );
-    }
-
-    #[test]
-    fn test_strip_disabled_form_entries_all_disabled() {
-        let input = json!([
-            {"enabled": false, "name": "a", "value": "b"},
-            {"enabled": false, "name": "c", "value": "d"},
-        ]);
-        let result = strip_disabled_form_entries(input);
-        assert_eq!(result, json!([]));
-    }
-
-    #[test]
-    fn test_strip_disabled_form_entries_missing_enabled_defaults_to_kept() {
-        let input = json!([
-            {"name": "no_enabled_field", "value": "kept"},
-            {"enabled": false, "name": "disabled", "value": "gone"},
-        ]);
-        let result = strip_disabled_form_entries(input);
-        assert_eq!(
-            result,
-            json!([
-                {"name": "no_enabled_field", "value": "kept"},
-            ])
-        );
-    }
-
-    #[test]
-    fn test_strip_disabled_form_entries_non_array_passthrough() {
-        let input = json!("just a string");
-        let result = strip_disabled_form_entries(input.clone());
-        assert_eq!(result, input);
-    }
-}

crates-tauri/yaak-app/src/updates.rs

@@ -15,6 +15,9 @@ use ts_rs::TS;
 use yaak_models::util::generate_id;
 use yaak_plugins::manager::PluginManager;
 
+use url::Url;
+use yaak_api::get_system_proxy_url;
+
 use crate::error::Error::GenericError;
 use crate::is_dev;
 
@@ -87,8 +90,13 @@ impl YaakUpdater {
         info!("Checking for updates mode={} autodl={}", mode, auto_download);
 
         let w = window.clone();
-        let update_check_result = w
-            .updater_builder()
+        let mut updater_builder = w.updater_builder();
+        if let Some(proxy_url) = get_system_proxy_url() {
+            if let Ok(url) = Url::parse(&proxy_url) {
+                updater_builder = updater_builder.proxy(url);
+            }
+        }
+        let update_check_result = updater_builder
             .on_before_exit(move || {
                 // Kill plugin manager before exit or NSIS installer will fail to replace sidecar
                 // while it's running.
@@ -111,6 +119,7 @@ impl YaakUpdater {
                     UpdateTrigger::User => "user",
                 },
             )?
+            .header("X-Install-Mode", detect_install_mode().unwrap_or("unknown"))?
             .build()?
             .check()
             .await;
@@ -353,6 +362,22 @@ pub async fn download_update_idempotent<R: Runtime>(
     Ok(dl_path)
 }
 
+/// Detect the installer type so the update server can serve the correct artifact.
+fn detect_install_mode() -> Option<&'static str> {
+    #[cfg(target_os = "windows")]
+    {
+        if let Ok(exe) = std::env::current_exe() {
+            let path = exe.to_string_lossy().to_lowercase();
+            if path.starts_with(r"c:\program files") {
+                return Some("nsis-machine");
+            }
+        }
+        return Some("nsis");
+    }
+    #[allow(unreachable_code)]
+    None
+}
+
 pub async fn install_update_maybe_download<R: Runtime>(
     window: &WebviewWindow<R>,
     update: &Update,

crates-tauri/yaak-app/src/uri_scheme.rs

@@ -8,11 +8,11 @@ use std::fs;
 use std::sync::Arc;
 use tauri::{AppHandle, Emitter, Manager, Runtime, Url};
 use tauri_plugin_dialog::{DialogExt, MessageDialogButtons, MessageDialogKind};
+use yaak_api::yaak_api_client;
 use yaak_models::util::generate_id;
 use yaak_plugins::events::{Color, ShowToastRequest};
 use yaak_plugins::install::download_and_install;
 use yaak_plugins::manager::PluginManager;
-use yaak_tauri_utils::api_client::yaak_api_client;
 
 pub(crate) async fn handle_deep_link<R: Runtime>(
     app_handle: &AppHandle<R>,
@@ -46,7 +46,8 @@ pub(crate) async fn handle_deep_link<R: Runtime>(
 
             let plugin_manager = Arc::new((*window.state::<PluginManager>()).clone());
             let query_manager = app_handle.db_manager();
-            let http_client = yaak_api_client(app_handle)?;
+            let app_version = app_handle.package_info().version.to_string();
+            let http_client = yaak_api_client(&app_version)?;
             let plugin_context = window.plugin_context();
             let pv = download_and_install(
                 plugin_manager,
@@ -86,7 +87,8 @@ pub(crate) async fn handle_deep_link<R: Runtime>(
                     return Ok(());
                 }
 
-                let resp = yaak_api_client(app_handle)?.get(file_url).send().await?;
+                let app_version = app_handle.package_info().version.to_string();
+                let resp = yaak_api_client(&app_version)?.get(file_url).send().await?;
                 let json = resp.bytes().await?;
                 let p = app_handle
                     .path()

crates-tauri/yaak-app/src/window_menu.rs

@@ -153,11 +153,8 @@ pub fn app_menu<R: Runtime>(app_handle: &AppHandle<R>) -> tauri::Result<Menu<R>>
                         .build(app_handle)?,
                     &MenuItemBuilder::with_id("dev.reset_size".to_string(), "Reset Size")
                         .build(app_handle)?,
-                    &MenuItemBuilder::with_id(
-                        "dev.reset_size_16x9".to_string(),
-                        "Resize to 16x9",
-                    )
-                    .build(app_handle)?,
+                    &MenuItemBuilder::with_id("dev.reset_size_16x9".to_string(), "Resize to 16x9")
+                        .build(app_handle)?,
                     &MenuItemBuilder::with_id(
                         "dev.reset_size_16x10".to_string(),
                         "Resize to 16x10",

crates-tauri/yaak-license/Cargo.toml

@@ -16,7 +16,7 @@ thiserror = { workspace = true }
 ts-rs = { workspace = true }
 yaak-common = { workspace = true }
 yaak-models = { workspace = true }
-yaak-tauri-utils = { workspace = true }
+yaak-api = { workspace = true }
 
 [build-dependencies]
 tauri-plugin = { workspace = true, features = ["build"] }

crates-tauri/yaak-license/src/error.rs

@@ -16,7 +16,7 @@ pub enum Error {
     ModelError(#[from] yaak_models::error::Error),
 
     #[error(transparent)]
-    TauriUtilsError(#[from] yaak_tauri_utils::error::Error),
+    ApiError(#[from] yaak_api::Error),
 
     #[error("Internal server error")]
     ServerError,

crates-tauri/yaak-license/src/license.rs

@@ -7,11 +7,11 @@ use std::ops::Add;
 use std::time::Duration;
 use tauri::{AppHandle, Emitter, Manager, Runtime, WebviewWindow, is_dev};
 use ts_rs::TS;
+use yaak_api::yaak_api_client;
 use yaak_common::platform::get_os_str;
 use yaak_models::db_context::DbContext;
 use yaak_models::query_manager::QueryManager;
 use yaak_models::util::UpdateSource;
-use yaak_tauri_utils::api_client::yaak_api_client;
 
 /// Extension trait for accessing the QueryManager from Tauri Manager types.
 /// This is needed temporarily until all crates are refactored to not use Tauri.
@@ -118,11 +118,12 @@ pub async fn activate_license<R: Runtime>(
     license_key: &str,
 ) -> Result<()> {
     info!("Activating license {}", license_key);
-    let client = reqwest::Client::new();
+    let app_version = window.app_handle().package_info().version.to_string();
+    let client = yaak_api_client(&app_version)?;
     let payload = ActivateLicenseRequestPayload {
         license_key: license_key.to_string(),
         app_platform: get_os_str().to_string(),
-        app_version: window.app_handle().package_info().version.to_string(),
+        app_version,
     };
     let response = client.post(build_url("/licenses/activate")).json(&payload).send().await?;
 
@@ -155,12 +156,11 @@ pub async fn deactivate_license<R: Runtime>(window: &WebviewWindow<R>) -> Result
     let app_handle = window.app_handle();
     let activation_id = get_activation_id(app_handle).await;
 
-    let client = reqwest::Client::new();
+    let app_version = window.app_handle().package_info().version.to_string();
+    let client = yaak_api_client(&app_version)?;
     let path = format!("/licenses/activations/{}/deactivate", activation_id);
-    let payload = DeactivateLicenseRequestPayload {
-        app_platform: get_os_str().to_string(),
-        app_version: window.app_handle().package_info().version.to_string(),
-    };
+    let payload =
+        DeactivateLicenseRequestPayload { app_platform: get_os_str().to_string(), app_version };
     let response = client.post(build_url(&path)).json(&payload).send().await?;
 
     if response.status().is_client_error() {
@@ -186,10 +186,9 @@ pub async fn deactivate_license<R: Runtime>(window: &WebviewWindow<R>) -> Result
 }
 
 pub async fn check_license<R: Runtime>(window: &WebviewWindow<R>) -> Result<LicenseCheckStatus> {
-    let payload = CheckActivationRequestPayload {
-        app_platform: get_os_str().to_string(),
-        app_version: window.package_info().version.to_string(),
-    };
+    let app_version = window.app_handle().package_info().version.to_string();
+    let payload =
+        CheckActivationRequestPayload { app_platform: get_os_str().to_string(), app_version };
     let activation_id = get_activation_id(window.app_handle()).await;
 
     let settings = window.db().get_settings();
@@ -204,7 +203,7 @@ pub async fn check_license<R: Runtime>(window: &WebviewWindow<R>) -> Result<Lice
         (true, _) => {
             info!("Checking license activation");
             // A license has been activated, so let's check the license server
-            let client = yaak_api_client(window.app_handle())?;
+            let client = yaak_api_client(&payload.app_version)?;
             let path = format!("/licenses/activations/{activation_id}/check-v2");
             let response = client.post(build_url(&path)).json(&payload).send().await?;
 

crates-tauri/yaak-tauri-utils/Cargo.toml

@@ -6,8 +6,4 @@ publish = false
 
 [dependencies]
 tauri = { workspace = true }
-reqwest = { workspace = true, features = ["gzip"] }
-thiserror = { workspace = true }
-serde = { workspace = true, features = ["derive"] }
 regex = "1.11.0"
-yaak-common = { workspace = true }

crates-tauri/yaak-tauri-utils/src/api_client.rs

@@ -1,24 +0,0 @@
-use crate::error::Result;
-use reqwest::Client;
-use std::time::Duration;
-use tauri::http::{HeaderMap, HeaderValue};
-use tauri::{AppHandle, Runtime};
-use yaak_common::platform::{get_ua_arch, get_ua_platform};
-
-pub fn yaak_api_client<R: Runtime>(app_handle: &AppHandle<R>) -> Result<Client> {
-    let platform = get_ua_platform();
-    let version = app_handle.package_info().version.clone();
-    let arch = get_ua_arch();
-    let ua = format!("Yaak/{version} ({platform}; {arch})");
-    let mut default_headers = HeaderMap::new();
-    default_headers.insert("Accept", HeaderValue::from_str("application/json").unwrap());
-
-    let client = reqwest::ClientBuilder::new()
-        .timeout(Duration::from_secs(20))
-        .default_headers(default_headers)
-        .gzip(true)
-        .user_agent(ua)
-        .build()?;
-
-    Ok(client)
-}

crates-tauri/yaak-tauri-utils/src/error.rs

@@ -1,19 +0,0 @@
-use serde::{Serialize, Serializer};
-use thiserror::Error;
-
-#[derive(Error, Debug)]
-pub enum Error {
-    #[error(transparent)]
-    ReqwestError(#[from] reqwest::Error),
-}
-
-impl Serialize for Error {
-    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
-    where
-        S: Serializer,
-    {
-        serializer.serialize_str(self.to_string().as_ref())
-    }
-}
-
-pub type Result<T> = std::result::Result<T, Error>;

crates-tauri/yaak-tauri-utils/src/lib.rs

@@ -1,3 +1 @@
-pub mod api_client;
-pub mod error;
 pub mod window;

crates/yaak-api/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "yaak-api"
+version = "0.1.0"
+edition = "2024"
+publish = false
+
+[dependencies]
+log = { workspace = true }
+reqwest = { workspace = true, features = ["gzip"] }
+sysproxy = "0.3"
+thiserror = { workspace = true }
+yaak-common = { workspace = true }

crates/yaak-api/src/error.rs

@@ -0,0 +1,9 @@
+use thiserror::Error;
+
+#[derive(Error, Debug)]
+pub enum Error {
+    #[error(transparent)]
+    ReqwestError(#[from] reqwest::Error),
+}
+
+pub type Result<T> = std::result::Result<T, Error>;

crates/yaak-api/src/lib.rs

@@ -0,0 +1,70 @@
+mod error;
+
+pub use error::{Error, Result};
+
+use log::{debug, warn};
+use reqwest::Client;
+use reqwest::header::{HeaderMap, HeaderValue};
+use std::time::Duration;
+use yaak_common::platform::{get_ua_arch, get_ua_platform};
+
+/// Build a reqwest Client configured for Yaak's own API calls.
+///
+/// Includes a custom User-Agent, JSON accept header, 20s timeout, gzip,
+/// and automatic OS-level proxy detection via sysproxy.
+pub fn yaak_api_client(version: &str) -> Result<Client> {
+    let platform = get_ua_platform();
+    let arch = get_ua_arch();
+    let ua = format!("Yaak/{version} ({platform}; {arch})");
+
+    let mut default_headers = HeaderMap::new();
+    default_headers.insert("Accept", HeaderValue::from_str("application/json").unwrap());
+
+    let mut builder = reqwest::ClientBuilder::new()
+        .timeout(Duration::from_secs(20))
+        .default_headers(default_headers)
+        .gzip(true)
+        .user_agent(ua);
+
+    if let Some(sys) = get_enabled_system_proxy() {
+        let proxy_url = format!("http://{}:{}", sys.host, sys.port);
+        match reqwest::Proxy::all(&proxy_url) {
+            Ok(p) => {
+                let p = if !sys.bypass.is_empty() {
+                    p.no_proxy(reqwest::NoProxy::from_string(&sys.bypass))
+                } else {
+                    p
+                };
+                builder = builder.proxy(p);
+            }
+            Err(e) => {
+                warn!("Failed to configure system proxy: {e}");
+            }
+        }
+    }
+
+    Ok(builder.build()?)
+}
+
+/// Returns the system proxy URL if one is enabled, e.g. `http://host:port`.
+pub fn get_system_proxy_url() -> Option<String> {
+    let sys = get_enabled_system_proxy()?;
+    Some(format!("http://{}:{}", sys.host, sys.port))
+}
+
+fn get_enabled_system_proxy() -> Option<sysproxy::Sysproxy> {
+    match sysproxy::Sysproxy::get_system_proxy() {
+        Ok(sys) if sys.enable => {
+            debug!("Detected system proxy: http://{}:{}", sys.host, sys.port);
+            Some(sys)
+        }
+        Ok(_) => {
+            debug!("System proxy detected but not enabled");
+            None
+        }
+        Err(e) => {
+            debug!("Could not detect system proxy: {e}");
+            None
+        }
+    }
+}

crates/yaak-git/src/pull.rs

@@ -44,43 +44,65 @@ pub async fn git_pull(dir: &Path) -> Result<PullResult> {
         (branch_name, remote_name, remote_url)
     };
 
-    let out = new_binary_command(dir)
+    // Step 1: fetch the specific branch
+    // NOTE: We use fetch + merge instead of `git pull` to avoid conflicts with
+    // global git config (e.g. pull.ff=only) and the background fetch --all.
+    let fetch_out = new_binary_command(dir)
         .await?
-        .args(["pull", &remote_name, &branch_name])
+        .args(["fetch", &remote_name, &branch_name])
         .env("GIT_TERMINAL_PROMPT", "0")
         .output()
         .await
-        .map_err(|e| GenericError(format!("failed to run git pull: {e}")))?;
+        .map_err(|e| GenericError(format!("failed to run git fetch: {e}")))?;
 
-    let stdout = String::from_utf8_lossy(&out.stdout);
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    let combined = stdout + stderr;
+    let fetch_stdout = String::from_utf8_lossy(&fetch_out.stdout);
+    let fetch_stderr = String::from_utf8_lossy(&fetch_out.stderr);
+    let fetch_combined = format!("{fetch_stdout}{fetch_stderr}");
 
-    info!("Pulled status={} {combined}", out.status);
+    info!("Fetched status={} {fetch_combined}", fetch_out.status);
 
-    if combined.to_lowercase().contains("could not read") {
+    if fetch_combined.to_lowercase().contains("could not read") {
         return Ok(PullResult::NeedsCredentials { url: remote_url.to_string(), error: None });
     }
 
-    if combined.to_lowercase().contains("unable to access") {
+    if fetch_combined.to_lowercase().contains("unable to access") {
         return Ok(PullResult::NeedsCredentials {
             url: remote_url.to_string(),
-            error: Some(combined.to_string()),
+            error: Some(fetch_combined.to_string()),
         });
     }
 
-    if !out.status.success() {
-        let combined_lower = combined.to_lowercase();
-        if combined_lower.contains("cannot fast-forward")
-            || combined_lower.contains("not possible to fast-forward")
-            || combined_lower.contains("diverged")
+    if !fetch_out.status.success() {
+        return Err(GenericError(format!("Failed to fetch: {fetch_combined}")));
+    }
+
+    // Step 2: merge the fetched branch
+    let ref_name = format!("{}/{}", remote_name, branch_name);
+    let merge_out = new_binary_command(dir)
+        .await?
+        .args(["merge", "--ff-only", &ref_name])
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git merge: {e}")))?;
+
+    let merge_stdout = String::from_utf8_lossy(&merge_out.stdout);
+    let merge_stderr = String::from_utf8_lossy(&merge_out.stderr);
+    let merge_combined = format!("{merge_stdout}{merge_stderr}");
+
+    info!("Merged status={} {merge_combined}", merge_out.status);
+
+    if !merge_out.status.success() {
+        let merge_lower = merge_combined.to_lowercase();
+        if merge_lower.contains("cannot fast-forward")
+            || merge_lower.contains("not possible to fast-forward")
+            || merge_lower.contains("diverged")
         {
             return Ok(PullResult::Diverged { remote: remote_name, branch: branch_name });
         }
-        return Err(GenericError(format!("Failed to pull {combined}")));
+        return Err(GenericError(format!("Failed to merge: {merge_combined}")));
     }
 
-    if combined.to_lowercase().contains("up to date") {
+    if merge_combined.to_lowercase().contains("up to date") {
         return Ok(PullResult::UpToDate);
     }
 

crates/yaak-grpc/src/any.rs

@@ -55,6 +55,7 @@ mod tests {
 
         let mut out = Vec::new();
         super::collect_any_types(json, &mut out);
+        out.sort();
         assert_eq!(out, vec!["foo.bar", "mount_source.MountSourceRBDVolume"]);
     }
 }

crates/yaak-http/src/manager.rs

@@ -1,7 +1,6 @@
 use crate::client::HttpConnectionOptions;
 use crate::dns::LocalhostResolver;
 use crate::error::Result;
-use log::info;
 use reqwest::Client;
 use std::collections::BTreeMap;
 use std::sync::Arc;
@@ -36,7 +35,6 @@ impl HttpConnectionManager {
         connections.retain(|_, (_, last_used)| last_used.elapsed() <= self.ttl);
 
         if let Some((cached, last_used)) = connections.get_mut(&id) {
-            info!("Re-using HTTP client {id}");
             *last_used = Instant::now();
             return Ok(CachedClient {
                 client: cached.client.clone(),

crates/yaak-http/src/sender.rs

@@ -74,15 +74,31 @@ impl Display for HttpResponseEvent {
                 };
                 write!(f, "* Redirect {} -> {} ({})", status, url, behavior_str)
             }
-            HttpResponseEvent::SendUrl { method, scheme, username, password, host, port, path, query, fragment } => {
+            HttpResponseEvent::SendUrl {
+                method,
+                scheme,
+                username,
+                password,
+                host,
+                port,
+                path,
+                query,
+                fragment,
+            } => {
                 let auth_str = if username.is_empty() && password.is_empty() {
                     String::new()
                 } else {
                     format!("{}:{}@", username, password)
                 };
-                let query_str = if query.is_empty() { String::new() } else { format!("?{}", query) };
-                let fragment_str = if fragment.is_empty() { String::new() } else { format!("#{}", fragment) };
-                write!(f, "> {} {}://{}{}:{}{}{}{}", method, scheme, auth_str, host, port, path, query_str, fragment_str)
+                let query_str =
+                    if query.is_empty() { String::new() } else { format!("?{}", query) };
+                let fragment_str =
+                    if fragment.is_empty() { String::new() } else { format!("#{}", fragment) };
+                write!(
+                    f,
+                    "> {} {}://{}{}:{}{}{}{}",
+                    method, scheme, auth_str, host, port, path, query_str, fragment_str
+                )
             }
             HttpResponseEvent::ReceiveUrl { version, status } => {
                 write!(f, "< {} {}", version_to_str(version), status)
@@ -122,7 +138,17 @@ impl From<HttpResponseEvent> for yaak_models::models::HttpResponseEventData {
                     RedirectBehavior::DropBody => "drop_body".to_string(),
                 },
             },
-            HttpResponseEvent::SendUrl { method, scheme, username, password, host, port, path, query, fragment } => {
+            HttpResponseEvent::SendUrl {
+                method,
+                scheme,
+                username,
+                password,
+                host,
+                port,
+                path,
+                query,
+                fragment,
+            } => {
                 D::SendUrl { method, scheme, username, password, host, port, path, query, fragment }
             }
             HttpResponseEvent::ReceiveUrl { version, status } => {
@@ -546,7 +572,10 @@ impl<S> SizedBody<S> {
 
 impl<S> HttpBody for SizedBody<S>
 where
-    S: futures_util::Stream<Item = std::result::Result<Bytes, std::io::Error>> + Send + Unpin + 'static,
+    S: futures_util::Stream<Item = std::result::Result<Bytes, std::io::Error>>
+        + Send
+        + Unpin
+        + 'static,
 {
     type Data = Bytes;
     type Error = std::io::Error;

crates/yaak-http/src/types.rs

@@ -37,10 +37,9 @@ impl From<SendableBodyWithMeta> for SendableBody {
     fn from(value: SendableBodyWithMeta) -> Self {
         match value {
             SendableBodyWithMeta::Bytes(b) => SendableBody::Bytes(b),
-            SendableBodyWithMeta::Stream { data, content_length } => SendableBody::Stream {
-                data,
-                content_length: content_length.map(|l| l as u64),
-            },
+            SendableBodyWithMeta::Stream { data, content_length } => {
+                SendableBody::Stream { data, content_length: content_length.map(|l| l as u64) }
+            }
         }
     }
 }

crates/yaak-models/Cargo.toml

@@ -17,6 +17,7 @@ sea-query = { version = "0.32.1", features = ["with-chrono", "attr"] }
 sea-query-rusqlite = { version = "0.7.0", features = ["with-chrono"] }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
+schemars = { workspace = true }
 sha2 = { workspace = true }
 thiserror = { workspace = true }
 ts-rs = { workspace = true, features = ["chrono-impl", "serde-json-impl"] }

crates/yaak-models/build.rs

@@ -0,0 +1,5 @@
+fn main() {
+    // Migrations are embedded with include_dir!, so trigger rebuilds when SQL files change.
+    println!("cargo:rerun-if-changed=migrations");
+    println!("cargo:rerun-if-changed=blob_migrations");
+}

crates/yaak-models/migrations/20260216000000_model-changes.sql

@@ -0,0 +1,12 @@
+CREATE TABLE model_changes
+(
+    id            INTEGER PRIMARY KEY AUTOINCREMENT,
+    model         TEXT                                                    NOT NULL,
+    model_id      TEXT                                                    NOT NULL,
+    change        TEXT                                                    NOT NULL,
+    update_source TEXT                                                    NOT NULL,
+    payload       TEXT                                                    NOT NULL,
+    created_at    DATETIME DEFAULT (STRFTIME('%Y-%m-%d %H:%M:%f', 'NOW')) NOT NULL
+);
+
+CREATE INDEX idx_model_changes_created_at ON model_changes (created_at);

crates/yaak-models/migrations/20260217000000_remove-legacy-faker-plugin.sql

@@ -0,0 +1,3 @@
+-- Remove stale plugin rows left over from the brief period when faker shipped as bundled.
+DELETE FROM plugins
+WHERE directory LIKE '%template-function-faker';

crates/yaak-models/src/db_context.rs

@@ -3,8 +3,7 @@ use crate::error::Error::ModelNotFound;
 use crate::error::Result;
 use crate::models::{AnyModel, UpsertModelInfo};
 use crate::util::{ModelChangeEvent, ModelPayload, UpdateSource};
-use log::error;
-use rusqlite::OptionalExtension;
+use rusqlite::{OptionalExtension, params};
 use sea_query::{
     Asterisk, Expr, Func, IntoColumnRef, IntoIden, IntoTableRef, OnConflict, Query, SimpleExpr,
     SqliteQueryBuilder,
@@ -14,7 +13,7 @@ use std::fmt::Debug;
 use std::sync::mpsc;
 
 pub struct DbContext<'a> {
-    pub(crate) events_tx: mpsc::Sender<ModelPayload>,
+    pub(crate) _events_tx: mpsc::Sender<ModelPayload>,
     pub(crate) conn: ConnectionOrTx<'a>,
 }
 
@@ -180,9 +179,8 @@ impl<'a> DbContext<'a> {
             change: ModelChangeEvent::Upsert { created },
         };
 
-        if let Err(e) = self.events_tx.send(payload.clone()) {
-            error!("Failed to send model change {source:?}: {e:?}");
-        }
+        self.record_model_change(&payload)?;
+        let _ = self._events_tx.send(payload);
 
         Ok(m)
     }
@@ -203,9 +201,31 @@ impl<'a> DbContext<'a> {
             change: ModelChangeEvent::Delete,
         };
 
-        if let Err(e) = self.events_tx.send(payload) {
-            error!("Failed to send model change {source:?}: {e:?}");
-        }
+        self.record_model_change(&payload)?;
+        let _ = self._events_tx.send(payload);
+
         Ok(m.clone())
     }
+
+    fn record_model_change(&self, payload: &ModelPayload) -> Result<()> {
+        let payload_json = serde_json::to_string(payload)?;
+        let source_json = serde_json::to_string(&payload.update_source)?;
+        let change_json = serde_json::to_string(&payload.change)?;
+
+        self.conn.resolve().execute(
+            r#"
+                INSERT INTO model_changes (model, model_id, change, update_source, payload)
+                VALUES (?1, ?2, ?3, ?4, ?5)
+            "#,
+            params![
+                payload.model.model(),
+                payload.model.id(),
+                change_json,
+                source_json,
+                payload_json,
+            ],
+        )?;
+
+        Ok(())
+    }
 }

crates/yaak-models/src/models.rs

@@ -6,6 +6,7 @@ use crate::models::HttpRequestIden::{
 use crate::util::{UpdateSource, generate_prefixed_id};
 use chrono::{NaiveDateTime, Utc};
 use rusqlite::Row;
+use schemars::JsonSchema;
 use sea_query::Order::Desc;
 use sea_query::{IntoColumnRef, IntoIden, IntoTableRef, Order, SimpleExpr, enum_def};
 use serde::{Deserialize, Deserializer, Serialize};
@@ -73,7 +74,7 @@ pub struct ClientCertificate {
     pub enabled: bool,
 }
 
-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export, export_to = "gen_models.ts")]
 pub struct DnsOverride {
@@ -292,7 +293,7 @@ impl UpsertModelInfo for Settings {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, JsonSchema, TS)]
 #[serde(default, rename_all = "camelCase")]
 #[ts(export, export_to = "gen_models.ts")]
 #[enum_def(table_name = "workspaces")]
@@ -589,7 +590,7 @@ impl UpsertModelInfo for CookieJar {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, JsonSchema, TS)]
 #[serde(default, rename_all = "camelCase")]
 #[ts(export, export_to = "gen_models.ts")]
 #[enum_def(table_name = "environments")]
@@ -610,6 +611,8 @@ pub struct Environment {
     pub base: bool,
     pub parent_model: String,
     pub parent_id: Option<String>,
+    /// Variables defined in this environment scope.
+    /// Child environments override parent variables by name.
     pub variables: Vec<EnvironmentVariable>,
     pub color: Option<String>,
     pub sort_priority: f64,
@@ -697,7 +700,7 @@ impl UpsertModelInfo for Environment {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, JsonSchema, TS)]
 #[serde(default, rename_all = "camelCase")]
 #[ts(export, export_to = "gen_models.ts")]
 pub struct EnvironmentVariable {
@@ -824,7 +827,7 @@ impl UpsertModelInfo for Folder {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, JsonSchema, TS)]
 #[serde(default, rename_all = "camelCase")]
 #[ts(export, export_to = "gen_models.ts")]
 pub struct HttpRequestHeader {
@@ -837,20 +840,22 @@ pub struct HttpRequestHeader {
     pub id: Option<String>,
 }
 
-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, JsonSchema, TS)]
 #[serde(default, rename_all = "camelCase")]
 #[ts(export, export_to = "gen_models.ts")]
 pub struct HttpUrlParameter {
     #[serde(default = "default_true")]
     #[ts(optional, as = "Option<bool>")]
     pub enabled: bool,
+    /// Colon-prefixed parameters are treated as path parameters if they match, like `/users/:id`
+    /// Other entries are appended as query parameters
     pub name: String,
     pub value: String,
     #[ts(optional, as = "Option<String>")]
     pub id: Option<String>,
 }
 
-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, JsonSchema, TS)]
 #[serde(default, rename_all = "camelCase")]
 #[ts(export, export_to = "gen_models.ts")]
 #[enum_def(table_name = "http_requests")]
@@ -876,6 +881,7 @@ pub struct HttpRequest {
     pub name: String,
     pub sort_priority: f64,
     pub url: String,
+    /// URL parameters used for both path placeholders (`:id`) and query string entries.
     pub url_parameters: Vec<HttpUrlParameter>,
 }
 
@@ -1095,7 +1101,7 @@ impl Default for WebsocketMessageType {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, JsonSchema, TS)]
 #[serde(default, rename_all = "camelCase")]
 #[ts(export, export_to = "gen_models.ts")]
 #[enum_def(table_name = "websocket_requests")]
@@ -1117,6 +1123,7 @@ pub struct WebsocketRequest {
     pub name: String,
     pub sort_priority: f64,
     pub url: String,
+    /// URL parameters used for both path placeholders (`:id`) and query string entries.
     pub url_parameters: Vec<HttpUrlParameter>,
 }
 
@@ -1704,7 +1711,7 @@ impl UpsertModelInfo for GraphQlIntrospection {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, JsonSchema, TS)]
 #[serde(default, rename_all = "camelCase")]
 #[ts(export, export_to = "gen_models.ts")]
 #[enum_def(table_name = "grpc_requests")]
@@ -1727,6 +1734,7 @@ pub struct GrpcRequest {
     pub name: String,
     pub service: Option<String>,
     pub sort_priority: f64,
+    /// Server URL (http for plaintext or https for secure)
     pub url: String,
 }
 
@@ -2347,6 +2355,15 @@ macro_rules! define_any_model {
                     )*
                 }
             }
+
+            #[inline]
+            pub fn model(&self) -> &str {
+                match self {
+                    $(
+                        AnyModel::$type(inner) => &inner.model,
+                    )*
+                }
+            }
         }
 
         $(
@@ -2400,30 +2417,29 @@ impl<'de> Deserialize<'de> for AnyModel {
     {
         let value = Value::deserialize(deserializer)?;
         let model = value.as_object().unwrap();
+        use AnyModel::*;
         use serde_json::from_value as fv;
 
         let model = match model.get("model") {
-            Some(m) if m == "cookie_jar" => AnyModel::CookieJar(fv(value).unwrap()),
-            Some(m) if m == "environment" => AnyModel::Environment(fv(value).unwrap()),
-            Some(m) if m == "folder" => AnyModel::Folder(fv(value).unwrap()),
-            Some(m) if m == "graphql_introspection" => {
-                AnyModel::GraphQlIntrospection(fv(value).unwrap())
-            }
-            Some(m) if m == "grpc_connection" => AnyModel::GrpcConnection(fv(value).unwrap()),
-            Some(m) if m == "grpc_event" => AnyModel::GrpcEvent(fv(value).unwrap()),
-            Some(m) if m == "grpc_request" => AnyModel::GrpcRequest(fv(value).unwrap()),
-            Some(m) if m == "http_request" => AnyModel::HttpRequest(fv(value).unwrap()),
-            Some(m) if m == "http_response" => AnyModel::HttpResponse(fv(value).unwrap()),
-            Some(m) if m == "key_value" => AnyModel::KeyValue(fv(value).unwrap()),
-            Some(m) if m == "plugin" => AnyModel::Plugin(fv(value).unwrap()),
-            Some(m) if m == "settings" => AnyModel::Settings(fv(value).unwrap()),
-            Some(m) if m == "websocket_connection" => {
-                AnyModel::WebsocketConnection(fv(value).unwrap())
-            }
-            Some(m) if m == "websocket_event" => AnyModel::WebsocketEvent(fv(value).unwrap()),
-            Some(m) if m == "websocket_request" => AnyModel::WebsocketRequest(fv(value).unwrap()),
-            Some(m) if m == "workspace" => AnyModel::Workspace(fv(value).unwrap()),
-            Some(m) if m == "workspace_meta" => AnyModel::WorkspaceMeta(fv(value).unwrap()),
+            Some(m) if m == "cookie_jar" => CookieJar(fv(value).unwrap()),
+            Some(m) if m == "environment" => Environment(fv(value).unwrap()),
+            Some(m) if m == "folder" => Folder(fv(value).unwrap()),
+            Some(m) if m == "graphql_introspection" => GraphQlIntrospection(fv(value).unwrap()),
+            Some(m) if m == "grpc_connection" => GrpcConnection(fv(value).unwrap()),
+            Some(m) if m == "grpc_event" => GrpcEvent(fv(value).unwrap()),
+            Some(m) if m == "grpc_request" => GrpcRequest(fv(value).unwrap()),
+            Some(m) if m == "http_request" => HttpRequest(fv(value).unwrap()),
+            Some(m) if m == "http_response" => HttpResponse(fv(value).unwrap()),
+            Some(m) if m == "http_response_event" => HttpResponseEvent(fv(value).unwrap()),
+            Some(m) if m == "key_value" => KeyValue(fv(value).unwrap()),
+            Some(m) if m == "plugin" => Plugin(fv(value).unwrap()),
+            Some(m) if m == "settings" => Settings(fv(value).unwrap()),
+            Some(m) if m == "sync_state" => SyncState(fv(value).unwrap()),
+            Some(m) if m == "websocket_connection" => WebsocketConnection(fv(value).unwrap()),
+            Some(m) if m == "websocket_event" => WebsocketEvent(fv(value).unwrap()),
+            Some(m) if m == "websocket_request" => WebsocketRequest(fv(value).unwrap()),
+            Some(m) if m == "workspace" => Workspace(fv(value).unwrap()),
+            Some(m) if m == "workspace_meta" => WorkspaceMeta(fv(value).unwrap()),
             Some(m) => {
                 return Err(serde::de::Error::custom(format!(
                     "Failed to deserialize AnyModel {}",

crates/yaak-models/src/queries/grpc_requests.rs

@@ -1,7 +1,7 @@
 use super::dedupe_headers;
 use crate::db_context::DbContext;
 use crate::error::Result;
-use crate::models::{GrpcRequest, GrpcRequestIden, HttpRequestHeader};
+use crate::models::{Folder, FolderIden, GrpcRequest, GrpcRequestIden, HttpRequestHeader};
 use crate::util::UpdateSource;
 use serde_json::Value;
 use std::collections::BTreeMap;
@@ -15,6 +15,20 @@ impl<'a> DbContext<'a> {
         self.find_many(GrpcRequestIden::WorkspaceId, workspace_id, None)
     }
 
+    pub fn list_grpc_requests_for_folder_recursive(
+        &self,
+        folder_id: &str,
+    ) -> Result<Vec<GrpcRequest>> {
+        let mut children = Vec::new();
+        for folder in self.find_many::<Folder>(FolderIden::FolderId, folder_id, None)? {
+            children.extend(self.list_grpc_requests_for_folder_recursive(&folder.id)?);
+        }
+        for request in self.find_many::<GrpcRequest>(GrpcRequestIden::FolderId, folder_id, None)? {
+            children.push(request);
+        }
+        Ok(children)
+    }
+
     pub fn delete_grpc_request(
         &self,
         m: &GrpcRequest,

crates/yaak-models/src/queries/mod.rs

@@ -11,6 +11,7 @@ mod http_requests;
 mod http_response_events;
 mod http_responses;
 mod key_values;
+mod model_changes;
 mod plugin_key_values;
 mod plugins;
 mod settings;
@@ -20,6 +21,7 @@ mod websocket_events;
 mod websocket_requests;
 mod workspace_metas;
 pub mod workspaces;
+pub use model_changes::PersistedModelChange;
 
 const MAX_HISTORY_ITEMS: usize = 20;
 

crates/yaak-models/src/queries/model_changes.rs

@@ -0,0 +1,289 @@
+use crate::db_context::DbContext;
+use crate::error::Result;
+use crate::util::ModelPayload;
+use rusqlite::params;
+use rusqlite::types::Type;
+
+#[derive(Debug, Clone)]
+pub struct PersistedModelChange {
+    pub id: i64,
+    pub created_at: String,
+    pub payload: ModelPayload,
+}
+
+impl<'a> DbContext<'a> {
+    pub fn list_model_changes_after(
+        &self,
+        after_id: i64,
+        limit: usize,
+    ) -> Result<Vec<PersistedModelChange>> {
+        let mut stmt = self.conn.prepare(
+            r#"
+                SELECT id, created_at, payload
+                FROM model_changes
+                WHERE id > ?1
+                ORDER BY id ASC
+                LIMIT ?2
+            "#,
+        )?;
+
+        let items = stmt.query_map(params![after_id, limit as i64], |row| {
+            let id: i64 = row.get(0)?;
+            let created_at: String = row.get(1)?;
+            let payload_raw: String = row.get(2)?;
+            let payload = serde_json::from_str::<ModelPayload>(&payload_raw).map_err(|e| {
+                rusqlite::Error::FromSqlConversionFailure(2, Type::Text, Box::new(e))
+            })?;
+            Ok(PersistedModelChange { id, created_at, payload })
+        })?;
+
+        Ok(items.collect::<std::result::Result<Vec<_>, rusqlite::Error>>()?)
+    }
+
+    pub fn list_model_changes_since(
+        &self,
+        since_created_at: &str,
+        since_id: i64,
+        limit: usize,
+    ) -> Result<Vec<PersistedModelChange>> {
+        let mut stmt = self.conn.prepare(
+            r#"
+                SELECT id, created_at, payload
+                FROM model_changes
+                WHERE created_at > ?1
+                   OR (created_at = ?1 AND id > ?2)
+                ORDER BY created_at ASC, id ASC
+                LIMIT ?3
+            "#,
+        )?;
+
+        let items = stmt.query_map(params![since_created_at, since_id, limit as i64], |row| {
+            let id: i64 = row.get(0)?;
+            let created_at: String = row.get(1)?;
+            let payload_raw: String = row.get(2)?;
+            let payload = serde_json::from_str::<ModelPayload>(&payload_raw).map_err(|e| {
+                rusqlite::Error::FromSqlConversionFailure(2, Type::Text, Box::new(e))
+            })?;
+            Ok(PersistedModelChange { id, created_at, payload })
+        })?;
+
+        Ok(items.collect::<std::result::Result<Vec<_>, rusqlite::Error>>()?)
+    }
+
+    pub fn prune_model_changes_older_than_days(&self, days: i64) -> Result<usize> {
+        let offset = format!("-{days} days");
+        Ok(self.conn.resolve().execute(
+            r#"
+                DELETE FROM model_changes
+                WHERE created_at < STRFTIME('%Y-%m-%d %H:%M:%f', 'NOW', ?1)
+            "#,
+            params![offset],
+        )?)
+    }
+
+    pub fn prune_model_changes_older_than_hours(&self, hours: i64) -> Result<usize> {
+        let offset = format!("-{hours} hours");
+        Ok(self.conn.resolve().execute(
+            r#"
+                DELETE FROM model_changes
+                WHERE created_at < STRFTIME('%Y-%m-%d %H:%M:%f', 'NOW', ?1)
+            "#,
+            params![offset],
+        )?)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::init_in_memory;
+    use crate::models::Workspace;
+    use crate::util::{ModelChangeEvent, UpdateSource};
+    use serde_json::json;
+
+    #[test]
+    fn records_model_changes_for_upsert_and_delete() {
+        let (query_manager, _blob_manager, _rx) = init_in_memory().expect("Failed to init DB");
+        let db = query_manager.connect();
+
+        let workspace = db
+            .upsert_workspace(
+                &Workspace {
+                    name: "Changes Test".to_string(),
+                    setting_follow_redirects: true,
+                    setting_validate_certificates: true,
+                    ..Default::default()
+                },
+                &UpdateSource::Sync,
+            )
+            .expect("Failed to upsert workspace");
+
+        let created_changes = db.list_model_changes_after(0, 10).expect("Failed to list changes");
+        assert_eq!(created_changes.len(), 1);
+        assert_eq!(created_changes[0].payload.model.id(), workspace.id);
+        assert_eq!(created_changes[0].payload.model.model(), "workspace");
+        assert!(matches!(
+            created_changes[0].payload.change,
+            ModelChangeEvent::Upsert { created: true }
+        ));
+        assert!(matches!(created_changes[0].payload.update_source, UpdateSource::Sync));
+
+        db.delete_workspace_by_id(&workspace.id, &UpdateSource::Sync)
+            .expect("Failed to delete workspace");
+
+        let all_changes = db.list_model_changes_after(0, 10).expect("Failed to list changes");
+        assert_eq!(all_changes.len(), 2);
+        assert!(matches!(all_changes[1].payload.change, ModelChangeEvent::Delete));
+        assert!(all_changes[1].id > all_changes[0].id);
+
+        let changes_after_first = db
+            .list_model_changes_after(all_changes[0].id, 10)
+            .expect("Failed to list changes after cursor");
+        assert_eq!(changes_after_first.len(), 1);
+        assert!(matches!(changes_after_first[0].payload.change, ModelChangeEvent::Delete));
+    }
+
+    #[test]
+    fn prunes_old_model_changes() {
+        let (query_manager, _blob_manager, _rx) = init_in_memory().expect("Failed to init DB");
+        let db = query_manager.connect();
+
+        db.upsert_workspace(
+            &Workspace {
+                name: "Prune Test".to_string(),
+                setting_follow_redirects: true,
+                setting_validate_certificates: true,
+                ..Default::default()
+            },
+            &UpdateSource::Sync,
+        )
+        .expect("Failed to upsert workspace");
+
+        let changes = db.list_model_changes_after(0, 10).expect("Failed to list changes");
+        assert_eq!(changes.len(), 1);
+
+        db.conn
+            .resolve()
+            .execute(
+                "UPDATE model_changes SET created_at = '2000-01-01 00:00:00.000' WHERE id = ?1",
+                params![changes[0].id],
+            )
+            .expect("Failed to age model change row");
+
+        let pruned =
+            db.prune_model_changes_older_than_days(30).expect("Failed to prune model changes");
+        assert_eq!(pruned, 1);
+        assert!(db.list_model_changes_after(0, 10).expect("Failed to list changes").is_empty());
+    }
+
+    #[test]
+    fn list_model_changes_since_uses_timestamp_with_id_tiebreaker() {
+        let (query_manager, _blob_manager, _rx) = init_in_memory().expect("Failed to init DB");
+        let db = query_manager.connect();
+
+        let workspace = db
+            .upsert_workspace(
+                &Workspace {
+                    name: "Cursor Test".to_string(),
+                    setting_follow_redirects: true,
+                    setting_validate_certificates: true,
+                    ..Default::default()
+                },
+                &UpdateSource::Sync,
+            )
+            .expect("Failed to upsert workspace");
+        db.delete_workspace_by_id(&workspace.id, &UpdateSource::Sync)
+            .expect("Failed to delete workspace");
+
+        let all = db.list_model_changes_after(0, 10).expect("Failed to list changes");
+        assert_eq!(all.len(), 2);
+
+        let fixed_ts = "2026-02-16 00:00:00.000";
+        db.conn
+            .resolve()
+            .execute("UPDATE model_changes SET created_at = ?1", params![fixed_ts])
+            .expect("Failed to normalize timestamps");
+
+        let after_first =
+            db.list_model_changes_since(fixed_ts, all[0].id, 10).expect("Failed to query cursor");
+        assert_eq!(after_first.len(), 1);
+        assert_eq!(after_first[0].id, all[1].id);
+    }
+
+    #[test]
+    fn prunes_old_model_changes_by_hours() {
+        let (query_manager, _blob_manager, _rx) = init_in_memory().expect("Failed to init DB");
+        let db = query_manager.connect();
+
+        db.upsert_workspace(
+            &Workspace {
+                name: "Prune Hour Test".to_string(),
+                setting_follow_redirects: true,
+                setting_validate_certificates: true,
+                ..Default::default()
+            },
+            &UpdateSource::Sync,
+        )
+        .expect("Failed to upsert workspace");
+
+        let changes = db.list_model_changes_after(0, 10).expect("Failed to list changes");
+        assert_eq!(changes.len(), 1);
+
+        db.conn
+            .resolve()
+            .execute(
+                "UPDATE model_changes SET created_at = STRFTIME('%Y-%m-%d %H:%M:%f', 'NOW', '-2 hours') WHERE id = ?1",
+                params![changes[0].id],
+            )
+            .expect("Failed to age model change row");
+
+        let pruned =
+            db.prune_model_changes_older_than_hours(1).expect("Failed to prune model changes");
+        assert_eq!(pruned, 1);
+    }
+
+    #[test]
+    fn list_model_changes_deserializes_http_response_event_payload() {
+        let (query_manager, _blob_manager, _rx) = init_in_memory().expect("Failed to init DB");
+        let db = query_manager.connect();
+
+        let payload = json!({
+            "model": {
+                "model": "http_response_event",
+                "id": "re_test",
+                "createdAt": "2026-02-16T21:01:34.809162",
+                "updatedAt": "2026-02-16T21:01:34.809163",
+                "workspaceId": "wk_test",
+                "responseId": "rs_test",
+                "event": {
+                    "type": "info",
+                    "message": "hello"
+                }
+            },
+            "updateSource": { "type": "sync" },
+            "change": { "type": "upsert", "created": false }
+        });
+
+        db.conn
+            .resolve()
+            .execute(
+                r#"
+                INSERT INTO model_changes (model, model_id, change, update_source, payload)
+                VALUES (?1, ?2, ?3, ?4, ?5)
+                "#,
+                params![
+                    "http_response_event",
+                    "re_test",
+                    r#"{"type":"upsert","created":false}"#,
+                    r#"{"type":"sync"}"#,
+                    payload.to_string(),
+                ],
+            )
+            .expect("Failed to insert model change row");
+
+        let changes = db.list_model_changes_after(0, 10).expect("Failed to list changes");
+        assert_eq!(changes.len(), 1);
+        assert_eq!(changes[0].payload.model.model(), "http_response_event");
+        assert_eq!(changes[0].payload.model.id(), "re_test");
+    }
+}

crates/yaak-models/src/queries/websocket_requests.rs

@@ -1,7 +1,9 @@
 use super::dedupe_headers;
 use crate::db_context::DbContext;
 use crate::error::Result;
-use crate::models::{HttpRequestHeader, WebsocketRequest, WebsocketRequestIden};
+use crate::models::{
+    Folder, FolderIden, HttpRequestHeader, WebsocketRequest, WebsocketRequestIden,
+};
 use crate::util::UpdateSource;
 use serde_json::Value;
 use std::collections::BTreeMap;
@@ -15,6 +17,22 @@ impl<'a> DbContext<'a> {
         self.find_many(WebsocketRequestIden::WorkspaceId, workspace_id, None)
     }
 
+    pub fn list_websocket_requests_for_folder_recursive(
+        &self,
+        folder_id: &str,
+    ) -> Result<Vec<WebsocketRequest>> {
+        let mut children = Vec::new();
+        for folder in self.find_many::<Folder>(FolderIden::FolderId, folder_id, None)? {
+            children.extend(self.list_websocket_requests_for_folder_recursive(&folder.id)?);
+        }
+        for request in
+            self.find_many::<WebsocketRequest>(WebsocketRequestIden::FolderId, folder_id, None)?
+        {
+            children.push(request);
+        }
+        Ok(children)
+    }
+
     pub fn delete_websocket_request(
         &self,
         websocket_request: &WebsocketRequest,

crates/yaak-models/src/query_manager.rs

@@ -25,7 +25,7 @@ impl QueryManager {
             .expect("Failed to gain lock on DB")
             .get()
             .expect("Failed to get a new DB connection from the pool");
-        DbContext { events_tx: self.events_tx.clone(), conn: ConnectionOrTx::Connection(conn) }
+        DbContext { _events_tx: self.events_tx.clone(), conn: ConnectionOrTx::Connection(conn) }
     }
 
     pub fn with_conn<F, T>(&self, func: F) -> T
@@ -39,8 +39,10 @@ impl QueryManager {
             .get()
             .expect("Failed to get new DB connection from the pool");
 
-        let db_context =
-            DbContext { events_tx: self.events_tx.clone(), conn: ConnectionOrTx::Connection(conn) };
+        let db_context = DbContext {
+            _events_tx: self.events_tx.clone(),
+            conn: ConnectionOrTx::Connection(conn),
+        };
 
         func(&db_context)
     }
@@ -62,8 +64,10 @@ impl QueryManager {
             .transaction_with_behavior(TransactionBehavior::Immediate)
             .expect("Failed to start DB transaction");
 
-        let db_context =
-            DbContext { events_tx: self.events_tx.clone(), conn: ConnectionOrTx::Transaction(&tx) };
+        let db_context = DbContext {
+            _events_tx: self.events_tx.clone(),
+            conn: ConnectionOrTx::Transaction(&tx),
+        };
 
         match func(&db_context) {
             Ok(val) => {

crates/yaak-plugins/Cargo.toml

@@ -15,7 +15,6 @@ log = { workspace = true }
 md5 = "0.7.0"
 path-slash = "0.2.1"
 rand = "0.9.0"
-regex = "1.10.6"
 reqwest = { workspace = true, features = ["json"] }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }

crates/yaak-plugins/src/events.rs

@@ -163,8 +163,8 @@ pub enum InternalEventPayload {
     WindowInfoRequest(WindowInfoRequest),
     WindowInfoResponse(WindowInfoResponse),
 
-    ListWorkspacesRequest(ListWorkspacesRequest),
-    ListWorkspacesResponse(ListWorkspacesResponse),
+    ListOpenWorkspacesRequest(ListOpenWorkspacesRequest),
+    ListOpenWorkspacesResponse(ListOpenWorkspacesResponse),
 
     GetHttpRequestByIdRequest(GetHttpRequestByIdRequest),
     GetHttpRequestByIdResponse(GetHttpRequestByIdResponse),
@@ -631,12 +631,12 @@ pub struct WindowInfoResponse {
 #[derive(Debug, Clone, Default, Serialize, Deserialize, TS)]
 #[serde(default, rename_all = "camelCase")]
 #[ts(export, export_to = "gen_events.ts")]
-pub struct ListWorkspacesRequest {}
+pub struct ListOpenWorkspacesRequest {}
 
 #[derive(Debug, Clone, Default, Serialize, Deserialize, TS)]
 #[serde(default, rename_all = "camelCase")]
 #[ts(export, export_to = "gen_events.ts")]
-pub struct ListWorkspacesResponse {
+pub struct ListOpenWorkspacesResponse {
     pub workspaces: Vec<WorkspaceInfo>,
 }
 

crates/yaak-plugins/src/manager.rs

@@ -34,7 +34,8 @@ use tokio::sync::mpsc::error::TrySendError;
 use tokio::sync::{Mutex, mpsc, oneshot};
 use tokio::time::{Instant, timeout};
 use yaak_models::models::Plugin;
-use yaak_models::util::generate_id;
+use yaak_models::query_manager::QueryManager;
+use yaak_models::util::{UpdateSource, generate_id};
 use yaak_templates::error::Error::RenderError;
 use yaak_templates::error::Result as TemplateResult;
 
@@ -61,14 +62,18 @@ impl PluginManager {
     /// * `installed_plugin_dir` - Path to installed plugins directory
     /// * `node_bin_path` - Path to the yaaknode binary
     /// * `plugin_runtime_main` - Path to the plugin runtime index.cjs
+    /// * `query_manager` - Query manager for bundled plugin registration and loading
+    /// * `plugin_context` - Context to use while initializing plugins
     /// * `dev_mode` - Whether the app is in dev mode (affects plugin loading)
     pub async fn new(
         vendored_plugin_dir: PathBuf,
         installed_plugin_dir: PathBuf,
         node_bin_path: PathBuf,
         plugin_runtime_main: PathBuf,
+        query_manager: &QueryManager,
+        plugin_context: &PluginContext,
         dev_mode: bool,
-    ) -> PluginManager {
+    ) -> Result<PluginManager> {
         let (events_tx, mut events_rx) = mpsc::channel(2048);
         let (kill_server_tx, kill_server_rx) = tokio::sync::watch::channel(false);
         let (killed_tx, killed_rx) = oneshot::channel();
@@ -151,12 +156,40 @@ impl PluginManager {
             &kill_server_rx,
             killed_tx,
         )
-        .await
-        .unwrap();
+        .await?;
         info!("Waiting for plugins to initialize");
-        init_plugins_task.await.unwrap();
+        init_plugins_task.await.map_err(|e| PluginErr(e.to_string()))?;
 
-        plugin_manager
+        let bundled_dirs = plugin_manager.list_bundled_plugin_dirs().await?;
+        let db = query_manager.connect();
+        for dir in bundled_dirs {
+            if db.get_plugin_by_directory(&dir).is_none() {
+                db.upsert_plugin(
+                    &Plugin {
+                        directory: dir,
+                        enabled: true,
+                        url: None,
+                        ..Default::default()
+                    },
+                    &UpdateSource::Background,
+                )?;
+            }
+        }
+
+        let plugins = db.list_plugins()?;
+        drop(db);
+
+        let init_errors = plugin_manager.initialize_all_plugins(plugins, plugin_context).await;
+        if !init_errors.is_empty() {
+            let joined = init_errors
+                .into_iter()
+                .map(|(dir, err)| format!("{dir}: {err}"))
+                .collect::<Vec<_>>()
+                .join("; ");
+            return Err(PluginErr(format!("Failed to initialize plugin(s): {joined}")));
+        }
+
+        Ok(plugin_manager)
     }
 
     /// Get the vendored plugin directory path (resolves dev mode path if applicable)
@@ -1048,16 +1081,10 @@ async fn read_plugins_dir(dir: &PathBuf) -> Result<Vec<String>> {
 fn fix_windows_paths(p: &PathBuf) -> String {
     use dunce;
     use path_slash::PathBufExt;
-    use regex::Regex;
 
-    // 1. Remove UNC prefix for Windows paths to pass to sidecar
-    let safe_path = dunce::simplified(p.as_path()).to_string_lossy().to_string();
+    // 1. Remove UNC prefix for Windows paths
+    let safe_path = dunce::simplified(p.as_path());
 
-    // 2. Remove the drive letter
-    let safe_path = Regex::new("^[a-zA-Z]:").unwrap().replace(safe_path.as_str(), "");
-
-    // 3. Convert backslashes to forward
-    let safe_path = PathBuf::from(safe_path.to_string()).to_slash_lossy().to_string();
-
-    safe_path
+    // 2. Convert backslashes to forward slashes for Node.js compatibility
+    PathBuf::from(safe_path).to_slash_lossy().to_string()
 }

crates/yaak-plugins/src/nodejs.rs

@@ -68,7 +68,9 @@ pub async fn start_nodejs_plugin_runtime(
     // Handle kill signal
     let mut kill_rx = kill_rx.clone();
     tokio::spawn(async move {
-        kill_rx.wait_for(|b| *b == true).await.expect("Kill channel errored");
+        if kill_rx.wait_for(|b| *b == true).await.is_err() {
+            warn!("Kill channel closed before explicit shutdown; terminating plugin runtime");
+        }
         info!("Killing plugin runtime");
         if let Err(e) = child.kill().await {
             warn!("Failed to kill plugin runtime: {e}");

crates/yaak-templates/pkg/yaak_templates.d.ts

@@ -1,5 +1,5 @@
 /* tslint:disable */
 /* eslint-disable */
-export function unescape_template(template: string): any;
-export function parse_template(template: string): any;
 export function escape_template(template: string): any;
+export function parse_template(template: string): any;
+export function unescape_template(template: string): any;

crates/yaak-templates/pkg/yaak_templates_bg.js

@@ -165,10 +165,10 @@ function takeFromExternrefTable0(idx) {
  * @param {string} template
  * @returns {any}
  */
-export function unescape_template(template) {
+export function escape_template(template) {
     const ptr0 = passStringToWasm0(template, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
     const len0 = WASM_VECTOR_LEN;
-    const ret = wasm.unescape_template(ptr0, len0);
+    const ret = wasm.escape_template(ptr0, len0);
     if (ret[2]) {
         throw takeFromExternrefTable0(ret[1]);
     }
@@ -193,10 +193,10 @@ export function parse_template(template) {
  * @param {string} template
  * @returns {any}
  */
-export function escape_template(template) {
+export function unescape_template(template) {
     const ptr0 = passStringToWasm0(template, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
     const len0 = WASM_VECTOR_LEN;
-    const ret = wasm.escape_template(ptr0, len0);
+    const ret = wasm.unescape_template(ptr0, len0);
     if (ret[2]) {
         throw takeFromExternrefTable0(ret[1]);
     }

crates/yaak-tls/src/lib.rs

@@ -273,6 +273,5 @@ pub fn find_client_certificate(
         });
     }
 
-    debug!("No matching client certificate found for {}", url_string);
     None
 }

crates/yaak/Cargo.toml

@@ -0,0 +1,22 @@
+[package]
+name = "yaak"
+version = "0.1.0"
+edition = "2024"
+publish = false
+
+[dependencies]
+async-trait = "0.1"
+log = { workspace = true }
+md5 = "0.8.0"
+serde_json = { workspace = true }
+thiserror = { workspace = true }
+tokio = { workspace = true, features = ["sync", "rt"] }
+yaak-http = { workspace = true }
+yaak-crypto = { workspace = true }
+yaak-models = { workspace = true }
+yaak-plugins = { workspace = true }
+yaak-templates = { workspace = true }
+yaak-tls = { workspace = true }
+
+[dev-dependencies]
+tempfile = "3"

crates/yaak/src/error.rs

@@ -0,0 +1,9 @@
+use thiserror::Error;
+
+#[derive(Debug, Error)]
+pub enum Error {
+    #[error(transparent)]
+    Send(#[from] crate::send::SendHttpRequestError),
+}
+
+pub type Result<T> = std::result::Result<T, Error>;

crates/yaak/src/lib.rs

@@ -0,0 +1,7 @@
+pub mod error;
+pub mod plugin_events;
+pub mod render;
+pub mod send;
+
+pub use error::Error;
+pub type Result<T> = error::Result<T>;

crates/yaak/src/plugin_events.rs

@@ -0,0 +1,416 @@
+use yaak_models::query_manager::QueryManager;
+use yaak_plugins::events::{
+    CloseWindowRequest, CopyTextRequest, DeleteKeyValueRequest, DeleteKeyValueResponse,
+    DeleteModelRequest, ErrorResponse, FindHttpResponsesRequest, GetCookieValueRequest,
+    GetHttpRequestByIdRequest, GetHttpRequestByIdResponse, GetKeyValueRequest, GetKeyValueResponse,
+    InternalEventPayload, ListCookieNamesRequest, ListFoldersRequest, ListFoldersResponse,
+    ListHttpRequestsRequest, ListHttpRequestsResponse, ListOpenWorkspacesRequest,
+    OpenExternalUrlRequest, OpenWindowRequest, PromptFormRequest, PromptTextRequest,
+    ReloadResponse, RenderGrpcRequestRequest, RenderHttpRequestRequest, SendHttpRequestRequest,
+    SetKeyValueRequest, ShowToastRequest, TemplateRenderRequest, UpsertModelRequest,
+    WindowInfoRequest,
+};
+
+pub struct SharedPluginEventContext<'a> {
+    pub plugin_name: &'a str,
+    pub workspace_id: Option<&'a str>,
+}
+
+#[derive(Debug)]
+pub enum GroupedPluginEvent<'a> {
+    Handled(Option<InternalEventPayload>),
+    ToHandle(HostRequest<'a>),
+}
+
+#[derive(Debug)]
+pub enum GroupedPluginRequest<'a> {
+    Shared(SharedRequest<'a>),
+    Host(HostRequest<'a>),
+    Ignore,
+}
+
+#[derive(Debug)]
+pub enum SharedRequest<'a> {
+    GetKeyValue(&'a GetKeyValueRequest),
+    SetKeyValue(&'a SetKeyValueRequest),
+    DeleteKeyValue(&'a DeleteKeyValueRequest),
+    GetHttpRequestById(&'a GetHttpRequestByIdRequest),
+    ListFolders(&'a ListFoldersRequest),
+    ListHttpRequests(&'a ListHttpRequestsRequest),
+}
+
+#[derive(Debug)]
+pub enum HostRequest<'a> {
+    ShowToast(&'a ShowToastRequest),
+    CopyText(&'a CopyTextRequest),
+    PromptText(&'a PromptTextRequest),
+    PromptForm(&'a PromptFormRequest),
+    FindHttpResponses(&'a FindHttpResponsesRequest),
+    UpsertModel(&'a UpsertModelRequest),
+    DeleteModel(&'a DeleteModelRequest),
+    RenderGrpcRequest(&'a RenderGrpcRequestRequest),
+    RenderHttpRequest(&'a RenderHttpRequestRequest),
+    TemplateRender(&'a TemplateRenderRequest),
+    SendHttpRequest(&'a SendHttpRequestRequest),
+    OpenWindow(&'a OpenWindowRequest),
+    CloseWindow(&'a CloseWindowRequest),
+    OpenExternalUrl(&'a OpenExternalUrlRequest),
+    ListOpenWorkspaces(&'a ListOpenWorkspacesRequest),
+    ListCookieNames(&'a ListCookieNamesRequest),
+    GetCookieValue(&'a GetCookieValueRequest),
+    WindowInfo(&'a WindowInfoRequest),
+    ErrorResponse(&'a ErrorResponse),
+    ReloadResponse(&'a ReloadResponse),
+    OtherRequest(&'a InternalEventPayload),
+}
+
+impl HostRequest<'_> {
+    pub fn type_name(&self) -> String {
+        match self {
+            HostRequest::ShowToast(_) => "show_toast_request".to_string(),
+            HostRequest::CopyText(_) => "copy_text_request".to_string(),
+            HostRequest::PromptText(_) => "prompt_text_request".to_string(),
+            HostRequest::PromptForm(_) => "prompt_form_request".to_string(),
+            HostRequest::FindHttpResponses(_) => "find_http_responses_request".to_string(),
+            HostRequest::UpsertModel(_) => "upsert_model_request".to_string(),
+            HostRequest::DeleteModel(_) => "delete_model_request".to_string(),
+            HostRequest::RenderGrpcRequest(_) => "render_grpc_request_request".to_string(),
+            HostRequest::RenderHttpRequest(_) => "render_http_request_request".to_string(),
+            HostRequest::TemplateRender(_) => "template_render_request".to_string(),
+            HostRequest::SendHttpRequest(_) => "send_http_request_request".to_string(),
+            HostRequest::OpenWindow(_) => "open_window_request".to_string(),
+            HostRequest::CloseWindow(_) => "close_window_request".to_string(),
+            HostRequest::OpenExternalUrl(_) => "open_external_url_request".to_string(),
+            HostRequest::ListOpenWorkspaces(_) => "list_open_workspaces_request".to_string(),
+            HostRequest::ListCookieNames(_) => "list_cookie_names_request".to_string(),
+            HostRequest::GetCookieValue(_) => "get_cookie_value_request".to_string(),
+            HostRequest::WindowInfo(_) => "window_info_request".to_string(),
+            HostRequest::ErrorResponse(_) => "error_response".to_string(),
+            HostRequest::ReloadResponse(_) => "reload_response".to_string(),
+            HostRequest::OtherRequest(payload) => payload.type_name(),
+        }
+    }
+}
+
+impl<'a> From<&'a InternalEventPayload> for GroupedPluginRequest<'a> {
+    fn from(payload: &'a InternalEventPayload) -> Self {
+        match payload {
+            InternalEventPayload::GetKeyValueRequest(req) => {
+                GroupedPluginRequest::Shared(SharedRequest::GetKeyValue(req))
+            }
+            InternalEventPayload::SetKeyValueRequest(req) => {
+                GroupedPluginRequest::Shared(SharedRequest::SetKeyValue(req))
+            }
+            InternalEventPayload::DeleteKeyValueRequest(req) => {
+                GroupedPluginRequest::Shared(SharedRequest::DeleteKeyValue(req))
+            }
+            InternalEventPayload::GetHttpRequestByIdRequest(req) => {
+                GroupedPluginRequest::Shared(SharedRequest::GetHttpRequestById(req))
+            }
+            InternalEventPayload::ErrorResponse(resp) => {
+                GroupedPluginRequest::Host(HostRequest::ErrorResponse(resp))
+            }
+            InternalEventPayload::ReloadResponse(req) => {
+                GroupedPluginRequest::Host(HostRequest::ReloadResponse(req))
+            }
+            InternalEventPayload::ListOpenWorkspacesRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::ListOpenWorkspaces(req))
+            }
+            InternalEventPayload::ListFoldersRequest(req) => {
+                GroupedPluginRequest::Shared(SharedRequest::ListFolders(req))
+            }
+            InternalEventPayload::ListHttpRequestsRequest(req) => {
+                GroupedPluginRequest::Shared(SharedRequest::ListHttpRequests(req))
+            }
+            InternalEventPayload::ShowToastRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::ShowToast(req))
+            }
+            InternalEventPayload::CopyTextRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::CopyText(req))
+            }
+            InternalEventPayload::PromptTextRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::PromptText(req))
+            }
+            InternalEventPayload::PromptFormRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::PromptForm(req))
+            }
+            InternalEventPayload::FindHttpResponsesRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::FindHttpResponses(req))
+            }
+            InternalEventPayload::UpsertModelRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::UpsertModel(req))
+            }
+            InternalEventPayload::DeleteModelRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::DeleteModel(req))
+            }
+            InternalEventPayload::RenderGrpcRequestRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::RenderGrpcRequest(req))
+            }
+            InternalEventPayload::RenderHttpRequestRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::RenderHttpRequest(req))
+            }
+            InternalEventPayload::TemplateRenderRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::TemplateRender(req))
+            }
+            InternalEventPayload::SendHttpRequestRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::SendHttpRequest(req))
+            }
+            InternalEventPayload::OpenWindowRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::OpenWindow(req))
+            }
+            InternalEventPayload::CloseWindowRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::CloseWindow(req))
+            }
+            InternalEventPayload::OpenExternalUrlRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::OpenExternalUrl(req))
+            }
+            InternalEventPayload::ListCookieNamesRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::ListCookieNames(req))
+            }
+            InternalEventPayload::GetCookieValueRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::GetCookieValue(req))
+            }
+            InternalEventPayload::WindowInfoRequest(req) => {
+                GroupedPluginRequest::Host(HostRequest::WindowInfo(req))
+            }
+            payload if payload.type_name().ends_with("_request") => {
+                GroupedPluginRequest::Host(HostRequest::OtherRequest(payload))
+            }
+            _ => GroupedPluginRequest::Ignore,
+        }
+    }
+}
+
+pub fn handle_shared_plugin_event<'a>(
+    query_manager: &QueryManager,
+    payload: &'a InternalEventPayload,
+    context: SharedPluginEventContext<'_>,
+) -> GroupedPluginEvent<'a> {
+    match GroupedPluginRequest::from(payload) {
+        GroupedPluginRequest::Shared(req) => {
+            GroupedPluginEvent::Handled(Some(build_shared_reply(query_manager, req, context)))
+        }
+        GroupedPluginRequest::Host(req) => GroupedPluginEvent::ToHandle(req),
+        GroupedPluginRequest::Ignore => GroupedPluginEvent::Handled(None),
+    }
+}
+
+fn build_shared_reply(
+    query_manager: &QueryManager,
+    request: SharedRequest<'_>,
+    context: SharedPluginEventContext<'_>,
+) -> InternalEventPayload {
+    match request {
+        SharedRequest::GetKeyValue(req) => {
+            let value = query_manager
+                .connect()
+                .get_plugin_key_value(context.plugin_name, &req.key)
+                .map(|v| v.value);
+            InternalEventPayload::GetKeyValueResponse(GetKeyValueResponse { value })
+        }
+        SharedRequest::SetKeyValue(req) => {
+            query_manager.connect().set_plugin_key_value(context.plugin_name, &req.key, &req.value);
+            InternalEventPayload::SetKeyValueResponse(yaak_plugins::events::SetKeyValueResponse {})
+        }
+        SharedRequest::DeleteKeyValue(req) => {
+            match query_manager.connect().delete_plugin_key_value(context.plugin_name, &req.key) {
+                Ok(deleted) => {
+                    InternalEventPayload::DeleteKeyValueResponse(DeleteKeyValueResponse { deleted })
+                }
+                Err(err) => InternalEventPayload::ErrorResponse(ErrorResponse {
+                    error: format!("Failed to delete plugin key '{}' : {err}", req.key),
+                }),
+            }
+        }
+        SharedRequest::GetHttpRequestById(req) => {
+            let http_request = query_manager.connect().get_http_request(&req.id).ok();
+            InternalEventPayload::GetHttpRequestByIdResponse(GetHttpRequestByIdResponse {
+                http_request,
+            })
+        }
+        SharedRequest::ListFolders(_) => {
+            let Some(workspace_id) = context.workspace_id else {
+                return InternalEventPayload::ErrorResponse(ErrorResponse {
+                    error: "workspace_id is required for list_folders_request".to_string(),
+                });
+            };
+            let folders = match query_manager.connect().list_folders(workspace_id) {
+                Ok(folders) => folders,
+                Err(err) => {
+                    return InternalEventPayload::ErrorResponse(ErrorResponse {
+                        error: format!("Failed to list folders: {err}"),
+                    });
+                }
+            };
+            InternalEventPayload::ListFoldersResponse(ListFoldersResponse { folders })
+        }
+        SharedRequest::ListHttpRequests(req) => {
+            let http_requests = if let Some(folder_id) = req.folder_id.as_deref() {
+                match query_manager.connect().list_http_requests_for_folder_recursive(folder_id) {
+                    Ok(http_requests) => http_requests,
+                    Err(err) => {
+                        return InternalEventPayload::ErrorResponse(ErrorResponse {
+                            error: format!("Failed to list HTTP requests for folder: {err}"),
+                        });
+                    }
+                }
+            } else {
+                let Some(workspace_id) = context.workspace_id else {
+                    return InternalEventPayload::ErrorResponse(ErrorResponse {
+                        error:
+                            "workspace_id is required for list_http_requests_request without folder_id"
+                                .to_string(),
+                    });
+                };
+                match query_manager.connect().list_http_requests(workspace_id) {
+                    Ok(http_requests) => http_requests,
+                    Err(err) => {
+                        return InternalEventPayload::ErrorResponse(ErrorResponse {
+                            error: format!("Failed to list HTTP requests: {err}"),
+                        });
+                    }
+                }
+            };
+            InternalEventPayload::ListHttpRequestsResponse(ListHttpRequestsResponse {
+                http_requests,
+            })
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use yaak_models::models::{Folder, HttpRequest, Workspace};
+    use yaak_models::util::UpdateSource;
+
+    fn seed_query_manager() -> QueryManager {
+        let temp_dir = tempfile::TempDir::new().expect("Failed to create temp dir");
+        let db_path = temp_dir.path().join("db.sqlite");
+        let blob_path = temp_dir.path().join("blobs.sqlite");
+        let (query_manager, _blob_manager, _rx) =
+            yaak_models::init_standalone(&db_path, &blob_path).expect("Failed to initialize DB");
+
+        query_manager
+            .connect()
+            .upsert_workspace(
+                &Workspace {
+                    id: "wk_test".to_string(),
+                    name: "Workspace".to_string(),
+                    ..Default::default()
+                },
+                &UpdateSource::Sync,
+            )
+            .expect("Failed to seed workspace");
+
+        query_manager
+            .connect()
+            .upsert_folder(
+                &Folder {
+                    id: "fl_test".to_string(),
+                    workspace_id: "wk_test".to_string(),
+                    name: "Folder".to_string(),
+                    ..Default::default()
+                },
+                &UpdateSource::Sync,
+            )
+            .expect("Failed to seed folder");
+
+        query_manager
+            .connect()
+            .upsert_http_request(
+                &HttpRequest {
+                    id: "rq_test".to_string(),
+                    workspace_id: "wk_test".to_string(),
+                    folder_id: Some("fl_test".to_string()),
+                    name: "Request".to_string(),
+                    method: "GET".to_string(),
+                    url: "https://example.com".to_string(),
+                    ..Default::default()
+                },
+                &UpdateSource::Sync,
+            )
+            .expect("Failed to seed request");
+
+        query_manager
+    }
+
+    #[test]
+    fn list_requests_requires_workspace_when_folder_missing() {
+        let query_manager = seed_query_manager();
+        let payload = InternalEventPayload::ListHttpRequestsRequest(
+            yaak_plugins::events::ListHttpRequestsRequest { folder_id: None },
+        );
+        let result = handle_shared_plugin_event(
+            &query_manager,
+            &payload,
+            SharedPluginEventContext { plugin_name: "@yaak/test", workspace_id: None },
+        );
+
+        assert!(matches!(
+            result,
+            GroupedPluginEvent::Handled(Some(InternalEventPayload::ErrorResponse(_)))
+        ));
+    }
+
+    #[test]
+    fn list_requests_by_workspace_and_folder() {
+        let query_manager = seed_query_manager();
+
+        let by_workspace_payload = InternalEventPayload::ListHttpRequestsRequest(
+            yaak_plugins::events::ListHttpRequestsRequest { folder_id: None },
+        );
+        let by_workspace = handle_shared_plugin_event(
+            &query_manager,
+            &by_workspace_payload,
+            SharedPluginEventContext { plugin_name: "@yaak/test", workspace_id: Some("wk_test") },
+        );
+        match by_workspace {
+            GroupedPluginEvent::Handled(Some(InternalEventPayload::ListHttpRequestsResponse(
+                resp,
+            ))) => {
+                assert_eq!(resp.http_requests.len(), 1);
+            }
+            other => panic!("unexpected workspace response: {other:?}"),
+        }
+
+        let by_folder_payload = InternalEventPayload::ListHttpRequestsRequest(
+            yaak_plugins::events::ListHttpRequestsRequest {
+                folder_id: Some("fl_test".to_string()),
+            },
+        );
+        let by_folder = handle_shared_plugin_event(
+            &query_manager,
+            &by_folder_payload,
+            SharedPluginEventContext { plugin_name: "@yaak/test", workspace_id: None },
+        );
+        match by_folder {
+            GroupedPluginEvent::Handled(Some(InternalEventPayload::ListHttpRequestsResponse(
+                resp,
+            ))) => {
+                assert_eq!(resp.http_requests.len(), 1);
+            }
+            other => panic!("unexpected folder response: {other:?}"),
+        }
+    }
+
+    #[test]
+    fn host_request_classification_works() {
+        let query_manager = seed_query_manager();
+        let payload = InternalEventPayload::WindowInfoRequest(WindowInfoRequest {
+            label: "main".to_string(),
+        });
+        let result = handle_shared_plugin_event(
+            &query_manager,
+            &payload,
+            SharedPluginEventContext { plugin_name: "@yaak/test", workspace_id: None },
+        );
+
+        match result {
+            GroupedPluginEvent::ToHandle(HostRequest::WindowInfo(req)) => {
+                assert_eq!(req.label, "main")
+            }
+            other => panic!("unexpected host classification: {other:?}"),
+        }
+    }
+}

crates/yaak/src/render.rs

@@ -0,0 +1,157 @@
+use log::info;
+use serde_json::Value;
+use std::collections::BTreeMap;
+use yaak_http::path_placeholders::apply_path_placeholders;
+use yaak_models::models::{Environment, HttpRequest, HttpRequestHeader, HttpUrlParameter};
+use yaak_models::render::make_vars_hashmap;
+use yaak_templates::{RenderOptions, TemplateCallback, parse_and_render, render_json_value_raw};
+
+pub async fn render_http_request<T: TemplateCallback>(
+    request: &HttpRequest,
+    environment_chain: Vec<Environment>,
+    callback: &T,
+    options: &RenderOptions,
+) -> yaak_templates::error::Result<HttpRequest> {
+    let vars = &make_vars_hashmap(environment_chain);
+
+    let mut url_parameters = Vec::new();
+    for parameter in request.url_parameters.clone() {
+        if !parameter.enabled {
+            continue;
+        }
+
+        url_parameters.push(HttpUrlParameter {
+            enabled: parameter.enabled,
+            name: parse_and_render(parameter.name.as_str(), vars, callback, options).await?,
+            value: parse_and_render(parameter.value.as_str(), vars, callback, options).await?,
+            id: parameter.id,
+        })
+    }
+
+    let mut headers = Vec::new();
+    for header in request.headers.clone() {
+        if !header.enabled {
+            continue;
+        }
+
+        headers.push(HttpRequestHeader {
+            enabled: header.enabled,
+            name: parse_and_render(header.name.as_str(), vars, callback, options).await?,
+            value: parse_and_render(header.value.as_str(), vars, callback, options).await?,
+            id: header.id,
+        })
+    }
+
+    let mut body = BTreeMap::new();
+    for (key, value) in request.body.clone() {
+        let value = if key == "form" { strip_disabled_form_entries(value) } else { value };
+        body.insert(key, render_json_value_raw(value, vars, callback, options).await?);
+    }
+
+    let authentication = {
+        let mut disabled = false;
+        let mut auth = BTreeMap::new();
+
+        match request.authentication.get("disabled") {
+            Some(Value::Bool(true)) => {
+                disabled = true;
+            }
+            Some(Value::String(template)) => {
+                disabled = parse_and_render(template.as_str(), vars, callback, options)
+                    .await
+                    .unwrap_or_default()
+                    .is_empty();
+                info!(
+                    "Rendering authentication.disabled as a template: {disabled} from \"{template}\""
+                );
+            }
+            _ => {}
+        }
+
+        if disabled {
+            auth.insert("disabled".to_string(), Value::Bool(true));
+        } else {
+            for (key, value) in request.authentication.clone() {
+                if key == "disabled" {
+                    auth.insert(key, Value::Bool(false));
+                } else {
+                    auth.insert(key, render_json_value_raw(value, vars, callback, options).await?);
+                }
+            }
+        }
+
+        auth
+    };
+
+    let url = parse_and_render(request.url.clone().as_str(), vars, callback, options).await?;
+    let (url, url_parameters) = apply_path_placeholders(&url, &url_parameters);
+
+    Ok(HttpRequest { url, url_parameters, headers, body, authentication, ..request.to_owned() })
+}
+
+fn strip_disabled_form_entries(v: Value) -> Value {
+    match v {
+        Value::Array(items) => Value::Array(
+            items
+                .into_iter()
+                .filter(|item| item.get("enabled").and_then(|e| e.as_bool()).unwrap_or(true))
+                .collect(),
+        ),
+        v => v,
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use serde_json::json;
+
+    #[test]
+    fn test_strip_disabled_form_entries() {
+        let input = json!([
+            {"enabled": true, "name": "foo", "value": "bar"},
+            {"enabled": false, "name": "disabled", "value": "gone"},
+            {"enabled": true, "name": "baz", "value": "qux"},
+        ]);
+        let result = strip_disabled_form_entries(input);
+        assert_eq!(
+            result,
+            json!([
+                {"enabled": true, "name": "foo", "value": "bar"},
+                {"enabled": true, "name": "baz", "value": "qux"},
+            ])
+        );
+    }
+
+    #[test]
+    fn test_strip_disabled_form_entries_all_disabled() {
+        let input = json!([
+            {"enabled": false, "name": "a", "value": "b"},
+            {"enabled": false, "name": "c", "value": "d"},
+        ]);
+        let result = strip_disabled_form_entries(input);
+        assert_eq!(result, json!([]));
+    }
+
+    #[test]
+    fn test_strip_disabled_form_entries_missing_enabled_defaults_to_kept() {
+        let input = json!([
+            {"name": "no_enabled_field", "value": "kept"},
+            {"enabled": false, "name": "disabled", "value": "gone"},
+        ]);
+        let result = strip_disabled_form_entries(input);
+        assert_eq!(
+            result,
+            json!([
+                {"name": "no_enabled_field", "value": "kept"},
+            ])
+        );
+    }
+
+    #[test]
+    fn test_strip_disabled_form_entries_non_array_passthrough() {
+        let input = json!("just a string");
+        let result = strip_disabled_form_entries(input.clone());
+        assert_eq!(result, input);
+    }
+}

npm/cli-darwin-arm64/package.json

@@ -0,0 +1,10 @@
+{
+  "name": "@yaakapp/cli-darwin-arm64",
+  "version": "0.0.1",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/mountain-loop/yaak.git"
+  },
+  "os": ["darwin"],
+  "cpu": ["arm64"]
+}

npm/cli-darwin-x64/package.json

@@ -0,0 +1,10 @@
+{
+  "name": "@yaakapp/cli-darwin-x64",
+  "version": "0.0.1",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/mountain-loop/yaak.git"
+  },
+  "os": ["darwin"],
+  "cpu": ["x64"]
+}