release: remove stale windows signatures before machine bundle

release: clean stale windows installers before machine bundle
Port claude skills
2026-02-19 09:07:49 +01:00 · 2026-02-18 16:51:38 -08:00 · 2026-02-18 16:11:08 -08:00 · 2026-02-18 16:04:17 -08:00 · 2026-02-18 07:08:34 -08:00 · 2026-02-18 06:40:09 -08:00
150 changed files with 7785 additions and 1916 deletions
--- a/.claude/commands/release/check-out-pr.md
+++ b/.claude/commands/release/check-out-pr.md
@@ -1,35 +1,46 @@
 ---
 description: Review a PR in a new worktree
-allowed-tools: Bash(git worktree:*), Bash(gh pr:*)
+allowed-tools: Bash(git worktree:*), Bash(gh pr:*), Bash(git branch:*)
 ---
-Review a GitHub pull request in a new git worktree.
+Check out a GitHub pull request for review.
 ## Usage
 ```
-/review-pr <PR_NUMBER>
+/check-out-pr <PR_NUMBER>
 ```
 ## What to do
-1. List all open pull requests and ask the user to select one
+1. If no PR number is provided, list all open pull requests and ask the user to select one
 2. Get PR information using `gh pr view <PR_NUMBER> --json number,headRefName`
-3. Extract the branch name from the PR
+3. **Ask the user** whether they want to:
-4. Create a new worktree at `../yaak-worktrees/pr-<PR_NUMBER>` using `git worktree add` with a timeout of at least 300000ms (5 minutes) since the post-checkout hook runs a bootstrap script
+   - **A) Check out in current directory** — simple `gh pr checkout <PR_NUMBER>`
-5. Checkout the PR branch in the new worktree using `gh pr checkout <PR_NUMBER>`
+   - **B) Create a new worktree** — isolated copy at `../yaak-worktrees/pr-<PR_NUMBER>`
-6. The post-checkout hook will automatically:
+4. Follow the appropriate path below
 ## Option A: Check out in current directory
 1. Run `gh pr checkout <PR_NUMBER>`
 2. Inform the user which branch they're now on
 ## Option B: Create a new worktree
 1. Create a new worktree at `../yaak-worktrees/pr-<PR_NUMBER>` using `git worktree add` with a timeout of at least 300000ms (5 minutes) since the post-checkout hook runs a bootstrap script
 2. Checkout the PR branch in the new worktree using `gh pr checkout <PR_NUMBER>`
 3. The post-checkout hook will automatically:
   - Create `.env.local` with unique ports
   - Copy editor config folders
   - Run `npm install && npm run bootstrap`
-7. Inform the user:
+4. Inform the user:
   - Where the worktree was created
   - What ports were assigned
   - How to access it (cd command)
   - How to run the dev server
   - How to remove the worktree when done
-## Example Output
+### Example worktree output
 ```
 Created worktree for PR #123 at ../yaak-worktrees/pr-123
--- a/.claude/commands/release/generate-release-notes.md
+++ b/.claude/commands/release/generate-release-notes.md
@@ -43,5 +43,7 @@ The skill generates markdown-formatted release notes following this structure:
 After outputting the release notes, ask the user if they would like to create a draft GitHub release with these notes. If they confirm, create the release using:
 ```bash
-gh release create <tag> --draft --prerelease --title "<tag>" --notes '<release notes>'
+gh release create <tag> --draft --prerelease --title "Release <version>" --notes '<release notes>'
 ```
 **IMPORTANT**: The release title format is "Release XXXX" where XXXX is the version WITHOUT the `v` prefix. For example, tag `v2026.2.1-beta.1` gets title "Release 2026.2.1-beta.1".
--- a/.codex/skills/release-check-out-pr/SKILL.md
+++ b/.codex/skills/release-check-out-pr/SKILL.md
@@ -0,0 +1,46 @@
 ---
 name: release-check-out-pr
 description: Check out a GitHub pull request for review in this repo, either in the current directory or in a new isolated worktree at ../yaak-worktrees/pr-<PR_NUMBER>. Use when asked to run or replace the old Claude check-out-pr command.
 ---
 # Check Out PR
 Check out a PR by number and let the user choose between current-directory checkout and isolated worktree checkout.
 ## Workflow
 1. Confirm `gh` CLI is available.
 2. If no PR number is provided, list open PRs (`gh pr list`) and ask the user to choose one.
 3. Read PR metadata:
   - `gh pr view <PR_NUMBER> --json number,headRefName`
 4. Ask the user to choose:
   - Option A: check out in the current directory
   - Option B: create a new worktree at `../yaak-worktrees/pr-<PR_NUMBER>`
 ## Option A: Current Directory
 1. Run:
   - `gh pr checkout <PR_NUMBER>`
 2. Report the checked-out branch.
 ## Option B: New Worktree
 1. Use path:
   - `../yaak-worktrees/pr-<PR_NUMBER>`
 2. Create the worktree with a timeout of at least 5 minutes because checkout hooks run bootstrap.
 3. In the new worktree, run:
   - `gh pr checkout <PR_NUMBER>`
 4. Report:
   - Worktree path
   - Assigned ports from `.env.local` if present
   - How to start work:
     - `cd ../yaak-worktrees/pr-<PR_NUMBER>`
     - `npm run app-dev`
   - How to remove when done:
     - `git worktree remove ../yaak-worktrees/pr-<PR_NUMBER>`
 ## Error Handling
 - If PR does not exist, show a clear error.
 - If worktree already exists, ask whether to reuse it or remove/recreate it.
 - If `gh` is missing, instruct the user to install/authenticate it.
--- a/.codex/skills/release-generate-release-notes/SKILL.md
+++ b/.codex/skills/release-generate-release-notes/SKILL.md
@@ -0,0 +1,48 @@
 ---
 name: release-generate-release-notes
 description: Generate Yaak release notes from git history and PR metadata, including feedback links and full changelog compare links. Use when asked to run or replace the old Claude generate-release-notes command.
 ---
 # Generate Release Notes
 Generate formatted markdown release notes for a Yaak tag.
 ## Workflow
 1. Determine target tag.
 2. Determine previous comparable tag:
   - Beta tag: compare against previous beta (if the root version is the same) or stable tag.
   - Stable tag: compare against previous stable tag.
 3. Collect commits in range:
   - `git log --oneline <prev_tag>..<target_tag>`
 4. For linked PRs, fetch metadata:
   - `gh pr view <PR_NUMBER> --json number,title,body,author,url`
 5. Extract useful details:
   - Feedback URLs (`feedback.yaak.app`)
   - Plugin install links or other notable context
 6. Format notes using Yaak style:
   - Changelog badge at top
   - Bulleted items with PR links where available
   - Feedback links where available
   - Full changelog compare link at bottom
 ## Formatting Rules
 - Wrap final notes in a markdown code fence.
 - Keep a blank line before and after the code fence.
 - Output the markdown code block last.
 - Do not append `by @gschier` for PRs authored by `@gschier`.
 ## Release Creation Prompt
 After producing notes, ask whether to create a draft GitHub release.
 If confirmed and release does not yet exist, run:
 `gh release create <tag> --draft --prerelease --title "Release <version_without_v>" --notes '<release notes>'`
 If a draft release for the tag already exists, update it instead:
 `gh release edit <tag> --title "Release <version_without_v>" --notes-file <path_to_notes>`
 Use title format `Release <version_without_v>`, e.g. `v2026.2.1-beta.1` -> `Release 2026.2.1-beta.1`.
--- a/.codex/skills/worktree-management/SKILL.md
+++ b/.codex/skills/worktree-management/SKILL.md
@@ -0,0 +1,37 @@
 ---
 name: worktree-management
 description: Manage Yaak git worktrees using the standard ../yaak-worktrees/<NAME> layout, including creation, removal, and expected automatic setup behavior and port assignments.
 ---
 # Worktree Management
 Use the Yaak-standard worktree path layout and lifecycle commands.
 ## Path Convention
 Always create worktrees under:
 `../yaak-worktrees/<NAME>`
 Examples:
 - `git worktree add ../yaak-worktrees/feature-auth`
 - `git worktree add ../yaak-worktrees/bugfix-login`
 - `git worktree add ../yaak-worktrees/refactor-api`
 ## Automatic Setup After Checkout
 Project git hooks automatically:
 1. Create `.env.local` with unique `YAAK_DEV_PORT` and `YAAK_PLUGIN_MCP_SERVER_PORT`
 2. Copy gitignored editor config folders
 3. Run `npm install && npm run bootstrap`
 ## Remove Worktree
 `git worktree remove ../yaak-worktrees/<NAME>`
 ## Port Pattern
 - Main worktree: Vite `1420`, MCP `64343`
 - First extra worktree: `1421`, `64344`
 - Second extra worktree: `1422`, `64345`
 - Continue incrementally for additional worktrees
--- a/.github/workflows/flathub.yml
+++ b/.github/workflows/flathub.yml
@@ -0,0 +1,52 @@
 name: Update Flathub
 on:
  release:
    types: [published]
 permissions:
  contents: read
 jobs:
  update-flathub:
    name: Update Flathub manifest
    runs-on: ubuntu-latest
    # Only run for stable releases (skip betas/pre-releases)
    if: ${{ !github.event.release.prerelease }}
    steps:
      - name: Checkout app repo
        uses: actions/checkout@v4
      - name: Checkout Flathub repo
        uses: actions/checkout@v4
        with:
          repository: flathub/app.yaak.Yaak
          token: ${{ secrets.FLATHUB_TOKEN }}
          path: flathub-repo
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "22"
      - name: Install source generators
        run: |
          pip install flatpak-node-generator tomlkit aiohttp
          git clone --depth 1 https://github.com/flatpak/flatpak-builder-tools flatpak/flatpak-builder-tools
      - name: Run update-manifest.sh
        run: bash flatpak/update-manifest.sh "${{ github.event.release.tag_name }}" flathub-repo
      - name: Commit and push to Flathub
        working-directory: flathub-repo
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git add -A
          git diff --cached --quiet && echo "No changes to commit" && exit 0
          git commit -m "Update to ${{ github.event.release.tag_name }}"
          git push
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -153,3 +153,27 @@ jobs:
          releaseDraft: true
          prerelease: true
          args: "${{ matrix.args }} --config ./crates-tauri/yaak-app/tauri.release.conf.json"
      # Build a per-machine NSIS installer for enterprise deployment (PDQ, SCCM, Intune)
      - name: Build and upload machine-wide installer (Windows only)
        if: matrix.os == 'windows'
        shell: pwsh
        env:
          YAAK_TARGET_ARCH: ${{ matrix.yaak_arch }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
        run: |
          Get-ChildItem -Recurse -Path target -File -Filter "*.exe.sig" | Remove-Item -Force
          npx tauri bundle ${{ matrix.args }} --bundles nsis --config ./crates-tauri/yaak-app/tauri.release.conf.json --config '{"bundle":{"createUpdaterArtifacts":true,"windows":{"nsis":{"installMode":"perMachine"}}}}'
          $setup = Get-ChildItem -Recurse -Path target -Filter "*setup*.exe" | Select-Object -First 1
          $setupSig = "$($setup.FullName).sig"
          $dest = $setup.FullName -replace '-setup\.exe$', '-setup-machine.exe'
          $destSig = "$dest.sig"
          Copy-Item $setup.FullName $dest
          Copy-Item $setupSig $destSig
          gh release upload "${{ github.ref_name }}" "$dest" --clobber
          gh release upload "${{ github.ref_name }}" "$destSig" --clobber
--- a/.gitignore
+++ b/.gitignore
@@ -44,3 +44,13 @@ crates-tauri/yaak-app/tauri.worktree.conf.json
 # Tauri auto-generated permission files
 **/permissions/autogenerated
 **/permissions/schemas
 # Flatpak build artifacts
 flatpak-repo/
 .flatpak-builder/
 flatpak/flatpak-builder-tools/
 flatpak/cargo-sources.json
 flatpak/node-sources.json
 # Local Codex desktop env state
 .codex/environments/environment.toml
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,7 @@
 [workspace]
 resolver = "2"
 members = [
    "crates/yaak",
    # Shared crates (no Tauri dependency)
    "crates/yaak-core",
    "crates/yaak-common",
@@ -15,6 +16,7 @@ members = [
    "crates/yaak-templates",
    "crates/yaak-tls",
    "crates/yaak-ws",
    "crates/yaak-api",
    # CLI crates
    "crates-cli/yaak-cli",
    # Tauri-specific crates
@@ -46,6 +48,7 @@ ts-rs = "11.1.0"
 # Internal crates - shared
 yaak-core = { path = "crates/yaak-core" }
 yaak = { path = "crates/yaak" }
 yaak-common = { path = "crates/yaak-common" }
 yaak-crypto = { path = "crates/yaak-crypto" }
 yaak-git = { path = "crates/yaak-git" }
@@ -58,6 +61,7 @@ yaak-sync = { path = "crates/yaak-sync" }
 yaak-templates = { path = "crates/yaak-templates" }
 yaak-tls = { path = "crates/yaak-tls" }
 yaak-ws = { path = "crates/yaak-ws" }
 yaak-api = { path = "crates/yaak-api" }
 # Internal crates - Tauri-specific
 yaak-fonts = { path = "crates-tauri/yaak-fonts" }
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@
  <!-- sponsors-premium --><a href="https://github.com/MVST-Solutions"><img src="https:&#x2F;&#x2F;github.com&#x2F;MVST-Solutions.png" width="80px" alt="User avatar: MVST-Solutions" /></a>&nbsp;&nbsp;<a href="https://github.com/dharsanb"><img src="https:&#x2F;&#x2F;github.com&#x2F;dharsanb.png" width="80px" alt="User avatar: dharsanb" /></a>&nbsp;&nbsp;<a href="https://github.com/railwayapp"><img src="https:&#x2F;&#x2F;github.com&#x2F;railwayapp.png" width="80px" alt="User avatar: railwayapp" /></a>&nbsp;&nbsp;<a href="https://github.com/caseyamcl"><img src="https:&#x2F;&#x2F;github.com&#x2F;caseyamcl.png" width="80px" alt="User avatar: caseyamcl" /></a>&nbsp;&nbsp;<a href="https://github.com/bytebase"><img src="https:&#x2F;&#x2F;github.com&#x2F;bytebase.png" width="80px" alt="User avatar: bytebase" /></a>&nbsp;&nbsp;<a href="https://github.com/"><img src="https:&#x2F;&#x2F;raw.githubusercontent.com&#x2F;JamesIves&#x2F;github-sponsors-readme-action&#x2F;dev&#x2F;.github&#x2F;assets&#x2F;placeholder.png" width="80px" alt="User avatar: " /></a>&nbsp;&nbsp;<!-- sponsors-premium -->
 </p>
 <p align="center">
-  <!-- sponsors-base --><a href="https://github.com/seanwash"><img src="https:&#x2F;&#x2F;github.com&#x2F;seanwash.png" width="50px" alt="User avatar: seanwash" /></a>&nbsp;&nbsp;<a href="https://github.com/jerath"><img src="https:&#x2F;&#x2F;github.com&#x2F;jerath.png" width="50px" alt="User avatar: jerath" /></a>&nbsp;&nbsp;<a href="https://github.com/itsa-sh"><img src="https:&#x2F;&#x2F;github.com&#x2F;itsa-sh.png" width="50px" alt="User avatar: itsa-sh" /></a>&nbsp;&nbsp;<a href="https://github.com/dmmulroy"><img src="https:&#x2F;&#x2F;github.com&#x2F;dmmulroy.png" width="50px" alt="User avatar: dmmulroy" /></a>&nbsp;&nbsp;<a href="https://github.com/timcole"><img src="https:&#x2F;&#x2F;github.com&#x2F;timcole.png" width="50px" alt="User avatar: timcole" /></a>&nbsp;&nbsp;<a href="https://github.com/VLZH"><img src="https:&#x2F;&#x2F;github.com&#x2F;VLZH.png" width="50px" alt="User avatar: VLZH" /></a>&nbsp;&nbsp;<a href="https://github.com/terasaka2k"><img src="https:&#x2F;&#x2F;github.com&#x2F;terasaka2k.png" width="50px" alt="User avatar: terasaka2k" /></a>&nbsp;&nbsp;<a href="https://github.com/andriyor"><img src="https:&#x2F;&#x2F;github.com&#x2F;andriyor.png" width="50px" alt="User avatar: andriyor" /></a>&nbsp;&nbsp;<a href="https://github.com/majudhu"><img src="https:&#x2F;&#x2F;github.com&#x2F;majudhu.png" width="50px" alt="User avatar: majudhu" /></a>&nbsp;&nbsp;<a href="https://github.com/axelrindle"><img src="https:&#x2F;&#x2F;github.com&#x2F;axelrindle.png" width="50px" alt="User avatar: axelrindle" /></a>&nbsp;&nbsp;<a href="https://github.com/jirizverina"><img src="https:&#x2F;&#x2F;github.com&#x2F;jirizverina.png" width="50px" alt="User avatar: jirizverina" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="50px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/GRAYAH"><img src="https:&#x2F;&#x2F;github.com&#x2F;GRAYAH.png" width="50px" alt="User avatar: GRAYAH" /></a>&nbsp;&nbsp;<!-- sponsors-base -->
+  <!-- sponsors-base --><a href="https://github.com/seanwash"><img src="https:&#x2F;&#x2F;github.com&#x2F;seanwash.png" width="50px" alt="User avatar: seanwash" /></a>&nbsp;&nbsp;<a href="https://github.com/jerath"><img src="https:&#x2F;&#x2F;github.com&#x2F;jerath.png" width="50px" alt="User avatar: jerath" /></a>&nbsp;&nbsp;<a href="https://github.com/itsa-sh"><img src="https:&#x2F;&#x2F;github.com&#x2F;itsa-sh.png" width="50px" alt="User avatar: itsa-sh" /></a>&nbsp;&nbsp;<a href="https://github.com/dmmulroy"><img src="https:&#x2F;&#x2F;github.com&#x2F;dmmulroy.png" width="50px" alt="User avatar: dmmulroy" /></a>&nbsp;&nbsp;<a href="https://github.com/timcole"><img src="https:&#x2F;&#x2F;github.com&#x2F;timcole.png" width="50px" alt="User avatar: timcole" /></a>&nbsp;&nbsp;<a href="https://github.com/VLZH"><img src="https:&#x2F;&#x2F;github.com&#x2F;VLZH.png" width="50px" alt="User avatar: VLZH" /></a>&nbsp;&nbsp;<a href="https://github.com/terasaka2k"><img src="https:&#x2F;&#x2F;github.com&#x2F;terasaka2k.png" width="50px" alt="User avatar: terasaka2k" /></a>&nbsp;&nbsp;<a href="https://github.com/andriyor"><img src="https:&#x2F;&#x2F;github.com&#x2F;andriyor.png" width="50px" alt="User avatar: andriyor" /></a>&nbsp;&nbsp;<a href="https://github.com/majudhu"><img src="https:&#x2F;&#x2F;github.com&#x2F;majudhu.png" width="50px" alt="User avatar: majudhu" /></a>&nbsp;&nbsp;<a href="https://github.com/axelrindle"><img src="https:&#x2F;&#x2F;github.com&#x2F;axelrindle.png" width="50px" alt="User avatar: axelrindle" /></a>&nbsp;&nbsp;<a href="https://github.com/jirizverina"><img src="https:&#x2F;&#x2F;github.com&#x2F;jirizverina.png" width="50px" alt="User avatar: jirizverina" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="50px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/GRAYAH"><img src="https:&#x2F;&#x2F;github.com&#x2F;GRAYAH.png" width="50px" alt="User avatar: GRAYAH" /></a>&nbsp;&nbsp;<a href="https://github.com/flashblaze"><img src="https:&#x2F;&#x2F;github.com&#x2F;flashblaze.png" width="50px" alt="User avatar: flashblaze" /></a>&nbsp;&nbsp;<!-- sponsors-base -->
 </p>
 ![Yaak API Client](https://yaak.app/static/screenshot.png)
--- a/biome.json
+++ b/biome.json
@@ -47,7 +47,8 @@
      "!src-web/vite.config.ts",
      "!src-web/routeTree.gen.ts",
      "!packages/plugin-runtime-types/lib",
-      "!**/bindings"
+      "!**/bindings",
      "!flatpak"
    ]
  }
 }
--- a/crates-cli/yaak-cli/Cargo.toml
+++ b/crates-cli/yaak-cli/Cargo.toml
@@ -13,10 +13,17 @@ clap = { version = "4", features = ["derive"] }
 dirs = "6"
 env_logger = "0.11"
 log = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 tokio = { workspace = true, features = ["rt-multi-thread", "macros"] }
 yaak = { workspace = true }
 yaak-crypto = { workspace = true }
 yaak-http = { workspace = true }
 yaak-models = { workspace = true }
 yaak-plugins = { workspace = true }
 yaak-templates = { workspace = true }
 [dev-dependencies]
 assert_cmd = "2"
 predicates = "3"
 tempfile = "3"
--- a/crates-cli/yaak-cli/PLAN.md
+++ b/crates-cli/yaak-cli/PLAN.md
@@ -0,0 +1,340 @@
 # CLI Command Architecture Plan
 ## Goal
 Redesign the yaak-cli command structure to use a resource-oriented `<resource> <action>`
 pattern that scales well, is discoverable, and supports both human and LLM workflows.
 ## Status Snapshot
 Current branch state:
 - Modular CLI structure with command modules and shared `CliContext`
 - Resource/action hierarchy in place for:
  - `workspace list|show|create|update|delete`
  - `request list|show|create|update|send|delete`
  - `folder list|show|create|update|delete`
  - `environment list|show|create|update|delete`
 - Top-level `send` exists as a request-send shortcut (not yet flexible request/folder/workspace resolution)
 - Legacy `get` command removed
 - JSON create/update flow implemented (`--json` and positional JSON shorthand)
 - No `request schema` command yet
 Progress checklist:
 - [x] Phase 1 complete
 - [x] Phase 2 complete
 - [x] Phase 3 complete
 - [ ] Phase 4 complete
 - [ ] Phase 5 complete
 - [ ] Phase 6 complete
 ## Command Architecture
 ### Design Principles
 - **Resource-oriented**: top-level commands are nouns, subcommands are verbs
 - **Polymorphic requests**: `request` covers HTTP, gRPC, and WebSocket — the CLI
  resolves the type via `get_any_request` and adapts behavior accordingly
 - **Simple creation, full-fidelity via JSON**: human-friendly flags for basic creation,
  `--json` for full control (targeted at LLM and scripting workflows)
 - **Runtime schema introspection**: `request schema` outputs JSON Schema for the request
  models, with dynamic auth fields populated from loaded plugins at runtime
 - **Destructive actions require confirmation**: `delete` commands prompt for user
  confirmation before proceeding. Can be bypassed with `--yes` / `-y` for scripting
 ### Commands
 ```
 # Top-level shortcut
 yaakcli send <id> [-e <env_id>]          # id can be a request, folder, or workspace
 # Resource commands
 yaakcli workspace list
 yaakcli workspace show <id>
 yaakcli workspace create --name <name>
 yaakcli workspace create --json '{"name": "My Workspace"}'
 yaakcli workspace create '{"name": "My Workspace"}'              # positional JSON shorthand
 yaakcli workspace update --json '{"id": "wk_abc", "name": "New Name"}'
 yaakcli workspace delete <id>
 yaakcli request list <workspace_id>
 yaakcli request show <id>
 yaakcli request create <workspace_id> --name <name> --url <url> [--method GET]
 yaakcli request create --json '{"workspaceId": "wk_abc", "url": "..."}'
 yaakcli request update --json '{"id": "rq_abc", "url": "https://new.com"}'
 yaakcli request send <id> [-e <env_id>]
 yaakcli request delete <id>
 yaakcli request schema <http|grpc|websocket>
 yaakcli folder list <workspace_id>
 yaakcli folder show <id>
 yaakcli folder create <workspace_id> --name <name>
 yaakcli folder create --json '{"workspaceId": "wk_abc", "name": "Auth"}'
 yaakcli folder update --json '{"id": "fl_abc", "name": "New Name"}'
 yaakcli folder delete <id>
 yaakcli environment list <workspace_id>
 yaakcli environment show <id>
 yaakcli environment create <workspace_id> --name <name>
 yaakcli environment create --json '{"workspaceId": "wk_abc", "name": "Production"}'
 yaakcli environment update --json '{"id": "ev_abc", ...}'
 yaakcli environment delete <id>
 ```
 ### `send` — Top-Level Shortcut
 `yaakcli send <id>` is a convenience alias that accepts any sendable ID. It tries
 each type in order via DB lookups (short-circuiting on first match):
 1. Request (HTTP, gRPC, or WebSocket via `get_any_request`)
 2. Folder (sends all requests in the folder)
 3. Workspace (sends all requests in the workspace)
 ID prefixes exist (e.g. `rq_`, `fl_`, `wk_`) but are not relied upon — resolution
 is purely by DB lookup.
 `request send <id>` is the same but restricted to request IDs only.
 ### Request Send — Polymorphic Behavior
 `send` means "execute this request" regardless of protocol:
 - **HTTP**: send request, print response, exit
 - **gRPC**: invoke the method; for streaming, stream output to stdout until done/Ctrl+C
 - **WebSocket**: connect, stream messages to stdout until closed/Ctrl+C
 ### `request schema` — Runtime JSON Schema
 Outputs a JSON Schema describing the full request shape, including dynamic fields:
 1. Generate base schema from `schemars::JsonSchema` derive on the Rust model structs
 2. Load plugins, collect auth strategy definitions and their form inputs
 3. Merge plugin-defined auth fields into the `authentication` property as a `oneOf`
 4. Output the combined schema as JSON
 This lets an LLM call `schema`, read the shape, and construct valid JSON for
 `create --json` or `update --json`.
 ## Implementation Steps
 ### Phase 1: Restructure commands (no new functionality)
 Refactor `main.rs` into the new resource/action pattern using clap subcommand nesting.
 Existing behavior stays the same, just reorganized. Remove the `get` command.
 1. Create module structure: `commands/workspace.rs`, `commands/request.rs`, etc.
 2. Define nested clap enums:
   ```rust
   enum Commands {
       Send(SendArgs),
       Workspace(WorkspaceArgs),
       Request(RequestArgs),
       Folder(FolderArgs),
       Environment(EnvironmentArgs),
   }
   ```
 3. Move existing `Workspaces` logic into `workspace list`
 4. Move existing `Requests` logic into `request list`
 5. Move existing `Send` logic into `request send`
 6. Move existing `Create` logic into `request create`
 7. Delete the `Get` command entirely
 8. Extract shared setup (DB init, plugin init, encryption) into a reusable context struct
 ### Phase 2: Add missing CRUD commands
 Status: complete
 1. `workspace show <id>`
 2. `workspace create --name <name>` (and `--json`)
 3. `workspace update --json`
 4. `workspace delete <id>`
 5. `request show <id>` (JSON output of the full request model)
 6. `request delete <id>`
 7. `folder list <workspace_id>`
 8. `folder show <id>`
 9. `folder create <workspace_id> --name <name>` (and `--json`)
 10. `folder update --json`
 11. `folder delete <id>`
 12. `environment list <workspace_id>`
 13. `environment show <id>`
 14. `environment create <workspace_id> --name <name>` (and `--json`)
 15. `environment update --json`
 16. `environment delete <id>`
 ### Phase 3: JSON input for create/update
 Both commands accept JSON via `--json <string>` or as a positional argument (detected
 by leading `{`). They follow the same upsert pattern as the plugin API.
 - **`create --json`**: JSON must include `workspaceId`. Must NOT include `id` (or
  use empty string `""`). Deserializes into the model with defaults for missing fields,
  then upserts (insert).
 - **`update --json`**: JSON must include `id`. Performs a fetch-merge-upsert:
  1. Fetch the existing model from DB
  2. Serialize it to `serde_json::Value`
  3. Deep-merge the user's partial JSON on top (JSON Merge Patch / RFC 7386 semantics)
  4. Deserialize back into the typed model
  5. Upsert (update)
  This matches how the MCP server plugin already does it (fetch existing, spread, override),
  but the CLI handles the merge server-side so callers don't have to.
  Setting a field to `null` removes it (for `Option<T>` fields), per RFC 7386.
 Implementation:
 1. Add `--json` flag and positional JSON detection to `create` commands
 2. Add `update` commands with required `--json` flag
 3. Implement JSON merge utility (or use `json-patch` crate)
 ### Phase 4: Runtime schema generation
 1. Add `schemars` dependency to `yaak-models`
 2. Derive `JsonSchema` on `HttpRequest`, `GrpcRequest`, `WebsocketRequest`, and their
   nested types (`HttpRequestHeader`, `HttpUrlParameter`, etc.)
 3. Implement `request schema` command:
   - Generate base schema from schemars
   - Query plugins for auth strategy form inputs
   - Convert plugin form inputs into JSON Schema properties
   - Merge into the `authentication` field
   - Print to stdout
 ### Phase 5: Polymorphic send
 1. Update `request send` to use `get_any_request` to resolve the request type
 2. Match on `AnyRequest` variant and dispatch to the appropriate sender:
   - `AnyRequest::HttpRequest` — existing HTTP send logic
   - `AnyRequest::GrpcRequest` — gRPC invoke (future implementation)
   - `AnyRequest::WebsocketRequest` — WebSocket connect (future implementation)
 3. gRPC and WebSocket send can initially return "not yet implemented" errors
 ### Phase 6: Top-level `send` and folder/workspace send
 1. Add top-level `yaakcli send <id>` command
 2. Resolve ID by trying DB lookups in order: any_request → folder → workspace
 3. For folder: list all requests in folder, send each
 4. For workspace: list all requests in workspace, send each
 5. Add execution options: `--sequential` (default), `--parallel`, `--fail-fast`
 ## Execution Plan (PR Slices)
 ### PR 1: Command tree refactor + compatibility aliases
 Scope:
 1. Introduce `commands/` modules and a `CliContext` for shared setup
 2. Add new clap hierarchy (`workspace`, `request`, `folder`, `environment`)
 3. Route existing behavior into:
   - `workspace list`
   - `request list <workspace_id>`
   - `request send <id>`
   - `request create <workspace_id> ...`
 4. Keep compatibility aliases temporarily:
   - `workspaces` -> `workspace list`
   - `requests <workspace_id>` -> `request list <workspace_id>`
   - `create ...` -> `request create ...`
 5. Remove `get` and update help text
 Acceptance criteria:
 - `yaakcli --help` shows noun/verb structure
 - Existing list/send/create workflows still work
 - No behavior change in HTTP send output format
 ### PR 2: CRUD surface area
 Scope:
 1. Implement `show/create/update/delete` for `workspace`, `request`, `folder`, `environment`
 2. Ensure delete commands require confirmation by default (`--yes` bypass)
 3. Normalize output format for list/show/create/update/delete responses
 Acceptance criteria:
 - Every command listed in the "Commands" section parses and executes
 - Delete commands are safe by default in interactive terminals
 - `--yes` supports non-interactive scripts
 ### PR 3: JSON input + merge patch semantics
 Scope:
 1. Add shared parser for `--json` and positional JSON shorthand
 2. Add `create --json` and `update --json` for all mutable resources
 3. Implement server-side RFC 7386 merge patch behavior
 4. Add guardrails:
   - `create --json`: reject non-empty `id`
   - `update --json`: require `id`
 Acceptance criteria:
 - Partial `update --json` only modifies provided keys
 - `null` clears optional values
 - Invalid JSON and missing required fields return actionable errors
 ### PR 4: `request schema` and plugin auth integration
 Scope:
 1. Add `schemars` to `yaak-models` and derive `JsonSchema` for request models
 2. Implement `request schema <http|grpc|websocket>`
 3. Merge plugin auth form inputs into `authentication` schema at runtime
 Acceptance criteria:
 - Command prints valid JSON schema
 - Schema reflects installed auth providers at runtime
 - No panic when plugins fail to initialize (degrade gracefully)
 ### PR 5: Polymorphic request send
 Scope:
 1. Replace request resolution in `request send` with `get_any_request`
 2. Dispatch by request type
 3. Keep HTTP fully functional
 4. Return explicit NYI errors for gRPC/WebSocket until implemented
 Acceptance criteria:
 - HTTP behavior remains unchanged
 - gRPC/WebSocket IDs are recognized and return explicit status
 ### PR 6: Top-level `send` + bulk execution
 Scope:
 1. Add top-level `send <id>` for request/folder/workspace IDs
 2. Implement folder/workspace fan-out execution
 3. Add execution controls: `--sequential`, `--parallel`, `--fail-fast`
 Acceptance criteria:
 - Correct ID dispatch order: request -> folder -> workspace
 - Deterministic summary output (success/failure counts)
 - Non-zero exit code when any request fails (unless explicitly configured otherwise)
 ## Validation Matrix
 1. CLI parsing tests for every command path (including aliases while retained)
 2. Integration tests against temp SQLite DB for CRUD flows
 3. Snapshot tests for output text where scripting compatibility matters
 4. Manual smoke tests:
   - Send HTTP request with template/rendered vars
   - JSON create/update for each resource
   - Delete confirmation and `--yes`
   - Top-level `send` on request/folder/workspace
 ## Open Questions
 1. Should compatibility aliases (`workspaces`, `requests`, `create`) be removed immediately or after one release cycle?
 2. For bulk `send`, should default behavior stop on first failure or continue and summarize?
 3. Should command output default to human-readable text with an optional `--format json`, or return JSON by default for `show`/`list`?
 4. For `request schema`, should plugin-derived auth fields be namespaced by plugin ID to avoid collisions?
 ## Crate Changes
 - **yaak-cli**: restructure into modules, new clap hierarchy
 - **yaak-models**: add `schemars` dependency, derive `JsonSchema` on model structs
  (current derives: `Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS`)
--- a/crates-cli/yaak-cli/README.md
+++ b/crates-cli/yaak-cli/README.md
@@ -0,0 +1,87 @@
 # yaak-cli
 Command-line interface for Yaak.
 ## Command Overview
 Current top-level commands:
 ```text
 yaakcli send <request_id>
 yaakcli workspace list
 yaakcli workspace show <workspace_id>
 yaakcli workspace create --name <name>
 yaakcli workspace create --json '{"name":"My Workspace"}'
 yaakcli workspace create '{"name":"My Workspace"}'
 yaakcli workspace update --json '{"id":"wk_abc","description":"Updated"}'
 yaakcli workspace delete <workspace_id> [--yes]
 yaakcli request list <workspace_id>
 yaakcli request show <request_id>
 yaakcli request send <request_id>
 yaakcli request create <workspace_id> --name <name> --url <url> [--method GET]
 yaakcli request create --json '{"workspaceId":"wk_abc","name":"Users","url":"https://api.example.com/users"}'
 yaakcli request create '{"workspaceId":"wk_abc","name":"Users","url":"https://api.example.com/users"}'
 yaakcli request update --json '{"id":"rq_abc","name":"Users v2"}'
 yaakcli request delete <request_id> [--yes]
 yaakcli folder list <workspace_id>
 yaakcli folder show <folder_id>
 yaakcli folder create <workspace_id> --name <name>
 yaakcli folder create --json '{"workspaceId":"wk_abc","name":"Auth"}'
 yaakcli folder create '{"workspaceId":"wk_abc","name":"Auth"}'
 yaakcli folder update --json '{"id":"fl_abc","name":"Auth v2"}'
 yaakcli folder delete <folder_id> [--yes]
 yaakcli environment list <workspace_id>
 yaakcli environment show <environment_id>
 yaakcli environment create <workspace_id> --name <name>
 yaakcli environment create --json '{"workspaceId":"wk_abc","name":"Production"}'
 yaakcli environment create '{"workspaceId":"wk_abc","name":"Production"}'
 yaakcli environment update --json '{"id":"ev_abc","color":"#00ff00"}'
 yaakcli environment delete <environment_id> [--yes]
 ```
 Global options:
 - `--data-dir <path>`: use a custom data directory
 - `-e, --environment <id>`: environment to use during request rendering/sending
 - `-v, --verbose`: verbose logging and send output
 Notes:
 - `send` is currently a shortcut for sending an HTTP request ID.
 - `delete` commands prompt for confirmation unless `--yes` is provided.
 - In non-interactive mode, `delete` commands require `--yes`.
 - `create` and `update` commands support `--json` and positional JSON shorthand.
 - `update` uses JSON Merge Patch semantics (RFC 7386) for partial updates.
 ## Examples
 ```bash
 yaakcli workspace list
 yaakcli workspace create --name "My Workspace"
 yaakcli workspace show wk_abc
 yaakcli workspace update --json '{"id":"wk_abc","description":"Team workspace"}'
 yaakcli request list wk_abc
 yaakcli request show rq_abc
 yaakcli request create wk_abc --name "Users" --url "https://api.example.com/users"
 yaakcli request update --json '{"id":"rq_abc","name":"Users v2"}'
 yaakcli request send rq_abc -e ev_abc
 yaakcli request delete rq_abc --yes
 yaakcli folder create wk_abc --name "Auth"
 yaakcli folder update --json '{"id":"fl_abc","name":"Auth v2"}'
 yaakcli environment create wk_abc --name "Production"
 yaakcli environment update --json '{"id":"ev_abc","color":"#00ff00"}'
 ```
 ## Roadmap
 Planned command expansion (request schema and polymorphic send) is tracked in `PLAN.md`.
 When command behavior changes, update this README and verify with:
 ```bash
 cargo run -q -p yaak-cli -- --help
 cargo run -q -p yaak-cli -- request --help
 cargo run -q -p yaak-cli -- workspace --help
 cargo run -q -p yaak-cli -- folder --help
 cargo run -q -p yaak-cli -- environment --help
 ```
--- a/crates-cli/yaak-cli/src/cli.rs
+++ b/crates-cli/yaak-cli/src/cli.rs
@@ -0,0 +1,282 @@
 use clap::{Args, Parser, Subcommand};
 use std::path::PathBuf;
 #[derive(Parser)]
 #[command(name = "yaakcli")]
 #[command(about = "Yaak CLI - API client from the command line")]
 pub struct Cli {
    /// Use a custom data directory
    #[arg(long, global = true)]
    pub data_dir: Option<PathBuf>,
    /// Environment ID to use for variable substitution
    #[arg(long, short, global = true)]
    pub environment: Option<String>,
    /// Enable verbose logging
    #[arg(long, short, global = true)]
    pub verbose: bool,
    #[command(subcommand)]
    pub command: Commands,
 }
 #[derive(Subcommand)]
 pub enum Commands {
    /// Send an HTTP request by ID
    Send(SendArgs),
    /// Workspace commands
    Workspace(WorkspaceArgs),
    /// Request commands
    Request(RequestArgs),
    /// Folder commands
    Folder(FolderArgs),
    /// Environment commands
    Environment(EnvironmentArgs),
 }
 #[derive(Args)]
 pub struct SendArgs {
    /// Request ID
    pub request_id: String,
 }
 #[derive(Args)]
 pub struct WorkspaceArgs {
    #[command(subcommand)]
    pub command: WorkspaceCommands,
 }
 #[derive(Subcommand)]
 pub enum WorkspaceCommands {
    /// List all workspaces
    List,
    /// Show a workspace as JSON
    Show {
        /// Workspace ID
        workspace_id: String,
    },
    /// Create a workspace
    Create {
        /// Workspace name
        #[arg(short, long)]
        name: Option<String>,
        /// JSON payload
        #[arg(long, conflicts_with = "json_input")]
        json: Option<String>,
        /// JSON payload shorthand
        #[arg(value_name = "JSON", conflicts_with = "json")]
        json_input: Option<String>,
    },
    /// Update a workspace
    Update {
        /// JSON payload
        #[arg(long, conflicts_with = "json_input")]
        json: Option<String>,
        /// JSON payload shorthand
        #[arg(value_name = "JSON", conflicts_with = "json")]
        json_input: Option<String>,
    },
    /// Delete a workspace
    Delete {
        /// Workspace ID
        workspace_id: String,
        /// Skip confirmation prompt
        #[arg(short, long)]
        yes: bool,
    },
 }
 #[derive(Args)]
 pub struct RequestArgs {
    #[command(subcommand)]
    pub command: RequestCommands,
 }
 #[derive(Subcommand)]
 pub enum RequestCommands {
    /// List requests in a workspace
    List {
        /// Workspace ID
        workspace_id: String,
    },
    /// Show a request as JSON
    Show {
        /// Request ID
        request_id: String,
    },
    /// Send an HTTP request by ID
    Send {
        /// Request ID
        request_id: String,
    },
    /// Create a new HTTP request
    Create {
        /// Workspace ID (or positional JSON payload shorthand)
        workspace_id: Option<String>,
        /// Request name
        #[arg(short, long)]
        name: Option<String>,
        /// HTTP method
        #[arg(short, long)]
        method: Option<String>,
        /// URL
        #[arg(short, long)]
        url: Option<String>,
        /// JSON payload
        #[arg(long)]
        json: Option<String>,
    },
    /// Update an HTTP request
    Update {
        /// JSON payload
        #[arg(long, conflicts_with = "json_input")]
        json: Option<String>,
        /// JSON payload shorthand
        #[arg(value_name = "JSON", conflicts_with = "json")]
        json_input: Option<String>,
    },
    /// Delete a request
    Delete {
        /// Request ID
        request_id: String,
        /// Skip confirmation prompt
        #[arg(short, long)]
        yes: bool,
    },
 }
 #[derive(Args)]
 pub struct FolderArgs {
    #[command(subcommand)]
    pub command: FolderCommands,
 }
 #[derive(Subcommand)]
 pub enum FolderCommands {
    /// List folders in a workspace
    List {
        /// Workspace ID
        workspace_id: String,
    },
    /// Show a folder as JSON
    Show {
        /// Folder ID
        folder_id: String,
    },
    /// Create a folder
    Create {
        /// Workspace ID (or positional JSON payload shorthand)
        workspace_id: Option<String>,
        /// Folder name
        #[arg(short, long)]
        name: Option<String>,
        /// JSON payload
        #[arg(long)]
        json: Option<String>,
    },
    /// Update a folder
    Update {
        /// JSON payload
        #[arg(long, conflicts_with = "json_input")]
        json: Option<String>,
        /// JSON payload shorthand
        #[arg(value_name = "JSON", conflicts_with = "json")]
        json_input: Option<String>,
    },
    /// Delete a folder
    Delete {
        /// Folder ID
        folder_id: String,
        /// Skip confirmation prompt
        #[arg(short, long)]
        yes: bool,
    },
 }
 #[derive(Args)]
 pub struct EnvironmentArgs {
    #[command(subcommand)]
    pub command: EnvironmentCommands,
 }
 #[derive(Subcommand)]
 pub enum EnvironmentCommands {
    /// List environments in a workspace
    List {
        /// Workspace ID
        workspace_id: String,
    },
    /// Show an environment as JSON
    Show {
        /// Environment ID
        environment_id: String,
    },
    /// Create an environment
    Create {
        /// Workspace ID (or positional JSON payload shorthand)
        workspace_id: Option<String>,
        /// Environment name
        #[arg(short, long)]
        name: Option<String>,
        /// JSON payload
        #[arg(long)]
        json: Option<String>,
    },
    /// Update an environment
    Update {
        /// JSON payload
        #[arg(long, conflicts_with = "json_input")]
        json: Option<String>,
        /// JSON payload shorthand
        #[arg(value_name = "JSON", conflicts_with = "json")]
        json_input: Option<String>,
    },
    /// Delete an environment
    Delete {
        /// Environment ID
        environment_id: String,
        /// Skip confirmation prompt
        #[arg(short, long)]
        yes: bool,
    },
 }
--- a/crates-cli/yaak-cli/src/commands/environment.rs
+++ b/crates-cli/yaak-cli/src/commands/environment.rs
@@ -0,0 +1,159 @@
 use crate::cli::{EnvironmentArgs, EnvironmentCommands};
 use crate::context::CliContext;
 use crate::utils::confirm::confirm_delete;
 use crate::utils::json::{
    apply_merge_patch, is_json_shorthand, parse_optional_json, parse_required_json, require_id,
    validate_create_id,
 };
 use yaak_models::models::Environment;
 use yaak_models::util::UpdateSource;
 type CommandResult<T = ()> = std::result::Result<T, String>;
 pub fn run(ctx: &CliContext, args: EnvironmentArgs) -> i32 {
    let result = match args.command {
        EnvironmentCommands::List { workspace_id } => list(ctx, &workspace_id),
        EnvironmentCommands::Show { environment_id } => show(ctx, &environment_id),
        EnvironmentCommands::Create { workspace_id, name, json } => {
            create(ctx, workspace_id, name, json)
        }
        EnvironmentCommands::Update { json, json_input } => update(ctx, json, json_input),
        EnvironmentCommands::Delete { environment_id, yes } => delete(ctx, &environment_id, yes),
    };
    match result {
        Ok(()) => 0,
        Err(error) => {
            eprintln!("Error: {error}");
            1
        }
    }
 }
 fn list(ctx: &CliContext, workspace_id: &str) -> CommandResult {
    let environments = ctx
        .db()
        .list_environments_ensure_base(workspace_id)
        .map_err(|e| format!("Failed to list environments: {e}"))?;
    if environments.is_empty() {
        println!("No environments found in workspace {}", workspace_id);
    } else {
        for environment in environments {
            println!("{} - {} ({})", environment.id, environment.name, environment.parent_model);
        }
    }
    Ok(())
 }
 fn show(ctx: &CliContext, environment_id: &str) -> CommandResult {
    let environment = ctx
        .db()
        .get_environment(environment_id)
        .map_err(|e| format!("Failed to get environment: {e}"))?;
    let output =
        serde_json::to_string_pretty(&environment).map_err(|e| format!("Failed to serialize environment: {e}"))?;
    println!("{output}");
    Ok(())
 }
 fn create(
    ctx: &CliContext,
    workspace_id: Option<String>,
    name: Option<String>,
    json: Option<String>,
 ) -> CommandResult {
    if json.is_some() && workspace_id.as_deref().is_some_and(|v| !is_json_shorthand(v)) {
        return Err(
            "environment create cannot combine workspace_id with --json payload".to_string()
        );
    }
    let payload = parse_optional_json(
        json,
        workspace_id.clone().filter(|v| is_json_shorthand(v)),
        "environment create",
    )?;
    if let Some(payload) = payload {
        if name.is_some() {
            return Err("environment create cannot combine --name with JSON payload".to_string());
        }
        validate_create_id(&payload, "environment")?;
        let mut environment: Environment =
            serde_json::from_value(payload)
                .map_err(|e| format!("Failed to parse environment create JSON: {e}"))?;
        if environment.workspace_id.is_empty() {
            return Err("environment create JSON requires non-empty \"workspaceId\"".to_string());
        }
        if environment.parent_model.is_empty() {
            environment.parent_model = "environment".to_string();
        }
        let created = ctx
            .db()
            .upsert_environment(&environment, &UpdateSource::Sync)
            .map_err(|e| format!("Failed to create environment: {e}"))?;
        println!("Created environment: {}", created.id);
        return Ok(());
    }
    let workspace_id = workspace_id.ok_or_else(|| {
        "environment create requires workspace_id unless JSON payload is provided".to_string()
    })?;
    let name = name
        .ok_or_else(|| "environment create requires --name unless JSON payload is provided".to_string())?;
    let environment = Environment {
        workspace_id,
        name,
        parent_model: "environment".to_string(),
        ..Default::default()
    };
    let created = ctx
        .db()
        .upsert_environment(&environment, &UpdateSource::Sync)
        .map_err(|e| format!("Failed to create environment: {e}"))?;
    println!("Created environment: {}", created.id);
    Ok(())
 }
 fn update(ctx: &CliContext, json: Option<String>, json_input: Option<String>) -> CommandResult {
    let patch = parse_required_json(json, json_input, "environment update")?;
    let id = require_id(&patch, "environment update")?;
    let existing = ctx
        .db()
        .get_environment(&id)
        .map_err(|e| format!("Failed to get environment for update: {e}"))?;
    let updated = apply_merge_patch(&existing, &patch, &id, "environment update")?;
    let saved = ctx
        .db()
        .upsert_environment(&updated, &UpdateSource::Sync)
        .map_err(|e| format!("Failed to update environment: {e}"))?;
    println!("Updated environment: {}", saved.id);
    Ok(())
 }
 fn delete(ctx: &CliContext, environment_id: &str, yes: bool) -> CommandResult {
    if !yes && !confirm_delete("environment", environment_id) {
        println!("Aborted");
        return Ok(());
    }
    let deleted = ctx
        .db()
        .delete_environment_by_id(environment_id, &UpdateSource::Sync)
        .map_err(|e| format!("Failed to delete environment: {e}"))?;
    println!("Deleted environment: {}", deleted.id);
    Ok(())
 }
--- a/crates-cli/yaak-cli/src/commands/folder.rs
+++ b/crates-cli/yaak-cli/src/commands/folder.rs
@@ -0,0 +1,139 @@
 use crate::cli::{FolderArgs, FolderCommands};
 use crate::context::CliContext;
 use crate::utils::confirm::confirm_delete;
 use crate::utils::json::{
    apply_merge_patch, is_json_shorthand, parse_optional_json, parse_required_json, require_id,
    validate_create_id,
 };
 use yaak_models::models::Folder;
 use yaak_models::util::UpdateSource;
 type CommandResult<T = ()> = std::result::Result<T, String>;
 pub fn run(ctx: &CliContext, args: FolderArgs) -> i32 {
    let result = match args.command {
        FolderCommands::List { workspace_id } => list(ctx, &workspace_id),
        FolderCommands::Show { folder_id } => show(ctx, &folder_id),
        FolderCommands::Create { workspace_id, name, json } => {
            create(ctx, workspace_id, name, json)
        }
        FolderCommands::Update { json, json_input } => update(ctx, json, json_input),
        FolderCommands::Delete { folder_id, yes } => delete(ctx, &folder_id, yes),
    };
    match result {
        Ok(()) => 0,
        Err(error) => {
            eprintln!("Error: {error}");
            1
        }
    }
 }
 fn list(ctx: &CliContext, workspace_id: &str) -> CommandResult {
    let folders = ctx.db().list_folders(workspace_id).map_err(|e| format!("Failed to list folders: {e}"))?;
    if folders.is_empty() {
        println!("No folders found in workspace {}", workspace_id);
    } else {
        for folder in folders {
            println!("{} - {}", folder.id, folder.name);
        }
    }
    Ok(())
 }
 fn show(ctx: &CliContext, folder_id: &str) -> CommandResult {
    let folder = ctx.db().get_folder(folder_id).map_err(|e| format!("Failed to get folder: {e}"))?;
    let output =
        serde_json::to_string_pretty(&folder).map_err(|e| format!("Failed to serialize folder: {e}"))?;
    println!("{output}");
    Ok(())
 }
 fn create(
    ctx: &CliContext,
    workspace_id: Option<String>,
    name: Option<String>,
    json: Option<String>,
 ) -> CommandResult {
    if json.is_some() && workspace_id.as_deref().is_some_and(|v| !is_json_shorthand(v)) {
        return Err("folder create cannot combine workspace_id with --json payload".to_string());
    }
    let payload = parse_optional_json(
        json,
        workspace_id.clone().filter(|v| is_json_shorthand(v)),
        "folder create",
    )?;
    if let Some(payload) = payload {
        if name.is_some() {
            return Err("folder create cannot combine --name with JSON payload".to_string());
        }
        validate_create_id(&payload, "folder")?;
        let folder: Folder =
            serde_json::from_value(payload).map_err(|e| format!("Failed to parse folder create JSON: {e}"))?;
        if folder.workspace_id.is_empty() {
            return Err("folder create JSON requires non-empty \"workspaceId\"".to_string());
        }
        let created = ctx
            .db()
            .upsert_folder(&folder, &UpdateSource::Sync)
            .map_err(|e| format!("Failed to create folder: {e}"))?;
        println!("Created folder: {}", created.id);
        return Ok(());
    }
    let workspace_id = workspace_id
        .ok_or_else(|| "folder create requires workspace_id unless JSON payload is provided".to_string())?;
    let name =
        name.ok_or_else(|| "folder create requires --name unless JSON payload is provided".to_string())?;
    let folder = Folder { workspace_id, name, ..Default::default() };
    let created = ctx
        .db()
        .upsert_folder(&folder, &UpdateSource::Sync)
        .map_err(|e| format!("Failed to create folder: {e}"))?;
    println!("Created folder: {}", created.id);
    Ok(())
 }
 fn update(ctx: &CliContext, json: Option<String>, json_input: Option<String>) -> CommandResult {
    let patch = parse_required_json(json, json_input, "folder update")?;
    let id = require_id(&patch, "folder update")?;
    let existing = ctx
        .db()
        .get_folder(&id)
        .map_err(|e| format!("Failed to get folder for update: {e}"))?;
    let updated = apply_merge_patch(&existing, &patch, &id, "folder update")?;
    let saved = ctx
        .db()
        .upsert_folder(&updated, &UpdateSource::Sync)
        .map_err(|e| format!("Failed to update folder: {e}"))?;
    println!("Updated folder: {}", saved.id);
    Ok(())
 }
 fn delete(ctx: &CliContext, folder_id: &str, yes: bool) -> CommandResult {
    if !yes && !confirm_delete("folder", folder_id) {
        println!("Aborted");
        return Ok(());
    }
    let deleted = ctx
        .db()
        .delete_folder_by_id(folder_id, &UpdateSource::Sync)
        .map_err(|e| format!("Failed to delete folder: {e}"))?;
    println!("Deleted folder: {}", deleted.id);
    Ok(())
 }
--- a/crates-cli/yaak-cli/src/commands/mod.rs
+++ b/crates-cli/yaak-cli/src/commands/mod.rs
@@ -0,0 +1,5 @@
 pub mod environment;
 pub mod folder;
 pub mod request;
 pub mod send;
 pub mod workspace;
--- a/crates-cli/yaak-cli/src/commands/request.rs
+++ b/crates-cli/yaak-cli/src/commands/request.rs
@@ -0,0 +1,233 @@
 use crate::cli::{RequestArgs, RequestCommands};
 use crate::context::CliContext;
 use crate::utils::confirm::confirm_delete;
 use crate::utils::json::{
    apply_merge_patch, is_json_shorthand, parse_optional_json, parse_required_json, require_id,
    validate_create_id,
 };
 use tokio::sync::mpsc;
 use yaak::send::{SendHttpRequestByIdWithPluginsParams, send_http_request_by_id_with_plugins};
 use yaak_models::models::HttpRequest;
 use yaak_models::util::UpdateSource;
 use yaak_plugins::events::PluginContext;
 type CommandResult<T = ()> = std::result::Result<T, String>;
 pub async fn run(
    ctx: &CliContext,
    args: RequestArgs,
    environment: Option<&str>,
    verbose: bool,
 ) -> i32 {
    let result = match args.command {
        RequestCommands::List { workspace_id } => list(ctx, &workspace_id),
        RequestCommands::Show { request_id } => show(ctx, &request_id),
        RequestCommands::Send { request_id } => {
            return match send_request_by_id(ctx, &request_id, environment, verbose).await {
                Ok(()) => 0,
                Err(error) => {
                    eprintln!("Error: {error}");
                    1
                }
            };
        }
        RequestCommands::Create { workspace_id, name, method, url, json } => {
            create(ctx, workspace_id, name, method, url, json)
        }
        RequestCommands::Update { json, json_input } => update(ctx, json, json_input),
        RequestCommands::Delete { request_id, yes } => delete(ctx, &request_id, yes),
    };
    match result {
        Ok(()) => 0,
        Err(error) => {
            eprintln!("Error: {error}");
            1
        }
    }
 }
 fn list(ctx: &CliContext, workspace_id: &str) -> CommandResult {
    let requests = ctx
        .db()
        .list_http_requests(workspace_id)
        .map_err(|e| format!("Failed to list requests: {e}"))?;
    if requests.is_empty() {
        println!("No requests found in workspace {}", workspace_id);
    } else {
        for request in requests {
            println!("{} - {} {}", request.id, request.method, request.name);
        }
    }
    Ok(())
 }
 fn create(
    ctx: &CliContext,
    workspace_id: Option<String>,
    name: Option<String>,
    method: Option<String>,
    url: Option<String>,
    json: Option<String>,
 ) -> CommandResult {
    if json.is_some() && workspace_id.as_deref().is_some_and(|v| !is_json_shorthand(v)) {
        return Err("request create cannot combine workspace_id with --json payload".to_string());
    }
    let payload = parse_optional_json(
        json,
        workspace_id.clone().filter(|v| is_json_shorthand(v)),
        "request create",
    )?;
    if let Some(payload) = payload {
        if name.is_some() || method.is_some() || url.is_some() {
            return Err("request create cannot combine simple flags with JSON payload".to_string());
        }
        validate_create_id(&payload, "request")?;
        let request: HttpRequest = serde_json::from_value(payload)
            .map_err(|e| format!("Failed to parse request create JSON: {e}"))?;
        if request.workspace_id.is_empty() {
            return Err("request create JSON requires non-empty \"workspaceId\"".to_string());
        }
        let created = ctx
            .db()
            .upsert_http_request(&request, &UpdateSource::Sync)
            .map_err(|e| format!("Failed to create request: {e}"))?;
        println!("Created request: {}", created.id);
        return Ok(());
    }
    let workspace_id = workspace_id.ok_or_else(|| {
        "request create requires workspace_id unless JSON payload is provided".to_string()
    })?;
    let name = name.unwrap_or_default();
    let url = url.unwrap_or_default();
    let method = method.unwrap_or_else(|| "GET".to_string());
    let request = HttpRequest {
        workspace_id,
        name,
        method: method.to_uppercase(),
        url,
        ..Default::default()
    };
    let created = ctx
        .db()
        .upsert_http_request(&request, &UpdateSource::Sync)
        .map_err(|e| format!("Failed to create request: {e}"))?;
    println!("Created request: {}", created.id);
    Ok(())
 }
 fn update(ctx: &CliContext, json: Option<String>, json_input: Option<String>) -> CommandResult {
    let patch = parse_required_json(json, json_input, "request update")?;
    let id = require_id(&patch, "request update")?;
    let existing = ctx
        .db()
        .get_http_request(&id)
        .map_err(|e| format!("Failed to get request for update: {e}"))?;
    let updated = apply_merge_patch(&existing, &patch, &id, "request update")?;
    let saved = ctx
        .db()
        .upsert_http_request(&updated, &UpdateSource::Sync)
        .map_err(|e| format!("Failed to update request: {e}"))?;
    println!("Updated request: {}", saved.id);
    Ok(())
 }
 fn show(ctx: &CliContext, request_id: &str) -> CommandResult {
    let request = ctx
        .db()
        .get_http_request(request_id)
        .map_err(|e| format!("Failed to get request: {e}"))?;
    let output =
        serde_json::to_string_pretty(&request).map_err(|e| format!("Failed to serialize request: {e}"))?;
    println!("{output}");
    Ok(())
 }
 fn delete(ctx: &CliContext, request_id: &str, yes: bool) -> CommandResult {
    if !yes && !confirm_delete("request", request_id) {
        println!("Aborted");
        return Ok(());
    }
    let deleted = ctx
        .db()
        .delete_http_request_by_id(request_id, &UpdateSource::Sync)
        .map_err(|e| format!("Failed to delete request: {e}"))?;
    println!("Deleted request: {}", deleted.id);
    Ok(())
 }
 /// Send a request by ID and print response in the same format as legacy `send`.
 pub async fn send_request_by_id(
    ctx: &CliContext,
    request_id: &str,
    environment: Option<&str>,
    verbose: bool,
 ) -> Result<(), String> {
    let request =
        ctx.db().get_http_request(request_id).map_err(|e| format!("Failed to get request: {e}"))?;
    let plugin_context = PluginContext::new(None, Some(request.workspace_id.clone()));
    let (event_tx, mut event_rx) = mpsc::channel(100);
    let event_handle = tokio::spawn(async move {
        while let Some(event) = event_rx.recv().await {
            if verbose {
                println!("{}", event);
            }
        }
    });
    let response_dir = ctx.data_dir().join("responses");
    let result = send_http_request_by_id_with_plugins(SendHttpRequestByIdWithPluginsParams {
        query_manager: ctx.query_manager(),
        blob_manager: ctx.blob_manager(),
        request_id,
        environment_id: environment,
        update_source: UpdateSource::Sync,
        cookie_jar_id: None,
        response_dir: &response_dir,
        emit_events_to: Some(event_tx),
        plugin_manager: ctx.plugin_manager(),
        encryption_manager: ctx.encryption_manager.clone(),
        plugin_context: &plugin_context,
        cancelled_rx: None,
        connection_manager: None,
    })
    .await;
    let _ = event_handle.await;
    let result = result.map_err(|e| e.to_string())?;
    if verbose {
        println!();
    }
    println!(
        "HTTP {} {}",
        result.response.status,
        result.response.status_reason.as_deref().unwrap_or("")
    );
    if verbose {
        for header in &result.response.headers {
            println!("{}: {}", header.name, header.value);
        }
        println!();
    }
    let body = String::from_utf8(result.response_body)
        .map_err(|e| format!("Failed to read response body: {e}"))?;
    println!("{}", body);
    Ok(())
 }
--- a/crates-cli/yaak-cli/src/commands/send.rs
+++ b/crates-cli/yaak-cli/src/commands/send.rs
@@ -0,0 +1,18 @@
 use crate::cli::SendArgs;
 use crate::commands::request;
 use crate::context::CliContext;
 pub async fn run(
    ctx: &CliContext,
    args: SendArgs,
    environment: Option<&str>,
    verbose: bool,
 ) -> i32 {
    match request::send_request_by_id(ctx, &args.request_id, environment, verbose).await {
        Ok(()) => 0,
        Err(error) => {
            eprintln!("Error: {error}");
            1
        }
    }
 }
--- a/crates-cli/yaak-cli/src/commands/workspace.rs
+++ b/crates-cli/yaak-cli/src/commands/workspace.rs
@@ -0,0 +1,121 @@
 use crate::cli::{WorkspaceArgs, WorkspaceCommands};
 use crate::context::CliContext;
 use crate::utils::confirm::confirm_delete;
 use crate::utils::json::{
    apply_merge_patch, parse_optional_json, parse_required_json, require_id, validate_create_id,
 };
 use yaak_models::models::Workspace;
 use yaak_models::util::UpdateSource;
 type CommandResult<T = ()> = std::result::Result<T, String>;
 pub fn run(ctx: &CliContext, args: WorkspaceArgs) -> i32 {
    let result = match args.command {
        WorkspaceCommands::List => list(ctx),
        WorkspaceCommands::Show { workspace_id } => show(ctx, &workspace_id),
        WorkspaceCommands::Create { name, json, json_input } => create(ctx, name, json, json_input),
        WorkspaceCommands::Update { json, json_input } => update(ctx, json, json_input),
        WorkspaceCommands::Delete { workspace_id, yes } => delete(ctx, &workspace_id, yes),
    };
    match result {
        Ok(()) => 0,
        Err(error) => {
            eprintln!("Error: {error}");
            1
        }
    }
 }
 fn list(ctx: &CliContext) -> CommandResult {
    let workspaces = ctx.db().list_workspaces().map_err(|e| format!("Failed to list workspaces: {e}"))?;
    if workspaces.is_empty() {
        println!("No workspaces found");
    } else {
        for workspace in workspaces {
            println!("{} - {}", workspace.id, workspace.name);
        }
    }
    Ok(())
 }
 fn show(ctx: &CliContext, workspace_id: &str) -> CommandResult {
    let workspace = ctx
        .db()
        .get_workspace(workspace_id)
        .map_err(|e| format!("Failed to get workspace: {e}"))?;
    let output = serde_json::to_string_pretty(&workspace)
        .map_err(|e| format!("Failed to serialize workspace: {e}"))?;
    println!("{output}");
    Ok(())
 }
 fn create(
    ctx: &CliContext,
    name: Option<String>,
    json: Option<String>,
    json_input: Option<String>,
 ) -> CommandResult {
    let payload = parse_optional_json(json, json_input, "workspace create")?;
    if let Some(payload) = payload {
        if name.is_some() {
            return Err("workspace create cannot combine --name with JSON payload".to_string());
        }
        validate_create_id(&payload, "workspace")?;
        let workspace: Workspace = serde_json::from_value(payload)
            .map_err(|e| format!("Failed to parse workspace create JSON: {e}"))?;
        let created = ctx
            .db()
            .upsert_workspace(&workspace, &UpdateSource::Sync)
            .map_err(|e| format!("Failed to create workspace: {e}"))?;
        println!("Created workspace: {}", created.id);
        return Ok(());
    }
    let name =
        name.ok_or_else(|| "workspace create requires --name unless JSON payload is provided".to_string())?;
    let workspace = Workspace { name, ..Default::default() };
    let created = ctx
        .db()
        .upsert_workspace(&workspace, &UpdateSource::Sync)
        .map_err(|e| format!("Failed to create workspace: {e}"))?;
    println!("Created workspace: {}", created.id);
    Ok(())
 }
 fn update(ctx: &CliContext, json: Option<String>, json_input: Option<String>) -> CommandResult {
    let patch = parse_required_json(json, json_input, "workspace update")?;
    let id = require_id(&patch, "workspace update")?;
    let existing = ctx
        .db()
        .get_workspace(&id)
        .map_err(|e| format!("Failed to get workspace for update: {e}"))?;
    let updated = apply_merge_patch(&existing, &patch, &id, "workspace update")?;
    let saved = ctx
        .db()
        .upsert_workspace(&updated, &UpdateSource::Sync)
        .map_err(|e| format!("Failed to update workspace: {e}"))?;
    println!("Updated workspace: {}", saved.id);
    Ok(())
 }
 fn delete(ctx: &CliContext, workspace_id: &str, yes: bool) -> CommandResult {
    if !yes && !confirm_delete("workspace", workspace_id) {
        println!("Aborted");
        return Ok(());
    }
    let deleted = ctx
        .db()
        .delete_workspace_by_id(workspace_id, &UpdateSource::Sync)
        .map_err(|e| format!("Failed to delete workspace: {e}"))?;
    println!("Deleted workspace: {}", deleted.id);
    Ok(())
 }
--- a/crates-cli/yaak-cli/src/context.rs
+++ b/crates-cli/yaak-cli/src/context.rs
@@ -0,0 +1,96 @@
 use std::path::{Path, PathBuf};
 use std::sync::Arc;
 use yaak_crypto::manager::EncryptionManager;
 use yaak_models::blob_manager::BlobManager;
 use yaak_models::db_context::DbContext;
 use yaak_models::query_manager::QueryManager;
 use yaak_plugins::events::PluginContext;
 use yaak_plugins::manager::PluginManager;
 pub struct CliContext {
    data_dir: PathBuf,
    query_manager: QueryManager,
    blob_manager: BlobManager,
    pub encryption_manager: Arc<EncryptionManager>,
    plugin_manager: Option<Arc<PluginManager>>,
 }
 impl CliContext {
    pub async fn initialize(data_dir: PathBuf, app_id: &str, with_plugins: bool) -> Self {
        let db_path = data_dir.join("db.sqlite");
        let blob_path = data_dir.join("blobs.sqlite");
        let (query_manager, blob_manager, _rx) = yaak_models::init_standalone(&db_path, &blob_path)
            .expect("Failed to initialize database");
        let encryption_manager = Arc::new(EncryptionManager::new(query_manager.clone(), app_id));
        let plugin_manager = if with_plugins {
            let vendored_plugin_dir = data_dir.join("vendored-plugins");
            let installed_plugin_dir = data_dir.join("installed-plugins");
            let node_bin_path = PathBuf::from("node");
            let plugin_runtime_main =
                std::env::var("YAAK_PLUGIN_RUNTIME").map(PathBuf::from).unwrap_or_else(|_| {
                    PathBuf::from(env!("CARGO_MANIFEST_DIR"))
                        .join("../../crates-tauri/yaak-app/vendored/plugin-runtime/index.cjs")
                });
            let plugin_manager = Arc::new(
                PluginManager::new(
                    vendored_plugin_dir,
                    installed_plugin_dir,
                    node_bin_path,
                    plugin_runtime_main,
                    false,
                )
                .await,
            );
            let plugins = query_manager.connect().list_plugins().unwrap_or_default();
            if !plugins.is_empty() {
                let errors = plugin_manager
                    .initialize_all_plugins(plugins, &PluginContext::new_empty())
                    .await;
                for (plugin_dir, error_msg) in errors {
                    eprintln!(
                        "Warning: Failed to initialize plugin '{}': {}",
                        plugin_dir, error_msg
                    );
                }
            }
            Some(plugin_manager)
        } else {
            None
        };
        Self { data_dir, query_manager, blob_manager, encryption_manager, plugin_manager }
    }
    pub fn data_dir(&self) -> &Path {
        &self.data_dir
    }
    pub fn db(&self) -> DbContext<'_> {
        self.query_manager.connect()
    }
    pub fn query_manager(&self) -> &QueryManager {
        &self.query_manager
    }
    pub fn blob_manager(&self) -> &BlobManager {
        &self.blob_manager
    }
    pub fn plugin_manager(&self) -> Arc<PluginManager> {
        self.plugin_manager.clone().expect("Plugin manager was not initialized for this command")
    }
    pub async fn shutdown(&self) {
        if let Some(plugin_manager) = &self.plugin_manager {
            plugin_manager.terminate().await;
        }
    }
 }
--- a/crates-cli/yaak-cli/src/main.rs
+++ b/crates-cli/yaak-cli/src/main.rs
@@ -1,409 +1,49 @@
-use clap::{Parser, Subcommand};
+mod cli;
-use log::info;
+mod commands;
-use serde_json::Value;
+mod context;
-use std::collections::BTreeMap;
+mod utils;
 use std::path::PathBuf;
 use std::sync::Arc;
 use tokio::sync::mpsc;
 use yaak_crypto::manager::EncryptionManager;
 use yaak_http::path_placeholders::apply_path_placeholders;
 use yaak_http::sender::{HttpSender, ReqwestSender};
 use yaak_http::types::{SendableHttpRequest, SendableHttpRequestOptions};
 use yaak_models::models::{HttpRequest, HttpRequestHeader, HttpUrlParameter};
 use yaak_models::render::make_vars_hashmap;
 use yaak_models::util::UpdateSource;
 use yaak_plugins::events::{PluginContext, RenderPurpose};
 use yaak_plugins::manager::PluginManager;
 use yaak_plugins::template_callback::PluginTemplateCallback;
 use yaak_templates::{RenderOptions, parse_and_render, render_json_value_raw};
-#[derive(Parser)]
+use clap::Parser;
-#[command(name = "yaakcli")]
+use cli::{Cli, Commands, RequestCommands};
-#[command(about = "Yaak CLI - API client from the command line")]
+use context::CliContext;
 struct Cli {
    /// Use a custom data directory
    #[arg(long, global = true)]
    data_dir: Option<PathBuf>,
    /// Environment ID to use for variable substitution
    #[arg(long, short, global = true)]
    environment: Option<String>,
    /// Enable verbose logging
    #[arg(long, short, global = true)]
    verbose: bool,
    #[command(subcommand)]
    command: Commands,
 }
 #[derive(Subcommand)]
 enum Commands {
    /// List all workspaces
    Workspaces,
    /// List requests in a workspace
    Requests {
        /// Workspace ID
        workspace_id: String,
    },
    /// Send an HTTP request by ID
    Send {
        /// Request ID
        request_id: String,
    },
    /// Send a GET request to a URL
    Get {
        /// URL to request
        url: String,
    },
    /// Create a new HTTP request
    Create {
        /// Workspace ID
        workspace_id: String,
        /// Request name
        #[arg(short, long)]
        name: String,
        /// HTTP method
        #[arg(short, long, default_value = "GET")]
        method: String,
        /// URL
        #[arg(short, long)]
        url: String,
    },
 }
 /// Render an HTTP request with template variables and plugin functions
 async fn render_http_request(
    r: &HttpRequest,
    environment_chain: Vec<yaak_models::models::Environment>,
    cb: &PluginTemplateCallback,
    opt: &RenderOptions,
 ) -> yaak_templates::error::Result<HttpRequest> {
    let vars = &make_vars_hashmap(environment_chain);
    let mut url_parameters = Vec::new();
    for p in r.url_parameters.clone() {
        if !p.enabled {
            continue;
        }
        url_parameters.push(HttpUrlParameter {
            enabled: p.enabled,
            name: parse_and_render(p.name.as_str(), vars, cb, opt).await?,
            value: parse_and_render(p.value.as_str(), vars, cb, opt).await?,
            id: p.id,
        })
    }
    let mut headers = Vec::new();
    for p in r.headers.clone() {
        if !p.enabled {
            continue;
        }
        headers.push(HttpRequestHeader {
            enabled: p.enabled,
            name: parse_and_render(p.name.as_str(), vars, cb, opt).await?,
            value: parse_and_render(p.value.as_str(), vars, cb, opt).await?,
            id: p.id,
        })
    }
    let mut body = BTreeMap::new();
    for (k, v) in r.body.clone() {
        body.insert(k, render_json_value_raw(v, vars, cb, opt).await?);
    }
    let authentication = {
        let mut disabled = false;
        let mut auth = BTreeMap::new();
        match r.authentication.get("disabled") {
            Some(Value::Bool(true)) => {
                disabled = true;
            }
            Some(Value::String(tmpl)) => {
                disabled = parse_and_render(tmpl.as_str(), vars, cb, opt)
                    .await
                    .unwrap_or_default()
                    .is_empty();
                info!(
                    "Rendering authentication.disabled as a template: {disabled} from \"{tmpl}\""
                );
            }
            _ => {}
        }
        if disabled {
            auth.insert("disabled".to_string(), Value::Bool(true));
        } else {
            for (k, v) in r.authentication.clone() {
                if k == "disabled" {
                    auth.insert(k, Value::Bool(false));
                } else {
                    auth.insert(k, render_json_value_raw(v, vars, cb, opt).await?);
                }
            }
        }
        auth
    };
    let url = parse_and_render(r.url.clone().as_str(), vars, cb, opt).await?;
    // Apply path placeholders (e.g., /users/:id -> /users/123)
    let (url, url_parameters) = apply_path_placeholders(&url, &url_parameters);
    Ok(HttpRequest { url, url_parameters, headers, body, authentication, ..r.to_owned() })
 }
 #[tokio::main]
 async fn main() {
-    let cli = Cli::parse();
+    let Cli { data_dir, environment, verbose, command } = Cli::parse();
-    // Initialize logging
+    if verbose {
    if cli.verbose {
        env_logger::Builder::from_env(env_logger::Env::default().default_filter_or("info")).init();
    }
    // Use the same app_id for both data directory and keyring
    let app_id = if cfg!(debug_assertions) { "app.yaak.desktop.dev" } else { "app.yaak.desktop" };
-    let data_dir = cli.data_dir.unwrap_or_else(|| {
+    let data_dir = data_dir.unwrap_or_else(|| {
        dirs::data_dir().expect("Could not determine data directory").join(app_id)
    });
-    let db_path = data_dir.join("db.sqlite");
+    let needs_plugins = matches!(
-    let blob_path = data_dir.join("blobs.sqlite");
+        &command,
-
+        Commands::Send(_)
-    let (query_manager, _blob_manager, _rx) =
+            | Commands::Request(cli::RequestArgs { command: RequestCommands::Send { .. } })
        yaak_models::init_standalone(&db_path, &blob_path).expect("Failed to initialize database");
    let db = query_manager.connect();
    // Initialize encryption manager for secure() template function
    // Use the same app_id as the Tauri app for keyring access
    let encryption_manager = Arc::new(EncryptionManager::new(query_manager.clone(), app_id));
    // Initialize plugin manager for template functions
    let vendored_plugin_dir = data_dir.join("vendored-plugins");
    let installed_plugin_dir = data_dir.join("installed-plugins");
    // Use system node for CLI (must be in PATH)
    let node_bin_path = PathBuf::from("node");
    // Find the plugin runtime - check YAAK_PLUGIN_RUNTIME env var, then fallback to development path
    let plugin_runtime_main =
        std::env::var("YAAK_PLUGIN_RUNTIME").map(PathBuf::from).unwrap_or_else(|_| {
            // Development fallback: look relative to crate root
            PathBuf::from(env!("CARGO_MANIFEST_DIR"))
                .join("../../crates-tauri/yaak-app/vendored/plugin-runtime/index.cjs")
        });
    // Create plugin manager (plugins may not be available in CLI context)
    let plugin_manager = Arc::new(
        PluginManager::new(
            vendored_plugin_dir,
            installed_plugin_dir,
            node_bin_path,
            plugin_runtime_main,
            false,
        )
        .await,
    );
-    // Initialize plugins from database
+    let context = CliContext::initialize(data_dir, app_id, needs_plugins).await;
-    let plugins = db.list_plugins().unwrap_or_default();
+
-    if !plugins.is_empty() {
+    let exit_code = match command {
-        let errors =
+        Commands::Send(args) => {
-            plugin_manager.initialize_all_plugins(plugins, &PluginContext::new_empty()).await;
+            commands::send::run(&context, args, environment.as_deref(), verbose).await
        for (plugin_dir, error_msg) in errors {
            eprintln!("Warning: Failed to initialize plugin '{}': {}", plugin_dir, error_msg);
        }
        Commands::Workspace(args) => commands::workspace::run(&context, args),
        Commands::Request(args) => {
            commands::request::run(&context, args, environment.as_deref(), verbose).await
        }
        Commands::Folder(args) => commands::folder::run(&context, args),
        Commands::Environment(args) => commands::environment::run(&context, args),
    };
    context.shutdown().await;
    if exit_code != 0 {
        std::process::exit(exit_code);
    }
    match cli.command {
        Commands::Workspaces => {
            let workspaces = db.list_workspaces().expect("Failed to list workspaces");
            if workspaces.is_empty() {
                println!("No workspaces found");
            } else {
                for ws in workspaces {
                    println!("{} - {}", ws.id, ws.name);
                }
            }
        }
        Commands::Requests { workspace_id } => {
            let requests = db.list_http_requests(&workspace_id).expect("Failed to list requests");
            if requests.is_empty() {
                println!("No requests found in workspace {}", workspace_id);
            } else {
                for req in requests {
                    println!("{} - {} {}", req.id, req.method, req.name);
                }
            }
        }
        Commands::Send { request_id } => {
            let request = db.get_http_request(&request_id).expect("Failed to get request");
            // Resolve environment chain for variable substitution
            let environment_chain = db
                .resolve_environments(
                    &request.workspace_id,
                    request.folder_id.as_deref(),
                    cli.environment.as_deref(),
                )
                .unwrap_or_default();
            // Create template callback with plugin support
            let plugin_context = PluginContext::new(None, Some(request.workspace_id.clone()));
            let template_callback = PluginTemplateCallback::new(
                plugin_manager.clone(),
                encryption_manager.clone(),
                &plugin_context,
                RenderPurpose::Send,
            );
            // Render templates in the request
            let rendered_request = render_http_request(
                &request,
                environment_chain,
                &template_callback,
                &RenderOptions::throw(),
            )
            .await
            .expect("Failed to render request templates");
            if cli.verbose {
                println!("> {} {}", rendered_request.method, rendered_request.url);
            }
            // Convert to sendable request
            let sendable = SendableHttpRequest::from_http_request(
                &rendered_request,
                SendableHttpRequestOptions::default(),
            )
            .await
            .expect("Failed to build request");
            // Create event channel for progress
            let (event_tx, mut event_rx) = mpsc::channel(100);
            // Spawn task to print events if verbose
            let verbose = cli.verbose;
            let verbose_handle = if verbose {
                Some(tokio::spawn(async move {
                    while let Some(event) = event_rx.recv().await {
                        println!("{}", event);
                    }
                }))
            } else {
                // Drain events silently
                tokio::spawn(async move { while event_rx.recv().await.is_some() {} });
                None
            };
            // Send the request
            let sender = ReqwestSender::new().expect("Failed to create HTTP client");
            let response = sender.send(sendable, event_tx).await.expect("Failed to send request");
            // Wait for event handler to finish
            if let Some(handle) = verbose_handle {
                let _ = handle.await;
            }
            // Print response
            if verbose {
                println!();
            }
            println!(
                "HTTP {} {}",
                response.status,
                response.status_reason.as_deref().unwrap_or("")
            );
            if verbose {
                for (name, value) in &response.headers {
                    println!("{}: {}", name, value);
                }
                println!();
            }
            // Print body
            let (body, _stats) = response.text().await.expect("Failed to read response body");
            println!("{}", body);
        }
        Commands::Get { url } => {
            if cli.verbose {
                println!("> GET {}", url);
            }
            // Build a simple GET request
            let sendable = SendableHttpRequest {
                url: url.clone(),
                method: "GET".to_string(),
                headers: vec![],
                body: None,
                options: SendableHttpRequestOptions::default(),
            };
            // Create event channel for progress
            let (event_tx, mut event_rx) = mpsc::channel(100);
            // Spawn task to print events if verbose
            let verbose = cli.verbose;
            let verbose_handle = if verbose {
                Some(tokio::spawn(async move {
                    while let Some(event) = event_rx.recv().await {
                        println!("{}", event);
                    }
                }))
            } else {
                tokio::spawn(async move { while event_rx.recv().await.is_some() {} });
                None
            };
            // Send the request
            let sender = ReqwestSender::new().expect("Failed to create HTTP client");
            let response = sender.send(sendable, event_tx).await.expect("Failed to send request");
            if let Some(handle) = verbose_handle {
                let _ = handle.await;
            }
            // Print response
            if verbose {
                println!();
            }
            println!(
                "HTTP {} {}",
                response.status,
                response.status_reason.as_deref().unwrap_or("")
            );
            if verbose {
                for (name, value) in &response.headers {
                    println!("{}: {}", name, value);
                }
                println!();
            }
            // Print body
            let (body, _stats) = response.text().await.expect("Failed to read response body");
            println!("{}", body);
        }
        Commands::Create { workspace_id, name, method, url } => {
            let request = HttpRequest {
                workspace_id,
                name,
                method: method.to_uppercase(),
                url,
                ..Default::default()
            };
            let created = db
                .upsert_http_request(&request, &UpdateSource::Sync)
                .expect("Failed to create request");
            println!("Created request: {}", created.id);
        }
    }
    // Terminate plugin manager gracefully
    plugin_manager.terminate().await;
 }
--- a/crates-cli/yaak-cli/src/utils/confirm.rs
+++ b/crates-cli/yaak-cli/src/utils/confirm.rs
@@ -0,0 +1,16 @@
 use std::io::{self, IsTerminal, Write};
 pub fn confirm_delete(resource_name: &str, resource_id: &str) -> bool {
    if !io::stdin().is_terminal() {
        eprintln!("Refusing to delete in non-interactive mode without --yes");
        std::process::exit(1);
    }
    print!("Delete {resource_name} {resource_id}? [y/N]: ");
    io::stdout().flush().expect("Failed to flush stdout");
    let mut input = String::new();
    io::stdin().read_line(&mut input).expect("Failed to read confirmation");
    matches!(input.trim().to_lowercase().as_str(), "y" | "yes")
 }
--- a/crates-cli/yaak-cli/src/utils/json.rs
+++ b/crates-cli/yaak-cli/src/utils/json.rs
@@ -0,0 +1,110 @@
 use serde::Serialize;
 use serde::de::DeserializeOwned;
 use serde_json::{Map, Value};
 type JsonResult<T> = std::result::Result<T, String>;
 pub fn is_json_shorthand(input: &str) -> bool {
    input.trim_start().starts_with('{')
 }
 pub fn parse_json_object(raw: &str, context: &str) -> JsonResult<Value> {
    let value: Value = serde_json::from_str(raw)
        .map_err(|error| format!("Invalid JSON for {context}: {error}"))?;
    if !value.is_object() {
        return Err(format!("JSON payload for {context} must be an object"));
    }
    Ok(value)
 }
 pub fn parse_optional_json(
    json_flag: Option<String>,
    json_shorthand: Option<String>,
    context: &str,
 ) -> JsonResult<Option<Value>> {
    match (json_flag, json_shorthand) {
        (Some(_), Some(_)) => Err(format!(
            "Cannot provide both --json and positional JSON for {context}"
        )),
        (Some(raw), None) => parse_json_object(&raw, context).map(Some),
        (None, Some(raw)) => parse_json_object(&raw, context).map(Some),
        (None, None) => Ok(None),
    }
 }
 pub fn parse_required_json(
    json_flag: Option<String>,
    json_shorthand: Option<String>,
    context: &str,
 ) -> JsonResult<Value> {
    parse_optional_json(json_flag, json_shorthand, context)?.ok_or_else(|| {
        format!("Missing JSON payload for {context}. Use --json or positional JSON")
    })
 }
 pub fn require_id(payload: &Value, context: &str) -> JsonResult<String> {
    payload
        .get("id")
        .and_then(|value| value.as_str())
        .filter(|value| !value.is_empty())
        .map(|value| value.to_string())
        .ok_or_else(|| format!("{context} requires a non-empty \"id\" field"))
 }
 pub fn validate_create_id(payload: &Value, context: &str) -> JsonResult<()> {
    let Some(id_value) = payload.get("id") else {
        return Ok(());
    };
    match id_value {
        Value::String(id) if id.is_empty() => Ok(()),
        _ => Err(format!(
            "{context} create JSON must omit \"id\" or set it to an empty string"
        )),
    }
 }
 pub fn apply_merge_patch<T>(existing: &T, patch: &Value, id: &str, context: &str) -> JsonResult<T>
 where
    T: Serialize + DeserializeOwned,
 {
    let mut base = serde_json::to_value(existing)
        .map_err(|error| format!("Failed to serialize existing model for {context}: {error}"))?;
    merge_patch(&mut base, patch);
    let Some(base_object) = base.as_object_mut() else {
        return Err(format!("Merged payload for {context} must be an object"));
    };
    base_object.insert("id".to_string(), Value::String(id.to_string()));
    serde_json::from_value(base)
        .map_err(|error| format!("Failed to deserialize merged payload for {context}: {error}"))
 }
 fn merge_patch(target: &mut Value, patch: &Value) {
    match patch {
        Value::Object(patch_map) => {
            if !target.is_object() {
                *target = Value::Object(Map::new());
            }
            let target_map =
                target.as_object_mut().expect("merge_patch target expected to be object");
            for (key, patch_value) in patch_map {
                if patch_value.is_null() {
                    target_map.remove(key);
                    continue;
                }
                let target_entry = target_map.entry(key.clone()).or_insert(Value::Null);
                merge_patch(target_entry, patch_value);
            }
        }
        _ => {
            *target = patch.clone();
        }
    }
 }
--- a/crates-cli/yaak-cli/src/utils/mod.rs
+++ b/crates-cli/yaak-cli/src/utils/mod.rs
@@ -0,0 +1,2 @@
 pub mod confirm;
 pub mod json;
--- a/crates-cli/yaak-cli/tests/common/http_server.rs
+++ b/crates-cli/yaak-cli/tests/common/http_server.rs
@@ -0,0 +1,42 @@
 use std::io::{Read, Write};
 use std::net::TcpListener;
 use std::thread;
 pub struct TestHttpServer {
    pub url: String,
    handle: Option<thread::JoinHandle<()>>,
 }
 impl TestHttpServer {
    pub fn spawn_ok(body: &'static str) -> Self {
        let listener = TcpListener::bind("127.0.0.1:0").expect("Failed to bind test HTTP server");
        let addr = listener.local_addr().expect("Failed to get local addr");
        let url = format!("http://{addr}/test");
        let body_bytes = body.as_bytes().to_vec();
        let handle = thread::spawn(move || {
            if let Ok((mut stream, _)) = listener.accept() {
                let mut request_buf = [0u8; 4096];
                let _ = stream.read(&mut request_buf);
                let response = format!(
                    "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: {}\r\nConnection: close\r\n\r\n",
                    body_bytes.len()
                );
                let _ = stream.write_all(response.as_bytes());
                let _ = stream.write_all(&body_bytes);
                let _ = stream.flush();
            }
        });
        Self { url, handle: Some(handle) }
    }
 }
 impl Drop for TestHttpServer {
    fn drop(&mut self) {
        if let Some(handle) = self.handle.take() {
            let _ = handle.join();
        }
    }
 }
--- a/crates-cli/yaak-cli/tests/common/mod.rs
+++ b/crates-cli/yaak-cli/tests/common/mod.rs
@@ -0,0 +1,62 @@
 #![allow(dead_code)]
 pub mod http_server;
 use assert_cmd::Command;
 use assert_cmd::cargo::cargo_bin_cmd;
 use std::path::Path;
 use yaak_models::models::{HttpRequest, Workspace};
 use yaak_models::query_manager::QueryManager;
 use yaak_models::util::UpdateSource;
 pub fn cli_cmd(data_dir: &Path) -> Command {
    let mut cmd = cargo_bin_cmd!("yaakcli");
    cmd.arg("--data-dir").arg(data_dir);
    cmd
 }
 pub fn parse_created_id(stdout: &[u8], label: &str) -> String {
    String::from_utf8_lossy(stdout)
        .trim()
        .split_once(": ")
        .map(|(_, id)| id.to_string())
        .unwrap_or_else(|| panic!("Expected id in '{label}' output"))
 }
 pub fn query_manager(data_dir: &Path) -> QueryManager {
    let db_path = data_dir.join("db.sqlite");
    let blob_path = data_dir.join("blobs.sqlite");
    let (query_manager, _blob_manager, _rx) =
        yaak_models::init_standalone(&db_path, &blob_path).expect("Failed to initialize DB");
    query_manager
 }
 pub fn seed_workspace(data_dir: &Path, workspace_id: &str) {
    let workspace = Workspace {
        id: workspace_id.to_string(),
        name: "Seed Workspace".to_string(),
        description: "Seeded for integration tests".to_string(),
        ..Default::default()
    };
    query_manager(data_dir)
        .connect()
        .upsert_workspace(&workspace, &UpdateSource::Sync)
        .expect("Failed to seed workspace");
 }
 pub fn seed_request(data_dir: &Path, workspace_id: &str, request_id: &str) {
    let request = HttpRequest {
        id: request_id.to_string(),
        workspace_id: workspace_id.to_string(),
        name: "Seeded Request".to_string(),
        method: "GET".to_string(),
        url: "https://example.com".to_string(),
        ..Default::default()
    };
    query_manager(data_dir)
        .connect()
        .upsert_http_request(&request, &UpdateSource::Sync)
        .expect("Failed to seed request");
 }
--- a/crates-cli/yaak-cli/tests/environment_commands.rs
+++ b/crates-cli/yaak-cli/tests/environment_commands.rs
@@ -0,0 +1,80 @@
 mod common;
 use common::{cli_cmd, parse_created_id, query_manager, seed_workspace};
 use predicates::str::contains;
 use tempfile::TempDir;
 #[test]
 fn create_list_show_delete_round_trip() {
    let temp_dir = TempDir::new().expect("Failed to create temp dir");
    let data_dir = temp_dir.path();
    seed_workspace(data_dir, "wk_test");
    cli_cmd(data_dir)
        .args(["environment", "list", "wk_test"])
        .assert()
        .success()
        .stdout(contains("Global Variables"));
    let create_assert = cli_cmd(data_dir)
        .args(["environment", "create", "wk_test", "--name", "Production"])
        .assert()
        .success();
    let environment_id = parse_created_id(&create_assert.get_output().stdout, "environment create");
    cli_cmd(data_dir)
        .args(["environment", "list", "wk_test"])
        .assert()
        .success()
        .stdout(contains(&environment_id))
        .stdout(contains("Production"));
    cli_cmd(data_dir)
        .args(["environment", "show", &environment_id])
        .assert()
        .success()
        .stdout(contains(format!("\"id\": \"{environment_id}\"")))
        .stdout(contains("\"parentModel\": \"environment\""));
    cli_cmd(data_dir)
        .args(["environment", "delete", &environment_id, "--yes"])
        .assert()
        .success()
        .stdout(contains(format!("Deleted environment: {environment_id}")));
    assert!(query_manager(data_dir).connect().get_environment(&environment_id).is_err());
 }
 #[test]
 fn json_create_and_update_merge_patch_round_trip() {
    let temp_dir = TempDir::new().expect("Failed to create temp dir");
    let data_dir = temp_dir.path();
    seed_workspace(data_dir, "wk_test");
    let create_assert = cli_cmd(data_dir)
        .args([
            "environment",
            "create",
            r#"{"workspaceId":"wk_test","name":"Json Environment"}"#,
        ])
        .assert()
        .success();
    let environment_id = parse_created_id(&create_assert.get_output().stdout, "environment create");
    cli_cmd(data_dir)
        .args([
            "environment",
            "update",
            &format!(r##"{{"id":"{}","color":"#00ff00"}}"##, environment_id),
        ])
        .assert()
        .success()
        .stdout(contains(format!("Updated environment: {environment_id}")));
    cli_cmd(data_dir)
        .args(["environment", "show", &environment_id])
        .assert()
        .success()
        .stdout(contains("\"name\": \"Json Environment\""))
        .stdout(contains("\"color\": \"#00ff00\""));
 }
--- a/crates-cli/yaak-cli/tests/folder_commands.rs
+++ b/crates-cli/yaak-cli/tests/folder_commands.rs
@@ -0,0 +1,74 @@
 mod common;
 use common::{cli_cmd, parse_created_id, query_manager, seed_workspace};
 use predicates::str::contains;
 use tempfile::TempDir;
 #[test]
 fn create_list_show_delete_round_trip() {
    let temp_dir = TempDir::new().expect("Failed to create temp dir");
    let data_dir = temp_dir.path();
    seed_workspace(data_dir, "wk_test");
    let create_assert = cli_cmd(data_dir)
        .args(["folder", "create", "wk_test", "--name", "Auth"])
        .assert()
        .success();
    let folder_id = parse_created_id(&create_assert.get_output().stdout, "folder create");
    cli_cmd(data_dir)
        .args(["folder", "list", "wk_test"])
        .assert()
        .success()
        .stdout(contains(&folder_id))
        .stdout(contains("Auth"));
    cli_cmd(data_dir)
        .args(["folder", "show", &folder_id])
        .assert()
        .success()
        .stdout(contains(format!("\"id\": \"{folder_id}\"")))
        .stdout(contains("\"workspaceId\": \"wk_test\""));
    cli_cmd(data_dir)
        .args(["folder", "delete", &folder_id, "--yes"])
        .assert()
        .success()
        .stdout(contains(format!("Deleted folder: {folder_id}")));
    assert!(query_manager(data_dir).connect().get_folder(&folder_id).is_err());
 }
 #[test]
 fn json_create_and_update_merge_patch_round_trip() {
    let temp_dir = TempDir::new().expect("Failed to create temp dir");
    let data_dir = temp_dir.path();
    seed_workspace(data_dir, "wk_test");
    let create_assert = cli_cmd(data_dir)
        .args([
            "folder",
            "create",
            r#"{"workspaceId":"wk_test","name":"Json Folder"}"#,
        ])
        .assert()
        .success();
    let folder_id = parse_created_id(&create_assert.get_output().stdout, "folder create");
    cli_cmd(data_dir)
        .args([
            "folder",
            "update",
            &format!(r#"{{"id":"{}","description":"Folder Description"}}"#, folder_id),
        ])
        .assert()
        .success()
        .stdout(contains(format!("Updated folder: {folder_id}")));
    cli_cmd(data_dir)
        .args(["folder", "show", &folder_id])
        .assert()
        .success()
        .stdout(contains("\"name\": \"Json Folder\""))
        .stdout(contains("\"description\": \"Folder Description\""));
 }
--- a/crates-cli/yaak-cli/tests/request_commands.rs
+++ b/crates-cli/yaak-cli/tests/request_commands.rs
@@ -0,0 +1,179 @@
 mod common;
 use common::http_server::TestHttpServer;
 use common::{cli_cmd, parse_created_id, query_manager, seed_request, seed_workspace};
 use predicates::str::contains;
 use tempfile::TempDir;
 use yaak_models::models::HttpResponseState;
 #[test]
 fn show_and_delete_yes_round_trip() {
    let temp_dir = TempDir::new().expect("Failed to create temp dir");
    let data_dir = temp_dir.path();
    seed_workspace(data_dir, "wk_test");
    let create_assert = cli_cmd(data_dir)
        .args([
            "request",
            "create",
            "wk_test",
            "--name",
            "Smoke Test",
            "--url",
            "https://example.com",
        ])
        .assert()
        .success();
    let request_id = parse_created_id(&create_assert.get_output().stdout, "request create");
    cli_cmd(data_dir)
        .args(["request", "show", &request_id])
        .assert()
        .success()
        .stdout(contains(format!("\"id\": \"{request_id}\"")))
        .stdout(contains("\"workspaceId\": \"wk_test\""));
    cli_cmd(data_dir)
        .args(["request", "delete", &request_id, "--yes"])
        .assert()
        .success()
        .stdout(contains(format!("Deleted request: {request_id}")));
    assert!(query_manager(data_dir).connect().get_http_request(&request_id).is_err());
 }
 #[test]
 fn delete_without_yes_fails_in_non_interactive_mode() {
    let temp_dir = TempDir::new().expect("Failed to create temp dir");
    let data_dir = temp_dir.path();
    seed_workspace(data_dir, "wk_test");
    seed_request(data_dir, "wk_test", "rq_seed_delete_noninteractive");
    cli_cmd(data_dir)
        .args(["request", "delete", "rq_seed_delete_noninteractive"])
        .assert()
        .failure()
        .code(1)
        .stderr(contains("Refusing to delete in non-interactive mode without --yes"));
    assert!(
        query_manager(data_dir).connect().get_http_request("rq_seed_delete_noninteractive").is_ok()
    );
 }
 #[test]
 fn json_create_and_update_merge_patch_round_trip() {
    let temp_dir = TempDir::new().expect("Failed to create temp dir");
    let data_dir = temp_dir.path();
    seed_workspace(data_dir, "wk_test");
    let create_assert = cli_cmd(data_dir)
        .args([
            "request",
            "create",
            r#"{"workspaceId":"wk_test","name":"Json Request","url":"https://example.com"}"#,
        ])
        .assert()
        .success();
    let request_id = parse_created_id(&create_assert.get_output().stdout, "request create");
    cli_cmd(data_dir)
        .args([
            "request",
            "update",
            &format!(r#"{{"id":"{}","name":"Renamed Request"}}"#, request_id),
        ])
        .assert()
        .success()
        .stdout(contains(format!("Updated request: {request_id}")));
    cli_cmd(data_dir)
        .args(["request", "show", &request_id])
        .assert()
        .success()
        .stdout(contains("\"name\": \"Renamed Request\""))
        .stdout(contains("\"url\": \"https://example.com\""));
 }
 #[test]
 fn update_requires_id_in_json_payload() {
    let temp_dir = TempDir::new().expect("Failed to create temp dir");
    let data_dir = temp_dir.path();
    cli_cmd(data_dir)
        .args(["request", "update", r#"{"name":"No ID"}"#])
        .assert()
        .failure()
        .stderr(contains("request update requires a non-empty \"id\" field"));
 }
 #[test]
 fn create_allows_workspace_only_with_empty_defaults() {
    let temp_dir = TempDir::new().expect("Failed to create temp dir");
    let data_dir = temp_dir.path();
    seed_workspace(data_dir, "wk_test");
    let create_assert =
        cli_cmd(data_dir).args(["request", "create", "wk_test"]).assert().success();
    let request_id = parse_created_id(&create_assert.get_output().stdout, "request create");
    let request = query_manager(data_dir)
        .connect()
        .get_http_request(&request_id)
        .expect("Failed to load created request");
    assert_eq!(request.workspace_id, "wk_test");
    assert_eq!(request.method, "GET");
    assert_eq!(request.name, "");
    assert_eq!(request.url, "");
 }
 #[test]
 fn request_send_persists_response_body_and_events() {
    let temp_dir = TempDir::new().expect("Failed to create temp dir");
    let data_dir = temp_dir.path();
    seed_workspace(data_dir, "wk_test");
    let server = TestHttpServer::spawn_ok("hello from integration test");
    let create_assert = cli_cmd(data_dir)
        .args([
            "request",
            "create",
            "wk_test",
            "--name",
            "Send Test",
            "--url",
            &server.url,
        ])
        .assert()
        .success();
    let request_id = parse_created_id(&create_assert.get_output().stdout, "request create");
    cli_cmd(data_dir)
        .args(["request", "send", &request_id])
        .assert()
        .success()
        .stdout(contains("HTTP 200 OK"))
        .stdout(contains("hello from integration test"));
    let qm = query_manager(data_dir);
    let db = qm.connect();
    let responses =
        db.list_http_responses_for_request(&request_id, None).expect("Failed to load responses");
    assert_eq!(responses.len(), 1, "expected exactly one persisted response");
    let response = &responses[0];
    assert_eq!(response.status, 200);
    assert!(matches!(response.state, HttpResponseState::Closed));
    assert!(response.error.is_none());
    let body_path =
        response.body_path.as_ref().expect("expected persisted response body path").to_string();
    let body = std::fs::read_to_string(&body_path).expect("Failed to read response body file");
    assert_eq!(body, "hello from integration test");
    let events =
        db.list_http_response_events(&response.id).expect("Failed to load response events");
    assert!(!events.is_empty(), "expected at least one persisted response event");
 }
--- a/crates-cli/yaak-cli/tests/workspace_commands.rs
+++ b/crates-cli/yaak-cli/tests/workspace_commands.rs
@@ -0,0 +1,59 @@
 mod common;
 use common::{cli_cmd, parse_created_id, query_manager};
 use predicates::str::contains;
 use tempfile::TempDir;
 #[test]
 fn create_show_delete_round_trip() {
    let temp_dir = TempDir::new().expect("Failed to create temp dir");
    let data_dir = temp_dir.path();
    let create_assert =
        cli_cmd(data_dir).args(["workspace", "create", "--name", "WS One"]).assert().success();
    let workspace_id = parse_created_id(&create_assert.get_output().stdout, "workspace create");
    cli_cmd(data_dir)
        .args(["workspace", "show", &workspace_id])
        .assert()
        .success()
        .stdout(contains(format!("\"id\": \"{workspace_id}\"")))
        .stdout(contains("\"name\": \"WS One\""));
    cli_cmd(data_dir)
        .args(["workspace", "delete", &workspace_id, "--yes"])
        .assert()
        .success()
        .stdout(contains(format!("Deleted workspace: {workspace_id}")));
    assert!(query_manager(data_dir).connect().get_workspace(&workspace_id).is_err());
 }
 #[test]
 fn json_create_and_update_merge_patch_round_trip() {
    let temp_dir = TempDir::new().expect("Failed to create temp dir");
    let data_dir = temp_dir.path();
    let create_assert = cli_cmd(data_dir)
        .args(["workspace", "create", r#"{"name":"Json Workspace"}"#])
        .assert()
        .success();
    let workspace_id = parse_created_id(&create_assert.get_output().stdout, "workspace create");
    cli_cmd(data_dir)
        .args([
            "workspace",
            "update",
            &format!(r#"{{"id":"{}","description":"Updated via JSON"}}"#, workspace_id),
        ])
        .assert()
        .success()
        .stdout(contains(format!("Updated workspace: {workspace_id}")));
    cli_cmd(data_dir)
        .args(["workspace", "show", &workspace_id])
        .assert()
        .success()
        .stdout(contains("\"name\": \"Json Workspace\""))
        .stdout(contains("\"description\": \"Updated via JSON\""));
 }
--- a/crates-tauri/yaak-app/Cargo.toml
+++ b/crates-tauri/yaak-app/Cargo.toml
@@ -57,9 +57,11 @@ url = "2"
 tokio-util = { version = "0.7", features = ["codec"] }
 ts-rs = { workspace = true }
 uuid = "1.12.1"
 yaak-api = { workspace = true }
 yaak-common = { workspace = true }
 yaak-tauri-utils = { workspace = true }
 yaak-core = { workspace = true }
 yaak = { workspace = true }
 yaak-crypto = { workspace = true }
 yaak-fonts = { workspace = true }
 yaak-git = { workspace = true }
--- a/crates-tauri/yaak-app/src/commands.rs
+++ b/crates-tauri/yaak-app/src/commands.rs
@@ -2,7 +2,6 @@ use crate::PluginContextExt;
 use crate::error::Result;
 use std::sync::Arc;
 use tauri::{AppHandle, Manager, Runtime, State, WebviewWindow, command};
 use tauri_plugin_dialog::{DialogExt, MessageDialogKind};
 use yaak_crypto::manager::EncryptionManager;
 use yaak_models::models::HttpRequestHeader;
 use yaak_models::queries::workspaces::default_headers;
@@ -23,20 +22,6 @@ impl<'a, R: Runtime, M: Manager<R>> EncryptionManagerExt<'a, R> for M {
    }
 }
 #[command]
 pub(crate) async fn cmd_show_workspace_key<R: Runtime>(
    window: WebviewWindow<R>,
    workspace_id: &str,
 ) -> Result<()> {
    let key = window.crypto().reveal_workspace_key(workspace_id)?;
    window
        .dialog()
        .message(format!("Your workspace key is \n\n{}", key))
        .kind(MessageDialogKind::Info)
        .show(|_v| {});
    Ok(())
 }
 #[command]
 pub(crate) async fn cmd_decrypt_template<R: Runtime>(
    window: WebviewWindow<R>,
--- a/crates-tauri/yaak-app/src/error.rs
+++ b/crates-tauri/yaak-app/src/error.rs
@@ -36,7 +36,7 @@ pub enum Error {
    PluginError(#[from] yaak_plugins::error::Error),
    #[error(transparent)]
-    TauriUtilsError(#[from] yaak_tauri_utils::error::Error),
+    ApiError(#[from] yaak_api::Error),
    #[error(transparent)]
    ClipboardError(#[from] tauri_plugin_clipboard_manager::Error),
--- a/crates-tauri/yaak-app/src/git_ext.rs
+++ b/crates-tauri/yaak-app/src/git_ext.rs
@@ -9,8 +9,8 @@ use yaak_git::{
    BranchDeleteResult, CloneResult, GitCommit, GitRemote, GitStatusSummary, PullResult,
    PushResult, git_add, git_add_credential, git_add_remote, git_checkout_branch, git_clone,
    git_commit, git_create_branch, git_delete_branch, git_delete_remote_branch, git_fetch_all,
-    git_init, git_log, git_merge_branch, git_pull, git_push, git_remotes, git_rename_branch,
+    git_init, git_log, git_merge_branch, git_pull, git_pull_force_reset, git_pull_merge, git_push,
-    git_rm_remote, git_status, git_unstage,
+    git_remotes, git_rename_branch, git_reset_changes, git_rm_remote, git_status, git_unstage,
 };
 // NOTE: All of these commands are async to prevent blocking work from locking up the UI
@@ -89,6 +89,20 @@ pub async fn cmd_git_pull(dir: &Path) -> Result<PullResult> {
    Ok(git_pull(dir).await?)
 }
 #[command]
 pub async fn cmd_git_pull_force_reset(
    dir: &Path,
    remote: &str,
    branch: &str,
 ) -> Result<PullResult> {
    Ok(git_pull_force_reset(dir, remote, branch).await?)
 }
 #[command]
 pub async fn cmd_git_pull_merge(dir: &Path, remote: &str, branch: &str) -> Result<PullResult> {
    Ok(git_pull_merge(dir, remote, branch).await?)
 }
 #[command]
 pub async fn cmd_git_add(dir: &Path, rela_paths: Vec<PathBuf>) -> Result<()> {
    for path in rela_paths {
@@ -105,6 +119,11 @@ pub async fn cmd_git_unstage(dir: &Path, rela_paths: Vec<PathBuf>) -> Result<()>
    Ok(())
 }
 #[command]
 pub async fn cmd_git_reset_changes(dir: &Path) -> Result<()> {
    Ok(git_reset_changes(dir).await?)
 }
 #[command]
 pub async fn cmd_git_add_credential(
    remote_url: &str,
--- a/crates-tauri/yaak-app/src/http_request.rs
+++ b/crates-tauri/yaak-app/src/http_request.rs
@@ -3,45 +3,18 @@ use crate::error::Error::GenericError;
 use crate::error::Result;
 use crate::models_ext::BlobManagerExt;
 use crate::models_ext::QueryManagerExt;
-use crate::render::render_http_request;
+use log::warn;
 use log::{debug, warn};
 use std::pin::Pin;
 use std::sync::Arc;
-use std::sync::atomic::{AtomicI32, Ordering};
+use std::time::Instant;
 use std::time::{Duration, Instant};
 use tauri::{AppHandle, Manager, Runtime, WebviewWindow};
 use tokio::fs::{File, create_dir_all};
 use tokio::io::{AsyncRead, AsyncReadExt, AsyncWriteExt};
 use tokio::sync::watch::Receiver;
-use tokio_util::bytes::Bytes;
+use yaak::send::{SendHttpRequestWithPluginsParams, send_http_request_with_plugins};
 use yaak_crypto::manager::EncryptionManager;
-use yaak_http::client::{
+use yaak_http::manager::HttpConnectionManager;
-    HttpConnectionOptions, HttpConnectionProxySetting, HttpConnectionProxySettingAuth,
+use yaak_models::models::{CookieJar, Environment, HttpRequest, HttpResponse, HttpResponseState};
 };
 use yaak_http::cookies::CookieStore;
 use yaak_http::manager::{CachedClient, HttpConnectionManager};
 use yaak_http::sender::ReqwestSender;
 use yaak_http::tee_reader::TeeReader;
 use yaak_http::transaction::HttpTransaction;
 use yaak_http::types::{
    SendableBody, SendableHttpRequest, SendableHttpRequestOptions, append_query_params,
 };
 use yaak_models::blob_manager::BodyChunk;
 use yaak_models::models::{
    CookieJar, Environment, HttpRequest, HttpResponse, HttpResponseEvent, HttpResponseHeader,
    HttpResponseState, ProxySetting, ProxySettingAuth,
 };
 use yaak_models::util::UpdateSource;
-use yaak_plugins::events::{
+use yaak_plugins::events::PluginContext;
    CallHttpAuthenticationRequest, HttpHeader, PluginContext, RenderPurpose,
 };
 use yaak_plugins::manager::PluginManager;
 use yaak_plugins::template_callback::PluginTemplateCallback;
 use yaak_templates::RenderOptions;
 use yaak_tls::find_client_certificate;
 /// Chunk size for storing request bodies (1MB)
 const REQUEST_BODY_CHUNK_SIZE: usize = 1024 * 1024;
 /// Context for managing response state during HTTP transactions.
 /// Handles both persisted responses (stored in DB) and ephemeral responses (in-memory only).
@@ -168,135 +141,30 @@ async fn send_http_request_inner<R: Runtime>(
    let plugin_manager = Arc::new((*app_handle.state::<PluginManager>()).clone());
    let encryption_manager = Arc::new((*app_handle.state::<EncryptionManager>()).clone());
    let connection_manager = app_handle.state::<HttpConnectionManager>();
    let settings = window.db().get_settings();
    let workspace_id = &unrendered_request.workspace_id;
    let folder_id = unrendered_request.folder_id.as_deref();
    let environment_id = environment.map(|e| e.id);
-    let workspace = window.db().get_workspace(workspace_id)?;
+    let cookie_jar_id = cookie_jar.as_ref().map(|jar| jar.id.clone());
    let (resolved, auth_context_id) = resolve_http_request(window, unrendered_request)?;
    let cb = PluginTemplateCallback::new(
        plugin_manager.clone(),
        encryption_manager.clone(),
        &plugin_context,
        RenderPurpose::Send,
    );
    let env_chain =
        window.db().resolve_environments(&workspace.id, folder_id, environment_id.as_deref())?;
    let request = render_http_request(&resolved, env_chain, &cb, &RenderOptions::throw()).await?;
-    // Build the sendable request using the new SendableHttpRequest type
+    let response_dir = app_handle.path().app_data_dir()?.join("responses");
-    let options = SendableHttpRequestOptions {
+    let result = send_http_request_with_plugins(SendHttpRequestWithPluginsParams {
-        follow_redirects: workspace.setting_follow_redirects,
+        query_manager: app_handle.db_manager().inner(),
-        timeout: if workspace.setting_request_timeout > 0 {
+        blob_manager: app_handle.blob_manager().inner(),
-            Some(Duration::from_millis(workspace.setting_request_timeout.unsigned_abs() as u64))
+        request: unrendered_request.clone(),
-        } else {
+        environment_id: environment_id.as_deref(),
-            None
+        update_source: response_ctx.update_source.clone(),
-        },
+        cookie_jar_id,
-    };
+        response_dir: &response_dir,
-    let mut sendable_request = SendableHttpRequest::from_http_request(&request, options).await?;
+        emit_events_to: None,
-
+        existing_response: Some(response_ctx.response().clone()),
-    debug!("Sending request to {} {}", sendable_request.method, sendable_request.url);
+        plugin_manager,
-
+        encryption_manager,
    let proxy_setting = match settings.proxy {
        None => HttpConnectionProxySetting::System,
        Some(ProxySetting::Disabled) => HttpConnectionProxySetting::Disabled,
        Some(ProxySetting::Enabled { http, https, auth, bypass, disabled }) => {
            if disabled {
                HttpConnectionProxySetting::System
            } else {
                HttpConnectionProxySetting::Enabled {
                    http,
                    https,
                    bypass,
                    auth: match auth {
                        None => None,
                        Some(ProxySettingAuth { user, password }) => {
                            Some(HttpConnectionProxySettingAuth { user, password })
                        }
                    },
                }
            }
        }
    };
    let client_certificate =
        find_client_certificate(&sendable_request.url, &settings.client_certificates);
    // Create cookie store if a cookie jar is specified
    let maybe_cookie_store = match cookie_jar.clone() {
        Some(CookieJar { id, .. }) => {
            // NOTE: We need to refetch the cookie jar because a chained request might have
            //  updated cookies when we rendered the request.
            let cj = window.db().get_cookie_jar(&id)?;
            let cookie_store = CookieStore::from_cookies(cj.cookies.clone());
            Some((cookie_store, cj))
        }
        None => None,
    };
    let cached_client = connection_manager
        .get_client(&HttpConnectionOptions {
            id: plugin_context.id.clone(),
            validate_certificates: workspace.setting_validate_certificates,
            proxy: proxy_setting,
            client_certificate,
            dns_overrides: workspace.setting_dns_overrides.clone(),
        })
        .await?;
    // Apply authentication to the request
    apply_authentication(
        &window,
        &mut sendable_request,
        &request,
        auth_context_id,
        &plugin_manager,
        plugin_context,
-    )
+        cancelled_rx: Some(cancelled_rx.clone()),
-    .await?;
+        connection_manager: Some(connection_manager.inner()),
    })
    .await
    .map_err(|e| GenericError(e.to_string()))?;
-    let cookie_store = maybe_cookie_store.as_ref().map(|(cs, _)| cs.clone());
+    Ok(result.response)
    let result = execute_transaction(
        cached_client,
        sendable_request,
        response_ctx,
        cancelled_rx.clone(),
        cookie_store,
    )
    .await;
    // Wait for blob writing to complete and check for errors
    let final_result = match result {
        Ok((response, maybe_blob_write_handle)) => {
            // Check if blob writing failed
            if let Some(handle) = maybe_blob_write_handle {
                if let Ok(Err(e)) = handle.await {
                    // Update response with the storage error
                    let _ = response_ctx.update(|r| {
                        let error_msg =
                            format!("Request succeeded but failed to store request body: {}", e);
                        r.error = Some(match &r.error {
                            Some(existing) => format!("{}; {}", existing, error_msg),
                            None => error_msg,
                        });
                    });
                }
            }
            Ok(response)
        }
        Err(e) => Err(e),
    };
    // Persist cookies back to the database after the request completes
    if let Some((cookie_store, mut cj)) = maybe_cookie_store {
        let cookies = cookie_store.get_all_cookies();
        cj.cookies = cookies;
        if let Err(e) = window.db().upsert_cookie_jar(&cj, &UpdateSource::Background) {
            warn!("Failed to persist cookies to database: {}", e);
        }
    }
    final_result
 }
 pub fn resolve_http_request<R: Runtime>(
@@ -315,395 +183,3 @@ pub fn resolve_http_request<R: Runtime>(
    Ok((new_request, authentication_context_id))
 }
 async fn execute_transaction<R: Runtime>(
    cached_client: CachedClient,
    mut sendable_request: SendableHttpRequest,
    response_ctx: &mut ResponseContext<R>,
    mut cancelled_rx: Receiver<bool>,
    cookie_store: Option<CookieStore>,
 ) -> Result<(HttpResponse, Option<tauri::async_runtime::JoinHandle<Result<()>>>)> {
    let app_handle = &response_ctx.app_handle.clone();
    let response_id = response_ctx.response().id.clone();
    let workspace_id = response_ctx.response().workspace_id.clone();
    let is_persisted = response_ctx.is_persisted();
    // Keep a reference to the resolver for DNS timing events
    let resolver = cached_client.resolver.clone();
    let sender = ReqwestSender::with_client(cached_client.client);
    let transaction = match cookie_store {
        Some(cs) => HttpTransaction::with_cookie_store(sender, cs),
        None => HttpTransaction::new(sender),
    };
    let start = Instant::now();
    // Capture request headers before sending
    let request_headers: Vec<HttpResponseHeader> = sendable_request
        .headers
        .iter()
        .map(|(name, value)| HttpResponseHeader { name: name.clone(), value: value.clone() })
        .collect();
    // Update response with headers info
    response_ctx.update(|r| {
        r.url = sendable_request.url.clone();
        r.request_headers = request_headers;
    })?;
    // Create bounded channel for receiving events and spawn a task to store them in DB
    // Buffer size of 100 events provides back pressure if DB writes are slow
    let (event_tx, mut event_rx) =
        tokio::sync::mpsc::channel::<yaak_http::sender::HttpResponseEvent>(100);
    // Set the event sender on the DNS resolver so it can emit DNS timing events
    resolver.set_event_sender(Some(event_tx.clone())).await;
    // Shared state to capture DNS timing from the event processing task
    let dns_elapsed = Arc::new(AtomicI32::new(0));
    // Write events to DB in a task (only for persisted responses)
    if is_persisted {
        let response_id = response_id.clone();
        let app_handle = app_handle.clone();
        let update_source = response_ctx.update_source.clone();
        let workspace_id = workspace_id.clone();
        let dns_elapsed = dns_elapsed.clone();
        tokio::spawn(async move {
            while let Some(event) = event_rx.recv().await {
                // Capture DNS timing when we see a DNS event
                if let yaak_http::sender::HttpResponseEvent::DnsResolved { duration, .. } = &event {
                    dns_elapsed.store(*duration as i32, Ordering::SeqCst);
                }
                let db_event = HttpResponseEvent::new(&response_id, &workspace_id, event.into());
                let _ = app_handle.db().upsert_http_response_event(&db_event, &update_source);
            }
        });
    } else {
        // For ephemeral responses, just drain the events but still capture DNS timing
        let dns_elapsed = dns_elapsed.clone();
        tokio::spawn(async move {
            while let Some(event) = event_rx.recv().await {
                if let yaak_http::sender::HttpResponseEvent::DnsResolved { duration, .. } = &event {
                    dns_elapsed.store(*duration as i32, Ordering::SeqCst);
                }
            }
        });
    };
    // Capture request body as it's sent (only for persisted responses)
    let body_id = format!("{}.request", response_id);
    let maybe_blob_write_handle = match sendable_request.body {
        Some(SendableBody::Bytes(bytes)) => {
            if is_persisted {
                write_bytes_to_db_sync(response_ctx, &body_id, bytes.clone())?;
            }
            sendable_request.body = Some(SendableBody::Bytes(bytes));
            None
        }
        Some(SendableBody::Stream(stream)) => {
            // Wrap stream with TeeReader to capture data as it's read
            // Use unbounded channel to ensure all data is captured without blocking the HTTP request
            let (body_chunk_tx, body_chunk_rx) = tokio::sync::mpsc::unbounded_channel::<Vec<u8>>();
            let tee_reader = TeeReader::new(stream, body_chunk_tx);
            let pinned: Pin<Box<dyn AsyncRead + Send + 'static>> = Box::pin(tee_reader);
            let handle = if is_persisted {
                // Spawn task to write request body chunks to blob DB
                let app_handle = app_handle.clone();
                let response_id = response_id.clone();
                let workspace_id = workspace_id.clone();
                let body_id = body_id.clone();
                let update_source = response_ctx.update_source.clone();
                Some(tauri::async_runtime::spawn(async move {
                    write_stream_chunks_to_db(
                        app_handle,
                        &body_id,
                        &workspace_id,
                        &response_id,
                        &update_source,
                        body_chunk_rx,
                    )
                    .await
                }))
            } else {
                // For ephemeral responses, just drain the body chunks
                tauri::async_runtime::spawn(async move {
                    let mut rx = body_chunk_rx;
                    while rx.recv().await.is_some() {}
                });
                None
            };
            sendable_request.body = Some(SendableBody::Stream(pinned));
            handle
        }
        None => {
            sendable_request.body = None;
            None
        }
    };
    // Execute the transaction with cancellation support
    // This returns the response with headers, but body is not yet consumed
    // Events (headers, settings, chunks) are sent through the channel
    let mut http_response = transaction
        .execute_with_cancellation(sendable_request, cancelled_rx.clone(), event_tx)
        .await?;
    // Prepare the response path before consuming the body
    let body_path = if response_id.is_empty() {
        // Ephemeral responses: use OS temp directory for automatic cleanup
        let temp_dir = std::env::temp_dir().join("yaak-ephemeral-responses");
        create_dir_all(&temp_dir).await?;
        temp_dir.join(uuid::Uuid::new_v4().to_string())
    } else {
        // Persisted responses: use app data directory
        let dir = app_handle.path().app_data_dir()?;
        let base_dir = dir.join("responses");
        create_dir_all(&base_dir).await?;
        base_dir.join(&response_id)
    };
    // Extract metadata before consuming the body (headers are available immediately)
    // Url might change, so update again
    response_ctx.update(|r| {
        r.body_path = Some(body_path.to_string_lossy().to_string());
        r.elapsed_headers = start.elapsed().as_millis() as i32;
        r.status = http_response.status as i32;
        r.status_reason = http_response.status_reason.clone();
        r.url = http_response.url.clone();
        r.remote_addr = http_response.remote_addr.clone();
        r.version = http_response.version.clone();
        r.headers = http_response
            .headers
            .iter()
            .map(|(name, value)| HttpResponseHeader { name: name.clone(), value: value.clone() })
            .collect();
        r.content_length = http_response.content_length.map(|l| l as i32);
        r.state = HttpResponseState::Connected;
        r.request_headers = http_response
            .request_headers
            .iter()
            .map(|(n, v)| HttpResponseHeader { name: n.clone(), value: v.clone() })
            .collect();
    })?;
    // Get the body stream for manual consumption
    let mut body_stream = http_response.into_body_stream()?;
    // Open file for writing
    let mut file = File::options()
        .create(true)
        .truncate(true)
        .write(true)
        .open(&body_path)
        .await
        .map_err(|e| GenericError(format!("Failed to open file: {}", e)))?;
    // Stream body to file, with throttled DB updates to avoid excessive writes
    let mut written_bytes: usize = 0;
    let mut last_update_time = start;
    let mut buf = [0u8; 8192];
    // Throttle settings: update DB at most every 100ms
    const UPDATE_INTERVAL_MS: u128 = 100;
    loop {
        // Check for cancellation. If we already have headers/body, just close cleanly without error
        if *cancelled_rx.borrow() {
            break;
        }
        // Use select! to race between reading and cancellation, so cancellation is immediate
        let read_result = tokio::select! {
            biased;
            _ = cancelled_rx.changed() => {
                break;
            }
            result = body_stream.read(&mut buf) => result,
        };
        match read_result {
            Ok(0) => break, // EOF
            Ok(n) => {
                file.write_all(&buf[..n])
                    .await
                    .map_err(|e| GenericError(format!("Failed to write to file: {}", e)))?;
                file.flush()
                    .await
                    .map_err(|e| GenericError(format!("Failed to flush file: {}", e)))?;
                written_bytes += n;
                // Throttle DB updates: only update if enough time has passed
                let now = Instant::now();
                let elapsed_since_update = now.duration_since(last_update_time).as_millis();
                if elapsed_since_update >= UPDATE_INTERVAL_MS {
                    response_ctx.update(|r| {
                        r.elapsed = start.elapsed().as_millis() as i32;
                        r.content_length = Some(written_bytes as i32);
                    })?;
                    last_update_time = now;
                }
            }
            Err(e) => {
                return Err(GenericError(format!("Failed to read response body: {}", e)));
            }
        }
    }
    // Final update with closed state and accurate byte count
    response_ctx.update(|r| {
        r.elapsed = start.elapsed().as_millis() as i32;
        r.elapsed_dns = dns_elapsed.load(Ordering::SeqCst);
        r.content_length = Some(written_bytes as i32);
        r.state = HttpResponseState::Closed;
    })?;
    // Clear the event sender from the resolver since this request is done
    resolver.set_event_sender(None).await;
    Ok((response_ctx.response().clone(), maybe_blob_write_handle))
 }
 fn write_bytes_to_db_sync<R: Runtime>(
    response_ctx: &mut ResponseContext<R>,
    body_id: &str,
    data: Bytes,
 ) -> Result<()> {
    if data.is_empty() {
        return Ok(());
    }
    // Write in chunks if data is large
    let mut offset = 0;
    let mut chunk_index = 0;
    while offset < data.len() {
        let end = std::cmp::min(offset + REQUEST_BODY_CHUNK_SIZE, data.len());
        let chunk_data = data.slice(offset..end).to_vec();
        let chunk = BodyChunk::new(body_id, chunk_index, chunk_data);
        response_ctx.app_handle.blobs().insert_chunk(&chunk)?;
        offset = end;
        chunk_index += 1;
    }
    // Update the response with the total request body size
    response_ctx.update(|r| {
        r.request_content_length = Some(data.len() as i32);
    })?;
    Ok(())
 }
 async fn write_stream_chunks_to_db<R: Runtime>(
    app_handle: AppHandle<R>,
    body_id: &str,
    workspace_id: &str,
    response_id: &str,
    update_source: &UpdateSource,
    mut rx: tokio::sync::mpsc::UnboundedReceiver<Vec<u8>>,
 ) -> Result<()> {
    let mut buffer = Vec::with_capacity(REQUEST_BODY_CHUNK_SIZE);
    let mut chunk_index = 0;
    let mut total_bytes: usize = 0;
    while let Some(data) = rx.recv().await {
        total_bytes += data.len();
        buffer.extend_from_slice(&data);
        // Flush when buffer reaches chunk size
        while buffer.len() >= REQUEST_BODY_CHUNK_SIZE {
            debug!("Writing chunk {chunk_index} to DB");
            let chunk_data: Vec<u8> = buffer.drain(..REQUEST_BODY_CHUNK_SIZE).collect();
            let chunk = BodyChunk::new(body_id, chunk_index, chunk_data);
            app_handle.blobs().insert_chunk(&chunk)?;
            app_handle.db().upsert_http_response_event(
                &HttpResponseEvent::new(
                    response_id,
                    workspace_id,
                    yaak_http::sender::HttpResponseEvent::ChunkSent {
                        bytes: REQUEST_BODY_CHUNK_SIZE,
                    }
                    .into(),
                ),
                update_source,
            )?;
            chunk_index += 1;
        }
    }
    // Flush remaining data
    if !buffer.is_empty() {
        let chunk = BodyChunk::new(body_id, chunk_index, buffer);
        debug!("Flushing remaining data {chunk_index} {}", chunk.data.len());
        app_handle.blobs().insert_chunk(&chunk)?;
        app_handle.db().upsert_http_response_event(
            &HttpResponseEvent::new(
                response_id,
                workspace_id,
                yaak_http::sender::HttpResponseEvent::ChunkSent { bytes: chunk.data.len() }.into(),
            ),
            update_source,
        )?;
    }
    // Update the response with the total request body size
    app_handle.with_tx(|tx| {
        debug!("Updating final body length {total_bytes}");
        if let Ok(mut response) = tx.get_http_response(&response_id) {
            response.request_content_length = Some(total_bytes as i32);
            tx.update_http_response_if_id(&response, update_source)?;
        }
        Ok(())
    })?;
    Ok(())
 }
 async fn apply_authentication<R: Runtime>(
    _window: &WebviewWindow<R>,
    sendable_request: &mut SendableHttpRequest,
    request: &HttpRequest,
    auth_context_id: String,
    plugin_manager: &PluginManager,
    plugin_context: &PluginContext,
 ) -> Result<()> {
    match &request.authentication_type {
        None => {
            // No authentication found. Not even inherited
        }
        Some(authentication_type) if authentication_type == "none" => {
            // Explicitly no authentication
        }
        Some(authentication_type) => {
            let req = CallHttpAuthenticationRequest {
                context_id: format!("{:x}", md5::compute(auth_context_id)),
                values: serde_json::from_value(serde_json::to_value(&request.authentication)?)?,
                url: sendable_request.url.clone(),
                method: sendable_request.method.clone(),
                headers: sendable_request
                    .headers
                    .iter()
                    .map(|(name, value)| HttpHeader {
                        name: name.to_string(),
                        value: value.to_string(),
                    })
                    .collect(),
            };
            let plugin_result = plugin_manager
                .call_http_authentication(plugin_context, &authentication_type, req)
                .await?;
            for header in plugin_result.set_headers.unwrap_or_default() {
                sendable_request.insert_header((header.name, header.value));
            }
            if let Some(params) = plugin_result.set_query_parameters {
                let params = params.into_iter().map(|p| (p.name, p.value)).collect::<Vec<_>>();
                sendable_request.url = append_query_params(&sendable_request.url, params);
            }
        }
    }
    Ok(())
 }
--- a/crates-tauri/yaak-app/src/lib.rs
+++ b/crates-tauri/yaak-app/src/lib.rs
@@ -37,8 +37,8 @@ use yaak_grpc::{Code, ServiceDefinition, serialize_message};
 use yaak_mac_window::AppHandleMacWindowExt;
 use yaak_models::models::{
    AnyModel, CookieJar, Environment, GrpcConnection, GrpcConnectionState, GrpcEvent,
-    GrpcEventType, GrpcRequest, HttpRequest, HttpResponse, HttpResponseEvent, HttpResponseState,
+    GrpcEventType, HttpRequest, HttpResponse, HttpResponseEvent, HttpResponseState, Plugin,
-    Plugin, Workspace, WorkspaceMeta,
+    Workspace, WorkspaceMeta,
 };
 use yaak_models::util::{BatchUpsertResult, UpdateSource, get_workspace_export_resources};
 use yaak_plugins::events::{
@@ -1096,7 +1096,8 @@ async fn cmd_get_http_authentication_config<R: Runtime>(
    // Convert HashMap<String, JsonPrimitive> to serde_json::Value for rendering
    let values_json: serde_json::Value = serde_json::to_value(&values)?;
    let rendered_json =
-        render_json_value(values_json, environment_chain, &cb, &RenderOptions::throw()).await?;
+        render_json_value(values_json, environment_chain, &cb, &RenderOptions::return_empty())
            .await?;
    // Convert back to HashMap<String, JsonPrimitive>
    let rendered_values: HashMap<String, JsonPrimitive> = serde_json::from_value(rendered_json)?;
@@ -1271,35 +1272,6 @@ async fn cmd_save_response<R: Runtime>(
    Ok(())
 }
 #[tauri::command]
 async fn cmd_send_folder<R: Runtime>(
    app_handle: AppHandle<R>,
    window: WebviewWindow<R>,
    environment_id: Option<String>,
    cookie_jar_id: Option<String>,
    folder_id: &str,
 ) -> YaakResult<()> {
    let requests = app_handle.db().list_http_requests_for_folder_recursive(folder_id)?;
    for request in requests {
        let app_handle = app_handle.clone();
        let window = window.clone();
        let environment_id = environment_id.clone();
        let cookie_jar_id = cookie_jar_id.clone();
        tokio::spawn(async move {
            let _ = cmd_send_http_request(
                app_handle,
                window,
                environment_id.as_deref(),
                cookie_jar_id.as_deref(),
                request,
            )
            .await;
        });
    }
    Ok(())
 }
 #[tauri::command]
 async fn cmd_send_http_request<R: Runtime>(
    app_handle: AppHandle<R>,
@@ -1396,27 +1368,6 @@ async fn cmd_install_plugin<R: Runtime>(
    Ok(plugin)
 }
 #[tauri::command]
 async fn cmd_create_grpc_request<R: Runtime>(
    workspace_id: &str,
    name: &str,
    sort_priority: f64,
    folder_id: Option<&str>,
    app_handle: AppHandle<R>,
    window: WebviewWindow<R>,
 ) -> YaakResult<GrpcRequest> {
    Ok(app_handle.db().upsert_grpc_request(
        &GrpcRequest {
            workspace_id: workspace_id.to_string(),
            name: name.to_string(),
            folder_id: folder_id.map(|s| s.to_string()),
            sort_priority,
            ..Default::default()
        },
        &UpdateSource::from_window_label(window.label()),
    )?)
 }
 #[tauri::command]
 async fn cmd_reload_plugins<R: Runtime>(
    app_handle: AppHandle<R>,
@@ -1679,7 +1630,6 @@ pub fn run() {
            cmd_call_folder_action,
            cmd_call_grpc_request_action,
            cmd_check_for_updates,
            cmd_create_grpc_request,
            cmd_curl_to_request,
            cmd_delete_all_grpc_connections,
            cmd_delete_all_http_responses,
@@ -1713,7 +1663,6 @@ pub fn run() {
            cmd_save_response,
            cmd_send_ephemeral_request,
            cmd_send_http_request,
            cmd_send_folder,
            cmd_template_function_config,
            cmd_template_function_summaries,
            cmd_template_tokens_to_string,
@@ -1728,7 +1677,6 @@ pub fn run() {
            crate::commands::cmd_reveal_workspace_key,
            crate::commands::cmd_secure_template,
            crate::commands::cmd_set_workspace_key,
            crate::commands::cmd_show_workspace_key,
            //
            // Models commands
            models_ext::models_delete,
@@ -1762,8 +1710,11 @@ pub fn run() {
            git_ext::cmd_git_fetch_all,
            git_ext::cmd_git_push,
            git_ext::cmd_git_pull,
            git_ext::cmd_git_pull_force_reset,
            git_ext::cmd_git_pull_merge,
            git_ext::cmd_git_add,
            git_ext::cmd_git_unstage,
            git_ext::cmd_git_reset_changes,
            git_ext::cmd_git_add_credential,
            git_ext::cmd_git_remotes,
            git_ext::cmd_git_add_remote,
@@ -1777,14 +1728,7 @@ pub fn run() {
            plugins_ext::cmd_plugins_update_all,
            //
            // WebSocket commands
            ws_ext::cmd_ws_upsert_request,
            ws_ext::cmd_ws_duplicate_request,
            ws_ext::cmd_ws_delete_request,
            ws_ext::cmd_ws_delete_connection,
            ws_ext::cmd_ws_delete_connections,
            ws_ext::cmd_ws_list_events,
            ws_ext::cmd_ws_list_requests,
            ws_ext::cmd_ws_list_connections,
            ws_ext::cmd_ws_send,
            ws_ext::cmd_ws_close,
            ws_ext::cmd_ws_connect,
--- a/crates-tauri/yaak-app/src/models_ext.rs
+++ b/crates-tauri/yaak-app/src/models_ext.rs
@@ -3,6 +3,9 @@
 //! This module provides the Tauri plugin initialization and extension traits
 //! that allow accessing QueryManager and BlobManager from Tauri's Manager types.
 use chrono::Utc;
 use log::error;
 use std::time::Duration;
 use tauri::plugin::TauriPlugin;
 use tauri::{Emitter, Manager, Runtime, State};
 use tauri_plugin_dialog::{DialogExt, MessageDialogKind};
@@ -13,6 +16,74 @@ use yaak_models::models::{AnyModel, GraphQlIntrospection, GrpcEvent, Settings, W
 use yaak_models::query_manager::QueryManager;
 use yaak_models::util::UpdateSource;
 const MODEL_CHANGES_RETENTION_HOURS: i64 = 1;
 const MODEL_CHANGES_POLL_INTERVAL_MS: u64 = 1000;
 const MODEL_CHANGES_POLL_BATCH_SIZE: usize = 200;
 struct ModelChangeCursor {
    created_at: String,
    id: i64,
 }
 impl ModelChangeCursor {
    fn from_launch_time() -> Self {
        Self {
            created_at: Utc::now().naive_utc().format("%Y-%m-%d %H:%M:%S%.3f").to_string(),
            id: 0,
        }
    }
 }
 fn drain_model_changes_batch<R: Runtime>(
    query_manager: &QueryManager,
    app_handle: &tauri::AppHandle<R>,
    cursor: &mut ModelChangeCursor,
 ) -> bool {
    let changes = match query_manager.connect().list_model_changes_since(
        &cursor.created_at,
        cursor.id,
        MODEL_CHANGES_POLL_BATCH_SIZE,
    ) {
        Ok(changes) => changes,
        Err(err) => {
            error!("Failed to poll model_changes rows: {err:?}");
            return false;
        }
    };
    if changes.is_empty() {
        return false;
    }
    let fetched_count = changes.len();
    for change in changes {
        cursor.created_at = change.created_at;
        cursor.id = change.id;
        // Local window-originated writes are forwarded immediately from the
        // in-memory model event channel.
        if matches!(change.payload.update_source, UpdateSource::Window { .. }) {
            continue;
        }
        if let Err(err) = app_handle.emit("model_write", change.payload) {
            error!("Failed to emit model_write event: {err:?}");
        }
    }
    fetched_count == MODEL_CHANGES_POLL_BATCH_SIZE
 }
 async fn run_model_change_poller<R: Runtime>(
    query_manager: QueryManager,
    app_handle: tauri::AppHandle<R>,
    mut cursor: ModelChangeCursor,
 ) {
    loop {
        while drain_model_changes_batch(&query_manager, &app_handle, &mut cursor) {}
        tokio::time::sleep(Duration::from_millis(MODEL_CHANGES_POLL_INTERVAL_MS)).await;
    }
 }
 /// Extension trait for accessing the QueryManager from Tauri Manager types.
 pub trait QueryManagerExt<'a, R> {
    fn db_manager(&'a self) -> State<'a, QueryManager>;
@@ -262,14 +333,37 @@ pub fn init<R: Runtime>() -> TauriPlugin<R> {
                    }
                };
            let db = query_manager.connect();
            if let Err(err) = db.prune_model_changes_older_than_hours(MODEL_CHANGES_RETENTION_HOURS)
            {
                error!("Failed to prune model_changes rows on startup: {err:?}");
            }
            // Only stream writes that happen after this app launch.
            let cursor = ModelChangeCursor::from_launch_time();
            let poll_query_manager = query_manager.clone();
            app_handle.manage(query_manager);
            app_handle.manage(blob_manager);
-            // Forward model change events to the frontend
+            // Poll model_changes so all writers (including external CLI processes) update the UI.
-            let app_handle = app_handle.clone();
+            let app_handle_poll = app_handle.clone();
            let query_manager = poll_query_manager;
            tauri::async_runtime::spawn(async move {
                run_model_change_poller(query_manager, app_handle_poll, cursor).await;
            });
            // Fast path for local app writes initiated by frontend windows. This keeps the
            // current sync-model UX snappy, while DB polling handles external writers (CLI).
            let app_handle_local = app_handle.clone();
            tauri::async_runtime::spawn(async move {
                for payload in rx {
-                    app_handle.emit("model_write", payload).unwrap();
+                    if !matches!(payload.update_source, UpdateSource::Window { .. }) {
                        continue;
                    }
                    if let Err(err) = app_handle_local.emit("model_write", payload) {
                        error!("Failed to emit local model_write event: {err:?}");
                    }
                }
            });
--- a/crates-tauri/yaak-app/src/notifications.rs
+++ b/crates-tauri/yaak-app/src/notifications.rs
@@ -8,9 +8,9 @@ use serde::{Deserialize, Serialize};
 use std::time::Instant;
 use tauri::{AppHandle, Emitter, Manager, Runtime, WebviewWindow};
 use ts_rs::TS;
 use yaak_api::yaak_api_client;
 use yaak_common::platform::get_os_str;
 use yaak_models::util::UpdateSource;
 use yaak_tauri_utils::api_client::yaak_api_client;
 // Check for updates every hour
 const MAX_UPDATE_CHECK_SECONDS: u64 = 60 * 60;
@@ -101,7 +101,8 @@ impl YaakNotifier {
        let license_check = "disabled".to_string();
        let launch_info = get_or_upsert_launch_info(app_handle);
-        let req = yaak_api_client(app_handle)?
+        let app_version = app_handle.package_info().version.to_string();
        let req = yaak_api_client(&app_version)?
            .request(Method::GET, "https://notify.yaak.app/notifications")
            .query(&[
                ("version", &launch_info.current_version),
--- a/crates-tauri/yaak-app/src/plugin_events.rs
+++ b/crates-tauri/yaak-app/src/plugin_events.rs
@@ -12,7 +12,7 @@ use chrono::Utc;
 use cookie::Cookie;
 use log::error;
 use std::sync::Arc;
-use tauri::{AppHandle, Emitter, Manager, Runtime};
+use tauri::{AppHandle, Emitter, Listener, Manager, Runtime};
 use tauri_plugin_clipboard_manager::ClipboardExt;
 use tauri_plugin_opener::OpenerExt;
 use yaak_crypto::manager::EncryptionManager;
@@ -59,7 +59,55 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
        }
        InternalEventPayload::PromptFormRequest(_) => {
            let window = get_window_from_plugin_context(app_handle, &plugin_context)?;
-            Ok(call_frontend(&window, event).await)
+            if event.reply_id.is_some() {
                // Follow-up update from plugin runtime with resolved inputs — forward to frontend
                window.emit_to(window.label(), "plugin_event", event.clone())?;
                Ok(None)
            } else {
                // Initial request — set up bidirectional communication
                window.emit_to(window.label(), "plugin_event", event.clone()).unwrap();
                let event_id = event.id.clone();
                let plugin_handle = plugin_handle.clone();
                let plugin_context = plugin_context.clone();
                let window = window.clone();
                // Spawn async task to handle bidirectional form communication
                tauri::async_runtime::spawn(async move {
                    let (tx, mut rx) = tokio::sync::mpsc::channel::<InternalEvent>(128);
                    // Listen for replies from the frontend
                    let listener_id = window.listen(event_id, move |ev: tauri::Event| {
                        let resp: InternalEvent = serde_json::from_str(ev.payload()).unwrap();
                        let _ = tx.try_send(resp);
                    });
                    // Forward each reply to the plugin runtime
                    while let Some(resp) = rx.recv().await {
                        let is_done = matches!(
                            &resp.payload,
                            InternalEventPayload::PromptFormResponse(r) if r.done.unwrap_or(false)
                        );
                        let event_to_send = plugin_handle.build_event_to_send(
                            &plugin_context,
                            &resp.payload,
                            Some(resp.reply_id.unwrap_or_default()),
                        );
                        if let Err(e) = plugin_handle.send(&event_to_send).await {
                            log::warn!("Failed to forward form response to plugin: {:?}", e);
                        }
                        if is_done {
                            break;
                        }
                    }
                    window.unlisten(listener_id);
                });
                Ok(None)
            }
        }
        InternalEventPayload::FindHttpResponsesRequest(req) => {
            let http_responses = app_handle
--- a/crates-tauri/yaak-app/src/plugins_ext.rs
+++ b/crates-tauri/yaak-app/src/plugins_ext.rs
@@ -21,6 +21,7 @@ use tauri::{
 };
 use tokio::sync::Mutex;
 use ts_rs::TS;
 use yaak_api::yaak_api_client;
 use yaak_models::models::Plugin;
 use yaak_models::util::UpdateSource;
 use yaak_plugins::api::{
@@ -31,7 +32,6 @@ use yaak_plugins::events::{Color, Icon, PluginContext, ShowToastRequest};
 use yaak_plugins::install::{delete_and_uninstall, download_and_install};
 use yaak_plugins::manager::PluginManager;
 use yaak_plugins::plugin_meta::get_plugin_meta;
 use yaak_tauri_utils::api_client::yaak_api_client;
 static EXITING: AtomicBool = AtomicBool::new(false);
@@ -72,7 +72,8 @@ impl PluginUpdater {
        info!("Checking for plugin updates");
-        let http_client = yaak_api_client(window.app_handle())?;
+        let app_version = window.app_handle().package_info().version.to_string();
        let http_client = yaak_api_client(&app_version)?;
        let plugins = window.app_handle().db().list_plugins()?;
        let updates = check_plugin_updates(&http_client, plugins.clone()).await?;
@@ -136,7 +137,8 @@ pub async fn cmd_plugins_search<R: Runtime>(
    app_handle: AppHandle<R>,
    query: &str,
 ) -> Result<PluginSearchResponse> {
-    let http_client = yaak_api_client(&app_handle)?;
+    let app_version = app_handle.package_info().version.to_string();
    let http_client = yaak_api_client(&app_version)?;
    Ok(search_plugins(&http_client, query).await?)
 }
@@ -147,7 +149,8 @@ pub async fn cmd_plugins_install<R: Runtime>(
    version: Option<String>,
 ) -> Result<()> {
    let plugin_manager = Arc::new((*window.state::<PluginManager>()).clone());
-    let http_client = yaak_api_client(window.app_handle())?;
+    let app_version = window.app_handle().package_info().version.to_string();
    let http_client = yaak_api_client(&app_version)?;
    let query_manager = window.state::<yaak_models::query_manager::QueryManager>();
    let plugin_context = window.plugin_context();
    download_and_install(
@@ -177,7 +180,8 @@ pub async fn cmd_plugins_uninstall<R: Runtime>(
 pub async fn cmd_plugins_updates<R: Runtime>(
    app_handle: AppHandle<R>,
 ) -> Result<PluginUpdatesResponse> {
-    let http_client = yaak_api_client(&app_handle)?;
+    let app_version = app_handle.package_info().version.to_string();
    let http_client = yaak_api_client(&app_version)?;
    let plugins = app_handle.db().list_plugins()?;
    Ok(check_plugin_updates(&http_client, plugins).await?)
 }
@@ -186,7 +190,8 @@ pub async fn cmd_plugins_updates<R: Runtime>(
 pub async fn cmd_plugins_update_all<R: Runtime>(
    window: WebviewWindow<R>,
 ) -> Result<Vec<PluginNameVersion>> {
-    let http_client = yaak_api_client(window.app_handle())?;
+    let app_version = window.app_handle().package_info().version.to_string();
    let http_client = yaak_api_client(&app_version)?;
    let plugins = window.db().list_plugins()?;
    // Get list of available updates (already filtered to only registry plugins)
--- a/crates-tauri/yaak-app/src/render.rs
+++ b/crates-tauri/yaak-app/src/render.rs
@@ -1,10 +1,8 @@
 use log::info;
 use serde_json::Value;
 use std::collections::BTreeMap;
-use yaak_http::path_placeholders::apply_path_placeholders;
+pub use yaak::render::render_http_request;
-use yaak_models::models::{
+use yaak_models::models::{Environment, GrpcRequest, HttpRequestHeader};
    Environment, GrpcRequest, HttpRequest, HttpRequestHeader, HttpUrlParameter,
 };
 use yaak_models::render::make_vars_hashmap;
 use yaak_templates::{RenderOptions, TemplateCallback, parse_and_render, render_json_value_raw};
@@ -38,6 +36,9 @@ pub async fn render_grpc_request<T: TemplateCallback>(
    let mut metadata = Vec::new();
    for p in r.metadata.clone() {
        if !p.enabled {
            continue;
        }
        metadata.push(HttpRequestHeader {
            enabled: p.enabled,
            name: parse_and_render(p.name.as_str(), vars, cb, &opt).await?,
@@ -82,82 +83,3 @@ pub async fn render_grpc_request<T: TemplateCallback>(
    Ok(GrpcRequest { url, metadata, authentication, ..r.to_owned() })
 }
 pub async fn render_http_request<T: TemplateCallback>(
    r: &HttpRequest,
    environment_chain: Vec<Environment>,
    cb: &T,
    opt: &RenderOptions,
 ) -> yaak_templates::error::Result<HttpRequest> {
    let vars = &make_vars_hashmap(environment_chain);
    let mut url_parameters = Vec::new();
    for p in r.url_parameters.clone() {
        if !p.enabled {
            continue;
        }
        url_parameters.push(HttpUrlParameter {
            enabled: p.enabled,
            name: parse_and_render(p.name.as_str(), vars, cb, &opt).await?,
            value: parse_and_render(p.value.as_str(), vars, cb, &opt).await?,
            id: p.id,
        })
    }
    let mut headers = Vec::new();
    for p in r.headers.clone() {
        if !p.enabled {
            continue;
        }
        headers.push(HttpRequestHeader {
            enabled: p.enabled,
            name: parse_and_render(p.name.as_str(), vars, cb, &opt).await?,
            value: parse_and_render(p.value.as_str(), vars, cb, &opt).await?,
            id: p.id,
        })
    }
    let mut body = BTreeMap::new();
    for (k, v) in r.body.clone() {
        body.insert(k, render_json_value_raw(v, vars, cb, &opt).await?);
    }
    let authentication = {
        let mut disabled = false;
        let mut auth = BTreeMap::new();
        match r.authentication.get("disabled") {
            Some(Value::Bool(true)) => {
                disabled = true;
            }
            Some(Value::String(tmpl)) => {
                disabled = parse_and_render(tmpl.as_str(), vars, cb, &opt)
                    .await
                    .unwrap_or_default()
                    .is_empty();
                info!(
                    "Rendering authentication.disabled as a template: {disabled} from \"{tmpl}\""
                );
            }
            _ => {}
        }
        if disabled {
            auth.insert("disabled".to_string(), Value::Bool(true));
        } else {
            for (k, v) in r.authentication.clone() {
                if k == "disabled" {
                    auth.insert(k, Value::Bool(false));
                } else {
                    auth.insert(k, render_json_value_raw(v, vars, cb, &opt).await?);
                }
            }
        }
        auth
    };
    let url = parse_and_render(r.url.clone().as_str(), vars, cb, &opt).await?;
    // This doesn't fit perfectly with the concept of "rendering" but it kind of does
    let (url, url_parameters) = apply_path_placeholders(&url, &url_parameters);
    Ok(HttpRequest { url, url_parameters, headers, body, authentication, ..r.to_owned() })
 }
--- a/crates-tauri/yaak-app/src/updates.rs
+++ b/crates-tauri/yaak-app/src/updates.rs
@@ -15,6 +15,9 @@ use ts_rs::TS;
 use yaak_models::util::generate_id;
 use yaak_plugins::manager::PluginManager;
 use url::Url;
 use yaak_api::get_system_proxy_url;
 use crate::error::Error::GenericError;
 use crate::is_dev;
@@ -87,8 +90,13 @@ impl YaakUpdater {
        info!("Checking for updates mode={} autodl={}", mode, auto_download);
        let w = window.clone();
-        let update_check_result = w
+        let mut updater_builder = w.updater_builder();
-            .updater_builder()
+        if let Some(proxy_url) = get_system_proxy_url() {
            if let Ok(url) = Url::parse(&proxy_url) {
                updater_builder = updater_builder.proxy(url);
            }
        }
        let update_check_result = updater_builder
            .on_before_exit(move || {
                // Kill plugin manager before exit or NSIS installer will fail to replace sidecar
                // while it's running.
@@ -111,6 +119,7 @@ impl YaakUpdater {
                    UpdateTrigger::User => "user",
                },
            )?
            .header("X-Install-Mode", detect_install_mode().unwrap_or("unknown"))?
            .build()?
            .check()
            .await;
@@ -353,6 +362,22 @@ pub async fn download_update_idempotent<R: Runtime>(
    Ok(dl_path)
 }
 /// Detect the installer type so the update server can serve the correct artifact.
 fn detect_install_mode() -> Option<&'static str> {
    #[cfg(target_os = "windows")]
    {
        if let Ok(exe) = std::env::current_exe() {
            let path = exe.to_string_lossy().to_lowercase();
            if path.starts_with(r"c:\program files") {
                return Some("nsis-machine");
            }
        }
        return Some("nsis");
    }
    #[allow(unreachable_code)]
    None
 }
 pub async fn install_update_maybe_download<R: Runtime>(
    window: &WebviewWindow<R>,
    update: &Update,
--- a/crates-tauri/yaak-app/src/uri_scheme.rs
+++ b/crates-tauri/yaak-app/src/uri_scheme.rs
@@ -8,11 +8,11 @@ use std::fs;
 use std::sync::Arc;
 use tauri::{AppHandle, Emitter, Manager, Runtime, Url};
 use tauri_plugin_dialog::{DialogExt, MessageDialogButtons, MessageDialogKind};
 use yaak_api::yaak_api_client;
 use yaak_models::util::generate_id;
 use yaak_plugins::events::{Color, ShowToastRequest};
 use yaak_plugins::install::download_and_install;
 use yaak_plugins::manager::PluginManager;
 use yaak_tauri_utils::api_client::yaak_api_client;
 pub(crate) async fn handle_deep_link<R: Runtime>(
    app_handle: &AppHandle<R>,
@@ -46,7 +46,8 @@ pub(crate) async fn handle_deep_link<R: Runtime>(
            let plugin_manager = Arc::new((*window.state::<PluginManager>()).clone());
            let query_manager = app_handle.db_manager();
-            let http_client = yaak_api_client(app_handle)?;
+            let app_version = app_handle.package_info().version.to_string();
            let http_client = yaak_api_client(&app_version)?;
            let plugin_context = window.plugin_context();
            let pv = download_and_install(
                plugin_manager,
@@ -86,7 +87,8 @@ pub(crate) async fn handle_deep_link<R: Runtime>(
                    return Ok(());
                }
-                let resp = yaak_api_client(app_handle)?.get(file_url).send().await?;
+                let app_version = app_handle.package_info().version.to_string();
                let resp = yaak_api_client(&app_version)?.get(file_url).send().await?;
                let json = resp.bytes().await?;
                let p = app_handle
                    .path()
--- a/crates-tauri/yaak-app/src/window.rs
+++ b/crates-tauri/yaak-app/src/window.rs
@@ -162,11 +162,16 @@ pub(crate) fn create_window<R: Runtime>(
            "dev.reset_size" => webview_window
                .set_size(LogicalSize::new(DEFAULT_WINDOW_WIDTH, DEFAULT_WINDOW_HEIGHT))
                .unwrap(),
-            "dev.reset_size_record" => {
+            "dev.reset_size_16x9" => {
                let width = webview_window.outer_size().unwrap().width;
                let height = width * 9 / 16;
                webview_window.set_size(PhysicalSize::new(width, height)).unwrap()
            }
            "dev.reset_size_16x10" => {
                let width = webview_window.outer_size().unwrap().width;
                let height = width * 10 / 16;
                webview_window.set_size(PhysicalSize::new(width, height)).unwrap()
            }
            "dev.refresh" => webview_window.eval("location.reload()").unwrap(),
            "dev.generate_theme_css" => {
                w.emit("generate_theme_css", true).unwrap();
--- a/crates-tauri/yaak-app/src/window_menu.rs
+++ b/crates-tauri/yaak-app/src/window_menu.rs
@@ -153,9 +153,11 @@ pub fn app_menu<R: Runtime>(app_handle: &AppHandle<R>) -> tauri::Result<Menu<R>>
                        .build(app_handle)?,
                    &MenuItemBuilder::with_id("dev.reset_size".to_string(), "Reset Size")
                        .build(app_handle)?,
                    &MenuItemBuilder::with_id("dev.reset_size_16x9".to_string(), "Resize to 16x9")
                        .build(app_handle)?,
                    &MenuItemBuilder::with_id(
-                        "dev.reset_size_record".to_string(),
+                        "dev.reset_size_16x10".to_string(),
-                        "Reset Size 16x9",
+                        "Resize to 16x10",
                    )
                    .build(app_handle)?,
                    &MenuItemBuilder::with_id(
--- a/crates-tauri/yaak-app/src/ws_ext.rs
+++ b/crates-tauri/yaak-app/src/ws_ext.rs
@@ -28,52 +28,6 @@ use yaak_templates::{RenderErrorBehavior, RenderOptions};
 use yaak_tls::find_client_certificate;
 use yaak_ws::{WebsocketManager, render_websocket_request};
 #[command]
 pub async fn cmd_ws_upsert_request<R: Runtime>(
    request: WebsocketRequest,
    app_handle: AppHandle<R>,
    window: WebviewWindow<R>,
 ) -> Result<WebsocketRequest> {
    Ok(app_handle
        .db()
        .upsert_websocket_request(&request, &UpdateSource::from_window_label(window.label()))?)
 }
 #[command]
 pub async fn cmd_ws_duplicate_request<R: Runtime>(
    request_id: &str,
    app_handle: AppHandle<R>,
    window: WebviewWindow<R>,
 ) -> Result<WebsocketRequest> {
    let db = app_handle.db();
    let request = db.get_websocket_request(request_id)?;
    Ok(db.duplicate_websocket_request(&request, &UpdateSource::from_window_label(window.label()))?)
 }
 #[command]
 pub async fn cmd_ws_delete_request<R: Runtime>(
    request_id: &str,
    app_handle: AppHandle<R>,
    window: WebviewWindow<R>,
 ) -> Result<WebsocketRequest> {
    Ok(app_handle.db().delete_websocket_request_by_id(
        request_id,
        &UpdateSource::from_window_label(window.label()),
    )?)
 }
 #[command]
 pub async fn cmd_ws_delete_connection<R: Runtime>(
    connection_id: &str,
    app_handle: AppHandle<R>,
    window: WebviewWindow<R>,
 ) -> Result<WebsocketConnection> {
    Ok(app_handle.db().delete_websocket_connection_by_id(
        connection_id,
        &UpdateSource::from_window_label(window.label()),
    )?)
 }
 #[command]
 pub async fn cmd_ws_delete_connections<R: Runtime>(
    request_id: &str,
@@ -86,30 +40,6 @@ pub async fn cmd_ws_delete_connections<R: Runtime>(
    )?)
 }
 #[command]
 pub async fn cmd_ws_list_events<R: Runtime>(
    connection_id: &str,
    app_handle: AppHandle<R>,
 ) -> Result<Vec<WebsocketEvent>> {
    Ok(app_handle.db().list_websocket_events(connection_id)?)
 }
 #[command]
 pub async fn cmd_ws_list_requests<R: Runtime>(
    workspace_id: &str,
    app_handle: AppHandle<R>,
 ) -> Result<Vec<WebsocketRequest>> {
    Ok(app_handle.db().list_websocket_requests(workspace_id)?)
 }
 #[command]
 pub async fn cmd_ws_list_connections<R: Runtime>(
    workspace_id: &str,
    app_handle: AppHandle<R>,
 ) -> Result<Vec<WebsocketConnection>> {
    Ok(app_handle.db().list_websocket_connections(workspace_id)?)
 }
 #[command]
 pub async fn cmd_ws_send<R: Runtime>(
    connection_id: &str,
--- a/crates-tauri/yaak-app/tauri.release.conf.json
+++ b/crates-tauri/yaak-app/tauri.release.conf.json
@@ -1,9 +1,6 @@
 {
  "build": {
-    "features": [
+    "features": ["updater", "license"]
      "updater",
      "license"
    ]
  },
  "app": {
    "security": {
@@ -11,12 +8,8 @@
        "default",
        {
          "identifier": "release",
-          "windows": [
+          "windows": ["*"],
-            "*"
+          "permissions": ["yaak-license:default"]
          ],
          "permissions": [
            "yaak-license:default"
          ]
        }
      ]
    }
@@ -39,14 +32,7 @@
    "createUpdaterArtifacts": true,
    "longDescription": "A cross-platform desktop app for interacting with REST, GraphQL, and gRPC",
    "shortDescription": "Play with APIs, intuitively",
-    "targets": [
+    "targets": ["app", "appimage", "deb", "dmg", "nsis", "rpm"],
      "app",
      "appimage",
      "deb",
      "dmg",
      "nsis",
      "rpm"
    ],
    "macOS": {
      "minimumSystemVersion": "13.0",
      "exceptionDomain": "",
@@ -58,10 +44,16 @@
    },
    "linux": {
      "deb": {
-        "desktopTemplate": "./template.desktop"
+        "desktopTemplate": "./template.desktop",
        "files": {
          "/usr/share/metainfo/app.yaak.Yaak.metainfo.xml": "../../flatpak/app.yaak.Yaak.metainfo.xml"
        }
      },
      "rpm": {
-        "desktopTemplate": "./template.desktop"
+        "desktopTemplate": "./template.desktop",
        "files": {
          "/usr/share/metainfo/app.yaak.Yaak.metainfo.xml": "../../flatpak/app.yaak.Yaak.metainfo.xml"
        }
      }
    }
  }
--- a/crates-tauri/yaak-license/Cargo.toml
+++ b/crates-tauri/yaak-license/Cargo.toml
@@ -16,7 +16,7 @@ thiserror = { workspace = true }
 ts-rs = { workspace = true }
 yaak-common = { workspace = true }
 yaak-models = { workspace = true }
-yaak-tauri-utils = { workspace = true }
+yaak-api = { workspace = true }
 [build-dependencies]
 tauri-plugin = { workspace = true, features = ["build"] }
--- a/crates-tauri/yaak-license/src/error.rs
+++ b/crates-tauri/yaak-license/src/error.rs
@@ -16,7 +16,7 @@ pub enum Error {
    ModelError(#[from] yaak_models::error::Error),
    #[error(transparent)]
-    TauriUtilsError(#[from] yaak_tauri_utils::error::Error),
+    ApiError(#[from] yaak_api::Error),
    #[error("Internal server error")]
    ServerError,
--- a/crates-tauri/yaak-license/src/license.rs
+++ b/crates-tauri/yaak-license/src/license.rs
@@ -7,11 +7,11 @@ use std::ops::Add;
 use std::time::Duration;
 use tauri::{AppHandle, Emitter, Manager, Runtime, WebviewWindow, is_dev};
 use ts_rs::TS;
 use yaak_api::yaak_api_client;
 use yaak_common::platform::get_os_str;
 use yaak_models::db_context::DbContext;
 use yaak_models::query_manager::QueryManager;
 use yaak_models::util::UpdateSource;
 use yaak_tauri_utils::api_client::yaak_api_client;
 /// Extension trait for accessing the QueryManager from Tauri Manager types.
 /// This is needed temporarily until all crates are refactored to not use Tauri.
@@ -118,11 +118,12 @@ pub async fn activate_license<R: Runtime>(
    license_key: &str,
 ) -> Result<()> {
    info!("Activating license {}", license_key);
-    let client = reqwest::Client::new();
+    let app_version = window.app_handle().package_info().version.to_string();
    let client = yaak_api_client(&app_version)?;
    let payload = ActivateLicenseRequestPayload {
        license_key: license_key.to_string(),
        app_platform: get_os_str().to_string(),
-        app_version: window.app_handle().package_info().version.to_string(),
+        app_version,
    };
    let response = client.post(build_url("/licenses/activate")).json(&payload).send().await?;
@@ -155,12 +156,11 @@ pub async fn deactivate_license<R: Runtime>(window: &WebviewWindow<R>) -> Result
    let app_handle = window.app_handle();
    let activation_id = get_activation_id(app_handle).await;
-    let client = reqwest::Client::new();
+    let app_version = window.app_handle().package_info().version.to_string();
    let client = yaak_api_client(&app_version)?;
    let path = format!("/licenses/activations/{}/deactivate", activation_id);
-    let payload = DeactivateLicenseRequestPayload {
+    let payload =
-        app_platform: get_os_str().to_string(),
+        DeactivateLicenseRequestPayload { app_platform: get_os_str().to_string(), app_version };
        app_version: window.app_handle().package_info().version.to_string(),
    };
    let response = client.post(build_url(&path)).json(&payload).send().await?;
    if response.status().is_client_error() {
@@ -186,10 +186,9 @@ pub async fn deactivate_license<R: Runtime>(window: &WebviewWindow<R>) -> Result
 }
 pub async fn check_license<R: Runtime>(window: &WebviewWindow<R>) -> Result<LicenseCheckStatus> {
-    let payload = CheckActivationRequestPayload {
+    let app_version = window.app_handle().package_info().version.to_string();
-        app_platform: get_os_str().to_string(),
+    let payload =
-        app_version: window.package_info().version.to_string(),
+        CheckActivationRequestPayload { app_platform: get_os_str().to_string(), app_version };
    };
    let activation_id = get_activation_id(window.app_handle()).await;
    let settings = window.db().get_settings();
@@ -204,7 +203,7 @@ pub async fn check_license<R: Runtime>(window: &WebviewWindow<R>) -> Result<Lice
        (true, _) => {
            info!("Checking license activation");
            // A license has been activated, so let's check the license server
-            let client = yaak_api_client(window.app_handle())?;
+            let client = yaak_api_client(&payload.app_version)?;
            let path = format!("/licenses/activations/{activation_id}/check-v2");
            let response = client.post(build_url(&path)).json(&payload).send().await?;
--- a/crates-tauri/yaak-tauri-utils/Cargo.toml
+++ b/crates-tauri/yaak-tauri-utils/Cargo.toml
@@ -6,8 +6,4 @@ publish = false
 [dependencies]
 tauri = { workspace = true }
 reqwest = { workspace = true, features = ["gzip"] }
 thiserror = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 regex = "1.11.0"
 yaak-common = { workspace = true }
--- a/crates-tauri/yaak-tauri-utils/src/api_client.rs
+++ b/crates-tauri/yaak-tauri-utils/src/api_client.rs
@@ -1,24 +0,0 @@
 use crate::error::Result;
 use reqwest::Client;
 use std::time::Duration;
 use tauri::http::{HeaderMap, HeaderValue};
 use tauri::{AppHandle, Runtime};
 use yaak_common::platform::{get_ua_arch, get_ua_platform};
 pub fn yaak_api_client<R: Runtime>(app_handle: &AppHandle<R>) -> Result<Client> {
    let platform = get_ua_platform();
    let version = app_handle.package_info().version.clone();
    let arch = get_ua_arch();
    let ua = format!("Yaak/{version} ({platform}; {arch})");
    let mut default_headers = HeaderMap::new();
    default_headers.insert("Accept", HeaderValue::from_str("application/json").unwrap());
    let client = reqwest::ClientBuilder::new()
        .timeout(Duration::from_secs(20))
        .default_headers(default_headers)
        .gzip(true)
        .user_agent(ua)
        .build()?;
    Ok(client)
 }
--- a/crates-tauri/yaak-tauri-utils/src/error.rs
+++ b/crates-tauri/yaak-tauri-utils/src/error.rs
@@ -1,19 +0,0 @@
 use serde::{Serialize, Serializer};
 use thiserror::Error;
 #[derive(Error, Debug)]
 pub enum Error {
    #[error(transparent)]
    ReqwestError(#[from] reqwest::Error),
 }
 impl Serialize for Error {
    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
    where
        S: Serializer,
    {
        serializer.serialize_str(self.to_string().as_ref())
    }
 }
 pub type Result<T> = std::result::Result<T, Error>;
--- a/crates-tauri/yaak-tauri-utils/src/lib.rs
+++ b/crates-tauri/yaak-tauri-utils/src/lib.rs
@@ -1,3 +1 @@
 pub mod api_client;
 pub mod error;
 pub mod window;
--- a/crates/yaak-api/Cargo.toml
+++ b/crates/yaak-api/Cargo.toml
@@ -0,0 +1,12 @@
 [package]
 name = "yaak-api"
 version = "0.1.0"
 edition = "2024"
 publish = false
 [dependencies]
 log = { workspace = true }
 reqwest = { workspace = true, features = ["gzip"] }
 sysproxy = "0.3"
 thiserror = { workspace = true }
 yaak-common = { workspace = true }
--- a/crates/yaak-api/src/error.rs
+++ b/crates/yaak-api/src/error.rs
@@ -0,0 +1,9 @@
 use thiserror::Error;
 #[derive(Error, Debug)]
 pub enum Error {
    #[error(transparent)]
    ReqwestError(#[from] reqwest::Error),
 }
 pub type Result<T> = std::result::Result<T, Error>;
--- a/crates/yaak-api/src/lib.rs
+++ b/crates/yaak-api/src/lib.rs
@@ -0,0 +1,70 @@
 mod error;
 pub use error::{Error, Result};
 use log::{debug, warn};
 use reqwest::Client;
 use reqwest::header::{HeaderMap, HeaderValue};
 use std::time::Duration;
 use yaak_common::platform::{get_ua_arch, get_ua_platform};
 /// Build a reqwest Client configured for Yaak's own API calls.
 ///
 /// Includes a custom User-Agent, JSON accept header, 20s timeout, gzip,
 /// and automatic OS-level proxy detection via sysproxy.
 pub fn yaak_api_client(version: &str) -> Result<Client> {
    let platform = get_ua_platform();
    let arch = get_ua_arch();
    let ua = format!("Yaak/{version} ({platform}; {arch})");
    let mut default_headers = HeaderMap::new();
    default_headers.insert("Accept", HeaderValue::from_str("application/json").unwrap());
    let mut builder = reqwest::ClientBuilder::new()
        .timeout(Duration::from_secs(20))
        .default_headers(default_headers)
        .gzip(true)
        .user_agent(ua);
    if let Some(sys) = get_enabled_system_proxy() {
        let proxy_url = format!("http://{}:{}", sys.host, sys.port);
        match reqwest::Proxy::all(&proxy_url) {
            Ok(p) => {
                let p = if !sys.bypass.is_empty() {
                    p.no_proxy(reqwest::NoProxy::from_string(&sys.bypass))
                } else {
                    p
                };
                builder = builder.proxy(p);
            }
            Err(e) => {
                warn!("Failed to configure system proxy: {e}");
            }
        }
    }
    Ok(builder.build()?)
 }
 /// Returns the system proxy URL if one is enabled, e.g. `http://host:port`.
 pub fn get_system_proxy_url() -> Option<String> {
    let sys = get_enabled_system_proxy()?;
    Some(format!("http://{}:{}", sys.host, sys.port))
 }
 fn get_enabled_system_proxy() -> Option<sysproxy::Sysproxy> {
    match sysproxy::Sysproxy::get_system_proxy() {
        Ok(sys) if sys.enable => {
            debug!("Detected system proxy: http://{}:{}", sys.host, sys.port);
            Some(sys)
        }
        Ok(_) => {
            debug!("System proxy detected but not enabled");
            None
        }
        Err(e) => {
            debug!("Could not detect system proxy: {e}");
            None
        }
    }
 }
--- a/crates/yaak-git/Cargo.toml
+++ b/crates/yaak-git/Cargo.toml
@@ -6,7 +6,7 @@ publish = false
 [dependencies]
 chrono = { workspace = true, features = ["serde"] }
-git2 = { version = "0.20.0", features = ["vendored-libgit2", "vendored-openssl"] }
+git2 = { version = "0.20.4", features = ["vendored-libgit2", "vendored-openssl"] }
 log = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
--- a/crates/yaak-git/bindings/gen_git.ts
+++ b/crates/yaak-git/bindings/gen_git.ts
@@ -15,8 +15,8 @@ export type GitStatus = "untracked" | "conflict" | "current" | "modified" | "rem
 export type GitStatusEntry = { relaPath: string, status: GitStatus, staged: boolean, prev: SyncModel | null, next: SyncModel | null, };
-export type GitStatusSummary = { path: string, headRef: string | null, headRefShorthand: string | null, entries: Array<GitStatusEntry>, origins: Array<string>, localBranches: Array<string>, remoteBranches: Array<string>, };
+export type GitStatusSummary = { path: string, headRef: string | null, headRefShorthand: string | null, entries: Array<GitStatusEntry>, origins: Array<string>, localBranches: Array<string>, remoteBranches: Array<string>, ahead: number, behind: number, };
-export type PullResult = { "type": "success", message: string, } | { "type": "up_to_date" } | { "type": "needs_credentials", url: string, error: string | null, };
+export type PullResult = { "type": "success", message: string, } | { "type": "up_to_date" } | { "type": "needs_credentials", url: string, error: string | null, } | { "type": "diverged", remote: string, branch: string, } | { "type": "uncommitted_changes" };
 export type PushResult = { "type": "success", message: string, } | { "type": "up_to_date" } | { "type": "needs_credentials", url: string, error: string | null, };
--- a/crates/yaak-git/index.ts
+++ b/crates/yaak-git/index.ts
@@ -4,6 +4,7 @@ import { createFastMutation } from '@yaakapp/app/hooks/useFastMutation';
 import { queryClient } from '@yaakapp/app/lib/queryClient';
 import { useMemo } from 'react';
 import { BranchDeleteResult, CloneResult, GitCommit, GitRemote, GitStatusSummary, PullResult, PushResult } from './bindings/gen_git';
 import { showToast } from '@yaakapp/app/lib/toast';
 export * from './bindings/gen_git';
 export * from './bindings/gen_models';
@@ -13,31 +14,48 @@ export interface GitCredentials {
  password: string;
 }
 export type DivergedStrategy = 'force_reset' | 'merge' | 'cancel';
 export type UncommittedChangesStrategy = 'reset' | 'cancel';
 export interface GitCallbacks {
  addRemote: () => Promise<GitRemote | null>;
  promptCredentials: (
    result: Extract<PushResult, { type: 'needs_credentials' }>,
  ) => Promise<GitCredentials | null>;
  promptDiverged: (
    result: Extract<PullResult, { type: 'diverged' }>,
  ) => Promise<DivergedStrategy>;
  promptUncommittedChanges: () => Promise<UncommittedChangesStrategy>;
  forceSync: () => Promise<void>;
 }
 const onSuccess = () => queryClient.invalidateQueries({ queryKey: ['git'] });
-export function useGit(dir: string, callbacks: GitCallbacks) {
+export function useGit(dir: string, callbacks: GitCallbacks, refreshKey?: string) {
  const mutations = useMemo(() => gitMutations(dir, callbacks), [dir, callbacks]);
  const fetchAll = useQuery<void, string>({
    queryKey: ['git', 'fetch_all', dir, refreshKey],
    queryFn: () => invoke('cmd_git_fetch_all', { dir }),
    refetchInterval: 10 * 60_000,
  });
  return [
    {
      remotes: useQuery<GitRemote[], string>({
-        queryKey: ['git', 'remotes', dir],
+        queryKey: ['git', 'remotes', dir, refreshKey],
        queryFn: () => getRemotes(dir),
        placeholderData: (prev) => prev,
      }),
      log: useQuery<GitCommit[], string>({
-        queryKey: ['git', 'log', dir],
+        queryKey: ['git', 'log', dir, refreshKey],
        queryFn: () => invoke('cmd_git_log', { dir }),
        placeholderData: (prev) => prev,
      }),
      status: useQuery<GitStatusSummary, string>({
        refetchOnMount: true,
-        queryKey: ['git', 'status', dir],
+        queryKey: ['git', 'status', dir, refreshKey, fetchAll.dataUpdatedAt],
        queryFn: () => invoke('cmd_git_status', { dir }),
        placeholderData: (prev) => prev,
      }),
    },
    mutations,
@@ -69,6 +87,15 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
    return invoke<PushResult>('cmd_git_push', { dir });
  };
  const handleError = (err: unknown) => {
    showToast({
      id: `${err}`,
      message: `${err}`,
      color: 'danger',
      timeout: 5000,
    });
  }
  return {
    init: createFastMutation<void, string, void>({
      mutationKey: ['git', 'init'],
@@ -133,11 +160,7 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
      },
      onSuccess,
    }),
-    fetchAll: createFastMutation<string, string, void>({
+
      mutationKey: ['git', 'checkout', dir],
      mutationFn: () => invoke('cmd_git_fetch_all', { dir }),
      onSuccess,
    }),
    push: createFastMutation<PushResult, string, void>({
      mutationKey: ['git', 'push', dir],
      mutationFn: push,
@@ -147,20 +170,51 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
      mutationKey: ['git', 'pull', dir],
      async mutationFn() {
        const result = await invoke<PullResult>('cmd_git_pull', { dir });
        if (result.type !== 'needs_credentials') return result;
-        // Needs credentials, prompt for them
+        if (result.type === 'needs_credentials') {
-        const creds = await callbacks.promptCredentials(result);
+          const creds = await callbacks.promptCredentials(result);
-        if (creds == null) throw new Error('Canceled');
+          if (creds == null) throw new Error('Canceled');
-        await invoke('cmd_git_add_credential', {
+          await invoke('cmd_git_add_credential', {
-          remoteUrl: result.url,
+            remoteUrl: result.url,
-          username: creds.username,
+            username: creds.username,
-          password: creds.password,
+            password: creds.password,
-        });
+          });
-        // Pull again
+          // Pull again after credentials
-        return invoke<PullResult>('cmd_git_pull', { dir });
+          return invoke<PullResult>('cmd_git_pull', { dir });
        }
        if (result.type === 'uncommitted_changes') {
          callbacks.promptUncommittedChanges().then(async (strategy) => {
            if (strategy === 'cancel') return;
            await invoke('cmd_git_reset_changes', { dir });
            return invoke<PullResult>('cmd_git_pull', { dir });
          }).then(async () => { onSuccess(); await callbacks.forceSync(); }, handleError);
        }
        if (result.type === 'diverged') {
          callbacks.promptDiverged(result).then((strategy) => {
            if (strategy === 'cancel') return;
            if (strategy === 'force_reset') {
              return invoke<PullResult>('cmd_git_pull_force_reset', {
                dir,
                remote: result.remote,
                branch: result.branch,
              });
            }
            return invoke<PullResult>('cmd_git_pull_merge', {
              dir,
              remote: result.remote,
              branch: result.branch,
            });
          }).then(async () => { onSuccess(); await callbacks.forceSync(); }, handleError);
        }
        return result;
      },
      onSuccess,
    }),
@@ -169,6 +223,11 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
      mutationFn: (args) => invoke('cmd_git_unstage', { dir, ...args }),
      onSuccess,
    }),
    resetChanges: createFastMutation<void, string, void>({
      mutationKey: ['git', 'reset-changes', dir],
      mutationFn: () => invoke('cmd_git_reset_changes', { dir }),
      onSuccess,
    }),
  } as const;
 };
--- a/crates/yaak-git/src/lib.rs
+++ b/crates/yaak-git/src/lib.rs
@@ -13,6 +13,7 @@ mod pull;
 mod push;
 mod remotes;
 mod repository;
 mod reset;
 mod status;
 mod unstage;
 mod util;
@@ -29,8 +30,9 @@ pub use credential::git_add_credential;
 pub use fetch::git_fetch_all;
 pub use init::git_init;
 pub use log::{GitCommit, git_log};
-pub use pull::{PullResult, git_pull};
+pub use pull::{PullResult, git_pull, git_pull_force_reset, git_pull_merge};
 pub use push::{PushResult, git_push};
 pub use remotes::{GitRemote, git_add_remote, git_remotes, git_rm_remote};
 pub use reset::git_reset_changes;
 pub use status::{GitStatusSummary, git_status};
 pub use unstage::git_unstage;
--- a/crates/yaak-git/src/pull.rs
+++ b/crates/yaak-git/src/pull.rs
@@ -15,9 +15,23 @@ pub enum PullResult {
    Success { message: String },
    UpToDate,
    NeedsCredentials { url: String, error: Option<String> },
    Diverged { remote: String, branch: String },
    UncommittedChanges,
 }
 fn has_uncommitted_changes(dir: &Path) -> Result<bool> {
    let repo = open_repo(dir)?;
    let mut opts = git2::StatusOptions::new();
    opts.include_ignored(false).include_untracked(false);
    let statuses = repo.statuses(Some(&mut opts))?;
    Ok(statuses.iter().any(|e| e.status() != git2::Status::CURRENT))
 }
 pub async fn git_pull(dir: &Path) -> Result<PullResult> {
    if has_uncommitted_changes(dir)? {
        return Ok(PullResult::UncommittedChanges);
    }
    // Extract all git2 data before any await points (git2 types are not Send)
    let (branch_name, remote_name, remote_url) = {
        let repo = open_repo(dir)?;
@@ -30,42 +44,130 @@ pub async fn git_pull(dir: &Path) -> Result<PullResult> {
        (branch_name, remote_name, remote_url)
    };
-    let out = new_binary_command(dir)
+    // Step 1: fetch the specific branch
    // NOTE: We use fetch + merge instead of `git pull` to avoid conflicts with
    // global git config (e.g. pull.ff=only) and the background fetch --all.
    let fetch_out = new_binary_command(dir)
        .await?
-        .args(["pull", &remote_name, &branch_name])
+        .args(["fetch", &remote_name, &branch_name])
        .env("GIT_TERMINAL_PROMPT", "0")
        .output()
        .await
-        .map_err(|e| GenericError(format!("failed to run git pull: {e}")))?;
+        .map_err(|e| GenericError(format!("failed to run git fetch: {e}")))?;
-    let stdout = String::from_utf8_lossy(&out.stdout);
+    let fetch_stdout = String::from_utf8_lossy(&fetch_out.stdout);
-    let stderr = String::from_utf8_lossy(&out.stderr);
+    let fetch_stderr = String::from_utf8_lossy(&fetch_out.stderr);
-    let combined = stdout + stderr;
+    let fetch_combined = format!("{fetch_stdout}{fetch_stderr}");
-    info!("Pulled status={} {combined}", out.status);
+    info!("Fetched status={} {fetch_combined}", fetch_out.status);
-    if combined.to_lowercase().contains("could not read") {
+    if fetch_combined.to_lowercase().contains("could not read") {
        return Ok(PullResult::NeedsCredentials { url: remote_url.to_string(), error: None });
    }
-    if combined.to_lowercase().contains("unable to access") {
+    if fetch_combined.to_lowercase().contains("unable to access") {
        return Ok(PullResult::NeedsCredentials {
            url: remote_url.to_string(),
-            error: Some(combined.to_string()),
+            error: Some(fetch_combined.to_string()),
        });
    }
-    if !out.status.success() {
+    if !fetch_out.status.success() {
-        return Err(GenericError(format!("Failed to pull {combined}")));
+        return Err(GenericError(format!("Failed to fetch: {fetch_combined}")));
    }
-    if combined.to_lowercase().contains("up to date") {
+    // Step 2: merge the fetched branch
    let ref_name = format!("{}/{}", remote_name, branch_name);
    let merge_out = new_binary_command(dir)
        .await?
        .args(["merge", "--ff-only", &ref_name])
        .output()
        .await
        .map_err(|e| GenericError(format!("failed to run git merge: {e}")))?;
    let merge_stdout = String::from_utf8_lossy(&merge_out.stdout);
    let merge_stderr = String::from_utf8_lossy(&merge_out.stderr);
    let merge_combined = format!("{merge_stdout}{merge_stderr}");
    info!("Merged status={} {merge_combined}", merge_out.status);
    if !merge_out.status.success() {
        let merge_lower = merge_combined.to_lowercase();
        if merge_lower.contains("cannot fast-forward")
            || merge_lower.contains("not possible to fast-forward")
            || merge_lower.contains("diverged")
        {
            return Ok(PullResult::Diverged { remote: remote_name, branch: branch_name });
        }
        return Err(GenericError(format!("Failed to merge: {merge_combined}")));
    }
    if merge_combined.to_lowercase().contains("up to date") {
        return Ok(PullResult::UpToDate);
    }
    Ok(PullResult::Success { message: format!("Pulled from {}/{}", remote_name, branch_name) })
 }
 pub async fn git_pull_force_reset(dir: &Path, remote: &str, branch: &str) -> Result<PullResult> {
    // Step 1: fetch the remote
    let fetch_out = new_binary_command(dir)
        .await?
        .args(["fetch", remote])
        .env("GIT_TERMINAL_PROMPT", "0")
        .output()
        .await
        .map_err(|e| GenericError(format!("failed to run git fetch: {e}")))?;
    if !fetch_out.status.success() {
        let stderr = String::from_utf8_lossy(&fetch_out.stderr);
        return Err(GenericError(format!("Failed to fetch: {stderr}")));
    }
    // Step 2: reset --hard to remote/branch
    let ref_name = format!("{}/{}", remote, branch);
    let reset_out = new_binary_command(dir)
        .await?
        .args(["reset", "--hard", &ref_name])
        .output()
        .await
        .map_err(|e| GenericError(format!("failed to run git reset: {e}")))?;
    if !reset_out.status.success() {
        let stderr = String::from_utf8_lossy(&reset_out.stderr);
        return Err(GenericError(format!("Failed to reset: {}", stderr.trim())));
    }
    Ok(PullResult::Success { message: format!("Reset to {}/{}", remote, branch) })
 }
 pub async fn git_pull_merge(dir: &Path, remote: &str, branch: &str) -> Result<PullResult> {
    let out = new_binary_command(dir)
        .await?
        .args(["pull", "--no-rebase", remote, branch])
        .env("GIT_TERMINAL_PROMPT", "0")
        .output()
        .await
        .map_err(|e| GenericError(format!("failed to run git pull --no-rebase: {e}")))?;
    let stdout = String::from_utf8_lossy(&out.stdout);
    let stderr = String::from_utf8_lossy(&out.stderr);
    let combined = format!("{}{}", stdout, stderr);
    info!("Pull merge status={} {combined}", out.status);
    if !out.status.success() {
        if combined.to_lowercase().contains("conflict") {
            return Err(GenericError(
                "Merge conflicts detected. Please resolve them manually.".to_string(),
            ));
        }
        return Err(GenericError(format!("Failed to merge pull: {}", combined.trim())));
    }
    Ok(PullResult::Success { message: format!("Merged from {}/{}", remote, branch) })
 }
 // pub(crate) fn git_pull_old(dir: &Path) -> Result<PullResult> {
 //     let repo = open_repo(dir)?;
 //
--- a/crates/yaak-git/src/reset.rs
+++ b/crates/yaak-git/src/reset.rs
@@ -0,0 +1,20 @@
 use crate::binary::new_binary_command;
 use crate::error::Error::GenericError;
 use crate::error::Result;
 use std::path::Path;
 pub async fn git_reset_changes(dir: &Path) -> Result<()> {
    let out = new_binary_command(dir)
        .await?
        .args(["reset", "--hard", "HEAD"])
        .output()
        .await
        .map_err(|e| GenericError(format!("failed to run git reset: {e}")))?;
    if !out.status.success() {
        let stderr = String::from_utf8_lossy(&out.stderr);
        return Err(GenericError(format!("Failed to reset: {}", stderr.trim())));
    }
    Ok(())
 }
--- a/crates/yaak-git/src/status.rs
+++ b/crates/yaak-git/src/status.rs
@@ -18,6 +18,8 @@ pub struct GitStatusSummary {
    pub origins: Vec<String>,
    pub local_branches: Vec<String>,
    pub remote_branches: Vec<String>,
    pub ahead: u32,
    pub behind: u32,
 }
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize, TS)]
@@ -160,6 +162,18 @@ pub fn git_status(dir: &Path) -> crate::error::Result<GitStatusSummary> {
    let local_branches = local_branch_names(&repo)?;
    let remote_branches = remote_branch_names(&repo)?;
    // Compute ahead/behind relative to remote tracking branch
    let (ahead, behind) = (|| -> Option<(usize, usize)> {
        let head = repo.head().ok()?;
        let local_oid = head.target()?;
        let branch_name = head.shorthand()?;
        let upstream_ref =
            repo.find_branch(&format!("origin/{branch_name}"), git2::BranchType::Remote).ok()?;
        let upstream_oid = upstream_ref.get().target()?;
        repo.graph_ahead_behind(local_oid, upstream_oid).ok()
    })()
    .unwrap_or((0, 0));
    Ok(GitStatusSummary {
        entries,
        origins,
@@ -168,5 +182,7 @@ pub fn git_status(dir: &Path) -> crate::error::Result<GitStatusSummary> {
        head_ref_shorthand,
        local_branches,
        remote_branches,
        ahead: ahead as u32,
        behind: behind as u32,
    })
 }
--- a/crates/yaak-http/Cargo.toml
+++ b/crates/yaak-http/Cargo.toml
@@ -8,10 +8,11 @@ publish = false
 async-compression = { version = "0.4", features = ["tokio", "gzip", "deflate", "brotli", "zstd"] }
 async-trait = "0.1"
 brotli = "7"
-bytes = "1.5.0"
+bytes = "1.11.1"
 cookie = "0.18.1"
 flate2 = "1"
 futures-util = "0.3"
 http-body = "1"
 url = "2"
 zstd = "0.13"
 hyper-util = { version = "0.1.17", default-features = false, features = ["client-legacy"] }
--- a/crates/yaak-http/src/sender.rs
+++ b/crates/yaak-http/src/sender.rs
@@ -2,7 +2,9 @@ use crate::decompress::{ContentEncoding, streaming_decoder};
 use crate::error::{Error, Result};
 use crate::types::{SendableBody, SendableHttpRequest};
 use async_trait::async_trait;
 use bytes::Bytes;
 use futures_util::StreamExt;
 use http_body::{Body as HttpBody, Frame, SizeHint};
 use reqwest::{Client, Method, Version};
 use std::fmt::Display;
 use std::pin::Pin;
@@ -72,15 +74,31 @@ impl Display for HttpResponseEvent {
                };
                write!(f, "* Redirect {} -> {} ({})", status, url, behavior_str)
            }
-            HttpResponseEvent::SendUrl { method, scheme, username, password, host, port, path, query, fragment } => {
+            HttpResponseEvent::SendUrl {
                method,
                scheme,
                username,
                password,
                host,
                port,
                path,
                query,
                fragment,
            } => {
                let auth_str = if username.is_empty() && password.is_empty() {
                    String::new()
                } else {
                    format!("{}:{}@", username, password)
                };
-                let query_str = if query.is_empty() { String::new() } else { format!("?{}", query) };
+                let query_str =
-                let fragment_str = if fragment.is_empty() { String::new() } else { format!("#{}", fragment) };
+                    if query.is_empty() { String::new() } else { format!("?{}", query) };
-                write!(f, "> {} {}://{}{}:{}{}{}{}", method, scheme, auth_str, host, port, path, query_str, fragment_str)
+                let fragment_str =
                    if fragment.is_empty() { String::new() } else { format!("#{}", fragment) };
                write!(
                    f,
                    "> {} {}://{}{}:{}{}{}{}",
                    method, scheme, auth_str, host, port, path, query_str, fragment_str
                )
            }
            HttpResponseEvent::ReceiveUrl { version, status } => {
                write!(f, "< {} {}", version_to_str(version), status)
@@ -120,7 +138,17 @@ impl From<HttpResponseEvent> for yaak_models::models::HttpResponseEventData {
                    RedirectBehavior::DropBody => "drop_body".to_string(),
                },
            },
-            HttpResponseEvent::SendUrl { method, scheme, username, password, host, port, path, query, fragment } => {
+            HttpResponseEvent::SendUrl {
                method,
                scheme,
                username,
                password,
                host,
                port,
                path,
                query,
                fragment,
            } => {
                D::SendUrl { method, scheme, username, password, host, port, path, query, fragment }
            }
            HttpResponseEvent::ReceiveUrl { version, status } => {
@@ -413,10 +441,16 @@ impl HttpSender for ReqwestSender {
            Some(SendableBody::Bytes(bytes)) => {
                req_builder = req_builder.body(bytes);
            }
-            Some(SendableBody::Stream(stream)) => {
+            Some(SendableBody::Stream { data, content_length }) => {
-                // Convert AsyncRead stream to reqwest Body
+                // Convert AsyncRead stream to reqwest Body. If content length is
-                let stream = tokio_util::io::ReaderStream::new(stream);
+                // known, wrap with a SizedBody so hyper can set Content-Length
-                let body = reqwest::Body::wrap_stream(stream);
+                // automatically (for both HTTP/1.1 and HTTP/2).
                let stream = tokio_util::io::ReaderStream::new(data);
                let body = if let Some(len) = content_length {
                    reqwest::Body::wrap(SizedBody::new(stream, len))
                } else {
                    reqwest::Body::wrap_stream(stream)
                };
                req_builder = req_builder.body(body);
            }
        }
@@ -520,6 +554,54 @@ impl HttpSender for ReqwestSender {
    }
 }
 /// A wrapper around a byte stream that reports a known content length via
 /// `size_hint()`. This lets hyper set the `Content-Length` header
 /// automatically based on the body size, without us having to add it as an
 /// explicit header — which can cause duplicate `Content-Length` headers and
 /// break HTTP/2.
 struct SizedBody<S> {
    stream: std::sync::Mutex<S>,
    remaining: u64,
 }
 impl<S> SizedBody<S> {
    fn new(stream: S, content_length: u64) -> Self {
        Self { stream: std::sync::Mutex::new(stream), remaining: content_length }
    }
 }
 impl<S> HttpBody for SizedBody<S>
 where
    S: futures_util::Stream<Item = std::result::Result<Bytes, std::io::Error>>
        + Send
        + Unpin
        + 'static,
 {
    type Data = Bytes;
    type Error = std::io::Error;
    fn poll_frame(
        self: Pin<&mut Self>,
        cx: &mut Context<'_>,
    ) -> Poll<Option<std::result::Result<Frame<Self::Data>, Self::Error>>> {
        let this = self.get_mut();
        let mut stream = this.stream.lock().unwrap();
        match stream.poll_next_unpin(cx) {
            Poll::Ready(Some(Ok(chunk))) => {
                this.remaining = this.remaining.saturating_sub(chunk.len() as u64);
                Poll::Ready(Some(Ok(Frame::data(chunk))))
            }
            Poll::Ready(Some(Err(e))) => Poll::Ready(Some(Err(e))),
            Poll::Ready(None) => Poll::Ready(None),
            Poll::Pending => Poll::Pending,
        }
    }
    fn size_hint(&self) -> SizeHint {
        SizeHint::with_exact(self.remaining)
    }
 }
 fn version_to_str(version: &Version) -> String {
    match *version {
        Version::HTTP_09 => "HTTP/0.9".to_string(),
--- a/crates/yaak-http/src/transaction.rs
+++ b/crates/yaak-http/src/transaction.rs
@@ -168,6 +168,7 @@ impl<S: HttpSender> HttpTransaction<S> {
            response.drain().await?;
            // Update the request URL
            let previous_url = current_url.clone();
            current_url = if location.starts_with("http://") || location.starts_with("https://") {
                // Absolute URL
                location
@@ -181,6 +182,8 @@ impl<S: HttpSender> HttpTransaction<S> {
                format!("{}/{}", base_path, location)
            };
            Self::remove_sensitive_headers(&mut current_headers, &previous_url, &current_url);
            // Determine redirect behavior based on status code and method
            let behavior = if status == 303 {
                // 303 See Other always changes to GET
@@ -220,6 +223,33 @@ impl<S: HttpSender> HttpTransaction<S> {
        }
    }
    /// Remove sensitive headers when redirecting to a different host.
    /// This matches reqwest's `remove_sensitive_headers()` behavior and prevents
    /// credentials from being forwarded to third-party servers (e.g., an
    /// Authorization header sent from an API redirect to an S3 bucket).
    fn remove_sensitive_headers(
        headers: &mut Vec<(String, String)>,
        previous_url: &str,
        next_url: &str,
    ) {
        let previous_host = Url::parse(previous_url).ok().and_then(|u| {
            u.host_str().map(|h| format!("{}:{}", h, u.port_or_known_default().unwrap_or(0)))
        });
        let next_host = Url::parse(next_url).ok().and_then(|u| {
            u.host_str().map(|h| format!("{}:{}", h, u.port_or_known_default().unwrap_or(0)))
        });
        if previous_host != next_host {
            headers.retain(|h| {
                let name_lower = h.0.to_lowercase();
                name_lower != "authorization"
                    && name_lower != "cookie"
                    && name_lower != "cookie2"
                    && name_lower != "proxy-authorization"
                    && name_lower != "www-authenticate"
            });
        }
    }
    /// Check if a status code indicates a redirect
    fn is_redirect(status: u16) -> bool {
        matches!(status, 301 | 302 | 303 | 307 | 308)
@@ -269,9 +299,20 @@ mod tests {
    use tokio::io::AsyncRead;
    use tokio::sync::Mutex;
    /// Captured request metadata for test assertions
    #[derive(Debug, Clone)]
    #[allow(dead_code)]
    struct CapturedRequest {
        url: String,
        method: String,
        headers: Vec<(String, String)>,
    }
    /// Mock sender for testing
    struct MockSender {
        responses: Arc<Mutex<Vec<MockResponse>>>,
        /// Captured requests for assertions
        captured_requests: Arc<Mutex<Vec<CapturedRequest>>>,
    }
    struct MockResponse {
@@ -282,7 +323,10 @@ mod tests {
    impl MockSender {
        fn new(responses: Vec<MockResponse>) -> Self {
-            Self { responses: Arc::new(Mutex::new(responses)) }
+            Self {
                responses: Arc::new(Mutex::new(responses)),
                captured_requests: Arc::new(Mutex::new(Vec::new())),
            }
        }
    }
@@ -290,9 +334,16 @@ mod tests {
    impl HttpSender for MockSender {
        async fn send(
            &self,
-            _request: SendableHttpRequest,
+            request: SendableHttpRequest,
            _event_tx: mpsc::Sender<HttpResponseEvent>,
        ) -> Result<HttpResponse> {
            // Capture the request metadata for later assertions
            self.captured_requests.lock().await.push(CapturedRequest {
                url: request.url.clone(),
                method: request.method.clone(),
                headers: request.headers.clone(),
            });
            let mut responses = self.responses.lock().await;
            if responses.is_empty() {
                Err(crate::error::Error::RequestError("No more mock responses".to_string()))
@@ -726,4 +777,116 @@ mod tests {
        assert!(result.is_ok());
        assert_eq!(request_count.load(Ordering::SeqCst), 2);
    }
    #[tokio::test]
    async fn test_cross_origin_redirect_strips_auth_headers() {
        // Redirect from api.example.com -> s3.amazonaws.com should strip Authorization
        let responses = vec![
            MockResponse {
                status: 302,
                headers: vec![(
                    "Location".to_string(),
                    "https://s3.amazonaws.com/bucket/file.pdf".to_string(),
                )],
                body: vec![],
            },
            MockResponse { status: 200, headers: Vec::new(), body: b"PDF content".to_vec() },
        ];
        let sender = MockSender::new(responses);
        let captured = sender.captured_requests.clone();
        let transaction = HttpTransaction::new(sender);
        let request = SendableHttpRequest {
            url: "https://api.example.com/download".to_string(),
            method: "GET".to_string(),
            headers: vec![
                ("Authorization".to_string(), "Basic dXNlcjpwYXNz".to_string()),
                ("Accept".to_string(), "application/pdf".to_string()),
            ],
            options: crate::types::SendableHttpRequestOptions {
                follow_redirects: true,
                ..Default::default()
            },
            ..Default::default()
        };
        let (_tx, rx) = tokio::sync::watch::channel(false);
        let (event_tx, _event_rx) = mpsc::channel(100);
        let result = transaction.execute_with_cancellation(request, rx, event_tx).await.unwrap();
        assert_eq!(result.status, 200);
        let requests = captured.lock().await;
        assert_eq!(requests.len(), 2);
        // First request should have the Authorization header
        assert!(
            requests[0].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("authorization")),
            "First request should have Authorization header"
        );
        // Second request (to different host) should NOT have the Authorization header
        assert!(
            !requests[1].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("authorization")),
            "Redirected request to different host should NOT have Authorization header"
        );
        // Non-sensitive headers should still be present
        assert!(
            requests[1].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("accept")),
            "Non-sensitive headers should be preserved across cross-origin redirects"
        );
    }
    #[tokio::test]
    async fn test_same_origin_redirect_preserves_auth_headers() {
        // Redirect within the same host should keep Authorization
        let responses = vec![
            MockResponse {
                status: 302,
                headers: vec![(
                    "Location".to_string(),
                    "https://api.example.com/v2/download".to_string(),
                )],
                body: vec![],
            },
            MockResponse { status: 200, headers: Vec::new(), body: b"OK".to_vec() },
        ];
        let sender = MockSender::new(responses);
        let captured = sender.captured_requests.clone();
        let transaction = HttpTransaction::new(sender);
        let request = SendableHttpRequest {
            url: "https://api.example.com/v1/download".to_string(),
            method: "GET".to_string(),
            headers: vec![
                ("Authorization".to_string(), "Bearer token123".to_string()),
                ("Accept".to_string(), "application/json".to_string()),
            ],
            options: crate::types::SendableHttpRequestOptions {
                follow_redirects: true,
                ..Default::default()
            },
            ..Default::default()
        };
        let (_tx, rx) = tokio::sync::watch::channel(false);
        let (event_tx, _event_rx) = mpsc::channel(100);
        let result = transaction.execute_with_cancellation(request, rx, event_tx).await.unwrap();
        assert_eq!(result.status, 200);
        let requests = captured.lock().await;
        assert_eq!(requests.len(), 2);
        // Both requests should have the Authorization header (same host)
        assert!(
            requests[0].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("authorization")),
            "First request should have Authorization header"
        );
        assert!(
            requests[1].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("authorization")),
            "Redirected request to same host should preserve Authorization header"
        );
    }
 }
--- a/crates/yaak-http/src/types.rs
+++ b/crates/yaak-http/src/types.rs
@@ -16,7 +16,13 @@ pub(crate) const MULTIPART_BOUNDARY: &str = "------YaakFormBoundary";
 pub enum SendableBody {
    Bytes(Bytes),
-    Stream(Pin<Box<dyn AsyncRead + Send + 'static>>),
+    Stream {
        data: Pin<Box<dyn AsyncRead + Send + 'static>>,
        /// Known content length for the stream, if available. This is used by
        /// the sender to set the body size hint so that hyper can set
        /// Content-Length automatically for both HTTP/1.1 and HTTP/2.
        content_length: Option<u64>,
    },
 }
 enum SendableBodyWithMeta {
@@ -31,7 +37,9 @@ impl From<SendableBodyWithMeta> for SendableBody {
    fn from(value: SendableBodyWithMeta) -> Self {
        match value {
            SendableBodyWithMeta::Bytes(b) => SendableBody::Bytes(b),
-            SendableBodyWithMeta::Stream { data, .. } => SendableBody::Stream(data),
+            SendableBodyWithMeta::Stream { data, content_length } => {
                SendableBody::Stream { data, content_length: content_length.map(|l| l as u64) }
            }
        }
    }
 }
@@ -186,23 +194,11 @@ async fn build_body(
        }
    }
-    // Check if Transfer-Encoding: chunked is already set
+    // NOTE: Content-Length is NOT set as an explicit header here. Instead, the
-    let has_chunked_encoding = headers.iter().any(|h| {
+    // body's content length is carried via SendableBody::Stream { content_length }
-        h.0.to_lowercase() == "transfer-encoding" && h.1.to_lowercase().contains("chunked")
+    // and used by the sender to set the body size hint. This lets hyper handle
-    });
+    // Content-Length automatically for both HTTP/1.1 and HTTP/2, avoiding the
-
+    // duplicate Content-Length that breaks HTTP/2 servers.
    // Add a Content-Length header only if chunked encoding is not being used
    if !has_chunked_encoding {
        let content_length = match body {
            Some(SendableBodyWithMeta::Bytes(ref bytes)) => Some(bytes.len()),
            Some(SendableBodyWithMeta::Stream { content_length, .. }) => content_length,
            None => None,
        };
        if let Some(cl) = content_length {
            headers.push(("Content-Length".to_string(), cl.to_string()));
        }
    }
    Ok((body.map(|b| b.into()), headers))
 }
@@ -928,7 +924,27 @@ mod tests {
    }
    #[tokio::test]
-    async fn test_no_content_length_with_chunked_encoding() -> Result<()> {
+    async fn test_no_content_length_header_added_by_build_body() -> Result<()> {
        let mut body = BTreeMap::new();
        body.insert("text".to_string(), json!("Hello, World!"));
        let headers = vec![];
        let (_, result_headers) =
            build_body("POST", &Some("text/plain".to_string()), &body, headers).await?;
        // Content-Length should NOT be set as an explicit header. Instead, the
        // sender uses the body's size_hint to let hyper set it automatically,
        // which works correctly for both HTTP/1.1 and HTTP/2.
        let has_content_length =
            result_headers.iter().any(|h| h.0.to_lowercase() == "content-length");
        assert!(!has_content_length, "Content-Length should not be set as an explicit header");
        Ok(())
    }
    #[tokio::test]
    async fn test_chunked_encoding_header_preserved() -> Result<()> {
        let mut body = BTreeMap::new();
        body.insert("text".to_string(), json!("Hello, World!"));
@@ -938,11 +954,6 @@ mod tests {
        let (_, result_headers) =
            build_body("POST", &Some("text/plain".to_string()), &body, headers).await?;
        // Verify that Content-Length is NOT present when Transfer-Encoding: chunked is set
        let has_content_length =
            result_headers.iter().any(|h| h.0.to_lowercase() == "content-length");
        assert!(!has_content_length, "Content-Length should not be present with chunked encoding");
        // Verify that the Transfer-Encoding header is still present
        let has_chunked = result_headers.iter().any(|h| {
            h.0.to_lowercase() == "transfer-encoding" && h.1.to_lowercase().contains("chunked")
@@ -951,31 +962,4 @@ mod tests {
        Ok(())
    }
    #[tokio::test]
    async fn test_content_length_without_chunked_encoding() -> Result<()> {
        let mut body = BTreeMap::new();
        body.insert("text".to_string(), json!("Hello, World!"));
        // Headers without Transfer-Encoding: chunked
        let headers = vec![];
        let (_, result_headers) =
            build_body("POST", &Some("text/plain".to_string()), &body, headers).await?;
        // Verify that Content-Length IS present when Transfer-Encoding: chunked is NOT set
        let content_length_header =
            result_headers.iter().find(|h| h.0.to_lowercase() == "content-length");
        assert!(
            content_length_header.is_some(),
            "Content-Length should be present without chunked encoding"
        );
        assert_eq!(
            content_length_header.unwrap().1,
            "13",
            "Content-Length should match the body size"
        );
        Ok(())
    }
 }
--- a/crates/yaak-models/build.rs
+++ b/crates/yaak-models/build.rs
@@ -0,0 +1,5 @@
 fn main() {
    // Migrations are embedded with include_dir!, so trigger rebuilds when SQL files change.
    println!("cargo:rerun-if-changed=migrations");
    println!("cargo:rerun-if-changed=blob_migrations");
 }
--- a/crates/yaak-models/migrations/20260216000000_model-changes.sql
+++ b/crates/yaak-models/migrations/20260216000000_model-changes.sql
@@ -0,0 +1,12 @@
 CREATE TABLE model_changes
 (
    id            INTEGER PRIMARY KEY AUTOINCREMENT,
    model         TEXT                                                    NOT NULL,
    model_id      TEXT                                                    NOT NULL,
    change        TEXT                                                    NOT NULL,
    update_source TEXT                                                    NOT NULL,
    payload       TEXT                                                    NOT NULL,
    created_at    DATETIME DEFAULT (STRFTIME('%Y-%m-%d %H:%M:%f', 'NOW')) NOT NULL
 );
 CREATE INDEX idx_model_changes_created_at ON model_changes (created_at);
--- a/crates/yaak-models/migrations/20260217000000_remove-legacy-faker-plugin.sql
+++ b/crates/yaak-models/migrations/20260217000000_remove-legacy-faker-plugin.sql
@@ -0,0 +1,3 @@
 -- Remove stale plugin rows left over from the brief period when faker shipped as bundled.
 DELETE FROM plugins
 WHERE directory LIKE '%template-function-faker';
--- a/crates/yaak-models/src/db_context.rs
+++ b/crates/yaak-models/src/db_context.rs
@@ -3,8 +3,7 @@ use crate::error::Error::ModelNotFound;
 use crate::error::Result;
 use crate::models::{AnyModel, UpsertModelInfo};
 use crate::util::{ModelChangeEvent, ModelPayload, UpdateSource};
-use log::error;
+use rusqlite::{OptionalExtension, params};
 use rusqlite::OptionalExtension;
 use sea_query::{
    Asterisk, Expr, Func, IntoColumnRef, IntoIden, IntoTableRef, OnConflict, Query, SimpleExpr,
    SqliteQueryBuilder,
@@ -14,7 +13,7 @@ use std::fmt::Debug;
 use std::sync::mpsc;
 pub struct DbContext<'a> {
-    pub(crate) events_tx: mpsc::Sender<ModelPayload>,
+    pub(crate) _events_tx: mpsc::Sender<ModelPayload>,
    pub(crate) conn: ConnectionOrTx<'a>,
 }
@@ -180,9 +179,8 @@ impl<'a> DbContext<'a> {
            change: ModelChangeEvent::Upsert { created },
        };
-        if let Err(e) = self.events_tx.send(payload.clone()) {
+        self.record_model_change(&payload)?;
-            error!("Failed to send model change {source:?}: {e:?}");
+        let _ = self._events_tx.send(payload);
        }
        Ok(m)
    }
@@ -203,9 +201,31 @@ impl<'a> DbContext<'a> {
            change: ModelChangeEvent::Delete,
        };
-        if let Err(e) = self.events_tx.send(payload) {
+        self.record_model_change(&payload)?;
-            error!("Failed to send model change {source:?}: {e:?}");
+        let _ = self._events_tx.send(payload);
-        }
+
        Ok(m.clone())
    }
    fn record_model_change(&self, payload: &ModelPayload) -> Result<()> {
        let payload_json = serde_json::to_string(payload)?;
        let source_json = serde_json::to_string(&payload.update_source)?;
        let change_json = serde_json::to_string(&payload.change)?;
        self.conn.resolve().execute(
            r#"
                INSERT INTO model_changes (model, model_id, change, update_source, payload)
                VALUES (?1, ?2, ?3, ?4, ?5)
            "#,
            params![
                payload.model.model(),
                payload.model.id(),
                change_json,
                source_json,
                payload_json,
            ],
        )?;
        Ok(())
    }
 }
--- a/crates/yaak-models/src/models.rs
+++ b/crates/yaak-models/src/models.rs
@@ -2347,6 +2347,15 @@ macro_rules! define_any_model {
                    )*
                }
            }
            #[inline]
            pub fn model(&self) -> &str {
                match self {
                    $(
                        AnyModel::$type(inner) => &inner.model,
                    )*
                }
            }
        }
        $(
@@ -2400,30 +2409,29 @@ impl<'de> Deserialize<'de> for AnyModel {
    {
        let value = Value::deserialize(deserializer)?;
        let model = value.as_object().unwrap();
        use AnyModel::*;
        use serde_json::from_value as fv;
        let model = match model.get("model") {
-            Some(m) if m == "cookie_jar" => AnyModel::CookieJar(fv(value).unwrap()),
+            Some(m) if m == "cookie_jar" => CookieJar(fv(value).unwrap()),
-            Some(m) if m == "environment" => AnyModel::Environment(fv(value).unwrap()),
+            Some(m) if m == "environment" => Environment(fv(value).unwrap()),
-            Some(m) if m == "folder" => AnyModel::Folder(fv(value).unwrap()),
+            Some(m) if m == "folder" => Folder(fv(value).unwrap()),
-            Some(m) if m == "graphql_introspection" => {
+            Some(m) if m == "graphql_introspection" => GraphQlIntrospection(fv(value).unwrap()),
-                AnyModel::GraphQlIntrospection(fv(value).unwrap())
+            Some(m) if m == "grpc_connection" => GrpcConnection(fv(value).unwrap()),
-            }
+            Some(m) if m == "grpc_event" => GrpcEvent(fv(value).unwrap()),
-            Some(m) if m == "grpc_connection" => AnyModel::GrpcConnection(fv(value).unwrap()),
+            Some(m) if m == "grpc_request" => GrpcRequest(fv(value).unwrap()),
-            Some(m) if m == "grpc_event" => AnyModel::GrpcEvent(fv(value).unwrap()),
+            Some(m) if m == "http_request" => HttpRequest(fv(value).unwrap()),
-            Some(m) if m == "grpc_request" => AnyModel::GrpcRequest(fv(value).unwrap()),
+            Some(m) if m == "http_response" => HttpResponse(fv(value).unwrap()),
-            Some(m) if m == "http_request" => AnyModel::HttpRequest(fv(value).unwrap()),
+            Some(m) if m == "http_response_event" => HttpResponseEvent(fv(value).unwrap()),
-            Some(m) if m == "http_response" => AnyModel::HttpResponse(fv(value).unwrap()),
+            Some(m) if m == "key_value" => KeyValue(fv(value).unwrap()),
-            Some(m) if m == "key_value" => AnyModel::KeyValue(fv(value).unwrap()),
+            Some(m) if m == "plugin" => Plugin(fv(value).unwrap()),
-            Some(m) if m == "plugin" => AnyModel::Plugin(fv(value).unwrap()),
+            Some(m) if m == "settings" => Settings(fv(value).unwrap()),
-            Some(m) if m == "settings" => AnyModel::Settings(fv(value).unwrap()),
+            Some(m) if m == "sync_state" => SyncState(fv(value).unwrap()),
-            Some(m) if m == "websocket_connection" => {
+            Some(m) if m == "websocket_connection" => WebsocketConnection(fv(value).unwrap()),
-                AnyModel::WebsocketConnection(fv(value).unwrap())
+            Some(m) if m == "websocket_event" => WebsocketEvent(fv(value).unwrap()),
-            }
+            Some(m) if m == "websocket_request" => WebsocketRequest(fv(value).unwrap()),
-            Some(m) if m == "websocket_event" => AnyModel::WebsocketEvent(fv(value).unwrap()),
+            Some(m) if m == "workspace" => Workspace(fv(value).unwrap()),
-            Some(m) if m == "websocket_request" => AnyModel::WebsocketRequest(fv(value).unwrap()),
+            Some(m) if m == "workspace_meta" => WorkspaceMeta(fv(value).unwrap()),
            Some(m) if m == "workspace" => AnyModel::Workspace(fv(value).unwrap()),
            Some(m) if m == "workspace_meta" => AnyModel::WorkspaceMeta(fv(value).unwrap()),
            Some(m) => {
                return Err(serde::de::Error::custom(format!(
                    "Failed to deserialize AnyModel {}",
--- a/crates/yaak-models/src/queries/mod.rs
+++ b/crates/yaak-models/src/queries/mod.rs
@@ -11,6 +11,7 @@ mod http_requests;
 mod http_response_events;
 mod http_responses;
 mod key_values;
 mod model_changes;
 mod plugin_key_values;
 mod plugins;
 mod settings;
@@ -20,6 +21,7 @@ mod websocket_events;
 mod websocket_requests;
 mod workspace_metas;
 pub mod workspaces;
 pub use model_changes::PersistedModelChange;
 const MAX_HISTORY_ITEMS: usize = 20;
--- a/crates/yaak-models/src/queries/model_changes.rs
+++ b/crates/yaak-models/src/queries/model_changes.rs
@@ -0,0 +1,289 @@
 use crate::db_context::DbContext;
 use crate::error::Result;
 use crate::util::ModelPayload;
 use rusqlite::params;
 use rusqlite::types::Type;
 #[derive(Debug, Clone)]
 pub struct PersistedModelChange {
    pub id: i64,
    pub created_at: String,
    pub payload: ModelPayload,
 }
 impl<'a> DbContext<'a> {
    pub fn list_model_changes_after(
        &self,
        after_id: i64,
        limit: usize,
    ) -> Result<Vec<PersistedModelChange>> {
        let mut stmt = self.conn.prepare(
            r#"
                SELECT id, created_at, payload
                FROM model_changes
                WHERE id > ?1
                ORDER BY id ASC
                LIMIT ?2
            "#,
        )?;
        let items = stmt.query_map(params![after_id, limit as i64], |row| {
            let id: i64 = row.get(0)?;
            let created_at: String = row.get(1)?;
            let payload_raw: String = row.get(2)?;
            let payload = serde_json::from_str::<ModelPayload>(&payload_raw).map_err(|e| {
                rusqlite::Error::FromSqlConversionFailure(2, Type::Text, Box::new(e))
            })?;
            Ok(PersistedModelChange { id, created_at, payload })
        })?;
        Ok(items.collect::<std::result::Result<Vec<_>, rusqlite::Error>>()?)
    }
    pub fn list_model_changes_since(
        &self,
        since_created_at: &str,
        since_id: i64,
        limit: usize,
    ) -> Result<Vec<PersistedModelChange>> {
        let mut stmt = self.conn.prepare(
            r#"
                SELECT id, created_at, payload
                FROM model_changes
                WHERE created_at > ?1
                   OR (created_at = ?1 AND id > ?2)
                ORDER BY created_at ASC, id ASC
                LIMIT ?3
            "#,
        )?;
        let items = stmt.query_map(params![since_created_at, since_id, limit as i64], |row| {
            let id: i64 = row.get(0)?;
            let created_at: String = row.get(1)?;
            let payload_raw: String = row.get(2)?;
            let payload = serde_json::from_str::<ModelPayload>(&payload_raw).map_err(|e| {
                rusqlite::Error::FromSqlConversionFailure(2, Type::Text, Box::new(e))
            })?;
            Ok(PersistedModelChange { id, created_at, payload })
        })?;
        Ok(items.collect::<std::result::Result<Vec<_>, rusqlite::Error>>()?)
    }
    pub fn prune_model_changes_older_than_days(&self, days: i64) -> Result<usize> {
        let offset = format!("-{days} days");
        Ok(self.conn.resolve().execute(
            r#"
                DELETE FROM model_changes
                WHERE created_at < STRFTIME('%Y-%m-%d %H:%M:%f', 'NOW', ?1)
            "#,
            params![offset],
        )?)
    }
    pub fn prune_model_changes_older_than_hours(&self, hours: i64) -> Result<usize> {
        let offset = format!("-{hours} hours");
        Ok(self.conn.resolve().execute(
            r#"
                DELETE FROM model_changes
                WHERE created_at < STRFTIME('%Y-%m-%d %H:%M:%f', 'NOW', ?1)
            "#,
            params![offset],
        )?)
    }
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    use crate::init_in_memory;
    use crate::models::Workspace;
    use crate::util::{ModelChangeEvent, UpdateSource};
    use serde_json::json;
    #[test]
    fn records_model_changes_for_upsert_and_delete() {
        let (query_manager, _blob_manager, _rx) = init_in_memory().expect("Failed to init DB");
        let db = query_manager.connect();
        let workspace = db
            .upsert_workspace(
                &Workspace {
                    name: "Changes Test".to_string(),
                    setting_follow_redirects: true,
                    setting_validate_certificates: true,
                    ..Default::default()
                },
                &UpdateSource::Sync,
            )
            .expect("Failed to upsert workspace");
        let created_changes = db.list_model_changes_after(0, 10).expect("Failed to list changes");
        assert_eq!(created_changes.len(), 1);
        assert_eq!(created_changes[0].payload.model.id(), workspace.id);
        assert_eq!(created_changes[0].payload.model.model(), "workspace");
        assert!(matches!(
            created_changes[0].payload.change,
            ModelChangeEvent::Upsert { created: true }
        ));
        assert!(matches!(created_changes[0].payload.update_source, UpdateSource::Sync));
        db.delete_workspace_by_id(&workspace.id, &UpdateSource::Sync)
            .expect("Failed to delete workspace");
        let all_changes = db.list_model_changes_after(0, 10).expect("Failed to list changes");
        assert_eq!(all_changes.len(), 2);
        assert!(matches!(all_changes[1].payload.change, ModelChangeEvent::Delete));
        assert!(all_changes[1].id > all_changes[0].id);
        let changes_after_first = db
            .list_model_changes_after(all_changes[0].id, 10)
            .expect("Failed to list changes after cursor");
        assert_eq!(changes_after_first.len(), 1);
        assert!(matches!(changes_after_first[0].payload.change, ModelChangeEvent::Delete));
    }
    #[test]
    fn prunes_old_model_changes() {
        let (query_manager, _blob_manager, _rx) = init_in_memory().expect("Failed to init DB");
        let db = query_manager.connect();
        db.upsert_workspace(
            &Workspace {
                name: "Prune Test".to_string(),
                setting_follow_redirects: true,
                setting_validate_certificates: true,
                ..Default::default()
            },
            &UpdateSource::Sync,
        )
        .expect("Failed to upsert workspace");
        let changes = db.list_model_changes_after(0, 10).expect("Failed to list changes");
        assert_eq!(changes.len(), 1);
        db.conn
            .resolve()
            .execute(
                "UPDATE model_changes SET created_at = '2000-01-01 00:00:00.000' WHERE id = ?1",
                params![changes[0].id],
            )
            .expect("Failed to age model change row");
        let pruned =
            db.prune_model_changes_older_than_days(30).expect("Failed to prune model changes");
        assert_eq!(pruned, 1);
        assert!(db.list_model_changes_after(0, 10).expect("Failed to list changes").is_empty());
    }
    #[test]
    fn list_model_changes_since_uses_timestamp_with_id_tiebreaker() {
        let (query_manager, _blob_manager, _rx) = init_in_memory().expect("Failed to init DB");
        let db = query_manager.connect();
        let workspace = db
            .upsert_workspace(
                &Workspace {
                    name: "Cursor Test".to_string(),
                    setting_follow_redirects: true,
                    setting_validate_certificates: true,
                    ..Default::default()
                },
                &UpdateSource::Sync,
            )
            .expect("Failed to upsert workspace");
        db.delete_workspace_by_id(&workspace.id, &UpdateSource::Sync)
            .expect("Failed to delete workspace");
        let all = db.list_model_changes_after(0, 10).expect("Failed to list changes");
        assert_eq!(all.len(), 2);
        let fixed_ts = "2026-02-16 00:00:00.000";
        db.conn
            .resolve()
            .execute("UPDATE model_changes SET created_at = ?1", params![fixed_ts])
            .expect("Failed to normalize timestamps");
        let after_first =
            db.list_model_changes_since(fixed_ts, all[0].id, 10).expect("Failed to query cursor");
        assert_eq!(after_first.len(), 1);
        assert_eq!(after_first[0].id, all[1].id);
    }
    #[test]
    fn prunes_old_model_changes_by_hours() {
        let (query_manager, _blob_manager, _rx) = init_in_memory().expect("Failed to init DB");
        let db = query_manager.connect();
        db.upsert_workspace(
            &Workspace {
                name: "Prune Hour Test".to_string(),
                setting_follow_redirects: true,
                setting_validate_certificates: true,
                ..Default::default()
            },
            &UpdateSource::Sync,
        )
        .expect("Failed to upsert workspace");
        let changes = db.list_model_changes_after(0, 10).expect("Failed to list changes");
        assert_eq!(changes.len(), 1);
        db.conn
            .resolve()
            .execute(
                "UPDATE model_changes SET created_at = STRFTIME('%Y-%m-%d %H:%M:%f', 'NOW', '-2 hours') WHERE id = ?1",
                params![changes[0].id],
            )
            .expect("Failed to age model change row");
        let pruned =
            db.prune_model_changes_older_than_hours(1).expect("Failed to prune model changes");
        assert_eq!(pruned, 1);
    }
    #[test]
    fn list_model_changes_deserializes_http_response_event_payload() {
        let (query_manager, _blob_manager, _rx) = init_in_memory().expect("Failed to init DB");
        let db = query_manager.connect();
        let payload = json!({
            "model": {
                "model": "http_response_event",
                "id": "re_test",
                "createdAt": "2026-02-16T21:01:34.809162",
                "updatedAt": "2026-02-16T21:01:34.809163",
                "workspaceId": "wk_test",
                "responseId": "rs_test",
                "event": {
                    "type": "info",
                    "message": "hello"
                }
            },
            "updateSource": { "type": "sync" },
            "change": { "type": "upsert", "created": false }
        });
        db.conn
            .resolve()
            .execute(
                r#"
                INSERT INTO model_changes (model, model_id, change, update_source, payload)
                VALUES (?1, ?2, ?3, ?4, ?5)
                "#,
                params![
                    "http_response_event",
                    "re_test",
                    r#"{"type":"upsert","created":false}"#,
                    r#"{"type":"sync"}"#,
                    payload.to_string(),
                ],
            )
            .expect("Failed to insert model change row");
        let changes = db.list_model_changes_after(0, 10).expect("Failed to list changes");
        assert_eq!(changes.len(), 1);
        assert_eq!(changes[0].payload.model.model(), "http_response_event");
        assert_eq!(changes[0].payload.model.id(), "re_test");
    }
 }
--- a/crates/yaak-models/src/query_manager.rs
+++ b/crates/yaak-models/src/query_manager.rs
@@ -25,7 +25,7 @@ impl QueryManager {
            .expect("Failed to gain lock on DB")
            .get()
            .expect("Failed to get a new DB connection from the pool");
-        DbContext { events_tx: self.events_tx.clone(), conn: ConnectionOrTx::Connection(conn) }
+        DbContext { _events_tx: self.events_tx.clone(), conn: ConnectionOrTx::Connection(conn) }
    }
    pub fn with_conn<F, T>(&self, func: F) -> T
@@ -39,8 +39,10 @@ impl QueryManager {
            .get()
            .expect("Failed to get new DB connection from the pool");
-        let db_context =
+        let db_context = DbContext {
-            DbContext { events_tx: self.events_tx.clone(), conn: ConnectionOrTx::Connection(conn) };
+            _events_tx: self.events_tx.clone(),
            conn: ConnectionOrTx::Connection(conn),
        };
        func(&db_context)
    }
@@ -62,8 +64,10 @@ impl QueryManager {
            .transaction_with_behavior(TransactionBehavior::Immediate)
            .expect("Failed to start DB transaction");
-        let db_context =
+        let db_context = DbContext {
-            DbContext { events_tx: self.events_tx.clone(), conn: ConnectionOrTx::Transaction(&tx) };
+            _events_tx: self.events_tx.clone(),
            conn: ConnectionOrTx::Transaction(&tx),
        };
        match func(&db_context) {
            Ok(val) => {
--- a/crates/yaak-plugins/bindings/gen_events.ts
+++ b/crates/yaak-plugins/bindings/gen_events.ts
@@ -66,7 +66,9 @@ export type DeleteModelRequest = { model: string, id: string, };
 export type DeleteModelResponse = { model: AnyModel, };
-export type EditorLanguage = "text" | "javascript" | "json" | "html" | "xml" | "graphql" | "markdown";
+export type DialogSize = "sm" | "md" | "lg" | "full" | "dynamic";
 export type EditorLanguage = "text" | "javascript" | "json" | "html" | "xml" | "graphql" | "markdown" | "c" | "clojure" | "csharp" | "go" | "http" | "java" | "kotlin" | "objective_c" | "ocaml" | "php" | "powershell" | "python" | "r" | "ruby" | "shell" | "swift";
 export type EmptyPayload = {};
@@ -172,7 +174,11 @@ hideGutter?: boolean,
 /**
 * Language for syntax highlighting
 */
-language?: EditorLanguage, readOnly?: boolean, completionOptions?: Array<GenericCompletionOption>, 
+language?: EditorLanguage, readOnly?: boolean, 
 /**
 * Fixed number of visible rows
 */
 rows?: number, completionOptions?: Array<GenericCompletionOption>, 
 /**
 * The name of the input. The value will be stored at this object attribute in the resulting data
 */
@@ -476,9 +482,9 @@ label: string, title?: string, size?: WindowSize, dataDirKey?: string, };
 export type PluginContext = { id: string, label: string | null, workspaceId: string | null, };
-export type PromptFormRequest = { id: string, title: string, description?: string, inputs: Array<FormInput>, confirmText?: string, cancelText?: string, };
+export type PromptFormRequest = { id: string, title: string, description?: string, inputs: Array<FormInput>, confirmText?: string, cancelText?: string, size?: DialogSize, };
-export type PromptFormResponse = { values: { [key in string]?: JsonPrimitive } | null, };
+export type PromptFormResponse = { values: { [key in string]?: JsonPrimitive } | null, done?: boolean, };
 export type PromptTextRequest = { id: string, title: string, label: string, description?: string, defaultValue?: string, placeholder?: string, 
 /**
--- a/crates/yaak-plugins/bindings/gen_models.ts
+++ b/crates/yaak-plugins/bindings/gen_models.ts
@@ -49,7 +49,7 @@ export type HttpResponseEvent = { model: "http_response_event", id: string, crea
 * This mirrors `yaak_http::sender::HttpResponseEvent` but with serde support.
 * The `From` impl is in yaak-http to avoid circular dependencies.
 */
-export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, path: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, } | { "type": "dns_resolved", hostname: string, addresses: Array<string>, duration: bigint, overridden: boolean, };
+export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, scheme: string, username: string, password: string, host: string, port: number, path: string, query: string, fragment: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, } | { "type": "dns_resolved", hostname: string, addresses: Array<string>, duration: bigint, overridden: boolean, };
 export type HttpResponseHeader = { name: string, value: string, };
--- a/crates/yaak-plugins/src/events.rs
+++ b/crates/yaak-plugins/src/events.rs
@@ -587,6 +587,19 @@ pub struct PromptFormRequest {
    pub confirm_text: Option<String>,
    #[ts(optional)]
    pub cancel_text: Option<String>,
    #[ts(optional)]
    pub size: Option<DialogSize>,
 }
 #[derive(Debug, Clone, Serialize, Deserialize, TS)]
 #[serde(rename_all = "snake_case")]
 #[ts(export, export_to = "gen_events.ts")]
 pub enum DialogSize {
    Sm,
    Md,
    Lg,
    Full,
    Dynamic,
 }
 #[derive(Debug, Clone, Default, Serialize, Deserialize, TS)]
@@ -594,6 +607,8 @@ pub struct PromptFormRequest {
 #[ts(export, export_to = "gen_events.ts")]
 pub struct PromptFormResponse {
    pub values: Option<HashMap<String, JsonPrimitive>>,
    #[ts(optional)]
    pub done: Option<bool>,
 }
 #[derive(Debug, Clone, Default, Serialize, Deserialize, TS)]
@@ -936,6 +951,22 @@ pub enum EditorLanguage {
    Xml,
    Graphql,
    Markdown,
    C,
    Clojure,
    Csharp,
    Go,
    Http,
    Java,
    Kotlin,
    ObjectiveC,
    Ocaml,
    Php,
    Powershell,
    Python,
    R,
    Ruby,
    Shell,
    Swift,
 }
 impl Default for EditorLanguage {
@@ -966,6 +997,10 @@ pub struct FormInputEditor {
    #[ts(optional)]
    pub read_only: Option<bool>,
    /// Fixed number of visible rows
    #[ts(optional)]
    pub rows: Option<i32>,
    #[ts(optional)]
    pub completion_options: Option<Vec<GenericCompletionOption>>,
 }
--- a/crates/yaak-plugins/src/manager.rs
+++ b/crates/yaak-plugins/src/manager.rs
@@ -31,7 +31,7 @@ use std::time::Duration;
 use tokio::fs::read_dir;
 use tokio::net::TcpListener;
 use tokio::sync::mpsc::error::TrySendError;
-use tokio::sync::{Mutex, mpsc};
+use tokio::sync::{Mutex, mpsc, oneshot};
 use tokio::time::{Instant, timeout};
 use yaak_models::models::Plugin;
 use yaak_models::util::generate_id;
@@ -43,6 +43,7 @@ pub struct PluginManager {
    subscribers: Arc<Mutex<HashMap<String, mpsc::Sender<InternalEvent>>>>,
    plugin_handles: Arc<Mutex<Vec<PluginHandle>>>,
    kill_tx: tokio::sync::watch::Sender<bool>,
    killed_rx: Arc<Mutex<Option<oneshot::Receiver<()>>>>,
    ws_service: Arc<PluginRuntimeServerWebsocket>,
    vendored_plugin_dir: PathBuf,
    pub(crate) installed_plugin_dir: PathBuf,
@@ -70,6 +71,7 @@ impl PluginManager {
    ) -> PluginManager {
        let (events_tx, mut events_rx) = mpsc::channel(2048);
        let (kill_server_tx, kill_server_rx) = tokio::sync::watch::channel(false);
        let (killed_tx, killed_rx) = oneshot::channel();
        let (client_disconnect_tx, mut client_disconnect_rx) = mpsc::channel(128);
        let (client_connect_tx, mut client_connect_rx) = tokio::sync::watch::channel(false);
@@ -81,6 +83,7 @@ impl PluginManager {
            subscribers: Default::default(),
            ws_service: Arc::new(ws_service.clone()),
            kill_tx: kill_server_tx,
            killed_rx: Arc::new(Mutex::new(Some(killed_rx))),
            vendored_plugin_dir,
            installed_plugin_dir,
            dev_mode,
@@ -141,9 +144,15 @@ impl PluginManager {
        });
        // 2. Start Node.js runtime
-        start_nodejs_plugin_runtime(&node_bin_path, &plugin_runtime_main, addr, &kill_server_rx)
+        start_nodejs_plugin_runtime(
-            .await
+            &node_bin_path,
-            .unwrap();
+            &plugin_runtime_main,
            addr,
            &kill_server_rx,
            killed_tx,
        )
        .await
        .unwrap();
        info!("Waiting for plugins to initialize");
        init_plugins_task.await.unwrap();
@@ -296,8 +305,15 @@ impl PluginManager {
    pub async fn terminate(&self) {
        self.kill_tx.send_replace(true);
-        // Give it a bit of time to kill
+        // Wait for the plugin runtime process to actually exit
-        tokio::time::sleep(Duration::from_millis(500)).await;
+        let killed_rx = self.killed_rx.lock().await.take();
        if let Some(rx) = killed_rx {
            if timeout(Duration::from_secs(5), rx).await.is_err() {
                warn!("Timed out waiting for plugin runtime to exit");
            } else {
                info!("Plugin runtime exited")
            }
        }
    }
    pub async fn reply(
--- a/crates/yaak-plugins/src/nodejs.rs
+++ b/crates/yaak-plugins/src/nodejs.rs
@@ -4,6 +4,7 @@ use std::net::SocketAddr;
 use std::path::Path;
 use std::process::Stdio;
 use tokio::io::{AsyncBufReadExt, BufReader};
 use tokio::sync::oneshot;
 use tokio::sync::watch::Receiver;
 use yaak_common::command::new_xplatform_command;
@@ -19,6 +20,7 @@ pub async fn start_nodejs_plugin_runtime(
    plugin_runtime_main: &Path,
    addr: SocketAddr,
    kill_rx: &Receiver<bool>,
    killed_tx: oneshot::Sender<()>,
 ) -> Result<()> {
    // HACK: Remove UNC prefix for Windows paths to pass to sidecar
    let plugin_runtime_main_str =
@@ -66,12 +68,15 @@ pub async fn start_nodejs_plugin_runtime(
    // Handle kill signal
    let mut kill_rx = kill_rx.clone();
    tokio::spawn(async move {
-        kill_rx.wait_for(|b| *b == true).await.expect("Kill channel errored");
+        if kill_rx.wait_for(|b| *b == true).await.is_err() {
            warn!("Kill channel closed before explicit shutdown; terminating plugin runtime");
        }
        info!("Killing plugin runtime");
        if let Err(e) = child.kill().await {
            warn!("Failed to kill plugin runtime: {e}");
        }
        info!("Killed plugin runtime");
        let _ = killed_tx.send(());
    });
    Ok(())
--- a/crates/yaak-templates/build-wasm.cjs
+++ b/crates/yaak-templates/build-wasm.cjs
@@ -0,0 +1,8 @@
 const { execSync } = require('node:child_process');
 if (process.env.SKIP_WASM_BUILD === '1') {
  console.log('Skipping wasm-pack build (SKIP_WASM_BUILD=1)');
  return;
 }
 execSync('wasm-pack build --target bundler', { stdio: 'inherit' });
--- a/crates/yaak-templates/package.json
+++ b/crates/yaak-templates/package.json
@@ -6,7 +6,7 @@
  "scripts": {
    "bootstrap": "npm run build",
    "build": "run-s build:*",
-    "build:pack": "wasm-pack build --target bundler",
+    "build:pack": "node build-wasm.cjs",
    "build:clean": "rimraf ./pkg/.gitignore"
  },
  "devDependencies": {
--- a/crates/yaak-templates/src/renderer.rs
+++ b/crates/yaak-templates/src/renderer.rs
@@ -81,6 +81,10 @@ impl RenderOptions {
    pub fn throw() -> Self {
        Self { error_behavior: RenderErrorBehavior::Throw }
    }
    pub fn return_empty() -> Self {
        Self { error_behavior: RenderErrorBehavior::ReturnEmpty }
    }
 }
 impl RenderErrorBehavior {
--- a/crates/yaak-ws/index.ts
+++ b/crates/yaak-ws/index.ts
@@ -1,31 +1,5 @@
 import { invoke } from '@tauri-apps/api/core';
-import { WebsocketConnection, WebsocketEvent, WebsocketRequest } from '@yaakapp-internal/models';
+import { WebsocketConnection } from '@yaakapp-internal/models';
 export function upsertWebsocketRequest(
  request: WebsocketRequest | Partial<Omit<WebsocketRequest, 'id'>>,
 ) {
  return invoke('cmd_ws_upsert_request', {
    request,
  }) as Promise<WebsocketRequest>;
 }
 export function duplicateWebsocketRequest(requestId: string) {
  return invoke('cmd_ws_duplicate_request', {
    requestId,
  }) as Promise<WebsocketRequest>;
 }
 export function deleteWebsocketRequest(requestId: string) {
  return invoke('cmd_ws_delete_request', {
    requestId,
  });
 }
 export function deleteWebsocketConnection(connectionId: string) {
  return invoke('cmd_ws_delete_connection', {
    connectionId,
  });
 }
 export function deleteWebsocketConnections(requestId: string) {
  return invoke('cmd_ws_delete_connections', {
@@ -33,20 +7,6 @@ export function deleteWebsocketConnections(requestId: string) {
  });
 }
 export function listWebsocketRequests({ workspaceId }: { workspaceId: string }) {
  return invoke('cmd_ws_list_requests', { workspaceId }) as Promise<WebsocketRequest[]>;
 }
 export function listWebsocketEvents({ connectionId }: { connectionId: string }) {
  return invoke('cmd_ws_list_events', { connectionId }) as Promise<WebsocketEvent[]>;
 }
 export function listWebsocketConnections({ workspaceId }: { workspaceId: string }) {
  return invoke('cmd_ws_list_connections', { workspaceId }) as Promise<
    WebsocketConnection[]
  >;
 }
 export function connectWebsocket({
  requestId,
  environmentId,
--- a/crates/yaak-ws/src/render.rs
+++ b/crates/yaak-ws/src/render.rs
@@ -16,6 +16,9 @@ pub async fn render_websocket_request<T: TemplateCallback>(
    let mut url_parameters = Vec::new();
    for p in r.url_parameters.clone() {
        if !p.enabled {
            continue;
        }
        url_parameters.push(HttpUrlParameter {
            enabled: p.enabled,
            name: parse_and_render(&p.name, vars, cb, opt).await?,
@@ -26,6 +29,9 @@ pub async fn render_websocket_request<T: TemplateCallback>(
    let mut headers = Vec::new();
    for p in r.headers.clone() {
        if !p.enabled {
            continue;
        }
        headers.push(HttpRequestHeader {
            enabled: p.enabled,
            name: parse_and_render(&p.name, vars, cb, opt).await?,
--- a/crates/yaak/Cargo.toml
+++ b/crates/yaak/Cargo.toml
@@ -0,0 +1,19 @@
 [package]
 name = "yaak"
 version = "0.1.0"
 edition = "2024"
 publish = false
 [dependencies]
 async-trait = "0.1"
 log = { workspace = true }
 md5 = "0.8.0"
 serde_json = { workspace = true }
 thiserror = { workspace = true }
 tokio = { workspace = true, features = ["sync", "rt"] }
 yaak-http = { workspace = true }
 yaak-crypto = { workspace = true }
 yaak-models = { workspace = true }
 yaak-plugins = { workspace = true }
 yaak-templates = { workspace = true }
 yaak-tls = { workspace = true }
--- a/crates/yaak/src/error.rs
+++ b/crates/yaak/src/error.rs
@@ -0,0 +1,9 @@
 use thiserror::Error;
 #[derive(Debug, Error)]
 pub enum Error {
    #[error(transparent)]
    Send(#[from] crate::send::SendHttpRequestError),
 }
 pub type Result<T> = std::result::Result<T, Error>;
--- a/crates/yaak/src/lib.rs
+++ b/crates/yaak/src/lib.rs
@@ -0,0 +1,6 @@
 pub mod error;
 pub mod render;
 pub mod send;
 pub use error::Error;
 pub type Result<T> = error::Result<T>;
--- a/crates/yaak/src/render.rs
+++ b/crates/yaak/src/render.rs
@@ -0,0 +1,157 @@
 use log::info;
 use serde_json::Value;
 use std::collections::BTreeMap;
 use yaak_http::path_placeholders::apply_path_placeholders;
 use yaak_models::models::{Environment, HttpRequest, HttpRequestHeader, HttpUrlParameter};
 use yaak_models::render::make_vars_hashmap;
 use yaak_templates::{RenderOptions, TemplateCallback, parse_and_render, render_json_value_raw};
 pub async fn render_http_request<T: TemplateCallback>(
    request: &HttpRequest,
    environment_chain: Vec<Environment>,
    callback: &T,
    options: &RenderOptions,
 ) -> yaak_templates::error::Result<HttpRequest> {
    let vars = &make_vars_hashmap(environment_chain);
    let mut url_parameters = Vec::new();
    for parameter in request.url_parameters.clone() {
        if !parameter.enabled {
            continue;
        }
        url_parameters.push(HttpUrlParameter {
            enabled: parameter.enabled,
            name: parse_and_render(parameter.name.as_str(), vars, callback, options).await?,
            value: parse_and_render(parameter.value.as_str(), vars, callback, options).await?,
            id: parameter.id,
        })
    }
    let mut headers = Vec::new();
    for header in request.headers.clone() {
        if !header.enabled {
            continue;
        }
        headers.push(HttpRequestHeader {
            enabled: header.enabled,
            name: parse_and_render(header.name.as_str(), vars, callback, options).await?,
            value: parse_and_render(header.value.as_str(), vars, callback, options).await?,
            id: header.id,
        })
    }
    let mut body = BTreeMap::new();
    for (key, value) in request.body.clone() {
        let value = if key == "form" { strip_disabled_form_entries(value) } else { value };
        body.insert(key, render_json_value_raw(value, vars, callback, options).await?);
    }
    let authentication = {
        let mut disabled = false;
        let mut auth = BTreeMap::new();
        match request.authentication.get("disabled") {
            Some(Value::Bool(true)) => {
                disabled = true;
            }
            Some(Value::String(template)) => {
                disabled = parse_and_render(template.as_str(), vars, callback, options)
                    .await
                    .unwrap_or_default()
                    .is_empty();
                info!(
                    "Rendering authentication.disabled as a template: {disabled} from \"{template}\""
                );
            }
            _ => {}
        }
        if disabled {
            auth.insert("disabled".to_string(), Value::Bool(true));
        } else {
            for (key, value) in request.authentication.clone() {
                if key == "disabled" {
                    auth.insert(key, Value::Bool(false));
                } else {
                    auth.insert(key, render_json_value_raw(value, vars, callback, options).await?);
                }
            }
        }
        auth
    };
    let url = parse_and_render(request.url.clone().as_str(), vars, callback, options).await?;
    let (url, url_parameters) = apply_path_placeholders(&url, &url_parameters);
    Ok(HttpRequest { url, url_parameters, headers, body, authentication, ..request.to_owned() })
 }
 fn strip_disabled_form_entries(v: Value) -> Value {
    match v {
        Value::Array(items) => Value::Array(
            items
                .into_iter()
                .filter(|item| item.get("enabled").and_then(|e| e.as_bool()).unwrap_or(true))
                .collect(),
        ),
        v => v,
    }
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    use serde_json::json;
    #[test]
    fn test_strip_disabled_form_entries() {
        let input = json!([
            {"enabled": true, "name": "foo", "value": "bar"},
            {"enabled": false, "name": "disabled", "value": "gone"},
            {"enabled": true, "name": "baz", "value": "qux"},
        ]);
        let result = strip_disabled_form_entries(input);
        assert_eq!(
            result,
            json!([
                {"enabled": true, "name": "foo", "value": "bar"},
                {"enabled": true, "name": "baz", "value": "qux"},
            ])
        );
    }
    #[test]
    fn test_strip_disabled_form_entries_all_disabled() {
        let input = json!([
            {"enabled": false, "name": "a", "value": "b"},
            {"enabled": false, "name": "c", "value": "d"},
        ]);
        let result = strip_disabled_form_entries(input);
        assert_eq!(result, json!([]));
    }
    #[test]
    fn test_strip_disabled_form_entries_missing_enabled_defaults_to_kept() {
        let input = json!([
            {"name": "no_enabled_field", "value": "kept"},
            {"enabled": false, "name": "disabled", "value": "gone"},
        ]);
        let result = strip_disabled_form_entries(input);
        assert_eq!(
            result,
            json!([
                {"name": "no_enabled_field", "value": "kept"},
            ])
        );
    }
    #[test]
    fn test_strip_disabled_form_entries_non_array_passthrough() {
        let input = json!("just a string");
        let result = strip_disabled_form_entries(input.clone());
        assert_eq!(result, input);
    }
 }
--- a/crates/yaak/src/send.rs
+++ b/crates/yaak/src/send.rs
@@ -0,0 +1,813 @@
 use crate::render::render_http_request;
 use async_trait::async_trait;
 use log::warn;
 use std::path::{Path, PathBuf};
 use std::sync::Arc;
 use std::time::Instant;
 use thiserror::Error;
 use tokio::sync::mpsc;
 use tokio::sync::watch;
 use yaak_crypto::manager::EncryptionManager;
 use yaak_http::client::{
    HttpConnectionOptions, HttpConnectionProxySetting, HttpConnectionProxySettingAuth,
 };
 use yaak_http::cookies::CookieStore;
 use yaak_http::manager::HttpConnectionManager;
 use yaak_http::sender::{HttpResponseEvent as SenderHttpResponseEvent, ReqwestSender};
 use yaak_http::transaction::HttpTransaction;
 use yaak_http::types::{
    SendableBody, SendableHttpRequest, SendableHttpRequestOptions, append_query_params,
 };
 use yaak_models::blob_manager::BlobManager;
 use yaak_models::models::{
    ClientCertificate, CookieJar, DnsOverride, Environment, HttpRequest, HttpResponse,
    HttpResponseEvent, HttpResponseHeader, HttpResponseState, ProxySetting, ProxySettingAuth,
 };
 use yaak_models::query_manager::QueryManager;
 use yaak_models::util::UpdateSource;
 use yaak_plugins::events::{
    CallHttpAuthenticationRequest, HttpHeader, PluginContext, RenderPurpose,
 };
 use yaak_plugins::manager::PluginManager;
 use yaak_plugins::template_callback::PluginTemplateCallback;
 use yaak_templates::{RenderOptions, TemplateCallback};
 use yaak_tls::find_client_certificate;
 const HTTP_EVENT_CHANNEL_CAPACITY: usize = 100;
 #[derive(Debug, Error)]
 pub enum SendHttpRequestError {
    #[error("Failed to load request: {0}")]
    LoadRequest(#[source] yaak_models::error::Error),
    #[error("Failed to load workspace: {0}")]
    LoadWorkspace(#[source] yaak_models::error::Error),
    #[error("Failed to resolve environments: {0}")]
    ResolveEnvironments(#[source] yaak_models::error::Error),
    #[error("Failed to resolve inherited request settings: {0}")]
    ResolveRequestInheritance(#[source] yaak_models::error::Error),
    #[error("Failed to load cookie jar: {0}")]
    LoadCookieJar(#[source] yaak_models::error::Error),
    #[error("Failed to persist cookie jar: {0}")]
    PersistCookieJar(#[source] yaak_models::error::Error),
    #[error("Failed to render request templates: {0}")]
    RenderRequest(#[source] yaak_templates::error::Error),
    #[error("Failed to prepare request before send: {0}")]
    PrepareSendableRequest(String),
    #[error("Failed to persist response metadata: {0}")]
    PersistResponse(#[source] yaak_models::error::Error),
    #[error("Failed to create HTTP client: {0}")]
    CreateHttpClient(#[source] yaak_http::error::Error),
    #[error("Failed to build sendable request: {0}")]
    BuildSendableRequest(#[source] yaak_http::error::Error),
    #[error("Failed to send request: {0}")]
    SendRequest(#[source] yaak_http::error::Error),
    #[error("Failed to read response body: {0}")]
    ReadResponseBody(#[source] yaak_http::error::Error),
    #[error("Failed to create response directory {path:?}: {source}")]
    CreateResponseDirectory {
        path: PathBuf,
        #[source]
        source: std::io::Error,
    },
    #[error("Failed to write response body to {path:?}: {source}")]
    WriteResponseBody {
        path: PathBuf,
        #[source]
        source: std::io::Error,
    },
 }
 pub type Result<T> = std::result::Result<T, SendHttpRequestError>;
 #[async_trait]
 pub trait PrepareSendableRequest: Send + Sync {
    async fn prepare_sendable_request(
        &self,
        rendered_request: &HttpRequest,
        auth_context_id: &str,
        sendable_request: &mut SendableHttpRequest,
    ) -> std::result::Result<(), String>;
 }
 #[async_trait]
 pub trait SendRequestExecutor: Send + Sync {
    async fn send(
        &self,
        sendable_request: SendableHttpRequest,
        event_tx: mpsc::Sender<SenderHttpResponseEvent>,
        cookie_store: Option<CookieStore>,
    ) -> yaak_http::error::Result<yaak_http::sender::HttpResponse>;
 }
 struct DefaultSendRequestExecutor;
 #[async_trait]
 impl SendRequestExecutor for DefaultSendRequestExecutor {
    async fn send(
        &self,
        sendable_request: SendableHttpRequest,
        event_tx: mpsc::Sender<SenderHttpResponseEvent>,
        cookie_store: Option<CookieStore>,
    ) -> yaak_http::error::Result<yaak_http::sender::HttpResponse> {
        let sender = ReqwestSender::new()?;
        let transaction = match cookie_store {
            Some(store) => HttpTransaction::with_cookie_store(sender, store),
            None => HttpTransaction::new(sender),
        };
        let (_cancel_tx, cancel_rx) = watch::channel(false);
        transaction.execute_with_cancellation(sendable_request, cancel_rx, event_tx).await
    }
 }
 struct PluginPrepareSendableRequest {
    plugin_manager: Arc<PluginManager>,
    plugin_context: PluginContext,
    cancelled_rx: Option<watch::Receiver<bool>>,
 }
 #[async_trait]
 impl PrepareSendableRequest for PluginPrepareSendableRequest {
    async fn prepare_sendable_request(
        &self,
        rendered_request: &HttpRequest,
        auth_context_id: &str,
        sendable_request: &mut SendableHttpRequest,
    ) -> std::result::Result<(), String> {
        if let Some(cancelled_rx) = &self.cancelled_rx {
            let mut cancelled_rx = cancelled_rx.clone();
            tokio::select! {
                result = apply_plugin_authentication(
                    sendable_request,
                    rendered_request,
                    auth_context_id,
                    &self.plugin_manager,
                    &self.plugin_context,
                ) => result,
                _ = cancelled_rx.changed() => Err("Request canceled".to_string()),
            }
        } else {
            apply_plugin_authentication(
                sendable_request,
                rendered_request,
                auth_context_id,
                &self.plugin_manager,
                &self.plugin_context,
            )
            .await
        }
    }
 }
 struct ConnectionManagerSendRequestExecutor<'a> {
    connection_manager: &'a HttpConnectionManager,
    plugin_context_id: String,
    query_manager: QueryManager,
    workspace_id: String,
    cancelled_rx: Option<watch::Receiver<bool>>,
 }
 #[async_trait]
 impl SendRequestExecutor for ConnectionManagerSendRequestExecutor<'_> {
    async fn send(
        &self,
        sendable_request: SendableHttpRequest,
        event_tx: mpsc::Sender<SenderHttpResponseEvent>,
        cookie_store: Option<CookieStore>,
    ) -> yaak_http::error::Result<yaak_http::sender::HttpResponse> {
        let runtime_config =
            resolve_http_send_runtime_config(&self.query_manager, &self.workspace_id)
                .map_err(|e| yaak_http::error::Error::RequestError(e.to_string()))?;
        let client_certificate =
            find_client_certificate(&sendable_request.url, &runtime_config.client_certificates);
        let cached_client = self
            .connection_manager
            .get_client(&HttpConnectionOptions {
                id: self.plugin_context_id.clone(),
                validate_certificates: runtime_config.validate_certificates,
                proxy: runtime_config.proxy,
                client_certificate,
                dns_overrides: runtime_config.dns_overrides,
            })
            .await?;
        cached_client.resolver.set_event_sender(Some(event_tx.clone())).await;
        let sender = ReqwestSender::with_client(cached_client.client);
        let transaction = match cookie_store {
            Some(cs) => HttpTransaction::with_cookie_store(sender, cs),
            None => HttpTransaction::new(sender),
        };
        let result = if let Some(cancelled_rx) = self.cancelled_rx.clone() {
            transaction.execute_with_cancellation(sendable_request, cancelled_rx, event_tx).await
        } else {
            let (_cancel_tx, cancel_rx) = watch::channel(false);
            transaction.execute_with_cancellation(sendable_request, cancel_rx, event_tx).await
        };
        cached_client.resolver.set_event_sender(None).await;
        result
    }
 }
 pub struct SendHttpRequestByIdParams<'a, T: TemplateCallback> {
    pub query_manager: &'a QueryManager,
    pub blob_manager: &'a BlobManager,
    pub request_id: &'a str,
    pub environment_id: Option<&'a str>,
    pub template_callback: &'a T,
    pub update_source: UpdateSource,
    pub cookie_jar_id: Option<String>,
    pub response_dir: &'a Path,
    pub emit_events_to: Option<mpsc::Sender<SenderHttpResponseEvent>>,
    pub prepare_sendable_request: Option<&'a dyn PrepareSendableRequest>,
    pub executor: Option<&'a dyn SendRequestExecutor>,
 }
 pub struct SendHttpRequestParams<'a, T: TemplateCallback> {
    pub query_manager: &'a QueryManager,
    pub blob_manager: &'a BlobManager,
    pub request: HttpRequest,
    pub environment_id: Option<&'a str>,
    pub template_callback: &'a T,
    pub send_options: Option<SendableHttpRequestOptions>,
    pub update_source: UpdateSource,
    pub cookie_jar_id: Option<String>,
    pub response_dir: &'a Path,
    pub emit_events_to: Option<mpsc::Sender<SenderHttpResponseEvent>>,
    pub auth_context_id: Option<String>,
    pub existing_response: Option<HttpResponse>,
    pub prepare_sendable_request: Option<&'a dyn PrepareSendableRequest>,
    pub executor: Option<&'a dyn SendRequestExecutor>,
 }
 pub struct SendHttpRequestWithPluginsParams<'a> {
    pub query_manager: &'a QueryManager,
    pub blob_manager: &'a BlobManager,
    pub request: HttpRequest,
    pub environment_id: Option<&'a str>,
    pub update_source: UpdateSource,
    pub cookie_jar_id: Option<String>,
    pub response_dir: &'a Path,
    pub emit_events_to: Option<mpsc::Sender<SenderHttpResponseEvent>>,
    pub existing_response: Option<HttpResponse>,
    pub plugin_manager: Arc<PluginManager>,
    pub encryption_manager: Arc<EncryptionManager>,
    pub plugin_context: &'a PluginContext,
    pub cancelled_rx: Option<watch::Receiver<bool>>,
    pub connection_manager: Option<&'a HttpConnectionManager>,
 }
 pub struct SendHttpRequestByIdWithPluginsParams<'a> {
    pub query_manager: &'a QueryManager,
    pub blob_manager: &'a BlobManager,
    pub request_id: &'a str,
    pub environment_id: Option<&'a str>,
    pub update_source: UpdateSource,
    pub cookie_jar_id: Option<String>,
    pub response_dir: &'a Path,
    pub emit_events_to: Option<mpsc::Sender<SenderHttpResponseEvent>>,
    pub plugin_manager: Arc<PluginManager>,
    pub encryption_manager: Arc<EncryptionManager>,
    pub plugin_context: &'a PluginContext,
    pub cancelled_rx: Option<watch::Receiver<bool>>,
    pub connection_manager: Option<&'a HttpConnectionManager>,
 }
 pub struct SendHttpRequestResult {
    pub rendered_request: HttpRequest,
    pub response: HttpResponse,
    pub response_body: Vec<u8>,
 }
 pub struct HttpSendRuntimeConfig {
    pub send_options: SendableHttpRequestOptions,
    pub validate_certificates: bool,
    pub proxy: HttpConnectionProxySetting,
    pub dns_overrides: Vec<DnsOverride>,
    pub client_certificates: Vec<ClientCertificate>,
 }
 pub fn resolve_http_send_runtime_config(
    query_manager: &QueryManager,
    workspace_id: &str,
 ) -> Result<HttpSendRuntimeConfig> {
    let db = query_manager.connect();
    let workspace = db.get_workspace(workspace_id).map_err(SendHttpRequestError::LoadWorkspace)?;
    let settings = db.get_settings();
    Ok(HttpSendRuntimeConfig {
        send_options: SendableHttpRequestOptions {
            follow_redirects: workspace.setting_follow_redirects,
            timeout: if workspace.setting_request_timeout > 0 {
                Some(std::time::Duration::from_millis(
                    workspace.setting_request_timeout.unsigned_abs() as u64,
                ))
            } else {
                None
            },
        },
        validate_certificates: workspace.setting_validate_certificates,
        proxy: proxy_setting_from_settings(settings.proxy),
        dns_overrides: workspace.setting_dns_overrides,
        client_certificates: settings.client_certificates,
    })
 }
 pub async fn send_http_request_by_id_with_plugins(
    params: SendHttpRequestByIdWithPluginsParams<'_>,
 ) -> Result<SendHttpRequestResult> {
    let request = params
        .query_manager
        .connect()
        .get_http_request(params.request_id)
        .map_err(SendHttpRequestError::LoadRequest)?;
    send_http_request_with_plugins(SendHttpRequestWithPluginsParams {
        query_manager: params.query_manager,
        blob_manager: params.blob_manager,
        request,
        environment_id: params.environment_id,
        update_source: params.update_source,
        cookie_jar_id: params.cookie_jar_id,
        response_dir: params.response_dir,
        emit_events_to: params.emit_events_to,
        existing_response: None,
        plugin_manager: params.plugin_manager,
        encryption_manager: params.encryption_manager,
        plugin_context: params.plugin_context,
        cancelled_rx: params.cancelled_rx,
        connection_manager: params.connection_manager,
    })
    .await
 }
 pub async fn send_http_request_with_plugins(
    params: SendHttpRequestWithPluginsParams<'_>,
 ) -> Result<SendHttpRequestResult> {
    let template_callback = PluginTemplateCallback::new(
        params.plugin_manager.clone(),
        params.encryption_manager.clone(),
        params.plugin_context,
        RenderPurpose::Send,
    );
    let auth_hook = PluginPrepareSendableRequest {
        plugin_manager: params.plugin_manager,
        plugin_context: params.plugin_context.clone(),
        cancelled_rx: params.cancelled_rx.clone(),
    };
    let executor =
        params.connection_manager.map(|connection_manager| ConnectionManagerSendRequestExecutor {
            connection_manager,
            plugin_context_id: params.plugin_context.id.clone(),
            query_manager: params.query_manager.clone(),
            workspace_id: params.request.workspace_id.clone(),
            cancelled_rx: params.cancelled_rx.clone(),
        });
    send_http_request(SendHttpRequestParams {
        query_manager: params.query_manager,
        blob_manager: params.blob_manager,
        request: params.request,
        environment_id: params.environment_id,
        template_callback: &template_callback,
        send_options: None,
        update_source: params.update_source,
        cookie_jar_id: params.cookie_jar_id,
        response_dir: params.response_dir,
        emit_events_to: params.emit_events_to,
        auth_context_id: None,
        existing_response: params.existing_response,
        prepare_sendable_request: Some(&auth_hook),
        executor: executor.as_ref().map(|e| e as &dyn SendRequestExecutor),
    })
    .await
 }
 pub async fn send_http_request_by_id<T: TemplateCallback>(
    params: SendHttpRequestByIdParams<'_, T>,
 ) -> Result<SendHttpRequestResult> {
    let request = params
        .query_manager
        .connect()
        .get_http_request(params.request_id)
        .map_err(SendHttpRequestError::LoadRequest)?;
    let (request, auth_context_id) = resolve_inherited_request(params.query_manager, &request)?;
    send_http_request(SendHttpRequestParams {
        query_manager: params.query_manager,
        blob_manager: params.blob_manager,
        request,
        environment_id: params.environment_id,
        template_callback: params.template_callback,
        send_options: None,
        update_source: params.update_source,
        cookie_jar_id: params.cookie_jar_id,
        response_dir: params.response_dir,
        emit_events_to: params.emit_events_to,
        existing_response: None,
        prepare_sendable_request: params.prepare_sendable_request,
        executor: params.executor,
        auth_context_id: Some(auth_context_id),
    })
    .await
 }
 pub async fn send_http_request<T: TemplateCallback>(
    params: SendHttpRequestParams<'_, T>,
 ) -> Result<SendHttpRequestResult> {
    let environment_chain =
        resolve_environment_chain(params.query_manager, &params.request, params.environment_id)?;
    let (resolved_request, auth_context_id) =
        if let Some(auth_context_id) = params.auth_context_id.clone() {
            (params.request.clone(), auth_context_id)
        } else {
            resolve_inherited_request(params.query_manager, &params.request)?
        };
    let runtime_config =
        resolve_http_send_runtime_config(params.query_manager, &params.request.workspace_id)?;
    let send_options = params.send_options.unwrap_or(runtime_config.send_options);
    let mut cookie_jar = load_cookie_jar(params.query_manager, params.cookie_jar_id.as_deref())?;
    let cookie_store =
        cookie_jar.as_ref().map(|jar| CookieStore::from_cookies(jar.cookies.clone()));
    let rendered_request = render_http_request(
        &resolved_request,
        environment_chain,
        params.template_callback,
        &RenderOptions::throw(),
    )
    .await
    .map_err(SendHttpRequestError::RenderRequest)?;
    let mut sendable_request =
        SendableHttpRequest::from_http_request(&rendered_request, send_options)
            .await
            .map_err(SendHttpRequestError::BuildSendableRequest)?;
    if let Some(hook) = params.prepare_sendable_request {
        hook.prepare_sendable_request(&rendered_request, &auth_context_id, &mut sendable_request)
            .await
            .map_err(SendHttpRequestError::PrepareSendableRequest)?;
    }
    let request_content_length = sendable_body_length(sendable_request.body.as_ref());
    let mut response = params.existing_response.unwrap_or_default();
    response.request_id = params.request.id.clone();
    response.workspace_id = params.request.workspace_id.clone();
    response.request_content_length = request_content_length;
    response.request_headers = sendable_request
        .headers
        .iter()
        .map(|(name, value)| HttpResponseHeader { name: name.clone(), value: value.clone() })
        .collect();
    response.url = sendable_request.url.clone();
    response.state = HttpResponseState::Initialized;
    response.error = None;
    response.content_length = None;
    response.content_length_compressed = None;
    response.body_path = None;
    response.status = 0;
    response.status_reason = None;
    response.headers = Vec::new();
    response.remote_addr = None;
    response.version = None;
    response.elapsed = 0;
    response.elapsed_headers = 0;
    response.elapsed_dns = 0;
    response = params
        .query_manager
        .connect()
        .upsert_http_response(&response, &params.update_source, params.blob_manager)
        .map_err(SendHttpRequestError::PersistResponse)?;
    let (event_tx, mut event_rx) =
        mpsc::channel::<SenderHttpResponseEvent>(HTTP_EVENT_CHANNEL_CAPACITY);
    let event_query_manager = params.query_manager.clone();
    let event_response_id = response.id.clone();
    let event_workspace_id = params.request.workspace_id.clone();
    let event_update_source = params.update_source.clone();
    let emit_events_to = params.emit_events_to.clone();
    let event_handle = tokio::spawn(async move {
        while let Some(event) = event_rx.recv().await {
            let db_event = HttpResponseEvent::new(
                &event_response_id,
                &event_workspace_id,
                event.clone().into(),
            );
            if let Err(err) = event_query_manager
                .connect()
                .upsert_http_response_event(&db_event, &event_update_source)
            {
                warn!("Failed to persist HTTP response event: {}", err);
            }
            if let Some(tx) = emit_events_to.as_ref() {
                let _ = tx.try_send(event);
            }
        }
    });
    let default_executor = DefaultSendRequestExecutor;
    let executor = params.executor.unwrap_or(&default_executor);
    let started_at = Instant::now();
    let request_started_url = sendable_request.url.clone();
    let http_response = match executor.send(sendable_request, event_tx, cookie_store.clone()).await
    {
        Ok(response) => response,
        Err(err) => {
            persist_cookie_jar(params.query_manager, cookie_jar.as_mut(), cookie_store.as_ref())?;
            let _ = persist_response_error(
                params.query_manager,
                params.blob_manager,
                &params.update_source,
                &response,
                started_at,
                err.to_string(),
                request_started_url,
            );
            if let Err(join_err) = event_handle.await {
                warn!("Failed to join response event task: {}", join_err);
            }
            return Err(SendHttpRequestError::SendRequest(err));
        }
    };
    let headers_elapsed = duration_to_i32(started_at.elapsed());
    response = params
        .query_manager
        .connect()
        .upsert_http_response(
            &HttpResponse {
                state: HttpResponseState::Connected,
                elapsed_headers: headers_elapsed,
                status: i32::from(http_response.status),
                status_reason: http_response.status_reason.clone(),
                url: http_response.url.clone(),
                remote_addr: http_response.remote_addr.clone(),
                version: http_response.version.clone(),
                headers: http_response
                    .headers
                    .iter()
                    .map(|(name, value)| HttpResponseHeader {
                        name: name.clone(),
                        value: value.clone(),
                    })
                    .collect(),
                request_headers: http_response
                    .request_headers
                    .iter()
                    .map(|(name, value)| HttpResponseHeader {
                        name: name.clone(),
                        value: value.clone(),
                    })
                    .collect(),
                ..response
            },
            &params.update_source,
            params.blob_manager,
        )
        .map_err(SendHttpRequestError::PersistResponse)?;
    let (response_body, body_stats) =
        http_response.bytes().await.map_err(SendHttpRequestError::ReadResponseBody)?;
    std::fs::create_dir_all(params.response_dir).map_err(|source| {
        SendHttpRequestError::CreateResponseDirectory {
            path: params.response_dir.to_path_buf(),
            source,
        }
    })?;
    let body_path = params.response_dir.join(&response.id);
    std::fs::write(&body_path, &response_body).map_err(|source| {
        SendHttpRequestError::WriteResponseBody { path: body_path.clone(), source }
    })?;
    response = params
        .query_manager
        .connect()
        .upsert_http_response(
            &HttpResponse {
                body_path: Some(body_path.to_string_lossy().to_string()),
                content_length: Some(usize_to_i32(response_body.len())),
                content_length_compressed: Some(u64_to_i32(body_stats.size_compressed)),
                elapsed: duration_to_i32(started_at.elapsed()),
                elapsed_headers: headers_elapsed,
                state: HttpResponseState::Closed,
                ..response
            },
            &params.update_source,
            params.blob_manager,
        )
        .map_err(SendHttpRequestError::PersistResponse)?;
    if let Err(join_err) = event_handle.await {
        warn!("Failed to join response event task: {}", join_err);
    }
    persist_cookie_jar(params.query_manager, cookie_jar.as_mut(), cookie_store.as_ref())?;
    Ok(SendHttpRequestResult { rendered_request, response, response_body })
 }
 fn resolve_environment_chain(
    query_manager: &QueryManager,
    request: &HttpRequest,
    environment_id: Option<&str>,
 ) -> Result<Vec<Environment>> {
    let db = query_manager.connect();
    db.resolve_environments(&request.workspace_id, request.folder_id.as_deref(), environment_id)
        .map_err(SendHttpRequestError::ResolveEnvironments)
 }
 fn resolve_inherited_request(
    query_manager: &QueryManager,
    request: &HttpRequest,
 ) -> Result<(HttpRequest, String)> {
    let db = query_manager.connect();
    let (authentication_type, authentication, auth_context_id) = db
        .resolve_auth_for_http_request(request)
        .map_err(SendHttpRequestError::ResolveRequestInheritance)?;
    let resolved_headers = db
        .resolve_headers_for_http_request(request)
        .map_err(SendHttpRequestError::ResolveRequestInheritance)?;
    let mut request = request.clone();
    request.authentication_type = authentication_type;
    request.authentication = authentication;
    request.headers = resolved_headers;
    Ok((request, auth_context_id))
 }
 fn load_cookie_jar(
    query_manager: &QueryManager,
    cookie_jar_id: Option<&str>,
 ) -> Result<Option<CookieJar>> {
    let Some(cookie_jar_id) = cookie_jar_id else {
        return Ok(None);
    };
    query_manager
        .connect()
        .get_cookie_jar(cookie_jar_id)
        .map(Some)
        .map_err(SendHttpRequestError::LoadCookieJar)
 }
 fn persist_cookie_jar(
    query_manager: &QueryManager,
    cookie_jar: Option<&mut CookieJar>,
    cookie_store: Option<&CookieStore>,
 ) -> Result<()> {
    match (cookie_jar, cookie_store) {
        (Some(cookie_jar), Some(cookie_store)) => {
            cookie_jar.cookies = cookie_store.get_all_cookies();
            query_manager
                .connect()
                .upsert_cookie_jar(cookie_jar, &UpdateSource::Background)
                .map_err(SendHttpRequestError::PersistCookieJar)?;
            Ok(())
        }
        _ => Ok(()),
    }
 }
 fn proxy_setting_from_settings(proxy: Option<ProxySetting>) -> HttpConnectionProxySetting {
    match proxy {
        None => HttpConnectionProxySetting::System,
        Some(ProxySetting::Disabled) => HttpConnectionProxySetting::Disabled,
        Some(ProxySetting::Enabled { http, https, auth, bypass, disabled }) => {
            if disabled {
                HttpConnectionProxySetting::System
            } else {
                HttpConnectionProxySetting::Enabled {
                    http,
                    https,
                    bypass,
                    auth: auth.map(|ProxySettingAuth { user, password }| {
                        HttpConnectionProxySettingAuth { user, password }
                    }),
                }
            }
        }
    }
 }
 pub async fn apply_plugin_authentication(
    sendable_request: &mut SendableHttpRequest,
    request: &HttpRequest,
    auth_context_id: &str,
    plugin_manager: &PluginManager,
    plugin_context: &PluginContext,
 ) -> std::result::Result<(), String> {
    match &request.authentication_type {
        None => {}
        Some(authentication_type) if authentication_type == "none" => {}
        Some(authentication_type) => {
            let req = CallHttpAuthenticationRequest {
                context_id: format!("{:x}", md5::compute(auth_context_id)),
                values: serde_json::from_value(
                    serde_json::to_value(&request.authentication)
                        .map_err(|e| format!("Failed to serialize auth values: {e}"))?,
                )
                .map_err(|e| format!("Failed to parse auth values: {e}"))?,
                url: sendable_request.url.clone(),
                method: sendable_request.method.clone(),
                headers: sendable_request
                    .headers
                    .iter()
                    .map(|(name, value)| HttpHeader {
                        name: name.to_string(),
                        value: value.to_string(),
                    })
                    .collect(),
            };
            let plugin_result = plugin_manager
                .call_http_authentication(plugin_context, authentication_type, req)
                .await
                .map_err(|e| format!("Failed to apply authentication plugin: {e}"))?;
            for header in plugin_result.set_headers.unwrap_or_default() {
                sendable_request.insert_header((header.name, header.value));
            }
            if let Some(params) = plugin_result.set_query_parameters {
                let params = params.into_iter().map(|p| (p.name, p.value)).collect::<Vec<_>>();
                sendable_request.url = append_query_params(&sendable_request.url, params);
            }
        }
    }
    Ok(())
 }
 fn persist_response_error(
    query_manager: &QueryManager,
    blob_manager: &BlobManager,
    update_source: &UpdateSource,
    response: &HttpResponse,
    started_at: Instant,
    error: String,
    fallback_url: String,
 ) -> Result<HttpResponse> {
    let elapsed = duration_to_i32(started_at.elapsed());
    query_manager
        .connect()
        .upsert_http_response(
            &HttpResponse {
                state: HttpResponseState::Closed,
                elapsed,
                elapsed_headers: if response.elapsed_headers == 0 {
                    elapsed
                } else {
                    response.elapsed_headers
                },
                error: Some(error),
                url: if response.url.is_empty() { fallback_url } else { response.url.clone() },
                ..response.clone()
            },
            update_source,
            blob_manager,
        )
        .map_err(SendHttpRequestError::PersistResponse)
 }
 fn sendable_body_length(body: Option<&SendableBody>) -> Option<i32> {
    match body {
        Some(SendableBody::Bytes(bytes)) => Some(usize_to_i32(bytes.len())),
        Some(SendableBody::Stream { content_length: Some(length), .. }) => {
            Some(u64_to_i32(*length))
        }
        _ => None,
    }
 }
 fn duration_to_i32(duration: std::time::Duration) -> i32 {
    u128_to_i32(duration.as_millis())
 }
 fn usize_to_i32(value: usize) -> i32 {
    if value > i32::MAX as usize { i32::MAX } else { value as i32 }
 }
 fn u64_to_i32(value: u64) -> i32 {
    if value > i32::MAX as u64 { i32::MAX } else { value as i32 }
 }
 fn u128_to_i32(value: u128) -> i32 {
    if value > i32::MAX as u128 { i32::MAX } else { value as i32 }
 }
--- a/flatpak/app.yaak.Yaak.metainfo.xml
+++ b/flatpak/app.yaak.Yaak.metainfo.xml
@@ -0,0 +1,57 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <component type="desktop-application">
  <id>app.yaak.Yaak</id>
  <name>Yaak</name>
  <summary>An offline, Git friendly API Client</summary>
  <developer id="app.yaak">
    <name>Yaak</name>
  </developer>
  <metadata_license>MIT</metadata_license>
  <project_license>MIT</project_license>
  <url type="homepage">https://yaak.app</url>
  <url type="bugtracker">https://yaak.app/feedback</url>
  <url type="contact">https://yaak.app/feedback</url>
  <url type="vcs-browser">https://github.com/mountain-loop/yaak</url>
  <description>
    <p>
      A fast, privacy-first API client for REST, GraphQL, SSE, WebSocket,
      and gRPC — built with Tauri, Rust, and React.
    </p>
    <p>Features include:</p>
    <ul>
      <li>REST, GraphQL, SSE, WebSocket, and gRPC support</li>
      <li>Local-only data, secrets encryption, and zero telemetry</li>
      <li>Git-friendly plain-text project storage</li>
      <li>Environment variables and template functions</li>
      <li>Request chaining and dynamic values</li>
      <li>OAuth 2.0, Bearer, Basic, API Key, AWS, JWT, and NTLM authentication</li>
      <li>Import from cURL, Postman, Insomnia, and OpenAPI</li>
      <li>Extensible plugin system</li>
    </ul>
  </description>
  <launchable type="desktop-id">app.yaak.Yaak.desktop</launchable>
  <branding>
    <color type="primary" scheme_preference="light">#8b32ff</color>
    <color type="primary" scheme_preference="dark">#c293ff</color>
  </branding>
  <content_rating type="oars-1.1" />
  <screenshots>
    <screenshot type="default">
      <caption>Crafting an API request</caption>
      <image>https://assets.yaak.app/uploads/screenshot-BLG1w_2310x1326.png</image>
    </screenshot>
  </screenshots>
  <releases>
    <release version="2026.2.0" date="2026-02-10" />
  </releases>
 </component>
--- a/flatpak/fix-lockfile.mjs
+++ b/flatpak/fix-lockfile.mjs
@@ -0,0 +1,75 @@
 #!/usr/bin/env node
 // Adds missing `resolved` and `integrity` fields to npm package-lock.json.
 //
 // npm sometimes omits these fields for nested dependencies inside workspace
 // packages. This breaks offline installs and tools like flatpak-node-generator
 // that need explicit tarball URLs for every package.
 //
 // Based on https://github.com/grant-dennison/npm-package-lock-add-resolved
 // (MIT License, Copyright (c) 2024 Grant Dennison)
 import { readFile, writeFile } from "node:fs/promises";
 import { get } from "node:https";
 const lockfilePath = process.argv[2] || "package-lock.json";
 function fetchJson(url) {
  return new Promise((resolve, reject) => {
    get(url, (res) => {
      let data = "";
      res.on("data", (chunk) => {
        data += chunk;
      });
      res.on("end", () => {
        if (res.statusCode === 200) {
          resolve(JSON.parse(data));
        } else {
          reject(`${url} returned ${res.statusCode} ${res.statusMessage}`);
        }
      });
      res.on("error", reject);
    }).on("error", reject);
  });
 }
 async function fillResolved(name, p) {
  const version = p.version.replace(/^.*@/, "");
  console.log(`Retrieving metadata for ${name}@${version}`);
  const metadataUrl = `https://registry.npmjs.com/${name}/${version}`;
  const metadata = await fetchJson(metadataUrl);
  p.resolved = metadata.dist.tarball;
  p.integrity = metadata.dist.integrity;
 }
 let changesMade = false;
 async function fillAllResolved(packages) {
  for (const packagePath in packages) {
    if (packagePath === "") continue;
    if (!packagePath.includes("node_modules/")) continue;
    const p = packages[packagePath];
    if (p.link) continue;
    if (!p.inBundle && !p.bundled && (!p.resolved || !p.integrity)) {
      const packageName =
        p.name ||
        /^npm:(.+?)@.+$/.exec(p.version)?.[1] ||
        packagePath.replace(/^.*node_modules\/(?=.+?$)/, "");
      await fillResolved(packageName, p);
      changesMade = true;
    }
  }
 }
 const oldContents = await readFile(lockfilePath, "utf-8");
 const packageLock = JSON.parse(oldContents);
 await fillAllResolved(packageLock.packages ?? []);
 if (changesMade) {
  const newContents = JSON.stringify(packageLock, null, 2) + "\n";
  await writeFile(lockfilePath, newContents);
  console.log(`Updated ${lockfilePath}`);
 } else {
  console.log("No changes needed.");
 }
--- a/flatpak/generate-sources.sh
+++ b/flatpak/generate-sources.sh
@@ -0,0 +1,48 @@
 #!/usr/bin/env bash
 #
 # Generate offline dependency source files for Flatpak builds.
 #
 # Prerequisites:
 #   pip install flatpak-node-generator tomlkit aiohttp
 #   Clone https://github.com/flatpak/flatpak-builder-tools (for cargo generator)
 #
 # Usage:
 #   ./flatpak/generate-sources.sh <flathub-repo-path>
 #   ./flatpak/generate-sources.sh ../flathub-repo
 set -euo pipefail
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
 if [ $# -lt 1 ]; then
    echo "Usage: $0 <flathub-repo-path>"
    echo "Example: $0 ../flathub-repo"
    exit 1
 fi
 FLATHUB_REPO="$(cd "$1" && pwd)"
 python3 "$SCRIPT_DIR/flatpak-builder-tools/cargo/flatpak-cargo-generator.py" \
  -o "$FLATHUB_REPO/cargo-sources.json" "$REPO_ROOT/Cargo.lock"
 TMPDIR=$(mktemp -d)
 trap 'rm -rf "$TMPDIR"' EXIT
 cp "$REPO_ROOT/package-lock.json" "$TMPDIR/package-lock.json"
 cp "$REPO_ROOT/package.json" "$TMPDIR/package.json"
 node "$SCRIPT_DIR/fix-lockfile.mjs" "$TMPDIR/package-lock.json"
 node -e "
  const fs = require('fs');
  const p = process.argv[1];
  const d = JSON.parse(fs.readFileSync(p, 'utf-8'));
  for (const [name, info] of Object.entries(d.packages || {})) {
    if (name && (info.link || !info.resolved)) delete d.packages[name];
  }
  fs.writeFileSync(p, JSON.stringify(d, null, 2));
 " "$TMPDIR/package-lock.json"
 flatpak-node-generator --no-requests-cache \
  -o "$FLATHUB_REPO/node-sources.json" npm "$TMPDIR/package-lock.json"
--- a/flatpak/update-manifest.sh
+++ b/flatpak/update-manifest.sh
@@ -0,0 +1,86 @@
 #!/usr/bin/env bash
 #
 # Update the Flathub repo for a new release.
 #
 # Usage:
 #   ./flatpak/update-manifest.sh <version-tag> <flathub-repo-path>
 #   ./flatpak/update-manifest.sh v2026.2.0 ../flathub-repo
 set -euo pipefail
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
 if [ $# -lt 2 ]; then
    echo "Usage: $0 <version-tag> <flathub-repo-path>"
    echo "Example: $0 v2026.2.0 ../flathub-repo"
    exit 1
 fi
 VERSION_TAG="$1"
 VERSION="${VERSION_TAG#v}"
 FLATHUB_REPO="$(cd "$2" && pwd)"
 MANIFEST="$FLATHUB_REPO/app.yaak.Yaak.yml"
 METAINFO="$SCRIPT_DIR/app.yaak.Yaak.metainfo.xml"
 if [[ "$VERSION" == *-* ]]; then
    echo "Skipping pre-release version '$VERSION_TAG' (only stable releases are published to Flathub)"
    exit 0
 fi
 REPO="mountain-loop/yaak"
 COMMIT=$(git ls-remote "https://github.com/$REPO.git" "refs/tags/$VERSION_TAG" | cut -f1)
 if [ -z "$COMMIT" ]; then
    echo "Error: Could not resolve commit for tag $VERSION_TAG"
    exit 1
 fi
 echo "Tag: $VERSION_TAG"
 echo "Commit: $COMMIT"
 # Update git tag and commit in the manifest
 sed -i "s|tag: v.*|tag: $VERSION_TAG|" "$MANIFEST"
 sed -i "s|commit: .*|commit: $COMMIT|" "$MANIFEST"
 echo "Updated manifest tag and commit."
 # Regenerate offline dependency sources from the tagged lockfiles
 TMPDIR=$(mktemp -d)
 trap 'rm -rf "$TMPDIR"' EXIT
 echo "Fetching lockfiles from $VERSION_TAG..."
 curl -fsSL "https://raw.githubusercontent.com/$REPO/$VERSION_TAG/Cargo.lock" -o "$TMPDIR/Cargo.lock"
 curl -fsSL "https://raw.githubusercontent.com/$REPO/$VERSION_TAG/package-lock.json" -o "$TMPDIR/package-lock.json"
 curl -fsSL "https://raw.githubusercontent.com/$REPO/$VERSION_TAG/package.json" -o "$TMPDIR/package.json"
 echo "Generating cargo-sources.json..."
 python3 "$SCRIPT_DIR/flatpak-builder-tools/cargo/flatpak-cargo-generator.py" \
  -o "$FLATHUB_REPO/cargo-sources.json" "$TMPDIR/Cargo.lock"
 echo "Generating node-sources.json..."
 node "$SCRIPT_DIR/fix-lockfile.mjs" "$TMPDIR/package-lock.json"
 node -e "
  const fs = require('fs');
  const p = process.argv[1];
  const d = JSON.parse(fs.readFileSync(p, 'utf-8'));
  for (const [name, info] of Object.entries(d.packages || {})) {
    if (name && (info.link || !info.resolved)) delete d.packages[name];
  }
  fs.writeFileSync(p, JSON.stringify(d, null, 2));
 " "$TMPDIR/package-lock.json"
 flatpak-node-generator --no-requests-cache \
  -o "$FLATHUB_REPO/node-sources.json" npm "$TMPDIR/package-lock.json"
 # Update metainfo with new release
 TODAY=$(date +%Y-%m-%d)
 sed -i "s|  <releases>|  <releases>\n    <release version=\"$VERSION\" date=\"$TODAY\" />|" "$METAINFO"
 echo "Updated metainfo with release $VERSION."
 echo ""
 echo "Done! Review the changes:"
 echo "  $MANIFEST"
 echo "  $METAINFO"
 echo "  $FLATHUB_REPO/cargo-sources.json"
 echo "  $FLATHUB_REPO/node-sources.json"
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,7 +12,8 @@
        "packages/plugin-runtime",
        "packages/plugin-runtime-types",
        "plugins-external/mcp-server",
-        "plugins-external/template-function-faker",
+        "plugins-external/faker",
        "plugins-external/httpsnippet",
        "plugins/action-copy-curl",
        "plugins/action-copy-grpcurl",
        "plugins/action-send-folder",
@@ -62,6 +63,13 @@
        "crates/yaak-ws",
        "src-web"
      ],
      "dependencies": {
        "@codemirror/lang-go": "^6.0.1",
        "@codemirror/lang-java": "^6.0.2",
        "@codemirror/lang-php": "^6.0.2",
        "@codemirror/lang-python": "^6.2.1",
        "@codemirror/legacy-modes": "^6.5.2"
      },
      "devDependencies": {
        "@biomejs/biome": "^2.3.13",
        "@tauri-apps/cli": "^2.9.6",
@@ -736,6 +744,19 @@
        "@lezer/css": "^1.1.7"
      }
    },
    "node_modules/@codemirror/lang-go": {
      "version": "6.0.1",
      "resolved": "https://registry.npmjs.org/@codemirror/lang-go/-/lang-go-6.0.1.tgz",
      "integrity": "sha512-7fNvbyNylvqCphW9HD6WFnRpcDjr+KXX/FgqXy5H5ZS0eC5edDljukm/yNgYkwTsgp2busdod50AOTIy6Jikfg==",
      "license": "MIT",
      "dependencies": {
        "@codemirror/autocomplete": "^6.0.0",
        "@codemirror/language": "^6.6.0",
        "@codemirror/state": "^6.0.0",
        "@lezer/common": "^1.0.0",
        "@lezer/go": "^1.0.0"
      }
    },
    "node_modules/@codemirror/lang-html": {
      "version": "6.4.11",
      "resolved": "https://registry.npmjs.org/@codemirror/lang-html/-/lang-html-6.4.11.tgz",
@@ -753,6 +774,16 @@
        "@lezer/html": "^1.3.12"
      }
    },
    "node_modules/@codemirror/lang-java": {
      "version": "6.0.2",
      "resolved": "https://registry.npmjs.org/@codemirror/lang-java/-/lang-java-6.0.2.tgz",
      "integrity": "sha512-m5Nt1mQ/cznJY7tMfQTJchmrjdjQ71IDs+55d1GAa8DGaB8JXWsVCkVT284C3RTASaY43YknrK2X3hPO/J3MOQ==",
      "license": "MIT",
      "dependencies": {
        "@codemirror/language": "^6.0.0",
        "@lezer/java": "^1.0.0"
      }
    },
    "node_modules/@codemirror/lang-javascript": {
      "version": "6.2.4",
      "resolved": "https://registry.npmjs.org/@codemirror/lang-javascript/-/lang-javascript-6.2.4.tgz",
@@ -793,6 +824,32 @@
        "@lezer/markdown": "^1.0.0"
      }
    },
    "node_modules/@codemirror/lang-php": {
      "version": "6.0.2",
      "resolved": "https://registry.npmjs.org/@codemirror/lang-php/-/lang-php-6.0.2.tgz",
      "integrity": "sha512-ZKy2v1n8Fc8oEXj0Th0PUMXzQJ0AIR6TaZU+PbDHExFwdu+guzOA4jmCHS1Nz4vbFezwD7LyBdDnddSJeScMCA==",
      "license": "MIT",
      "dependencies": {
        "@codemirror/lang-html": "^6.0.0",
        "@codemirror/language": "^6.0.0",
        "@codemirror/state": "^6.0.0",
        "@lezer/common": "^1.0.0",
        "@lezer/php": "^1.0.0"
      }
    },
    "node_modules/@codemirror/lang-python": {
      "version": "6.2.1",
      "resolved": "https://registry.npmjs.org/@codemirror/lang-python/-/lang-python-6.2.1.tgz",
      "integrity": "sha512-IRjC8RUBhn9mGR9ywecNhB51yePWCGgvHfY1lWN/Mrp3cKuHr0isDKia+9HnvhiWNnMpbGhWrkhuWOc09exRyw==",
      "license": "MIT",
      "dependencies": {
        "@codemirror/autocomplete": "^6.3.2",
        "@codemirror/language": "^6.8.0",
        "@codemirror/state": "^6.0.0",
        "@lezer/common": "^1.2.1",
        "@lezer/python": "^1.1.4"
      }
    },
    "node_modules/@codemirror/lang-xml": {
      "version": "6.1.0",
      "resolved": "https://registry.npmjs.org/@codemirror/lang-xml/-/lang-xml-6.1.0.tgz",
@@ -836,6 +893,15 @@
        "style-mod": "^4.0.0"
      }
    },
    "node_modules/@codemirror/legacy-modes": {
      "version": "6.5.2",
      "resolved": "https://registry.npmjs.org/@codemirror/legacy-modes/-/legacy-modes-6.5.2.tgz",
      "integrity": "sha512-/jJbwSTazlQEDOQw2FJ8LEEKVS72pU0lx6oM54kGpL8t/NJ2Jda3CZ4pcltiKTdqYSRk3ug1B3pil1gsjA6+8Q==",
      "license": "MIT",
      "dependencies": {
        "@codemirror/language": "^6.0.0"
      }
    },
    "node_modules/@codemirror/lint": {
      "version": "6.9.2",
      "resolved": "https://registry.npmjs.org/@codemirror/lint/-/lint-6.9.2.tgz",
@@ -1414,9 +1480,9 @@
      }
    },
    "node_modules/@hono/node-server": {
-      "version": "1.19.8",
+      "version": "1.19.9",
-      "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.8.tgz",
+      "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.9.tgz",
-      "integrity": "sha512-0/g2lIOPzX8f3vzW1ggQgvG5mjtFBDBHFAzI5SFAi2DzSqS9luJwqg9T6O/gKYLi+inS7eNxBeIFkkghIPvrMA==",
+      "integrity": "sha512-vHL6w3ecZsky+8P5MD+eFfaGTyCeOHUIFYMGpQGbrBTSmNNoxv0if69rEZ5giu36weC5saFuznL411gRX7bJDw==",
      "license": "MIT",
      "engines": {
        "node": ">=18.14.1"
@@ -1570,6 +1636,17 @@
        "lezer-generator": "src/lezer-generator.cjs"
      }
    },
    "node_modules/@lezer/go": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/@lezer/go/-/go-1.0.1.tgz",
      "integrity": "sha512-xToRsYxwsgJNHTgNdStpcvmbVuKxTapV0dM0wey1geMMRc9aggoVyKgzYp41D2/vVOx+Ii4hmE206kvxIXBVXQ==",
      "license": "MIT",
      "dependencies": {
        "@lezer/common": "^1.2.0",
        "@lezer/highlight": "^1.0.0",
        "@lezer/lr": "^1.3.0"
      }
    },
    "node_modules/@lezer/highlight": {
      "version": "1.2.3",
      "resolved": "https://registry.npmjs.org/@lezer/highlight/-/highlight-1.2.3.tgz",
@@ -1590,6 +1667,17 @@
        "@lezer/lr": "^1.0.0"
      }
    },
    "node_modules/@lezer/java": {
      "version": "1.1.3",
      "resolved": "https://registry.npmjs.org/@lezer/java/-/java-1.1.3.tgz",
      "integrity": "sha512-yHquUfujwg6Yu4Fd1GNHCvidIvJwi/1Xu2DaKl/pfWIA2c1oXkVvawH3NyXhCaFx4OdlYBVX5wvz2f7Aoa/4Xw==",
      "license": "MIT",
      "dependencies": {
        "@lezer/common": "^1.2.0",
        "@lezer/highlight": "^1.0.0",
        "@lezer/lr": "^1.0.0"
      }
    },
    "node_modules/@lezer/javascript": {
      "version": "1.5.4",
      "resolved": "https://registry.npmjs.org/@lezer/javascript/-/javascript-1.5.4.tgz",
@@ -1631,6 +1719,28 @@
        "@lezer/highlight": "^1.0.0"
      }
    },
    "node_modules/@lezer/php": {
      "version": "1.0.5",
      "resolved": "https://registry.npmjs.org/@lezer/php/-/php-1.0.5.tgz",
      "integrity": "sha512-W7asp9DhM6q0W6DYNwIkLSKOvxlXRrif+UXBMxzsJUuqmhE7oVU+gS3THO4S/Puh7Xzgm858UNaFi6dxTP8dJA==",
      "license": "MIT",
      "dependencies": {
        "@lezer/common": "^1.2.0",
        "@lezer/highlight": "^1.0.0",
        "@lezer/lr": "^1.1.0"
      }
    },
    "node_modules/@lezer/python": {
      "version": "1.1.18",
      "resolved": "https://registry.npmjs.org/@lezer/python/-/python-1.1.18.tgz",
      "integrity": "sha512-31FiUrU7z9+d/ElGQLJFXl+dKOdx0jALlP3KEOsGTex8mvj+SoE1FgItcHWK/axkxCHGUSpqIHt6JAWfWu9Rhg==",
      "license": "MIT",
      "dependencies": {
        "@lezer/common": "^1.2.0",
        "@lezer/highlight": "^1.0.0",
        "@lezer/lr": "^1.0.0"
      }
    },
    "node_modules/@lezer/xml": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/@lezer/xml/-/xml-1.0.6.tgz",
@@ -1675,12 +1785,12 @@
      }
    },
    "node_modules/@modelcontextprotocol/sdk": {
-      "version": "1.25.2",
+      "version": "1.26.0",
-      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.25.2.tgz",
+      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.26.0.tgz",
-      "integrity": "sha512-LZFeo4F9M5qOhC/Uc1aQSrBHxMrvxett+9KLHt7OhcExtoiRN9DKgbZffMP/nxjutWDQpfMDfP3nkHI4X9ijww==",
+      "integrity": "sha512-Y5RmPncpiDtTXDbLKswIJzTqu2hyBKxTNsgKqKclDbhIgg1wgtf1fRuvxgTnRfcnxtvvgbIEcqUOzZrJ6iSReg==",
      "license": "MIT",
      "dependencies": {
-        "@hono/node-server": "^1.19.7",
+        "@hono/node-server": "^1.19.9",
        "ajv": "^8.17.1",
        "ajv-formats": "^3.0.1",
        "content-type": "^1.0.5",
@@ -1688,14 +1798,15 @@
        "cross-spawn": "^7.0.5",
        "eventsource": "^3.0.2",
        "eventsource-parser": "^3.0.0",
-        "express": "^5.0.1",
+        "express": "^5.2.1",
-        "express-rate-limit": "^7.5.0",
+        "express-rate-limit": "^8.2.1",
-        "jose": "^6.1.1",
+        "hono": "^4.11.4",
        "jose": "^6.1.3",
        "json-schema-typed": "^8.0.2",
        "pkce-challenge": "^5.0.0",
        "raw-body": "^3.0.0",
        "zod": "^3.25 || ^4.0",
-        "zod-to-json-schema": "^3.25.0"
+        "zod-to-json-schema": "^3.25.1"
      },
      "engines": {
        "node": ">=18"
@@ -2021,6 +2132,19 @@
        "node": ">=16.9"
      }
    },
    "node_modules/@readme/httpsnippet": {
      "version": "11.0.0",
      "resolved": "https://registry.npmjs.org/@readme/httpsnippet/-/httpsnippet-11.0.0.tgz",
      "integrity": "sha512-XSyaAsJkZfmMO9R4WDlVJARZgd4wlImftSkMkKclidniXA1h6DTya9iTqJenQo9mHQLh3u6kAC3CDRaIV+LbLw==",
      "license": "MIT",
      "dependencies": {
        "qs": "^6.11.2",
        "stringify-object": "^3.3.0"
      },
      "engines": {
        "node": ">=18"
      }
    },
    "node_modules/@replit/codemirror-emacs": {
      "version": "6.1.0",
      "resolved": "https://registry.npmjs.org/@replit/codemirror-emacs/-/codemirror-emacs-6.1.0.tgz",
@@ -3798,13 +3922,6 @@
        "@types/react": "*"
      }
    },
    "node_modules/@types/shell-quote": {
      "version": "1.7.5",
      "resolved": "https://registry.npmjs.org/@types/shell-quote/-/shell-quote-1.7.5.tgz",
      "integrity": "sha512-+UE8GAGRPbJVQDdxi16dgadcBfQ+KG2vgZhV1+3A1XmHbmwcdwhCUwIdy+d3pAGrbvgRoVSjeI9vOWyq376Yzw==",
      "dev": true,
      "license": "MIT"
    },
    "node_modules/@types/unist": {
      "version": "3.0.3",
      "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz",
@@ -4036,6 +4153,10 @@
      "resolved": "plugins/auth-oauth2",
      "link": true
    },
    "node_modules/@yaak/faker": {
      "resolved": "plugins-external/faker",
      "link": true
    },
    "node_modules/@yaak/filter-jsonpath": {
      "resolved": "plugins/filter-jsonpath",
      "link": true
@@ -4044,6 +4165,10 @@
      "resolved": "plugins/filter-xpath",
      "link": true
    },
    "node_modules/@yaak/httpsnippet": {
      "resolved": "plugins-external/httpsnippet",
      "link": true
    },
    "node_modules/@yaak/importer-curl": {
      "resolved": "plugins/importer-curl",
      "link": true
@@ -6865,10 +6990,13 @@
      }
    },
    "node_modules/express-rate-limit": {
-      "version": "7.5.1",
+      "version": "8.2.1",
-      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.1.tgz",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.2.1.tgz",
-      "integrity": "sha512-7iN8iPMDzOMHPUYllBEsQdWVB6fPDMPqwjBaFrgr4Jgr/+okjvzAy+UHlYYL/Vs0OsOrMkwS6PJDkFlJwoxUnw==",
+      "integrity": "sha512-PCZEIEIxqwhzw4KF0n7QF4QqruVTcF73O5kFKUnGOyjbCCgizBBiFaYpd/fnBLUMPw/BWw9OsiN7GgrNYr7j6g==",
      "license": "MIT",
      "dependencies": {
        "ip-address": "10.0.1"
      },
      "engines": {
        "node": ">= 16"
      },
@@ -7407,6 +7535,12 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/get-own-enumerable-property-symbols": {
      "version": "3.0.2",
      "resolved": "https://registry.npmjs.org/get-own-enumerable-property-symbols/-/get-own-enumerable-property-symbols-3.0.2.tgz",
      "integrity": "sha512-I0UBV/XOz1XkIJHEUDMZAbzCThU/H8DxmSfmdGcKPnVhu2VfFqr34jr9777IyaTYvxjedWhqVIilEDsCdP5G6g==",
      "license": "ISC"
    },
    "node_modules/get-proto": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
@@ -8135,6 +8269,15 @@
        "node": ">= 0.4"
      }
    },
    "node_modules/ip-address": {
      "version": "10.0.1",
      "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.0.1.tgz",
      "integrity": "sha512-NWv9YLW4PoW2B7xtzaS3NCot75m6nK7Icdv0o3lfMceJVRfSoQwqD4wEH5rLwoKJwUiZ/rfpiVBhnaF0FK4HoA==",
      "license": "MIT",
      "engines": {
        "node": ">= 12"
      }
    },
    "node_modules/ip-bigint": {
      "version": "7.3.0",
      "resolved": "https://registry.npmjs.org/ip-bigint/-/ip-bigint-7.3.0.tgz",
@@ -8516,6 +8659,15 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/is-obj": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-1.0.1.tgz",
      "integrity": "sha512-l4RyHgRqGN4Y3+9JHVrNqO+tN0rV5My76uW5/nuO4K1b6vw5G8d/cmFjP9tRfEsdhZNt0IFdZuK/c2Vr4Nb+Qg==",
      "license": "MIT",
      "engines": {
        "node": ">=0.10.0"
      }
    },
    "node_modules/is-plain-obj": {
      "version": "4.1.0",
      "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz",
@@ -13250,6 +13402,7 @@
      "version": "1.8.3",
      "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.3.tgz",
      "integrity": "sha512-ObmnIF4hXNg1BqhnHmgbDETF8dLPCggZWBjkQfhZpbszZnYur5DUljTcCHii5LC3J5E0yeO/1LIMyH+UvHQgyw==",
      "dev": true,
      "license": "MIT",
      "engines": {
        "node": ">= 0.4"
@@ -13258,6 +13411,12 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/shlex": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/shlex/-/shlex-3.0.0.tgz",
      "integrity": "sha512-jHPXQQk9d/QXCvJuLPYMOYWez3c43sORAgcIEoV7bFv5AJSJRAOyw5lQO12PMfd385qiLRCaDt7OtEzgrIGZUA==",
      "license": "MIT"
    },
    "node_modules/should": {
      "version": "13.2.3",
      "resolved": "https://registry.npmjs.org/should/-/should-13.2.3.tgz",
@@ -13776,6 +13935,29 @@
        "url": "https://github.com/sponsors/wooorm"
      }
    },
    "node_modules/stringify-object": {
      "version": "3.3.0",
      "resolved": "https://registry.npmjs.org/stringify-object/-/stringify-object-3.3.0.tgz",
      "integrity": "sha512-rHqiFh1elqCQ9WPLIC8I0Q/g/wj5J1eMkyoiD6eoQApWHP0FtlK7rqnhmabL5VUY9JQCcqwwvlOaSuutekgyrw==",
      "license": "BSD-2-Clause",
      "dependencies": {
        "get-own-enumerable-property-symbols": "^3.0.0",
        "is-obj": "^1.0.1",
        "is-regexp": "^1.0.0"
      },
      "engines": {
        "node": ">=4"
      }
    },
    "node_modules/stringify-object/node_modules/is-regexp": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/is-regexp/-/is-regexp-1.0.0.tgz",
      "integrity": "sha512-7zjFAPO4/gwyQAAgRRmqeEeyIICSdmCqa3tsVHMdBzaXXRiqopZL4Cyghg/XulGWrtABTpbnYYzzIRffLkP4oA==",
      "license": "MIT",
      "engines": {
        "node": ">=0.10.0"
      }
    },
    "node_modules/strip-ansi": {
      "version": "7.1.2",
      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz",
@@ -15775,13 +15957,68 @@
        "undici-types": "~7.16.0"
      }
    },
    "plugins-external/faker": {
      "name": "@yaak/faker",
      "version": "1.1.1",
      "dependencies": {
        "@faker-js/faker": "^10.1.0"
      },
      "devDependencies": {
        "@types/node": "^25.0.3",
        "typescript": "^5.9.3"
      }
    },
    "plugins-external/faker/node_modules/@faker-js/faker": {
      "version": "10.3.0",
      "resolved": "https://registry.npmjs.org/@faker-js/faker/-/faker-10.3.0.tgz",
      "integrity": "sha512-It0Sne6P3szg7JIi6CgKbvTZoMjxBZhcv91ZrqrNuaZQfB5WoqYYbzCUOq89YR+VY8juY9M1vDWmDDa2TzfXCw==",
      "funding": [
        {
          "type": "opencollective",
          "url": "https://opencollective.com/fakerjs"
        }
      ],
      "license": "MIT",
      "engines": {
        "node": "^20.19.0 || ^22.13.0 || ^23.5.0 || >=24.0.0",
        "npm": ">=10"
      }
    },
    "plugins-external/httpsnippet": {
      "name": "@yaak/httpsnippet",
      "version": "1.0.3",
      "dependencies": {
        "@readme/httpsnippet": "^11.0.0"
      },
      "devDependencies": {
        "@types/node": "^22.0.0",
        "typescript": "^5.9.3"
      }
    },
    "plugins-external/httpsnippet/node_modules/@types/node": {
      "version": "22.19.9",
      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.19.9.tgz",
      "integrity": "sha512-PD03/U8g1F9T9MI+1OBisaIARhSzeidsUjQaf51fOxrfjeiKN9bLVO06lHuHYjxdnqLWJijJHfqXPSJri2EM2A==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "undici-types": "~6.21.0"
      }
    },
    "plugins-external/httpsnippet/node_modules/undici-types": {
      "version": "6.21.0",
      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz",
      "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==",
      "dev": true,
      "license": "MIT"
    },
    "plugins-external/mcp-server": {
      "name": "@yaak/mcp-server",
-      "version": "0.1.7",
+      "version": "0.2.1",
      "dependencies": {
        "@hono/mcp": "^0.2.3",
        "@hono/node-server": "^1.19.7",
-        "@modelcontextprotocol/sdk": "^1.25.2",
+        "@modelcontextprotocol/sdk": "^1.26.0",
        "hono": "^4.11.7",
        "zod": "^3.25.76"
      },
@@ -15874,10 +16111,7 @@
      "name": "@yaak/importer-curl",
      "version": "0.1.0",
      "dependencies": {
-        "shell-quote": "^1.8.1"
+        "shlex": "^3.0.0"
      },
      "devDependencies": {
        "@types/shell-quote": "^1.7.5"
      }
    },
    "plugins/importer-insomnia": {
--- a/package.json
+++ b/package.json
@@ -11,7 +11,8 @@
    "packages/plugin-runtime",
    "packages/plugin-runtime-types",
    "plugins-external/mcp-server",
-    "plugins-external/template-function-faker",
+    "plugins-external/faker",
    "plugins-external/httpsnippet",
    "plugins/action-copy-curl",
    "plugins/action-copy-grpcurl",
    "plugins/action-send-folder",
@@ -104,5 +105,12 @@
    "npm-run-all": "^4.1.5",
    "typescript": "^5.8.3",
    "vitest": "^3.2.4"
  },
  "dependencies": {
    "@codemirror/lang-go": "^6.0.1",
    "@codemirror/lang-java": "^6.0.2",
    "@codemirror/lang-php": "^6.0.2",
    "@codemirror/lang-python": "^6.2.1",
    "@codemirror/legacy-modes": "^6.5.2"
  }
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Gregory Schier	8571440d84	release: remove stale windows signatures before machine bundle	2026-02-18 16:51:38 -08:00
Gregory Schier	bc37a5d666	release: clean stale windows installers before machine bundle	2026-02-18 16:11:08 -08:00
Gregory Schier	a80f2ccf9a	Port claude skills	2026-02-18 16:04:17 -08:00
Gregory Schier	1eaf276b75	release: include setup-machine signature artifact	2026-02-18 07:08:34 -08:00
Gregory Schier	e9559dfdfa	Update release.yml	2026-02-18 06:40:09 -08:00
Gregory Schier	4c2e7b8609	Rename machine setup file for easier suffix matching	2026-02-18 06:36:59 -08:00
Gregory Schier	e638cecf07	release: add per-machine NSIS installer and X-Install-Mode updater header	2026-02-17 15:11:20 -08:00
Gregory Schier	076058da4f	release: add per-machine NSIS installer for enterprise deployment	2026-02-17 14:49:54 -08:00
Gregory Schier	f1bc4aa146	Reapply "models: remove legacy template-function-faker plugin row" This reverts commit `773c4a24a5`.	2026-02-17 09:11:55 -08:00
Gregory Schier	773c4a24a5	Revert "models: remove legacy template-function-faker plugin row" This reverts commit `6cc659e5c4`.	2026-02-17 09:08:44 -08:00
Gregory Schier	6cc659e5c4	models: remove legacy template-function-faker plugin row	2026-02-17 08:52:35 -08:00
Gregory Schier	e1580210dc	CLI command architecture and DB-backed model update syncing (#397 )	2026-02-17 08:20:31 -08:00
Pathik	0a4ffde319	Support moving multiple requests to another workspace (#396 ) Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com> Co-authored-by: Gregory Schier <gschier1990@gmail.com>	2026-02-16 08:42:42 -08:00
Gregory Schier	cc4d598af3	Update skill	2026-02-16 06:02:03 -08:00
Davide Becker	f5d11cb6d3	Add support for client assertions in the OAuth 2 plugin (#395 ) Co-authored-by: Davide Becker <github@reg.davide.me> Co-authored-by: Gregory Schier <gschier1990@gmail.com>	2026-02-14 07:38:54 -08:00
Gregory Schier	65e91aec6b	Fix git pull conflicts with pull.ff=only and improve commit UX (#394 )	2026-02-13 14:46:47 -08:00
Gregory Schier	ae943a5fd2	Fix lint: ignore flatpak in biome, fix search cursor iterator usage	2026-02-12 15:34:13 -08:00
winit	9e1a11de0b	Add CodeMirror extension to display find match count in the editor. (#390 )	2026-02-12 15:27:18 -08:00
Gregory Schier	52732e12ec	Fix license activation and plugin requests ignoring proxy settings (#393 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com	2026-02-12 14:38:53 -08:00
Gregory Schier	1127d7e3fa	Use consistent release title format in generate-release-notes command	2026-02-11 17:38:13 -08:00
Gregory Schier	7d4d228236	Fix HTTP/2 requests failing with duplicate Content-Length (#391 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-11 17:11:35 -08:00
Gregory Schier	565e053ee8	Fix auth tab crash when template rendering fails (#392 )	2026-02-11 14:59:17 -08:00
Gregory Schier	26aba6034f	Move faker plugin back to external (plugins-external/faker)	2026-02-11 10:22:20 -08:00
Gregory Schier	9a1d613034	Fix RPM bundle path validation for metainfo file	2026-02-11 08:14:16 -08:00
Gregory Schier	3e4de7d3c4	Move build scripts to Flathub repo, keep release prep scripts here	2026-02-11 07:28:56 -08:00
Gregory Schier	b64b5ec0f8	Refresh Git dropdown data on open and fetch periodically - Add refreshKey to useGit queries so dropdown data refreshes on open - Convert fetchAll from mutation to query with 10-minute refetch interval - Re-run status query after fetchAll completes via dataUpdatedAt key - Use placeholderData to keep previous data during key changes - Remove disabled state from Push, Pull, and Commit menu items	2026-02-11 07:20:53 -08:00
Gregory Schier	510d1c7d17	Remove Flatpak manifest (lives in Flathub repo)	2026-02-11 06:32:39 -08:00
Gregory Schier	ed13a62269	Use static desktop file and clean up manifest comments	2026-02-11 06:30:09 -08:00
Gregory Schier	935d613959	Move lockfile patch to standalone script	2026-02-10 23:35:14 -08:00
Gregory Schier	adeaaccc45	Add v2026.2.0 release to metainfo, simplify CI workflow - Metainfo is managed upstream (updated before tagging) - CI no longer modifies metainfo; just copies manifest and sources to Flathub - Flathub manifest installs metainfo from git source - Permissions reverted to read-only	2026-02-10 23:29:27 -08:00
Gregory Schier	d253093333	Revert "Simplify CI: metainfo releases only accumulate in Flathub repo" This reverts commit `f265b7a572`.	2026-02-10 23:26:52 -08:00
Gregory Schier	f265b7a572	Simplify CI: metainfo releases only accumulate in Flathub repo - Remove metainfo update from update-manifest.sh - Remove CI step that committed metainfo back to app repo - Revert permissions back to read-only - CI now inserts release entry directly into Flathub repo's metainfo	2026-02-10 23:26:22 -08:00
Gregory Schier	68b2ff016f	CI: rewrite metainfo paths for Flathub repo	2026-02-10 23:24:09 -08:00
Gregory Schier	a1c6295810	Clean up Flatpak manifest for v2026.2.0 - Update tag to v2026.2.0 - Use SKIP_WASM_BUILD env var instead of build-time package.json patch - Install metainfo from git source (remove temporary type: file source) - Fix fix-lockfile.mjs to skip workspace packages - CI: commit metainfo releases back to app repo, bump permissions to write	2026-02-10 23:19:23 -08:00
Gregory Schier	76ee3fa61b	Flatpak: build from source instead of repackaging debs (#389 )	2026-02-10 23:05:33 -08:00
Gregory Schier	7fef35ce0a	Ship metainfo in deb, remove from Flatpak manifest	2026-02-10 15:26:40 -08:00
Gregory Schier	654af09951	Bump GNOME runtime to 49, fix corrupted arm64 SHA256	2026-02-10 15:22:51 -08:00
Gregory Schier	484dcfade0	Add Flatpak and Flathub packaging support (#388 )	2026-02-10 14:38:40 -08:00
Gregory Schier	fda18c5434	Snapshot faker template function names in test Replace the brittle count assertion (toBe(226)) with a snapshot of all exported function names. This catches accidental additions, removals, or renames across faker upgrades with a clear diff. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-09 10:22:03 -08:00
Gregory Schier	a8176d6e9e	Skip disabled key-value entries during request rendering Skip disabled headers, metadata, URL parameters, and form body entries in the render phase for HTTP, gRPC, and WebSocket requests. Previously, disabled entries were still template-rendered even though they were filtered out later at the use site.	2026-02-09 10:17:43 -08:00
Gregory Schier	957d8d9d46	Move faker plugin from external to bundled	2026-02-09 08:43:49 -08:00
Gregory Schier	5f18bf25e2	Replace shell-quote with shlex for curl import (#387 )	2026-02-09 08:22:11 -08:00
Gregory Schier	66942eaf2c	Update httpsnippet plugin README and bump to v1.0.3	2026-02-07 15:20:20 -08:00
Zhizhen He	38796b1833	feat: add delete folder and copy id actions to folder settings (#380 )	2026-02-07 08:48:38 -08:00
dependabot[bot]	49ffa6fc45	Bump bytes from 1.10.1 to 1.11.1 (#379 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-07 08:48:03 -08:00
Brijmohan Siyag	1f56ba2eb6	Fix text input autocomplete not working with completionOptions (#368 )	2026-02-07 08:47:50 -08:00
Gregory Schier	f98a70ecb4	Add dynamic() support to prompt.form() plugin API (#386 )	2026-02-07 08:09:40 -08:00
dependabot[bot]	2984eb40c9	Bump time from 0.3.41 to 0.3.47 (#385 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-05 16:50:40 -08:00
Gregory Schier	cc5d4742f0	Don't select current request by default for response chaining	2026-02-05 13:08:08 -08:00
Gregory Schier	5b8e4b98a0	Use "send" preview mode for copy-as-curl	2026-02-05 08:31:28 -08:00
Gregory Schier	8637c90a21	Fix CSV responses ignoring raw view mode	2026-02-05 07:57:12 -08:00
dependabot[bot]	b88c5e71a0	Bump @modelcontextprotocol/sdk from 1.25.2 to 1.26.0 (#383 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-04 16:54:01 -08:00
dependabot[bot]	1899d512ab	Bump git2 from 0.20.2 to 0.20.4 (#384 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-04 16:53:50 -08:00
Gregory Schier	7c31718f5e	Git Improvements (#382 )	2026-02-04 11:46:04 -08:00
Gregory Schier	8f1463e5d0	More cleanup	2026-02-04 06:45:55 -08:00
Gregory Schier	0dc8807808	Cleanup more unused functions	2026-02-04 06:44:13 -08:00
Gregory Schier	f24a159b8a	Clean up unused functions	2026-02-04 06:28:45 -08:00
Zhizhen He	0b91d3aaff	feat: add breadcrumbs to folder setting (#296 )	2026-02-03 07:40:24 -08:00
Gregory Schier	431dc1c896	Adjust dev menu	2026-02-02 17:58:58 -08:00
Gregory Schier	bc8277b56b	Fix header behavior on cross-origin redirects (#378 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-02 17:58:27 -08:00
gschier	0afed185d9	Deploying to main from @ mountain-loop/yaak@55cee00601 🚀	2026-02-02 15:46:27 +00:00
Gregory Schier	55cee00601	More reliable plugin runtime kill	2026-02-02 07:45:19 -08:00
Gregory Schier	b41a8e04cb	Graceful oauth server shutdown	2026-02-02 07:31:55 -08:00
Gregory Schier	eff4519d91	Have cancellation work before the request is sent	2026-02-02 07:09:48 -08:00