Add MCP client plan

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add CLI command architecture plan
2026-02-14 22:57:47 +01:00 · 2026-02-08 17:15:25 -08:00 · 2026-02-08 08:02:34 -08:00 · 2026-02-07 15:20:20 -08:00 · 2026-02-07 08:48:38 -08:00 · 2026-02-07 08:48:03 -08:00
169 changed files with 6100 additions and 1806 deletions
--- a/.claude/commands/release/generate-release-notes.md
+++ b/.claude/commands/release/generate-release-notes.md
@@ -37,3 +37,11 @@ The skill generates markdown-formatted release notes following this structure:

 **IMPORTANT**: Always add a blank lines around the markdown code fence and output the markdown code block last
 **IMPORTANT**: PRs by `@gschier` should not mention the @username
+
+## After Generating Release Notes
+
+After outputting the release notes, ask the user if they would like to create a draft GitHub release with these notes. If they confirm, create the release using:
+
+```bash
+gh release create <tag> --draft --prerelease --title "<tag>" --notes '<release notes>'
+```
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -89,6 +89,8 @@ jobs:

      - run: npm ci
      - run: npm run bootstrap
+        env:
+          YAAK_TARGET_ARCH: ${{ matrix.yaak_arch }}
      - run: npm run lint
      - name: Run JS Tests
        run: npm test
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -689,9 +689,9 @@ checksum = "8f1fe948ff07f4bd06c30984e69f5b4899c516a3ef74f34df92a2df2ab535495"

 [[package]]
 name = "bytes"
-version = "1.10.1"
+version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
+checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
 dependencies = [
 "serde",
 ]
@@ -1316,12 +1316,12 @@ checksum = "da692b8d1080ea3045efaab14434d40468c3d8657e42abddfffca87b428f4c1b"

 [[package]]
 name = "deranged"
-version = "0.4.0"
+version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c9e6a11ca8224451684bc0d7d5a7adbf8f2fd6887261a1cfc3c0432f9d4068e"
+checksum = "ececcb659e7ba858fb4f10388c250a7252eb0a27373f1a72b8748afdd248e587"
 dependencies = [
 "powerfmt",
- "serde",
+ "serde_core",
 ]

 [[package]]
@@ -2136,9 +2136,9 @@ dependencies = [

 [[package]]
 name = "git2"
-version = "0.20.2"
+version = "0.20.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2deb07a133b1520dc1a5690e9bd08950108873d7ed5de38dcc74d3b5ebffa110"
+checksum = "7b88256088d75a56f8ecfa070513a775dd9107f6530ef14919dac831af9cfe2b"
 dependencies = [
 "bitflags 2.9.1",
 "libc",
@@ -3036,9 +3036,9 @@ dependencies = [

 [[package]]
 name = "libgit2-sys"
-version = "0.18.1+1.9.0"
+version = "0.18.3+1.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e1dcb20f84ffcdd825c7a311ae347cce604a6f084a767dec4a4929829645290e"
+checksum = "c9b3acc4b91781bb0b3386669d325163746af5f6e4f73e6d2d630e09a35f3487"
 dependencies = [
 "cc",
 "libc",
@@ -3446,9 +3446,9 @@ checksum = "5e0826a989adedc2a244799e823aece04662b66609d96af8dff7ac6df9a8925d"

 [[package]]
 name = "num-conv"
-version = "0.1.0"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
+checksum = "cf97ec579c3c42f953ef76dbf8d55ac91fb219dde70e49aa4a6b7d74e9919050"

 [[package]]
 name = "num-traits"
@@ -6341,9 +6341,9 @@ dependencies = [

 [[package]]
 name = "time"
-version = "0.3.41"
+version = "0.3.47"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40"
+checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
 dependencies = [
 "deranged",
 "itoa",
@@ -6351,22 +6351,22 @@ dependencies = [
 "num-conv",
 "num_threads",
 "powerfmt",
- "serde",
+ "serde_core",
 "time-core",
 "time-macros",
 ]

 [[package]]
 name = "time-core"
-version = "0.1.4"
+version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c"
+checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca"

 [[package]]
 name = "time-macros"
-version = "0.2.22"
+version = "0.2.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49"
+checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215"
 dependencies = [
 "num-conv",
 "time-core",
--- a/MCP_CLIENT_PLAN.md
+++ b/MCP_CLIENT_PLAN.md
@@ -0,0 +1,27 @@
+# MCP Client Plan
+
+## Goal
+Add an MCP client mode to Yaak so users can connect to and debug MCP servers.
+
+## Core Design
+- **Protocol layer:** Implement JSON‑RPC framing, message IDs, and notifications as the common core.
+- **Transport interface:** Define an async trait with `connect`, `send`, `receive`, and `close` methods.
+- **Transports:**
+  - Start with **Standard I/O** for local development.
+  - Reuse the existing HTTP stack for **HTTP streaming** next.
+  - Leave hooks for **WebSocket** support later.
+
+## Integration
+- Register MCP as a new request type alongside REST, GraphQL, gRPC, and WebSocket.
+- Allow per‑request transport selection (stdio or HTTP).
+- Map inbound messages into a new MCP response model that feeds existing timeline and debug views.
+
+## Testing and Dog‑fooding
+- Convert Yaak's own MCP server to Standard I/O for local testing.
+- Use it internally to validate protocol behavior and message flow.
+- Add unit and integration tests for JSON‑RPC messaging and transport abstractions.
+
+## Future Refinements
+- Add WebSocket transport support once core paths are stable.
+- Extend timelines for protocol‑level visualization layered over raw transport events.
+- Implement version and capability negotiation between client and server.
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 <p align="center">
  <a href="https://github.com/JamesIves/github-sponsors-readme-action">
-    <img width="200px" src="https://github.com/mountain-loop/yaak/raw/main/src-tauri/icons/icon.png">
+    <img width="200px" src="https://github.com/mountain-loop/yaak/raw/main/crates-tauri/yaak-app/icons/icon.png">
  </a>
 </p>

@@ -22,7 +22,7 @@
  <!-- sponsors-premium --><a href="https://github.com/MVST-Solutions"><img src="https:&#x2F;&#x2F;github.com&#x2F;MVST-Solutions.png" width="80px" alt="User avatar: MVST-Solutions" /></a>&nbsp;&nbsp;<a href="https://github.com/dharsanb"><img src="https:&#x2F;&#x2F;github.com&#x2F;dharsanb.png" width="80px" alt="User avatar: dharsanb" /></a>&nbsp;&nbsp;<a href="https://github.com/railwayapp"><img src="https:&#x2F;&#x2F;github.com&#x2F;railwayapp.png" width="80px" alt="User avatar: railwayapp" /></a>&nbsp;&nbsp;<a href="https://github.com/caseyamcl"><img src="https:&#x2F;&#x2F;github.com&#x2F;caseyamcl.png" width="80px" alt="User avatar: caseyamcl" /></a>&nbsp;&nbsp;<a href="https://github.com/bytebase"><img src="https:&#x2F;&#x2F;github.com&#x2F;bytebase.png" width="80px" alt="User avatar: bytebase" /></a>&nbsp;&nbsp;<a href="https://github.com/"><img src="https:&#x2F;&#x2F;raw.githubusercontent.com&#x2F;JamesIves&#x2F;github-sponsors-readme-action&#x2F;dev&#x2F;.github&#x2F;assets&#x2F;placeholder.png" width="80px" alt="User avatar: " /></a>&nbsp;&nbsp;<!-- sponsors-premium -->
 </p>
 <p align="center">
-  <!-- sponsors-base --><a href="https://github.com/seanwash"><img src="https:&#x2F;&#x2F;github.com&#x2F;seanwash.png" width="50px" alt="User avatar: seanwash" /></a>&nbsp;&nbsp;<a href="https://github.com/jerath"><img src="https:&#x2F;&#x2F;github.com&#x2F;jerath.png" width="50px" alt="User avatar: jerath" /></a>&nbsp;&nbsp;<a href="https://github.com/itsa-sh"><img src="https:&#x2F;&#x2F;github.com&#x2F;itsa-sh.png" width="50px" alt="User avatar: itsa-sh" /></a>&nbsp;&nbsp;<a href="https://github.com/dmmulroy"><img src="https:&#x2F;&#x2F;github.com&#x2F;dmmulroy.png" width="50px" alt="User avatar: dmmulroy" /></a>&nbsp;&nbsp;<a href="https://github.com/timcole"><img src="https:&#x2F;&#x2F;github.com&#x2F;timcole.png" width="50px" alt="User avatar: timcole" /></a>&nbsp;&nbsp;<a href="https://github.com/VLZH"><img src="https:&#x2F;&#x2F;github.com&#x2F;VLZH.png" width="50px" alt="User avatar: VLZH" /></a>&nbsp;&nbsp;<a href="https://github.com/terasaka2k"><img src="https:&#x2F;&#x2F;github.com&#x2F;terasaka2k.png" width="50px" alt="User avatar: terasaka2k" /></a>&nbsp;&nbsp;<a href="https://github.com/andriyor"><img src="https:&#x2F;&#x2F;github.com&#x2F;andriyor.png" width="50px" alt="User avatar: andriyor" /></a>&nbsp;&nbsp;<a href="https://github.com/majudhu"><img src="https:&#x2F;&#x2F;github.com&#x2F;majudhu.png" width="50px" alt="User avatar: majudhu" /></a>&nbsp;&nbsp;<a href="https://github.com/axelrindle"><img src="https:&#x2F;&#x2F;github.com&#x2F;axelrindle.png" width="50px" alt="User avatar: axelrindle" /></a>&nbsp;&nbsp;<a href="https://github.com/jirizverina"><img src="https:&#x2F;&#x2F;github.com&#x2F;jirizverina.png" width="50px" alt="User avatar: jirizverina" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="50px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/GRAYAH"><img src="https:&#x2F;&#x2F;github.com&#x2F;GRAYAH.png" width="50px" alt="User avatar: GRAYAH" /></a>&nbsp;&nbsp;<!-- sponsors-base -->
+  <!-- sponsors-base --><a href="https://github.com/seanwash"><img src="https:&#x2F;&#x2F;github.com&#x2F;seanwash.png" width="50px" alt="User avatar: seanwash" /></a>&nbsp;&nbsp;<a href="https://github.com/jerath"><img src="https:&#x2F;&#x2F;github.com&#x2F;jerath.png" width="50px" alt="User avatar: jerath" /></a>&nbsp;&nbsp;<a href="https://github.com/itsa-sh"><img src="https:&#x2F;&#x2F;github.com&#x2F;itsa-sh.png" width="50px" alt="User avatar: itsa-sh" /></a>&nbsp;&nbsp;<a href="https://github.com/dmmulroy"><img src="https:&#x2F;&#x2F;github.com&#x2F;dmmulroy.png" width="50px" alt="User avatar: dmmulroy" /></a>&nbsp;&nbsp;<a href="https://github.com/timcole"><img src="https:&#x2F;&#x2F;github.com&#x2F;timcole.png" width="50px" alt="User avatar: timcole" /></a>&nbsp;&nbsp;<a href="https://github.com/VLZH"><img src="https:&#x2F;&#x2F;github.com&#x2F;VLZH.png" width="50px" alt="User avatar: VLZH" /></a>&nbsp;&nbsp;<a href="https://github.com/terasaka2k"><img src="https:&#x2F;&#x2F;github.com&#x2F;terasaka2k.png" width="50px" alt="User avatar: terasaka2k" /></a>&nbsp;&nbsp;<a href="https://github.com/andriyor"><img src="https:&#x2F;&#x2F;github.com&#x2F;andriyor.png" width="50px" alt="User avatar: andriyor" /></a>&nbsp;&nbsp;<a href="https://github.com/majudhu"><img src="https:&#x2F;&#x2F;github.com&#x2F;majudhu.png" width="50px" alt="User avatar: majudhu" /></a>&nbsp;&nbsp;<a href="https://github.com/axelrindle"><img src="https:&#x2F;&#x2F;github.com&#x2F;axelrindle.png" width="50px" alt="User avatar: axelrindle" /></a>&nbsp;&nbsp;<a href="https://github.com/jirizverina"><img src="https:&#x2F;&#x2F;github.com&#x2F;jirizverina.png" width="50px" alt="User avatar: jirizverina" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="50px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/GRAYAH"><img src="https:&#x2F;&#x2F;github.com&#x2F;GRAYAH.png" width="50px" alt="User avatar: GRAYAH" /></a>&nbsp;&nbsp;<a href="https://github.com/flashblaze"><img src="https:&#x2F;&#x2F;github.com&#x2F;flashblaze.png" width="50px" alt="User avatar: flashblaze" /></a>&nbsp;&nbsp;<!-- sponsors-base -->
 </p>

 ![Yaak API Client](https://yaak.app/static/screenshot.png)
@@ -64,7 +64,7 @@ visit [`DEVELOPMENT.md`](DEVELOPMENT.md) for tips on setting up your environment
 ## Useful Resources

 - [Feedback and Bug Reports](https://feedback.yaak.app)
- [Documentation](https://feedback.yaak.app/help)
+- [Documentation](https://yaak.app/docs)
 - [Yaak vs Postman](https://yaak.app/alternatives/postman)
 - [Yaak vs Bruno](https://yaak.app/alternatives/bruno)
 - [Yaak vs Insomnia](https://yaak.app/alternatives/insomnia)
--- a/crates-cli/yaak-cli/PLAN.md
+++ b/crates-cli/yaak-cli/PLAN.md
@@ -0,0 +1,198 @@
+# CLI Command Architecture Plan
+
+## Goal
+
+Redesign the yaak-cli command structure to use a resource-oriented `<resource> <action>`
+pattern that scales well, is discoverable, and supports both human and LLM workflows.
+
+## Command Architecture
+
+### Design Principles
+
+- **Resource-oriented**: top-level commands are nouns, subcommands are verbs
+- **Polymorphic requests**: `request` covers HTTP, gRPC, and WebSocket — the CLI
+  resolves the type via `get_any_request` and adapts behavior accordingly
+- **Simple creation, full-fidelity via JSON**: human-friendly flags for basic creation,
+  `--json` for full control (targeted at LLM and scripting workflows)
+- **Runtime schema introspection**: `request schema` outputs JSON Schema for the request
+  models, with dynamic auth fields populated from loaded plugins at runtime
+- **Destructive actions require confirmation**: `delete` commands prompt for user
+  confirmation before proceeding. Can be bypassed with `--yes` / `-y` for scripting
+
+### Commands
+
+```
+# Top-level shortcut
+yaakcli send <id> [-e <env_id>]          # id can be a request, folder, or workspace
+
+# Resource commands
+yaakcli workspace list
+yaakcli workspace show <id>
+yaakcli workspace create --name <name>
+yaakcli workspace create --json '{"name": "My Workspace"}'
+yaakcli workspace create '{"name": "My Workspace"}'              # positional JSON shorthand
+yaakcli workspace update --json '{"id": "wk_abc", "name": "New Name"}'
+yaakcli workspace delete <id>
+
+yaakcli request list <workspace_id>
+yaakcli request show <id>
+yaakcli request create <workspace_id> --name <name> --url <url> [--method GET]
+yaakcli request create --json '{"workspaceId": "wk_abc", "url": "..."}'
+yaakcli request update --json '{"id": "rq_abc", "url": "https://new.com"}'
+yaakcli request send <id> [-e <env_id>]
+yaakcli request delete <id>
+yaakcli request schema <http|grpc|websocket>
+
+yaakcli folder list <workspace_id>
+yaakcli folder show <id>
+yaakcli folder create <workspace_id> --name <name>
+yaakcli folder create --json '{"workspaceId": "wk_abc", "name": "Auth"}'
+yaakcli folder update --json '{"id": "fl_abc", "name": "New Name"}'
+yaakcli folder delete <id>
+
+yaakcli environment list <workspace_id>
+yaakcli environment show <id>
+yaakcli environment create <workspace_id> --name <name>
+yaakcli environment create --json '{"workspaceId": "wk_abc", "name": "Production"}'
+yaakcli environment update --json '{"id": "ev_abc", ...}'
+yaakcli environment delete <id>
+
+```
+
+### `send` — Top-Level Shortcut
+
+`yaakcli send <id>` is a convenience alias that accepts any sendable ID. It tries
+each type in order via DB lookups (short-circuiting on first match):
+
+1. Request (HTTP, gRPC, or WebSocket via `get_any_request`)
+2. Folder (sends all requests in the folder)
+3. Workspace (sends all requests in the workspace)
+
+ID prefixes exist (e.g. `rq_`, `fl_`, `wk_`) but are not relied upon — resolution
+is purely by DB lookup.
+
+`request send <id>` is the same but restricted to request IDs only.
+
+### Request Send — Polymorphic Behavior
+
+`send` means "execute this request" regardless of protocol:
+
+- **HTTP**: send request, print response, exit
+- **gRPC**: invoke the method; for streaming, stream output to stdout until done/Ctrl+C
+- **WebSocket**: connect, stream messages to stdout until closed/Ctrl+C
+
+### `request schema` — Runtime JSON Schema
+
+Outputs a JSON Schema describing the full request shape, including dynamic fields:
+
+1. Generate base schema from `schemars::JsonSchema` derive on the Rust model structs
+2. Load plugins, collect auth strategy definitions and their form inputs
+3. Merge plugin-defined auth fields into the `authentication` property as a `oneOf`
+4. Output the combined schema as JSON
+
+This lets an LLM call `schema`, read the shape, and construct valid JSON for
+`create --json` or `update --json`.
+
+## Implementation Steps
+
+### Phase 1: Restructure commands (no new functionality)
+
+Refactor `main.rs` into the new resource/action pattern using clap subcommand nesting.
+Existing behavior stays the same, just reorganized. Remove the `get` command.
+
+1. Create module structure: `commands/workspace.rs`, `commands/request.rs`, etc.
+2. Define nested clap enums:
+   ```rust
+   enum Commands {
+       Send(SendArgs),
+       Workspace(WorkspaceArgs),
+       Request(RequestArgs),
+       Folder(FolderArgs),
+       Environment(EnvironmentArgs),
+   }
+   ```
+3. Move existing `Workspaces` logic into `workspace list`
+4. Move existing `Requests` logic into `request list`
+5. Move existing `Send` logic into `request send`
+6. Move existing `Create` logic into `request create`
+7. Delete the `Get` command entirely
+8. Extract shared setup (DB init, plugin init, encryption) into a reusable context struct
+
+### Phase 2: Add missing CRUD commands
+
+1. `workspace show <id>`
+2. `workspace create --name <name>` (and `--json`)
+3. `workspace update --json`
+4. `workspace delete <id>`
+5. `request show <id>` (JSON output of the full request model)
+6. `request delete <id>`
+7. `folder list <workspace_id>`
+8. `folder show <id>`
+9. `folder create <workspace_id> --name <name>` (and `--json`)
+10. `folder update --json`
+11. `folder delete <id>`
+12. `environment list <workspace_id>`
+13. `environment show <id>`
+14. `environment create <workspace_id> --name <name>` (and `--json`)
+15. `environment update --json`
+16. `environment delete <id>`
+
+### Phase 3: JSON input for create/update
+
+Both commands accept JSON via `--json <string>` or as a positional argument (detected
+by leading `{`). They follow the same upsert pattern as the plugin API.
+
+- **`create --json`**: JSON must include `workspaceId`. Must NOT include `id` (or
+  use empty string `""`). Deserializes into the model with defaults for missing fields,
+  then upserts (insert).
+- **`update --json`**: JSON must include `id`. Performs a fetch-merge-upsert:
+  1. Fetch the existing model from DB
+  2. Serialize it to `serde_json::Value`
+  3. Deep-merge the user's partial JSON on top (JSON Merge Patch / RFC 7386 semantics)
+  4. Deserialize back into the typed model
+  5. Upsert (update)
+
+  This matches how the MCP server plugin already does it (fetch existing, spread, override),
+  but the CLI handles the merge server-side so callers don't have to.
+
+  Setting a field to `null` removes it (for `Option<T>` fields), per RFC 7386.
+
+Implementation:
+1. Add `--json` flag and positional JSON detection to `create` commands
+2. Add `update` commands with required `--json` flag
+3. Implement JSON merge utility (or use `json-patch` crate)
+
+### Phase 4: Runtime schema generation
+
+1. Add `schemars` dependency to `yaak-models`
+2. Derive `JsonSchema` on `HttpRequest`, `GrpcRequest`, `WebsocketRequest`, and their
+   nested types (`HttpRequestHeader`, `HttpUrlParameter`, etc.)
+3. Implement `request schema` command:
+   - Generate base schema from schemars
+   - Query plugins for auth strategy form inputs
+   - Convert plugin form inputs into JSON Schema properties
+   - Merge into the `authentication` field
+   - Print to stdout
+
+### Phase 5: Polymorphic send
+
+1. Update `request send` to use `get_any_request` to resolve the request type
+2. Match on `AnyRequest` variant and dispatch to the appropriate sender:
+   - `AnyRequest::HttpRequest` — existing HTTP send logic
+   - `AnyRequest::GrpcRequest` — gRPC invoke (future implementation)
+   - `AnyRequest::WebsocketRequest` — WebSocket connect (future implementation)
+3. gRPC and WebSocket send can initially return "not yet implemented" errors
+
+### Phase 6: Top-level `send` and folder/workspace send
+
+1. Add top-level `yaakcli send <id>` command
+2. Resolve ID by trying DB lookups in order: any_request → folder → workspace
+3. For folder: list all requests in folder, send each
+4. For workspace: list all requests in workspace, send each
+5. Add execution options: `--sequential` (default), `--parallel`, `--fail-fast`
+
+## Crate Changes
+
+- **yaak-cli**: restructure into modules, new clap hierarchy
+- **yaak-models**: add `schemars` dependency, derive `JsonSchema` on model structs
+  (current derives: `Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS`)
--- a/crates-cli/yaak-cli/src/main.rs
+++ b/crates-cli/yaak-cli/src/main.rs
@@ -15,7 +15,7 @@ use yaak_models::util::UpdateSource;
 use yaak_plugins::events::{PluginContext, RenderPurpose};
 use yaak_plugins::manager::PluginManager;
 use yaak_plugins::template_callback::PluginTemplateCallback;
-use yaak_templates::{parse_and_render, render_json_value_raw, RenderOptions};
+use yaak_templates::{RenderOptions, parse_and_render, render_json_value_raw};

 #[derive(Parser)]
 #[command(name = "yaakcli")]
@@ -149,14 +149,7 @@ async fn render_http_request(
    // Apply path placeholders (e.g., /users/:id -> /users/123)
    let (url, url_parameters) = apply_path_placeholders(&url, &url_parameters);

-    Ok(HttpRequest {
-        url,
-        url_parameters,
-        headers,
-        body,
-        authentication,
-        ..r.to_owned()
-    })
+    Ok(HttpRequest { url, url_parameters, headers, body, authentication, ..r.to_owned() })
 }

 #[tokio::main]
@@ -169,16 +162,10 @@ async fn main() {
    }

    // Use the same app_id for both data directory and keyring
-    let app_id = if cfg!(debug_assertions) {
-        "app.yaak.desktop.dev"
-    } else {
-        "app.yaak.desktop"
-    };
+    let app_id = if cfg!(debug_assertions) { "app.yaak.desktop.dev" } else { "app.yaak.desktop" };

    let data_dir = cli.data_dir.unwrap_or_else(|| {
-        dirs::data_dir()
-            .expect("Could not determine data directory")
-            .join(app_id)
+        dirs::data_dir().expect("Could not determine data directory").join(app_id)
    });

    let db_path = data_dir.join("db.sqlite");
@@ -191,9 +178,7 @@ async fn main() {

    // Initialize encryption manager for secure() template function
    // Use the same app_id as the Tauri app for keyring access
-    let encryption_manager = Arc::new(
-        EncryptionManager::new(query_manager.clone(), app_id),
-    );
+    let encryption_manager = Arc::new(EncryptionManager::new(query_manager.clone(), app_id));

    // Initialize plugin manager for template functions
    let vendored_plugin_dir = data_dir.join("vendored-plugins");
@@ -203,9 +188,8 @@ async fn main() {
    let node_bin_path = PathBuf::from("node");

    // Find the plugin runtime - check YAAK_PLUGIN_RUNTIME env var, then fallback to development path
-    let plugin_runtime_main = std::env::var("YAAK_PLUGIN_RUNTIME")
-        .map(PathBuf::from)
-        .unwrap_or_else(|_| {
+    let plugin_runtime_main =
+        std::env::var("YAAK_PLUGIN_RUNTIME").map(PathBuf::from).unwrap_or_else(|_| {
            // Development fallback: look relative to crate root
            PathBuf::from(env!("CARGO_MANIFEST_DIR"))
                .join("../../crates-tauri/yaak-app/vendored/plugin-runtime/index.cjs")
@@ -226,14 +210,10 @@ async fn main() {
    // Initialize plugins from database
    let plugins = db.list_plugins().unwrap_or_default();
    if !plugins.is_empty() {
-        let errors = plugin_manager
-            .initialize_all_plugins(plugins, &PluginContext::new_empty())
-            .await;
+        let errors =
+            plugin_manager.initialize_all_plugins(plugins, &PluginContext::new_empty()).await;
        for (plugin_dir, error_msg) in errors {
-            eprintln!(
-                "Warning: Failed to initialize plugin '{}': {}",
-                plugin_dir, error_msg
-            );
+            eprintln!("Warning: Failed to initialize plugin '{}': {}", plugin_dir, error_msg);
        }
    }

@@ -249,9 +229,7 @@ async fn main() {
            }
        }
        Commands::Requests { workspace_id } => {
-            let requests = db
-                .list_http_requests(&workspace_id)
-                .expect("Failed to list requests");
+            let requests = db.list_http_requests(&workspace_id).expect("Failed to list requests");
            if requests.is_empty() {
                println!("No requests found in workspace {}", workspace_id);
            } else {
@@ -261,9 +239,7 @@ async fn main() {
            }
        }
        Commands::Send { request_id } => {
-            let request = db
-                .get_http_request(&request_id)
-                .expect("Failed to get request");
+            let request = db.get_http_request(&request_id).expect("Failed to get request");

            // Resolve environment chain for variable substitution
            let environment_chain = db
@@ -318,18 +294,13 @@ async fn main() {
                }))
            } else {
                // Drain events silently
-                tokio::spawn(async move {
-                    while event_rx.recv().await.is_some() {}
-                });
+                tokio::spawn(async move { while event_rx.recv().await.is_some() {} });
                None
            };

            // Send the request
            let sender = ReqwestSender::new().expect("Failed to create HTTP client");
-            let response = sender
-                .send(sendable, event_tx)
-                .await
-                .expect("Failed to send request");
+            let response = sender.send(sendable, event_tx).await.expect("Failed to send request");

            // Wait for event handler to finish
            if let Some(handle) = verbose_handle {
@@ -383,18 +354,13 @@ async fn main() {
                    }
                }))
            } else {
-                tokio::spawn(async move {
-                    while event_rx.recv().await.is_some() {}
-                });
+                tokio::spawn(async move { while event_rx.recv().await.is_some() {} });
                None
            };

            // Send the request
            let sender = ReqwestSender::new().expect("Failed to create HTTP client");
-            let response = sender
-                .send(sendable, event_tx)
-                .await
-                .expect("Failed to send request");
+            let response = sender.send(sendable, event_tx).await.expect("Failed to send request");

            if let Some(handle) = verbose_handle {
                let _ = handle.await;
@@ -421,12 +387,7 @@ async fn main() {
            let (body, _stats) = response.text().await.expect("Failed to read response body");
            println!("{}", body);
        }
-        Commands::Create {
-            workspace_id,
-            name,
-            method,
-            url,
-        } => {
+        Commands::Create { workspace_id, name, method, url } => {
            let request = HttpRequest {
                workspace_id,
                name,
--- a/crates-tauri/yaak-app/src/commands.rs
+++ b/crates-tauri/yaak-app/src/commands.rs
@@ -1,9 +1,10 @@
-use crate::error::Result;
 use crate::PluginContextExt;
+use crate::error::Result;
 use std::sync::Arc;
 use tauri::{AppHandle, Manager, Runtime, State, WebviewWindow, command};
-use tauri_plugin_dialog::{DialogExt, MessageDialogKind};
 use yaak_crypto::manager::EncryptionManager;
+use yaak_models::models::HttpRequestHeader;
+use yaak_models::queries::workspaces::default_headers;
 use yaak_plugins::events::GetThemesResponse;
 use yaak_plugins::manager::PluginManager;
 use yaak_plugins::native_template_functions::{
@@ -21,20 +22,6 @@ impl<'a, R: Runtime, M: Manager<R>> EncryptionManagerExt<'a, R> for M {
    }
 }

-#[command]
-pub(crate) async fn cmd_show_workspace_key<R: Runtime>(
-    window: WebviewWindow<R>,
-    workspace_id: &str,
-) -> Result<()> {
-    let key = window.crypto().reveal_workspace_key(workspace_id)?;
-    window
-        .dialog()
-        .message(format!("Your workspace key is \n\n{}", key))
-        .kind(MessageDialogKind::Info)
-        .show(|_v| {});
-    Ok(())
-}
-
 #[command]
 pub(crate) async fn cmd_decrypt_template<R: Runtime>(
    window: WebviewWindow<R>,
@@ -54,7 +41,12 @@ pub(crate) async fn cmd_secure_template<R: Runtime>(
    let plugin_manager = Arc::new((*app_handle.state::<PluginManager>()).clone());
    let encryption_manager = Arc::new((*app_handle.state::<EncryptionManager>()).clone());
    let plugin_context = window.plugin_context();
-    Ok(encrypt_secure_template_function(plugin_manager, encryption_manager, &plugin_context, template)?)
+    Ok(encrypt_secure_template_function(
+        plugin_manager,
+        encryption_manager,
+        &plugin_context,
+        template,
+    )?)
 }

 #[command]
@@ -92,3 +84,17 @@ pub(crate) async fn cmd_set_workspace_key<R: Runtime>(
    window.crypto().set_human_key(workspace_id, key)?;
    Ok(())
 }
+
+#[command]
+pub(crate) async fn cmd_disable_encryption<R: Runtime>(
+    window: WebviewWindow<R>,
+    workspace_id: &str,
+) -> Result<()> {
+    window.crypto().disable_encryption(workspace_id)?;
+    Ok(())
+}
+
+#[command]
+pub(crate) fn cmd_default_headers() -> Vec<HttpRequestHeader> {
+    default_headers()
+}
--- a/crates-tauri/yaak-app/src/git_ext.rs
+++ b/crates-tauri/yaak-app/src/git_ext.rs
@@ -6,32 +6,47 @@ use crate::error::Result;
 use std::path::{Path, PathBuf};
 use tauri::command;
 use yaak_git::{
-    GitCommit, GitRemote, GitStatusSummary, PullResult, PushResult, git_add, git_add_credential,
-    git_add_remote, git_checkout_branch, git_commit, git_create_branch, git_delete_branch,
-    git_fetch_all, git_init, git_log, git_merge_branch, git_pull, git_push, git_remotes,
-    git_rm_remote, git_status, git_unstage,
+    BranchDeleteResult, CloneResult, GitCommit, GitRemote, GitStatusSummary, PullResult,
+    PushResult, git_add, git_add_credential, git_add_remote, git_checkout_branch, git_clone,
+    git_commit, git_create_branch, git_delete_branch, git_delete_remote_branch, git_fetch_all,
+    git_init, git_log, git_merge_branch, git_pull, git_pull_force_reset, git_pull_merge, git_push,
+    git_remotes, git_rename_branch, git_reset_changes, git_rm_remote, git_status, git_unstage,
 };

 // NOTE: All of these commands are async to prevent blocking work from locking up the UI

 #[command]
 pub async fn cmd_git_checkout(dir: &Path, branch: &str, force: bool) -> Result<String> {
-    Ok(git_checkout_branch(dir, branch, force)?)
+    Ok(git_checkout_branch(dir, branch, force).await?)
 }

 #[command]
-pub async fn cmd_git_branch(dir: &Path, branch: &str) -> Result<()> {
-    Ok(git_create_branch(dir, branch)?)
+pub async fn cmd_git_branch(dir: &Path, branch: &str, base: Option<&str>) -> Result<()> {
+    Ok(git_create_branch(dir, branch, base).await?)
 }

 #[command]
-pub async fn cmd_git_delete_branch(dir: &Path, branch: &str) -> Result<()> {
-    Ok(git_delete_branch(dir, branch)?)
+pub async fn cmd_git_delete_branch(
+    dir: &Path,
+    branch: &str,
+    force: Option<bool>,
+) -> Result<BranchDeleteResult> {
+    Ok(git_delete_branch(dir, branch, force.unwrap_or(false)).await?)
 }

 #[command]
-pub async fn cmd_git_merge_branch(dir: &Path, branch: &str, force: bool) -> Result<()> {
-    Ok(git_merge_branch(dir, branch, force)?)
+pub async fn cmd_git_delete_remote_branch(dir: &Path, branch: &str) -> Result<()> {
+    Ok(git_delete_remote_branch(dir, branch).await?)
+}
+
+#[command]
+pub async fn cmd_git_merge_branch(dir: &Path, branch: &str) -> Result<()> {
+    Ok(git_merge_branch(dir, branch).await?)
+}
+
+#[command]
+pub async fn cmd_git_rename_branch(dir: &Path, old_name: &str, new_name: &str) -> Result<()> {
+    Ok(git_rename_branch(dir, old_name, new_name).await?)
 }

 #[command]
@@ -49,6 +64,11 @@ pub async fn cmd_git_initialize(dir: &Path) -> Result<()> {
    Ok(git_init(dir)?)
 }

+#[command]
+pub async fn cmd_git_clone(url: &str, dir: &Path) -> Result<CloneResult> {
+    Ok(git_clone(url, dir).await?)
+}
+
 #[command]
 pub async fn cmd_git_commit(dir: &Path, message: &str) -> Result<()> {
    Ok(git_commit(dir, message).await?)
@@ -69,6 +89,20 @@ pub async fn cmd_git_pull(dir: &Path) -> Result<PullResult> {
    Ok(git_pull(dir).await?)
 }

+#[command]
+pub async fn cmd_git_pull_force_reset(
+    dir: &Path,
+    remote: &str,
+    branch: &str,
+) -> Result<PullResult> {
+    Ok(git_pull_force_reset(dir, remote, branch).await?)
+}
+
+#[command]
+pub async fn cmd_git_pull_merge(dir: &Path, remote: &str, branch: &str) -> Result<PullResult> {
+    Ok(git_pull_merge(dir, remote, branch).await?)
+}
+
 #[command]
 pub async fn cmd_git_add(dir: &Path, rela_paths: Vec<PathBuf>) -> Result<()> {
    for path in rela_paths {
@@ -85,14 +119,18 @@ pub async fn cmd_git_unstage(dir: &Path, rela_paths: Vec<PathBuf>) -> Result<()>
    Ok(())
 }

+#[command]
+pub async fn cmd_git_reset_changes(dir: &Path) -> Result<()> {
+    Ok(git_reset_changes(dir).await?)
+}
+
 #[command]
 pub async fn cmd_git_add_credential(
-    dir: &Path,
    remote_url: &str,
    username: &str,
    password: &str,
 ) -> Result<()> {
-    Ok(git_add_credential(dir, remote_url, username, password).await?)
+    Ok(git_add_credential(remote_url, username, password).await?)
 }

 #[command]
--- a/crates-tauri/yaak-app/src/grpc.rs
+++ b/crates-tauri/yaak-app/src/grpc.rs
@@ -1,12 +1,12 @@
 use std::collections::BTreeMap;

-use crate::error::Result;
 use crate::PluginContextExt;
+use crate::error::Result;
+use crate::models_ext::QueryManagerExt;
 use KeyAndValueRef::{Ascii, Binary};
 use tauri::{Manager, Runtime, WebviewWindow};
 use yaak_grpc::{KeyAndValueRef, MetadataMap};
 use yaak_models::models::GrpcRequest;
-use crate::models_ext::QueryManagerExt;
 use yaak_plugins::events::{CallHttpAuthenticationRequest, HttpHeader};
 use yaak_plugins::manager::PluginManager;

--- a/crates-tauri/yaak-app/src/history.rs
+++ b/crates-tauri/yaak-app/src/history.rs
@@ -1,8 +1,8 @@
+use crate::models_ext::QueryManagerExt;
 use chrono::{NaiveDateTime, Utc};
 use log::debug;
 use std::sync::OnceLock;
 use tauri::{AppHandle, Runtime};
-use crate::models_ext::QueryManagerExt;
 use yaak_models::util::UpdateSource;

 const NAMESPACE: &str = "analytics";
--- a/crates-tauri/yaak-app/src/http_request.rs
+++ b/crates-tauri/yaak-app/src/http_request.rs
@@ -1,9 +1,13 @@
+use crate::PluginContextExt;
 use crate::error::Error::GenericError;
 use crate::error::Result;
+use crate::models_ext::BlobManagerExt;
+use crate::models_ext::QueryManagerExt;
 use crate::render::render_http_request;
 use log::{debug, warn};
 use std::pin::Pin;
 use std::sync::Arc;
+use std::sync::atomic::{AtomicI32, Ordering};
 use std::time::{Duration, Instant};
 use tauri::{AppHandle, Manager, Runtime, WebviewWindow};
 use tokio::fs::{File, create_dir_all};
@@ -15,22 +19,19 @@ use yaak_http::client::{
    HttpConnectionOptions, HttpConnectionProxySetting, HttpConnectionProxySettingAuth,
 };
 use yaak_http::cookies::CookieStore;
-use yaak_http::manager::HttpConnectionManager;
+use yaak_http::manager::{CachedClient, HttpConnectionManager};
 use yaak_http::sender::ReqwestSender;
 use yaak_http::tee_reader::TeeReader;
 use yaak_http::transaction::HttpTransaction;
 use yaak_http::types::{
    SendableBody, SendableHttpRequest, SendableHttpRequestOptions, append_query_params,
 };
-use crate::models_ext::BlobManagerExt;
 use yaak_models::blob_manager::BodyChunk;
 use yaak_models::models::{
    CookieJar, Environment, HttpRequest, HttpResponse, HttpResponseEvent, HttpResponseHeader,
    HttpResponseState, ProxySetting, ProxySettingAuth,
 };
-use crate::models_ext::QueryManagerExt;
 use yaak_models::util::UpdateSource;
-use crate::PluginContextExt;
 use yaak_plugins::events::{
    CallHttpAuthenticationRequest, HttpHeader, PluginContext, RenderPurpose,
 };
@@ -173,10 +174,22 @@ async fn send_http_request_inner<R: Runtime>(
    let environment_id = environment.map(|e| e.id);
    let workspace = window.db().get_workspace(workspace_id)?;
    let (resolved, auth_context_id) = resolve_http_request(window, unrendered_request)?;
-    let cb = PluginTemplateCallback::new(plugin_manager.clone(), encryption_manager.clone(), &plugin_context, RenderPurpose::Send);
+    let cb = PluginTemplateCallback::new(
+        plugin_manager.clone(),
+        encryption_manager.clone(),
+        &plugin_context,
+        RenderPurpose::Send,
+    );
    let env_chain =
        window.db().resolve_environments(&workspace.id, folder_id, environment_id.as_deref())?;
-    let request = render_http_request(&resolved, env_chain, &cb, &RenderOptions::throw()).await?;
+    let mut cancel_rx = cancelled_rx.clone();
+    let render_options = RenderOptions::throw();
+    let request = tokio::select! {
+        result = render_http_request(&resolved, env_chain, &cb, &render_options) => result?,
+        _ = cancel_rx.changed() => {
+            return Err(GenericError("Request canceled".to_string()));
+        }
+    };

    // Build the sendable request using the new SendableHttpRequest type
    let options = SendableHttpRequestOptions {
@@ -228,29 +241,36 @@ async fn send_http_request_inner<R: Runtime>(
        None => None,
    };

-    let client = connection_manager
+    let cached_client = connection_manager
        .get_client(&HttpConnectionOptions {
            id: plugin_context.id.clone(),
            validate_certificates: workspace.setting_validate_certificates,
            proxy: proxy_setting,
            client_certificate,
+            dns_overrides: workspace.setting_dns_overrides.clone(),
        })
        .await?;

-    // Apply authentication to the request
-    apply_authentication(
-        &window,
-        &mut sendable_request,
-        &request,
-        auth_context_id,
-        &plugin_manager,
-        plugin_context,
-    )
-    .await?;
+    // Apply authentication to the request, racing against cancellation since
+    // auth plugins (e.g. OAuth2) can block indefinitely waiting for user action.
+    let mut cancel_rx = cancelled_rx.clone();
+    tokio::select! {
+        result = apply_authentication(
+            &window,
+            &mut sendable_request,
+            &request,
+            auth_context_id,
+            &plugin_manager,
+            plugin_context,
+        ) => result?,
+        _ = cancel_rx.changed() => {
+            return Err(GenericError("Request canceled".to_string()));
+        }
+    };

    let cookie_store = maybe_cookie_store.as_ref().map(|(cs, _)| cs.clone());
    let result = execute_transaction(
-        client,
+        cached_client,
        sendable_request,
        response_ctx,
        cancelled_rx.clone(),
@@ -310,7 +330,7 @@ pub fn resolve_http_request<R: Runtime>(
 }

 async fn execute_transaction<R: Runtime>(
-    client: reqwest::Client,
+    cached_client: CachedClient,
    mut sendable_request: SendableHttpRequest,
    response_ctx: &mut ResponseContext<R>,
    mut cancelled_rx: Receiver<bool>,
@@ -321,7 +341,10 @@ async fn execute_transaction<R: Runtime>(
    let workspace_id = response_ctx.response().workspace_id.clone();
    let is_persisted = response_ctx.is_persisted();

-    let sender = ReqwestSender::with_client(client);
+    // Keep a reference to the resolver for DNS timing events
+    let resolver = cached_client.resolver.clone();
+
+    let sender = ReqwestSender::with_client(cached_client.client);
    let transaction = match cookie_store {
        Some(cs) => HttpTransaction::with_cookie_store(sender, cs),
        None => HttpTransaction::new(sender),
@@ -346,21 +369,39 @@ async fn execute_transaction<R: Runtime>(
    let (event_tx, mut event_rx) =
        tokio::sync::mpsc::channel::<yaak_http::sender::HttpResponseEvent>(100);

+    // Set the event sender on the DNS resolver so it can emit DNS timing events
+    resolver.set_event_sender(Some(event_tx.clone())).await;
+
+    // Shared state to capture DNS timing from the event processing task
+    let dns_elapsed = Arc::new(AtomicI32::new(0));
+
    // Write events to DB in a task (only for persisted responses)
    if is_persisted {
        let response_id = response_id.clone();
        let app_handle = app_handle.clone();
        let update_source = response_ctx.update_source.clone();
        let workspace_id = workspace_id.clone();
+        let dns_elapsed = dns_elapsed.clone();
        tokio::spawn(async move {
            while let Some(event) = event_rx.recv().await {
+                // Capture DNS timing when we see a DNS event
+                if let yaak_http::sender::HttpResponseEvent::DnsResolved { duration, .. } = &event {
+                    dns_elapsed.store(*duration as i32, Ordering::SeqCst);
+                }
                let db_event = HttpResponseEvent::new(&response_id, &workspace_id, event.into());
                let _ = app_handle.db().upsert_http_response_event(&db_event, &update_source);
            }
        });
    } else {
-        // For ephemeral responses, just drain the events
-        tokio::spawn(async move { while event_rx.recv().await.is_some() {} });
+        // For ephemeral responses, just drain the events but still capture DNS timing
+        let dns_elapsed = dns_elapsed.clone();
+        tokio::spawn(async move {
+            while let Some(event) = event_rx.recv().await {
+                if let yaak_http::sender::HttpResponseEvent::DnsResolved { duration, .. } = &event {
+                    dns_elapsed.store(*duration as i32, Ordering::SeqCst);
+                }
+            }
+        });
    };

    // Capture request body as it's sent (only for persisted responses)
@@ -528,10 +569,14 @@ async fn execute_transaction<R: Runtime>(
    // Final update with closed state and accurate byte count
    response_ctx.update(|r| {
        r.elapsed = start.elapsed().as_millis() as i32;
+        r.elapsed_dns = dns_elapsed.load(Ordering::SeqCst);
        r.content_length = Some(written_bytes as i32);
        r.state = HttpResponseState::Closed;
    })?;

+    // Clear the event sender from the resolver since this request is done
+    resolver.set_event_sender(None).await;
+
    Ok((response_ctx.response().clone(), maybe_blob_write_handle))
 }

--- a/crates-tauri/yaak-app/src/import.rs
+++ b/crates-tauri/yaak-app/src/import.rs
@@ -1,17 +1,17 @@
+use crate::PluginContextExt;
 use crate::error::Result;
 use crate::models_ext::QueryManagerExt;
-use crate::PluginContextExt;
 use log::info;
 use std::collections::BTreeMap;
 use std::fs::read_to_string;
 use tauri::{Manager, Runtime, WebviewWindow};
-use yaak_tauri_utils::window::WorkspaceWindowTrait;
 use yaak_core::WorkspaceContext;
 use yaak_models::models::{
    Environment, Folder, GrpcRequest, HttpRequest, WebsocketRequest, Workspace,
 };
 use yaak_models::util::{BatchUpsertResult, UpdateSource, maybe_gen_id, maybe_gen_id_opt};
 use yaak_plugins::manager::PluginManager;
+use yaak_tauri_utils::window::WorkspaceWindowTrait;

 pub(crate) async fn import_data<R: Runtime>(
    window: &WebviewWindow<R>,
--- a/crates-tauri/yaak-app/src/lib.rs
+++ b/crates-tauri/yaak-app/src/lib.rs
@@ -7,7 +7,7 @@ use crate::http_request::{resolve_http_request, send_http_request};
 use crate::import::import_data;
 use crate::models_ext::{BlobManagerExt, QueryManagerExt};
 use crate::notifications::YaakNotifier;
-use crate::render::{render_grpc_request, render_template};
+use crate::render::{render_grpc_request, render_json_value, render_template};
 use crate::updates::{UpdateMode, UpdateTrigger, YaakUpdater};
 use crate::uri_scheme::handle_deep_link;
 use error::Result as YaakResult;
@@ -37,8 +37,8 @@ use yaak_grpc::{Code, ServiceDefinition, serialize_message};
 use yaak_mac_window::AppHandleMacWindowExt;
 use yaak_models::models::{
    AnyModel, CookieJar, Environment, GrpcConnection, GrpcConnectionState, GrpcEvent,
-    GrpcEventType, GrpcRequest, HttpRequest, HttpResponse, HttpResponseEvent, HttpResponseState,
-    Plugin, Workspace, WorkspaceMeta,
+    GrpcEventType, HttpRequest, HttpResponse, HttpResponseEvent, HttpResponseState, Plugin,
+    Workspace, WorkspaceMeta,
 };
 use yaak_models::util::{BatchUpsertResult, UpdateSource, get_workspace_export_resources};
 use yaak_plugins::events::{
@@ -101,6 +101,7 @@ struct AppMetaData {
    app_data_dir: String,
    app_log_dir: String,
    vendored_plugin_dir: String,
+    default_project_dir: String,
    feature_updater: bool,
    feature_license: bool,
 }
@@ -111,6 +112,7 @@ async fn cmd_metadata(app_handle: AppHandle) -> YaakResult<AppMetaData> {
    let app_log_dir = app_handle.path().app_log_dir()?;
    let vendored_plugin_dir =
        app_handle.path().resolve("vendored/plugins", BaseDirectory::Resource)?;
+    let default_project_dir = app_handle.path().home_dir()?.join("YaakProjects");
    Ok(AppMetaData {
        is_dev: is_dev(),
        version: app_handle.package_info().version.to_string(),
@@ -118,6 +120,7 @@ async fn cmd_metadata(app_handle: AppHandle) -> YaakResult<AppMetaData> {
        app_data_dir: app_data_dir.to_string_lossy().to_string(),
        app_log_dir: app_log_dir.to_string_lossy().to_string(),
        vendored_plugin_dir: vendored_plugin_dir.to_string_lossy().to_string(),
+        default_project_dir: default_project_dir.to_string_lossy().to_string(),
        feature_license: cfg!(feature = "license"),
        feature_updater: cfg!(feature = "updater"),
    })
@@ -189,7 +192,6 @@ async fn cmd_grpc_reflect<R: Runtime>(
    request_id: &str,
    environment_id: Option<&str>,
    proto_files: Vec<String>,
-    skip_cache: Option<bool>,
    window: WebviewWindow<R>,
    app_handle: AppHandle<R>,
    grpc_handle: State<'_, Mutex<GrpcHandle>>,
@@ -224,18 +226,21 @@ async fn cmd_grpc_reflect<R: Runtime>(
    let settings = window.db().get_settings();
    let client_certificate =
        find_client_certificate(req.url.as_str(), &settings.client_certificates);
+    let proto_files: Vec<PathBuf> =
+        proto_files.iter().map(|p| PathBuf::from_str(p).unwrap()).collect();

-    Ok(grpc_handle
-        .lock()
-        .await
+    // Always invalidate cached pool when this command is called, to force re-reflection
+    let mut handle = grpc_handle.lock().await;
+    handle.invalidate_pool(&req.id, &uri, &proto_files);
+
+    Ok(handle
        .services(
            &req.id,
            &uri,
-            &proto_files.iter().map(|p| PathBuf::from_str(p).unwrap()).collect(),
+            &proto_files,
            &metadata,
            workspace.setting_validate_certificates,
            client_certificate,
-            skip_cache.unwrap_or(false),
        )
        .await
        .map_err(|e| GenericError(e.to_string()))?)
@@ -1055,14 +1060,54 @@ async fn cmd_get_http_authentication_summaries<R: Runtime>(
 #[tauri::command]
 async fn cmd_get_http_authentication_config<R: Runtime>(
    window: WebviewWindow<R>,
+    app_handle: AppHandle<R>,
    plugin_manager: State<'_, PluginManager>,
+    encryption_manager: State<'_, EncryptionManager>,
    auth_name: &str,
    values: HashMap<String, JsonPrimitive>,
    model: AnyModel,
-    _environment_id: Option<&str>,
+    environment_id: Option<&str>,
 ) -> YaakResult<GetHttpAuthenticationConfigResponse> {
+    // Extract workspace_id and folder_id from the model to resolve the environment chain
+    let (workspace_id, folder_id) = match &model {
+        AnyModel::HttpRequest(r) => (r.workspace_id.clone(), r.folder_id.clone()),
+        AnyModel::GrpcRequest(r) => (r.workspace_id.clone(), r.folder_id.clone()),
+        AnyModel::WebsocketRequest(r) => (r.workspace_id.clone(), r.folder_id.clone()),
+        AnyModel::Folder(f) => (f.workspace_id.clone(), f.folder_id.clone()),
+        AnyModel::Workspace(w) => (w.id.clone(), None),
+        _ => return Err(GenericError("Unsupported model type for authentication config".into())),
+    };
+
+    // Resolve environment chain and render the values for token lookup
+    let environment_chain = app_handle.db().resolve_environments(
+        &workspace_id,
+        folder_id.as_deref(),
+        environment_id,
+    )?;
+    let plugin_manager_arc = Arc::new((*plugin_manager).clone());
+    let encryption_manager_arc = Arc::new((*encryption_manager).clone());
+    let cb = PluginTemplateCallback::new(
+        plugin_manager_arc,
+        encryption_manager_arc,
+        &window.plugin_context(),
+        RenderPurpose::Preview,
+    );
+
+    // Convert HashMap<String, JsonPrimitive> to serde_json::Value for rendering
+    let values_json: serde_json::Value = serde_json::to_value(&values)?;
+    let rendered_json =
+        render_json_value(values_json, environment_chain, &cb, &RenderOptions::throw()).await?;
+
+    // Convert back to HashMap<String, JsonPrimitive>
+    let rendered_values: HashMap<String, JsonPrimitive> = serde_json::from_value(rendered_json)?;
+
    Ok(plugin_manager
-        .get_http_authentication_config(&window.plugin_context(), auth_name, values, model.id())
+        .get_http_authentication_config(
+            &window.plugin_context(),
+            auth_name,
+            rendered_values,
+            model.id(),
+        )
        .await?)
 }

@@ -1109,19 +1154,54 @@ async fn cmd_call_grpc_request_action<R: Runtime>(
 #[tauri::command]
 async fn cmd_call_http_authentication_action<R: Runtime>(
    window: WebviewWindow<R>,
+    app_handle: AppHandle<R>,
    plugin_manager: State<'_, PluginManager>,
+    encryption_manager: State<'_, EncryptionManager>,
    auth_name: &str,
    action_index: i32,
    values: HashMap<String, JsonPrimitive>,
    model: AnyModel,
-    _environment_id: Option<&str>,
+    environment_id: Option<&str>,
 ) -> YaakResult<()> {
+    // Extract workspace_id and folder_id from the model to resolve the environment chain
+    let (workspace_id, folder_id) = match &model {
+        AnyModel::HttpRequest(r) => (r.workspace_id.clone(), r.folder_id.clone()),
+        AnyModel::GrpcRequest(r) => (r.workspace_id.clone(), r.folder_id.clone()),
+        AnyModel::WebsocketRequest(r) => (r.workspace_id.clone(), r.folder_id.clone()),
+        AnyModel::Folder(f) => (f.workspace_id.clone(), f.folder_id.clone()),
+        AnyModel::Workspace(w) => (w.id.clone(), None),
+        _ => return Err(GenericError("Unsupported model type for authentication action".into())),
+    };
+
+    // Resolve environment chain and render the values
+    let environment_chain = app_handle.db().resolve_environments(
+        &workspace_id,
+        folder_id.as_deref(),
+        environment_id,
+    )?;
+    let plugin_manager_arc = Arc::new((*plugin_manager).clone());
+    let encryption_manager_arc = Arc::new((*encryption_manager).clone());
+    let cb = PluginTemplateCallback::new(
+        plugin_manager_arc,
+        encryption_manager_arc,
+        &window.plugin_context(),
+        RenderPurpose::Send,
+    );
+
+    // Convert HashMap<String, JsonPrimitive> to serde_json::Value for rendering
+    let values_json: serde_json::Value = serde_json::to_value(&values)?;
+    let rendered_json =
+        render_json_value(values_json, environment_chain, &cb, &RenderOptions::throw()).await?;
+
+    // Convert back to HashMap<String, JsonPrimitive>
+    let rendered_values: HashMap<String, JsonPrimitive> = serde_json::from_value(rendered_json)?;
+
    Ok(plugin_manager
        .call_http_authentication_action(
            &window.plugin_context(),
            auth_name,
            action_index,
-            values,
+            rendered_values,
            &model.id(),
        )
        .await?)
@@ -1191,35 +1271,6 @@ async fn cmd_save_response<R: Runtime>(
    Ok(())
 }

-#[tauri::command]
-async fn cmd_send_folder<R: Runtime>(
-    app_handle: AppHandle<R>,
-    window: WebviewWindow<R>,
-    environment_id: Option<String>,
-    cookie_jar_id: Option<String>,
-    folder_id: &str,
-) -> YaakResult<()> {
-    let requests = app_handle.db().list_http_requests_for_folder_recursive(folder_id)?;
-    for request in requests {
-        let app_handle = app_handle.clone();
-        let window = window.clone();
-        let environment_id = environment_id.clone();
-        let cookie_jar_id = cookie_jar_id.clone();
-        tokio::spawn(async move {
-            let _ = cmd_send_http_request(
-                app_handle,
-                window,
-                environment_id.as_deref(),
-                cookie_jar_id.as_deref(),
-                request,
-            )
-            .await;
-        });
-    }
-
-    Ok(())
-}
-
 #[tauri::command]
 async fn cmd_send_http_request<R: Runtime>(
    app_handle: AppHandle<R>,
@@ -1316,27 +1367,6 @@ async fn cmd_install_plugin<R: Runtime>(
    Ok(plugin)
 }

-#[tauri::command]
-async fn cmd_create_grpc_request<R: Runtime>(
-    workspace_id: &str,
-    name: &str,
-    sort_priority: f64,
-    folder_id: Option<&str>,
-    app_handle: AppHandle<R>,
-    window: WebviewWindow<R>,
-) -> YaakResult<GrpcRequest> {
-    Ok(app_handle.db().upsert_grpc_request(
-        &GrpcRequest {
-            workspace_id: workspace_id.to_string(),
-            name: name.to_string(),
-            folder_id: folder_id.map(|s| s.to_string()),
-            sort_priority,
-            ..Default::default()
-        },
-        &UpdateSource::from_window_label(window.label()),
-    )?)
-}
-
 #[tauri::command]
 async fn cmd_reload_plugins<R: Runtime>(
    app_handle: AppHandle<R>,
@@ -1599,7 +1629,6 @@ pub fn run() {
            cmd_call_folder_action,
            cmd_call_grpc_request_action,
            cmd_check_for_updates,
-            cmd_create_grpc_request,
            cmd_curl_to_request,
            cmd_delete_all_grpc_connections,
            cmd_delete_all_http_responses,
@@ -1633,7 +1662,6 @@ pub fn run() {
            cmd_save_response,
            cmd_send_ephemeral_request,
            cmd_send_http_request,
-            cmd_send_folder,
            cmd_template_function_config,
            cmd_template_function_summaries,
            cmd_template_tokens_to_string,
@@ -1641,12 +1669,13 @@ pub fn run() {
            //
            // Migrated commands
            crate::commands::cmd_decrypt_template,
+            crate::commands::cmd_default_headers,
+            crate::commands::cmd_disable_encryption,
            crate::commands::cmd_enable_encryption,
            crate::commands::cmd_get_themes,
            crate::commands::cmd_reveal_workspace_key,
            crate::commands::cmd_secure_template,
            crate::commands::cmd_set_workspace_key,
-            crate::commands::cmd_show_workspace_key,
            //
            // Models commands
            models_ext::models_delete,
@@ -1669,30 +1698,36 @@ pub fn run() {
            git_ext::cmd_git_checkout,
            git_ext::cmd_git_branch,
            git_ext::cmd_git_delete_branch,
+            git_ext::cmd_git_delete_remote_branch,
            git_ext::cmd_git_merge_branch,
+            git_ext::cmd_git_rename_branch,
            git_ext::cmd_git_status,
            git_ext::cmd_git_log,
            git_ext::cmd_git_initialize,
+            git_ext::cmd_git_clone,
            git_ext::cmd_git_commit,
            git_ext::cmd_git_fetch_all,
            git_ext::cmd_git_push,
            git_ext::cmd_git_pull,
+            git_ext::cmd_git_pull_force_reset,
+            git_ext::cmd_git_pull_merge,
            git_ext::cmd_git_add,
            git_ext::cmd_git_unstage,
+            git_ext::cmd_git_reset_changes,
            git_ext::cmd_git_add_credential,
            git_ext::cmd_git_remotes,
            git_ext::cmd_git_add_remote,
            git_ext::cmd_git_rm_remote,
            //
+            // Plugin commands
+            plugins_ext::cmd_plugins_search,
+            plugins_ext::cmd_plugins_install,
+            plugins_ext::cmd_plugins_uninstall,
+            plugins_ext::cmd_plugins_updates,
+            plugins_ext::cmd_plugins_update_all,
+            //
            // WebSocket commands
-            ws_ext::cmd_ws_upsert_request,
-            ws_ext::cmd_ws_duplicate_request,
-            ws_ext::cmd_ws_delete_request,
-            ws_ext::cmd_ws_delete_connection,
            ws_ext::cmd_ws_delete_connections,
-            ws_ext::cmd_ws_list_events,
-            ws_ext::cmd_ws_list_requests,
-            ws_ext::cmd_ws_list_connections,
            ws_ext::cmd_ws_send,
            ws_ext::cmd_ws_close,
            ws_ext::cmd_ws_connect,
--- a/crates-tauri/yaak-app/src/notifications.rs
+++ b/crates-tauri/yaak-app/src/notifications.rs
@@ -1,5 +1,6 @@
 use crate::error::Result;
 use crate::history::get_or_upsert_launch_info;
+use crate::models_ext::QueryManagerExt;
 use chrono::{DateTime, Utc};
 use log::{debug, info};
 use reqwest::Method;
@@ -8,9 +9,8 @@ use std::time::Instant;
 use tauri::{AppHandle, Emitter, Manager, Runtime, WebviewWindow};
 use ts_rs::TS;
 use yaak_common::platform::get_os_str;
-use yaak_tauri_utils::api_client::yaak_api_client;
-use crate::models_ext::QueryManagerExt;
 use yaak_models::util::UpdateSource;
+use yaak_tauri_utils::api_client::yaak_api_client;

 // Check for updates every hour
 const MAX_UPDATE_CHECK_SECONDS: u64 = 60 * 60;
--- a/crates-tauri/yaak-app/src/plugin_events.rs
+++ b/crates-tauri/yaak-app/src/plugin_events.rs
@@ -1,5 +1,7 @@
 use crate::error::Result;
 use crate::http_request::send_http_request_with_context;
+use crate::models_ext::BlobManagerExt;
+use crate::models_ext::QueryManagerExt;
 use crate::render::{render_grpc_request, render_http_request, render_json_value};
 use crate::window::{CreateWindowConfig, create_window};
 use crate::{
@@ -10,15 +12,12 @@ use chrono::Utc;
 use cookie::Cookie;
 use log::error;
 use std::sync::Arc;
-use tauri::{AppHandle, Emitter, Manager, Runtime};
+use tauri::{AppHandle, Emitter, Listener, Manager, Runtime};
 use tauri_plugin_clipboard_manager::ClipboardExt;
 use tauri_plugin_opener::OpenerExt;
 use yaak_crypto::manager::EncryptionManager;
-use yaak_tauri_utils::window::WorkspaceWindowTrait;
-use crate::models_ext::BlobManagerExt;
 use yaak_models::models::{AnyModel, HttpResponse, Plugin};
 use yaak_models::queries::any_request::AnyRequest;
-use crate::models_ext::QueryManagerExt;
 use yaak_models::util::UpdateSource;
 use yaak_plugins::error::Error::PluginErr;
 use yaak_plugins::events::{
@@ -32,6 +31,7 @@ use yaak_plugins::events::{
 use yaak_plugins::manager::PluginManager;
 use yaak_plugins::plugin_handle::PluginHandle;
 use yaak_plugins::template_callback::PluginTemplateCallback;
+use yaak_tauri_utils::window::WorkspaceWindowTrait;
 use yaak_templates::{RenderErrorBehavior, RenderOptions};

 pub(crate) async fn handle_plugin_event<R: Runtime>(
@@ -59,7 +59,55 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
        }
        InternalEventPayload::PromptFormRequest(_) => {
            let window = get_window_from_plugin_context(app_handle, &plugin_context)?;
-            Ok(call_frontend(&window, event).await)
+            if event.reply_id.is_some() {
+                // Follow-up update from plugin runtime with resolved inputs — forward to frontend
+                window.emit_to(window.label(), "plugin_event", event.clone())?;
+                Ok(None)
+            } else {
+                // Initial request — set up bidirectional communication
+                window.emit_to(window.label(), "plugin_event", event.clone()).unwrap();
+
+                let event_id = event.id.clone();
+                let plugin_handle = plugin_handle.clone();
+                let plugin_context = plugin_context.clone();
+                let window = window.clone();
+
+                // Spawn async task to handle bidirectional form communication
+                tauri::async_runtime::spawn(async move {
+                    let (tx, mut rx) = tokio::sync::mpsc::channel::<InternalEvent>(128);
+
+                    // Listen for replies from the frontend
+                    let listener_id = window.listen(event_id, move |ev: tauri::Event| {
+                        let resp: InternalEvent = serde_json::from_str(ev.payload()).unwrap();
+                        let _ = tx.try_send(resp);
+                    });
+
+                    // Forward each reply to the plugin runtime
+                    while let Some(resp) = rx.recv().await {
+                        let is_done = matches!(
+                            &resp.payload,
+                            InternalEventPayload::PromptFormResponse(r) if r.done.unwrap_or(false)
+                        );
+
+                        let event_to_send = plugin_handle.build_event_to_send(
+                            &plugin_context,
+                            &resp.payload,
+                            Some(resp.reply_id.unwrap_or_default()),
+                        );
+                        if let Err(e) = plugin_handle.send(&event_to_send).await {
+                            log::warn!("Failed to forward form response to plugin: {:?}", e);
+                        }
+
+                        if is_done {
+                            break;
+                        }
+                    }
+
+                    window.unlisten(listener_id);
+                });
+
+                Ok(None)
+            }
        }
        InternalEventPayload::FindHttpResponsesRequest(req) => {
            let http_responses = app_handle
@@ -170,7 +218,12 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
            )?;
            let plugin_manager = Arc::new((*app_handle.state::<PluginManager>()).clone());
            let encryption_manager = Arc::new((*app_handle.state::<EncryptionManager>()).clone());
-            let cb = PluginTemplateCallback::new(plugin_manager, encryption_manager, &plugin_context, req.purpose);
+            let cb = PluginTemplateCallback::new(
+                plugin_manager,
+                encryption_manager,
+                &plugin_context,
+                req.purpose,
+            );
            let opt = RenderOptions { error_behavior: RenderErrorBehavior::Throw };
            let grpc_request =
                render_grpc_request(&req.grpc_request, environment_chain, &cb, &opt).await?;
@@ -191,7 +244,12 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
            )?;
            let plugin_manager = Arc::new((*app_handle.state::<PluginManager>()).clone());
            let encryption_manager = Arc::new((*app_handle.state::<EncryptionManager>()).clone());
-            let cb = PluginTemplateCallback::new(plugin_manager, encryption_manager, &plugin_context, req.purpose);
+            let cb = PluginTemplateCallback::new(
+                plugin_manager,
+                encryption_manager,
+                &plugin_context,
+                req.purpose,
+            );
            let opt = &RenderOptions { error_behavior: RenderErrorBehavior::Throw };
            let http_request =
                render_http_request(&req.http_request, environment_chain, &cb, &opt).await?;
@@ -222,7 +280,12 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
            )?;
            let plugin_manager = Arc::new((*app_handle.state::<PluginManager>()).clone());
            let encryption_manager = Arc::new((*app_handle.state::<EncryptionManager>()).clone());
-            let cb = PluginTemplateCallback::new(plugin_manager, encryption_manager, &plugin_context, req.purpose);
+            let cb = PluginTemplateCallback::new(
+                plugin_manager,
+                encryption_manager,
+                &plugin_context,
+                req.purpose,
+            );
            let opt = RenderOptions { error_behavior: RenderErrorBehavior::Throw };
            let data = render_json_value(req.data, environment_chain, &cb, &opt).await?;
            Ok(Some(InternalEventPayload::TemplateRenderResponse(TemplateRenderResponse { data })))
--- a/crates-tauri/yaak-app/src/plugins_ext.rs
+++ b/crates-tauri/yaak-app/src/plugins_ext.rs
@@ -17,7 +17,7 @@ use tauri::path::BaseDirectory;
 use tauri::plugin::{Builder, TauriPlugin};
 use tauri::{
    AppHandle, Emitter, Manager, RunEvent, Runtime, State, WebviewWindow, WindowEvent, command,
-    generate_handler, is_dev,
+    is_dev,
 };
 use tokio::sync::Mutex;
 use ts_rs::TS;
@@ -132,7 +132,7 @@ impl PluginUpdater {
 // ============================================================================

 #[command]
-pub(crate) async fn cmd_plugins_search<R: Runtime>(
+pub async fn cmd_plugins_search<R: Runtime>(
    app_handle: AppHandle<R>,
    query: &str,
 ) -> Result<PluginSearchResponse> {
@@ -141,7 +141,7 @@ pub(crate) async fn cmd_plugins_search<R: Runtime>(
 }

 #[command]
-pub(crate) async fn cmd_plugins_install<R: Runtime>(
+pub async fn cmd_plugins_install<R: Runtime>(
    window: WebviewWindow<R>,
    name: &str,
    version: Option<String>,
@@ -163,7 +163,7 @@ pub(crate) async fn cmd_plugins_install<R: Runtime>(
 }

 #[command]
-pub(crate) async fn cmd_plugins_uninstall<R: Runtime>(
+pub async fn cmd_plugins_uninstall<R: Runtime>(
    plugin_id: &str,
    window: WebviewWindow<R>,
 ) -> Result<Plugin> {
@@ -174,7 +174,7 @@ pub(crate) async fn cmd_plugins_uninstall<R: Runtime>(
 }

 #[command]
-pub(crate) async fn cmd_plugins_updates<R: Runtime>(
+pub async fn cmd_plugins_updates<R: Runtime>(
    app_handle: AppHandle<R>,
 ) -> Result<PluginUpdatesResponse> {
    let http_client = yaak_api_client(&app_handle)?;
@@ -183,7 +183,7 @@ pub(crate) async fn cmd_plugins_updates<R: Runtime>(
 }

 #[command]
-pub(crate) async fn cmd_plugins_update_all<R: Runtime>(
+pub async fn cmd_plugins_update_all<R: Runtime>(
    window: WebviewWindow<R>,
 ) -> Result<Vec<PluginNameVersion>> {
    let http_client = yaak_api_client(window.app_handle())?;
@@ -233,13 +233,6 @@ pub(crate) async fn cmd_plugins_update_all<R: Runtime>(

 pub fn init<R: Runtime>() -> TauriPlugin<R> {
    Builder::new("yaak-plugins")
-        .invoke_handler(generate_handler![
-            cmd_plugins_search,
-            cmd_plugins_install,
-            cmd_plugins_uninstall,
-            cmd_plugins_updates,
-            cmd_plugins_update_all
-        ])
        .setup(|app_handle, _| {
            // Resolve paths for plugin manager
            let vendored_plugin_dir = app_handle
--- a/crates-tauri/yaak-app/src/updates.rs
+++ b/crates-tauri/yaak-app/src/updates.rs
@@ -3,6 +3,7 @@ use std::path::PathBuf;
 use std::time::{Duration, Instant};

 use crate::error::Result;
+use crate::models_ext::QueryManagerExt;
 use log::{debug, error, info, warn};
 use serde::{Deserialize, Serialize};
 use tauri::{Emitter, Listener, Manager, Runtime, WebviewWindow};
@@ -11,7 +12,6 @@ use tauri_plugin_updater::{Update, UpdaterExt};
 use tokio::task::block_in_place;
 use tokio::time::sleep;
 use ts_rs::TS;
-use crate::models_ext::QueryManagerExt;
 use yaak_models::util::generate_id;
 use yaak_plugins::manager::PluginManager;

--- a/crates-tauri/yaak-app/src/uri_scheme.rs
+++ b/crates-tauri/yaak-app/src/uri_scheme.rs
@@ -1,18 +1,18 @@
+use crate::PluginContextExt;
 use crate::error::Result;
 use crate::import::import_data;
 use crate::models_ext::QueryManagerExt;
-use crate::PluginContextExt;
 use log::{info, warn};
 use std::collections::HashMap;
 use std::fs;
 use std::sync::Arc;
 use tauri::{AppHandle, Emitter, Manager, Runtime, Url};
 use tauri_plugin_dialog::{DialogExt, MessageDialogButtons, MessageDialogKind};
-use yaak_tauri_utils::api_client::yaak_api_client;
 use yaak_models::util::generate_id;
 use yaak_plugins::events::{Color, ShowToastRequest};
 use yaak_plugins::install::download_and_install;
 use yaak_plugins::manager::PluginManager;
+use yaak_tauri_utils::api_client::yaak_api_client;

 pub(crate) async fn handle_deep_link<R: Runtime>(
    app_handle: &AppHandle<R>,
@@ -55,7 +55,8 @@ pub(crate) async fn handle_deep_link<R: Runtime>(
                &plugin_context,
                name,
                version,
-            ).await?;
+            )
+            .await?;
            app_handle.emit(
                "show_toast",
                ShowToastRequest {
--- a/crates-tauri/yaak-app/src/window.rs
+++ b/crates-tauri/yaak-app/src/window.rs
@@ -1,4 +1,5 @@
 use crate::error::Result;
+use crate::models_ext::QueryManagerExt;
 use crate::window_menu::app_menu;
 use log::{info, warn};
 use rand::random;
@@ -8,7 +9,6 @@ use tauri::{
 };
 use tauri_plugin_opener::OpenerExt;
 use tokio::sync::mpsc;
-use crate::models_ext::QueryManagerExt;

 const DEFAULT_WINDOW_WIDTH: f64 = 1100.0;
 const DEFAULT_WINDOW_HEIGHT: f64 = 600.0;
@@ -162,11 +162,16 @@ pub(crate) fn create_window<R: Runtime>(
            "dev.reset_size" => webview_window
                .set_size(LogicalSize::new(DEFAULT_WINDOW_WIDTH, DEFAULT_WINDOW_HEIGHT))
                .unwrap(),
-            "dev.reset_size_record" => {
+            "dev.reset_size_16x9" => {
                let width = webview_window.outer_size().unwrap().width;
                let height = width * 9 / 16;
                webview_window.set_size(PhysicalSize::new(width, height)).unwrap()
            }
+            "dev.reset_size_16x10" => {
+                let width = webview_window.outer_size().unwrap().width;
+                let height = width * 10 / 16;
+                webview_window.set_size(PhysicalSize::new(width, height)).unwrap()
+            }
            "dev.refresh" => webview_window.eval("location.reload()").unwrap(),
            "dev.generate_theme_css" => {
                w.emit("generate_theme_css", true).unwrap();
--- a/crates-tauri/yaak-app/src/window_menu.rs
+++ b/crates-tauri/yaak-app/src/window_menu.rs
@@ -154,8 +154,13 @@ pub fn app_menu<R: Runtime>(app_handle: &AppHandle<R>) -> tauri::Result<Menu<R>>
                    &MenuItemBuilder::with_id("dev.reset_size".to_string(), "Reset Size")
                        .build(app_handle)?,
                    &MenuItemBuilder::with_id(
-                        "dev.reset_size_record".to_string(),
-                        "Reset Size 16x9",
+                        "dev.reset_size_16x9".to_string(),
+                        "Resize to 16x9",
+                    )
+                    .build(app_handle)?,
+                    &MenuItemBuilder::with_id(
+                        "dev.reset_size_16x10".to_string(),
+                        "Resize to 16x10",
                    )
                    .build(app_handle)?,
                    &MenuItemBuilder::with_id(
--- a/crates-tauri/yaak-app/src/ws_ext.rs
+++ b/crates-tauri/yaak-app/src/ws_ext.rs
@@ -1,9 +1,9 @@
 //! WebSocket Tauri command wrappers
 //! These wrap the core yaak-ws functionality for Tauri IPC.

+use crate::PluginContextExt;
 use crate::error::Result;
 use crate::models_ext::QueryManagerExt;
-use crate::PluginContextExt;
 use http::HeaderMap;
 use log::{debug, info, warn};
 use std::str::FromStr;
@@ -28,53 +28,6 @@ use yaak_templates::{RenderErrorBehavior, RenderOptions};
 use yaak_tls::find_client_certificate;
 use yaak_ws::{WebsocketManager, render_websocket_request};

-#[command]
-pub async fn cmd_ws_upsert_request<R: Runtime>(
-    request: WebsocketRequest,
-    app_handle: AppHandle<R>,
-    window: WebviewWindow<R>,
-) -> Result<WebsocketRequest> {
-    Ok(app_handle
-        .db()
-        .upsert_websocket_request(&request, &UpdateSource::from_window_label(window.label()))?)
-}
-
-#[command]
-pub async fn cmd_ws_duplicate_request<R: Runtime>(
-    request_id: &str,
-    app_handle: AppHandle<R>,
-    window: WebviewWindow<R>,
-) -> Result<WebsocketRequest> {
-    let db = app_handle.db();
-    let request = db.get_websocket_request(request_id)?;
-    Ok(db.duplicate_websocket_request(&request, &UpdateSource::from_window_label(window.label()))?)
-}
-
-#[command]
-pub async fn cmd_ws_delete_request<R: Runtime>(
-    request_id: &str,
-    app_handle: AppHandle<R>,
-    window: WebviewWindow<R>,
-) -> Result<WebsocketRequest> {
-    Ok(app_handle
-        .db()
-        .delete_websocket_request_by_id(request_id, &UpdateSource::from_window_label(window.label()))?)
-}
-
-#[command]
-pub async fn cmd_ws_delete_connection<R: Runtime>(
-    connection_id: &str,
-    app_handle: AppHandle<R>,
-    window: WebviewWindow<R>,
-) -> Result<WebsocketConnection> {
-    Ok(app_handle
-        .db()
-        .delete_websocket_connection_by_id(
-            connection_id,
-            &UpdateSource::from_window_label(window.label()),
-        )?)
-}
-
 #[command]
 pub async fn cmd_ws_delete_connections<R: Runtime>(
    request_id: &str,
@@ -87,30 +40,6 @@ pub async fn cmd_ws_delete_connections<R: Runtime>(
    )?)
 }

-#[command]
-pub async fn cmd_ws_list_events<R: Runtime>(
-    connection_id: &str,
-    app_handle: AppHandle<R>,
-) -> Result<Vec<WebsocketEvent>> {
-    Ok(app_handle.db().list_websocket_events(connection_id)?)
-}
-
-#[command]
-pub async fn cmd_ws_list_requests<R: Runtime>(
-    workspace_id: &str,
-    app_handle: AppHandle<R>,
-) -> Result<Vec<WebsocketRequest>> {
-    Ok(app_handle.db().list_websocket_requests(workspace_id)?)
-}
-
-#[command]
-pub async fn cmd_ws_list_connections<R: Runtime>(
-    workspace_id: &str,
-    app_handle: AppHandle<R>,
-) -> Result<Vec<WebsocketConnection>> {
-    Ok(app_handle.db().list_websocket_connections(workspace_id)?)
-}
-
 #[command]
 pub async fn cmd_ws_send<R: Runtime>(
    connection_id: &str,
@@ -296,8 +225,10 @@ pub async fn cmd_ws_connect<R: Runtime>(
                )
                .await?;
            for header in plugin_result.set_headers.unwrap_or_default() {
-                match (http::HeaderName::from_str(&header.name), HeaderValue::from_str(&header.value))
-                {
+                match (
+                    http::HeaderName::from_str(&header.name),
+                    HeaderValue::from_str(&header.value),
+                ) {
                    (Ok(name), Ok(value)) => {
                        headers.insert(name, value);
                    }
--- a/crates-tauri/yaak-license/src/license.rs
+++ b/crates-tauri/yaak-license/src/license.rs
@@ -8,10 +8,10 @@ use std::time::Duration;
 use tauri::{AppHandle, Emitter, Manager, Runtime, WebviewWindow, is_dev};
 use ts_rs::TS;
 use yaak_common::platform::get_os_str;
-use yaak_tauri_utils::api_client::yaak_api_client;
 use yaak_models::db_context::DbContext;
 use yaak_models::query_manager::QueryManager;
 use yaak_models::util::UpdateSource;
+use yaak_tauri_utils::api_client::yaak_api_client;

 /// Extension trait for accessing the QueryManager from Tauri Manager types.
 /// This is needed temporarily until all crates are refactored to not use Tauri.
--- a/crates/yaak-crypto/index.ts
+++ b/crates/yaak-crypto/index.ts
@@ -11,3 +11,7 @@ export function revealWorkspaceKey(workspaceId: string) {
 export function setWorkspaceKey(args: { workspaceId: string; key: string }) {
  return invoke<void>('cmd_set_workspace_key', args);
 }
+
+export function disableEncryption(workspaceId: string) {
+  return invoke<void>('cmd_disable_encryption', { workspaceId });
+}
--- a/crates/yaak-crypto/src/manager.rs
+++ b/crates/yaak-crypto/src/manager.rs
@@ -115,6 +115,35 @@ impl EncryptionManager {
        self.set_workspace_key(workspace_id, &wkey)
    }

+    pub fn disable_encryption(&self, workspace_id: &str) -> Result<()> {
+        info!("Disabling encryption for {workspace_id}");
+
+        self.query_manager.with_tx::<(), Error>(|tx| {
+            let workspace = tx.get_workspace(workspace_id)?;
+            let workspace_meta = tx.get_or_create_workspace_meta(workspace_id)?;
+
+            // Clear encryption challenge on workspace
+            tx.upsert_workspace(
+                &Workspace { encryption_key_challenge: None, ..workspace },
+                &UpdateSource::Background,
+            )?;
+
+            // Clear encryption key on workspace meta
+            tx.upsert_workspace_meta(
+                &WorkspaceMeta { encryption_key: None, ..workspace_meta },
+                &UpdateSource::Background,
+            )?;
+
+            Ok(())
+        })?;
+
+        // Remove from cache
+        let mut cache = self.cached_workspace_keys.lock().unwrap();
+        cache.remove(workspace_id);
+
+        Ok(())
+    }
+
    fn get_workspace_key(&self, workspace_id: &str) -> Result<WorkspaceKey> {
        {
            let cache = self.cached_workspace_keys.lock().unwrap();
--- a/crates/yaak-git/Cargo.toml
+++ b/crates/yaak-git/Cargo.toml
@@ -6,7 +6,7 @@ publish = false

 [dependencies]
 chrono = { workspace = true, features = ["serde"] }
-git2 = { version = "0.20.0", features = ["vendored-libgit2", "vendored-openssl"] }
+git2 = { version = "0.20.4", features = ["vendored-libgit2", "vendored-openssl"] }
 log = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
--- a/crates/yaak-git/bindings/gen_git.ts
+++ b/crates/yaak-git/bindings/gen_git.ts
@@ -1,6 +1,10 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { SyncModel } from "./gen_models";

+export type BranchDeleteResult = { "type": "success", message: string, } | { "type": "not_fully_merged" };
+
+export type CloneResult = { "type": "success" } | { "type": "cancelled" } | { "type": "needs_credentials", url: string, error: string | null, };
+
 export type GitAuthor = { name: string | null, email: string | null, };

 export type GitCommit = { author: GitAuthor, when: string, message: string | null, };
@@ -11,8 +15,8 @@ export type GitStatus = "untracked" | "conflict" | "current" | "modified" | "rem

 export type GitStatusEntry = { relaPath: string, status: GitStatus, staged: boolean, prev: SyncModel | null, next: SyncModel | null, };

-export type GitStatusSummary = { path: string, headRef: string | null, headRefShorthand: string | null, entries: Array<GitStatusEntry>, origins: Array<string>, localBranches: Array<string>, remoteBranches: Array<string>, };
+export type GitStatusSummary = { path: string, headRef: string | null, headRefShorthand: string | null, entries: Array<GitStatusEntry>, origins: Array<string>, localBranches: Array<string>, remoteBranches: Array<string>, ahead: number, behind: number, };

-export type PullResult = { "type": "success", message: string, } | { "type": "up_to_date" } | { "type": "needs_credentials", url: string, error: string | null, };
+export type PullResult = { "type": "success", message: string, } | { "type": "up_to_date" } | { "type": "needs_credentials", url: string, error: string | null, } | { "type": "diverged", remote: string, branch: string, } | { "type": "uncommitted_changes" };

 export type PushResult = { "type": "success", message: string, } | { "type": "up_to_date" } | { "type": "needs_credentials", url: string, error: string | null, };
--- a/crates/yaak-git/bindings/gen_models.ts
+++ b/crates/yaak-git/bindings/gen_models.ts
@@ -1,5 +1,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

+export type DnsOverride = { hostname: string, ipv4: Array<string>, ipv6: Array<string>, enabled?: boolean, };
+
 export type Environment = { model: "environment", id: string, workspaceId: string, createdAt: string, updatedAt: string, name: string, public: boolean, parentModel: string, parentId: string | null, variables: Array<EnvironmentVariable>, color: string | null, sortPriority: number, };

 export type EnvironmentVariable = { enabled?: boolean, name: string, value: string, id?: string, };
@@ -18,4 +20,4 @@ export type SyncModel = { "type": "workspace" } & Workspace | { "type": "environ

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, settingDnsOverrides: Array<DnsOverride>, };
--- a/crates/yaak-git/index.ts
+++ b/crates/yaak-git/index.ts
@@ -3,20 +3,31 @@ import { invoke } from '@tauri-apps/api/core';
 import { createFastMutation } from '@yaakapp/app/hooks/useFastMutation';
 import { queryClient } from '@yaakapp/app/lib/queryClient';
 import { useMemo } from 'react';
-import { GitCommit, GitRemote, GitStatusSummary, PullResult, PushResult } from './bindings/gen_git';
+import { BranchDeleteResult, CloneResult, GitCommit, GitRemote, GitStatusSummary, PullResult, PushResult } from './bindings/gen_git';
+import { showToast } from '@yaakapp/app/lib/toast';

 export * from './bindings/gen_git';
+export * from './bindings/gen_models';

 export interface GitCredentials {
  username: string;
  password: string;
 }

+export type DivergedStrategy = 'force_reset' | 'merge' | 'cancel';
+
+export type UncommittedChangesStrategy = 'reset' | 'cancel';
+
 export interface GitCallbacks {
  addRemote: () => Promise<GitRemote | null>;
  promptCredentials: (
    result: Extract<PushResult, { type: 'needs_credentials' }>,
  ) => Promise<GitCredentials | null>;
+  promptDiverged: (
+    result: Extract<PullResult, { type: 'diverged' }>,
+  ) => Promise<DivergedStrategy>;
+  promptUncommittedChanges: () => Promise<UncommittedChangesStrategy>;
+  forceSync: () => Promise<void>;
 }

 const onSuccess = () => queryClient.invalidateQueries({ queryKey: ['git'] });
@@ -59,7 +70,6 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
    if (creds == null) throw new Error('Canceled');

    await invoke('cmd_git_add_credential', {
-      dir,
      remoteUrl: result.url,
      username: creds.username,
      password: creds.password,
@@ -69,6 +79,15 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
    return invoke<PushResult>('cmd_git_push', { dir });
  };

+  const handleError = (err: unknown) => {
+    showToast({
+      id: `${err}`,
+      message: `${err}`,
+      color: 'danger',
+      timeout: 5000,
+    });
+  }
+
  return {
    init: createFastMutation<void, string, void>({
      mutationKey: ['git', 'init'],
@@ -90,21 +109,31 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
      mutationFn: (args) => invoke('cmd_git_rm_remote', { dir, ...args }),
      onSuccess,
    }),
-    branch: createFastMutation<void, string, { branch: string }>({
+    createBranch: createFastMutation<void, string, { branch: string; base?: string }>({
      mutationKey: ['git', 'branch', dir],
      mutationFn: (args) => invoke('cmd_git_branch', { dir, ...args }),
      onSuccess,
    }),
-    mergeBranch: createFastMutation<void, string, { branch: string; force: boolean }>({
+    mergeBranch: createFastMutation<void, string, { branch: string }>({
      mutationKey: ['git', 'merge', dir],
      mutationFn: (args) => invoke('cmd_git_merge_branch', { dir, ...args }),
      onSuccess,
    }),
-    deleteBranch: createFastMutation<void, string, { branch: string }>({
+    deleteBranch: createFastMutation<BranchDeleteResult, string, { branch: string, force?: boolean }>({
      mutationKey: ['git', 'delete-branch', dir],
      mutationFn: (args) => invoke('cmd_git_delete_branch', { dir, ...args }),
      onSuccess,
    }),
+    deleteRemoteBranch: createFastMutation<void, string, { branch: string }>({
+      mutationKey: ['git', 'delete-remote-branch', dir],
+      mutationFn: (args) => invoke('cmd_git_delete_remote_branch', { dir, ...args }),
+      onSuccess,
+    }),
+    renameBranch: createFastMutation<void, string, { oldName: string, newName: string }>({
+      mutationKey: ['git', 'rename-branch', dir],
+      mutationFn: (args) => invoke('cmd_git_rename_branch', { dir, ...args }),
+      onSuccess,
+    }),
    checkout: createFastMutation<string, string, { branch: string; force: boolean }>({
      mutationKey: ['git', 'checkout', dir],
      mutationFn: (args) => invoke('cmd_git_checkout', { dir, ...args }),
@@ -123,10 +152,9 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
      },
      onSuccess,
    }),
-    fetchAll: createFastMutation<string, string, void>({
-      mutationKey: ['git', 'checkout', dir],
+    fetchAll: createFastMutation<void, string, void>({
+      mutationKey: ['git', 'fetch_all', dir],
      mutationFn: () => invoke('cmd_git_fetch_all', { dir }),
-      onSuccess,
    }),
    push: createFastMutation<PushResult, string, void>({
      mutationKey: ['git', 'push', dir],
@@ -137,21 +165,51 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
      mutationKey: ['git', 'pull', dir],
      async mutationFn() {
        const result = await invoke<PullResult>('cmd_git_pull', { dir });
-        if (result.type !== 'needs_credentials') return result;

-        // Needs credentials, prompt for them
-        const creds = await callbacks.promptCredentials(result);
-        if (creds == null) throw new Error('Canceled');
+        if (result.type === 'needs_credentials') {
+          const creds = await callbacks.promptCredentials(result);
+          if (creds == null) throw new Error('Canceled');

-        await invoke('cmd_git_add_credential', {
-          dir,
-          remoteUrl: result.url,
-          username: creds.username,
-          password: creds.password,
-        });
+          await invoke('cmd_git_add_credential', {
+            remoteUrl: result.url,
+            username: creds.username,
+            password: creds.password,
+          });

-        // Pull again
-        return invoke<PullResult>('cmd_git_pull', { dir });
+          // Pull again after credentials
+          return invoke<PullResult>('cmd_git_pull', { dir });
+        }
+
+        if (result.type === 'uncommitted_changes') {
+          callbacks.promptUncommittedChanges().then(async (strategy) => {
+            if (strategy === 'cancel') return;
+
+            await invoke('cmd_git_reset_changes', { dir });
+            return invoke<PullResult>('cmd_git_pull', { dir });
+          }).then(async () => { onSuccess(); await callbacks.forceSync(); }, handleError);
+        }
+
+        if (result.type === 'diverged') {
+          callbacks.promptDiverged(result).then((strategy) => {
+            if (strategy === 'cancel') return;
+
+            if (strategy === 'force_reset') {
+              return invoke<PullResult>('cmd_git_pull_force_reset', {
+                dir,
+                remote: result.remote,
+                branch: result.branch,
+              });
+            }
+
+            return invoke<PullResult>('cmd_git_pull_merge', {
+              dir,
+              remote: result.remote,
+              branch: result.branch,
+            });
+          }).then(async () => { onSuccess(); await callbacks.forceSync(); }, handleError);
+        }
+
+        return result;
      },
      onSuccess,
    }),
@@ -160,9 +218,39 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
      mutationFn: (args) => invoke('cmd_git_unstage', { dir, ...args }),
      onSuccess,
    }),
+    resetChanges: createFastMutation<void, string, void>({
+      mutationKey: ['git', 'reset-changes', dir],
+      mutationFn: () => invoke('cmd_git_reset_changes', { dir }),
+      onSuccess,
+    }),
  } as const;
 };

 async function getRemotes(dir: string) {
  return invoke<GitRemote[]>('cmd_git_remotes', { dir });
 }
+
+/**
+ * Clone a git repository, prompting for credentials if needed.
+ */
+export async function gitClone(
+  url: string,
+  dir: string,
+  promptCredentials: (args: { url: string; error: string | null }) => Promise<GitCredentials | null>,
+): Promise<CloneResult> {
+  const result = await invoke<CloneResult>('cmd_git_clone', { url, dir });
+  if (result.type !== 'needs_credentials') return result;
+
+  // Prompt for credentials
+  const creds = await promptCredentials({ url: result.url, error: result.error });
+  if (creds == null) return {type: 'cancelled'};
+
+  // Store credentials and retry
+  await invoke('cmd_git_add_credential', {
+    remoteUrl: result.url,
+    username: creds.username,
+    password: creds.password,
+  });
+
+  return invoke<CloneResult>('cmd_git_clone', { url, dir });
+}
--- a/crates/yaak-git/src/binary.rs
+++ b/crates/yaak-git/src/binary.rs
@@ -5,7 +5,15 @@ use std::process::Stdio;
 use tokio::process::Command;
 use yaak_common::command::new_xplatform_command;

+/// Create a git command that runs in the specified directory
 pub(crate) async fn new_binary_command(dir: &Path) -> Result<Command> {
+    let mut cmd = new_binary_command_global().await?;
+    cmd.arg("-C").arg(dir);
+    Ok(cmd)
+}
+
+/// Create a git command without a specific directory (for global operations)
+pub(crate) async fn new_binary_command_global() -> Result<Command> {
    // 1. Probe that `git` exists and is runnable
    let mut probe = new_xplatform_command("git");
    probe.arg("--version").stdin(Stdio::null()).stdout(Stdio::null()).stderr(Stdio::null());
@@ -17,8 +25,6 @@ pub(crate) async fn new_binary_command(dir: &Path) -> Result<Command> {
    }

    // 2. Build the reusable git command
-    let mut cmd = new_xplatform_command("git");
-    cmd.arg("-C").arg(dir);
-
+    let cmd = new_xplatform_command("git");
    Ok(cmd)
 }
--- a/crates/yaak-git/src/branch.rs
+++ b/crates/yaak-git/src/branch.rs
@@ -1,99 +1,153 @@
+use serde::{Deserialize, Serialize};
+use ts_rs::TS;
+
+use crate::binary::new_binary_command;
 use crate::error::Error::GenericError;
 use crate::error::Result;
-use crate::merge::do_merge;
-use crate::repository::open_repo;
-use crate::util::{bytes_to_string, get_branch_by_name, get_current_branch};
-use git2::BranchType;
-use git2::build::CheckoutBuilder;
-use log::info;
 use std::path::Path;

-pub fn git_checkout_branch(dir: &Path, branch_name: &str, force: bool) -> Result<String> {
-    if branch_name.starts_with("origin/") {
-        return git_checkout_remote_branch(dir, branch_name, force);
-    }
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, TS)]
+#[serde(rename_all = "snake_case", tag = "type")]
+#[ts(export, export_to = "gen_git.ts")]
+pub enum BranchDeleteResult {
+    Success { message: String },
+    NotFullyMerged,
+}

-    let repo = open_repo(dir)?;
-    let branch = get_branch_by_name(&repo, branch_name)?;
-    let branch_ref = branch.into_reference();
-    let branch_tree = branch_ref.peel_to_tree()?;
+pub async fn git_checkout_branch(dir: &Path, branch_name: &str, force: bool) -> Result<String> {
+    let branch_name = branch_name.trim_start_matches("origin/");

-    let mut options = CheckoutBuilder::default();
+    let mut args = vec!["checkout"];
    if force {
-        options.force();
+        args.push("--force");
    }
+    args.push(branch_name);

-    repo.checkout_tree(branch_tree.as_object(), Some(&mut options))?;
-    repo.set_head(branch_ref.name().unwrap())?;
+    let out = new_binary_command(dir)
+        .await?
+        .args(&args)
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git checkout: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    if !out.status.success() {
+        return Err(GenericError(format!("Failed to checkout: {}", combined.trim())));
+    }

    Ok(branch_name.to_string())
 }

-pub(crate) fn git_checkout_remote_branch(
-    dir: &Path,
-    branch_name: &str,
-    force: bool,
-) -> Result<String> {
-    let branch_name = branch_name.trim_start_matches("origin/");
-    let repo = open_repo(dir)?;
-
-    let refname = format!("refs/remotes/origin/{}", branch_name);
-    let remote_ref = repo.find_reference(&refname)?;
-    let commit = remote_ref.peel_to_commit()?;
-
-    let mut new_branch = repo.branch(branch_name, &commit, false)?;
-    let upstream_name = format!("origin/{}", branch_name);
-    new_branch.set_upstream(Some(&upstream_name))?;
-
-    git_checkout_branch(dir, branch_name, force)
-}
-
-pub fn git_create_branch(dir: &Path, name: &str) -> Result<()> {
-    let repo = open_repo(dir)?;
-    let head = match repo.head() {
-        Ok(h) => h,
-        Err(e) if e.code() == git2::ErrorCode::UnbornBranch => {
-            let msg = "Cannot create branch when there are no commits";
-            return Err(GenericError(msg.into()));
-        }
-        Err(e) => return Err(e.into()),
-    };
-    let head = head.peel_to_commit()?;
-
-    repo.branch(name, &head, false)?;
-
-    Ok(())
-}
-
-pub fn git_delete_branch(dir: &Path, name: &str) -> Result<()> {
-    let repo = open_repo(dir)?;
-    let mut branch = get_branch_by_name(&repo, name)?;
-
-    if branch.is_head() {
-        info!("Deleting head branch");
-        let branches = repo.branches(Some(BranchType::Local))?;
-        let other_branch = branches.into_iter().filter_map(|b| b.ok()).find(|b| !b.0.is_head());
-        let other_branch = match other_branch {
-            None => return Err(GenericError("Cannot delete only branch".into())),
-            Some(b) => bytes_to_string(b.0.name_bytes()?)?,
-        };
-
-        git_checkout_branch(dir, &other_branch, true)?;
+pub async fn git_create_branch(dir: &Path, name: &str, base: Option<&str>) -> Result<()> {
+    let mut cmd = new_binary_command(dir).await?;
+    cmd.arg("branch").arg(name);
+    if let Some(base_branch) = base {
+        cmd.arg(base_branch);
    }

-    branch.delete()?;
+    let out =
+        cmd.output().await.map_err(|e| GenericError(format!("failed to run git branch: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    if !out.status.success() {
+        return Err(GenericError(format!("Failed to create branch: {}", combined.trim())));
+    }

    Ok(())
 }

-pub fn git_merge_branch(dir: &Path, name: &str, _force: bool) -> Result<()> {
-    let repo = open_repo(dir)?;
-    let local_branch = get_current_branch(&repo)?.unwrap();
+pub async fn git_delete_branch(dir: &Path, name: &str, force: bool) -> Result<BranchDeleteResult> {
+    let mut cmd = new_binary_command(dir).await?;

-    let commit_to_merge = get_branch_by_name(&repo, name)?.into_reference();
-    let commit_to_merge = repo.reference_to_annotated_commit(&commit_to_merge)?;
+    let out =
+        if force { cmd.args(["branch", "-D", name]) } else { cmd.args(["branch", "-d", name]) }
+            .output()
+            .await
+            .map_err(|e| GenericError(format!("failed to run git branch -d: {e}")))?;

-    do_merge(&repo, &local_branch, &commit_to_merge)?;
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    if !out.status.success() && stderr.to_lowercase().contains("not fully merged") {
+        return Ok(BranchDeleteResult::NotFullyMerged);
+    }
+
+    if !out.status.success() {
+        return Err(GenericError(format!("Failed to delete branch: {}", combined.trim())));
+    }
+
+    Ok(BranchDeleteResult::Success { message: combined })
+}
+
+pub async fn git_merge_branch(dir: &Path, name: &str) -> Result<()> {
+    let out = new_binary_command(dir)
+        .await?
+        .args(["merge", name])
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git merge: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    if !out.status.success() {
+        // Check for merge conflicts
+        if combined.to_lowercase().contains("conflict") {
+            return Err(GenericError(
+                "Merge conflicts detected. Please resolve them manually.".to_string(),
+            ));
+        }
+        return Err(GenericError(format!("Failed to merge: {}", combined.trim())));
+    }
+
+    Ok(())
+}
+
+pub async fn git_delete_remote_branch(dir: &Path, name: &str) -> Result<()> {
+    // Remote branch names come in as "origin/branch-name", extract the branch name
+    let branch_name = name.trim_start_matches("origin/");
+
+    let out = new_binary_command(dir)
+        .await?
+        .args(["push", "origin", "--delete", branch_name])
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git push --delete: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    if !out.status.success() {
+        return Err(GenericError(format!("Failed to delete remote branch: {}", combined.trim())));
+    }
+
+    Ok(())
+}
+
+pub async fn git_rename_branch(dir: &Path, old_name: &str, new_name: &str) -> Result<()> {
+    let out = new_binary_command(dir)
+        .await?
+        .args(["branch", "-m", old_name, new_name])
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git branch -m: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    if !out.status.success() {
+        return Err(GenericError(format!("Failed to rename branch: {}", combined.trim())));
+    }

    Ok(())
 }
--- a/crates/yaak-git/src/clone.rs
+++ b/crates/yaak-git/src/clone.rs
@@ -0,0 +1,53 @@
+use crate::binary::new_binary_command;
+use crate::error::Error::GenericError;
+use crate::error::Result;
+use log::info;
+use serde::{Deserialize, Serialize};
+use std::fs;
+use std::path::Path;
+use ts_rs::TS;
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, TS)]
+#[serde(rename_all = "snake_case", tag = "type")]
+#[ts(export, export_to = "gen_git.ts")]
+pub enum CloneResult {
+    Success,
+    Cancelled,
+    NeedsCredentials { url: String, error: Option<String> },
+}
+
+pub async fn git_clone(url: &str, dir: &Path) -> Result<CloneResult> {
+    let parent = dir.parent().ok_or_else(|| GenericError("Invalid clone directory".to_string()))?;
+    fs::create_dir_all(parent)
+        .map_err(|e| GenericError(format!("Failed to create directory: {e}")))?;
+    let mut cmd = new_binary_command(parent).await?;
+    cmd.args(["clone", url]).arg(dir).env("GIT_TERMINAL_PROMPT", "0");
+
+    let out =
+        cmd.output().await.map_err(|e| GenericError(format!("failed to run git clone: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+    let combined_lower = combined.to_lowercase();
+
+    info!("Cloned status={}: {combined}", out.status);
+
+    if !out.status.success() {
+        // Check for credentials error
+        if combined_lower.contains("could not read") {
+            return Ok(CloneResult::NeedsCredentials { url: url.to_string(), error: None });
+        }
+        if combined_lower.contains("unable to access")
+            || combined_lower.contains("authentication failed")
+        {
+            return Ok(CloneResult::NeedsCredentials {
+                url: url.to_string(),
+                error: Some(combined.to_string()),
+            });
+        }
+        return Err(GenericError(format!("Failed to clone: {}", combined.trim())));
+    }
+
+    Ok(CloneResult::Success)
+}
--- a/crates/yaak-git/src/credential.rs
+++ b/crates/yaak-git/src/credential.rs
@@ -1,24 +1,18 @@
-use crate::binary::new_binary_command;
+use crate::binary::new_binary_command_global;
 use crate::error::Error::GenericError;
 use crate::error::Result;
-use std::path::Path;
 use std::process::Stdio;
 use tokio::io::AsyncWriteExt;
 use url::Url;

-pub async fn git_add_credential(
-    dir: &Path,
-    remote_url: &str,
-    username: &str,
-    password: &str,
-) -> Result<()> {
+pub async fn git_add_credential(remote_url: &str, username: &str, password: &str) -> Result<()> {
    let url = Url::parse(remote_url)
        .map_err(|e| GenericError(format!("Failed to parse remote url {remote_url}: {e:?}")))?;
    let protocol = url.scheme();
    let host = url.host_str().unwrap();
    let path = Some(url.path());

-    let mut child = new_binary_command(dir)
+    let mut child = new_binary_command_global()
        .await?
        .args(["credential", "approve"])
        .stdin(Stdio::piped())
--- a/crates/yaak-git/src/lib.rs
+++ b/crates/yaak-git/src/lib.rs
@@ -1,31 +1,38 @@
 mod add;
 mod binary;
 mod branch;
+mod clone;
 mod commit;
 mod credential;
 pub mod error;
 mod fetch;
 mod init;
 mod log;
-mod merge;
+
 mod pull;
 mod push;
 mod remotes;
 mod repository;
+mod reset;
 mod status;
 mod unstage;
 mod util;

 // Re-export all git functions for external use
 pub use add::git_add;
-pub use branch::{git_checkout_branch, git_create_branch, git_delete_branch, git_merge_branch};
+pub use branch::{
+    BranchDeleteResult, git_checkout_branch, git_create_branch, git_delete_branch,
+    git_delete_remote_branch, git_merge_branch, git_rename_branch,
+};
+pub use clone::{CloneResult, git_clone};
 pub use commit::git_commit;
 pub use credential::git_add_credential;
 pub use fetch::git_fetch_all;
 pub use init::git_init;
 pub use log::{GitCommit, git_log};
-pub use pull::{PullResult, git_pull};
+pub use pull::{PullResult, git_pull, git_pull_force_reset, git_pull_merge};
 pub use push::{PushResult, git_push};
 pub use remotes::{GitRemote, git_add_remote, git_remotes, git_rm_remote};
+pub use reset::git_reset_changes;
 pub use status::{GitStatusSummary, git_status};
 pub use unstage::git_unstage;
--- a/crates/yaak-git/src/merge.rs
+++ b/crates/yaak-git/src/merge.rs
@@ -1,135 +0,0 @@
-use crate::error::Error::MergeConflicts;
-use crate::util::bytes_to_string;
-use git2::{AnnotatedCommit, Branch, IndexEntry, Reference, Repository};
-use log::{debug, info};
-
-pub(crate) fn do_merge(
-    repo: &Repository,
-    local_branch: &Branch,
-    commit_to_merge: &AnnotatedCommit,
-) -> crate::error::Result<()> {
-    debug!("Merging remote branches");
-    let analysis = repo.merge_analysis(&[&commit_to_merge])?;
-
-    if analysis.0.is_fast_forward() {
-        let refname = bytes_to_string(local_branch.get().name_bytes())?;
-        match repo.find_reference(&refname) {
-            Ok(mut r) => {
-                merge_fast_forward(repo, &mut r, &commit_to_merge)?;
-            }
-            Err(_) => {
-                // The branch doesn't exist, so set the reference to the commit directly. Usually
-                // this is because you are pulling into an empty repository.
-                repo.reference(
-                    &refname,
-                    commit_to_merge.id(),
-                    true,
-                    &format!("Setting {} to {}", refname, commit_to_merge.id()),
-                )?;
-                repo.set_head(&refname)?;
-                repo.checkout_head(Some(
-                    git2::build::CheckoutBuilder::default()
-                        .allow_conflicts(true)
-                        .conflict_style_merge(true)
-                        .force(),
-                ))?;
-            }
-        };
-    } else if analysis.0.is_normal() {
-        let head_commit = repo.reference_to_annotated_commit(&repo.head()?)?;
-        merge_normal(repo, &head_commit, commit_to_merge)?;
-    } else {
-        debug!("Skipping merge. Nothing to do")
-    }
-
-    Ok(())
-}
-
-pub(crate) fn merge_fast_forward(
-    repo: &Repository,
-    local_reference: &mut Reference,
-    remote_commit: &AnnotatedCommit,
-) -> crate::error::Result<()> {
-    info!("Performing fast forward");
-    let name = match local_reference.name() {
-        Some(s) => s.to_string(),
-        None => String::from_utf8_lossy(local_reference.name_bytes()).to_string(),
-    };
-    let msg = format!("Fast-Forward: Setting {} to id: {}", name, remote_commit.id());
-    local_reference.set_target(remote_commit.id(), &msg)?;
-    repo.set_head(&name)?;
-    repo.checkout_head(Some(
-        git2::build::CheckoutBuilder::default()
-            // For some reason, the force is required to make the working directory actually get
-            // updated I suspect we should be adding some logic to handle dirty working directory
-            // states, but this is just an example so maybe not.
-            .force(),
-    ))?;
-    Ok(())
-}
-
-pub(crate) fn merge_normal(
-    repo: &Repository,
-    local: &AnnotatedCommit,
-    remote: &AnnotatedCommit,
-) -> crate::error::Result<()> {
-    info!("Performing normal merge");
-    let local_tree = repo.find_commit(local.id())?.tree()?;
-    let remote_tree = repo.find_commit(remote.id())?.tree()?;
-    let ancestor = repo.find_commit(repo.merge_base(local.id(), remote.id())?)?.tree()?;
-
-    let mut idx = repo.merge_trees(&ancestor, &local_tree, &remote_tree, None)?;
-
-    if idx.has_conflicts() {
-        let conflicts = idx.conflicts()?;
-        for conflict in conflicts {
-            if let Ok(conflict) = conflict {
-                print_conflict(&conflict);
-            }
-        }
-        return Err(MergeConflicts);
-    }
-
-    let result_tree = repo.find_tree(idx.write_tree_to(repo)?)?;
-    // now create the merge commit
-    let msg = format!("Merge: {} into {}", remote.id(), local.id());
-    let sig = repo.signature()?;
-    let local_commit = repo.find_commit(local.id())?;
-    let remote_commit = repo.find_commit(remote.id())?;
-
-    // Do our merge commit and set current branch head to that commit.
-    let _merge_commit = repo.commit(
-        Some("HEAD"),
-        &sig,
-        &sig,
-        &msg,
-        &result_tree,
-        &[&local_commit, &remote_commit],
-    )?;
-
-    // Set working tree to match head.
-    repo.checkout_head(None)?;
-
-    Ok(())
-}
-
-fn print_conflict(conflict: &git2::IndexConflict) {
-    let ancestor = conflict.ancestor.as_ref().map(path_from_index_entry);
-    let ours = conflict.our.as_ref().map(path_from_index_entry);
-    let theirs = conflict.their.as_ref().map(path_from_index_entry);
-
-    println!("Conflict detected:");
-    if let Some(path) = ancestor {
-        println!("  Common ancestor: {:?}", path);
-    }
-    if let Some(path) = ours {
-        println!("  Ours: {:?}", path);
-    }
-    if let Some(path) = theirs {
-        println!("  Theirs: {:?}", path);
-    }
-}
-
-fn path_from_index_entry(entry: &IndexEntry) -> String {
-    String::from_utf8_lossy(entry.path.as_slice()).into_owned()
-}
--- a/crates/yaak-git/src/pull.rs
+++ b/crates/yaak-git/src/pull.rs
@@ -15,9 +15,23 @@ pub enum PullResult {
    Success { message: String },
    UpToDate,
    NeedsCredentials { url: String, error: Option<String> },
+    Diverged { remote: String, branch: String },
+    UncommittedChanges,
+}
+
+fn has_uncommitted_changes(dir: &Path) -> Result<bool> {
+    let repo = open_repo(dir)?;
+    let mut opts = git2::StatusOptions::new();
+    opts.include_ignored(false).include_untracked(false);
+    let statuses = repo.statuses(Some(&mut opts))?;
+    Ok(statuses.iter().any(|e| e.status() != git2::Status::CURRENT))
 }

 pub async fn git_pull(dir: &Path) -> Result<PullResult> {
+    if has_uncommitted_changes(dir)? {
+        return Ok(PullResult::UncommittedChanges);
+    }
+
    // Extract all git2 data before any await points (git2 types are not Send)
    let (branch_name, remote_name, remote_url) = {
        let repo = open_repo(dir)?;
@@ -56,6 +70,13 @@ pub async fn git_pull(dir: &Path) -> Result<PullResult> {
    }

    if !out.status.success() {
+        let combined_lower = combined.to_lowercase();
+        if combined_lower.contains("cannot fast-forward")
+            || combined_lower.contains("not possible to fast-forward")
+            || combined_lower.contains("diverged")
+        {
+            return Ok(PullResult::Diverged { remote: remote_name, branch: branch_name });
+        }
        return Err(GenericError(format!("Failed to pull {combined}")));
    }

@@ -66,6 +87,65 @@ pub async fn git_pull(dir: &Path) -> Result<PullResult> {
    Ok(PullResult::Success { message: format!("Pulled from {}/{}", remote_name, branch_name) })
 }

+pub async fn git_pull_force_reset(dir: &Path, remote: &str, branch: &str) -> Result<PullResult> {
+    // Step 1: fetch the remote
+    let fetch_out = new_binary_command(dir)
+        .await?
+        .args(["fetch", remote])
+        .env("GIT_TERMINAL_PROMPT", "0")
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git fetch: {e}")))?;
+
+    if !fetch_out.status.success() {
+        let stderr = String::from_utf8_lossy(&fetch_out.stderr);
+        return Err(GenericError(format!("Failed to fetch: {stderr}")));
+    }
+
+    // Step 2: reset --hard to remote/branch
+    let ref_name = format!("{}/{}", remote, branch);
+    let reset_out = new_binary_command(dir)
+        .await?
+        .args(["reset", "--hard", &ref_name])
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git reset: {e}")))?;
+
+    if !reset_out.status.success() {
+        let stderr = String::from_utf8_lossy(&reset_out.stderr);
+        return Err(GenericError(format!("Failed to reset: {}", stderr.trim())));
+    }
+
+    Ok(PullResult::Success { message: format!("Reset to {}/{}", remote, branch) })
+}
+
+pub async fn git_pull_merge(dir: &Path, remote: &str, branch: &str) -> Result<PullResult> {
+    let out = new_binary_command(dir)
+        .await?
+        .args(["pull", "--no-rebase", remote, branch])
+        .env("GIT_TERMINAL_PROMPT", "0")
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git pull --no-rebase: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    info!("Pull merge status={} {combined}", out.status);
+
+    if !out.status.success() {
+        if combined.to_lowercase().contains("conflict") {
+            return Err(GenericError(
+                "Merge conflicts detected. Please resolve them manually.".to_string(),
+            ));
+        }
+        return Err(GenericError(format!("Failed to merge pull: {}", combined.trim())));
+    }
+
+    Ok(PullResult::Success { message: format!("Merged from {}/{}", remote, branch) })
+}
+
 // pub(crate) fn git_pull_old(dir: &Path) -> Result<PullResult> {
 //     let repo = open_repo(dir)?;
 //
--- a/crates/yaak-git/src/reset.rs
+++ b/crates/yaak-git/src/reset.rs
@@ -0,0 +1,20 @@
+use crate::binary::new_binary_command;
+use crate::error::Error::GenericError;
+use crate::error::Result;
+use std::path::Path;
+
+pub async fn git_reset_changes(dir: &Path) -> Result<()> {
+    let out = new_binary_command(dir)
+        .await?
+        .args(["reset", "--hard", "HEAD"])
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git reset: {e}")))?;
+
+    if !out.status.success() {
+        let stderr = String::from_utf8_lossy(&out.stderr);
+        return Err(GenericError(format!("Failed to reset: {}", stderr.trim())));
+    }
+
+    Ok(())
+}
--- a/crates/yaak-git/src/status.rs
+++ b/crates/yaak-git/src/status.rs
@@ -18,6 +18,8 @@ pub struct GitStatusSummary {
    pub origins: Vec<String>,
    pub local_branches: Vec<String>,
    pub remote_branches: Vec<String>,
+    pub ahead: u32,
+    pub behind: u32,
 }

 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize, TS)]
@@ -160,6 +162,18 @@ pub fn git_status(dir: &Path) -> crate::error::Result<GitStatusSummary> {
    let local_branches = local_branch_names(&repo)?;
    let remote_branches = remote_branch_names(&repo)?;

+    // Compute ahead/behind relative to remote tracking branch
+    let (ahead, behind) = (|| -> Option<(usize, usize)> {
+        let head = repo.head().ok()?;
+        let local_oid = head.target()?;
+        let branch_name = head.shorthand()?;
+        let upstream_ref =
+            repo.find_branch(&format!("origin/{branch_name}"), git2::BranchType::Remote).ok()?;
+        let upstream_oid = upstream_ref.get().target()?;
+        repo.graph_ahead_behind(local_oid, upstream_oid).ok()
+    })()
+    .unwrap_or((0, 0));
+
    Ok(GitStatusSummary {
        entries,
        origins,
@@ -168,5 +182,7 @@ pub fn git_status(dir: &Path) -> crate::error::Result<GitStatusSummary> {
        head_ref_shorthand,
        local_branches,
        remote_branches,
+        ahead: ahead as u32,
+        behind: behind as u32,
    })
 }
--- a/crates/yaak-git/src/util.rs
+++ b/crates/yaak-git/src/util.rs
@@ -47,10 +47,6 @@ pub(crate) fn remote_branch_names(repo: &Repository) -> Result<Vec<String>> {
    Ok(branches)
 }

-pub(crate) fn get_branch_by_name<'s>(repo: &'s Repository, name: &str) -> Result<Branch<'s>> {
-    Ok(repo.find_branch(name, BranchType::Local)?)
-}
-
 pub(crate) fn bytes_to_string(bytes: &[u8]) -> Result<String> {
    Ok(String::from_utf8(bytes.to_vec())?)
 }
--- a/crates/yaak-grpc/src/manager.rs
+++ b/crates/yaak-grpc/src/manager.rs
@@ -340,10 +340,9 @@ impl GrpcHandle {
        metadata: &BTreeMap<String, String>,
        validate_certificates: bool,
        client_cert: Option<ClientCertificateConfig>,
-        skip_cache: bool,
    ) -> Result<Vec<ServiceDefinition>> {
        // Ensure we have a pool; reflect only if missing
-        if skip_cache || self.get_pool(id, uri, proto_files).is_none() {
+        if self.get_pool(id, uri, proto_files).is_none() {
            info!("Reflecting gRPC services for {} at {}", id, uri);
            self.reflect(id, uri, proto_files, metadata, validate_certificates, client_cert)
                .await?;
--- a/crates/yaak-http/Cargo.toml
+++ b/crates/yaak-http/Cargo.toml
@@ -8,7 +8,7 @@ publish = false
 async-compression = { version = "0.4", features = ["tokio", "gzip", "deflate", "brotli", "zstd"] }
 async-trait = "0.1"
 brotli = "7"
-bytes = "1.5.0"
+bytes = "1.11.1"
 cookie = "0.18.1"
 flate2 = "1"
 futures-util = "0.3"
--- a/crates/yaak-http/src/client.rs
+++ b/crates/yaak-http/src/client.rs
@@ -2,6 +2,8 @@ use crate::dns::LocalhostResolver;
 use crate::error::Result;
 use log::{debug, info, warn};
 use reqwest::{Client, Proxy, redirect};
+use std::sync::Arc;
+use yaak_models::models::DnsOverride;
 use yaak_tls::{ClientCertificateConfig, get_tls_config};

 #[derive(Clone)]
@@ -28,10 +30,14 @@ pub struct HttpConnectionOptions {
    pub validate_certificates: bool,
    pub proxy: HttpConnectionProxySetting,
    pub client_certificate: Option<ClientCertificateConfig>,
+    pub dns_overrides: Vec<DnsOverride>,
 }

 impl HttpConnectionOptions {
-    pub(crate) fn build_client(&self) -> Result<Client> {
+    /// Build a reqwest Client and return it along with the DNS resolver.
+    /// The resolver is returned separately so it can be configured per-request
+    /// to emit DNS timing events to the appropriate channel.
+    pub(crate) fn build_client(&self) -> Result<(Client, Arc<LocalhostResolver>)> {
        let mut client = Client::builder()
            .connection_verbose(true)
            .redirect(redirect::Policy::none())
@@ -40,15 +46,19 @@ impl HttpConnectionOptions {
            .no_brotli()
            .no_deflate()
            .referer(false)
-            .tls_info(true);
+            .tls_info(true)
+            // Disable connection pooling to ensure DNS resolution happens on each request
+            // This is needed so we can emit DNS timing events for each request
+            .pool_max_idle_per_host(0);

        // Configure TLS with optional client certificate
        let config =
            get_tls_config(self.validate_certificates, true, self.client_certificate.clone())?;
        client = client.use_preconfigured_tls(config);

-        // Configure DNS resolver
-        client = client.dns_resolver(LocalhostResolver::new());
+        // Configure DNS resolver - keep a reference to configure per-request
+        let resolver = LocalhostResolver::new(self.dns_overrides.clone());
+        client = client.dns_resolver(resolver.clone());

        // Configure proxy
        match self.proxy.clone() {
@@ -69,7 +79,7 @@ impl HttpConnectionOptions {
            self.client_certificate.is_some()
        );

-        Ok(client.build()?)
+        Ok((client.build()?, resolver))
    }
 }

--- a/crates/yaak-http/src/dns.rs
+++ b/crates/yaak-http/src/dns.rs
@@ -1,53 +1,185 @@
+use crate::sender::HttpResponseEvent;
 use hyper_util::client::legacy::connect::dns::{
    GaiResolver as HyperGaiResolver, Name as HyperName,
 };
+use log::info;
 use reqwest::dns::{Addrs, Name, Resolve, Resolving};
+use std::collections::HashMap;
 use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr};
 use std::str::FromStr;
 use std::sync::Arc;
+use std::time::Instant;
+use tokio::sync::{RwLock, mpsc};
 use tower_service::Service;
+use yaak_models::models::DnsOverride;
+
+/// Stores resolved addresses for a hostname override
+#[derive(Clone)]
+pub struct ResolvedOverride {
+    pub ipv4: Vec<Ipv4Addr>,
+    pub ipv6: Vec<Ipv6Addr>,
+}

 #[derive(Clone)]
 pub struct LocalhostResolver {
    fallback: HyperGaiResolver,
+    event_tx: Arc<RwLock<Option<mpsc::Sender<HttpResponseEvent>>>>,
+    overrides: Arc<HashMap<String, ResolvedOverride>>,
 }

 impl LocalhostResolver {
-    pub fn new() -> Arc<Self> {
+    pub fn new(dns_overrides: Vec<DnsOverride>) -> Arc<Self> {
        let resolver = HyperGaiResolver::new();
-        Arc::new(Self { fallback: resolver })
+
+        // Pre-parse DNS overrides into a lookup map
+        let mut overrides = HashMap::new();
+        for o in dns_overrides {
+            if !o.enabled {
+                continue;
+            }
+            let hostname = o.hostname.to_lowercase();
+
+            let ipv4: Vec<Ipv4Addr> =
+                o.ipv4.iter().filter_map(|s| s.parse::<Ipv4Addr>().ok()).collect();
+
+            let ipv6: Vec<Ipv6Addr> =
+                o.ipv6.iter().filter_map(|s| s.parse::<Ipv6Addr>().ok()).collect();
+
+            // Only add if at least one address is valid
+            if !ipv4.is_empty() || !ipv6.is_empty() {
+                overrides.insert(hostname, ResolvedOverride { ipv4, ipv6 });
+            }
+        }
+
+        Arc::new(Self {
+            fallback: resolver,
+            event_tx: Arc::new(RwLock::new(None)),
+            overrides: Arc::new(overrides),
+        })
+    }
+
+    /// Set the event sender for the current request.
+    /// This should be called before each request to direct DNS events
+    /// to the appropriate channel.
+    pub async fn set_event_sender(&self, tx: Option<mpsc::Sender<HttpResponseEvent>>) {
+        let mut guard = self.event_tx.write().await;
+        *guard = tx;
    }
 }

 impl Resolve for LocalhostResolver {
    fn resolve(&self, name: Name) -> Resolving {
        let host = name.as_str().to_lowercase();
+        let event_tx = self.event_tx.clone();
+        let overrides = self.overrides.clone();

+        info!("DNS resolve called for: {}", host);
+
+        // Check for DNS override first
+        if let Some(resolved) = overrides.get(&host) {
+            log::debug!("DNS override found for: {}", host);
+            let hostname = host.clone();
+            let mut addrs: Vec<SocketAddr> = Vec::new();
+
+            // Add IPv4 addresses
+            for ip in &resolved.ipv4 {
+                addrs.push(SocketAddr::new(IpAddr::V4(*ip), 0));
+            }
+
+            // Add IPv6 addresses
+            for ip in &resolved.ipv6 {
+                addrs.push(SocketAddr::new(IpAddr::V6(*ip), 0));
+            }
+
+            let addresses: Vec<String> = addrs.iter().map(|a| a.ip().to_string()).collect();
+
+            return Box::pin(async move {
+                // Emit DNS event for override
+                let guard = event_tx.read().await;
+                if let Some(tx) = guard.as_ref() {
+                    let _ = tx
+                        .send(HttpResponseEvent::DnsResolved {
+                            hostname,
+                            addresses,
+                            duration: 0,
+                            overridden: true,
+                        })
+                        .await;
+                }
+
+                Ok::<Addrs, Box<dyn std::error::Error + Send + Sync>>(Box::new(addrs.into_iter()))
+            });
+        }
+
+        // Check for .localhost suffix
        let is_localhost = host.ends_with(".localhost");
        if is_localhost {
+            let hostname = host.clone();
            // Port 0 is fine; reqwest replaces it with the URL's explicit
-            // port or the scheme’s default (80/443, etc.).
-            // (See docs note below.)
+            // port or the scheme's default (80/443, etc.).
            let addrs: Vec<SocketAddr> = vec![
                SocketAddr::new(IpAddr::V4(Ipv4Addr::LOCALHOST), 0),
                SocketAddr::new(IpAddr::V6(Ipv6Addr::LOCALHOST), 0),
            ];

+            let addresses: Vec<String> = addrs.iter().map(|a| a.ip().to_string()).collect();
+
            return Box::pin(async move {
+                // Emit DNS event for localhost resolution
+                let guard = event_tx.read().await;
+                if let Some(tx) = guard.as_ref() {
+                    let _ = tx
+                        .send(HttpResponseEvent::DnsResolved {
+                            hostname,
+                            addresses,
+                            duration: 0,
+                            overridden: false,
+                        })
+                        .await;
+                }
+
                Ok::<Addrs, Box<dyn std::error::Error + Send + Sync>>(Box::new(addrs.into_iter()))
            });
        }

+        // Fall back to system DNS
        let mut fallback = self.fallback.clone();
        let name_str = name.as_str().to_string();
+        let hostname = host.clone();
+
        Box::pin(async move {
-            match HyperName::from_str(&name_str) {
-                Ok(n) => fallback
-                    .call(n)
-                    .await
-                    .map(|addrs| Box::new(addrs) as Addrs)
-                    .map_err(|err| Box::new(err) as Box<dyn std::error::Error + Send + Sync>),
-                Err(e) => Err(Box::new(e) as Box<dyn std::error::Error + Send + Sync>),
+            let start = Instant::now();
+
+            let result = match HyperName::from_str(&name_str) {
+                Ok(n) => fallback.call(n).await,
+                Err(e) => return Err(Box::new(e) as Box<dyn std::error::Error + Send + Sync>),
+            };
+
+            let duration = start.elapsed().as_millis() as u64;
+
+            match result {
+                Ok(addrs) => {
+                    // Collect addresses for event emission
+                    let addr_vec: Vec<SocketAddr> = addrs.collect();
+                    let addresses: Vec<String> =
+                        addr_vec.iter().map(|a| a.ip().to_string()).collect();
+
+                    // Emit DNS event
+                    let guard = event_tx.read().await;
+                    if let Some(tx) = guard.as_ref() {
+                        let _ = tx
+                            .send(HttpResponseEvent::DnsResolved {
+                                hostname,
+                                addresses,
+                                duration,
+                                overridden: false,
+                            })
+                            .await;
+                    }
+
+                    Ok(Box::new(addr_vec.into_iter()) as Addrs)
+                }
+                Err(err) => Err(Box::new(err) as Box<dyn std::error::Error + Send + Sync>),
            }
        })
    }
--- a/crates/yaak-http/src/manager.rs
+++ b/crates/yaak-http/src/manager.rs
@@ -1,4 +1,5 @@
 use crate::client::HttpConnectionOptions;
+use crate::dns::LocalhostResolver;
 use crate::error::Result;
 use log::info;
 use reqwest::Client;
@@ -7,8 +8,15 @@ use std::sync::Arc;
 use std::time::{Duration, Instant};
 use tokio::sync::RwLock;

+/// A cached HTTP client along with its DNS resolver.
+/// The resolver is needed to set the event sender per-request.
+pub struct CachedClient {
+    pub client: Client,
+    pub resolver: Arc<LocalhostResolver>,
+}
+
 pub struct HttpConnectionManager {
-    connections: Arc<RwLock<BTreeMap<String, (Client, Instant)>>>,
+    connections: Arc<RwLock<BTreeMap<String, (CachedClient, Instant)>>>,
    ttl: Duration,
 }

@@ -20,21 +28,26 @@ impl HttpConnectionManager {
        }
    }

-    pub async fn get_client(&self, opt: &HttpConnectionOptions) -> Result<Client> {
+    pub async fn get_client(&self, opt: &HttpConnectionOptions) -> Result<CachedClient> {
        let mut connections = self.connections.write().await;
        let id = opt.id.clone();

        // Clean old connections
        connections.retain(|_, (_, last_used)| last_used.elapsed() <= self.ttl);

-        if let Some((c, last_used)) = connections.get_mut(&id) {
+        if let Some((cached, last_used)) = connections.get_mut(&id) {
            info!("Re-using HTTP client {id}");
            *last_used = Instant::now();
-            return Ok(c.clone());
+            return Ok(CachedClient {
+                client: cached.client.clone(),
+                resolver: cached.resolver.clone(),
+            });
        }

-        let c = opt.build_client()?;
-        connections.insert(id.into(), (c.clone(), Instant::now()));
-        Ok(c)
+        let (client, resolver) = opt.build_client()?;
+        let cached = CachedClient { client: client.clone(), resolver: resolver.clone() };
+        connections.insert(id.into(), (cached, Instant::now()));
+
+        Ok(CachedClient { client, resolver })
    }
 }
--- a/crates/yaak-http/src/sender.rs
+++ b/crates/yaak-http/src/sender.rs
@@ -31,7 +31,14 @@ pub enum HttpResponseEvent {
    },
    SendUrl {
        method: String,
+        scheme: String,
+        username: String,
+        password: String,
+        host: String,
+        port: u16,
        path: String,
+        query: String,
+        fragment: String,
    },
    ReceiveUrl {
        version: Version,
@@ -45,6 +52,12 @@ pub enum HttpResponseEvent {
    ChunkReceived {
        bytes: usize,
    },
+    DnsResolved {
+        hostname: String,
+        addresses: Vec<String>,
+        duration: u64,
+        overridden: bool,
+    },
 }

 impl Display for HttpResponseEvent {
@@ -59,7 +72,16 @@ impl Display for HttpResponseEvent {
                };
                write!(f, "* Redirect {} -> {} ({})", status, url, behavior_str)
            }
-            HttpResponseEvent::SendUrl { method, path } => write!(f, "> {} {}", method, path),
+            HttpResponseEvent::SendUrl { method, scheme, username, password, host, port, path, query, fragment } => {
+                let auth_str = if username.is_empty() && password.is_empty() {
+                    String::new()
+                } else {
+                    format!("{}:{}@", username, password)
+                };
+                let query_str = if query.is_empty() { String::new() } else { format!("?{}", query) };
+                let fragment_str = if fragment.is_empty() { String::new() } else { format!("#{}", fragment) };
+                write!(f, "> {} {}://{}{}:{}{}{}{}", method, scheme, auth_str, host, port, path, query_str, fragment_str)
+            }
            HttpResponseEvent::ReceiveUrl { version, status } => {
                write!(f, "< {} {}", version_to_str(version), status)
            }
@@ -67,6 +89,19 @@ impl Display for HttpResponseEvent {
            HttpResponseEvent::HeaderDown(name, value) => write!(f, "< {}: {}", name, value),
            HttpResponseEvent::ChunkSent { bytes } => write!(f, "> [{} bytes sent]", bytes),
            HttpResponseEvent::ChunkReceived { bytes } => write!(f, "< [{} bytes received]", bytes),
+            HttpResponseEvent::DnsResolved { hostname, addresses, duration, overridden } => {
+                if *overridden {
+                    write!(f, "* DNS override {} -> {}", hostname, addresses.join(", "))
+                } else {
+                    write!(
+                        f,
+                        "* DNS resolved {} to {} ({}ms)",
+                        hostname,
+                        addresses.join(", "),
+                        duration
+                    )
+                }
+            }
        }
    }
 }
@@ -85,7 +120,9 @@ impl From<HttpResponseEvent> for yaak_models::models::HttpResponseEventData {
                    RedirectBehavior::DropBody => "drop_body".to_string(),
                },
            },
-            HttpResponseEvent::SendUrl { method, path } => D::SendUrl { method, path },
+            HttpResponseEvent::SendUrl { method, scheme, username, password, host, port, path, query, fragment } => {
+                D::SendUrl { method, scheme, username, password, host, port, path, query, fragment }
+            }
            HttpResponseEvent::ReceiveUrl { version, status } => {
                D::ReceiveUrl { version: format!("{:?}", version), status }
            }
@@ -93,6 +130,9 @@ impl From<HttpResponseEvent> for yaak_models::models::HttpResponseEventData {
            HttpResponseEvent::HeaderDown(name, value) => D::HeaderDown { name, value },
            HttpResponseEvent::ChunkSent { bytes } => D::ChunkSent { bytes },
            HttpResponseEvent::ChunkReceived { bytes } => D::ChunkReceived { bytes },
+            HttpResponseEvent::DnsResolved { hostname, addresses, duration, overridden } => {
+                D::DnsResolved { hostname, addresses, duration, overridden }
+            }
        }
    }
 }
@@ -354,6 +394,9 @@ impl HttpSender for ReqwestSender {

        // Add headers
        for header in request.headers {
+            if header.0.is_empty() {
+                continue;
+            }
            req_builder = req_builder.header(&header.0, &header.1);
        }

@@ -390,8 +433,15 @@ impl HttpSender for ReqwestSender {
        ));

        send_event(HttpResponseEvent::SendUrl {
-            path: sendable_req.url().path().to_string(),
            method: sendable_req.method().to_string(),
+            scheme: sendable_req.url().scheme().to_string(),
+            username: sendable_req.url().username().to_string(),
+            password: sendable_req.url().password().unwrap_or_default().to_string(),
+            host: sendable_req.url().host_str().unwrap_or_default().to_string(),
+            port: sendable_req.url().port_or_known_default().unwrap_or(0),
+            path: sendable_req.url().path().to_string(),
+            query: sendable_req.url().query().unwrap_or_default().to_string(),
+            fragment: sendable_req.url().fragment().unwrap_or_default().to_string(),
        });

        let mut request_headers = Vec::new();
--- a/crates/yaak-http/src/transaction.rs
+++ b/crates/yaak-http/src/transaction.rs
@@ -168,6 +168,7 @@ impl<S: HttpSender> HttpTransaction<S> {
            response.drain().await?;

            // Update the request URL
+            let previous_url = current_url.clone();
            current_url = if location.starts_with("http://") || location.starts_with("https://") {
                // Absolute URL
                location
@@ -181,6 +182,8 @@ impl<S: HttpSender> HttpTransaction<S> {
                format!("{}/{}", base_path, location)
            };

+            Self::remove_sensitive_headers(&mut current_headers, &previous_url, &current_url);
+
            // Determine redirect behavior based on status code and method
            let behavior = if status == 303 {
                // 303 See Other always changes to GET
@@ -220,6 +223,33 @@ impl<S: HttpSender> HttpTransaction<S> {
        }
    }

+    /// Remove sensitive headers when redirecting to a different host.
+    /// This matches reqwest's `remove_sensitive_headers()` behavior and prevents
+    /// credentials from being forwarded to third-party servers (e.g., an
+    /// Authorization header sent from an API redirect to an S3 bucket).
+    fn remove_sensitive_headers(
+        headers: &mut Vec<(String, String)>,
+        previous_url: &str,
+        next_url: &str,
+    ) {
+        let previous_host = Url::parse(previous_url).ok().and_then(|u| {
+            u.host_str().map(|h| format!("{}:{}", h, u.port_or_known_default().unwrap_or(0)))
+        });
+        let next_host = Url::parse(next_url).ok().and_then(|u| {
+            u.host_str().map(|h| format!("{}:{}", h, u.port_or_known_default().unwrap_or(0)))
+        });
+        if previous_host != next_host {
+            headers.retain(|h| {
+                let name_lower = h.0.to_lowercase();
+                name_lower != "authorization"
+                    && name_lower != "cookie"
+                    && name_lower != "cookie2"
+                    && name_lower != "proxy-authorization"
+                    && name_lower != "www-authenticate"
+            });
+        }
+    }
+
    /// Check if a status code indicates a redirect
    fn is_redirect(status: u16) -> bool {
        matches!(status, 301 | 302 | 303 | 307 | 308)
@@ -269,9 +299,20 @@ mod tests {
    use tokio::io::AsyncRead;
    use tokio::sync::Mutex;

+    /// Captured request metadata for test assertions
+    #[derive(Debug, Clone)]
+    #[allow(dead_code)]
+    struct CapturedRequest {
+        url: String,
+        method: String,
+        headers: Vec<(String, String)>,
+    }
+
    /// Mock sender for testing
    struct MockSender {
        responses: Arc<Mutex<Vec<MockResponse>>>,
+        /// Captured requests for assertions
+        captured_requests: Arc<Mutex<Vec<CapturedRequest>>>,
    }

    struct MockResponse {
@@ -282,7 +323,10 @@ mod tests {

    impl MockSender {
        fn new(responses: Vec<MockResponse>) -> Self {
-            Self { responses: Arc::new(Mutex::new(responses)) }
+            Self {
+                responses: Arc::new(Mutex::new(responses)),
+                captured_requests: Arc::new(Mutex::new(Vec::new())),
+            }
        }
    }

@@ -290,9 +334,16 @@ mod tests {
    impl HttpSender for MockSender {
        async fn send(
            &self,
-            _request: SendableHttpRequest,
+            request: SendableHttpRequest,
            _event_tx: mpsc::Sender<HttpResponseEvent>,
        ) -> Result<HttpResponse> {
+            // Capture the request metadata for later assertions
+            self.captured_requests.lock().await.push(CapturedRequest {
+                url: request.url.clone(),
+                method: request.method.clone(),
+                headers: request.headers.clone(),
+            });
+
            let mut responses = self.responses.lock().await;
            if responses.is_empty() {
                Err(crate::error::Error::RequestError("No more mock responses".to_string()))
@@ -726,4 +777,116 @@ mod tests {
        assert!(result.is_ok());
        assert_eq!(request_count.load(Ordering::SeqCst), 2);
    }
+
+    #[tokio::test]
+    async fn test_cross_origin_redirect_strips_auth_headers() {
+        // Redirect from api.example.com -> s3.amazonaws.com should strip Authorization
+        let responses = vec![
+            MockResponse {
+                status: 302,
+                headers: vec![(
+                    "Location".to_string(),
+                    "https://s3.amazonaws.com/bucket/file.pdf".to_string(),
+                )],
+                body: vec![],
+            },
+            MockResponse { status: 200, headers: Vec::new(), body: b"PDF content".to_vec() },
+        ];
+
+        let sender = MockSender::new(responses);
+        let captured = sender.captured_requests.clone();
+        let transaction = HttpTransaction::new(sender);
+
+        let request = SendableHttpRequest {
+            url: "https://api.example.com/download".to_string(),
+            method: "GET".to_string(),
+            headers: vec![
+                ("Authorization".to_string(), "Basic dXNlcjpwYXNz".to_string()),
+                ("Accept".to_string(), "application/pdf".to_string()),
+            ],
+            options: crate::types::SendableHttpRequestOptions {
+                follow_redirects: true,
+                ..Default::default()
+            },
+            ..Default::default()
+        };
+
+        let (_tx, rx) = tokio::sync::watch::channel(false);
+        let (event_tx, _event_rx) = mpsc::channel(100);
+        let result = transaction.execute_with_cancellation(request, rx, event_tx).await.unwrap();
+        assert_eq!(result.status, 200);
+
+        let requests = captured.lock().await;
+        assert_eq!(requests.len(), 2);
+
+        // First request should have the Authorization header
+        assert!(
+            requests[0].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("authorization")),
+            "First request should have Authorization header"
+        );
+
+        // Second request (to different host) should NOT have the Authorization header
+        assert!(
+            !requests[1].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("authorization")),
+            "Redirected request to different host should NOT have Authorization header"
+        );
+
+        // Non-sensitive headers should still be present
+        assert!(
+            requests[1].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("accept")),
+            "Non-sensitive headers should be preserved across cross-origin redirects"
+        );
+    }
+
+    #[tokio::test]
+    async fn test_same_origin_redirect_preserves_auth_headers() {
+        // Redirect within the same host should keep Authorization
+        let responses = vec![
+            MockResponse {
+                status: 302,
+                headers: vec![(
+                    "Location".to_string(),
+                    "https://api.example.com/v2/download".to_string(),
+                )],
+                body: vec![],
+            },
+            MockResponse { status: 200, headers: Vec::new(), body: b"OK".to_vec() },
+        ];
+
+        let sender = MockSender::new(responses);
+        let captured = sender.captured_requests.clone();
+        let transaction = HttpTransaction::new(sender);
+
+        let request = SendableHttpRequest {
+            url: "https://api.example.com/v1/download".to_string(),
+            method: "GET".to_string(),
+            headers: vec![
+                ("Authorization".to_string(), "Bearer token123".to_string()),
+                ("Accept".to_string(), "application/json".to_string()),
+            ],
+            options: crate::types::SendableHttpRequestOptions {
+                follow_redirects: true,
+                ..Default::default()
+            },
+            ..Default::default()
+        };
+
+        let (_tx, rx) = tokio::sync::watch::channel(false);
+        let (event_tx, _event_rx) = mpsc::channel(100);
+        let result = transaction.execute_with_cancellation(request, rx, event_tx).await.unwrap();
+        assert_eq!(result.status, 200);
+
+        let requests = captured.lock().await;
+        assert_eq!(requests.len(), 2);
+
+        // Both requests should have the Authorization header (same host)
+        assert!(
+            requests[0].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("authorization")),
+            "First request should have Authorization header"
+        );
+        assert!(
+            requests[1].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("authorization")),
+            "Redirected request to same host should preserve Authorization header"
+        );
+    }
 }
--- a/crates/yaak-models/bindings/gen_models.ts
+++ b/crates/yaak-models/bindings/gen_models.ts
@@ -12,6 +12,8 @@ export type CookieExpires = { "AtUtc": string } | "SessionEnd";

 export type CookieJar = { model: "cookie_jar", id: string, createdAt: string, updatedAt: string, workspaceId: string, cookies: Array<Cookie>, name: string, };

+export type DnsOverride = { hostname: string, ipv4: Array<string>, ipv6: Array<string>, enabled?: boolean, };
+
 export type EditorKeymap = "default" | "vim" | "vscode" | "emacs";

 export type EncryptedKey = { encryptedKey: string, };
@@ -38,7 +40,7 @@ export type HttpRequest = { model: "http_request", id: string, createdAt: string

 export type HttpRequestHeader = { enabled?: boolean, name: string, value: string, id?: string, };

-export type HttpResponse = { model: "http_response", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, bodyPath: string | null, contentLength: number | null, contentLengthCompressed: number | null, elapsed: number, elapsedHeaders: number, error: string | null, headers: Array<HttpResponseHeader>, remoteAddr: string | null, requestContentLength: number | null, requestHeaders: Array<HttpResponseHeader>, status: number, statusReason: string | null, state: HttpResponseState, url: string, version: string | null, };
+export type HttpResponse = { model: "http_response", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, bodyPath: string | null, contentLength: number | null, contentLengthCompressed: number | null, elapsed: number, elapsedHeaders: number, elapsedDns: number, error: string | null, headers: Array<HttpResponseHeader>, remoteAddr: string | null, requestContentLength: number | null, requestHeaders: Array<HttpResponseHeader>, status: number, statusReason: string | null, state: HttpResponseState, url: string, version: string | null, };

 export type HttpResponseEvent = { model: "http_response_event", id: string, createdAt: string, updatedAt: string, workspaceId: string, responseId: string, event: HttpResponseEventData, };

@@ -47,7 +49,7 @@ export type HttpResponseEvent = { model: "http_response_event", id: string, crea
 * This mirrors `yaak_http::sender::HttpResponseEvent` but with serde support.
 * The `From` impl is in yaak-http to avoid circular dependencies.
 */
-export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, path: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, };
+export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, scheme: string, username: string, password: string, host: string, port: number, path: string, query: string, fragment: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, } | { "type": "dns_resolved", hostname: string, addresses: Array<string>, duration: bigint, overridden: boolean, };

 export type HttpResponseHeader = { name: string, value: string, };

@@ -91,6 +93,6 @@ export type WebsocketMessageType = "text" | "binary";

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, settingDnsOverrides: Array<DnsOverride>, };

 export type WorkspaceMeta = { model: "workspace_meta", id: string, workspaceId: string, createdAt: string, updatedAt: string, encryptionKey: EncryptedKey | null, settingSyncDir: string | null, };
--- a/crates/yaak-models/guest-js/store.ts
+++ b/crates/yaak-models/guest-js/store.ts
@@ -209,12 +209,24 @@ export function replaceModelsInStore<
 export function mergeModelsInStore<
  M extends AnyModel['model'],
  T extends Extract<AnyModel, { model: M }>,
->(model: M, models: T[]) {
+>(model: M, models: T[], filter?: (model: T) => boolean) {
  mustStore().set(modelStoreDataAtom, (prev: ModelStoreData) => {
    const existingModels = { ...prev[model] } as Record<string, T>;
+
+    // Merge in new models first
    for (const m of models) {
      existingModels[m.id] = m;
    }
+
+    // Then filter out unwanted models
+    if (filter) {
+      for (const [id, m] of Object.entries(existingModels)) {
+        if (!filter(m)) {
+          delete existingModels[id];
+        }
+      }
+    }
+
    return {
      ...prev,
      [model]: existingModels,
--- a/crates/yaak-models/migrations/20260111000000_dns-timing.sql
+++ b/crates/yaak-models/migrations/20260111000000_dns-timing.sql
@@ -0,0 +1,2 @@
+-- Add DNS resolution timing to http_responses
+ALTER TABLE http_responses ADD COLUMN elapsed_dns INTEGER DEFAULT 0 NOT NULL;
--- a/crates/yaak-models/migrations/20260112000000_dns-overrides.sql
+++ b/crates/yaak-models/migrations/20260112000000_dns-overrides.sql
@@ -0,0 +1,2 @@
+-- Add DNS overrides setting to workspaces
+ALTER TABLE workspaces ADD COLUMN setting_dns_overrides TEXT DEFAULT '[]' NOT NULL;
--- a/crates/yaak-models/migrations/20260119045146_remove-default-workspace-headers.sql
+++ b/crates/yaak-models/migrations/20260119045146_remove-default-workspace-headers.sql
@@ -0,0 +1,12 @@
+-- Filter out headers that match the hardcoded defaults (User-Agent: yaak, Accept: */*),
+-- keeping any other custom headers the user may have added.
+UPDATE workspaces
+SET headers = (
+    SELECT json_group_array(json(value))
+    FROM json_each(headers)
+    WHERE NOT (
+        (LOWER(json_extract(value, '$.name')) = 'user-agent' AND json_extract(value, '$.value') = 'yaak')
+        OR (LOWER(json_extract(value, '$.name')) = 'accept' AND json_extract(value, '$.value') = '*/*')
+    )
+)
+WHERE json_array_length(headers) > 0;
--- a/crates/yaak-models/src/models.rs
+++ b/crates/yaak-models/src/models.rs
@@ -73,6 +73,20 @@ pub struct ClientCertificate {
    pub enabled: bool,
 }

+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export, export_to = "gen_models.ts")]
+pub struct DnsOverride {
+    pub hostname: String,
+    #[serde(default)]
+    pub ipv4: Vec<String>,
+    #[serde(default)]
+    pub ipv6: Vec<String>,
+    #[serde(default = "default_true")]
+    #[ts(optional, as = "Option<bool>")]
+    pub enabled: bool,
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize, TS)]
 #[serde(rename_all = "snake_case")]
 #[ts(export, export_to = "gen_models.ts")]
@@ -303,6 +317,8 @@ pub struct Workspace {
    #[serde(default = "default_true")]
    pub setting_follow_redirects: bool,
    pub setting_request_timeout: i32,
+    #[serde(default)]
+    pub setting_dns_overrides: Vec<DnsOverride>,
 }

 impl UpsertModelInfo for Workspace {
@@ -343,6 +359,7 @@ impl UpsertModelInfo for Workspace {
            (SettingFollowRedirects, self.setting_follow_redirects.into()),
            (SettingRequestTimeout, self.setting_request_timeout.into()),
            (SettingValidateCertificates, self.setting_validate_certificates.into()),
+            (SettingDnsOverrides, serde_json::to_string(&self.setting_dns_overrides)?.into()),
        ])
    }

@@ -359,6 +376,7 @@ impl UpsertModelInfo for Workspace {
            WorkspaceIden::SettingFollowRedirects,
            WorkspaceIden::SettingRequestTimeout,
            WorkspaceIden::SettingValidateCertificates,
+            WorkspaceIden::SettingDnsOverrides,
        ]
    }

@@ -368,6 +386,7 @@ impl UpsertModelInfo for Workspace {
    {
        let headers: String = row.get("headers")?;
        let authentication: String = row.get("authentication")?;
+        let setting_dns_overrides: String = row.get("setting_dns_overrides")?;
        Ok(Self {
            id: row.get("id")?,
            model: row.get("model")?,
@@ -382,6 +401,7 @@ impl UpsertModelInfo for Workspace {
            setting_follow_redirects: row.get("setting_follow_redirects")?,
            setting_request_timeout: row.get("setting_request_timeout")?,
            setting_validate_certificates: row.get("setting_validate_certificates")?,
+            setting_dns_overrides: serde_json::from_str(&setting_dns_overrides).unwrap_or_default(),
        })
    }
 }
@@ -1333,6 +1353,7 @@ pub struct HttpResponse {
    pub content_length_compressed: Option<i32>,
    pub elapsed: i32,
    pub elapsed_headers: i32,
+    pub elapsed_dns: i32,
    pub error: Option<String>,
    pub headers: Vec<HttpResponseHeader>,
    pub remote_addr: Option<String>,
@@ -1381,6 +1402,7 @@ impl UpsertModelInfo for HttpResponse {
            (ContentLengthCompressed, self.content_length_compressed.into()),
            (Elapsed, self.elapsed.into()),
            (ElapsedHeaders, self.elapsed_headers.into()),
+            (ElapsedDns, self.elapsed_dns.into()),
            (Error, self.error.into()),
            (Headers, serde_json::to_string(&self.headers)?.into()),
            (RemoteAddr, self.remote_addr.into()),
@@ -1402,6 +1424,7 @@ impl UpsertModelInfo for HttpResponse {
            HttpResponseIden::ContentLengthCompressed,
            HttpResponseIden::Elapsed,
            HttpResponseIden::ElapsedHeaders,
+            HttpResponseIden::ElapsedDns,
            HttpResponseIden::Error,
            HttpResponseIden::Headers,
            HttpResponseIden::RemoteAddr,
@@ -1435,6 +1458,7 @@ impl UpsertModelInfo for HttpResponse {
            version: r.get("version")?,
            elapsed: r.get("elapsed")?,
            elapsed_headers: r.get("elapsed_headers")?,
+            elapsed_dns: r.get("elapsed_dns").unwrap_or_default(),
            remote_addr: r.get("remote_addr")?,
            status: r.get("status")?,
            status_reason: r.get("status_reason")?,
@@ -1471,7 +1495,21 @@ pub enum HttpResponseEventData {
    },
    SendUrl {
        method: String,
+        #[serde(default)]
+        scheme: String,
+        #[serde(default)]
+        username: String,
+        #[serde(default)]
+        password: String,
+        #[serde(default)]
+        host: String,
+        #[serde(default)]
+        port: u16,
        path: String,
+        #[serde(default)]
+        query: String,
+        #[serde(default)]
+        fragment: String,
    },
    ReceiveUrl {
        version: String,
@@ -1491,6 +1529,12 @@ pub enum HttpResponseEventData {
    ChunkReceived {
        bytes: usize,
    },
+    DnsResolved {
+        hostname: String,
+        addresses: Vec<String>,
+        duration: u64,
+        overridden: bool,
+    },
 }

 impl Default for HttpResponseEventData {
--- a/crates/yaak-models/src/queries/grpc_requests.rs
+++ b/crates/yaak-models/src/queries/grpc_requests.rs
@@ -1,3 +1,4 @@
+use super::dedupe_headers;
 use crate::db_context::DbContext;
 use crate::error::Result;
 use crate::models::{GrpcRequest, GrpcRequestIden, HttpRequestHeader};
@@ -87,6 +88,6 @@ impl<'a> DbContext<'a> {

        metadata.append(&mut grpc_request.metadata.clone());

-        Ok(metadata)
+        Ok(dedupe_headers(metadata))
    }
 }
--- a/crates/yaak-models/src/queries/http_requests.rs
+++ b/crates/yaak-models/src/queries/http_requests.rs
@@ -1,3 +1,4 @@
+use super::dedupe_headers;
 use crate::db_context::DbContext;
 use crate::error::Result;
 use crate::models::{Folder, FolderIden, HttpRequest, HttpRequestHeader, HttpRequestIden};
@@ -87,7 +88,7 @@ impl<'a> DbContext<'a> {

        headers.append(&mut http_request.headers.clone());

-        Ok(headers)
+        Ok(dedupe_headers(headers))
    }

    pub fn list_http_requests_for_folder_recursive(
--- a/crates/yaak-models/src/queries/mod.rs
+++ b/crates/yaak-models/src/queries/mod.rs
@@ -19,6 +19,26 @@ mod websocket_connections;
 mod websocket_events;
 mod websocket_requests;
 mod workspace_metas;
-mod workspaces;
+pub mod workspaces;

 const MAX_HISTORY_ITEMS: usize = 20;
+
+use crate::models::HttpRequestHeader;
+use std::collections::HashMap;
+
+/// Deduplicate headers by name (case-insensitive), keeping the latest (most specific) value.
+/// Preserves the order of first occurrence for each header name.
+pub(crate) fn dedupe_headers(headers: Vec<HttpRequestHeader>) -> Vec<HttpRequestHeader> {
+    let mut index_by_name: HashMap<String, usize> = HashMap::new();
+    let mut deduped: Vec<HttpRequestHeader> = Vec::new();
+    for header in headers {
+        let key = header.name.to_lowercase();
+        if let Some(&idx) = index_by_name.get(&key) {
+            deduped[idx] = header;
+        } else {
+            index_by_name.insert(key, deduped.len());
+            deduped.push(header);
+        }
+    }
+    deduped
+}
--- a/crates/yaak-models/src/queries/websocket_requests.rs
+++ b/crates/yaak-models/src/queries/websocket_requests.rs
@@ -1,3 +1,4 @@
+use super::dedupe_headers;
 use crate::db_context::DbContext;
 use crate::error::Result;
 use crate::models::{HttpRequestHeader, WebsocketRequest, WebsocketRequestIden};
@@ -95,6 +96,6 @@ impl<'a> DbContext<'a> {

        headers.append(&mut websocket_request.headers.clone());

-        Ok(headers)
+        Ok(dedupe_headers(headers))
    }
 }
--- a/crates/yaak-models/src/queries/workspaces.rs
+++ b/crates/yaak-models/src/queries/workspaces.rs
@@ -65,28 +65,7 @@ impl<'a> DbContext<'a> {
    }

    pub fn upsert_workspace(&self, w: &Workspace, source: &UpdateSource) -> Result<Workspace> {
-        let mut workspace = w.clone();
-
-        // Add default headers only for NEW workspaces (empty ID means insert, not update)
-        // This prevents re-adding headers if a user intentionally removes all headers
-        if workspace.id.is_empty() && workspace.headers.is_empty() {
-            workspace.headers = vec![
-                HttpRequestHeader {
-                    enabled: true,
-                    name: "User-Agent".to_string(),
-                    value: "yaak".to_string(),
-                    id: None,
-                },
-                HttpRequestHeader {
-                    enabled: true,
-                    name: "Accept".to_string(),
-                    value: "*/*".to_string(),
-                    id: None,
-                },
-            ];
-        }
-
-        self.upsert(&workspace, source)
+        self.upsert(w, source)
    }

    pub fn resolve_auth_for_workspace(
@@ -101,6 +80,28 @@ impl<'a> DbContext<'a> {
    }

    pub fn resolve_headers_for_workspace(&self, workspace: &Workspace) -> Vec<HttpRequestHeader> {
-        workspace.headers.clone()
+        let mut headers = default_headers();
+        headers.extend(workspace.headers.clone());
+        headers
    }
 }
+
+/// Global default headers that are always sent with requests unless overridden.
+/// These are prepended to the inheritance chain so workspace/folder/request headers
+/// can override or disable them.
+pub fn default_headers() -> Vec<HttpRequestHeader> {
+    vec![
+        HttpRequestHeader {
+            enabled: true,
+            name: "User-Agent".to_string(),
+            value: "yaak".to_string(),
+            id: None,
+        },
+        HttpRequestHeader {
+            enabled: true,
+            name: "Accept".to_string(),
+            value: "*/*".to_string(),
+            id: None,
+        },
+    ]
+}
--- a/crates/yaak-plugins/bindings/gen_events.ts
+++ b/crates/yaak-plugins/bindings/gen_events.ts
@@ -66,7 +66,9 @@ export type DeleteModelRequest = { model: string, id: string, };

 export type DeleteModelResponse = { model: AnyModel, };

-export type EditorLanguage = "text" | "javascript" | "json" | "html" | "xml" | "graphql" | "markdown";
+export type DialogSize = "sm" | "md" | "lg" | "full" | "dynamic";
+
+export type EditorLanguage = "text" | "javascript" | "json" | "html" | "xml" | "graphql" | "markdown" | "c" | "clojure" | "csharp" | "go" | "http" | "java" | "kotlin" | "objective_c" | "ocaml" | "php" | "powershell" | "python" | "r" | "ruby" | "shell" | "swift";

 export type EmptyPayload = {};

@@ -172,7 +174,11 @@ hideGutter?: boolean,
 /**
 * Language for syntax highlighting
 */
-language?: EditorLanguage, readOnly?: boolean, completionOptions?: Array<GenericCompletionOption>, 
+language?: EditorLanguage, readOnly?: boolean, 
+/**
+ * Fixed number of visible rows
+ */
+rows?: number, completionOptions?: Array<GenericCompletionOption>, 
 /**
 * The name of the input. The value will be stored at this object attribute in the resulting data
 */
@@ -476,9 +482,9 @@ label: string, title?: string, size?: WindowSize, dataDirKey?: string, };

 export type PluginContext = { id: string, label: string | null, workspaceId: string | null, };

-export type PromptFormRequest = { id: string, title: string, description?: string, inputs: Array<FormInput>, confirmText?: string, cancelText?: string, };
+export type PromptFormRequest = { id: string, title: string, description?: string, inputs: Array<FormInput>, confirmText?: string, cancelText?: string, size?: DialogSize, };

-export type PromptFormResponse = { values: { [key in string]?: JsonPrimitive } | null, };
+export type PromptFormResponse = { values: { [key in string]?: JsonPrimitive } | null, done?: boolean, };

 export type PromptTextRequest = { id: string, title: string, label: string, description?: string, defaultValue?: string, placeholder?: string, 
 /**
--- a/crates/yaak-plugins/bindings/gen_models.ts
+++ b/crates/yaak-plugins/bindings/gen_models.ts
@@ -12,6 +12,8 @@ export type CookieExpires = { "AtUtc": string } | "SessionEnd";

 export type CookieJar = { model: "cookie_jar", id: string, createdAt: string, updatedAt: string, workspaceId: string, cookies: Array<Cookie>, name: string, };

+export type DnsOverride = { hostname: string, ipv4: Array<string>, ipv6: Array<string>, enabled?: boolean, };
+
 export type EditorKeymap = "default" | "vim" | "vscode" | "emacs";

 export type EncryptedKey = { encryptedKey: string, };
@@ -38,7 +40,7 @@ export type HttpRequest = { model: "http_request", id: string, createdAt: string

 export type HttpRequestHeader = { enabled?: boolean, name: string, value: string, id?: string, };

-export type HttpResponse = { model: "http_response", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, bodyPath: string | null, contentLength: number | null, contentLengthCompressed: number | null, elapsed: number, elapsedHeaders: number, error: string | null, headers: Array<HttpResponseHeader>, remoteAddr: string | null, requestContentLength: number | null, requestHeaders: Array<HttpResponseHeader>, status: number, statusReason: string | null, state: HttpResponseState, url: string, version: string | null, };
+export type HttpResponse = { model: "http_response", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, bodyPath: string | null, contentLength: number | null, contentLengthCompressed: number | null, elapsed: number, elapsedHeaders: number, elapsedDns: number, error: string | null, headers: Array<HttpResponseHeader>, remoteAddr: string | null, requestContentLength: number | null, requestHeaders: Array<HttpResponseHeader>, status: number, statusReason: string | null, state: HttpResponseState, url: string, version: string | null, };

 export type HttpResponseEvent = { model: "http_response_event", id: string, createdAt: string, updatedAt: string, workspaceId: string, responseId: string, event: HttpResponseEventData, };

@@ -47,7 +49,7 @@ export type HttpResponseEvent = { model: "http_response_event", id: string, crea
 * This mirrors `yaak_http::sender::HttpResponseEvent` but with serde support.
 * The `From` impl is in yaak-http to avoid circular dependencies.
 */
-export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, path: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, };
+export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, scheme: string, username: string, password: string, host: string, port: number, path: string, query: string, fragment: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, } | { "type": "dns_resolved", hostname: string, addresses: Array<string>, duration: bigint, overridden: boolean, };

 export type HttpResponseHeader = { name: string, value: string, };

@@ -77,6 +79,6 @@ export type WebsocketEventType = "binary" | "close" | "frame" | "open" | "ping"

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, settingDnsOverrides: Array<DnsOverride>, };

 export type WorkspaceMeta = { model: "workspace_meta", id: string, workspaceId: string, createdAt: string, updatedAt: string, encryptionKey: EncryptedKey | null, settingSyncDir: string | null, };
--- a/crates/yaak-plugins/src/api.rs
+++ b/crates/yaak-plugins/src/api.rs
@@ -80,10 +80,7 @@ pub async fn check_plugin_updates(
 }

 /// Search for plugins in the registry.
-pub async fn search_plugins(
-    http_client: &Client,
-    query: &str,
-) -> Result<PluginSearchResponse> {
+pub async fn search_plugins(http_client: &Client, query: &str) -> Result<PluginSearchResponse> {
    let mut url = build_url("/search");
    {
        let mut query_pairs = url.query_pairs_mut();
--- a/crates/yaak-plugins/src/events.rs
+++ b/crates/yaak-plugins/src/events.rs
@@ -587,6 +587,19 @@ pub struct PromptFormRequest {
    pub confirm_text: Option<String>,
    #[ts(optional)]
    pub cancel_text: Option<String>,
+    #[ts(optional)]
+    pub size: Option<DialogSize>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, TS)]
+#[serde(rename_all = "snake_case")]
+#[ts(export, export_to = "gen_events.ts")]
+pub enum DialogSize {
+    Sm,
+    Md,
+    Lg,
+    Full,
+    Dynamic,
 }

 #[derive(Debug, Clone, Default, Serialize, Deserialize, TS)]
@@ -594,6 +607,8 @@ pub struct PromptFormRequest {
 #[ts(export, export_to = "gen_events.ts")]
 pub struct PromptFormResponse {
    pub values: Option<HashMap<String, JsonPrimitive>>,
+    #[ts(optional)]
+    pub done: Option<bool>,
 }

 #[derive(Debug, Clone, Default, Serialize, Deserialize, TS)]
@@ -936,6 +951,22 @@ pub enum EditorLanguage {
    Xml,
    Graphql,
    Markdown,
+    C,
+    Clojure,
+    Csharp,
+    Go,
+    Http,
+    Java,
+    Kotlin,
+    ObjectiveC,
+    Ocaml,
+    Php,
+    Powershell,
+    Python,
+    R,
+    Ruby,
+    Shell,
+    Swift,
 }

 impl Default for EditorLanguage {
@@ -966,6 +997,10 @@ pub struct FormInputEditor {
    #[ts(optional)]
    pub read_only: Option<bool>,

+    /// Fixed number of visible rows
+    #[ts(optional)]
+    pub rows: Option<i32>,
+
    #[ts(optional)]
    pub completion_options: Option<Vec<GenericCompletionOption>>,
 }
--- a/crates/yaak-plugins/src/manager.rs
+++ b/crates/yaak-plugins/src/manager.rs
@@ -31,7 +31,7 @@ use std::time::Duration;
 use tokio::fs::read_dir;
 use tokio::net::TcpListener;
 use tokio::sync::mpsc::error::TrySendError;
-use tokio::sync::{Mutex, mpsc};
+use tokio::sync::{Mutex, mpsc, oneshot};
 use tokio::time::{Instant, timeout};
 use yaak_models::models::Plugin;
 use yaak_models::util::generate_id;
@@ -43,6 +43,7 @@ pub struct PluginManager {
    subscribers: Arc<Mutex<HashMap<String, mpsc::Sender<InternalEvent>>>>,
    plugin_handles: Arc<Mutex<Vec<PluginHandle>>>,
    kill_tx: tokio::sync::watch::Sender<bool>,
+    killed_rx: Arc<Mutex<Option<oneshot::Receiver<()>>>>,
    ws_service: Arc<PluginRuntimeServerWebsocket>,
    vendored_plugin_dir: PathBuf,
    pub(crate) installed_plugin_dir: PathBuf,
@@ -70,6 +71,7 @@ impl PluginManager {
    ) -> PluginManager {
        let (events_tx, mut events_rx) = mpsc::channel(2048);
        let (kill_server_tx, kill_server_rx) = tokio::sync::watch::channel(false);
+        let (killed_tx, killed_rx) = oneshot::channel();

        let (client_disconnect_tx, mut client_disconnect_rx) = mpsc::channel(128);
        let (client_connect_tx, mut client_connect_rx) = tokio::sync::watch::channel(false);
@@ -81,6 +83,7 @@ impl PluginManager {
            subscribers: Default::default(),
            ws_service: Arc::new(ws_service.clone()),
            kill_tx: kill_server_tx,
+            killed_rx: Arc::new(Mutex::new(Some(killed_rx))),
            vendored_plugin_dir,
            installed_plugin_dir,
            dev_mode,
@@ -141,9 +144,15 @@ impl PluginManager {
        });

        // 2. Start Node.js runtime
-        start_nodejs_plugin_runtime(&node_bin_path, &plugin_runtime_main, addr, &kill_server_rx)
-            .await
-            .unwrap();
+        start_nodejs_plugin_runtime(
+            &node_bin_path,
+            &plugin_runtime_main,
+            addr,
+            &kill_server_rx,
+            killed_tx,
+        )
+        .await
+        .unwrap();
        info!("Waiting for plugins to initialize");
        init_plugins_task.await.unwrap();

@@ -296,8 +305,15 @@ impl PluginManager {
    pub async fn terminate(&self) {
        self.kill_tx.send_replace(true);

-        // Give it a bit of time to kill
-        tokio::time::sleep(Duration::from_millis(500)).await;
+        // Wait for the plugin runtime process to actually exit
+        let killed_rx = self.killed_rx.lock().await.take();
+        if let Some(rx) = killed_rx {
+            if timeout(Duration::from_secs(5), rx).await.is_err() {
+                warn!("Timed out waiting for plugin runtime to exit");
+            } else {
+                info!("Plugin runtime exited")
+            }
+        }
    }

    pub async fn reply(
@@ -378,7 +394,8 @@ impl PluginManager {
        plugins: Vec<PluginHandle>,
        timeout_duration: Duration,
    ) -> Result<Vec<InternalEvent>> {
-        let label = format!("wait[{}.{}]", plugins.len(), payload.type_name());
+        let event_type = payload.type_name();
+        let label = format!("wait[{}.{}]", plugins.len(), event_type);
        let (rx_id, mut rx) = self.subscribe(label.as_str()).await;

        // 1. Build the events with IDs and everything
@@ -412,10 +429,21 @@ impl PluginManager {

                // Timeout to prevent hanging forever if plugin doesn't respond
                if timeout(timeout_duration, collect_events).await.is_err() {
+                    let responded_ids: Vec<&String> =
+                        found_events.iter().filter_map(|e| e.reply_id.as_ref()).collect();
+                    let non_responding: Vec<&str> = events_to_send
+                        .iter()
+                        .filter(|e| !responded_ids.contains(&&e.id))
+                        .map(|e| e.plugin_name.as_str())
+                        .collect();
                    warn!(
-                        "Timeout waiting for plugin responses. Got {}/{} responses",
+                        "Timeout ({:?}) waiting for {} responses. Got {}/{} responses. \
+                        Non-responding plugins: [{}]",
+                        timeout_duration,
+                        event_type,
                        found_events.len(),
-                        events_to_send.len()
+                        events_to_send.len(),
+                        non_responding.join(", ")
                    );
                }

--- a/crates/yaak-plugins/src/native_template_functions.rs
+++ b/crates/yaak-plugins/src/native_template_functions.rs
@@ -196,7 +196,11 @@ pub fn decrypt_secure_template_function(
                    }
                }
                new_tokens.push(Token::Raw {
-                    text: template_function_secure_run(encryption_manager, args_map, plugin_context)?,
+                    text: template_function_secure_run(
+                        encryption_manager,
+                        args_map,
+                        plugin_context,
+                    )?,
                });
            }
            t => {
@@ -216,7 +220,8 @@ pub fn encrypt_secure_template_function(
    plugin_context: &PluginContext,
    template: &str,
 ) -> Result<String> {
-    let decrypted = decrypt_secure_template_function(&encryption_manager, plugin_context, template)?;
+    let decrypted =
+        decrypt_secure_template_function(&encryption_manager, plugin_context, template)?;
    let tokens = Tokens {
        tokens: vec![Token::Tag {
            val: Val::Fn {
@@ -231,7 +236,12 @@ pub fn encrypt_secure_template_function(

    Ok(transform_args(
        tokens,
-        &PluginTemplateCallback::new(plugin_manager, encryption_manager, plugin_context, RenderPurpose::Preview),
+        &PluginTemplateCallback::new(
+            plugin_manager,
+            encryption_manager,
+            plugin_context,
+            RenderPurpose::Preview,
+        ),
    )?
    .to_string())
 }
--- a/crates/yaak-plugins/src/nodejs.rs
+++ b/crates/yaak-plugins/src/nodejs.rs
@@ -4,6 +4,7 @@ use std::net::SocketAddr;
 use std::path::Path;
 use std::process::Stdio;
 use tokio::io::{AsyncBufReadExt, BufReader};
+use tokio::sync::oneshot;
 use tokio::sync::watch::Receiver;
 use yaak_common::command::new_xplatform_command;

@@ -19,6 +20,7 @@ pub async fn start_nodejs_plugin_runtime(
    plugin_runtime_main: &Path,
    addr: SocketAddr,
    kill_rx: &Receiver<bool>,
+    killed_tx: oneshot::Sender<()>,
 ) -> Result<()> {
    // HACK: Remove UNC prefix for Windows paths to pass to sidecar
    let plugin_runtime_main_str =
@@ -72,6 +74,7 @@ pub async fn start_nodejs_plugin_runtime(
            warn!("Failed to kill plugin runtime: {e}");
        }
        info!("Killed plugin runtime");
+        let _ = killed_tx.send(());
    });

    Ok(())
--- a/crates/yaak-plugins/src/template_callback.rs
+++ b/crates/yaak-plugins/src/template_callback.rs
@@ -46,7 +46,11 @@ impl TemplateCallback for PluginTemplateCallback {
        let fn_name = if fn_name == "Response" { "response" } else { fn_name };

        if fn_name == "secure" {
-            return template_function_secure_run(&self.encryption_manager, args, &self.plugin_context);
+            return template_function_secure_run(
+                &self.encryption_manager,
+                args,
+                &self.plugin_context,
+            );
        } else if fn_name == "keychain" || fn_name == "keyring" {
            return template_function_keychain_run(args);
        }
@@ -56,7 +60,8 @@ impl TemplateCallback for PluginTemplateCallback {
            primitive_args.insert(key, JsonPrimitive::from(value));
        }

-        let resp = self.plugin_manager
+        let resp = self
+            .plugin_manager
            .call_template_function(
                &self.plugin_context,
                fn_name,
--- a/crates/yaak-sync/bindings/gen_models.ts
+++ b/crates/yaak-sync/bindings/gen_models.ts
@@ -1,5 +1,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

+export type DnsOverride = { hostname: string, ipv4: Array<string>, ipv6: Array<string>, enabled?: boolean, };
+
 export type Environment = { model: "environment", id: string, workspaceId: string, createdAt: string, updatedAt: string, name: string, public: boolean, parentModel: string, parentId: string | null, variables: Array<EnvironmentVariable>, color: string | null, sortPriority: number, };

 export type EnvironmentVariable = { enabled?: boolean, name: string, value: string, id?: string, };
@@ -20,4 +22,4 @@ export type SyncState = { model: "sync_state", id: string, workspaceId: string,

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, settingDnsOverrides: Array<DnsOverride>, };
--- a/crates/yaak-sync/src/sync.rs
+++ b/crates/yaak-sync/src/sync.rs
@@ -296,11 +296,7 @@ pub fn compute_sync_ops(
        .collect()
 }

-fn workspace_models(
-    db: &DbContext,
-    version: &str,
-    workspace_id: &str,
-) -> Result<Vec<SyncModel>> {
+fn workspace_models(db: &DbContext, version: &str, workspace_id: &str) -> Result<Vec<SyncModel>> {
    // We want to include private environments here so that we can take them into account during
    // the sync process. Otherwise, they would be treated as deleted.
    let include_private_environments = true;
--- a/crates/yaak-ws/index.ts
+++ b/crates/yaak-ws/index.ts
@@ -1,31 +1,5 @@
 import { invoke } from '@tauri-apps/api/core';
-import { WebsocketConnection, WebsocketEvent, WebsocketRequest } from '@yaakapp-internal/models';
-
-export function upsertWebsocketRequest(
-  request: WebsocketRequest | Partial<Omit<WebsocketRequest, 'id'>>,
-) {
-  return invoke('cmd_ws_upsert_request', {
-    request,
-  }) as Promise<WebsocketRequest>;
-}
-
-export function duplicateWebsocketRequest(requestId: string) {
-  return invoke('cmd_ws_duplicate_request', {
-    requestId,
-  }) as Promise<WebsocketRequest>;
-}
-
-export function deleteWebsocketRequest(requestId: string) {
-  return invoke('cmd_ws_delete_request', {
-    requestId,
-  });
-}
-
-export function deleteWebsocketConnection(connectionId: string) {
-  return invoke('cmd_ws_delete_connection', {
-    connectionId,
-  });
-}
+import { WebsocketConnection } from '@yaakapp-internal/models';

 export function deleteWebsocketConnections(requestId: string) {
  return invoke('cmd_ws_delete_connections', {
@@ -33,20 +7,6 @@ export function deleteWebsocketConnections(requestId: string) {
  });
 }

-export function listWebsocketRequests({ workspaceId }: { workspaceId: string }) {
-  return invoke('cmd_ws_list_requests', { workspaceId }) as Promise<WebsocketRequest[]>;
-}
-
-export function listWebsocketEvents({ connectionId }: { connectionId: string }) {
-  return invoke('cmd_ws_list_events', { connectionId }) as Promise<WebsocketEvent[]>;
-}
-
-export function listWebsocketConnections({ workspaceId }: { workspaceId: string }) {
-  return invoke('cmd_ws_list_connections', { workspaceId }) as Promise<
-    WebsocketConnection[]
-  >;
-}
-
 export function connectWebsocket({
  requestId,
  environmentId,
--- a/crates/yaak-ws/src/manager.rs
+++ b/crates/yaak-ws/src/manager.rs
@@ -2,6 +2,7 @@ use crate::connect::ws_connect;
 use crate::error::Result;
 use futures_util::stream::SplitSink;
 use futures_util::{SinkExt, StreamExt};
+use http::HeaderMap;
 use log::{debug, info, warn};
 use std::collections::HashMap;
 use std::sync::Arc;
@@ -10,7 +11,6 @@ use tokio::net::TcpStream;
 use tokio::sync::{Mutex, mpsc};
 use tokio_tungstenite::tungstenite::Message;
 use tokio_tungstenite::tungstenite::handshake::client::Response;
-use http::HeaderMap;
 use tokio_tungstenite::tungstenite::http::HeaderValue;
 use tokio_tungstenite::{MaybeTlsStream, WebSocketStream};
 use yaak_tls::ClientCertificateConfig;
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,6 +13,7 @@
        "packages/plugin-runtime-types",
        "plugins-external/mcp-server",
        "plugins-external/template-function-faker",
+        "plugins-external/httpsnippet",
        "plugins/action-copy-curl",
        "plugins/action-copy-grpcurl",
        "plugins/action-send-folder",
@@ -62,8 +63,15 @@
        "crates/yaak-ws",
        "src-web"
      ],
+      "dependencies": {
+        "@codemirror/lang-go": "^6.0.1",
+        "@codemirror/lang-java": "^6.0.2",
+        "@codemirror/lang-php": "^6.0.2",
+        "@codemirror/lang-python": "^6.2.1",
+        "@codemirror/legacy-modes": "^6.5.2"
+      },
      "devDependencies": {
-        "@biomejs/biome": "^2.3.10",
+        "@biomejs/biome": "^2.3.13",
        "@tauri-apps/cli": "^2.9.6",
        "@yaakapp/cli": "^0.3.4",
        "dotenv-cli": "^11.0.0",
@@ -501,9 +509,9 @@
      }
    },
    "node_modules/@biomejs/biome": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-2.3.11.tgz",
-      "integrity": "sha512-/zt+6qazBWguPG6+eWmiELqO+9jRsMZ/DBU3lfuU2ngtIQYzymocHhKiZRyrbra4aCOoyTg/BmY+6WH5mv9xmQ==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-2.3.13.tgz",
+      "integrity": "sha512-Fw7UsV0UAtWIBIm0M7g5CRerpu1eKyKAXIazzxhbXYUyMkwNrkX/KLkGI7b+uVDQ5cLUMfOC9vR60q9IDYDstA==",
      "dev": true,
      "license": "MIT OR Apache-2.0",
      "bin": {
@@ -517,20 +525,20 @@
        "url": "https://opencollective.com/biome"
      },
      "optionalDependencies": {
-        "@biomejs/cli-darwin-arm64": "2.3.11",
-        "@biomejs/cli-darwin-x64": "2.3.11",
-        "@biomejs/cli-linux-arm64": "2.3.11",
-        "@biomejs/cli-linux-arm64-musl": "2.3.11",
-        "@biomejs/cli-linux-x64": "2.3.11",
-        "@biomejs/cli-linux-x64-musl": "2.3.11",
-        "@biomejs/cli-win32-arm64": "2.3.11",
-        "@biomejs/cli-win32-x64": "2.3.11"
+        "@biomejs/cli-darwin-arm64": "2.3.13",
+        "@biomejs/cli-darwin-x64": "2.3.13",
+        "@biomejs/cli-linux-arm64": "2.3.13",
+        "@biomejs/cli-linux-arm64-musl": "2.3.13",
+        "@biomejs/cli-linux-x64": "2.3.13",
+        "@biomejs/cli-linux-x64-musl": "2.3.13",
+        "@biomejs/cli-win32-arm64": "2.3.13",
+        "@biomejs/cli-win32-x64": "2.3.13"
      }
    },
    "node_modules/@biomejs/cli-darwin-arm64": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.3.11.tgz",
-      "integrity": "sha512-/uXXkBcPKVQY7rc9Ys2CrlirBJYbpESEDme7RKiBD6MmqR2w3j0+ZZXRIL2xiaNPsIMMNhP1YnA+jRRxoOAFrA==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.3.13.tgz",
+      "integrity": "sha512-0OCwP0/BoKzyJHnFdaTk/i7hIP9JHH9oJJq6hrSCPmJPo8JWcJhprK4gQlhFzrwdTBAW4Bjt/RmCf3ZZe59gwQ==",
      "cpu": [
        "arm64"
      ],
@@ -545,9 +553,9 @@
      }
    },
    "node_modules/@biomejs/cli-darwin-x64": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.3.11.tgz",
-      "integrity": "sha512-fh7nnvbweDPm2xEmFjfmq7zSUiox88plgdHF9OIW4i99WnXrAC3o2P3ag9judoUMv8FCSUnlwJCM1B64nO5Fbg==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.3.13.tgz",
+      "integrity": "sha512-AGr8OoemT/ejynbIu56qeil2+F2WLkIjn2d8jGK1JkchxnMUhYOfnqc9sVzcRxpG9Ycvw4weQ5sprRvtb7Yhcw==",
      "cpu": [
        "x64"
      ],
@@ -562,9 +570,9 @@
      }
    },
    "node_modules/@biomejs/cli-linux-arm64": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.3.11.tgz",
-      "integrity": "sha512-l4xkGa9E7Uc0/05qU2lMYfN1H+fzzkHgaJoy98wO+b/7Gl78srbCRRgwYSW+BTLixTBrM6Ede5NSBwt7rd/i6g==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.3.13.tgz",
+      "integrity": "sha512-xvOiFkrDNu607MPMBUQ6huHmBG1PZLOrqhtK6pXJW3GjfVqJg0Z/qpTdhXfcqWdSZHcT+Nct2fOgewZvytESkw==",
      "cpu": [
        "arm64"
      ],
@@ -579,9 +587,9 @@
      }
    },
    "node_modules/@biomejs/cli-linux-arm64-musl": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.3.11.tgz",
-      "integrity": "sha512-XPSQ+XIPZMLaZ6zveQdwNjbX+QdROEd1zPgMwD47zvHV+tCGB88VH+aynyGxAHdzL+Tm/+DtKST5SECs4iwCLg==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.3.13.tgz",
+      "integrity": "sha512-TUdDCSY+Eo/EHjhJz7P2GnWwfqet+lFxBZzGHldrvULr59AgahamLs/N85SC4+bdF86EhqDuuw9rYLvLFWWlXA==",
      "cpu": [
        "arm64"
      ],
@@ -596,9 +604,9 @@
      }
    },
    "node_modules/@biomejs/cli-linux-x64": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-2.3.11.tgz",
-      "integrity": "sha512-/1s9V/H3cSe0r0Mv/Z8JryF5x9ywRxywomqZVLHAoa/uN0eY7F8gEngWKNS5vbbN/BsfpCG5yeBT5ENh50Frxg==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-2.3.13.tgz",
+      "integrity": "sha512-s+YsZlgiXNq8XkgHs6xdvKDFOj/bwTEevqEY6rC2I3cBHbxXYU1LOZstH3Ffw9hE5tE1sqT7U23C00MzkXztMw==",
      "cpu": [
        "x64"
      ],
@@ -613,9 +621,9 @@
      }
    },
    "node_modules/@biomejs/cli-linux-x64-musl": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.3.11.tgz",
-      "integrity": "sha512-vU7a8wLs5C9yJ4CB8a44r12aXYb8yYgBn+WeyzbMjaCMklzCv1oXr8x+VEyWodgJt9bDmhiaW/I0RHbn7rsNmw==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.3.13.tgz",
+      "integrity": "sha512-0bdwFVSbbM//Sds6OjtnmQGp4eUjOTt6kHvR/1P0ieR9GcTUAlPNvPC3DiavTqq302W34Ae2T6u5VVNGuQtGlQ==",
      "cpu": [
        "x64"
      ],
@@ -630,9 +638,9 @@
      }
    },
    "node_modules/@biomejs/cli-win32-arm64": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.3.11.tgz",
-      "integrity": "sha512-PZQ6ElCOnkYapSsysiTy0+fYX+agXPlWugh6+eQ6uPKI3vKAqNp6TnMhoM3oY2NltSB89hz59o8xIfOdyhi9Iw==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.3.13.tgz",
+      "integrity": "sha512-QweDxY89fq0VvrxME+wS/BXKmqMrOTZlN9SqQ79kQSIc3FrEwvW/PvUegQF6XIVaekncDykB5dzPqjbwSKs9DA==",
      "cpu": [
        "arm64"
      ],
@@ -647,9 +655,9 @@
      }
    },
    "node_modules/@biomejs/cli-win32-x64": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-2.3.11.tgz",
-      "integrity": "sha512-43VrG813EW+b5+YbDbz31uUsheX+qFKCpXeY9kfdAx+ww3naKxeVkTD9zLIWxUPfJquANMHrmW3wbe/037G0Qg==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-2.3.13.tgz",
+      "integrity": "sha512-trDw2ogdM2lyav9WFQsdsfdVy1dvZALymRpgmWsvSez0BJzBjulhOT/t+wyKeh3pZWvwP3VMs1SoOKwO3wecMQ==",
      "cpu": [
        "x64"
      ],
@@ -736,6 +744,19 @@
        "@lezer/css": "^1.1.7"
      }
    },
+    "node_modules/@codemirror/lang-go": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-go/-/lang-go-6.0.1.tgz",
+      "integrity": "sha512-7fNvbyNylvqCphW9HD6WFnRpcDjr+KXX/FgqXy5H5ZS0eC5edDljukm/yNgYkwTsgp2busdod50AOTIy6Jikfg==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.0.0",
+        "@codemirror/language": "^6.6.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.0.0",
+        "@lezer/go": "^1.0.0"
+      }
+    },
    "node_modules/@codemirror/lang-html": {
      "version": "6.4.11",
      "resolved": "https://registry.npmjs.org/@codemirror/lang-html/-/lang-html-6.4.11.tgz",
@@ -753,6 +774,16 @@
        "@lezer/html": "^1.3.12"
      }
    },
+    "node_modules/@codemirror/lang-java": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-java/-/lang-java-6.0.2.tgz",
+      "integrity": "sha512-m5Nt1mQ/cznJY7tMfQTJchmrjdjQ71IDs+55d1GAa8DGaB8JXWsVCkVT284C3RTASaY43YknrK2X3hPO/J3MOQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/language": "^6.0.0",
+        "@lezer/java": "^1.0.0"
+      }
+    },
    "node_modules/@codemirror/lang-javascript": {
      "version": "6.2.4",
      "resolved": "https://registry.npmjs.org/@codemirror/lang-javascript/-/lang-javascript-6.2.4.tgz",
@@ -793,6 +824,32 @@
        "@lezer/markdown": "^1.0.0"
      }
    },
+    "node_modules/@codemirror/lang-php": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-php/-/lang-php-6.0.2.tgz",
+      "integrity": "sha512-ZKy2v1n8Fc8oEXj0Th0PUMXzQJ0AIR6TaZU+PbDHExFwdu+guzOA4jmCHS1Nz4vbFezwD7LyBdDnddSJeScMCA==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/lang-html": "^6.0.0",
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.0.0",
+        "@lezer/php": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/lang-python": {
+      "version": "6.2.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-python/-/lang-python-6.2.1.tgz",
+      "integrity": "sha512-IRjC8RUBhn9mGR9ywecNhB51yePWCGgvHfY1lWN/Mrp3cKuHr0isDKia+9HnvhiWNnMpbGhWrkhuWOc09exRyw==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.3.2",
+        "@codemirror/language": "^6.8.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.2.1",
+        "@lezer/python": "^1.1.4"
+      }
+    },
    "node_modules/@codemirror/lang-xml": {
      "version": "6.1.0",
      "resolved": "https://registry.npmjs.org/@codemirror/lang-xml/-/lang-xml-6.1.0.tgz",
@@ -807,6 +864,21 @@
        "@lezer/xml": "^1.0.0"
      }
    },
+    "node_modules/@codemirror/lang-yaml": {
+      "version": "6.1.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-yaml/-/lang-yaml-6.1.2.tgz",
+      "integrity": "sha512-dxrfG8w5Ce/QbT7YID7mWZFKhdhsaTNOYjOkSIMt1qmC4VQnXSDSYVHHHn8k6kJUfIhtLo8t1JJgltlxWdsITw==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.0.0",
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.2.0",
+        "@lezer/lr": "^1.0.0",
+        "@lezer/yaml": "^1.0.0"
+      }
+    },
    "node_modules/@codemirror/language": {
      "version": "6.12.1",
      "resolved": "https://registry.npmjs.org/@codemirror/language/-/language-6.12.1.tgz",
@@ -821,6 +893,15 @@
        "style-mod": "^4.0.0"
      }
    },
+    "node_modules/@codemirror/legacy-modes": {
+      "version": "6.5.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/legacy-modes/-/legacy-modes-6.5.2.tgz",
+      "integrity": "sha512-/jJbwSTazlQEDOQw2FJ8LEEKVS72pU0lx6oM54kGpL8t/NJ2Jda3CZ4pcltiKTdqYSRk3ug1B3pil1gsjA6+8Q==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/language": "^6.0.0"
+      }
+    },
    "node_modules/@codemirror/lint": {
      "version": "6.9.2",
      "resolved": "https://registry.npmjs.org/@codemirror/lint/-/lint-6.9.2.tgz",
@@ -832,6 +913,19 @@
        "crelt": "^1.0.5"
      }
    },
+    "node_modules/@codemirror/merge": {
+      "version": "6.11.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/merge/-/merge-6.11.2.tgz",
+      "integrity": "sha512-NO5EJd2rLRbwVWLgMdhIntDIhfDtMOKYEZgqV5WnkNUS2oXOCVWLPjG/kgl/Jth2fGiOuG947bteqxP9nBXmMg==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.17.0",
+        "@lezer/highlight": "^1.0.0",
+        "style-mod": "^4.1.0"
+      }
+    },
    "node_modules/@codemirror/search": {
      "version": "6.5.11",
      "resolved": "https://registry.npmjs.org/@codemirror/search/-/search-6.5.11.tgz",
@@ -1386,9 +1480,9 @@
      }
    },
    "node_modules/@hono/node-server": {
-      "version": "1.19.8",
-      "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.8.tgz",
-      "integrity": "sha512-0/g2lIOPzX8f3vzW1ggQgvG5mjtFBDBHFAzI5SFAi2DzSqS9luJwqg9T6O/gKYLi+inS7eNxBeIFkkghIPvrMA==",
+      "version": "1.19.9",
+      "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.9.tgz",
+      "integrity": "sha512-vHL6w3ecZsky+8P5MD+eFfaGTyCeOHUIFYMGpQGbrBTSmNNoxv0if69rEZ5giu36weC5saFuznL411gRX7bJDw==",
      "license": "MIT",
      "engines": {
        "node": ">=18.14.1"
@@ -1542,6 +1636,17 @@
        "lezer-generator": "src/lezer-generator.cjs"
      }
    },
+    "node_modules/@lezer/go": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@lezer/go/-/go-1.0.1.tgz",
+      "integrity": "sha512-xToRsYxwsgJNHTgNdStpcvmbVuKxTapV0dM0wey1geMMRc9aggoVyKgzYp41D2/vVOx+Ii4hmE206kvxIXBVXQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.3.0"
+      }
+    },
    "node_modules/@lezer/highlight": {
      "version": "1.2.3",
      "resolved": "https://registry.npmjs.org/@lezer/highlight/-/highlight-1.2.3.tgz",
@@ -1562,6 +1667,17 @@
        "@lezer/lr": "^1.0.0"
      }
    },
+    "node_modules/@lezer/java": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/@lezer/java/-/java-1.1.3.tgz",
+      "integrity": "sha512-yHquUfujwg6Yu4Fd1GNHCvidIvJwi/1Xu2DaKl/pfWIA2c1oXkVvawH3NyXhCaFx4OdlYBVX5wvz2f7Aoa/4Xw==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0"
+      }
+    },
    "node_modules/@lezer/javascript": {
      "version": "1.5.4",
      "resolved": "https://registry.npmjs.org/@lezer/javascript/-/javascript-1.5.4.tgz",
@@ -1603,6 +1719,28 @@
        "@lezer/highlight": "^1.0.0"
      }
    },
+    "node_modules/@lezer/php": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/@lezer/php/-/php-1.0.5.tgz",
+      "integrity": "sha512-W7asp9DhM6q0W6DYNwIkLSKOvxlXRrif+UXBMxzsJUuqmhE7oVU+gS3THO4S/Puh7Xzgm858UNaFi6dxTP8dJA==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.1.0"
+      }
+    },
+    "node_modules/@lezer/python": {
+      "version": "1.1.18",
+      "resolved": "https://registry.npmjs.org/@lezer/python/-/python-1.1.18.tgz",
+      "integrity": "sha512-31FiUrU7z9+d/ElGQLJFXl+dKOdx0jALlP3KEOsGTex8mvj+SoE1FgItcHWK/axkxCHGUSpqIHt6JAWfWu9Rhg==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0"
+      }
+    },
    "node_modules/@lezer/xml": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/@lezer/xml/-/xml-1.0.6.tgz",
@@ -1614,6 +1752,17 @@
        "@lezer/lr": "^1.0.0"
      }
    },
+    "node_modules/@lezer/yaml": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@lezer/yaml/-/yaml-1.0.3.tgz",
+      "integrity": "sha512-GuBLekbw9jDBDhGur82nuwkxKQ+a3W5H0GfaAthDXcAu+XdpS43VlnxA9E9hllkpSP5ellRDKjLLj7Lu9Wr6xA==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.4.0"
+      }
+    },
    "node_modules/@marijn/find-cluster-break": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/@marijn/find-cluster-break/-/find-cluster-break-1.0.2.tgz",
@@ -1636,12 +1785,12 @@
      }
    },
    "node_modules/@modelcontextprotocol/sdk": {
-      "version": "1.25.2",
-      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.25.2.tgz",
-      "integrity": "sha512-LZFeo4F9M5qOhC/Uc1aQSrBHxMrvxett+9KLHt7OhcExtoiRN9DKgbZffMP/nxjutWDQpfMDfP3nkHI4X9ijww==",
+      "version": "1.26.0",
+      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.26.0.tgz",
+      "integrity": "sha512-Y5RmPncpiDtTXDbLKswIJzTqu2hyBKxTNsgKqKclDbhIgg1wgtf1fRuvxgTnRfcnxtvvgbIEcqUOzZrJ6iSReg==",
      "license": "MIT",
      "dependencies": {
-        "@hono/node-server": "^1.19.7",
+        "@hono/node-server": "^1.19.9",
        "ajv": "^8.17.1",
        "ajv-formats": "^3.0.1",
        "content-type": "^1.0.5",
@@ -1649,14 +1798,15 @@
        "cross-spawn": "^7.0.5",
        "eventsource": "^3.0.2",
        "eventsource-parser": "^3.0.0",
-        "express": "^5.0.1",
-        "express-rate-limit": "^7.5.0",
-        "jose": "^6.1.1",
+        "express": "^5.2.1",
+        "express-rate-limit": "^8.2.1",
+        "hono": "^4.11.4",
+        "jose": "^6.1.3",
        "json-schema-typed": "^8.0.2",
        "pkce-challenge": "^5.0.0",
        "raw-body": "^3.0.0",
        "zod": "^3.25 || ^4.0",
-        "zod-to-json-schema": "^3.25.0"
+        "zod-to-json-schema": "^3.25.1"
      },
      "engines": {
        "node": ">=18"
@@ -1982,6 +2132,19 @@
        "node": ">=16.9"
      }
    },
+    "node_modules/@readme/httpsnippet": {
+      "version": "11.0.0",
+      "resolved": "https://registry.npmjs.org/@readme/httpsnippet/-/httpsnippet-11.0.0.tgz",
+      "integrity": "sha512-XSyaAsJkZfmMO9R4WDlVJARZgd4wlImftSkMkKclidniXA1h6DTya9iTqJenQo9mHQLh3u6kAC3CDRaIV+LbLw==",
+      "license": "MIT",
+      "dependencies": {
+        "qs": "^6.11.2",
+        "stringify-object": "^3.3.0"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
    "node_modules/@replit/codemirror-emacs": {
      "version": "6.1.0",
      "resolved": "https://registry.npmjs.org/@replit/codemirror-emacs/-/codemirror-emacs-6.1.0.tgz",
@@ -4005,6 +4168,10 @@
      "resolved": "plugins/filter-xpath",
      "link": true
    },
+    "node_modules/@yaak/httpsnippet": {
+      "resolved": "plugins-external/httpsnippet",
+      "link": true
+    },
    "node_modules/@yaak/importer-curl": {
      "resolved": "plugins/importer-curl",
      "link": true
@@ -6826,10 +6993,13 @@
      }
    },
    "node_modules/express-rate-limit": {
-      "version": "7.5.1",
-      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.1.tgz",
-      "integrity": "sha512-7iN8iPMDzOMHPUYllBEsQdWVB6fPDMPqwjBaFrgr4Jgr/+okjvzAy+UHlYYL/Vs0OsOrMkwS6PJDkFlJwoxUnw==",
+      "version": "8.2.1",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.2.1.tgz",
+      "integrity": "sha512-PCZEIEIxqwhzw4KF0n7QF4QqruVTcF73O5kFKUnGOyjbCCgizBBiFaYpd/fnBLUMPw/BWw9OsiN7GgrNYr7j6g==",
      "license": "MIT",
+      "dependencies": {
+        "ip-address": "10.0.1"
+      },
      "engines": {
        "node": ">= 16"
      },
@@ -7368,6 +7538,12 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
+    "node_modules/get-own-enumerable-property-symbols": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/get-own-enumerable-property-symbols/-/get-own-enumerable-property-symbols-3.0.2.tgz",
+      "integrity": "sha512-I0UBV/XOz1XkIJHEUDMZAbzCThU/H8DxmSfmdGcKPnVhu2VfFqr34jr9777IyaTYvxjedWhqVIilEDsCdP5G6g==",
+      "license": "ISC"
+    },
    "node_modules/get-proto": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
@@ -7811,9 +7987,9 @@
      }
    },
    "node_modules/hono": {
-      "version": "4.11.3",
-      "resolved": "https://registry.npmjs.org/hono/-/hono-4.11.3.tgz",
-      "integrity": "sha512-PmQi306+M/ct/m5s66Hrg+adPnkD5jiO6IjA7WhWw0gSBSo1EcRegwuI1deZ+wd5pzCGynCcn2DprnE4/yEV4w==",
+      "version": "4.11.7",
+      "resolved": "https://registry.npmjs.org/hono/-/hono-4.11.7.tgz",
+      "integrity": "sha512-l7qMiNee7t82bH3SeyUCt9UF15EVmaBvsppY2zQtrbIhl/yzBTny+YUxsVjSjQ6gaqaeVtZmGocom8TzBlA4Yw==",
      "license": "MIT",
      "engines": {
        "node": ">=16.9.0"
@@ -8096,6 +8272,15 @@
        "node": ">= 0.4"
      }
    },
+    "node_modules/ip-address": {
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.0.1.tgz",
+      "integrity": "sha512-NWv9YLW4PoW2B7xtzaS3NCot75m6nK7Icdv0o3lfMceJVRfSoQwqD4wEH5rLwoKJwUiZ/rfpiVBhnaF0FK4HoA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
    "node_modules/ip-bigint": {
      "version": "7.3.0",
      "resolved": "https://registry.npmjs.org/ip-bigint/-/ip-bigint-7.3.0.tgz",
@@ -8477,6 +8662,15 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
+    "node_modules/is-obj": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-1.0.1.tgz",
+      "integrity": "sha512-l4RyHgRqGN4Y3+9JHVrNqO+tN0rV5My76uW5/nuO4K1b6vw5G8d/cmFjP9tRfEsdhZNt0IFdZuK/c2Vr4Nb+Qg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
    "node_modules/is-plain-obj": {
      "version": "4.1.0",
      "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz",
@@ -13737,6 +13931,29 @@
        "url": "https://github.com/sponsors/wooorm"
      }
    },
+    "node_modules/stringify-object": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/stringify-object/-/stringify-object-3.3.0.tgz",
+      "integrity": "sha512-rHqiFh1elqCQ9WPLIC8I0Q/g/wj5J1eMkyoiD6eoQApWHP0FtlK7rqnhmabL5VUY9JQCcqwwvlOaSuutekgyrw==",
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "get-own-enumerable-property-symbols": "^3.0.0",
+        "is-obj": "^1.0.1",
+        "is-regexp": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/stringify-object/node_modules/is-regexp": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-regexp/-/is-regexp-1.0.0.tgz",
+      "integrity": "sha512-7zjFAPO4/gwyQAAgRRmqeEeyIICSdmCqa3tsVHMdBzaXXRiqopZL4Cyghg/XulGWrtABTpbnYYzzIRffLkP4oA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
    "node_modules/strip-ansi": {
      "version": "7.1.2",
      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz",
@@ -15721,7 +15938,7 @@
    },
    "packages/plugin-runtime-types": {
      "name": "@yaakapp/api",
-      "version": "0.7.1",
+      "version": "0.8.0",
      "dependencies": {
        "@types/node": "^24.0.13"
      },
@@ -15736,14 +15953,42 @@
        "undici-types": "~7.16.0"
      }
    },
+    "plugins-external/httpsnippet": {
+      "name": "@yaak/httpsnippet",
+      "version": "1.0.0",
+      "dependencies": {
+        "@readme/httpsnippet": "^11.0.0"
+      },
+      "devDependencies": {
+        "@types/node": "^22.0.0",
+        "typescript": "^5.9.3"
+      }
+    },
+    "plugins-external/httpsnippet/node_modules/@types/node": {
+      "version": "22.19.9",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.19.9.tgz",
+      "integrity": "sha512-PD03/U8g1F9T9MI+1OBisaIARhSzeidsUjQaf51fOxrfjeiKN9bLVO06lHuHYjxdnqLWJijJHfqXPSJri2EM2A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~6.21.0"
+      }
+    },
+    "plugins-external/httpsnippet/node_modules/undici-types": {
+      "version": "6.21.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz",
+      "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==",
+      "dev": true,
+      "license": "MIT"
+    },
    "plugins-external/mcp-server": {
      "name": "@yaak/mcp-server",
      "version": "0.1.7",
      "dependencies": {
        "@hono/mcp": "^0.2.3",
        "@hono/node-server": "^1.19.7",
-        "@modelcontextprotocol/sdk": "^1.25.2",
-        "hono": "^4.11.3",
+        "@modelcontextprotocol/sdk": "^1.26.0",
+        "hono": "^4.11.7",
        "zod": "^3.25.76"
      },
      "devDependencies": {
@@ -15984,7 +16229,9 @@
        "@codemirror/lang-json": "^6.0.1",
        "@codemirror/lang-markdown": "^6.3.2",
        "@codemirror/lang-xml": "^6.1.0",
+        "@codemirror/lang-yaml": "^6.1.2",
        "@codemirror/language": "^6.11.0",
+        "@codemirror/merge": "^6.11.2",
        "@codemirror/search": "^6.5.11",
        "@dnd-kit/core": "^6.3.1",
        "@gilbarbara/deep-equal": "^0.3.1",
--- a/package.json
+++ b/package.json
@@ -12,6 +12,7 @@
    "packages/plugin-runtime-types",
    "plugins-external/mcp-server",
    "plugins-external/template-function-faker",
+    "plugins-external/httpsnippet",
    "plugins/action-copy-curl",
    "plugins/action-copy-grpcurl",
    "plugins/action-send-folder",
@@ -95,7 +96,7 @@
    "js-yaml": "^4.1.1"
  },
  "devDependencies": {
-    "@biomejs/biome": "^2.3.10",
+    "@biomejs/biome": "^2.3.13",
    "@tauri-apps/cli": "^2.9.6",
    "@yaakapp/cli": "^0.3.4",
    "dotenv-cli": "^11.0.0",
@@ -104,5 +105,12 @@
    "npm-run-all": "^4.1.5",
    "typescript": "^5.8.3",
    "vitest": "^3.2.4"
+  },
+  "dependencies": {
+    "@codemirror/lang-go": "^6.0.1",
+    "@codemirror/lang-java": "^6.0.2",
+    "@codemirror/lang-php": "^6.0.2",
+    "@codemirror/lang-python": "^6.2.1",
+    "@codemirror/legacy-modes": "^6.5.2"
  }
 }
--- a/packages/plugin-runtime-types/README.md
+++ b/packages/plugin-runtime-types/README.md
@@ -17,7 +17,7 @@ npx @yaakapp/cli generate
 ```

 For more details on creating plugins, check out
-the [Quick Start Guide](https://feedback.yaak.app/help/articles/6911763-plugins-quick-start)
+the [Quick Start Guide](https://yaak.app/docs/plugin-development/plugins-quick-start)

 ## Installation

--- a/packages/plugin-runtime-types/package.json
+++ b/packages/plugin-runtime-types/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@yaakapp/api",
-  "version": "0.7.1",
+  "version": "0.8.0",
  "keywords": [
    "api-client",
    "insomnia-alternative",
--- a/packages/plugin-runtime-types/src/bindings/gen_events.ts
+++ b/packages/plugin-runtime-types/src/bindings/gen_events.ts
@@ -66,7 +66,9 @@ export type DeleteModelRequest = { model: string, id: string, };

 export type DeleteModelResponse = { model: AnyModel, };

-export type EditorLanguage = "text" | "javascript" | "json" | "html" | "xml" | "graphql" | "markdown";
+export type DialogSize = "sm" | "md" | "lg" | "full" | "dynamic";
+
+export type EditorLanguage = "text" | "javascript" | "json" | "html" | "xml" | "graphql" | "markdown" | "c" | "clojure" | "csharp" | "go" | "http" | "java" | "kotlin" | "objective_c" | "ocaml" | "php" | "powershell" | "python" | "r" | "ruby" | "shell" | "swift";

 export type EmptyPayload = {};

@@ -172,7 +174,11 @@ hideGutter?: boolean,
 /**
 * Language for syntax highlighting
 */
-language?: EditorLanguage, readOnly?: boolean, completionOptions?: Array<GenericCompletionOption>, 
+language?: EditorLanguage, readOnly?: boolean, 
+/**
+ * Fixed number of visible rows
+ */
+rows?: number, completionOptions?: Array<GenericCompletionOption>, 
 /**
 * The name of the input. The value will be stored at this object attribute in the resulting data
 */
@@ -476,9 +482,9 @@ label: string, title?: string, size?: WindowSize, dataDirKey?: string, };

 export type PluginContext = { id: string, label: string | null, workspaceId: string | null, };

-export type PromptFormRequest = { id: string, title: string, description?: string, inputs: Array<FormInput>, confirmText?: string, cancelText?: string, };
+export type PromptFormRequest = { id: string, title: string, description?: string, inputs: Array<FormInput>, confirmText?: string, cancelText?: string, size?: DialogSize, };

-export type PromptFormResponse = { values: { [key in string]?: JsonPrimitive } | null, };
+export type PromptFormResponse = { values: { [key in string]?: JsonPrimitive } | null, done?: boolean, };

 export type PromptTextRequest = { id: string, title: string, label: string, description?: string, defaultValue?: string, placeholder?: string, 
 /**
--- a/packages/plugin-runtime-types/src/bindings/gen_models.ts
+++ b/packages/plugin-runtime-types/src/bindings/gen_models.ts
@@ -12,6 +12,8 @@ export type CookieExpires = { "AtUtc": string } | "SessionEnd";

 export type CookieJar = { model: "cookie_jar", id: string, createdAt: string, updatedAt: string, workspaceId: string, cookies: Array<Cookie>, name: string, };

+export type DnsOverride = { hostname: string, ipv4: Array<string>, ipv6: Array<string>, enabled?: boolean, };
+
 export type EditorKeymap = "default" | "vim" | "vscode" | "emacs";

 export type EncryptedKey = { encryptedKey: string, };
@@ -38,7 +40,7 @@ export type HttpRequest = { model: "http_request", id: string, createdAt: string

 export type HttpRequestHeader = { enabled?: boolean, name: string, value: string, id?: string, };

-export type HttpResponse = { model: "http_response", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, bodyPath: string | null, contentLength: number | null, contentLengthCompressed: number | null, elapsed: number, elapsedHeaders: number, error: string | null, headers: Array<HttpResponseHeader>, remoteAddr: string | null, requestContentLength: number | null, requestHeaders: Array<HttpResponseHeader>, status: number, statusReason: string | null, state: HttpResponseState, url: string, version: string | null, };
+export type HttpResponse = { model: "http_response", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, bodyPath: string | null, contentLength: number | null, contentLengthCompressed: number | null, elapsed: number, elapsedHeaders: number, elapsedDns: number, error: string | null, headers: Array<HttpResponseHeader>, remoteAddr: string | null, requestContentLength: number | null, requestHeaders: Array<HttpResponseHeader>, status: number, statusReason: string | null, state: HttpResponseState, url: string, version: string | null, };

 export type HttpResponseEvent = { model: "http_response_event", id: string, createdAt: string, updatedAt: string, workspaceId: string, responseId: string, event: HttpResponseEventData, };

@@ -47,7 +49,7 @@ export type HttpResponseEvent = { model: "http_response_event", id: string, crea
 * This mirrors `yaak_http::sender::HttpResponseEvent` but with serde support.
 * The `From` impl is in yaak-http to avoid circular dependencies.
 */
-export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, path: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, };
+export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, scheme: string, username: string, password: string, host: string, port: number, path: string, query: string, fragment: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, } | { "type": "dns_resolved", hostname: string, addresses: Array<string>, duration: bigint, overridden: boolean, };

 export type HttpResponseHeader = { name: string, value: string, };

@@ -77,6 +79,6 @@ export type WebsocketEventType = "binary" | "close" | "frame" | "open" | "ping"

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, settingDnsOverrides: Array<DnsOverride>, };

 export type WorkspaceMeta = { model: "workspace_meta", id: string, workspaceId: string, createdAt: string, updatedAt: string, encryptionKey: EncryptedKey | null, settingSyncDir: string | null, };
--- a/packages/plugin-runtime-types/src/plugins/Context.ts
+++ b/packages/plugin-runtime-types/src/plugins/Context.ts
@@ -1,10 +1,12 @@
 import type {
  FindHttpResponsesRequest,
  FindHttpResponsesResponse,
+  FormInput,
  GetCookieValueRequest,
  GetCookieValueResponse,
  GetHttpRequestByIdRequest,
  GetHttpRequestByIdResponse,
+  JsonPrimitive,
  ListCookieNamesResponse,
  ListFoldersRequest,
  ListFoldersResponse,
@@ -25,8 +27,41 @@ import type {
  TemplateRenderRequest,
  WorkspaceInfo,
 } from '../bindings/gen_events.ts';
-import type { HttpRequest } from '../bindings/gen_models.ts';
+import type { Folder, HttpRequest } from '../bindings/gen_models.ts';
 import type { JsonValue } from '../bindings/serde_json/JsonValue';
+import type { MaybePromise } from '../helpers';
+
+export type CallPromptFormDynamicArgs = {
+  values: { [key in string]?: JsonPrimitive };
+};
+
+type AddDynamicMethod<T> = {
+  dynamic?: (
+    ctx: Context,
+    args: CallPromptFormDynamicArgs,
+  ) => MaybePromise<Partial<T> | null | undefined>;
+};
+
+// biome-ignore lint/suspicious/noExplicitAny: distributive conditional type pattern
+type AddDynamic<T> = T extends any
+  ? T extends { inputs?: FormInput[] }
+    ? Omit<T, 'inputs'> & {
+        inputs: Array<AddDynamic<FormInput>>;
+        dynamic?: (
+          ctx: Context,
+          args: CallPromptFormDynamicArgs,
+        ) => MaybePromise<
+          Partial<Omit<T, 'inputs'> & { inputs: Array<AddDynamic<FormInput>> }> | null | undefined
+        >;
+      }
+    : T & AddDynamicMethod<T>
+  : never;
+
+export type DynamicPromptFormArg = AddDynamic<FormInput>;
+
+type DynamicPromptFormRequest = Omit<PromptFormRequest, 'inputs'> & {
+  inputs: DynamicPromptFormArg[];
+};

 export type WorkspaceHandle = Pick<WorkspaceInfo, 'id' | 'name'>;

@@ -39,7 +74,7 @@ export interface Context {
  };
  prompt: {
    text(args: PromptTextRequest): Promise<PromptTextResponse['value']>;
-    form(args: PromptFormRequest): Promise<PromptFormResponse['values']>;
+    form(args: DynamicPromptFormRequest): Promise<PromptFormResponse['values']>;
  };
  store: {
    set<T>(key: string, value: T): Promise<void>;
@@ -82,6 +117,15 @@ export interface Context {
  };
  folder: {
    list(args?: ListFoldersRequest): Promise<ListFoldersResponse['folders']>;
+    getById(args: { id: string }): Promise<Folder | null>;
+    create(
+      args: Omit<Partial<Folder>, 'id' | 'model' | 'createdAt' | 'updatedAt'> &
+        Pick<Folder, 'workspaceId' | 'name'>,
+    ): Promise<Folder>;
+    update(
+      args: Omit<Partial<Folder>, 'model' | 'createdAt' | 'updatedAt'> & Pick<Folder, 'id'>,
+    ): Promise<Folder>;
+    delete(args: { id: string }): Promise<Folder>;
  };
  httpResponse: {
    find(args: FindHttpResponsesRequest): Promise<FindHttpResponsesResponse['httpResponses']>;
--- a/packages/plugin-runtime-types/src/plugins/index.ts
+++ b/packages/plugin-runtime-types/src/plugins/index.ts
@@ -2,21 +2,22 @@ import type { AuthenticationPlugin } from './AuthenticationPlugin';

 import type { Context } from './Context';
 import type { FilterPlugin } from './FilterPlugin';
+import type { FolderActionPlugin } from './FolderActionPlugin';
 import type { GrpcRequestActionPlugin } from './GrpcRequestActionPlugin';
 import type { HttpRequestActionPlugin } from './HttpRequestActionPlugin';
-import type { WebsocketRequestActionPlugin } from './WebsocketRequestActionPlugin';
-import type { WorkspaceActionPlugin } from './WorkspaceActionPlugin';
-import type { FolderActionPlugin } from './FolderActionPlugin';
 import type { ImporterPlugin } from './ImporterPlugin';
 import type { TemplateFunctionPlugin } from './TemplateFunctionPlugin';
 import type { ThemePlugin } from './ThemePlugin';
+import type { WebsocketRequestActionPlugin } from './WebsocketRequestActionPlugin';
+import type { WorkspaceActionPlugin } from './WorkspaceActionPlugin';

 export type { Context };
-export type { DynamicTemplateFunctionArg } from './TemplateFunctionPlugin';
 export type { DynamicAuthenticationArg } from './AuthenticationPlugin';
+export type { CallPromptFormDynamicArgs, DynamicPromptFormArg } from './Context';
+export type { DynamicTemplateFunctionArg } from './TemplateFunctionPlugin';
 export type { TemplateFunctionPlugin };
-export type { WorkspaceActionPlugin } from './WorkspaceActionPlugin';
 export type { FolderActionPlugin } from './FolderActionPlugin';
+export type { WorkspaceActionPlugin } from './WorkspaceActionPlugin';

 /**
 * The global structure of a Yaak plugin
--- a/packages/plugin-runtime/src/PluginInstance.ts
+++ b/packages/plugin-runtime/src/PluginInstance.ts
@@ -1,7 +1,12 @@
 import console from 'node:console';
 import { type Stats, statSync, watch } from 'node:fs';
 import path from 'node:path';
-import type { Context, PluginDefinition } from '@yaakapp/api';
+import type {
+  CallPromptFormDynamicArgs,
+  Context,
+  DynamicPromptFormArg,
+  PluginDefinition,
+} from '@yaakapp/api';
 import {
  applyFormInputDefaults,
  validateTemplateFunctionArgs,
@@ -11,6 +16,8 @@ import type {
  DeleteKeyValueResponse,
  DeleteModelResponse,
  FindHttpResponsesResponse,
+  Folder,
+  FormInput,
  GetCookieValueRequest,
  GetCookieValueResponse,
  GetHttpRequestByIdResponse,
@@ -54,6 +61,7 @@ export class PluginInstance {
  #mod: PluginDefinition;
  #pluginToAppEvents: EventChannel;
  #appToPluginEvents: EventChannel;
+  #pendingDynamicForms = new Map<string, DynamicPromptFormArg[]>();

  constructor(workerData: PluginWorkerData, pluginEvents: EventChannel) {
    this.#workerData = workerData;
@@ -105,6 +113,7 @@ export class PluginInstance {

  async terminate() {
    await this.#mod?.dispose?.();
+    this.#pendingDynamicForms.clear();
    this.#unimportModule();
  }

@@ -298,7 +307,7 @@ export class PluginInstance {
        const replyPayload: InternalEventPayload = {
          type: 'get_template_function_config_response',
          pluginRefId: this.#workerData.pluginRefId,
-          function: { ...fn, args: resolvedArgs },
+          function: { ...fn, args: stripDynamicCallbacks(resolvedArgs) },
        };
        this.#sendPayload(context, replyPayload, replyId);
        return;
@@ -325,7 +334,7 @@ export class PluginInstance {

        const replyPayload: InternalEventPayload = {
          type: 'get_http_authentication_config_response',
-          args: resolvedArgs,
+          args: stripDynamicCallbacks(resolvedArgs),
          actions: resolvedActions,
          pluginRefId: this.#workerData.pluginRefId,
        };
@@ -337,8 +346,8 @@ export class PluginInstance {
      if (payload.type === 'call_http_authentication_request' && this.#mod?.authentication) {
        const auth = this.#mod.authentication;
        if (typeof auth?.onApply === 'function') {
-          auth.args = await applyDynamicFormInput(ctx, auth.args, payload);
-          payload.values = applyFormInputDefaults(auth.args, payload.values);
+          const resolvedArgs = await applyDynamicFormInput(ctx, auth.args, payload);
+          payload.values = applyFormInputDefaults(resolvedArgs, payload.values);
          this.#sendPayload(
            context,
            {
@@ -663,10 +672,66 @@ export class PluginInstance {
          return reply.value;
        },
        form: async (args) => {
-          const reply: PromptFormResponse = await this.#sendForReply(context, {
-            type: 'prompt_form_request',
-            ...args,
+          // Resolve dynamic callbacks on initial inputs using default values
+          const defaults = applyFormInputDefaults(args.inputs, {});
+          const callArgs: CallPromptFormDynamicArgs = { values: defaults };
+          const resolvedInputs = await applyDynamicFormInput(
+            this.#newCtx(context),
+            args.inputs,
+            callArgs,
+          );
+          const strippedInputs = stripDynamicCallbacks(resolvedInputs);
+
+          // Build the event manually so we can get the event ID for keying
+          const eventToSend = this.#buildEventToSend(
+            context,
+            { type: 'prompt_form_request', ...args, inputs: strippedInputs },
+            null,
+          );
+
+          // Store original inputs (with dynamic callbacks) for later resolution
+          this.#pendingDynamicForms.set(eventToSend.id, args.inputs);
+
+          const reply = await new Promise<PromptFormResponse>((resolve) => {
+            const cb = (event: InternalEvent) => {
+              if (event.replyId !== eventToSend.id) return;
+
+              if (event.payload.type === 'prompt_form_response') {
+                const { done, values } = event.payload as PromptFormResponse;
+                if (done) {
+                  // Final response — resolve the promise and clean up
+                  this.#appToPluginEvents.unlisten(cb);
+                  this.#pendingDynamicForms.delete(eventToSend.id);
+                  resolve({ values } as PromptFormResponse);
+                } else {
+                  // Intermediate value change — resolve dynamic inputs and send back
+                  // Skip empty values (fired on initial mount before user interaction)
+                  const storedInputs = this.#pendingDynamicForms.get(eventToSend.id);
+                  if (storedInputs && values && Object.keys(values).length > 0) {
+                    const ctx = this.#newCtx(context);
+                    const callArgs: CallPromptFormDynamicArgs = { values };
+                    applyDynamicFormInput(ctx, storedInputs, callArgs)
+                      .then((resolvedInputs) => {
+                        const stripped = stripDynamicCallbacks(resolvedInputs);
+                        this.#sendPayload(
+                          context,
+                          { type: 'prompt_form_request', ...args, inputs: stripped },
+                          eventToSend.id,
+                        );
+                      })
+                      .catch((err) => {
+                        console.error('Failed to resolve dynamic form inputs', err);
+                      });
+                  }
+                }
+              }
+            };
+            this.#appToPluginEvents.listen(cb);
+
+            // Send the initial event after we start listening (to prevent race)
+            this.#sendEvent(eventToSend);
          });
+
          return reply.values;
        },
      },
@@ -782,6 +847,44 @@ export class PluginInstance {
          const { folders } = await this.#sendForReply<ListFoldersResponse>(context, payload);
          return folders;
        },
+        getById: async (args: { id: string }) => {
+          const payload = { type: 'list_folders_request' } as const;
+          const { folders } = await this.#sendForReply<ListFoldersResponse>(context, payload);
+          return folders.find((f) => f.id === args.id) ?? null;
+        },
+        create: async ({ name, ...args }) => {
+          const payload = {
+            type: 'upsert_model_request',
+            model: {
+              ...args,
+              name: name ?? '',
+              id: '',
+              model: 'folder',
+            },
+          } as InternalEventPayload;
+          const response = await this.#sendForReply<UpsertModelResponse>(context, payload);
+          return response.model as Folder;
+        },
+        update: async (args) => {
+          const payload = {
+            type: 'upsert_model_request',
+            model: {
+              model: 'folder',
+              ...args,
+            },
+          } as InternalEventPayload;
+          const response = await this.#sendForReply<UpsertModelResponse>(context, payload);
+          return response.model as Folder;
+        },
+        delete: async (args: { id: string }) => {
+          const payload = {
+            type: 'delete_model_request',
+            model: 'folder',
+            id: args.id,
+          } as InternalEventPayload;
+          const response = await this.#sendForReply<DeleteModelResponse>(context, payload);
+          return response.model as Folder;
+        },
      },
      cookies: {
        getValue: async (args: GetCookieValueRequest) => {
@@ -867,6 +970,17 @@ export class PluginInstance {
  }
 }

+function stripDynamicCallbacks(inputs: { dynamic?: unknown }[]): FormInput[] {
+  return inputs.map((input) => {
+    // biome-ignore lint/suspicious/noExplicitAny: stripping dynamic from union type
+    const { dynamic, ...rest } = input as any;
+    if ('inputs' in rest && Array.isArray(rest.inputs)) {
+      rest.inputs = stripDynamicCallbacks(rest.inputs);
+    }
+    return rest as FormInput;
+  });
+}
+
 function genId(len = 5): string {
  const alphabet = '01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  let id = '';
--- a/packages/plugin-runtime/src/common.ts
+++ b/packages/plugin-runtime/src/common.ts
@@ -1,9 +1,21 @@
-import type { Context, DynamicAuthenticationArg, DynamicTemplateFunctionArg } from '@yaakapp/api';
+import type {
+  CallPromptFormDynamicArgs,
+  Context,
+  DynamicAuthenticationArg,
+  DynamicPromptFormArg,
+  DynamicTemplateFunctionArg,
+} from '@yaakapp/api';
 import type {
  CallHttpAuthenticationActionArgs,
  CallTemplateFunctionArgs,
 } from '@yaakapp-internal/plugins';

+type AnyDynamicArg = DynamicTemplateFunctionArg | DynamicAuthenticationArg | DynamicPromptFormArg;
+type AnyCallArgs =
+  | CallTemplateFunctionArgs
+  | CallHttpAuthenticationActionArgs
+  | CallPromptFormDynamicArgs;
+
 export async function applyDynamicFormInput(
  ctx: Context,
  args: DynamicTemplateFunctionArg[],
@@ -18,30 +30,40 @@ export async function applyDynamicFormInput(

 export async function applyDynamicFormInput(
  ctx: Context,
-  args: (DynamicTemplateFunctionArg | DynamicAuthenticationArg)[],
-  callArgs: CallTemplateFunctionArgs | CallHttpAuthenticationActionArgs,
-): Promise<(DynamicTemplateFunctionArg | DynamicAuthenticationArg)[]> {
-  const resolvedArgs: (DynamicTemplateFunctionArg | DynamicAuthenticationArg)[] = [];
+  args: DynamicPromptFormArg[],
+  callArgs: CallPromptFormDynamicArgs,
+): Promise<DynamicPromptFormArg[]>;
+
+export async function applyDynamicFormInput(
+  ctx: Context,
+  args: AnyDynamicArg[],
+  callArgs: AnyCallArgs,
+): Promise<AnyDynamicArg[]> {
+  const resolvedArgs: AnyDynamicArg[] = [];
  for (const { dynamic, ...arg } of args) {
    const dynamicResult =
      typeof dynamic === 'function'
        ? await dynamic(
            ctx,
-            callArgs as CallTemplateFunctionArgs & CallHttpAuthenticationActionArgs,
+            callArgs as CallTemplateFunctionArgs &
+              CallHttpAuthenticationActionArgs &
+              CallPromptFormDynamicArgs,
          )
        : undefined;

    const newArg = {
      ...arg,
      ...dynamicResult,
-    } as DynamicTemplateFunctionArg | DynamicAuthenticationArg;
+    } as AnyDynamicArg;

    if ('inputs' in newArg && Array.isArray(newArg.inputs)) {
      try {
        newArg.inputs = await applyDynamicFormInput(
          ctx,
          newArg.inputs as DynamicTemplateFunctionArg[],
-          callArgs as CallTemplateFunctionArgs & CallHttpAuthenticationActionArgs,
+          callArgs as CallTemplateFunctionArgs &
+            CallHttpAuthenticationActionArgs &
+            CallPromptFormDynamicArgs,
        );
      } catch (e) {
        console.error('Failed to apply dynamic form input', e);
--- a/plugins-external/httpsnippet/README.md
+++ b/plugins-external/httpsnippet/README.md
@@ -0,0 +1,45 @@
+# Yaak HTTP Snippet Plugin
+
+Generate code snippets for HTTP requests in various languages and frameworks,
+powered by [@readme/httpsnippet](https://github.com/readmeio/httpsnippet).
+
+![Httpsnippet plugin](https://assets.yaak.app/uploads/httpsnippet-guiaX_1786x1420.png)
+
+## How It Works
+
+Right-click any HTTP request (or use the `...` menu) and select **Generate Code Snippet**.
+A dialog lets you pick a language and library, with a live preview of the generated code.
+Click **Copy to Clipboard** to copy the snippet. Your language and library selections are
+remembered for next time.
+
+## Supported Languages
+
+Each language supports one or more libraries:
+
+| Language | Libraries |
+|---|---|
+| C | libcurl |
+| Clojure | clj-http |
+| C# | HttpClient, RestSharp |
+| Go | Native |
+| HTTP | HTTP/1.1 |
+| Java | AsyncHttp, NetHttp, OkHttp, Unirest |
+| JavaScript | Axios, fetch, jQuery, XHR |
+| Kotlin | OkHttp |
+| Node.js | Axios, fetch, HTTP, Request, Unirest |
+| Objective-C | NSURLSession |
+| OCaml | CoHTTP |
+| PHP | cURL, Guzzle, HTTP v1, HTTP v2 |
+| PowerShell | Invoke-WebRequest, RestMethod |
+| Python | http.client, Requests |
+| R | httr |
+| Ruby | Native |
+| Shell | cURL, HTTPie, Wget |
+| Swift | URLSession |
+
+## Features
+
+- Renders template variables before generating snippets, so the output reflects real values
+- Supports all body types: JSON, form-urlencoded, multipart, GraphQL, and raw text
+- Includes authentication headers (Basic, Bearer, and API Key)
+- Includes query parameters and custom headers
--- a/plugins-external/httpsnippet/package.json
+++ b/plugins-external/httpsnippet/package.json
@@ -0,0 +1,24 @@
+{
+  "name": "@yaak/httpsnippet",
+  "private": true,
+  "version": "1.0.3",
+  "displayName": "HTTP Snippet",
+  "description": "Generate code snippets for HTTP requests in various languages and frameworks",
+  "minYaakVersion": "2026.2.0-beta.10",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mountain-loop/yaak.git",
+    "directory": "plugins-external/httpsnippet"
+  },
+  "scripts": {
+    "build": "yaakcli build",
+    "dev": "yaakcli dev"
+  },
+  "dependencies": {
+    "@readme/httpsnippet": "^11.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "typescript": "^5.9.3"
+  }
+}
--- a/plugins-external/httpsnippet/src/index.ts
+++ b/plugins-external/httpsnippet/src/index.ts
@@ -0,0 +1,314 @@
+import { availableTargets, type HarRequest, HTTPSnippet } from '@readme/httpsnippet';
+import type { EditorLanguage, HttpRequest, PluginDefinition } from '@yaakapp/api';
+
+// Get all available targets and build select options
+const targets = availableTargets();
+
+// Targets to exclude from the language list
+const excludedTargets = new Set(['json']);
+
+// Build language (target) options
+const languageOptions = targets
+  .filter((target) => !excludedTargets.has(target.key))
+  .map((target) => ({
+    label: target.title,
+    value: target.key,
+  }));
+
+// Preferred clients per target (shown first in the list)
+const preferredClients: Record<string, string> = {
+  javascript: 'fetch',
+  node: 'fetch',
+};
+
+// Get client options for a given target key
+function getClientOptions(targetKey: string) {
+  const target = targets.find((t) => t.key === targetKey);
+  if (!target) return [];
+  const preferred = preferredClients[targetKey];
+  return target.clients
+    .map((client) => ({
+      label: client.title,
+      value: client.key,
+    }))
+    .sort((a, b) => {
+      if (a.value === preferred) return -1;
+      if (b.value === preferred) return 1;
+      return 0;
+    });
+}
+
+// Get default client for a target
+function getDefaultClient(targetKey: string): string {
+  const options = getClientOptions(targetKey);
+  return options[0]?.value ?? '';
+}
+
+// Defaults
+const defaultTarget = 'javascript';
+
+// Map httpsnippet target key to editor language for syntax highlighting
+const editorLanguageMap: Record<string, EditorLanguage> = {
+  c: 'c',
+  clojure: 'clojure',
+  csharp: 'csharp',
+  go: 'go',
+  http: 'http',
+  java: 'java',
+  javascript: 'javascript',
+  kotlin: 'kotlin',
+  node: 'javascript',
+  objc: 'objective_c',
+  ocaml: 'ocaml',
+  php: 'php',
+  powershell: 'powershell',
+  python: 'python',
+  r: 'r',
+  ruby: 'ruby',
+  shell: 'shell',
+  swift: 'swift',
+};
+
+function getEditorLanguage(targetKey: string): EditorLanguage {
+  return editorLanguageMap[targetKey] ?? 'text';
+}
+
+// Convert Yaak HttpRequest to HAR format
+function toHarRequest(request: Partial<HttpRequest>) {
+  // Build URL with query parameters
+  let finalUrl = request.url || '';
+  const urlParams = (request.urlParameters ?? []).filter((p) => p.enabled !== false && !!p.name);
+  if (urlParams.length > 0) {
+    const [base, hash] = finalUrl.split('#');
+    const separator = base?.includes('?') ? '&' : '?';
+    const queryString = urlParams
+      .map((p) => `${encodeURIComponent(p.name)}=${encodeURIComponent(p.value)}`)
+      .join('&');
+    finalUrl = base + separator + queryString + (hash ? `#${hash}` : '');
+  }
+
+  // Build headers array
+  const headers: Array<{ name: string; value: string }> = (request.headers ?? [])
+    .filter((h) => h.enabled !== false && !!h.name)
+    .map((h) => ({ name: h.name, value: h.value }));
+
+  // Handle authentication
+  if (request.authentication?.disabled !== true) {
+    if (request.authenticationType === 'basic') {
+      const credentials = btoa(
+        `${request.authentication?.username ?? ''}:${request.authentication?.password ?? ''}`,
+      );
+      headers.push({ name: 'Authorization', value: `Basic ${credentials}` });
+    } else if (request.authenticationType === 'bearer') {
+      const prefix = request.authentication?.prefix ?? 'Bearer';
+      const token = request.authentication?.token ?? '';
+      headers.push({ name: 'Authorization', value: `${prefix} ${token}`.trim() });
+    } else if (request.authenticationType === 'apikey') {
+      if (request.authentication?.location === 'header') {
+        headers.push({
+          name: request.authentication?.key ?? 'X-Api-Key',
+          value: request.authentication?.value ?? '',
+        });
+      } else if (request.authentication?.location === 'query') {
+        const sep = finalUrl.includes('?') ? '&' : '?';
+        finalUrl = [
+          finalUrl,
+          sep,
+          encodeURIComponent(request.authentication?.key ?? 'token'),
+          '=',
+          encodeURIComponent(request.authentication?.value ?? ''),
+        ].join('');
+      }
+    }
+  }
+
+  // Build HAR request object
+  const har: Record<string, unknown> = {
+    method: request.method || 'GET',
+    url: finalUrl,
+    headers,
+  };
+
+  // Handle request body
+  const bodyType = request.bodyType ?? 'none';
+  if (bodyType !== 'none' && request.body) {
+    if (bodyType === 'application/x-www-form-urlencoded' && Array.isArray(request.body.form)) {
+      const params = request.body.form
+        .filter((p: { enabled?: boolean; name?: string }) => p.enabled !== false && !!p.name)
+        .map((p: { name: string; value: string }) => ({ name: p.name, value: p.value }));
+      har.postData = {
+        mimeType: 'application/x-www-form-urlencoded',
+        params,
+      };
+    } else if (bodyType === 'multipart/form-data' && Array.isArray(request.body.form)) {
+      const params = request.body.form
+        .filter((p: { enabled?: boolean; name?: string }) => p.enabled !== false && !!p.name)
+        .map((p: { name: string; value: string; file?: string; contentType?: string }) => {
+          const param: Record<string, string> = { name: p.name, value: p.value || '' };
+          if (p.file) param.fileName = p.file;
+          if (p.contentType) param.contentType = p.contentType;
+          return param;
+        });
+      har.postData = {
+        mimeType: 'multipart/form-data',
+        params,
+      };
+    } else if (bodyType === 'graphql' && typeof request.body.query === 'string') {
+      const body = {
+        query: request.body.query || '',
+        variables: maybeParseJSON(request.body.variables, undefined),
+      };
+      har.postData = {
+        mimeType: 'application/json',
+        text: JSON.stringify(body),
+      };
+    } else if (typeof request.body.text === 'string') {
+      har.postData = {
+        mimeType: bodyType,
+        text: request.body.text,
+      };
+    }
+  }
+
+  return har;
+}
+
+function maybeParseJSON<T>(v: unknown, fallback: T): T | unknown {
+  if (typeof v !== 'string') return fallback;
+  try {
+    return JSON.parse(v);
+  } catch {
+    return fallback;
+  }
+}
+
+export const plugin: PluginDefinition = {
+  httpRequestActions: [
+    {
+      label: 'Generate Code Snippet',
+      icon: 'copy',
+      async onSelect(ctx, args) {
+        // Render the request with variables resolved
+        const renderedRequest = await ctx.httpRequest.render({
+          httpRequest: args.httpRequest,
+          purpose: 'send',
+        });
+
+        // Convert to HAR format
+        const harRequest = toHarRequest(renderedRequest) as HarRequest;
+
+        // Get previously selected language or use defaults
+        const storedTarget = await ctx.store.get<string>('selectedTarget');
+        const initialTarget = storedTarget || defaultTarget;
+        const storedClient = await ctx.store.get<string>(`selectedClient:${initialTarget}`);
+        const initialClient = storedClient || getDefaultClient(initialTarget);
+
+        // Create snippet generator
+        const snippet = new HTTPSnippet(harRequest);
+        const generateSnippet = (target: string, client: string): string => {
+          const result = snippet.convert(target as any, client);
+          return (Array.isArray(result) ? result.join('\n') : result || '').replace(/\r\n/g, '\n');
+        };
+
+        // Generate initial code preview
+        let initialCode = '';
+        try {
+          initialCode = generateSnippet(initialTarget, initialClient);
+        } catch {
+          initialCode = '// Error generating snippet';
+        }
+
+        // Show dialog with language/library selectors and code preview
+        const result = await ctx.prompt.form({
+          id: 'httpsnippet',
+          title: 'Generate Code Snippet',
+          confirmText: 'Copy to Clipboard',
+          cancelText: 'Cancel',
+          size: 'md',
+          inputs: [
+            {
+              type: 'h_stack',
+              inputs: [
+                {
+                  type: 'select',
+                  name: 'target',
+                  label: 'Language',
+                  defaultValue: initialTarget,
+                  options: languageOptions,
+                },
+                {
+                  type: 'select',
+                  name: `client-${initialTarget}`,
+                  label: 'Library',
+                  defaultValue: initialClient,
+                  options: getClientOptions(initialTarget),
+                  dynamic(_ctx, { values }) {
+                    const targetKey = String(values.target || defaultTarget);
+                    const options = getClientOptions(targetKey);
+                    return {
+                      name: `client-${targetKey}`,
+                      options,
+                      defaultValue: options[0]?.value ?? '',
+                    };
+                  },
+                },
+              ],
+            },
+            {
+              type: 'editor',
+              name: 'code',
+              label: 'Preview',
+              language: getEditorLanguage(initialTarget),
+              defaultValue: initialCode,
+              readOnly: true,
+              rows: 15,
+              dynamic(_ctx, { values }) {
+                const targetKey = String(values.target || defaultTarget);
+                const clientKey = String(
+                  values[`client-${targetKey}`] || getDefaultClient(targetKey),
+                );
+                let code: string;
+                try {
+                  code = generateSnippet(targetKey, clientKey);
+                } catch {
+                  code = '// Error generating snippet';
+                }
+                return {
+                  defaultValue: code,
+                  language: getEditorLanguage(targetKey),
+                };
+              },
+            },
+          ],
+        });
+
+        if (result) {
+          // Store the selected language and library for next time
+          const selectedTarget = String(result.target || initialTarget);
+          const selectedClient = String(
+            result[`client-${selectedTarget}`] || getDefaultClient(selectedTarget),
+          );
+          await ctx.store.set('selectedTarget', selectedTarget);
+          await ctx.store.set(`selectedClient:${selectedTarget}`, selectedClient);
+
+          // Generate snippet for the selected language
+          try {
+            const codeText = generateSnippet(selectedTarget, selectedClient);
+            await ctx.clipboard.copyText(codeText);
+            await ctx.toast.show({
+              message: 'Code snippet copied to clipboard',
+              icon: 'copy',
+              color: 'success',
+            });
+          } catch (err) {
+            await ctx.toast.show({
+              message: `Failed to generate snippet: ${err}`,
+              icon: 'alert_triangle',
+              color: 'danger',
+            });
+          }
+        }
+      },
+    },
+  ],
+};
--- a/plugins-external/mcp-server/package.json
+++ b/plugins-external/mcp-server/package.json
@@ -1,10 +1,10 @@
 {
  "name": "@yaak/mcp-server",
  "private": true,
-  "version": "0.1.7",
+  "version": "0.2.1",
  "displayName": "MCP Server",
  "description": "Expose Yaak functionality via Model Context Protocol",
-  "minYaakVersion": "2025.10.0-beta.6",
+  "minYaakVersion": "2026.1.0",
  "repository": {
    "type": "git",
    "url": "https://github.com/mountain-loop/yaak.git",
@@ -17,8 +17,8 @@
  "dependencies": {
    "@hono/mcp": "^0.2.3",
    "@hono/node-server": "^1.19.7",
-    "@modelcontextprotocol/sdk": "^1.25.2",
-    "hono": "^4.11.3",
+    "@modelcontextprotocol/sdk": "^1.26.0",
+    "hono": "^4.11.7",
    "zod": "^3.25.76"
  },
  "devDependencies": {
--- a/plugins-external/mcp-server/src/tools/folder.ts
+++ b/plugins-external/mcp-server/src/tools/folder.ts
@@ -2,6 +2,12 @@ import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import * as z from 'zod';
 import type { McpServerContext } from '../types.js';
 import { getWorkspaceContext } from './helpers.js';
+import {
+  authenticationSchema,
+  authenticationTypeSchema,
+  headersSchema,
+  workspaceIdSchema,
+} from './schemas.js';

 export function registerFolderTools(server: McpServer, ctx: McpServerContext) {
  server.registerTool(
@@ -10,10 +16,7 @@ export function registerFolderTools(server: McpServer, ctx: McpServerContext) {
      title: 'List Folders',
      description: 'List all folders in a workspace',
      inputSchema: {
-        workspaceId: z
-          .string()
-          .optional()
-          .describe('Workspace ID (required if multiple workspaces are open)'),
+        workspaceId: workspaceIdSchema,
      },
    },
    async ({ workspaceId }) => {
@@ -30,4 +33,116 @@ export function registerFolderTools(server: McpServer, ctx: McpServerContext) {
      };
    },
  );
+
+  server.registerTool(
+    'get_folder',
+    {
+      title: 'Get Folder',
+      description: 'Get details of a specific folder by ID',
+      inputSchema: {
+        id: z.string().describe('The folder ID'),
+        workspaceId: workspaceIdSchema,
+      },
+    },
+    async ({ id, workspaceId }) => {
+      const workspaceCtx = await getWorkspaceContext(ctx, workspaceId);
+      const folder = await workspaceCtx.yaak.folder.getById({ id });
+
+      return {
+        content: [
+          {
+            type: 'text' as const,
+            text: JSON.stringify(folder, null, 2),
+          },
+        ],
+      };
+    },
+  );
+
+  server.registerTool(
+    'create_folder',
+    {
+      title: 'Create Folder',
+      description: 'Create a new folder in a workspace',
+      inputSchema: {
+        workspaceId: workspaceIdSchema,
+        name: z.string().describe('Folder name'),
+        folderId: z.string().optional().describe('Parent folder ID (for nested folders)'),
+        description: z.string().optional().describe('Folder description'),
+        sortPriority: z.number().optional().describe('Sort priority for ordering'),
+        headers: headersSchema.describe('Default headers to apply to requests in this folder'),
+        authenticationType: authenticationTypeSchema,
+        authentication: authenticationSchema,
+      },
+    },
+    async ({ workspaceId: ogWorkspaceId, ...args }) => {
+      const workspaceCtx = await getWorkspaceContext(ctx, ogWorkspaceId);
+      const workspaceId = await workspaceCtx.yaak.window.workspaceId();
+      if (!workspaceId) {
+        throw new Error('No workspace is open');
+      }
+
+      const folder = await workspaceCtx.yaak.folder.create({
+        workspaceId: workspaceId,
+        ...args,
+      });
+
+      return {
+        content: [{ type: 'text' as const, text: JSON.stringify(folder, null, 2) }],
+      };
+    },
+  );
+
+  server.registerTool(
+    'update_folder',
+    {
+      title: 'Update Folder',
+      description: 'Update an existing folder',
+      inputSchema: {
+        id: z.string().describe('Folder ID to update'),
+        workspaceId: workspaceIdSchema,
+        name: z.string().optional().describe('Folder name'),
+        folderId: z.string().optional().describe('Parent folder ID (for nested folders)'),
+        description: z.string().optional().describe('Folder description'),
+        sortPriority: z.number().optional().describe('Sort priority for ordering'),
+        headers: headersSchema.describe('Default headers to apply to requests in this folder'),
+        authenticationType: authenticationTypeSchema,
+        authentication: authenticationSchema,
+      },
+    },
+    async ({ id, workspaceId, ...updates }) => {
+      const workspaceCtx = await getWorkspaceContext(ctx, workspaceId);
+      // Fetch existing folder to merge with updates
+      const existing = await workspaceCtx.yaak.folder.getById({ id });
+      if (!existing) {
+        throw new Error(`Folder with ID ${id} not found`);
+      }
+      // Merge existing fields with updates
+      const folder = await workspaceCtx.yaak.folder.update({
+        ...existing,
+        ...updates,
+        id,
+      });
+      return {
+        content: [{ type: 'text' as const, text: JSON.stringify(folder, null, 2) }],
+      };
+    },
+  );
+
+  server.registerTool(
+    'delete_folder',
+    {
+      title: 'Delete Folder',
+      description: 'Delete a folder by ID',
+      inputSchema: {
+        id: z.string().describe('Folder ID to delete'),
+      },
+    },
+    async ({ id }) => {
+      const folder = await ctx.yaak.folder.delete({ id });
+      return {
+        content: [{ type: 'text' as const, text: `Deleted: ${folder.name} (${folder.id})` }],
+      };
+    },
+  );
 }
--- a/plugins-external/mcp-server/src/tools/httpRequest.ts
+++ b/plugins-external/mcp-server/src/tools/httpRequest.ts
@@ -2,6 +2,15 @@ import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import * as z from 'zod';
 import type { McpServerContext } from '../types.js';
 import { getWorkspaceContext } from './helpers.js';
+import {
+  authenticationSchema,
+  authenticationTypeSchema,
+  bodySchema,
+  bodyTypeSchema,
+  headersSchema,
+  urlParametersSchema,
+  workspaceIdSchema,
+} from './schemas.js';

 export function registerHttpRequestTools(server: McpServer, ctx: McpServerContext) {
  server.registerTool(
@@ -10,10 +19,7 @@ export function registerHttpRequestTools(server: McpServer, ctx: McpServerContex
      title: 'List HTTP Requests',
      description: 'List all HTTP requests in a workspace',
      inputSchema: {
-        workspaceId: z
-          .string()
-          .optional()
-          .describe('Workspace ID (required if multiple workspaces are open)'),
+        workspaceId: workspaceIdSchema,
      },
    },
    async ({ workspaceId }) => {
@@ -38,10 +44,7 @@ export function registerHttpRequestTools(server: McpServer, ctx: McpServerContex
      description: 'Get details of a specific HTTP request by ID',
      inputSchema: {
        id: z.string().describe('The HTTP request ID'),
-        workspaceId: z
-          .string()
-          .optional()
-          .describe('Workspace ID (required if multiple workspaces are open)'),
+        workspaceId: workspaceIdSchema,
      },
    },
    async ({ id, workspaceId }) => {
@@ -67,10 +70,7 @@ export function registerHttpRequestTools(server: McpServer, ctx: McpServerContex
      inputSchema: {
        id: z.string().describe('The HTTP request ID to send'),
        environmentId: z.string().optional().describe('Optional environment ID to use'),
-        workspaceId: z
-          .string()
-          .optional()
-          .describe('Workspace ID (required if multiple workspaces are open)'),
+        workspaceId: workspaceIdSchema,
      },
    },
    async ({ id, workspaceId }) => {
@@ -99,10 +99,7 @@ export function registerHttpRequestTools(server: McpServer, ctx: McpServerContex
      title: 'Create HTTP Request',
      description: 'Create a new HTTP request',
      inputSchema: {
-        workspaceId: z
-          .string()
-          .optional()
-          .describe('Workspace ID (required if multiple workspaces are open)'),
+        workspaceId: workspaceIdSchema,
        name: z
          .string()
          .optional()
@@ -111,62 +108,12 @@ export function registerHttpRequestTools(server: McpServer, ctx: McpServerContex
        method: z.string().optional().describe('HTTP method (defaults to GET)'),
        folderId: z.string().optional().describe('Parent folder ID'),
        description: z.string().optional().describe('Request description'),
-        headers: z
-          .array(
-            z.object({
-              name: z.string(),
-              value: z.string(),
-              enabled: z.boolean().default(true),
-            }),
-          )
-          .optional()
-          .describe('Request headers'),
-        urlParameters: z
-          .array(
-            z.object({
-              name: z.string(),
-              value: z.string(),
-              enabled: z.boolean().default(true),
-            }),
-          )
-          .optional()
-          .describe('URL query parameters'),
-        bodyType: z
-          .string()
-          .optional()
-          .describe(
-            'Body type. Supported values: "binary", "graphql", "application/x-www-form-urlencoded", "multipart/form-data", or any text-based type (e.g., "application/json", "text/plain")',
-          ),
-        body: z
-          .record(z.string(), z.any())
-          .optional()
-          .describe(
-            'Body content object. Structure varies by bodyType:\n' +
-              '- "binary": { filePath: "/path/to/file" }\n' +
-              '- "graphql": { query: "{ users { name } }", variables: "{\\"id\\": \\"123\\"}" }\n' +
-              '- "application/x-www-form-urlencoded": { form: [{ name: "key", value: "val", enabled: true }] }\n' +
-              '- "multipart/form-data": { form: [{ name: "field", value: "text", file: "/path/to/file", enabled: true }] }\n' +
-              '- text-based (application/json, etc.): { text: "raw body content" }',
-          ),
-        authenticationType: z
-          .string()
-          .optional()
-          .describe(
-            'Authentication type. Common values: "basic", "bearer", "oauth2", "apikey", "jwt", "awsv4", "oauth1", "ntlm", "none". Use null to inherit from parent folder/workspace.',
-          ),
-        authentication: z
-          .record(z.string(), z.any())
-          .optional()
-          .describe(
-            'Authentication configuration object. Structure varies by authenticationType:\n' +
-              '- "basic": { username: "user", password: "pass" }\n' +
-              '- "bearer": { token: "abc123", prefix: "Bearer" }\n' +
-              '- "oauth2": { clientId: "...", clientSecret: "...", grantType: "authorization_code", authorizationUrl: "...", accessTokenUrl: "...", scope: "...", ... }\n' +
-              '- "apikey": { location: "header" | "query", key: "X-API-Key", value: "..." }\n' +
-              '- "jwt": { algorithm: "HS256", secret: "...", payload: "{ ... }" }\n' +
-              '- "awsv4": { accessKeyId: "...", secretAccessKey: "...", service: "sts", region: "us-east-1", sessionToken: "..." }\n' +
-              '- "none": {}',
-          ),
+        headers: headersSchema.describe('Request headers'),
+        urlParameters: urlParametersSchema,
+        bodyType: bodyTypeSchema,
+        body: bodySchema,
+        authenticationType: authenticationTypeSchema,
+        authentication: authenticationSchema,
      },
    },
    async ({ workspaceId: ogWorkspaceId, ...args }) => {
@@ -194,68 +141,18 @@ export function registerHttpRequestTools(server: McpServer, ctx: McpServerContex
      description: 'Update an existing HTTP request',
      inputSchema: {
        id: z.string().describe('HTTP request ID to update'),
-        workspaceId: z.string().describe('Workspace ID'),
+        workspaceId: workspaceIdSchema,
        name: z.string().optional().describe('Request name'),
        url: z.string().optional().describe('Request URL'),
        method: z.string().optional().describe('HTTP method'),
        folderId: z.string().optional().describe('Parent folder ID'),
        description: z.string().optional().describe('Request description'),
-        headers: z
-          .array(
-            z.object({
-              name: z.string(),
-              value: z.string(),
-              enabled: z.boolean().default(true),
-            }),
-          )
-          .optional()
-          .describe('Request headers'),
-        urlParameters: z
-          .array(
-            z.object({
-              name: z.string(),
-              value: z.string(),
-              enabled: z.boolean().default(true),
-            }),
-          )
-          .optional()
-          .describe('URL query parameters'),
-        bodyType: z
-          .string()
-          .optional()
-          .describe(
-            'Body type. Supported values: "binary", "graphql", "application/x-www-form-urlencoded", "multipart/form-data", or any text-based type (e.g., "application/json", "text/plain")',
-          ),
-        body: z
-          .record(z.string(), z.any())
-          .optional()
-          .describe(
-            'Body content object. Structure varies by bodyType:\n' +
-              '- "binary": { filePath: "/path/to/file" }\n' +
-              '- "graphql": { query: "{ users { name } }", variables: "{\\"id\\": \\"123\\"}" }\n' +
-              '- "application/x-www-form-urlencoded": { form: [{ name: "key", value: "val", enabled: true }] }\n' +
-              '- "multipart/form-data": { form: [{ name: "field", value: "text", file: "/path/to/file", enabled: true }] }\n' +
-              '- text-based (application/json, etc.): { text: "raw body content" }',
-          ),
-        authenticationType: z
-          .string()
-          .optional()
-          .describe(
-            'Authentication type. Common values: "basic", "bearer", "oauth2", "apikey", "jwt", "awsv4", "oauth1", "ntlm", "none". Use null to inherit from parent folder/workspace.',
-          ),
-        authentication: z
-          .record(z.string(), z.any())
-          .optional()
-          .describe(
-            'Authentication configuration object. Structure varies by authenticationType:\n' +
-              '- "basic": { username: "user", password: "pass" }\n' +
-              '- "bearer": { token: "abc123", prefix: "Bearer" }\n' +
-              '- "oauth2": { clientId: "...", clientSecret: "...", grantType: "authorization_code", authorizationUrl: "...", accessTokenUrl: "...", scope: "...", ... }\n' +
-              '- "apikey": { location: "header" | "query", key: "X-API-Key", value: "..." }\n' +
-              '- "jwt": { algorithm: "HS256", secret: "...", payload: "{ ... }" }\n' +
-              '- "awsv4": { accessKeyId: "...", secretAccessKey: "...", service: "sts", region: "us-east-1", sessionToken: "..." }\n' +
-              '- "none": {}',
-          ),
+        headers: headersSchema.describe('Request headers'),
+        urlParameters: urlParametersSchema,
+        bodyType: bodyTypeSchema,
+        body: bodySchema,
+        authenticationType: authenticationTypeSchema,
+        authentication: authenticationSchema,
      },
    },
    async ({ id, workspaceId, ...updates }) => {
--- a/plugins-external/mcp-server/src/tools/schemas.ts
+++ b/plugins-external/mcp-server/src/tools/schemas.ts
@@ -0,0 +1,67 @@
+import * as z from 'zod';
+
+export const workspaceIdSchema = z
+  .string()
+  .optional()
+  .describe('Workspace ID (required if multiple workspaces are open)');
+
+export const headersSchema = z
+  .array(
+    z.object({
+      name: z.string(),
+      value: z.string(),
+      enabled: z.boolean().default(true),
+    }),
+  )
+  .optional();
+
+export const urlParametersSchema = z
+  .array(
+    z.object({
+      name: z.string(),
+      value: z.string(),
+      enabled: z.boolean().default(true),
+    }),
+  )
+  .optional()
+  .describe('URL query parameters');
+
+export const bodyTypeSchema = z
+  .string()
+  .optional()
+  .describe(
+    'Body type. Supported values: "binary", "graphql", "application/x-www-form-urlencoded", "multipart/form-data", or any text-based type (e.g., "application/json", "text/plain")',
+  );
+
+export const bodySchema = z
+  .record(z.string(), z.any())
+  .optional()
+  .describe(
+    'Body content object. Structure varies by bodyType:\n' +
+      '- "binary": { filePath: "/path/to/file" }\n' +
+      '- "graphql": { query: "{ users { name } }", variables: "{\\"id\\": \\"123\\"}" }\n' +
+      '- "application/x-www-form-urlencoded": { form: [{ name: "key", value: "val", enabled: true }] }\n' +
+      '- "multipart/form-data": { form: [{ name: "field", value: "text", file: "/path/to/file", enabled: true }] }\n' +
+      '- text-based (application/json, etc.): { text: "raw body content" }',
+  );
+
+export const authenticationTypeSchema = z
+  .string()
+  .optional()
+  .describe(
+    'Authentication type. Common values: "basic", "bearer", "oauth2", "apikey", "jwt", "awsv4", "oauth1", "ntlm", "none". Use null to inherit from parent.',
+  );
+
+export const authenticationSchema = z
+  .record(z.string(), z.any())
+  .optional()
+  .describe(
+    'Authentication configuration object. Structure varies by authenticationType:\n' +
+      '- "basic": { username: "user", password: "pass" }\n' +
+      '- "bearer": { token: "abc123", prefix: "Bearer" }\n' +
+      '- "oauth2": { clientId: "...", clientSecret: "...", grantType: "authorization_code", authorizationUrl: "...", accessTokenUrl: "...", scope: "...", ... }\n' +
+      '- "apikey": { location: "header" | "query", key: "X-API-Key", value: "..." }\n' +
+      '- "jwt": { algorithm: "HS256", secret: "...", payload: "{ ... }" }\n' +
+      '- "awsv4": { accessKeyId: "...", secretAccessKey: "...", service: "sts", region: "us-east-1", sessionToken: "..." }\n' +
+      '- "none": {}',
+  );
--- a/plugins/action-copy-curl/src/index.ts
+++ b/plugins/action-copy-curl/src/index.ts
@@ -10,7 +10,7 @@ export const plugin: PluginDefinition = {
      async onSelect(ctx, args) {
        const rendered_request = await ctx.httpRequest.render({
          httpRequest: args.httpRequest,
-          purpose: 'preview',
+          purpose: 'send',
        });
        const data = await convertToCurl(rendered_request);
        await ctx.clipboard.copyText(data);
--- a/plugins/auth-basic/package.json
+++ b/plugins/auth-basic/package.json
@@ -11,6 +11,7 @@
  "version": "0.1.0",
  "scripts": {
    "build": "yaakcli build",
-    "dev": "yaakcli dev"
+    "dev": "yaakcli dev",
+    "test": "vitest --run tests"
  }
 }
--- a/plugins/auth-basic/src/index.ts
+++ b/plugins/auth-basic/src/index.ts
@@ -21,7 +21,8 @@ export const plugin: PluginDefinition = {
      },
    ],
    async onApply(_ctx, { values }) {
-      const { username, password } = values;
+      const username = values.username ?? '';
+      const password = values.password ?? '';
      const value = `Basic ${Buffer.from(`${username}:${password}`).toString('base64')}`;
      return { setHeaders: [{ name: 'Authorization', value }] };
    },
--- a/plugins/auth-basic/tests/index.test.ts
+++ b/plugins/auth-basic/tests/index.test.ts
@@ -0,0 +1,77 @@
+import type { Context } from '@yaakapp/api';
+import { describe, expect, test } from 'vitest';
+import { plugin } from '../src';
+
+const ctx = {} as Context;
+
+describe('auth-basic', () => {
+  test('Both username and password', async () => {
+    expect(
+      await plugin.authentication?.onApply(ctx, {
+        values: { username: 'user', password: 'pass' },
+        headers: [],
+        url: 'https://yaak.app',
+        method: 'POST',
+        contextId: '111',
+      }),
+    ).toEqual({
+      setHeaders: [{ name: 'Authorization', value: `Basic ${Buffer.from('user:pass').toString('base64')}` }],
+    });
+  });
+
+  test('Empty password', async () => {
+    expect(
+      await plugin.authentication?.onApply(ctx, {
+        values: { username: 'apikey', password: '' },
+        headers: [],
+        url: 'https://yaak.app',
+        method: 'POST',
+        contextId: '111',
+      }),
+    ).toEqual({
+      setHeaders: [{ name: 'Authorization', value: `Basic ${Buffer.from('apikey:').toString('base64')}` }],
+    });
+  });
+
+  test('Missing password (undefined)', async () => {
+    expect(
+      await plugin.authentication?.onApply(ctx, {
+        values: { username: 'apikey' },
+        headers: [],
+        url: 'https://yaak.app',
+        method: 'POST',
+        contextId: '111',
+      }),
+    ).toEqual({
+      setHeaders: [{ name: 'Authorization', value: `Basic ${Buffer.from('apikey:').toString('base64')}` }],
+    });
+  });
+
+  test('Missing username (undefined)', async () => {
+    expect(
+      await plugin.authentication?.onApply(ctx, {
+        values: { password: 'secret' },
+        headers: [],
+        url: 'https://yaak.app',
+        method: 'POST',
+        contextId: '111',
+      }),
+    ).toEqual({
+      setHeaders: [{ name: 'Authorization', value: `Basic ${Buffer.from(':secret').toString('base64')}` }],
+    });
+  });
+
+  test('No values (both undefined)', async () => {
+    expect(
+      await plugin.authentication?.onApply(ctx, {
+        values: {},
+        headers: [],
+        url: 'https://yaak.app',
+        method: 'POST',
+        contextId: '111',
+      }),
+    ).toEqual({
+      setHeaders: [{ name: 'Authorization', value: `Basic ${Buffer.from(':').toString('base64')}` }],
+    });
+  });
+});
--- a/plugins/auth-oauth2/src/callbackServer.ts
+++ b/plugins/auth-oauth2/src/callbackServer.ts
@@ -0,0 +1,347 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import http from 'node:http';
+import type { Context } from '@yaakapp/api';
+
+export const HOSTED_CALLBACK_URL = 'https://oauth.yaak.app/redirect';
+export const DEFAULT_LOCALHOST_PORT = 8765;
+const CALLBACK_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
+
+/** Singleton: only one callback server runs at a time across all OAuth flows. */
+let activeServer: CallbackServerResult | null = null;
+
+export interface CallbackServerResult {
+  /** The port the server is listening on */
+  port: number;
+  /** The full redirect URI to register with the OAuth provider */
+  redirectUri: string;
+  /** Promise that resolves with the callback URL when received */
+  waitForCallback: () => Promise<string>;
+  /** Stop the server */
+  stop: () => void;
+}
+
+/**
+ * Start a local HTTP server to receive OAuth callbacks.
+ * Only one server runs at a time — if a previous server is still active,
+ * it is stopped before starting the new one.
+ * Returns the port, redirect URI, and a promise that resolves when the callback is received.
+ */
+export function startCallbackServer(options: {
+  /** Specific port to use, or 0 for random available port */
+  port?: number;
+  /** Path for the callback endpoint */
+  path?: string;
+  /** Timeout in milliseconds (default 5 minutes) */
+  timeoutMs?: number;
+}): Promise<CallbackServerResult> {
+  // Stop any previously active server before starting a new one
+  if (activeServer) {
+    console.log('[oauth2] Stopping previous callback server before starting new one');
+    activeServer.stop();
+    activeServer = null;
+  }
+
+  const { port = 0, path = '/callback', timeoutMs = CALLBACK_TIMEOUT_MS } = options;
+
+  return new Promise((resolve, reject) => {
+    let callbackResolve: ((url: string) => void) | null = null;
+    let callbackReject: ((err: Error) => void) | null = null;
+    let timeoutHandle: ReturnType<typeof setTimeout> | null = null;
+    let stopped = false;
+
+    const server = http.createServer((req: IncomingMessage, res: ServerResponse) => {
+      const reqUrl = new URL(req.url ?? '/', `http://${req.headers.host}`);
+
+      // Only handle the callback path
+      if (reqUrl.pathname !== path && reqUrl.pathname !== `${path}/`) {
+        res.writeHead(404, { 'Content-Type': 'text/plain' });
+        res.end('Not Found');
+        return;
+      }
+
+      if (req.method === 'POST') {
+        // POST: read JSON body with the final callback URL and resolve
+        let body = '';
+        req.on('data', (chunk: Buffer) => {
+          body += chunk.toString();
+        });
+        req.on('end', () => {
+          try {
+            const { url: callbackUrl } = JSON.parse(body);
+            if (!callbackUrl || typeof callbackUrl !== 'string') {
+              res.writeHead(400, { 'Content-Type': 'text/plain' });
+              res.end('Missing url in request body');
+              return;
+            }
+
+            // Send success response
+            res.writeHead(200, { 'Content-Type': 'text/plain' });
+            res.end('OK');
+
+            // Resolve the callback promise
+            if (callbackResolve) {
+              callbackResolve(callbackUrl);
+              callbackResolve = null;
+              callbackReject = null;
+            }
+
+            // Stop the server after a short delay to ensure response is sent
+            setTimeout(() => stopServer(), 100);
+          } catch {
+            res.writeHead(400, { 'Content-Type': 'text/plain' });
+            res.end('Invalid JSON');
+          }
+        });
+        return;
+      }
+
+      // GET: serve intermediate page that reads the fragment and POSTs back
+      res.writeHead(200, { 'Content-Type': 'text/html' });
+      res.end(getFragmentForwardingHtml());
+    });
+
+    server.on('error', (err: Error) => {
+      if (!stopped) {
+        reject(err);
+      }
+    });
+
+    const stopServer = () => {
+      if (stopped) return;
+      stopped = true;
+
+      // Clear the singleton reference
+      if (activeServer?.stop === stopServer) {
+        activeServer = null;
+      }
+
+      if (timeoutHandle) {
+        clearTimeout(timeoutHandle);
+        timeoutHandle = null;
+      }
+
+      server.close();
+
+      if (callbackReject) {
+        callbackReject(new Error('Callback server stopped'));
+        callbackResolve = null;
+        callbackReject = null;
+      }
+    };
+
+    server.listen(port, '127.0.0.1', () => {
+      const address = server.address();
+      if (!address || typeof address === 'string') {
+        reject(new Error('Failed to get server address'));
+        return;
+      }
+
+      const actualPort = address.port;
+      const redirectUri = `http://127.0.0.1:${actualPort}${path}`;
+
+      console.log(`[oauth2] Callback server listening on ${redirectUri}`);
+
+      const result: CallbackServerResult = {
+        port: actualPort,
+        redirectUri,
+        waitForCallback: () => {
+          return new Promise<string>((res, rej) => {
+            if (stopped) {
+              rej(new Error('Callback server already stopped'));
+              return;
+            }
+
+            callbackResolve = res;
+            callbackReject = rej;
+
+            // Set timeout
+            timeoutHandle = setTimeout(() => {
+              if (callbackReject) {
+                callbackReject(new Error('Authorization timed out'));
+                callbackResolve = null;
+                callbackReject = null;
+              }
+              stopServer();
+            }, timeoutMs);
+          });
+        },
+        stop: stopServer,
+      };
+
+      activeServer = result;
+      resolve(result);
+    });
+  });
+}
+
+/**
+ * Build the redirect URI for the hosted callback page.
+ * The hosted page will redirect to the local server with the OAuth response.
+ */
+export function buildHostedCallbackRedirectUri(localPort: number, localPath: string): string {
+  const localRedirectUri = `http://127.0.0.1:${localPort}${localPath}`;
+  // The hosted callback page will read params and redirect to the local server
+  return `${HOSTED_CALLBACK_URL}?redirect_to=${encodeURIComponent(localRedirectUri)}`;
+}
+
+/**
+ * Stop the active callback server if one is running.
+ * Called during plugin dispose to ensure the server is cleaned up before the process exits.
+ */
+export function stopActiveServer(): void {
+  if (activeServer) {
+    console.log('[oauth2] Stopping active callback server during dispose');
+    activeServer.stop();
+    activeServer = null;
+  }
+}
+
+/**
+ * Open an authorization URL in the system browser, start a local callback server,
+ * and wait for the OAuth provider to redirect back.
+ *
+ * Returns the raw callback URL and the redirect URI that was registered with the
+ * OAuth provider (needed for token exchange).
+ */
+export async function getRedirectUrlViaExternalBrowser(
+  ctx: Context,
+  authorizationUrl: URL,
+  options: {
+    callbackType: 'localhost' | 'hosted';
+    callbackPort?: number;
+  },
+): Promise<{ callbackUrl: string; redirectUri: string }> {
+  const { callbackType, callbackPort } = options;
+
+  // Determine port based on callback type:
+  // - localhost: use specified port or default stable port
+  // - hosted: use random port (0) since hosted page redirects to local
+  const port = callbackType === 'localhost' ? (callbackPort ?? DEFAULT_LOCALHOST_PORT) : 0;
+
+  console.log(
+    `[oauth2] Starting callback server (type: ${callbackType}, port: ${port || 'random'})`,
+  );
+
+  const server = await startCallbackServer({
+    port,
+    path: '/callback',
+  });
+
+  try {
+    // Determine the redirect URI to send to the OAuth provider
+    let oauthRedirectUri: string;
+
+    if (callbackType === 'hosted') {
+      oauthRedirectUri = buildHostedCallbackRedirectUri(server.port, '/callback');
+      console.log('[oauth2] Using hosted callback redirect:', oauthRedirectUri);
+    } else {
+      oauthRedirectUri = server.redirectUri;
+      console.log('[oauth2] Using localhost callback redirect:', oauthRedirectUri);
+    }
+
+    // Set the redirect URI on the authorization URL
+    authorizationUrl.searchParams.set('redirect_uri', oauthRedirectUri);
+
+    const authorizationUrlStr = authorizationUrl.toString();
+    console.log('[oauth2] Opening external browser:', authorizationUrlStr);
+
+    // Show toast to inform user
+    await ctx.toast.show({
+      message: 'Opening browser for authorization...',
+      icon: 'info',
+      timeout: 3000,
+    });
+
+    // Open the system browser
+    await ctx.window.openExternalUrl(authorizationUrlStr);
+
+    // Wait for the callback
+    console.log('[oauth2] Waiting for callback on', server.redirectUri);
+    const callbackUrl = await server.waitForCallback();
+
+    console.log('[oauth2] Received callback:', callbackUrl);
+
+    return { callbackUrl, redirectUri: oauthRedirectUri };
+  } finally {
+    server.stop();
+  }
+}
+
+/**
+ * Intermediate HTML page that reads the URL fragment and _fragment query param,
+ * reconstructs a proper OAuth callback URL, and POSTs it back to the server.
+ *
+ * Handles three cases:
+ * - Localhost implicit: fragment is in location.hash (e.g. #access_token=...)
+ * - Hosted implicit: fragment was converted to ?_fragment=... by the hosted redirect page
+ * - Auth code: no fragment, code is already in query params
+ */
+function getFragmentForwardingHtml(): string {
+  return `<!DOCTYPE html>
+<html>
+<head>
+  <title>Yaak</title>
+  <style>
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      background: hsl(244,23%,14%);
+      color: hsl(245,23%,85%);
+    }
+    .container { text-align: center; }
+    .logo { display: block; width: 100px; height: 100px; margin: 0 auto 32px; border-radius: 50%; }
+    h1 { font-size: 28px; font-weight: 600; margin-bottom: 12px; }
+    p { font-size: 16px; color: hsl(245,18%,58%); }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <svg class="logo" viewBox="0 0 1024 1024" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="g" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(649.94,712.03,-712.03,649.94,179.25,220.59)"><stop offset="0" stop-color="#4cc48c"/><stop offset=".5" stop-color="#476cc9"/><stop offset="1" stop-color="#ba1ab7"/></linearGradient></defs><rect x="0" y="0" width="1024" height="1024" fill="url(#g)"/><g transform="matrix(0.822,0,0,0.822,91.26,91.26)"><path d="M766.775,105.176C902.046,190.129 992.031,340.639 992.031,512C992.031,706.357 876.274,873.892 710,949.361C684.748,838.221 632.417,791.074 538.602,758.96C536.859,790.593 545.561,854.983 522.327,856.611C477.951,859.719 321.557,782.368 310.75,710.135C300.443,641.237 302.536,535.834 294.475,482.283C86.974,483.114 245.65,303.256 245.65,303.256L261.925,368.357L294.475,368.357C294.475,368.357 298.094,296.03 310.75,286.981C326.511,275.713 366.457,254.592 473.502,254.431C519.506,190.629 692.164,133.645 766.775,105.176ZM603.703,352.082C598.577,358.301 614.243,384.787 623.39,401.682C639.967,432.299 672.34,459.32 760.231,456.739C780.796,456.135 808.649,456.743 831.555,448.316C919.689,369.191 665.548,260.941 652.528,270.706C629.157,288.235 677.433,340.481 685.079,352.082C663.595,350.818 630.521,352.121 603.703,352.082ZM515.817,516.822C491.026,516.822 470.898,536.949 470.898,561.741C470.898,586.532 491.026,606.66 515.817,606.66C540.609,606.66 560.736,586.532 560.736,561.741C560.736,536.949 540.609,516.822 515.817,516.822ZM656.608,969.83C610.979,984.25 562.391,992.031 512,992.031C247.063,992.031 31.969,776.937 31.969,512C31.969,247.063 247.063,31.969 512,31.969C581.652,31.969 647.859,46.835 707.634,73.574C674.574,86.913 627.224,104.986 620,103.081C343.573,30.201 98.64,283.528 98.64,511.993C98.64,761.842 376.244,989.043 627.831,910C637.21,907.053 645.743,936.753 656.608,969.83Z" fill="#fff"/></g></svg>
+    <h1 id="title">Authorizing...</h1>
+    <p id="message">Please wait</p>
+  </div>
+  <script>
+  (function() {
+    var title = document.getElementById('title');
+    var message = document.getElementById('message');
+    var url = new URL(window.location.href);
+    var fragment = window.location.hash;
+    var fragmentParam = url.searchParams.get('_fragment');
+
+    // Build the final callback URL:
+    // 1. If _fragment query param exists (from hosted redirect), convert it back to a real fragment
+    // 2. If location.hash exists (direct localhost implicit), use it as-is
+    // 3. Otherwise (auth code flow), use the URL as-is with query params
+    if (fragmentParam) {
+      url.searchParams.delete('_fragment');
+      url.hash = fragmentParam;
+    } else if (fragment && fragment.length > 1) {
+      url.hash = fragment;
+    }
+
+    // POST the final URL back to the callback server
+    fetch(url.pathname, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ url: url.toString() })
+    }).then(function(res) {
+      if (res.ok) {
+        title.textContent = 'Authorization Complete';
+        message.textContent = 'You may close this tab and return to Yaak';
+      } else {
+        title.textContent = 'Authorization Failed';
+        message.textContent = 'Something went wrong. Please try again.';
+      }
+    }).catch(function() {
+      title.textContent = 'Authorization Failed';
+      message.textContent = 'Something went wrong. Please try again.';
+    });
+  })();
+  </script>
+</body>
+</html>`;
+}
--- a/plugins/auth-oauth2/src/grants/authorizationCode.ts
+++ b/plugins/auth-oauth2/src/grants/authorizationCode.ts
@@ -1,5 +1,6 @@
 import { createHash, randomBytes } from 'node:crypto';
 import type { Context } from '@yaakapp/api';
+import { getRedirectUrlViaExternalBrowser } from '../callbackServer';
 import { fetchAccessToken } from '../fetchAccessToken';
 import { getOrRefreshAccessToken } from '../getOrRefreshAccessToken';
 import type { AccessToken, TokenStoreArgs } from '../store';
@@ -10,6 +11,15 @@ export const PKCE_SHA256 = 'S256';
 export const PKCE_PLAIN = 'plain';
 export const DEFAULT_PKCE_METHOD = PKCE_SHA256;

+export type CallbackType = 'localhost' | 'hosted';
+
+export interface ExternalBrowserOptions {
+  useExternalBrowser: boolean;
+  callbackType: CallbackType;
+  /** Port for localhost callback (only used when callbackType is 'localhost') */
+  callbackPort?: number;
+}
+
 export async function getAuthorizationCode(
  ctx: Context,
  contextId: string,
@@ -25,6 +35,7 @@ export async function getAuthorizationCode(
    credentialsInBody,
    pkce,
    tokenName,
+    externalBrowser,
  }: {
    authorizationUrl: string;
    accessTokenUrl: string;
@@ -40,6 +51,7 @@ export async function getAuthorizationCode(
      codeVerifier: string;
    } | null;
    tokenName: 'access_token' | 'id_token';
+    externalBrowser?: ExternalBrowserOptions;
  },
 ): Promise<AccessToken> {
  const tokenArgs: TokenStoreArgs = {
@@ -68,7 +80,6 @@ export async function getAuthorizationCode(
  }
  authorizationUrl.searchParams.set('response_type', 'code');
  authorizationUrl.searchParams.set('client_id', clientId);
-  if (redirectUri) authorizationUrl.searchParams.set('redirect_uri', redirectUri);
  if (scope) authorizationUrl.searchParams.set('scope', scope);
  if (state) authorizationUrl.searchParams.set('state', state);
  if (audience) authorizationUrl.searchParams.set('audience', audience);
@@ -80,12 +91,65 @@ export async function getAuthorizationCode(
    authorizationUrl.searchParams.set('code_challenge_method', pkce.challengeMethod);
  }

+  let code: string;
+  let actualRedirectUri: string | null = redirectUri;
+
+  // Use external browser flow if enabled
+  if (externalBrowser?.useExternalBrowser) {
+    const result = await getRedirectUrlViaExternalBrowser(ctx, authorizationUrl, {
+      callbackType: externalBrowser.callbackType,
+      callbackPort: externalBrowser.callbackPort,
+    });
+    // Pass null to skip redirect URI matching — the callback came from our own local server
+    const extractedCode = extractCode(result.callbackUrl, null);
+    if (!extractedCode) {
+      throw new Error('No authorization code found in callback URL');
+    }
+    code = extractedCode;
+    actualRedirectUri = result.redirectUri;
+  } else {
+    // Use embedded browser flow (original behavior)
+    if (redirectUri) {
+      authorizationUrl.searchParams.set('redirect_uri', redirectUri);
+    }
+    code = await getCodeViaEmbeddedBrowser(ctx, contextId, authorizationUrl, redirectUri);
+  }
+
+  console.log('[oauth2] Code found');
+  const response = await fetchAccessToken(ctx, {
+    grantType: 'authorization_code',
+    accessTokenUrl,
+    clientId,
+    clientSecret,
+    scope,
+    audience,
+    credentialsInBody,
+    params: [
+      { name: 'code', value: code },
+      ...(pkce ? [{ name: 'code_verifier', value: pkce.codeVerifier }] : []),
+      ...(actualRedirectUri ? [{ name: 'redirect_uri', value: actualRedirectUri }] : []),
+    ],
+  });
+
+  return storeToken(ctx, tokenArgs, response, tokenName);
+}
+
+/**
+ * Get authorization code using the embedded browser window.
+ * This is the original flow that monitors navigation events.
+ */
+async function getCodeViaEmbeddedBrowser(
+  ctx: Context,
+  contextId: string,
+  authorizationUrl: URL,
+  redirectUri: string | null,
+): Promise<string> {
  const dataDirKey = await getDataDirKey(ctx, contextId);
  const authorizationUrlStr = authorizationUrl.toString();
-  console.log('[oauth2] Authorizing', authorizationUrlStr);
+  console.log('[oauth2] Authorizing via embedded browser', authorizationUrlStr);

-  // biome-ignore lint/suspicious/noAsyncPromiseExecutor: none
-  const code = await new Promise<string>(async (resolve, reject) => {
+  // biome-ignore lint/suspicious/noAsyncPromiseExecutor: Required for this pattern
+  return new Promise<string>(async (resolve, reject) => {
    let foundCode = false;
    const { close } = await ctx.window.openUrl({
      dataDirKey,
@@ -110,31 +174,12 @@ export async function getAuthorizationCode(
          return;
        }

-        // Close the window here, because we don't need it anymore!
        foundCode = true;
        close();
        resolve(code);
      },
    });
  });
-
-  console.log('[oauth2] Code found');
-  const response = await fetchAccessToken(ctx, {
-    grantType: 'authorization_code',
-    accessTokenUrl,
-    clientId,
-    clientSecret,
-    scope,
-    audience,
-    credentialsInBody,
-    params: [
-      { name: 'code', value: code },
-      ...(pkce ? [{ name: 'code_verifier', value: pkce.codeVerifier }] : []),
-      ...(redirectUri ? [{ name: 'redirect_uri', value: redirectUri }] : []),
-    ],
-  });
-
-  return storeToken(ctx, tokenArgs, response, tokenName);
 }

 export function genPkceCodeVerifier() {
--- a/plugins/auth-oauth2/src/grants/implicit.ts
+++ b/plugins/auth-oauth2/src/grants/implicit.ts
@@ -1,7 +1,9 @@
 import type { Context } from '@yaakapp/api';
+import { getRedirectUrlViaExternalBrowser } from '../callbackServer';
 import type { AccessToken, AccessTokenRawResponse } from '../store';
 import { getDataDirKey, getToken, storeToken } from '../store';
 import { isTokenExpired } from '../util';
+import type { ExternalBrowserOptions } from './authorizationCode';

 export async function getImplicit(
  ctx: Context,
@@ -15,6 +17,7 @@ export async function getImplicit(
    state,
    audience,
    tokenName,
+    externalBrowser,
  }: {
    authorizationUrl: string;
    responseType: string;
@@ -24,6 +27,7 @@ export async function getImplicit(
    state: string | null;
    audience: string | null;
    tokenName: 'access_token' | 'id_token';
+    externalBrowser?: ExternalBrowserOptions;
  },
 ): Promise<AccessToken> {
  const tokenArgs = {
@@ -43,9 +47,8 @@ export async function getImplicit(
  } catch {
    throw new Error(`Invalid authorization URL "${authorizationUrlRaw}"`);
  }
-  authorizationUrl.searchParams.set('response_type', 'token');
+  authorizationUrl.searchParams.set('response_type', responseType);
  authorizationUrl.searchParams.set('client_id', clientId);
-  if (redirectUri) authorizationUrl.searchParams.set('redirect_uri', redirectUri);
  if (scope) authorizationUrl.searchParams.set('scope', scope);
  if (state) authorizationUrl.searchParams.set('state', state);
  if (audience) authorizationUrl.searchParams.set('audience', audience);
@@ -56,11 +59,55 @@ export async function getImplicit(
    );
  }

-  // biome-ignore lint/suspicious/noAsyncPromiseExecutor: none
-  const newToken = await new Promise<AccessToken>(async (resolve, reject) => {
+  let newToken: AccessToken;
+
+  // Use external browser flow if enabled
+  if (externalBrowser?.useExternalBrowser) {
+    const result = await getRedirectUrlViaExternalBrowser(ctx, authorizationUrl, {
+      callbackType: externalBrowser.callbackType,
+      callbackPort: externalBrowser.callbackPort,
+    });
+    newToken = await extractImplicitToken(ctx, result.callbackUrl, tokenArgs, tokenName);
+  } else {
+    // Use embedded browser flow (original behavior)
+    if (redirectUri) {
+      authorizationUrl.searchParams.set('redirect_uri', redirectUri);
+    }
+    newToken = await getTokenViaEmbeddedBrowser(
+      ctx,
+      contextId,
+      authorizationUrl,
+      tokenArgs,
+      tokenName,
+    );
+  }
+
+  return newToken;
+}
+
+/**
+ * Get token using the embedded browser window.
+ * This is the original flow that monitors navigation events.
+ */
+async function getTokenViaEmbeddedBrowser(
+  ctx: Context,
+  contextId: string,
+  authorizationUrl: URL,
+  tokenArgs: {
+    contextId: string;
+    clientId: string;
+    accessTokenUrl: null;
+    authorizationUrl: string;
+  },
+  tokenName: 'access_token' | 'id_token',
+): Promise<AccessToken> {
+  const dataDirKey = await getDataDirKey(ctx, contextId);
+  const authorizationUrlStr = authorizationUrl.toString();
+  console.log('[oauth2] Authorizing via embedded browser (implicit)', authorizationUrlStr);
+
+  // biome-ignore lint/suspicious/noAsyncPromiseExecutor: Required for this pattern
+  return new Promise<AccessToken>(async (resolve, reject) => {
    let foundAccessToken = false;
-    const authorizationUrlStr = authorizationUrl.toString();
-    const dataDirKey = await getDataDirKey(ctx, contextId);
    const { close } = await ctx.window.openUrl({
      dataDirKey,
      url: authorizationUrlStr,
@@ -97,6 +144,56 @@ export async function getImplicit(
      },
    });
  });
-
-  return newToken;
+}
+
+/**
+ * Extract the implicit grant token from a callback URL and store it.
+ */
+async function extractImplicitToken(
+  ctx: Context,
+  callbackUrl: string,
+  tokenArgs: {
+    contextId: string;
+    clientId: string;
+    accessTokenUrl: null;
+    authorizationUrl: string;
+  },
+  tokenName: 'access_token' | 'id_token',
+): Promise<AccessToken> {
+  const url = new URL(callbackUrl);
+
+  // Check for errors
+  if (url.searchParams.has('error')) {
+    throw new Error(`Failed to authorize: ${url.searchParams.get('error')}`);
+  }
+
+  // Extract token from fragment
+  const hash = url.hash.slice(1);
+  const params = new URLSearchParams(hash);
+
+  // Also check query params (in case fragment was converted)
+  const accessToken = params.get(tokenName) ?? url.searchParams.get(tokenName);
+  if (!accessToken) {
+    throw new Error(`No ${tokenName} found in callback URL`);
+  }
+
+  // Build response from params (prefer fragment, fall back to query)
+  const response: AccessTokenRawResponse = {
+    access_token: params.get('access_token') ?? url.searchParams.get('access_token') ?? '',
+    token_type: params.get('token_type') ?? url.searchParams.get('token_type') ?? undefined,
+    expires_in: params.has('expires_in')
+      ? parseInt(params.get('expires_in') ?? '0', 10)
+      : url.searchParams.has('expires_in')
+        ? parseInt(url.searchParams.get('expires_in') ?? '0', 10)
+        : undefined,
+    scope: params.get('scope') ?? url.searchParams.get('scope') ?? undefined,
+  };
+
+  // Include id_token if present
+  const idToken = params.get('id_token') ?? url.searchParams.get('id_token');
+  if (idToken) {
+    response.id_token = idToken;
+  }
+
+  return storeToken(ctx, tokenArgs, response);
 }
--- a/plugins/auth-oauth2/src/index.ts
+++ b/plugins/auth-oauth2/src/index.ts
@@ -5,7 +5,9 @@ import type {
  JsonPrimitive,
  PluginDefinition,
 } from '@yaakapp/api';
+import { DEFAULT_LOCALHOST_PORT, HOSTED_CALLBACK_URL, stopActiveServer } from './callbackServer';
 import {
+  type CallbackType,
  DEFAULT_PKCE_METHOD,
  genPkceCodeVerifier,
  getAuthorizationCode,
@@ -76,6 +78,9 @@ const accessTokenUrls = [
 ];

 export const plugin: PluginDefinition = {
+  dispose() {
+    stopActiveServer();
+  },
  authentication: {
    name: 'oauth2',
    label: 'OAuth 2.0',
@@ -134,8 +139,6 @@ export const plugin: PluginDefinition = {
        defaultValue: defaultGrantType,
        options: grantTypes,
      },
-
-      // Always-present fields
      {
        type: 'text',
        name: 'clientId',
@@ -169,11 +172,105 @@ export const plugin: PluginDefinition = {
        completionOptions: accessTokenUrls.map((url) => ({ label: url, value: url })),
      },
      {
-        type: 'text',
-        name: 'redirectUri',
-        label: 'Redirect URI',
-        optional: true,
-        dynamic: hiddenIfNot(['authorization_code', 'implicit']),
+        type: 'banner',
+        inputs: [
+          {
+            type: 'checkbox',
+            name: 'useExternalBrowser',
+            label: 'Use External Browser',
+            description:
+              'Open authorization URL in your system browser instead of the embedded browser. ' +
+              'Useful when the OAuth provider blocks embedded browsers or you need existing browser sessions.',
+            dynamic: hiddenIfNot(['authorization_code', 'implicit']),
+          },
+          {
+            type: 'text',
+            name: 'redirectUri',
+            label: 'Redirect URI',
+            description:
+              'URI the OAuth provider redirects to after authorization. Yaak intercepts this automatically in its embedded browser so any valid URI will work.',
+            optional: true,
+            dynamic: hiddenIfNot(
+              ['authorization_code', 'implicit'],
+              ({ useExternalBrowser }) => !useExternalBrowser,
+            ),
+          },
+          {
+            type: 'h_stack',
+            inputs: [
+              {
+                type: 'select',
+                name: 'callbackType',
+                label: 'Callback Type',
+                description:
+                  '"Hosted Redirect" uses an external Yaak-hosted endpoint. "Localhost" starts a local server to receive the callback.',
+                defaultValue: 'hosted',
+                options: [
+                  { label: 'Hosted Redirect', value: 'hosted' },
+                  { label: 'Localhost', value: 'localhost' },
+                ],
+                dynamic: hiddenIfNot(
+                  ['authorization_code', 'implicit'],
+                  ({ useExternalBrowser }) => !!useExternalBrowser,
+                ),
+              },
+              {
+                type: 'text',
+                name: 'callbackPort',
+                label: 'Callback Port',
+                placeholder: `${DEFAULT_LOCALHOST_PORT}`,
+                description:
+                  'Port for the local callback server. Defaults to ' +
+                  DEFAULT_LOCALHOST_PORT +
+                  ' if empty.',
+                optional: true,
+                dynamic: hiddenIfNot(
+                  ['authorization_code', 'implicit'],
+                  ({ useExternalBrowser, callbackType }) =>
+                    !!useExternalBrowser && callbackType === 'localhost',
+                ),
+              },
+            ],
+          },
+          {
+            type: 'banner',
+            color: 'info',
+            inputs: [
+              {
+                type: 'markdown',
+                content: 'Redirect URI to Register',
+                async dynamic(_ctx, { values }) {
+                  const grantType = String(values.grantType ?? defaultGrantType);
+                  const useExternalBrowser = !!values.useExternalBrowser;
+                  const callbackType = (stringArg(values, 'callbackType') ||
+                    'localhost') as CallbackType;
+
+                  // Only show for authorization_code and implicit with external browser enabled
+                  if (
+                    !['authorization_code', 'implicit'].includes(grantType) ||
+                    !useExternalBrowser
+                  ) {
+                    return { hidden: true };
+                  }
+
+                  // Compute the redirect URI based on callback type
+                  let redirectUri: string;
+                  if (callbackType === 'hosted') {
+                    redirectUri = HOSTED_CALLBACK_URL;
+                  } else {
+                    const port = intArg(values, 'callbackPort') || DEFAULT_LOCALHOST_PORT;
+                    redirectUri = `http://127.0.0.1:${port}/callback`;
+                  }
+
+                  return {
+                    hidden: false,
+                    content: `Register \`${redirectUri}\` as a redirect URI with your OAuth provider.`,
+                  };
+                },
+              },
+            ],
+          },
+        ],
      },
      {
        type: 'text',
@@ -182,12 +279,8 @@ export const plugin: PluginDefinition = {
        optional: true,
        dynamic: hiddenIfNot(['authorization_code', 'implicit']),
      },
-      {
-        type: 'text',
-        name: 'audience',
-        label: 'Audience',
-        optional: true,
-      },
+      { type: 'text', name: 'scope', label: 'Scope', optional: true },
+      { type: 'text', name: 'audience', label: 'Audience', optional: true },
      {
        type: 'select',
        name: 'tokenName',
@@ -203,44 +296,54 @@ export const plugin: PluginDefinition = {
        dynamic: hiddenIfNot(['authorization_code', 'implicit']),
      },
      {
-        type: 'checkbox',
-        name: 'usePkce',
-        label: 'Use PKCE',
-        dynamic: hiddenIfNot(['authorization_code']),
-      },
-      {
-        type: 'select',
-        name: 'pkceChallengeMethod',
-        label: 'Code Challenge Method',
-        options: [
-          { label: 'SHA-256', value: PKCE_SHA256 },
-          { label: 'Plain', value: PKCE_PLAIN },
+        type: 'banner',
+        inputs: [
+          {
+            type: 'checkbox',
+            name: 'usePkce',
+            label: 'Use PKCE',
+            dynamic: hiddenIfNot(['authorization_code']),
+          },
+          {
+            type: 'select',
+            name: 'pkceChallengeMethod',
+            label: 'Code Challenge Method',
+            options: [
+              { label: 'SHA-256', value: PKCE_SHA256 },
+              { label: 'Plain', value: PKCE_PLAIN },
+            ],
+            defaultValue: DEFAULT_PKCE_METHOD,
+            dynamic: hiddenIfNot(['authorization_code'], ({ usePkce }) => !!usePkce),
+          },
+          {
+            type: 'text',
+            name: 'pkceCodeChallenge',
+            label: 'Code Verifier',
+            placeholder: 'Automatically generated when not set',
+            optional: true,
+            dynamic: hiddenIfNot(['authorization_code'], ({ usePkce }) => !!usePkce),
+          },
        ],
-        defaultValue: DEFAULT_PKCE_METHOD,
-        dynamic: hiddenIfNot(['authorization_code'], ({ usePkce }) => !!usePkce),
      },
      {
-        type: 'text',
-        name: 'pkceCodeChallenge',
-        label: 'Code Verifier',
-        placeholder: 'Automatically generated when not set',
-        optional: true,
-        dynamic: hiddenIfNot(['authorization_code'], ({ usePkce }) => !!usePkce),
-      },
-      {
-        type: 'text',
-        name: 'username',
-        label: 'Username',
-        optional: true,
-        dynamic: hiddenIfNot(['password']),
-      },
-      {
-        type: 'text',
-        name: 'password',
-        label: 'Password',
-        password: true,
-        optional: true,
-        dynamic: hiddenIfNot(['password']),
+        type: 'h_stack',
+        inputs: [
+          {
+            type: 'text',
+            name: 'username',
+            label: 'Username',
+            optional: true,
+            dynamic: hiddenIfNot(['password']),
+          },
+          {
+            type: 'text',
+            name: 'password',
+            label: 'Password',
+            password: true,
+            optional: true,
+            dynamic: hiddenIfNot(['password']),
+          },
+        ],
      },
      {
        type: 'select',
@@ -258,7 +361,6 @@ export const plugin: PluginDefinition = {
        type: 'accordion',
        label: 'Advanced',
        inputs: [
-          { type: 'text', name: 'scope', label: 'Scope', optional: true },
          {
            type: 'text',
            name: 'headerName',
@@ -321,6 +423,16 @@ export const plugin: PluginDefinition = {
      const credentialsInBody = values.credentials === 'body';
      const tokenName = values.tokenName === 'id_token' ? 'id_token' : 'access_token';

+      // Build external browser options if enabled
+      const useExternalBrowser = !!values.useExternalBrowser;
+      const externalBrowserOptions = useExternalBrowser
+        ? {
+            useExternalBrowser: true,
+            callbackType: (stringArg(values, 'callbackType') || 'localhost') as CallbackType,
+            callbackPort: intArg(values, 'callbackPort') ?? undefined,
+          }
+        : undefined;
+
      let token: AccessToken;
      if (grantType === 'authorization_code') {
        const authorizationUrl = stringArg(values, 'authorizationUrl');
@@ -348,6 +460,7 @@ export const plugin: PluginDefinition = {
              }
            : null,
          tokenName: tokenName,
+          externalBrowser: externalBrowserOptions,
        });
      } else if (grantType === 'implicit') {
        const authorizationUrl = stringArg(values, 'authorizationUrl');
@@ -362,6 +475,7 @@ export const plugin: PluginDefinition = {
          audience: stringArgOrNull(values, 'audience'),
          state: stringArgOrNull(values, 'state'),
          tokenName: tokenName,
+          externalBrowser: externalBrowserOptions,
        });
      } else if (grantType === 'client_credentials') {
        const accessTokenUrl = stringArg(values, 'accessTokenUrl');
@@ -414,3 +528,10 @@ function stringArg(values: Record<string, JsonPrimitive | undefined>, name: stri
  if (!arg) return '';
  return arg;
 }
+
+function intArg(values: Record<string, JsonPrimitive | undefined>, name: string): number | null {
+  const arg = values[name];
+  if (arg == null || arg === '') return null;
+  const num = parseInt(`${arg}`, 10);
+  return Number.isNaN(num) ? null : num;
+}
--- a/plugins/template-function-response/src/index.ts
+++ b/plugins/template-function-response/src/index.ts
@@ -55,6 +55,7 @@ const requestArg: FormInput = {
  type: 'http_request',
  name: 'request',
  label: 'Request',
+  defaultValue: '', // Make it not select the active one by default
 };

 export const plugin: PluginDefinition = {
--- a/plugins/themes-yaak/src/themes/synthwave-84.ts
+++ b/plugins/themes-yaak/src/themes/synthwave-84.ts
@@ -19,9 +19,6 @@ export const synthwave84: Theme = {
    danger: 'hsl(340, 100%, 65%)',
  },
  components: {
-    dialog: {
-      surface: 'hsl(253, 45%, 12%)',
-    },
    sidebar: {
      surface: 'hsl(253, 42%, 18%)',
      border: 'hsl(253, 40%, 22%)',
--- a/src-web/commands/openFolderSettings.tsx
+++ b/src-web/commands/openFolderSettings.tsx
@@ -1,21 +1,14 @@
 import { getModel } from '@yaakapp-internal/models';
-import { Icon } from '../components/core/Icon';
-import { HStack } from '../components/core/Stacks';
 import type { FolderSettingsTab } from '../components/FolderSettingsDialog';
 import { FolderSettingsDialog } from '../components/FolderSettingsDialog';
 import { showDialog } from '../lib/dialog';
-import { resolvedModelName } from '../lib/resolvedModelName';

 export function openFolderSettings(folderId: string, tab?: FolderSettingsTab) {
  const folder = getModel('folder', folderId);
+  if (folder == null) return;
  showDialog({
    id: 'folder-settings',
-    title: (
-      <HStack space={2} alignItems="center">
-        <Icon icon="folder_cog" size="xl" color="secondary" />
-        {resolvedModelName(folder)}
-      </HStack>
-    ),
+    title: null,
    size: 'lg',
    className: 'h-[50rem]',
    noPadding: true,
--- a/src-web/components/CloneGitRepositoryDialog.tsx
+++ b/src-web/components/CloneGitRepositoryDialog.tsx
@@ -0,0 +1,161 @@
+import { open } from '@tauri-apps/plugin-dialog';
+import { gitClone } from '@yaakapp-internal/git';
+import { useState } from 'react';
+import { openWorkspaceFromSyncDir } from '../commands/openWorkspaceFromSyncDir';
+import { appInfo } from '../lib/appInfo';
+import { showErrorToast } from '../lib/toast';
+import { Banner } from './core/Banner';
+import { Button } from './core/Button';
+import { Checkbox } from './core/Checkbox';
+import { IconButton } from './core/IconButton';
+import { PlainInput } from './core/PlainInput';
+import { VStack } from './core/Stacks';
+import { promptCredentials } from './git/credentials';
+
+interface Props {
+  hide: () => void;
+}
+
+// Detect path separator from an existing path (defaults to /)
+function getPathSeparator(path: string): string {
+  return path.includes('\\') ? '\\' : '/';
+}
+
+export function CloneGitRepositoryDialog({ hide }: Props) {
+  const [url, setUrl] = useState<string>('');
+  const [baseDirectory, setBaseDirectory] = useState<string>(appInfo.defaultProjectDir);
+  const [directoryOverride, setDirectoryOverride] = useState<string | null>(null);
+  const [hasSubdirectory, setHasSubdirectory] = useState(false);
+  const [subdirectory, setSubdirectory] = useState<string>('');
+  const [isCloning, setIsCloning] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+
+  const repoName = extractRepoName(url);
+  const sep = getPathSeparator(baseDirectory);
+  const computedDirectory = repoName ? `${baseDirectory}${sep}${repoName}` : baseDirectory;
+  const directory = directoryOverride ?? computedDirectory;
+  const workspaceDirectory =
+    hasSubdirectory && subdirectory ? `${directory}${sep}${subdirectory}` : directory;
+
+  const handleSelectDirectory = async () => {
+    const dir = await open({
+      title: 'Select Directory',
+      directory: true,
+      multiple: false,
+    });
+    if (dir != null) {
+      setBaseDirectory(dir);
+      setDirectoryOverride(null);
+    }
+  };
+
+  const handleClone = async (e: React.FormEvent) => {
+    e.preventDefault();
+    if (!url || !directory) return;
+
+    setIsCloning(true);
+    setError(null);
+
+    try {
+      const result = await gitClone(url, directory, promptCredentials);
+
+      if (result.type === 'needs_credentials') {
+        setError(
+          result.error ?? 'Authentication failed. Please check your credentials and try again.',
+        );
+        return;
+      }
+
+      // Open the workspace from the cloned directory (or subdirectory)
+      await openWorkspaceFromSyncDir.mutateAsync(workspaceDirectory);
+
+      hide();
+    } catch (err) {
+      setError(String(err));
+      showErrorToast({
+        id: 'git-clone-error',
+        title: 'Clone Failed',
+        message: String(err),
+      });
+    } finally {
+      setIsCloning(false);
+    }
+  };
+
+  return (
+    <VStack as="form" space={3} alignItems="start" className="pb-3" onSubmit={handleClone}>
+      {error && (
+        <Banner color="danger" className="w-full">
+          {error}
+        </Banner>
+      )}
+
+      <PlainInput
+        required
+        label="Repository URL"
+        placeholder="https://github.com/user/repo.git"
+        defaultValue={url}
+        onChange={setUrl}
+      />
+
+      <PlainInput
+        label="Directory"
+        placeholder={appInfo.defaultProjectDir}
+        defaultValue={directory}
+        onChange={setDirectoryOverride}
+        rightSlot={
+          <IconButton
+            size="xs"
+            className="mr-0.5 !h-auto my-0.5"
+            icon="folder"
+            title="Browse"
+            onClick={handleSelectDirectory}
+          />
+        }
+      />
+
+      <Checkbox
+        checked={hasSubdirectory}
+        onChange={setHasSubdirectory}
+        title="Workspace is in a subdirectory"
+        help="Enable if the Yaak workspace files are not at the root of the repository"
+      />
+
+      {hasSubdirectory && (
+        <PlainInput
+          label="Subdirectory"
+          placeholder="path/to/workspace"
+          defaultValue={subdirectory}
+          onChange={setSubdirectory}
+        />
+      )}
+
+      <Button
+        type="submit"
+        color="primary"
+        className="w-full mt-3"
+        disabled={!url || !directory || isCloning}
+        isLoading={isCloning}
+      >
+        {isCloning ? 'Cloning...' : 'Clone Repository'}
+      </Button>
+    </VStack>
+  );
+}
+
+function extractRepoName(url: string): string {
+  // Handle various Git URL formats:
+  // https://github.com/user/repo.git
+  // git@github.com:user/repo.git
+  // https://github.com/user/repo
+  const match = url.match(/\/([^/]+?)(\.git)?$/);
+  if (match?.[1]) {
+    return match[1];
+  }
+  // Fallback for SSH-style URLs
+  const sshMatch = url.match(/:([^/]+?)(\.git)?$/);
+  if (sshMatch?.[1]) {
+    return sshMatch[1];
+  }
+  return '';
+}
--- a/src-web/components/DnsOverridesEditor.tsx
+++ b/src-web/components/DnsOverridesEditor.tsx
@@ -0,0 +1,181 @@
+import type { DnsOverride, Workspace } from '@yaakapp-internal/models';
+import { patchModel } from '@yaakapp-internal/models';
+import { useCallback, useId, useMemo } from 'react';
+import { Button } from './core/Button';
+import { Checkbox } from './core/Checkbox';
+import { IconButton } from './core/IconButton';
+import { PlainInput } from './core/PlainInput';
+import { HStack, VStack } from './core/Stacks';
+import { Table, TableBody, TableCell, TableHead, TableHeaderCell, TableRow } from './core/Table';
+
+interface Props {
+  workspace: Workspace;
+}
+
+interface DnsOverrideWithId extends DnsOverride {
+  _id: string;
+}
+
+export function DnsOverridesEditor({ workspace }: Props) {
+  const reactId = useId();
+
+  // Ensure each override has an internal ID for React keys
+  const overridesWithIds = useMemo<DnsOverrideWithId[]>(() => {
+    return workspace.settingDnsOverrides.map((override, index) => ({
+      ...override,
+      _id: `${reactId}-${index}`,
+    }));
+  }, [workspace.settingDnsOverrides, reactId]);
+
+  const handleChange = useCallback(
+    (overrides: DnsOverride[]) => {
+      patchModel(workspace, { settingDnsOverrides: overrides });
+    },
+    [workspace],
+  );
+
+  const handleAdd = useCallback(() => {
+    const newOverride: DnsOverride = {
+      hostname: '',
+      ipv4: [''],
+      ipv6: [],
+      enabled: true,
+    };
+    handleChange([...workspace.settingDnsOverrides, newOverride]);
+  }, [workspace.settingDnsOverrides, handleChange]);
+
+  const handleUpdate = useCallback(
+    (index: number, update: Partial<DnsOverride>) => {
+      const updated = workspace.settingDnsOverrides.map((o, i) =>
+        i === index ? { ...o, ...update } : o,
+      );
+      handleChange(updated);
+    },
+    [workspace.settingDnsOverrides, handleChange],
+  );
+
+  const handleDelete = useCallback(
+    (index: number) => {
+      const updated = workspace.settingDnsOverrides.filter((_, i) => i !== index);
+      handleChange(updated);
+    },
+    [workspace.settingDnsOverrides, handleChange],
+  );
+
+  return (
+    <VStack space={3} className="pb-3">
+      <div className="text-text-subtle text-sm">
+        Override DNS resolution for specific hostnames. This works like{' '}
+        <code className="text-text-subtlest bg-surface-highlight px-1 rounded">/etc/hosts</code>{' '}
+        but only for requests made from this workspace.
+      </div>
+
+      {overridesWithIds.length > 0 && (
+        <Table>
+          <TableHead>
+            <TableRow>
+              <TableHeaderCell className="w-8" />
+              <TableHeaderCell>Hostname</TableHeaderCell>
+              <TableHeaderCell>IPv4 Address</TableHeaderCell>
+              <TableHeaderCell>IPv6 Address</TableHeaderCell>
+              <TableHeaderCell className="w-10" />
+            </TableRow>
+          </TableHead>
+          <TableBody>
+            {overridesWithIds.map((override, index) => (
+              <DnsOverrideRow
+                key={override._id}
+                override={override}
+                onUpdate={(update) => handleUpdate(index, update)}
+                onDelete={() => handleDelete(index)}
+              />
+            ))}
+          </TableBody>
+        </Table>
+      )}
+
+      <HStack>
+        <Button size="xs" color="secondary" variant="border" onClick={handleAdd}>
+          Add DNS Override
+        </Button>
+      </HStack>
+    </VStack>
+  );
+}
+
+interface DnsOverrideRowProps {
+  override: DnsOverride;
+  onUpdate: (update: Partial<DnsOverride>) => void;
+  onDelete: () => void;
+}
+
+function DnsOverrideRow({ override, onUpdate, onDelete }: DnsOverrideRowProps) {
+  const ipv4Value = override.ipv4.join(', ');
+  const ipv6Value = override.ipv6.join(', ');
+
+  return (
+    <TableRow>
+      <TableCell>
+        <Checkbox
+          hideLabel
+          title={override.enabled ? 'Disable override' : 'Enable override'}
+          checked={override.enabled ?? true}
+          onChange={(enabled) => onUpdate({ enabled })}
+        />
+      </TableCell>
+      <TableCell>
+        <PlainInput
+          size="sm"
+          hideLabel
+          label="Hostname"
+          placeholder="api.example.com"
+          defaultValue={override.hostname}
+          onChange={(hostname) => onUpdate({ hostname })}
+        />
+      </TableCell>
+      <TableCell>
+        <PlainInput
+          size="sm"
+          hideLabel
+          label="IPv4 addresses"
+          placeholder="127.0.0.1"
+          defaultValue={ipv4Value}
+          onChange={(value) =>
+            onUpdate({
+              ipv4: value
+                .split(',')
+                .map((s) => s.trim())
+                .filter(Boolean),
+            })
+          }
+        />
+      </TableCell>
+      <TableCell>
+        <PlainInput
+          size="sm"
+          hideLabel
+          label="IPv6 addresses"
+          placeholder="::1"
+          defaultValue={ipv6Value}
+          onChange={(value) =>
+            onUpdate({
+              ipv6: value
+                .split(',')
+                .map((s) => s.trim())
+                .filter(Boolean),
+            })
+          }
+        />
+      </TableCell>
+      <TableCell>
+        <IconButton
+          size="xs"
+          iconSize="sm"
+          icon="trash"
+          title="Delete override"
+          onClick={onDelete}
+        />
+      </TableCell>
+    </TableRow>
+  );
+}
--- a/src-web/components/DynamicForm.tsx
+++ b/src-web/components/DynamicForm.tsx
@@ -83,7 +83,7 @@ export function DynamicForm<T extends Record<string, JsonPrimitive>>({
 function FormInputsStack<T extends Record<string, JsonPrimitive>>({
  className,
  ...props
-}: FormInputsProps<T> & { className?: string}) {
+}: FormInputsProps<T> & { className?: string }) {
  return (
    <VStack
      space={3}
@@ -198,6 +198,9 @@ function FormInputs<T extends Record<string, JsonPrimitive>>({
              />
            );
          case 'accordion':
+            if (!hasVisibleInputs(input.inputs)) {
+              return null;
+            }
            return (
              <div key={i + stateKey}>
                <DetailsBanner
@@ -219,6 +222,9 @@ function FormInputs<T extends Record<string, JsonPrimitive>>({
              </div>
            );
          case 'h_stack':
+            if (!hasVisibleInputs(input.inputs)) {
+              return null;
+            }
            return (
              <div className="flex flex-wrap sm:flex-nowrap gap-3 items-end" key={i + stateKey}>
                <FormInputs
@@ -233,6 +239,9 @@ function FormInputs<T extends Record<string, JsonPrimitive>>({
              </div>
            );
          case 'banner':
+            if (!hasVisibleInputs(input.inputs)) {
+              return null;
+            }
            return (
              <Banner
                key={i + stateKey}
@@ -308,7 +317,7 @@ function TextArg({
    autocompleteFunctions,
    autocompleteVariables,
  };
-  if (autocompleteVariables || autocompleteFunctions) {
+  if (autocompleteVariables || autocompleteFunctions || arg.completionOptions) {
    return <Input {...props} />;
  }
  return <PlainInput {...props} />;
@@ -351,8 +360,9 @@ function EditorArg({
        className={classNames(
          'border border-border rounded-md overflow-hidden px-2 py-1',
          'focus-within:border-border-focus',
-          'max-h-[10rem]', // So it doesn't take up too much space
+          !arg.rows && 'max-h-[10rem]', // So it doesn't take up too much space
        )}
+        style={arg.rows ? { height: `${arg.rows * 1.4 + 0.75}rem` } : undefined}
      >
        <Editor
          id={id}
@@ -603,3 +613,8 @@ function KeyValueArg({
    </div>
  );
 }
+
+function hasVisibleInputs(inputs: FormInput[] | undefined): boolean {
+  if (!inputs) return false;
+  return inputs.some((i) => !i.hidden);
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Gregory Schier	c415e7f471	Add MCP client plan Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-08 17:15:25 -08:00
Gregory Schier	8023603ebe	Add CLI command architecture plan	2026-02-08 08:02:34 -08:00
Gregory Schier	66942eaf2c	Update httpsnippet plugin README and bump to v1.0.3	2026-02-07 15:20:20 -08:00
Zhizhen He	38796b1833	feat: add delete folder and copy id actions to folder settings (#380 )	2026-02-07 08:48:38 -08:00
dependabot[bot]	49ffa6fc45	Bump bytes from 1.10.1 to 1.11.1 (#379 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-07 08:48:03 -08:00
Brijmohan Siyag	1f56ba2eb6	Fix text input autocomplete not working with completionOptions (#368 )	2026-02-07 08:47:50 -08:00
Gregory Schier	f98a70ecb4	Add dynamic() support to prompt.form() plugin API (#386 )	2026-02-07 08:09:40 -08:00
dependabot[bot]	2984eb40c9	Bump time from 0.3.41 to 0.3.47 (#385 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-05 16:50:40 -08:00
Gregory Schier	cc5d4742f0	Don't select current request by default for response chaining	2026-02-05 13:08:08 -08:00
Gregory Schier	5b8e4b98a0	Use "send" preview mode for copy-as-curl	2026-02-05 08:31:28 -08:00
Gregory Schier	8637c90a21	Fix CSV responses ignoring raw view mode	2026-02-05 07:57:12 -08:00
dependabot[bot]	b88c5e71a0	Bump @modelcontextprotocol/sdk from 1.25.2 to 1.26.0 (#383 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-04 16:54:01 -08:00
dependabot[bot]	1899d512ab	Bump git2 from 0.20.2 to 0.20.4 (#384 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-04 16:53:50 -08:00
Gregory Schier	7c31718f5e	Git Improvements (#382 )	2026-02-04 11:46:04 -08:00
Gregory Schier	8f1463e5d0	More cleanup	2026-02-04 06:45:55 -08:00
Gregory Schier	0dc8807808	Cleanup more unused functions	2026-02-04 06:44:13 -08:00
Gregory Schier	f24a159b8a	Clean up unused functions	2026-02-04 06:28:45 -08:00
Zhizhen He	0b91d3aaff	feat: add breadcrumbs to folder setting (#296 )	2026-02-03 07:40:24 -08:00
Gregory Schier	431dc1c896	Adjust dev menu	2026-02-02 17:58:58 -08:00
Gregory Schier	bc8277b56b	Fix header behavior on cross-origin redirects (#378 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-02 17:58:27 -08:00
gschier	0afed185d9	Deploying to main from @ mountain-loop/yaak@55cee00601 🚀	2026-02-02 15:46:27 +00:00
Gregory Schier	55cee00601	More reliable plugin runtime kill	2026-02-02 07:45:19 -08:00
Gregory Schier	b41a8e04cb	Graceful oauth server shutdown	2026-02-02 07:31:55 -08:00
Gregory Schier	eff4519d91	Have cancellation work before the request is sent	2026-02-02 07:09:48 -08:00
Rahul Mishra	c4ce458f79	fix: pass down onClose properly (#376 )	2026-01-31 07:34:40 -08:00
Gregory Schier	f02ae35634	Fix auth plugin dynamic form inputs broken after first request The call_http_authentication_request handler was mutating auth.args with the result of applyDynamicFormInput(), which strips the dynamic callback functions. This permanently corrupted the plugin module's args, making all dynamic form controls (checkboxes, selects, etc.) unresponsive for that auth type after sending the first request.	2026-01-30 12:47:02 -08:00
Gregory Schier	c2f068970b	Add external browser support for OAuth2 authorization (#375 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-30 10:29:49 -08:00
Gregory Schier	eec2d6bc38	Fix multipart tab value	2026-01-29 09:01:44 -08:00
Gregory Schier	efa22e470e	Add diff viewer to git commit dialog (#374 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 08:50:56 -08:00
Gregory Schier	c00d2e981f	Fix basic auth failing when password field is empty or unset Handle undefined username/password values by defaulting to empty string, preventing "undefined" from being encoded in the Authorization header. Fixes https://feedback.yaak.app/p/strange-basic-auth-behaviour-in-202612 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-28 15:07:03 -08:00
Gregory Schier	9c45254952	Fix template tag theme colors	2026-01-28 13:08:22 -08:00
Gregory Schier	d031ff231a	Bump plugin runtime types	2026-01-28 08:43:19 -08:00
Gregory Schier	f056894ddb	Show full URL parts in Timeline debug view (#373 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-28 08:41:17 -08:00
dependabot[bot]	1b0315165f	Bump hono from 4.11.4 to 4.11.7 (#372 )	2026-01-28 08:37:10 -08:00
Gregory Schier	bd7e840a57	Fix x64 macOS build bundling wrong architecture binaries Set YAAK_TARGET_ARCH before npm run bootstrap so vendor scripts download the correct x64 binaries instead of arm64 ones. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-26 20:00:59 -08:00
Gregory Schier	8969748c3c	Add option to disable encryption when key is forgotten (#371 )	2026-01-26 15:40:02 -08:00
Gregory Schier	4e15ac10a6	Add folder CRUD operations to MCP server (#369 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-26 15:08:24 -08:00
Gregory Schier	47a3d44888	Git branch flow improvements (#370 )	2026-01-26 14:45:51 -08:00
Gregory Schier	eb10910d20	Update HttpMethodTag.tsx	2026-01-22 06:03:04 -08:00
Gregory Schier	6ba83d424d	Fix request method dropdown for GraphQL not showing HTTP method	2026-01-22 06:02:49 -08:00
Gregory Schier	beb47a6b6a	Refactor default headers to be injected dynamically (#367 )	2026-01-19 07:29:00 -08:00
Gregory Schier	1893b8f8dd	Enable source maps for production builds (#366 ) Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-19 05:12:26 -08:00
Gregory Schier	7a5bca7aae	Add text version of the response Timeline tab	2026-01-15 08:14:21 -08:00
Gregory Schier	9a75bc2ae7	Update release notes command	2026-01-15 07:22:46 -08:00
dependabot[bot]	65514e3882	Bump hono from 4.11.3 to 4.11.4 (#364 )	2026-01-15 07:18:27 -08:00
Gregory Schier	9ddaafb79f	Fix tab focusability	2026-01-15 07:17:25 -08:00
Gregory Schier	de47ee19ec	Fix authentication actions being called with unrendered args	2026-01-15 07:10:33 -08:00
Gregory Schier	ea730d0184	Fix clicking URL placeholder params not focusing value input The PairEditor ref callback used strict equality to determine when all rows were ready, but placeholder params (like :id) regenerate fresh IDs on every keystroke, causing rowsRef to accumulate entries. Using >= allows the ref to be set even when there are more registered rows than current pairs. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-14 11:28:09 -08:00
Gregory Schier	fe706998d4	Fix cursor style on template tags	2026-01-14 10:36:42 -08:00
Gregory Schier	99209e088f	Consolidate tab persistence logic into Tabs component - Move active tab persistence into Tabs component with storageKey + activeTabKey props - Change value prop to defaultValue so callers don't manage tab state - Add TabsRef with setActiveTab method for programmatic tab switching - Restore request_pane.focus_tab listener for :param placeholder clicks - Update all Tab consumers to use new pattern Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-14 10:32:10 -08:00
Gregory Schier	3eb29ff2fe	Fix gRPC schema refresh not invalidating cache The skip_cache flag in services() called reflect(), but reflect() had its own cache check that returned early. Simplified by removing skip_cache and always invalidating the pool in cmd_grpc_reflect, since that command is only called when fresh schema is needed. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-14 08:20:03 -08:00
Gregory Schier	b759003c83	Fix events from old connections showing in new connections Events from previous WebSocket/gRPC connections and HTTP responses were persisting in the store and displaying in new connections. Added filter parameter to mergeModelsInStore that clears old events when switching connections, plus render-time filtering as a safety net. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-14 07:58:32 -08:00
Gregory Schier	6cba38ac89	Strip empty headers before sending	2026-01-14 06:59:05 -08:00
Gregory Schier	ba8f85baaf	Update feedback links	2026-01-14 06:45:45 -08:00
Gregory Schier	9970d5fa6f	Fix lint issues	2026-01-13 09:32:52 -08:00
Gregory Schier	d550b42ca3	Add count badge to DNS tab and make workspace settings tabs reorderable	2026-01-13 09:24:56 -08:00
Gregory Schier	2e1f0cb53f	Adjust tab list margins	2026-01-13 09:24:53 -08:00
Gregory Schier	eead422ada	Fix HeadersEditor padding when no inherited headers	2026-01-13 09:24:48 -08:00
Gregory Schier	b5753da3b7	Fix dropdown opening on first click of inactive tab	2026-01-13 09:24:44 -08:00
Gregory Schier	ae2f2459e9	Improve EventViewer UX - Separate selected item from panel open state (closing panel keeps selection) - Scroll selected item into view when detail panel opens - Enter/Space opens detail panel, Escape closes it - Remove browser focus outline on scroll container - Add prefix prop to EventDetailHeader for labels - Make timestamp optional in EventViewerRow - Add close button to EventDetailHeader - Fix title truncation with min-w-0 - Consolidate HttpResponseTimeline title generation - Add ID/event labels to SSE detail header - Remove fake timestamp from SSE events Closes https://feedback.yaak.app/p/feedback-on-sse-viewer-ux-in-yaak	2026-01-13 09:05:50 -08:00
Gregory Schier	306e6f358a	feat: Add DNS timings and resolution overrides (#360 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-13 08:42:22 -08:00
Gregory Schier	822d52a57e	Better logging for plugin timeouts	2026-01-13 07:26:32 -08:00
Gregory Schier	e665ce04df	Fix plugins commands	2026-01-12 12:58:39 -08:00
Alex Coté	e4828e1b17	Fix README icon (#361 )	2026-01-12 08:08:54 -08:00