Use consistent release title format in generate-release-notes command

Fix HTTP/2 requests failing with duplicate Content-Length (#391 )
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-12 13:47:44 +01:00 · 2026-02-11 17:38:13 -08:00 · 2026-02-11 17:11:35 -08:00 · 2026-02-11 14:59:17 -08:00 · 2026-02-11 10:22:20 -08:00 · 2026-02-11 08:14:16 -08:00
186 changed files with 6978 additions and 1989 deletions
--- a/.claude/commands/release/generate-release-notes.md
+++ b/.claude/commands/release/generate-release-notes.md
@@ -37,3 +37,13 @@ The skill generates markdown-formatted release notes following this structure:

 **IMPORTANT**: Always add a blank lines around the markdown code fence and output the markdown code block last
 **IMPORTANT**: PRs by `@gschier` should not mention the @username
+
+## After Generating Release Notes
+
+After outputting the release notes, ask the user if they would like to create a draft GitHub release with these notes. If they confirm, create the release using:
+
+```bash
+gh release create <tag> --draft --prerelease --title "Release <version>" --notes '<release notes>'
+```
+
+**IMPORTANT**: The release title format is "Release XXXX" where XXXX is the version WITHOUT the `v` prefix. For example, tag `v2026.2.1-beta.1` gets title "Release 2026.2.1-beta.1".
--- a/.github/workflows/flathub.yml
+++ b/.github/workflows/flathub.yml
@@ -0,0 +1,52 @@
+name: Update Flathub
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+
+jobs:
+  update-flathub:
+    name: Update Flathub manifest
+    runs-on: ubuntu-latest
+    # Only run for stable releases (skip betas/pre-releases)
+    if: ${{ !github.event.release.prerelease }}
+    steps:
+      - name: Checkout app repo
+        uses: actions/checkout@v4
+
+      - name: Checkout Flathub repo
+        uses: actions/checkout@v4
+        with:
+          repository: flathub/app.yaak.Yaak
+          token: ${{ secrets.FLATHUB_TOKEN }}
+          path: flathub-repo
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+
+      - name: Install source generators
+        run: |
+          pip install flatpak-node-generator tomlkit aiohttp
+          git clone --depth 1 https://github.com/flatpak/flatpak-builder-tools flatpak/flatpak-builder-tools
+
+      - name: Run update-manifest.sh
+        run: bash flatpak/update-manifest.sh "${{ github.event.release.tag_name }}" flathub-repo
+
+      - name: Commit and push to Flathub
+        working-directory: flathub-repo
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add -A
+          git diff --cached --quiet && echo "No changes to commit" && exit 0
+          git commit -m "Update to ${{ github.event.release.tag_name }}"
+          git push
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -89,6 +89,8 @@ jobs:

      - run: npm ci
      - run: npm run bootstrap
+        env:
+          YAAK_TARGET_ARCH: ${{ matrix.yaak_arch }}
      - run: npm run lint
      - name: Run JS Tests
        run: npm test
--- a/.gitignore
+++ b/.gitignore
@@ -44,3 +44,10 @@ crates-tauri/yaak-app/tauri.worktree.conf.json
 # Tauri auto-generated permission files
 **/permissions/autogenerated
 **/permissions/schemas
+
+# Flatpak build artifacts
+flatpak-repo/
+.flatpak-builder/
+flatpak/flatpak-builder-tools/
+flatpak/cargo-sources.json
+flatpak/node-sources.json
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -689,9 +689,9 @@ checksum = "8f1fe948ff07f4bd06c30984e69f5b4899c516a3ef74f34df92a2df2ab535495"

 [[package]]
 name = "bytes"
-version = "1.10.1"
+version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
+checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
 dependencies = [
 "serde",
 ]
@@ -1316,12 +1316,12 @@ checksum = "da692b8d1080ea3045efaab14434d40468c3d8657e42abddfffca87b428f4c1b"

 [[package]]
 name = "deranged"
-version = "0.4.0"
+version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c9e6a11ca8224451684bc0d7d5a7adbf8f2fd6887261a1cfc3c0432f9d4068e"
+checksum = "ececcb659e7ba858fb4f10388c250a7252eb0a27373f1a72b8748afdd248e587"
 dependencies = [
 "powerfmt",
- "serde",
+ "serde_core",
 ]

 [[package]]
@@ -2136,9 +2136,9 @@ dependencies = [

 [[package]]
 name = "git2"
-version = "0.20.2"
+version = "0.20.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2deb07a133b1520dc1a5690e9bd08950108873d7ed5de38dcc74d3b5ebffa110"
+checksum = "7b88256088d75a56f8ecfa070513a775dd9107f6530ef14919dac831af9cfe2b"
 dependencies = [
 "bitflags 2.9.1",
 "libc",
@@ -3036,9 +3036,9 @@ dependencies = [

 [[package]]
 name = "libgit2-sys"
-version = "0.18.1+1.9.0"
+version = "0.18.3+1.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e1dcb20f84ffcdd825c7a311ae347cce604a6f084a767dec4a4929829645290e"
+checksum = "c9b3acc4b91781bb0b3386669d325163746af5f6e4f73e6d2d630e09a35f3487"
 dependencies = [
 "cc",
 "libc",
@@ -3446,9 +3446,9 @@ checksum = "5e0826a989adedc2a244799e823aece04662b66609d96af8dff7ac6df9a8925d"

 [[package]]
 name = "num-conv"
-version = "0.1.0"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
+checksum = "cf97ec579c3c42f953ef76dbf8d55ac91fb219dde70e49aa4a6b7d74e9919050"

 [[package]]
 name = "num-traits"
@@ -6341,9 +6341,9 @@ dependencies = [

 [[package]]
 name = "time"
-version = "0.3.41"
+version = "0.3.47"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40"
+checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
 dependencies = [
 "deranged",
 "itoa",
@@ -6351,22 +6351,22 @@ dependencies = [
 "num-conv",
 "num_threads",
 "powerfmt",
- "serde",
+ "serde_core",
 "time-core",
 "time-macros",
 ]

 [[package]]
 name = "time-core"
-version = "0.1.4"
+version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c"
+checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca"

 [[package]]
 name = "time-macros"
-version = "0.2.22"
+version = "0.2.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49"
+checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215"
 dependencies = [
 "num-conv",
 "time-core",
@@ -8167,6 +8167,7 @@ dependencies = [
 "cookie",
 "flate2",
 "futures-util",
+ "http-body",
 "hyper-util",
 "log",
 "mime_guess",
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@
  <!-- sponsors-premium --><a href="https://github.com/MVST-Solutions"><img src="https:&#x2F;&#x2F;github.com&#x2F;MVST-Solutions.png" width="80px" alt="User avatar: MVST-Solutions" /></a>&nbsp;&nbsp;<a href="https://github.com/dharsanb"><img src="https:&#x2F;&#x2F;github.com&#x2F;dharsanb.png" width="80px" alt="User avatar: dharsanb" /></a>&nbsp;&nbsp;<a href="https://github.com/railwayapp"><img src="https:&#x2F;&#x2F;github.com&#x2F;railwayapp.png" width="80px" alt="User avatar: railwayapp" /></a>&nbsp;&nbsp;<a href="https://github.com/caseyamcl"><img src="https:&#x2F;&#x2F;github.com&#x2F;caseyamcl.png" width="80px" alt="User avatar: caseyamcl" /></a>&nbsp;&nbsp;<a href="https://github.com/bytebase"><img src="https:&#x2F;&#x2F;github.com&#x2F;bytebase.png" width="80px" alt="User avatar: bytebase" /></a>&nbsp;&nbsp;<a href="https://github.com/"><img src="https:&#x2F;&#x2F;raw.githubusercontent.com&#x2F;JamesIves&#x2F;github-sponsors-readme-action&#x2F;dev&#x2F;.github&#x2F;assets&#x2F;placeholder.png" width="80px" alt="User avatar: " /></a>&nbsp;&nbsp;<!-- sponsors-premium -->
 </p>
 <p align="center">
-  <!-- sponsors-base --><a href="https://github.com/seanwash"><img src="https:&#x2F;&#x2F;github.com&#x2F;seanwash.png" width="50px" alt="User avatar: seanwash" /></a>&nbsp;&nbsp;<a href="https://github.com/jerath"><img src="https:&#x2F;&#x2F;github.com&#x2F;jerath.png" width="50px" alt="User avatar: jerath" /></a>&nbsp;&nbsp;<a href="https://github.com/itsa-sh"><img src="https:&#x2F;&#x2F;github.com&#x2F;itsa-sh.png" width="50px" alt="User avatar: itsa-sh" /></a>&nbsp;&nbsp;<a href="https://github.com/dmmulroy"><img src="https:&#x2F;&#x2F;github.com&#x2F;dmmulroy.png" width="50px" alt="User avatar: dmmulroy" /></a>&nbsp;&nbsp;<a href="https://github.com/timcole"><img src="https:&#x2F;&#x2F;github.com&#x2F;timcole.png" width="50px" alt="User avatar: timcole" /></a>&nbsp;&nbsp;<a href="https://github.com/VLZH"><img src="https:&#x2F;&#x2F;github.com&#x2F;VLZH.png" width="50px" alt="User avatar: VLZH" /></a>&nbsp;&nbsp;<a href="https://github.com/terasaka2k"><img src="https:&#x2F;&#x2F;github.com&#x2F;terasaka2k.png" width="50px" alt="User avatar: terasaka2k" /></a>&nbsp;&nbsp;<a href="https://github.com/andriyor"><img src="https:&#x2F;&#x2F;github.com&#x2F;andriyor.png" width="50px" alt="User avatar: andriyor" /></a>&nbsp;&nbsp;<a href="https://github.com/majudhu"><img src="https:&#x2F;&#x2F;github.com&#x2F;majudhu.png" width="50px" alt="User avatar: majudhu" /></a>&nbsp;&nbsp;<a href="https://github.com/axelrindle"><img src="https:&#x2F;&#x2F;github.com&#x2F;axelrindle.png" width="50px" alt="User avatar: axelrindle" /></a>&nbsp;&nbsp;<a href="https://github.com/jirizverina"><img src="https:&#x2F;&#x2F;github.com&#x2F;jirizverina.png" width="50px" alt="User avatar: jirizverina" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="50px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/GRAYAH"><img src="https:&#x2F;&#x2F;github.com&#x2F;GRAYAH.png" width="50px" alt="User avatar: GRAYAH" /></a>&nbsp;&nbsp;<!-- sponsors-base -->
+  <!-- sponsors-base --><a href="https://github.com/seanwash"><img src="https:&#x2F;&#x2F;github.com&#x2F;seanwash.png" width="50px" alt="User avatar: seanwash" /></a>&nbsp;&nbsp;<a href="https://github.com/jerath"><img src="https:&#x2F;&#x2F;github.com&#x2F;jerath.png" width="50px" alt="User avatar: jerath" /></a>&nbsp;&nbsp;<a href="https://github.com/itsa-sh"><img src="https:&#x2F;&#x2F;github.com&#x2F;itsa-sh.png" width="50px" alt="User avatar: itsa-sh" /></a>&nbsp;&nbsp;<a href="https://github.com/dmmulroy"><img src="https:&#x2F;&#x2F;github.com&#x2F;dmmulroy.png" width="50px" alt="User avatar: dmmulroy" /></a>&nbsp;&nbsp;<a href="https://github.com/timcole"><img src="https:&#x2F;&#x2F;github.com&#x2F;timcole.png" width="50px" alt="User avatar: timcole" /></a>&nbsp;&nbsp;<a href="https://github.com/VLZH"><img src="https:&#x2F;&#x2F;github.com&#x2F;VLZH.png" width="50px" alt="User avatar: VLZH" /></a>&nbsp;&nbsp;<a href="https://github.com/terasaka2k"><img src="https:&#x2F;&#x2F;github.com&#x2F;terasaka2k.png" width="50px" alt="User avatar: terasaka2k" /></a>&nbsp;&nbsp;<a href="https://github.com/andriyor"><img src="https:&#x2F;&#x2F;github.com&#x2F;andriyor.png" width="50px" alt="User avatar: andriyor" /></a>&nbsp;&nbsp;<a href="https://github.com/majudhu"><img src="https:&#x2F;&#x2F;github.com&#x2F;majudhu.png" width="50px" alt="User avatar: majudhu" /></a>&nbsp;&nbsp;<a href="https://github.com/axelrindle"><img src="https:&#x2F;&#x2F;github.com&#x2F;axelrindle.png" width="50px" alt="User avatar: axelrindle" /></a>&nbsp;&nbsp;<a href="https://github.com/jirizverina"><img src="https:&#x2F;&#x2F;github.com&#x2F;jirizverina.png" width="50px" alt="User avatar: jirizverina" /></a>&nbsp;&nbsp;<a href="https://github.com/chip-well"><img src="https:&#x2F;&#x2F;github.com&#x2F;chip-well.png" width="50px" alt="User avatar: chip-well" /></a>&nbsp;&nbsp;<a href="https://github.com/GRAYAH"><img src="https:&#x2F;&#x2F;github.com&#x2F;GRAYAH.png" width="50px" alt="User avatar: GRAYAH" /></a>&nbsp;&nbsp;<a href="https://github.com/flashblaze"><img src="https:&#x2F;&#x2F;github.com&#x2F;flashblaze.png" width="50px" alt="User avatar: flashblaze" /></a>&nbsp;&nbsp;<!-- sponsors-base -->
 </p>

 ![Yaak API Client](https://yaak.app/static/screenshot.png)
@@ -64,7 +64,7 @@ visit [`DEVELOPMENT.md`](DEVELOPMENT.md) for tips on setting up your environment
 ## Useful Resources

 - [Feedback and Bug Reports](https://feedback.yaak.app)
- [Documentation](https://feedback.yaak.app/help)
+- [Documentation](https://yaak.app/docs)
 - [Yaak vs Postman](https://yaak.app/alternatives/postman)
 - [Yaak vs Bruno](https://yaak.app/alternatives/bruno)
 - [Yaak vs Insomnia](https://yaak.app/alternatives/insomnia)
--- a/crates-cli/yaak-cli/src/main.rs
+++ b/crates-cli/yaak-cli/src/main.rs
@@ -15,7 +15,7 @@ use yaak_models::util::UpdateSource;
 use yaak_plugins::events::{PluginContext, RenderPurpose};
 use yaak_plugins::manager::PluginManager;
 use yaak_plugins::template_callback::PluginTemplateCallback;
-use yaak_templates::{parse_and_render, render_json_value_raw, RenderOptions};
+use yaak_templates::{RenderOptions, parse_and_render, render_json_value_raw};

 #[derive(Parser)]
 #[command(name = "yaakcli")]
@@ -149,14 +149,7 @@ async fn render_http_request(
    // Apply path placeholders (e.g., /users/:id -> /users/123)
    let (url, url_parameters) = apply_path_placeholders(&url, &url_parameters);

-    Ok(HttpRequest {
-        url,
-        url_parameters,
-        headers,
-        body,
-        authentication,
-        ..r.to_owned()
-    })
+    Ok(HttpRequest { url, url_parameters, headers, body, authentication, ..r.to_owned() })
 }

 #[tokio::main]
@@ -169,16 +162,10 @@ async fn main() {
    }

    // Use the same app_id for both data directory and keyring
-    let app_id = if cfg!(debug_assertions) {
-        "app.yaak.desktop.dev"
-    } else {
-        "app.yaak.desktop"
-    };
+    let app_id = if cfg!(debug_assertions) { "app.yaak.desktop.dev" } else { "app.yaak.desktop" };

    let data_dir = cli.data_dir.unwrap_or_else(|| {
-        dirs::data_dir()
-            .expect("Could not determine data directory")
-            .join(app_id)
+        dirs::data_dir().expect("Could not determine data directory").join(app_id)
    });

    let db_path = data_dir.join("db.sqlite");
@@ -191,9 +178,7 @@ async fn main() {

    // Initialize encryption manager for secure() template function
    // Use the same app_id as the Tauri app for keyring access
-    let encryption_manager = Arc::new(
-        EncryptionManager::new(query_manager.clone(), app_id),
-    );
+    let encryption_manager = Arc::new(EncryptionManager::new(query_manager.clone(), app_id));

    // Initialize plugin manager for template functions
    let vendored_plugin_dir = data_dir.join("vendored-plugins");
@@ -203,9 +188,8 @@ async fn main() {
    let node_bin_path = PathBuf::from("node");

    // Find the plugin runtime - check YAAK_PLUGIN_RUNTIME env var, then fallback to development path
-    let plugin_runtime_main = std::env::var("YAAK_PLUGIN_RUNTIME")
-        .map(PathBuf::from)
-        .unwrap_or_else(|_| {
+    let plugin_runtime_main =
+        std::env::var("YAAK_PLUGIN_RUNTIME").map(PathBuf::from).unwrap_or_else(|_| {
            // Development fallback: look relative to crate root
            PathBuf::from(env!("CARGO_MANIFEST_DIR"))
                .join("../../crates-tauri/yaak-app/vendored/plugin-runtime/index.cjs")
@@ -226,14 +210,10 @@ async fn main() {
    // Initialize plugins from database
    let plugins = db.list_plugins().unwrap_or_default();
    if !plugins.is_empty() {
-        let errors = plugin_manager
-            .initialize_all_plugins(plugins, &PluginContext::new_empty())
-            .await;
+        let errors =
+            plugin_manager.initialize_all_plugins(plugins, &PluginContext::new_empty()).await;
        for (plugin_dir, error_msg) in errors {
-            eprintln!(
-                "Warning: Failed to initialize plugin '{}': {}",
-                plugin_dir, error_msg
-            );
+            eprintln!("Warning: Failed to initialize plugin '{}': {}", plugin_dir, error_msg);
        }
    }

@@ -249,9 +229,7 @@ async fn main() {
            }
        }
        Commands::Requests { workspace_id } => {
-            let requests = db
-                .list_http_requests(&workspace_id)
-                .expect("Failed to list requests");
+            let requests = db.list_http_requests(&workspace_id).expect("Failed to list requests");
            if requests.is_empty() {
                println!("No requests found in workspace {}", workspace_id);
            } else {
@@ -261,9 +239,7 @@ async fn main() {
            }
        }
        Commands::Send { request_id } => {
-            let request = db
-                .get_http_request(&request_id)
-                .expect("Failed to get request");
+            let request = db.get_http_request(&request_id).expect("Failed to get request");

            // Resolve environment chain for variable substitution
            let environment_chain = db
@@ -318,18 +294,13 @@ async fn main() {
                }))
            } else {
                // Drain events silently
-                tokio::spawn(async move {
-                    while event_rx.recv().await.is_some() {}
-                });
+                tokio::spawn(async move { while event_rx.recv().await.is_some() {} });
                None
            };

            // Send the request
            let sender = ReqwestSender::new().expect("Failed to create HTTP client");
-            let response = sender
-                .send(sendable, event_tx)
-                .await
-                .expect("Failed to send request");
+            let response = sender.send(sendable, event_tx).await.expect("Failed to send request");

            // Wait for event handler to finish
            if let Some(handle) = verbose_handle {
@@ -383,18 +354,13 @@ async fn main() {
                    }
                }))
            } else {
-                tokio::spawn(async move {
-                    while event_rx.recv().await.is_some() {}
-                });
+                tokio::spawn(async move { while event_rx.recv().await.is_some() {} });
                None
            };

            // Send the request
            let sender = ReqwestSender::new().expect("Failed to create HTTP client");
-            let response = sender
-                .send(sendable, event_tx)
-                .await
-                .expect("Failed to send request");
+            let response = sender.send(sendable, event_tx).await.expect("Failed to send request");

            if let Some(handle) = verbose_handle {
                let _ = handle.await;
@@ -421,12 +387,7 @@ async fn main() {
            let (body, _stats) = response.text().await.expect("Failed to read response body");
            println!("{}", body);
        }
-        Commands::Create {
-            workspace_id,
-            name,
-            method,
-            url,
-        } => {
+        Commands::Create { workspace_id, name, method, url } => {
            let request = HttpRequest {
                workspace_id,
                name,
--- a/crates-tauri/yaak-app/src/commands.rs
+++ b/crates-tauri/yaak-app/src/commands.rs
@@ -1,9 +1,10 @@
-use crate::error::Result;
 use crate::PluginContextExt;
+use crate::error::Result;
 use std::sync::Arc;
 use tauri::{AppHandle, Manager, Runtime, State, WebviewWindow, command};
-use tauri_plugin_dialog::{DialogExt, MessageDialogKind};
 use yaak_crypto::manager::EncryptionManager;
+use yaak_models::models::HttpRequestHeader;
+use yaak_models::queries::workspaces::default_headers;
 use yaak_plugins::events::GetThemesResponse;
 use yaak_plugins::manager::PluginManager;
 use yaak_plugins::native_template_functions::{
@@ -21,20 +22,6 @@ impl<'a, R: Runtime, M: Manager<R>> EncryptionManagerExt<'a, R> for M {
    }
 }

-#[command]
-pub(crate) async fn cmd_show_workspace_key<R: Runtime>(
-    window: WebviewWindow<R>,
-    workspace_id: &str,
-) -> Result<()> {
-    let key = window.crypto().reveal_workspace_key(workspace_id)?;
-    window
-        .dialog()
-        .message(format!("Your workspace key is \n\n{}", key))
-        .kind(MessageDialogKind::Info)
-        .show(|_v| {});
-    Ok(())
-}
-
 #[command]
 pub(crate) async fn cmd_decrypt_template<R: Runtime>(
    window: WebviewWindow<R>,
@@ -54,7 +41,12 @@ pub(crate) async fn cmd_secure_template<R: Runtime>(
    let plugin_manager = Arc::new((*app_handle.state::<PluginManager>()).clone());
    let encryption_manager = Arc::new((*app_handle.state::<EncryptionManager>()).clone());
    let plugin_context = window.plugin_context();
-    Ok(encrypt_secure_template_function(plugin_manager, encryption_manager, &plugin_context, template)?)
+    Ok(encrypt_secure_template_function(
+        plugin_manager,
+        encryption_manager,
+        &plugin_context,
+        template,
+    )?)
 }

 #[command]
@@ -92,3 +84,17 @@ pub(crate) async fn cmd_set_workspace_key<R: Runtime>(
    window.crypto().set_human_key(workspace_id, key)?;
    Ok(())
 }
+
+#[command]
+pub(crate) async fn cmd_disable_encryption<R: Runtime>(
+    window: WebviewWindow<R>,
+    workspace_id: &str,
+) -> Result<()> {
+    window.crypto().disable_encryption(workspace_id)?;
+    Ok(())
+}
+
+#[command]
+pub(crate) fn cmd_default_headers() -> Vec<HttpRequestHeader> {
+    default_headers()
+}
--- a/crates-tauri/yaak-app/src/git_ext.rs
+++ b/crates-tauri/yaak-app/src/git_ext.rs
@@ -6,32 +6,47 @@ use crate::error::Result;
 use std::path::{Path, PathBuf};
 use tauri::command;
 use yaak_git::{
-    GitCommit, GitRemote, GitStatusSummary, PullResult, PushResult, git_add, git_add_credential,
-    git_add_remote, git_checkout_branch, git_commit, git_create_branch, git_delete_branch,
-    git_fetch_all, git_init, git_log, git_merge_branch, git_pull, git_push, git_remotes,
-    git_rm_remote, git_status, git_unstage,
+    BranchDeleteResult, CloneResult, GitCommit, GitRemote, GitStatusSummary, PullResult,
+    PushResult, git_add, git_add_credential, git_add_remote, git_checkout_branch, git_clone,
+    git_commit, git_create_branch, git_delete_branch, git_delete_remote_branch, git_fetch_all,
+    git_init, git_log, git_merge_branch, git_pull, git_pull_force_reset, git_pull_merge, git_push,
+    git_remotes, git_rename_branch, git_reset_changes, git_rm_remote, git_status, git_unstage,
 };

 // NOTE: All of these commands are async to prevent blocking work from locking up the UI

 #[command]
 pub async fn cmd_git_checkout(dir: &Path, branch: &str, force: bool) -> Result<String> {
-    Ok(git_checkout_branch(dir, branch, force)?)
+    Ok(git_checkout_branch(dir, branch, force).await?)
 }

 #[command]
-pub async fn cmd_git_branch(dir: &Path, branch: &str) -> Result<()> {
-    Ok(git_create_branch(dir, branch)?)
+pub async fn cmd_git_branch(dir: &Path, branch: &str, base: Option<&str>) -> Result<()> {
+    Ok(git_create_branch(dir, branch, base).await?)
 }

 #[command]
-pub async fn cmd_git_delete_branch(dir: &Path, branch: &str) -> Result<()> {
-    Ok(git_delete_branch(dir, branch)?)
+pub async fn cmd_git_delete_branch(
+    dir: &Path,
+    branch: &str,
+    force: Option<bool>,
+) -> Result<BranchDeleteResult> {
+    Ok(git_delete_branch(dir, branch, force.unwrap_or(false)).await?)
 }

 #[command]
-pub async fn cmd_git_merge_branch(dir: &Path, branch: &str, force: bool) -> Result<()> {
-    Ok(git_merge_branch(dir, branch, force)?)
+pub async fn cmd_git_delete_remote_branch(dir: &Path, branch: &str) -> Result<()> {
+    Ok(git_delete_remote_branch(dir, branch).await?)
+}
+
+#[command]
+pub async fn cmd_git_merge_branch(dir: &Path, branch: &str) -> Result<()> {
+    Ok(git_merge_branch(dir, branch).await?)
+}
+
+#[command]
+pub async fn cmd_git_rename_branch(dir: &Path, old_name: &str, new_name: &str) -> Result<()> {
+    Ok(git_rename_branch(dir, old_name, new_name).await?)
 }

 #[command]
@@ -49,6 +64,11 @@ pub async fn cmd_git_initialize(dir: &Path) -> Result<()> {
    Ok(git_init(dir)?)
 }

+#[command]
+pub async fn cmd_git_clone(url: &str, dir: &Path) -> Result<CloneResult> {
+    Ok(git_clone(url, dir).await?)
+}
+
 #[command]
 pub async fn cmd_git_commit(dir: &Path, message: &str) -> Result<()> {
    Ok(git_commit(dir, message).await?)
@@ -69,6 +89,20 @@ pub async fn cmd_git_pull(dir: &Path) -> Result<PullResult> {
    Ok(git_pull(dir).await?)
 }

+#[command]
+pub async fn cmd_git_pull_force_reset(
+    dir: &Path,
+    remote: &str,
+    branch: &str,
+) -> Result<PullResult> {
+    Ok(git_pull_force_reset(dir, remote, branch).await?)
+}
+
+#[command]
+pub async fn cmd_git_pull_merge(dir: &Path, remote: &str, branch: &str) -> Result<PullResult> {
+    Ok(git_pull_merge(dir, remote, branch).await?)
+}
+
 #[command]
 pub async fn cmd_git_add(dir: &Path, rela_paths: Vec<PathBuf>) -> Result<()> {
    for path in rela_paths {
@@ -85,14 +119,18 @@ pub async fn cmd_git_unstage(dir: &Path, rela_paths: Vec<PathBuf>) -> Result<()>
    Ok(())
 }

+#[command]
+pub async fn cmd_git_reset_changes(dir: &Path) -> Result<()> {
+    Ok(git_reset_changes(dir).await?)
+}
+
 #[command]
 pub async fn cmd_git_add_credential(
-    dir: &Path,
    remote_url: &str,
    username: &str,
    password: &str,
 ) -> Result<()> {
-    Ok(git_add_credential(dir, remote_url, username, password).await?)
+    Ok(git_add_credential(remote_url, username, password).await?)
 }

 #[command]
--- a/crates-tauri/yaak-app/src/grpc.rs
+++ b/crates-tauri/yaak-app/src/grpc.rs
@@ -1,12 +1,12 @@
 use std::collections::BTreeMap;

-use crate::error::Result;
 use crate::PluginContextExt;
+use crate::error::Result;
+use crate::models_ext::QueryManagerExt;
 use KeyAndValueRef::{Ascii, Binary};
 use tauri::{Manager, Runtime, WebviewWindow};
 use yaak_grpc::{KeyAndValueRef, MetadataMap};
 use yaak_models::models::GrpcRequest;
-use crate::models_ext::QueryManagerExt;
 use yaak_plugins::events::{CallHttpAuthenticationRequest, HttpHeader};
 use yaak_plugins::manager::PluginManager;

--- a/crates-tauri/yaak-app/src/history.rs
+++ b/crates-tauri/yaak-app/src/history.rs
@@ -1,8 +1,8 @@
+use crate::models_ext::QueryManagerExt;
 use chrono::{NaiveDateTime, Utc};
 use log::debug;
 use std::sync::OnceLock;
 use tauri::{AppHandle, Runtime};
-use crate::models_ext::QueryManagerExt;
 use yaak_models::util::UpdateSource;

 const NAMESPACE: &str = "analytics";
--- a/crates-tauri/yaak-app/src/http_request.rs
+++ b/crates-tauri/yaak-app/src/http_request.rs
@@ -1,9 +1,13 @@
+use crate::PluginContextExt;
 use crate::error::Error::GenericError;
 use crate::error::Result;
+use crate::models_ext::BlobManagerExt;
+use crate::models_ext::QueryManagerExt;
 use crate::render::render_http_request;
 use log::{debug, warn};
 use std::pin::Pin;
 use std::sync::Arc;
+use std::sync::atomic::{AtomicI32, Ordering};
 use std::time::{Duration, Instant};
 use tauri::{AppHandle, Manager, Runtime, WebviewWindow};
 use tokio::fs::{File, create_dir_all};
@@ -15,22 +19,19 @@ use yaak_http::client::{
    HttpConnectionOptions, HttpConnectionProxySetting, HttpConnectionProxySettingAuth,
 };
 use yaak_http::cookies::CookieStore;
-use yaak_http::manager::HttpConnectionManager;
+use yaak_http::manager::{CachedClient, HttpConnectionManager};
 use yaak_http::sender::ReqwestSender;
 use yaak_http::tee_reader::TeeReader;
 use yaak_http::transaction::HttpTransaction;
 use yaak_http::types::{
    SendableBody, SendableHttpRequest, SendableHttpRequestOptions, append_query_params,
 };
-use crate::models_ext::BlobManagerExt;
 use yaak_models::blob_manager::BodyChunk;
 use yaak_models::models::{
    CookieJar, Environment, HttpRequest, HttpResponse, HttpResponseEvent, HttpResponseHeader,
    HttpResponseState, ProxySetting, ProxySettingAuth,
 };
-use crate::models_ext::QueryManagerExt;
 use yaak_models::util::UpdateSource;
-use crate::PluginContextExt;
 use yaak_plugins::events::{
    CallHttpAuthenticationRequest, HttpHeader, PluginContext, RenderPurpose,
 };
@@ -173,10 +174,22 @@ async fn send_http_request_inner<R: Runtime>(
    let environment_id = environment.map(|e| e.id);
    let workspace = window.db().get_workspace(workspace_id)?;
    let (resolved, auth_context_id) = resolve_http_request(window, unrendered_request)?;
-    let cb = PluginTemplateCallback::new(plugin_manager.clone(), encryption_manager.clone(), &plugin_context, RenderPurpose::Send);
+    let cb = PluginTemplateCallback::new(
+        plugin_manager.clone(),
+        encryption_manager.clone(),
+        &plugin_context,
+        RenderPurpose::Send,
+    );
    let env_chain =
        window.db().resolve_environments(&workspace.id, folder_id, environment_id.as_deref())?;
-    let request = render_http_request(&resolved, env_chain, &cb, &RenderOptions::throw()).await?;
+    let mut cancel_rx = cancelled_rx.clone();
+    let render_options = RenderOptions::throw();
+    let request = tokio::select! {
+        result = render_http_request(&resolved, env_chain, &cb, &render_options) => result?,
+        _ = cancel_rx.changed() => {
+            return Err(GenericError("Request canceled".to_string()));
+        }
+    };

    // Build the sendable request using the new SendableHttpRequest type
    let options = SendableHttpRequestOptions {
@@ -228,29 +241,36 @@ async fn send_http_request_inner<R: Runtime>(
        None => None,
    };

-    let client = connection_manager
+    let cached_client = connection_manager
        .get_client(&HttpConnectionOptions {
            id: plugin_context.id.clone(),
            validate_certificates: workspace.setting_validate_certificates,
            proxy: proxy_setting,
            client_certificate,
+            dns_overrides: workspace.setting_dns_overrides.clone(),
        })
        .await?;

-    // Apply authentication to the request
-    apply_authentication(
-        &window,
-        &mut sendable_request,
-        &request,
-        auth_context_id,
-        &plugin_manager,
-        plugin_context,
-    )
-    .await?;
+    // Apply authentication to the request, racing against cancellation since
+    // auth plugins (e.g. OAuth2) can block indefinitely waiting for user action.
+    let mut cancel_rx = cancelled_rx.clone();
+    tokio::select! {
+        result = apply_authentication(
+            &window,
+            &mut sendable_request,
+            &request,
+            auth_context_id,
+            &plugin_manager,
+            plugin_context,
+        ) => result?,
+        _ = cancel_rx.changed() => {
+            return Err(GenericError("Request canceled".to_string()));
+        }
+    };

    let cookie_store = maybe_cookie_store.as_ref().map(|(cs, _)| cs.clone());
    let result = execute_transaction(
-        client,
+        cached_client,
        sendable_request,
        response_ctx,
        cancelled_rx.clone(),
@@ -310,7 +330,7 @@ pub fn resolve_http_request<R: Runtime>(
 }

 async fn execute_transaction<R: Runtime>(
-    client: reqwest::Client,
+    cached_client: CachedClient,
    mut sendable_request: SendableHttpRequest,
    response_ctx: &mut ResponseContext<R>,
    mut cancelled_rx: Receiver<bool>,
@@ -321,7 +341,10 @@ async fn execute_transaction<R: Runtime>(
    let workspace_id = response_ctx.response().workspace_id.clone();
    let is_persisted = response_ctx.is_persisted();

-    let sender = ReqwestSender::with_client(client);
+    // Keep a reference to the resolver for DNS timing events
+    let resolver = cached_client.resolver.clone();
+
+    let sender = ReqwestSender::with_client(cached_client.client);
    let transaction = match cookie_store {
        Some(cs) => HttpTransaction::with_cookie_store(sender, cs),
        None => HttpTransaction::new(sender),
@@ -346,21 +369,39 @@ async fn execute_transaction<R: Runtime>(
    let (event_tx, mut event_rx) =
        tokio::sync::mpsc::channel::<yaak_http::sender::HttpResponseEvent>(100);

+    // Set the event sender on the DNS resolver so it can emit DNS timing events
+    resolver.set_event_sender(Some(event_tx.clone())).await;
+
+    // Shared state to capture DNS timing from the event processing task
+    let dns_elapsed = Arc::new(AtomicI32::new(0));
+
    // Write events to DB in a task (only for persisted responses)
    if is_persisted {
        let response_id = response_id.clone();
        let app_handle = app_handle.clone();
        let update_source = response_ctx.update_source.clone();
        let workspace_id = workspace_id.clone();
+        let dns_elapsed = dns_elapsed.clone();
        tokio::spawn(async move {
            while let Some(event) = event_rx.recv().await {
+                // Capture DNS timing when we see a DNS event
+                if let yaak_http::sender::HttpResponseEvent::DnsResolved { duration, .. } = &event {
+                    dns_elapsed.store(*duration as i32, Ordering::SeqCst);
+                }
                let db_event = HttpResponseEvent::new(&response_id, &workspace_id, event.into());
                let _ = app_handle.db().upsert_http_response_event(&db_event, &update_source);
            }
        });
    } else {
-        // For ephemeral responses, just drain the events
-        tokio::spawn(async move { while event_rx.recv().await.is_some() {} });
+        // For ephemeral responses, just drain the events but still capture DNS timing
+        let dns_elapsed = dns_elapsed.clone();
+        tokio::spawn(async move {
+            while let Some(event) = event_rx.recv().await {
+                if let yaak_http::sender::HttpResponseEvent::DnsResolved { duration, .. } = &event {
+                    dns_elapsed.store(*duration as i32, Ordering::SeqCst);
+                }
+            }
+        });
    };

    // Capture request body as it's sent (only for persisted responses)
@@ -373,7 +414,7 @@ async fn execute_transaction<R: Runtime>(
            sendable_request.body = Some(SendableBody::Bytes(bytes));
            None
        }
-        Some(SendableBody::Stream(stream)) => {
+        Some(SendableBody::Stream { data: stream, content_length }) => {
            // Wrap stream with TeeReader to capture data as it's read
            // Use unbounded channel to ensure all data is captured without blocking the HTTP request
            let (body_chunk_tx, body_chunk_rx) = tokio::sync::mpsc::unbounded_channel::<Vec<u8>>();
@@ -407,7 +448,7 @@ async fn execute_transaction<R: Runtime>(
                None
            };

-            sendable_request.body = Some(SendableBody::Stream(pinned));
+            sendable_request.body = Some(SendableBody::Stream { data: pinned, content_length });
            handle
        }
        None => {
@@ -528,10 +569,14 @@ async fn execute_transaction<R: Runtime>(
    // Final update with closed state and accurate byte count
    response_ctx.update(|r| {
        r.elapsed = start.elapsed().as_millis() as i32;
+        r.elapsed_dns = dns_elapsed.load(Ordering::SeqCst);
        r.content_length = Some(written_bytes as i32);
        r.state = HttpResponseState::Closed;
    })?;

+    // Clear the event sender from the resolver since this request is done
+    resolver.set_event_sender(None).await;
+
    Ok((response_ctx.response().clone(), maybe_blob_write_handle))
 }

--- a/crates-tauri/yaak-app/src/import.rs
+++ b/crates-tauri/yaak-app/src/import.rs
@@ -1,17 +1,17 @@
+use crate::PluginContextExt;
 use crate::error::Result;
 use crate::models_ext::QueryManagerExt;
-use crate::PluginContextExt;
 use log::info;
 use std::collections::BTreeMap;
 use std::fs::read_to_string;
 use tauri::{Manager, Runtime, WebviewWindow};
-use yaak_tauri_utils::window::WorkspaceWindowTrait;
 use yaak_core::WorkspaceContext;
 use yaak_models::models::{
    Environment, Folder, GrpcRequest, HttpRequest, WebsocketRequest, Workspace,
 };
 use yaak_models::util::{BatchUpsertResult, UpdateSource, maybe_gen_id, maybe_gen_id_opt};
 use yaak_plugins::manager::PluginManager;
+use yaak_tauri_utils::window::WorkspaceWindowTrait;

 pub(crate) async fn import_data<R: Runtime>(
    window: &WebviewWindow<R>,
--- a/crates-tauri/yaak-app/src/lib.rs
+++ b/crates-tauri/yaak-app/src/lib.rs
@@ -7,7 +7,7 @@ use crate::http_request::{resolve_http_request, send_http_request};
 use crate::import::import_data;
 use crate::models_ext::{BlobManagerExt, QueryManagerExt};
 use crate::notifications::YaakNotifier;
-use crate::render::{render_grpc_request, render_template};
+use crate::render::{render_grpc_request, render_json_value, render_template};
 use crate::updates::{UpdateMode, UpdateTrigger, YaakUpdater};
 use crate::uri_scheme::handle_deep_link;
 use error::Result as YaakResult;
@@ -37,8 +37,8 @@ use yaak_grpc::{Code, ServiceDefinition, serialize_message};
 use yaak_mac_window::AppHandleMacWindowExt;
 use yaak_models::models::{
    AnyModel, CookieJar, Environment, GrpcConnection, GrpcConnectionState, GrpcEvent,
-    GrpcEventType, GrpcRequest, HttpRequest, HttpResponse, HttpResponseEvent, HttpResponseState,
-    Plugin, Workspace, WorkspaceMeta,
+    GrpcEventType, HttpRequest, HttpResponse, HttpResponseEvent, HttpResponseState, Plugin,
+    Workspace, WorkspaceMeta,
 };
 use yaak_models::util::{BatchUpsertResult, UpdateSource, get_workspace_export_resources};
 use yaak_plugins::events::{
@@ -101,6 +101,7 @@ struct AppMetaData {
    app_data_dir: String,
    app_log_dir: String,
    vendored_plugin_dir: String,
+    default_project_dir: String,
    feature_updater: bool,
    feature_license: bool,
 }
@@ -111,6 +112,7 @@ async fn cmd_metadata(app_handle: AppHandle) -> YaakResult<AppMetaData> {
    let app_log_dir = app_handle.path().app_log_dir()?;
    let vendored_plugin_dir =
        app_handle.path().resolve("vendored/plugins", BaseDirectory::Resource)?;
+    let default_project_dir = app_handle.path().home_dir()?.join("YaakProjects");
    Ok(AppMetaData {
        is_dev: is_dev(),
        version: app_handle.package_info().version.to_string(),
@@ -118,6 +120,7 @@ async fn cmd_metadata(app_handle: AppHandle) -> YaakResult<AppMetaData> {
        app_data_dir: app_data_dir.to_string_lossy().to_string(),
        app_log_dir: app_log_dir.to_string_lossy().to_string(),
        vendored_plugin_dir: vendored_plugin_dir.to_string_lossy().to_string(),
+        default_project_dir: default_project_dir.to_string_lossy().to_string(),
        feature_license: cfg!(feature = "license"),
        feature_updater: cfg!(feature = "updater"),
    })
@@ -189,7 +192,6 @@ async fn cmd_grpc_reflect<R: Runtime>(
    request_id: &str,
    environment_id: Option<&str>,
    proto_files: Vec<String>,
-    skip_cache: Option<bool>,
    window: WebviewWindow<R>,
    app_handle: AppHandle<R>,
    grpc_handle: State<'_, Mutex<GrpcHandle>>,
@@ -224,18 +226,21 @@ async fn cmd_grpc_reflect<R: Runtime>(
    let settings = window.db().get_settings();
    let client_certificate =
        find_client_certificate(req.url.as_str(), &settings.client_certificates);
+    let proto_files: Vec<PathBuf> =
+        proto_files.iter().map(|p| PathBuf::from_str(p).unwrap()).collect();

-    Ok(grpc_handle
-        .lock()
-        .await
+    // Always invalidate cached pool when this command is called, to force re-reflection
+    let mut handle = grpc_handle.lock().await;
+    handle.invalidate_pool(&req.id, &uri, &proto_files);
+
+    Ok(handle
        .services(
            &req.id,
            &uri,
-            &proto_files.iter().map(|p| PathBuf::from_str(p).unwrap()).collect(),
+            &proto_files,
            &metadata,
            workspace.setting_validate_certificates,
            client_certificate,
-            skip_cache.unwrap_or(false),
        )
        .await
        .map_err(|e| GenericError(e.to_string()))?)
@@ -1055,14 +1060,59 @@ async fn cmd_get_http_authentication_summaries<R: Runtime>(
 #[tauri::command]
 async fn cmd_get_http_authentication_config<R: Runtime>(
    window: WebviewWindow<R>,
+    app_handle: AppHandle<R>,
    plugin_manager: State<'_, PluginManager>,
+    encryption_manager: State<'_, EncryptionManager>,
    auth_name: &str,
    values: HashMap<String, JsonPrimitive>,
    model: AnyModel,
-    _environment_id: Option<&str>,
+    environment_id: Option<&str>,
 ) -> YaakResult<GetHttpAuthenticationConfigResponse> {
+    // Extract workspace_id and folder_id from the model to resolve the environment chain
+    let (workspace_id, folder_id) = match &model {
+        AnyModel::HttpRequest(r) => (r.workspace_id.clone(), r.folder_id.clone()),
+        AnyModel::GrpcRequest(r) => (r.workspace_id.clone(), r.folder_id.clone()),
+        AnyModel::WebsocketRequest(r) => (r.workspace_id.clone(), r.folder_id.clone()),
+        AnyModel::Folder(f) => (f.workspace_id.clone(), f.folder_id.clone()),
+        AnyModel::Workspace(w) => (w.id.clone(), None),
+        _ => return Err(GenericError("Unsupported model type for authentication config".into())),
+    };
+
+    // Resolve environment chain and render the values for token lookup
+    let environment_chain = app_handle.db().resolve_environments(
+        &workspace_id,
+        folder_id.as_deref(),
+        environment_id,
+    )?;
+    let plugin_manager_arc = Arc::new((*plugin_manager).clone());
+    let encryption_manager_arc = Arc::new((*encryption_manager).clone());
+    let cb = PluginTemplateCallback::new(
+        plugin_manager_arc,
+        encryption_manager_arc,
+        &window.plugin_context(),
+        RenderPurpose::Preview,
+    );
+
+    // Convert HashMap<String, JsonPrimitive> to serde_json::Value for rendering
+    let values_json: serde_json::Value = serde_json::to_value(&values)?;
+    let rendered_json = render_json_value(
+        values_json,
+        environment_chain,
+        &cb,
+        &RenderOptions::return_empty(),
+    )
+    .await?;
+
+    // Convert back to HashMap<String, JsonPrimitive>
+    let rendered_values: HashMap<String, JsonPrimitive> = serde_json::from_value(rendered_json)?;
+
    Ok(plugin_manager
-        .get_http_authentication_config(&window.plugin_context(), auth_name, values, model.id())
+        .get_http_authentication_config(
+            &window.plugin_context(),
+            auth_name,
+            rendered_values,
+            model.id(),
+        )
        .await?)
 }

@@ -1109,19 +1159,54 @@ async fn cmd_call_grpc_request_action<R: Runtime>(
 #[tauri::command]
 async fn cmd_call_http_authentication_action<R: Runtime>(
    window: WebviewWindow<R>,
+    app_handle: AppHandle<R>,
    plugin_manager: State<'_, PluginManager>,
+    encryption_manager: State<'_, EncryptionManager>,
    auth_name: &str,
    action_index: i32,
    values: HashMap<String, JsonPrimitive>,
    model: AnyModel,
-    _environment_id: Option<&str>,
+    environment_id: Option<&str>,
 ) -> YaakResult<()> {
+    // Extract workspace_id and folder_id from the model to resolve the environment chain
+    let (workspace_id, folder_id) = match &model {
+        AnyModel::HttpRequest(r) => (r.workspace_id.clone(), r.folder_id.clone()),
+        AnyModel::GrpcRequest(r) => (r.workspace_id.clone(), r.folder_id.clone()),
+        AnyModel::WebsocketRequest(r) => (r.workspace_id.clone(), r.folder_id.clone()),
+        AnyModel::Folder(f) => (f.workspace_id.clone(), f.folder_id.clone()),
+        AnyModel::Workspace(w) => (w.id.clone(), None),
+        _ => return Err(GenericError("Unsupported model type for authentication action".into())),
+    };
+
+    // Resolve environment chain and render the values
+    let environment_chain = app_handle.db().resolve_environments(
+        &workspace_id,
+        folder_id.as_deref(),
+        environment_id,
+    )?;
+    let plugin_manager_arc = Arc::new((*plugin_manager).clone());
+    let encryption_manager_arc = Arc::new((*encryption_manager).clone());
+    let cb = PluginTemplateCallback::new(
+        plugin_manager_arc,
+        encryption_manager_arc,
+        &window.plugin_context(),
+        RenderPurpose::Send,
+    );
+
+    // Convert HashMap<String, JsonPrimitive> to serde_json::Value for rendering
+    let values_json: serde_json::Value = serde_json::to_value(&values)?;
+    let rendered_json =
+        render_json_value(values_json, environment_chain, &cb, &RenderOptions::throw()).await?;
+
+    // Convert back to HashMap<String, JsonPrimitive>
+    let rendered_values: HashMap<String, JsonPrimitive> = serde_json::from_value(rendered_json)?;
+
    Ok(plugin_manager
        .call_http_authentication_action(
            &window.plugin_context(),
            auth_name,
            action_index,
-            values,
+            rendered_values,
            &model.id(),
        )
        .await?)
@@ -1191,35 +1276,6 @@ async fn cmd_save_response<R: Runtime>(
    Ok(())
 }

-#[tauri::command]
-async fn cmd_send_folder<R: Runtime>(
-    app_handle: AppHandle<R>,
-    window: WebviewWindow<R>,
-    environment_id: Option<String>,
-    cookie_jar_id: Option<String>,
-    folder_id: &str,
-) -> YaakResult<()> {
-    let requests = app_handle.db().list_http_requests_for_folder_recursive(folder_id)?;
-    for request in requests {
-        let app_handle = app_handle.clone();
-        let window = window.clone();
-        let environment_id = environment_id.clone();
-        let cookie_jar_id = cookie_jar_id.clone();
-        tokio::spawn(async move {
-            let _ = cmd_send_http_request(
-                app_handle,
-                window,
-                environment_id.as_deref(),
-                cookie_jar_id.as_deref(),
-                request,
-            )
-            .await;
-        });
-    }
-
-    Ok(())
-}
-
 #[tauri::command]
 async fn cmd_send_http_request<R: Runtime>(
    app_handle: AppHandle<R>,
@@ -1316,27 +1372,6 @@ async fn cmd_install_plugin<R: Runtime>(
    Ok(plugin)
 }

-#[tauri::command]
-async fn cmd_create_grpc_request<R: Runtime>(
-    workspace_id: &str,
-    name: &str,
-    sort_priority: f64,
-    folder_id: Option<&str>,
-    app_handle: AppHandle<R>,
-    window: WebviewWindow<R>,
-) -> YaakResult<GrpcRequest> {
-    Ok(app_handle.db().upsert_grpc_request(
-        &GrpcRequest {
-            workspace_id: workspace_id.to_string(),
-            name: name.to_string(),
-            folder_id: folder_id.map(|s| s.to_string()),
-            sort_priority,
-            ..Default::default()
-        },
-        &UpdateSource::from_window_label(window.label()),
-    )?)
-}
-
 #[tauri::command]
 async fn cmd_reload_plugins<R: Runtime>(
    app_handle: AppHandle<R>,
@@ -1599,7 +1634,6 @@ pub fn run() {
            cmd_call_folder_action,
            cmd_call_grpc_request_action,
            cmd_check_for_updates,
-            cmd_create_grpc_request,
            cmd_curl_to_request,
            cmd_delete_all_grpc_connections,
            cmd_delete_all_http_responses,
@@ -1633,7 +1667,6 @@ pub fn run() {
            cmd_save_response,
            cmd_send_ephemeral_request,
            cmd_send_http_request,
-            cmd_send_folder,
            cmd_template_function_config,
            cmd_template_function_summaries,
            cmd_template_tokens_to_string,
@@ -1641,12 +1674,13 @@ pub fn run() {
            //
            // Migrated commands
            crate::commands::cmd_decrypt_template,
+            crate::commands::cmd_default_headers,
+            crate::commands::cmd_disable_encryption,
            crate::commands::cmd_enable_encryption,
            crate::commands::cmd_get_themes,
            crate::commands::cmd_reveal_workspace_key,
            crate::commands::cmd_secure_template,
            crate::commands::cmd_set_workspace_key,
-            crate::commands::cmd_show_workspace_key,
            //
            // Models commands
            models_ext::models_delete,
@@ -1669,16 +1703,22 @@ pub fn run() {
            git_ext::cmd_git_checkout,
            git_ext::cmd_git_branch,
            git_ext::cmd_git_delete_branch,
+            git_ext::cmd_git_delete_remote_branch,
            git_ext::cmd_git_merge_branch,
+            git_ext::cmd_git_rename_branch,
            git_ext::cmd_git_status,
            git_ext::cmd_git_log,
            git_ext::cmd_git_initialize,
+            git_ext::cmd_git_clone,
            git_ext::cmd_git_commit,
            git_ext::cmd_git_fetch_all,
            git_ext::cmd_git_push,
            git_ext::cmd_git_pull,
+            git_ext::cmd_git_pull_force_reset,
+            git_ext::cmd_git_pull_merge,
            git_ext::cmd_git_add,
            git_ext::cmd_git_unstage,
+            git_ext::cmd_git_reset_changes,
            git_ext::cmd_git_add_credential,
            git_ext::cmd_git_remotes,
            git_ext::cmd_git_add_remote,
@@ -1692,14 +1732,7 @@ pub fn run() {
            plugins_ext::cmd_plugins_update_all,
            //
            // WebSocket commands
-            ws_ext::cmd_ws_upsert_request,
-            ws_ext::cmd_ws_duplicate_request,
-            ws_ext::cmd_ws_delete_request,
-            ws_ext::cmd_ws_delete_connection,
            ws_ext::cmd_ws_delete_connections,
-            ws_ext::cmd_ws_list_events,
-            ws_ext::cmd_ws_list_requests,
-            ws_ext::cmd_ws_list_connections,
            ws_ext::cmd_ws_send,
            ws_ext::cmd_ws_close,
            ws_ext::cmd_ws_connect,
--- a/crates-tauri/yaak-app/src/notifications.rs
+++ b/crates-tauri/yaak-app/src/notifications.rs
@@ -1,5 +1,6 @@
 use crate::error::Result;
 use crate::history::get_or_upsert_launch_info;
+use crate::models_ext::QueryManagerExt;
 use chrono::{DateTime, Utc};
 use log::{debug, info};
 use reqwest::Method;
@@ -8,9 +9,8 @@ use std::time::Instant;
 use tauri::{AppHandle, Emitter, Manager, Runtime, WebviewWindow};
 use ts_rs::TS;
 use yaak_common::platform::get_os_str;
-use yaak_tauri_utils::api_client::yaak_api_client;
-use crate::models_ext::QueryManagerExt;
 use yaak_models::util::UpdateSource;
+use yaak_tauri_utils::api_client::yaak_api_client;

 // Check for updates every hour
 const MAX_UPDATE_CHECK_SECONDS: u64 = 60 * 60;
--- a/crates-tauri/yaak-app/src/plugin_events.rs
+++ b/crates-tauri/yaak-app/src/plugin_events.rs
@@ -1,5 +1,7 @@
 use crate::error::Result;
 use crate::http_request::send_http_request_with_context;
+use crate::models_ext::BlobManagerExt;
+use crate::models_ext::QueryManagerExt;
 use crate::render::{render_grpc_request, render_http_request, render_json_value};
 use crate::window::{CreateWindowConfig, create_window};
 use crate::{
@@ -10,15 +12,12 @@ use chrono::Utc;
 use cookie::Cookie;
 use log::error;
 use std::sync::Arc;
-use tauri::{AppHandle, Emitter, Manager, Runtime};
+use tauri::{AppHandle, Emitter, Listener, Manager, Runtime};
 use tauri_plugin_clipboard_manager::ClipboardExt;
 use tauri_plugin_opener::OpenerExt;
 use yaak_crypto::manager::EncryptionManager;
-use yaak_tauri_utils::window::WorkspaceWindowTrait;
-use crate::models_ext::BlobManagerExt;
 use yaak_models::models::{AnyModel, HttpResponse, Plugin};
 use yaak_models::queries::any_request::AnyRequest;
-use crate::models_ext::QueryManagerExt;
 use yaak_models::util::UpdateSource;
 use yaak_plugins::error::Error::PluginErr;
 use yaak_plugins::events::{
@@ -32,6 +31,7 @@ use yaak_plugins::events::{
 use yaak_plugins::manager::PluginManager;
 use yaak_plugins::plugin_handle::PluginHandle;
 use yaak_plugins::template_callback::PluginTemplateCallback;
+use yaak_tauri_utils::window::WorkspaceWindowTrait;
 use yaak_templates::{RenderErrorBehavior, RenderOptions};

 pub(crate) async fn handle_plugin_event<R: Runtime>(
@@ -59,7 +59,55 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
        }
        InternalEventPayload::PromptFormRequest(_) => {
            let window = get_window_from_plugin_context(app_handle, &plugin_context)?;
-            Ok(call_frontend(&window, event).await)
+            if event.reply_id.is_some() {
+                // Follow-up update from plugin runtime with resolved inputs — forward to frontend
+                window.emit_to(window.label(), "plugin_event", event.clone())?;
+                Ok(None)
+            } else {
+                // Initial request — set up bidirectional communication
+                window.emit_to(window.label(), "plugin_event", event.clone()).unwrap();
+
+                let event_id = event.id.clone();
+                let plugin_handle = plugin_handle.clone();
+                let plugin_context = plugin_context.clone();
+                let window = window.clone();
+
+                // Spawn async task to handle bidirectional form communication
+                tauri::async_runtime::spawn(async move {
+                    let (tx, mut rx) = tokio::sync::mpsc::channel::<InternalEvent>(128);
+
+                    // Listen for replies from the frontend
+                    let listener_id = window.listen(event_id, move |ev: tauri::Event| {
+                        let resp: InternalEvent = serde_json::from_str(ev.payload()).unwrap();
+                        let _ = tx.try_send(resp);
+                    });
+
+                    // Forward each reply to the plugin runtime
+                    while let Some(resp) = rx.recv().await {
+                        let is_done = matches!(
+                            &resp.payload,
+                            InternalEventPayload::PromptFormResponse(r) if r.done.unwrap_or(false)
+                        );
+
+                        let event_to_send = plugin_handle.build_event_to_send(
+                            &plugin_context,
+                            &resp.payload,
+                            Some(resp.reply_id.unwrap_or_default()),
+                        );
+                        if let Err(e) = plugin_handle.send(&event_to_send).await {
+                            log::warn!("Failed to forward form response to plugin: {:?}", e);
+                        }
+
+                        if is_done {
+                            break;
+                        }
+                    }
+
+                    window.unlisten(listener_id);
+                });
+
+                Ok(None)
+            }
        }
        InternalEventPayload::FindHttpResponsesRequest(req) => {
            let http_responses = app_handle
@@ -170,7 +218,12 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
            )?;
            let plugin_manager = Arc::new((*app_handle.state::<PluginManager>()).clone());
            let encryption_manager = Arc::new((*app_handle.state::<EncryptionManager>()).clone());
-            let cb = PluginTemplateCallback::new(plugin_manager, encryption_manager, &plugin_context, req.purpose);
+            let cb = PluginTemplateCallback::new(
+                plugin_manager,
+                encryption_manager,
+                &plugin_context,
+                req.purpose,
+            );
            let opt = RenderOptions { error_behavior: RenderErrorBehavior::Throw };
            let grpc_request =
                render_grpc_request(&req.grpc_request, environment_chain, &cb, &opt).await?;
@@ -191,7 +244,12 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
            )?;
            let plugin_manager = Arc::new((*app_handle.state::<PluginManager>()).clone());
            let encryption_manager = Arc::new((*app_handle.state::<EncryptionManager>()).clone());
-            let cb = PluginTemplateCallback::new(plugin_manager, encryption_manager, &plugin_context, req.purpose);
+            let cb = PluginTemplateCallback::new(
+                plugin_manager,
+                encryption_manager,
+                &plugin_context,
+                req.purpose,
+            );
            let opt = &RenderOptions { error_behavior: RenderErrorBehavior::Throw };
            let http_request =
                render_http_request(&req.http_request, environment_chain, &cb, &opt).await?;
@@ -222,7 +280,12 @@ pub(crate) async fn handle_plugin_event<R: Runtime>(
            )?;
            let plugin_manager = Arc::new((*app_handle.state::<PluginManager>()).clone());
            let encryption_manager = Arc::new((*app_handle.state::<EncryptionManager>()).clone());
-            let cb = PluginTemplateCallback::new(plugin_manager, encryption_manager, &plugin_context, req.purpose);
+            let cb = PluginTemplateCallback::new(
+                plugin_manager,
+                encryption_manager,
+                &plugin_context,
+                req.purpose,
+            );
            let opt = RenderOptions { error_behavior: RenderErrorBehavior::Throw };
            let data = render_json_value(req.data, environment_chain, &cb, &opt).await?;
            Ok(Some(InternalEventPayload::TemplateRenderResponse(TemplateRenderResponse { data })))
--- a/crates-tauri/yaak-app/src/render.rs
+++ b/crates-tauri/yaak-app/src/render.rs
@@ -38,6 +38,9 @@ pub async fn render_grpc_request<T: TemplateCallback>(

    let mut metadata = Vec::new();
    for p in r.metadata.clone() {
+        if !p.enabled {
+            continue;
+        }
        metadata.push(HttpRequestHeader {
            enabled: p.enabled,
            name: parse_and_render(p.name.as_str(), vars, cb, &opt).await?,
@@ -119,6 +122,7 @@ pub async fn render_http_request<T: TemplateCallback>(

    let mut body = BTreeMap::new();
    for (k, v) in r.body.clone() {
+        let v = if k == "form" { strip_disabled_form_entries(v) } else { v };
        body.insert(k, render_json_value_raw(v, vars, cb, &opt).await?);
    }

@@ -161,3 +165,71 @@ pub async fn render_http_request<T: TemplateCallback>(

    Ok(HttpRequest { url, url_parameters, headers, body, authentication, ..r.to_owned() })
 }
+
+/// Strip disabled entries from a JSON array of form objects.
+fn strip_disabled_form_entries(v: Value) -> Value {
+    match v {
+        Value::Array(items) => Value::Array(
+            items
+                .into_iter()
+                .filter(|item| item.get("enabled").and_then(|e| e.as_bool()).unwrap_or(true))
+                .collect(),
+        ),
+        v => v,
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use serde_json::json;
+
+    #[test]
+    fn test_strip_disabled_form_entries() {
+        let input = json!([
+            {"enabled": true, "name": "foo", "value": "bar"},
+            {"enabled": false, "name": "disabled", "value": "gone"},
+            {"enabled": true, "name": "baz", "value": "qux"},
+        ]);
+        let result = strip_disabled_form_entries(input);
+        assert_eq!(
+            result,
+            json!([
+                {"enabled": true, "name": "foo", "value": "bar"},
+                {"enabled": true, "name": "baz", "value": "qux"},
+            ])
+        );
+    }
+
+    #[test]
+    fn test_strip_disabled_form_entries_all_disabled() {
+        let input = json!([
+            {"enabled": false, "name": "a", "value": "b"},
+            {"enabled": false, "name": "c", "value": "d"},
+        ]);
+        let result = strip_disabled_form_entries(input);
+        assert_eq!(result, json!([]));
+    }
+
+    #[test]
+    fn test_strip_disabled_form_entries_missing_enabled_defaults_to_kept() {
+        let input = json!([
+            {"name": "no_enabled_field", "value": "kept"},
+            {"enabled": false, "name": "disabled", "value": "gone"},
+        ]);
+        let result = strip_disabled_form_entries(input);
+        assert_eq!(
+            result,
+            json!([
+                {"name": "no_enabled_field", "value": "kept"},
+            ])
+        );
+    }
+
+    #[test]
+    fn test_strip_disabled_form_entries_non_array_passthrough() {
+        let input = json!("just a string");
+        let result = strip_disabled_form_entries(input.clone());
+        assert_eq!(result, input);
+    }
+}
--- a/crates-tauri/yaak-app/src/updates.rs
+++ b/crates-tauri/yaak-app/src/updates.rs
@@ -3,6 +3,7 @@ use std::path::PathBuf;
 use std::time::{Duration, Instant};

 use crate::error::Result;
+use crate::models_ext::QueryManagerExt;
 use log::{debug, error, info, warn};
 use serde::{Deserialize, Serialize};
 use tauri::{Emitter, Listener, Manager, Runtime, WebviewWindow};
@@ -11,7 +12,6 @@ use tauri_plugin_updater::{Update, UpdaterExt};
 use tokio::task::block_in_place;
 use tokio::time::sleep;
 use ts_rs::TS;
-use crate::models_ext::QueryManagerExt;
 use yaak_models::util::generate_id;
 use yaak_plugins::manager::PluginManager;

--- a/crates-tauri/yaak-app/src/uri_scheme.rs
+++ b/crates-tauri/yaak-app/src/uri_scheme.rs
@@ -1,18 +1,18 @@
+use crate::PluginContextExt;
 use crate::error::Result;
 use crate::import::import_data;
 use crate::models_ext::QueryManagerExt;
-use crate::PluginContextExt;
 use log::{info, warn};
 use std::collections::HashMap;
 use std::fs;
 use std::sync::Arc;
 use tauri::{AppHandle, Emitter, Manager, Runtime, Url};
 use tauri_plugin_dialog::{DialogExt, MessageDialogButtons, MessageDialogKind};
-use yaak_tauri_utils::api_client::yaak_api_client;
 use yaak_models::util::generate_id;
 use yaak_plugins::events::{Color, ShowToastRequest};
 use yaak_plugins::install::download_and_install;
 use yaak_plugins::manager::PluginManager;
+use yaak_tauri_utils::api_client::yaak_api_client;

 pub(crate) async fn handle_deep_link<R: Runtime>(
    app_handle: &AppHandle<R>,
@@ -55,7 +55,8 @@ pub(crate) async fn handle_deep_link<R: Runtime>(
                &plugin_context,
                name,
                version,
-            ).await?;
+            )
+            .await?;
            app_handle.emit(
                "show_toast",
                ShowToastRequest {
--- a/crates-tauri/yaak-app/src/window.rs
+++ b/crates-tauri/yaak-app/src/window.rs
@@ -1,4 +1,5 @@
 use crate::error::Result;
+use crate::models_ext::QueryManagerExt;
 use crate::window_menu::app_menu;
 use log::{info, warn};
 use rand::random;
@@ -8,7 +9,6 @@ use tauri::{
 };
 use tauri_plugin_opener::OpenerExt;
 use tokio::sync::mpsc;
-use crate::models_ext::QueryManagerExt;

 const DEFAULT_WINDOW_WIDTH: f64 = 1100.0;
 const DEFAULT_WINDOW_HEIGHT: f64 = 600.0;
@@ -162,11 +162,16 @@ pub(crate) fn create_window<R: Runtime>(
            "dev.reset_size" => webview_window
                .set_size(LogicalSize::new(DEFAULT_WINDOW_WIDTH, DEFAULT_WINDOW_HEIGHT))
                .unwrap(),
-            "dev.reset_size_record" => {
+            "dev.reset_size_16x9" => {
                let width = webview_window.outer_size().unwrap().width;
                let height = width * 9 / 16;
                webview_window.set_size(PhysicalSize::new(width, height)).unwrap()
            }
+            "dev.reset_size_16x10" => {
+                let width = webview_window.outer_size().unwrap().width;
+                let height = width * 10 / 16;
+                webview_window.set_size(PhysicalSize::new(width, height)).unwrap()
+            }
            "dev.refresh" => webview_window.eval("location.reload()").unwrap(),
            "dev.generate_theme_css" => {
                w.emit("generate_theme_css", true).unwrap();
--- a/crates-tauri/yaak-app/src/window_menu.rs
+++ b/crates-tauri/yaak-app/src/window_menu.rs
@@ -154,8 +154,13 @@ pub fn app_menu<R: Runtime>(app_handle: &AppHandle<R>) -> tauri::Result<Menu<R>>
                    &MenuItemBuilder::with_id("dev.reset_size".to_string(), "Reset Size")
                        .build(app_handle)?,
                    &MenuItemBuilder::with_id(
-                        "dev.reset_size_record".to_string(),
-                        "Reset Size 16x9",
+                        "dev.reset_size_16x9".to_string(),
+                        "Resize to 16x9",
+                    )
+                    .build(app_handle)?,
+                    &MenuItemBuilder::with_id(
+                        "dev.reset_size_16x10".to_string(),
+                        "Resize to 16x10",
                    )
                    .build(app_handle)?,
                    &MenuItemBuilder::with_id(
--- a/crates-tauri/yaak-app/src/ws_ext.rs
+++ b/crates-tauri/yaak-app/src/ws_ext.rs
@@ -1,9 +1,9 @@
 //! WebSocket Tauri command wrappers
 //! These wrap the core yaak-ws functionality for Tauri IPC.

+use crate::PluginContextExt;
 use crate::error::Result;
 use crate::models_ext::QueryManagerExt;
-use crate::PluginContextExt;
 use http::HeaderMap;
 use log::{debug, info, warn};
 use std::str::FromStr;
@@ -28,53 +28,6 @@ use yaak_templates::{RenderErrorBehavior, RenderOptions};
 use yaak_tls::find_client_certificate;
 use yaak_ws::{WebsocketManager, render_websocket_request};

-#[command]
-pub async fn cmd_ws_upsert_request<R: Runtime>(
-    request: WebsocketRequest,
-    app_handle: AppHandle<R>,
-    window: WebviewWindow<R>,
-) -> Result<WebsocketRequest> {
-    Ok(app_handle
-        .db()
-        .upsert_websocket_request(&request, &UpdateSource::from_window_label(window.label()))?)
-}
-
-#[command]
-pub async fn cmd_ws_duplicate_request<R: Runtime>(
-    request_id: &str,
-    app_handle: AppHandle<R>,
-    window: WebviewWindow<R>,
-) -> Result<WebsocketRequest> {
-    let db = app_handle.db();
-    let request = db.get_websocket_request(request_id)?;
-    Ok(db.duplicate_websocket_request(&request, &UpdateSource::from_window_label(window.label()))?)
-}
-
-#[command]
-pub async fn cmd_ws_delete_request<R: Runtime>(
-    request_id: &str,
-    app_handle: AppHandle<R>,
-    window: WebviewWindow<R>,
-) -> Result<WebsocketRequest> {
-    Ok(app_handle
-        .db()
-        .delete_websocket_request_by_id(request_id, &UpdateSource::from_window_label(window.label()))?)
-}
-
-#[command]
-pub async fn cmd_ws_delete_connection<R: Runtime>(
-    connection_id: &str,
-    app_handle: AppHandle<R>,
-    window: WebviewWindow<R>,
-) -> Result<WebsocketConnection> {
-    Ok(app_handle
-        .db()
-        .delete_websocket_connection_by_id(
-            connection_id,
-            &UpdateSource::from_window_label(window.label()),
-        )?)
-}
-
 #[command]
 pub async fn cmd_ws_delete_connections<R: Runtime>(
    request_id: &str,
@@ -87,30 +40,6 @@ pub async fn cmd_ws_delete_connections<R: Runtime>(
    )?)
 }

-#[command]
-pub async fn cmd_ws_list_events<R: Runtime>(
-    connection_id: &str,
-    app_handle: AppHandle<R>,
-) -> Result<Vec<WebsocketEvent>> {
-    Ok(app_handle.db().list_websocket_events(connection_id)?)
-}
-
-#[command]
-pub async fn cmd_ws_list_requests<R: Runtime>(
-    workspace_id: &str,
-    app_handle: AppHandle<R>,
-) -> Result<Vec<WebsocketRequest>> {
-    Ok(app_handle.db().list_websocket_requests(workspace_id)?)
-}
-
-#[command]
-pub async fn cmd_ws_list_connections<R: Runtime>(
-    workspace_id: &str,
-    app_handle: AppHandle<R>,
-) -> Result<Vec<WebsocketConnection>> {
-    Ok(app_handle.db().list_websocket_connections(workspace_id)?)
-}
-
 #[command]
 pub async fn cmd_ws_send<R: Runtime>(
    connection_id: &str,
@@ -296,8 +225,10 @@ pub async fn cmd_ws_connect<R: Runtime>(
                )
                .await?;
            for header in plugin_result.set_headers.unwrap_or_default() {
-                match (http::HeaderName::from_str(&header.name), HeaderValue::from_str(&header.value))
-                {
+                match (
+                    http::HeaderName::from_str(&header.name),
+                    HeaderValue::from_str(&header.value),
+                ) {
                    (Ok(name), Ok(value)) => {
                        headers.insert(name, value);
                    }
--- a/crates-tauri/yaak-app/tauri.release.conf.json
+++ b/crates-tauri/yaak-app/tauri.release.conf.json
@@ -1,9 +1,6 @@
 {
  "build": {
-    "features": [
-      "updater",
-      "license"
-    ]
+    "features": ["updater", "license"]
  },
  "app": {
    "security": {
@@ -11,12 +8,8 @@
        "default",
        {
          "identifier": "release",
-          "windows": [
-            "*"
-          ],
-          "permissions": [
-            "yaak-license:default"
-          ]
+          "windows": ["*"],
+          "permissions": ["yaak-license:default"]
        }
      ]
    }
@@ -39,14 +32,7 @@
    "createUpdaterArtifacts": true,
    "longDescription": "A cross-platform desktop app for interacting with REST, GraphQL, and gRPC",
    "shortDescription": "Play with APIs, intuitively",
-    "targets": [
-      "app",
-      "appimage",
-      "deb",
-      "dmg",
-      "nsis",
-      "rpm"
-    ],
+    "targets": ["app", "appimage", "deb", "dmg", "nsis", "rpm"],
    "macOS": {
      "minimumSystemVersion": "13.0",
      "exceptionDomain": "",
@@ -58,10 +44,16 @@
    },
    "linux": {
      "deb": {
-        "desktopTemplate": "./template.desktop"
+        "desktopTemplate": "./template.desktop",
+        "files": {
+          "/usr/share/metainfo/app.yaak.Yaak.metainfo.xml": "../../flatpak/app.yaak.Yaak.metainfo.xml"
+        }
      },
      "rpm": {
-        "desktopTemplate": "./template.desktop"
+        "desktopTemplate": "./template.desktop",
+        "files": {
+          "/usr/share/metainfo/app.yaak.Yaak.metainfo.xml": "../../flatpak/app.yaak.Yaak.metainfo.xml"
+        }
      }
    }
  }
--- a/crates-tauri/yaak-license/src/license.rs
+++ b/crates-tauri/yaak-license/src/license.rs
@@ -8,10 +8,10 @@ use std::time::Duration;
 use tauri::{AppHandle, Emitter, Manager, Runtime, WebviewWindow, is_dev};
 use ts_rs::TS;
 use yaak_common::platform::get_os_str;
-use yaak_tauri_utils::api_client::yaak_api_client;
 use yaak_models::db_context::DbContext;
 use yaak_models::query_manager::QueryManager;
 use yaak_models::util::UpdateSource;
+use yaak_tauri_utils::api_client::yaak_api_client;

 /// Extension trait for accessing the QueryManager from Tauri Manager types.
 /// This is needed temporarily until all crates are refactored to not use Tauri.
--- a/crates/yaak-crypto/index.ts
+++ b/crates/yaak-crypto/index.ts
@@ -11,3 +11,7 @@ export function revealWorkspaceKey(workspaceId: string) {
 export function setWorkspaceKey(args: { workspaceId: string; key: string }) {
  return invoke<void>('cmd_set_workspace_key', args);
 }
+
+export function disableEncryption(workspaceId: string) {
+  return invoke<void>('cmd_disable_encryption', { workspaceId });
+}
--- a/crates/yaak-crypto/src/manager.rs
+++ b/crates/yaak-crypto/src/manager.rs
@@ -115,6 +115,35 @@ impl EncryptionManager {
        self.set_workspace_key(workspace_id, &wkey)
    }

+    pub fn disable_encryption(&self, workspace_id: &str) -> Result<()> {
+        info!("Disabling encryption for {workspace_id}");
+
+        self.query_manager.with_tx::<(), Error>(|tx| {
+            let workspace = tx.get_workspace(workspace_id)?;
+            let workspace_meta = tx.get_or_create_workspace_meta(workspace_id)?;
+
+            // Clear encryption challenge on workspace
+            tx.upsert_workspace(
+                &Workspace { encryption_key_challenge: None, ..workspace },
+                &UpdateSource::Background,
+            )?;
+
+            // Clear encryption key on workspace meta
+            tx.upsert_workspace_meta(
+                &WorkspaceMeta { encryption_key: None, ..workspace_meta },
+                &UpdateSource::Background,
+            )?;
+
+            Ok(())
+        })?;
+
+        // Remove from cache
+        let mut cache = self.cached_workspace_keys.lock().unwrap();
+        cache.remove(workspace_id);
+
+        Ok(())
+    }
+
    fn get_workspace_key(&self, workspace_id: &str) -> Result<WorkspaceKey> {
        {
            let cache = self.cached_workspace_keys.lock().unwrap();
--- a/crates/yaak-git/Cargo.toml
+++ b/crates/yaak-git/Cargo.toml
@@ -6,7 +6,7 @@ publish = false

 [dependencies]
 chrono = { workspace = true, features = ["serde"] }
-git2 = { version = "0.20.0", features = ["vendored-libgit2", "vendored-openssl"] }
+git2 = { version = "0.20.4", features = ["vendored-libgit2", "vendored-openssl"] }
 log = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
--- a/crates/yaak-git/bindings/gen_git.ts
+++ b/crates/yaak-git/bindings/gen_git.ts
@@ -1,6 +1,10 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { SyncModel } from "./gen_models";

+export type BranchDeleteResult = { "type": "success", message: string, } | { "type": "not_fully_merged" };
+
+export type CloneResult = { "type": "success" } | { "type": "cancelled" } | { "type": "needs_credentials", url: string, error: string | null, };
+
 export type GitAuthor = { name: string | null, email: string | null, };

 export type GitCommit = { author: GitAuthor, when: string, message: string | null, };
@@ -11,8 +15,8 @@ export type GitStatus = "untracked" | "conflict" | "current" | "modified" | "rem

 export type GitStatusEntry = { relaPath: string, status: GitStatus, staged: boolean, prev: SyncModel | null, next: SyncModel | null, };

-export type GitStatusSummary = { path: string, headRef: string | null, headRefShorthand: string | null, entries: Array<GitStatusEntry>, origins: Array<string>, localBranches: Array<string>, remoteBranches: Array<string>, };
+export type GitStatusSummary = { path: string, headRef: string | null, headRefShorthand: string | null, entries: Array<GitStatusEntry>, origins: Array<string>, localBranches: Array<string>, remoteBranches: Array<string>, ahead: number, behind: number, };

-export type PullResult = { "type": "success", message: string, } | { "type": "up_to_date" } | { "type": "needs_credentials", url: string, error: string | null, };
+export type PullResult = { "type": "success", message: string, } | { "type": "up_to_date" } | { "type": "needs_credentials", url: string, error: string | null, } | { "type": "diverged", remote: string, branch: string, } | { "type": "uncommitted_changes" };

 export type PushResult = { "type": "success", message: string, } | { "type": "up_to_date" } | { "type": "needs_credentials", url: string, error: string | null, };
--- a/crates/yaak-git/bindings/gen_models.ts
+++ b/crates/yaak-git/bindings/gen_models.ts
@@ -1,5 +1,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

+export type DnsOverride = { hostname: string, ipv4: Array<string>, ipv6: Array<string>, enabled?: boolean, };
+
 export type Environment = { model: "environment", id: string, workspaceId: string, createdAt: string, updatedAt: string, name: string, public: boolean, parentModel: string, parentId: string | null, variables: Array<EnvironmentVariable>, color: string | null, sortPriority: number, };

 export type EnvironmentVariable = { enabled?: boolean, name: string, value: string, id?: string, };
@@ -18,4 +20,4 @@ export type SyncModel = { "type": "workspace" } & Workspace | { "type": "environ

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, settingDnsOverrides: Array<DnsOverride>, };
--- a/crates/yaak-git/index.ts
+++ b/crates/yaak-git/index.ts
@@ -3,40 +3,59 @@ import { invoke } from '@tauri-apps/api/core';
 import { createFastMutation } from '@yaakapp/app/hooks/useFastMutation';
 import { queryClient } from '@yaakapp/app/lib/queryClient';
 import { useMemo } from 'react';
-import { GitCommit, GitRemote, GitStatusSummary, PullResult, PushResult } from './bindings/gen_git';
+import { BranchDeleteResult, CloneResult, GitCommit, GitRemote, GitStatusSummary, PullResult, PushResult } from './bindings/gen_git';
+import { showToast } from '@yaakapp/app/lib/toast';

 export * from './bindings/gen_git';
+export * from './bindings/gen_models';

 export interface GitCredentials {
  username: string;
  password: string;
 }

+export type DivergedStrategy = 'force_reset' | 'merge' | 'cancel';
+
+export type UncommittedChangesStrategy = 'reset' | 'cancel';
+
 export interface GitCallbacks {
  addRemote: () => Promise<GitRemote | null>;
  promptCredentials: (
    result: Extract<PushResult, { type: 'needs_credentials' }>,
  ) => Promise<GitCredentials | null>;
+  promptDiverged: (
+    result: Extract<PullResult, { type: 'diverged' }>,
+  ) => Promise<DivergedStrategy>;
+  promptUncommittedChanges: () => Promise<UncommittedChangesStrategy>;
+  forceSync: () => Promise<void>;
 }

 const onSuccess = () => queryClient.invalidateQueries({ queryKey: ['git'] });

-export function useGit(dir: string, callbacks: GitCallbacks) {
+export function useGit(dir: string, callbacks: GitCallbacks, refreshKey?: string) {
  const mutations = useMemo(() => gitMutations(dir, callbacks), [dir, callbacks]);
+  const fetchAll = useQuery<void, string>({
+    queryKey: ['git', 'fetch_all', dir, refreshKey],
+    queryFn: () => invoke('cmd_git_fetch_all', { dir }),
+    refetchInterval: 10 * 60_000,
+  });
  return [
    {
      remotes: useQuery<GitRemote[], string>({
-        queryKey: ['git', 'remotes', dir],
+        queryKey: ['git', 'remotes', dir, refreshKey],
        queryFn: () => getRemotes(dir),
+        placeholderData: (prev) => prev,
      }),
      log: useQuery<GitCommit[], string>({
-        queryKey: ['git', 'log', dir],
+        queryKey: ['git', 'log', dir, refreshKey],
        queryFn: () => invoke('cmd_git_log', { dir }),
+        placeholderData: (prev) => prev,
      }),
      status: useQuery<GitStatusSummary, string>({
        refetchOnMount: true,
-        queryKey: ['git', 'status', dir],
+        queryKey: ['git', 'status', dir, refreshKey, fetchAll.dataUpdatedAt],
        queryFn: () => invoke('cmd_git_status', { dir }),
+        placeholderData: (prev) => prev,
      }),
    },
    mutations,
@@ -59,7 +78,6 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
    if (creds == null) throw new Error('Canceled');

    await invoke('cmd_git_add_credential', {
-      dir,
      remoteUrl: result.url,
      username: creds.username,
      password: creds.password,
@@ -69,6 +87,15 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
    return invoke<PushResult>('cmd_git_push', { dir });
  };

+  const handleError = (err: unknown) => {
+    showToast({
+      id: `${err}`,
+      message: `${err}`,
+      color: 'danger',
+      timeout: 5000,
+    });
+  }
+
  return {
    init: createFastMutation<void, string, void>({
      mutationKey: ['git', 'init'],
@@ -90,21 +117,31 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
      mutationFn: (args) => invoke('cmd_git_rm_remote', { dir, ...args }),
      onSuccess,
    }),
-    branch: createFastMutation<void, string, { branch: string }>({
+    createBranch: createFastMutation<void, string, { branch: string; base?: string }>({
      mutationKey: ['git', 'branch', dir],
      mutationFn: (args) => invoke('cmd_git_branch', { dir, ...args }),
      onSuccess,
    }),
-    mergeBranch: createFastMutation<void, string, { branch: string; force: boolean }>({
+    mergeBranch: createFastMutation<void, string, { branch: string }>({
      mutationKey: ['git', 'merge', dir],
      mutationFn: (args) => invoke('cmd_git_merge_branch', { dir, ...args }),
      onSuccess,
    }),
-    deleteBranch: createFastMutation<void, string, { branch: string }>({
+    deleteBranch: createFastMutation<BranchDeleteResult, string, { branch: string, force?: boolean }>({
      mutationKey: ['git', 'delete-branch', dir],
      mutationFn: (args) => invoke('cmd_git_delete_branch', { dir, ...args }),
      onSuccess,
    }),
+    deleteRemoteBranch: createFastMutation<void, string, { branch: string }>({
+      mutationKey: ['git', 'delete-remote-branch', dir],
+      mutationFn: (args) => invoke('cmd_git_delete_remote_branch', { dir, ...args }),
+      onSuccess,
+    }),
+    renameBranch: createFastMutation<void, string, { oldName: string, newName: string }>({
+      mutationKey: ['git', 'rename-branch', dir],
+      mutationFn: (args) => invoke('cmd_git_rename_branch', { dir, ...args }),
+      onSuccess,
+    }),
    checkout: createFastMutation<string, string, { branch: string; force: boolean }>({
      mutationKey: ['git', 'checkout', dir],
      mutationFn: (args) => invoke('cmd_git_checkout', { dir, ...args }),
@@ -123,11 +160,7 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
      },
      onSuccess,
    }),
-    fetchAll: createFastMutation<string, string, void>({
-      mutationKey: ['git', 'checkout', dir],
-      mutationFn: () => invoke('cmd_git_fetch_all', { dir }),
-      onSuccess,
-    }),
+
    push: createFastMutation<PushResult, string, void>({
      mutationKey: ['git', 'push', dir],
      mutationFn: push,
@@ -137,21 +170,51 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
      mutationKey: ['git', 'pull', dir],
      async mutationFn() {
        const result = await invoke<PullResult>('cmd_git_pull', { dir });
-        if (result.type !== 'needs_credentials') return result;

-        // Needs credentials, prompt for them
-        const creds = await callbacks.promptCredentials(result);
-        if (creds == null) throw new Error('Canceled');
+        if (result.type === 'needs_credentials') {
+          const creds = await callbacks.promptCredentials(result);
+          if (creds == null) throw new Error('Canceled');

-        await invoke('cmd_git_add_credential', {
-          dir,
-          remoteUrl: result.url,
-          username: creds.username,
-          password: creds.password,
-        });
+          await invoke('cmd_git_add_credential', {
+            remoteUrl: result.url,
+            username: creds.username,
+            password: creds.password,
+          });

-        // Pull again
-        return invoke<PullResult>('cmd_git_pull', { dir });
+          // Pull again after credentials
+          return invoke<PullResult>('cmd_git_pull', { dir });
+        }
+
+        if (result.type === 'uncommitted_changes') {
+          callbacks.promptUncommittedChanges().then(async (strategy) => {
+            if (strategy === 'cancel') return;
+
+            await invoke('cmd_git_reset_changes', { dir });
+            return invoke<PullResult>('cmd_git_pull', { dir });
+          }).then(async () => { onSuccess(); await callbacks.forceSync(); }, handleError);
+        }
+
+        if (result.type === 'diverged') {
+          callbacks.promptDiverged(result).then((strategy) => {
+            if (strategy === 'cancel') return;
+
+            if (strategy === 'force_reset') {
+              return invoke<PullResult>('cmd_git_pull_force_reset', {
+                dir,
+                remote: result.remote,
+                branch: result.branch,
+              });
+            }
+
+            return invoke<PullResult>('cmd_git_pull_merge', {
+              dir,
+              remote: result.remote,
+              branch: result.branch,
+            });
+          }).then(async () => { onSuccess(); await callbacks.forceSync(); }, handleError);
+        }
+
+        return result;
      },
      onSuccess,
    }),
@@ -160,9 +223,39 @@ export const gitMutations = (dir: string, callbacks: GitCallbacks) => {
      mutationFn: (args) => invoke('cmd_git_unstage', { dir, ...args }),
      onSuccess,
    }),
+    resetChanges: createFastMutation<void, string, void>({
+      mutationKey: ['git', 'reset-changes', dir],
+      mutationFn: () => invoke('cmd_git_reset_changes', { dir }),
+      onSuccess,
+    }),
  } as const;
 };

 async function getRemotes(dir: string) {
  return invoke<GitRemote[]>('cmd_git_remotes', { dir });
 }
+
+/**
+ * Clone a git repository, prompting for credentials if needed.
+ */
+export async function gitClone(
+  url: string,
+  dir: string,
+  promptCredentials: (args: { url: string; error: string | null }) => Promise<GitCredentials | null>,
+): Promise<CloneResult> {
+  const result = await invoke<CloneResult>('cmd_git_clone', { url, dir });
+  if (result.type !== 'needs_credentials') return result;
+
+  // Prompt for credentials
+  const creds = await promptCredentials({ url: result.url, error: result.error });
+  if (creds == null) return {type: 'cancelled'};
+
+  // Store credentials and retry
+  await invoke('cmd_git_add_credential', {
+    remoteUrl: result.url,
+    username: creds.username,
+    password: creds.password,
+  });
+
+  return invoke<CloneResult>('cmd_git_clone', { url, dir });
+}
--- a/crates/yaak-git/src/binary.rs
+++ b/crates/yaak-git/src/binary.rs
@@ -5,7 +5,15 @@ use std::process::Stdio;
 use tokio::process::Command;
 use yaak_common::command::new_xplatform_command;

+/// Create a git command that runs in the specified directory
 pub(crate) async fn new_binary_command(dir: &Path) -> Result<Command> {
+    let mut cmd = new_binary_command_global().await?;
+    cmd.arg("-C").arg(dir);
+    Ok(cmd)
+}
+
+/// Create a git command without a specific directory (for global operations)
+pub(crate) async fn new_binary_command_global() -> Result<Command> {
    // 1. Probe that `git` exists and is runnable
    let mut probe = new_xplatform_command("git");
    probe.arg("--version").stdin(Stdio::null()).stdout(Stdio::null()).stderr(Stdio::null());
@@ -17,8 +25,6 @@ pub(crate) async fn new_binary_command(dir: &Path) -> Result<Command> {
    }

    // 2. Build the reusable git command
-    let mut cmd = new_xplatform_command("git");
-    cmd.arg("-C").arg(dir);
-
+    let cmd = new_xplatform_command("git");
    Ok(cmd)
 }
--- a/crates/yaak-git/src/branch.rs
+++ b/crates/yaak-git/src/branch.rs
@@ -1,99 +1,153 @@
+use serde::{Deserialize, Serialize};
+use ts_rs::TS;
+
+use crate::binary::new_binary_command;
 use crate::error::Error::GenericError;
 use crate::error::Result;
-use crate::merge::do_merge;
-use crate::repository::open_repo;
-use crate::util::{bytes_to_string, get_branch_by_name, get_current_branch};
-use git2::BranchType;
-use git2::build::CheckoutBuilder;
-use log::info;
 use std::path::Path;

-pub fn git_checkout_branch(dir: &Path, branch_name: &str, force: bool) -> Result<String> {
-    if branch_name.starts_with("origin/") {
-        return git_checkout_remote_branch(dir, branch_name, force);
-    }
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, TS)]
+#[serde(rename_all = "snake_case", tag = "type")]
+#[ts(export, export_to = "gen_git.ts")]
+pub enum BranchDeleteResult {
+    Success { message: String },
+    NotFullyMerged,
+}

-    let repo = open_repo(dir)?;
-    let branch = get_branch_by_name(&repo, branch_name)?;
-    let branch_ref = branch.into_reference();
-    let branch_tree = branch_ref.peel_to_tree()?;
+pub async fn git_checkout_branch(dir: &Path, branch_name: &str, force: bool) -> Result<String> {
+    let branch_name = branch_name.trim_start_matches("origin/");

-    let mut options = CheckoutBuilder::default();
+    let mut args = vec!["checkout"];
    if force {
-        options.force();
+        args.push("--force");
    }
+    args.push(branch_name);

-    repo.checkout_tree(branch_tree.as_object(), Some(&mut options))?;
-    repo.set_head(branch_ref.name().unwrap())?;
+    let out = new_binary_command(dir)
+        .await?
+        .args(&args)
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git checkout: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    if !out.status.success() {
+        return Err(GenericError(format!("Failed to checkout: {}", combined.trim())));
+    }

    Ok(branch_name.to_string())
 }

-pub(crate) fn git_checkout_remote_branch(
-    dir: &Path,
-    branch_name: &str,
-    force: bool,
-) -> Result<String> {
-    let branch_name = branch_name.trim_start_matches("origin/");
-    let repo = open_repo(dir)?;
-
-    let refname = format!("refs/remotes/origin/{}", branch_name);
-    let remote_ref = repo.find_reference(&refname)?;
-    let commit = remote_ref.peel_to_commit()?;
-
-    let mut new_branch = repo.branch(branch_name, &commit, false)?;
-    let upstream_name = format!("origin/{}", branch_name);
-    new_branch.set_upstream(Some(&upstream_name))?;
-
-    git_checkout_branch(dir, branch_name, force)
-}
-
-pub fn git_create_branch(dir: &Path, name: &str) -> Result<()> {
-    let repo = open_repo(dir)?;
-    let head = match repo.head() {
-        Ok(h) => h,
-        Err(e) if e.code() == git2::ErrorCode::UnbornBranch => {
-            let msg = "Cannot create branch when there are no commits";
-            return Err(GenericError(msg.into()));
-        }
-        Err(e) => return Err(e.into()),
-    };
-    let head = head.peel_to_commit()?;
-
-    repo.branch(name, &head, false)?;
-
-    Ok(())
-}
-
-pub fn git_delete_branch(dir: &Path, name: &str) -> Result<()> {
-    let repo = open_repo(dir)?;
-    let mut branch = get_branch_by_name(&repo, name)?;
-
-    if branch.is_head() {
-        info!("Deleting head branch");
-        let branches = repo.branches(Some(BranchType::Local))?;
-        let other_branch = branches.into_iter().filter_map(|b| b.ok()).find(|b| !b.0.is_head());
-        let other_branch = match other_branch {
-            None => return Err(GenericError("Cannot delete only branch".into())),
-            Some(b) => bytes_to_string(b.0.name_bytes()?)?,
-        };
-
-        git_checkout_branch(dir, &other_branch, true)?;
+pub async fn git_create_branch(dir: &Path, name: &str, base: Option<&str>) -> Result<()> {
+    let mut cmd = new_binary_command(dir).await?;
+    cmd.arg("branch").arg(name);
+    if let Some(base_branch) = base {
+        cmd.arg(base_branch);
    }

-    branch.delete()?;
+    let out =
+        cmd.output().await.map_err(|e| GenericError(format!("failed to run git branch: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    if !out.status.success() {
+        return Err(GenericError(format!("Failed to create branch: {}", combined.trim())));
+    }

    Ok(())
 }

-pub fn git_merge_branch(dir: &Path, name: &str, _force: bool) -> Result<()> {
-    let repo = open_repo(dir)?;
-    let local_branch = get_current_branch(&repo)?.unwrap();
+pub async fn git_delete_branch(dir: &Path, name: &str, force: bool) -> Result<BranchDeleteResult> {
+    let mut cmd = new_binary_command(dir).await?;

-    let commit_to_merge = get_branch_by_name(&repo, name)?.into_reference();
-    let commit_to_merge = repo.reference_to_annotated_commit(&commit_to_merge)?;
+    let out =
+        if force { cmd.args(["branch", "-D", name]) } else { cmd.args(["branch", "-d", name]) }
+            .output()
+            .await
+            .map_err(|e| GenericError(format!("failed to run git branch -d: {e}")))?;

-    do_merge(&repo, &local_branch, &commit_to_merge)?;
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    if !out.status.success() && stderr.to_lowercase().contains("not fully merged") {
+        return Ok(BranchDeleteResult::NotFullyMerged);
+    }
+
+    if !out.status.success() {
+        return Err(GenericError(format!("Failed to delete branch: {}", combined.trim())));
+    }
+
+    Ok(BranchDeleteResult::Success { message: combined })
+}
+
+pub async fn git_merge_branch(dir: &Path, name: &str) -> Result<()> {
+    let out = new_binary_command(dir)
+        .await?
+        .args(["merge", name])
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git merge: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    if !out.status.success() {
+        // Check for merge conflicts
+        if combined.to_lowercase().contains("conflict") {
+            return Err(GenericError(
+                "Merge conflicts detected. Please resolve them manually.".to_string(),
+            ));
+        }
+        return Err(GenericError(format!("Failed to merge: {}", combined.trim())));
+    }
+
+    Ok(())
+}
+
+pub async fn git_delete_remote_branch(dir: &Path, name: &str) -> Result<()> {
+    // Remote branch names come in as "origin/branch-name", extract the branch name
+    let branch_name = name.trim_start_matches("origin/");
+
+    let out = new_binary_command(dir)
+        .await?
+        .args(["push", "origin", "--delete", branch_name])
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git push --delete: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    if !out.status.success() {
+        return Err(GenericError(format!("Failed to delete remote branch: {}", combined.trim())));
+    }
+
+    Ok(())
+}
+
+pub async fn git_rename_branch(dir: &Path, old_name: &str, new_name: &str) -> Result<()> {
+    let out = new_binary_command(dir)
+        .await?
+        .args(["branch", "-m", old_name, new_name])
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git branch -m: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    if !out.status.success() {
+        return Err(GenericError(format!("Failed to rename branch: {}", combined.trim())));
+    }

    Ok(())
 }
--- a/crates/yaak-git/src/clone.rs
+++ b/crates/yaak-git/src/clone.rs
@@ -0,0 +1,53 @@
+use crate::binary::new_binary_command;
+use crate::error::Error::GenericError;
+use crate::error::Result;
+use log::info;
+use serde::{Deserialize, Serialize};
+use std::fs;
+use std::path::Path;
+use ts_rs::TS;
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, TS)]
+#[serde(rename_all = "snake_case", tag = "type")]
+#[ts(export, export_to = "gen_git.ts")]
+pub enum CloneResult {
+    Success,
+    Cancelled,
+    NeedsCredentials { url: String, error: Option<String> },
+}
+
+pub async fn git_clone(url: &str, dir: &Path) -> Result<CloneResult> {
+    let parent = dir.parent().ok_or_else(|| GenericError("Invalid clone directory".to_string()))?;
+    fs::create_dir_all(parent)
+        .map_err(|e| GenericError(format!("Failed to create directory: {e}")))?;
+    let mut cmd = new_binary_command(parent).await?;
+    cmd.args(["clone", url]).arg(dir).env("GIT_TERMINAL_PROMPT", "0");
+
+    let out =
+        cmd.output().await.map_err(|e| GenericError(format!("failed to run git clone: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+    let combined_lower = combined.to_lowercase();
+
+    info!("Cloned status={}: {combined}", out.status);
+
+    if !out.status.success() {
+        // Check for credentials error
+        if combined_lower.contains("could not read") {
+            return Ok(CloneResult::NeedsCredentials { url: url.to_string(), error: None });
+        }
+        if combined_lower.contains("unable to access")
+            || combined_lower.contains("authentication failed")
+        {
+            return Ok(CloneResult::NeedsCredentials {
+                url: url.to_string(),
+                error: Some(combined.to_string()),
+            });
+        }
+        return Err(GenericError(format!("Failed to clone: {}", combined.trim())));
+    }
+
+    Ok(CloneResult::Success)
+}
--- a/crates/yaak-git/src/credential.rs
+++ b/crates/yaak-git/src/credential.rs
@@ -1,24 +1,18 @@
-use crate::binary::new_binary_command;
+use crate::binary::new_binary_command_global;
 use crate::error::Error::GenericError;
 use crate::error::Result;
-use std::path::Path;
 use std::process::Stdio;
 use tokio::io::AsyncWriteExt;
 use url::Url;

-pub async fn git_add_credential(
-    dir: &Path,
-    remote_url: &str,
-    username: &str,
-    password: &str,
-) -> Result<()> {
+pub async fn git_add_credential(remote_url: &str, username: &str, password: &str) -> Result<()> {
    let url = Url::parse(remote_url)
        .map_err(|e| GenericError(format!("Failed to parse remote url {remote_url}: {e:?}")))?;
    let protocol = url.scheme();
    let host = url.host_str().unwrap();
    let path = Some(url.path());

-    let mut child = new_binary_command(dir)
+    let mut child = new_binary_command_global()
        .await?
        .args(["credential", "approve"])
        .stdin(Stdio::piped())
--- a/crates/yaak-git/src/lib.rs
+++ b/crates/yaak-git/src/lib.rs
@@ -1,31 +1,38 @@
 mod add;
 mod binary;
 mod branch;
+mod clone;
 mod commit;
 mod credential;
 pub mod error;
 mod fetch;
 mod init;
 mod log;
-mod merge;
+
 mod pull;
 mod push;
 mod remotes;
 mod repository;
+mod reset;
 mod status;
 mod unstage;
 mod util;

 // Re-export all git functions for external use
 pub use add::git_add;
-pub use branch::{git_checkout_branch, git_create_branch, git_delete_branch, git_merge_branch};
+pub use branch::{
+    BranchDeleteResult, git_checkout_branch, git_create_branch, git_delete_branch,
+    git_delete_remote_branch, git_merge_branch, git_rename_branch,
+};
+pub use clone::{CloneResult, git_clone};
 pub use commit::git_commit;
 pub use credential::git_add_credential;
 pub use fetch::git_fetch_all;
 pub use init::git_init;
 pub use log::{GitCommit, git_log};
-pub use pull::{PullResult, git_pull};
+pub use pull::{PullResult, git_pull, git_pull_force_reset, git_pull_merge};
 pub use push::{PushResult, git_push};
 pub use remotes::{GitRemote, git_add_remote, git_remotes, git_rm_remote};
+pub use reset::git_reset_changes;
 pub use status::{GitStatusSummary, git_status};
 pub use unstage::git_unstage;
--- a/crates/yaak-git/src/merge.rs
+++ b/crates/yaak-git/src/merge.rs
@@ -1,135 +0,0 @@
-use crate::error::Error::MergeConflicts;
-use crate::util::bytes_to_string;
-use git2::{AnnotatedCommit, Branch, IndexEntry, Reference, Repository};
-use log::{debug, info};
-
-pub(crate) fn do_merge(
-    repo: &Repository,
-    local_branch: &Branch,
-    commit_to_merge: &AnnotatedCommit,
-) -> crate::error::Result<()> {
-    debug!("Merging remote branches");
-    let analysis = repo.merge_analysis(&[&commit_to_merge])?;
-
-    if analysis.0.is_fast_forward() {
-        let refname = bytes_to_string(local_branch.get().name_bytes())?;
-        match repo.find_reference(&refname) {
-            Ok(mut r) => {
-                merge_fast_forward(repo, &mut r, &commit_to_merge)?;
-            }
-            Err(_) => {
-                // The branch doesn't exist, so set the reference to the commit directly. Usually
-                // this is because you are pulling into an empty repository.
-                repo.reference(
-                    &refname,
-                    commit_to_merge.id(),
-                    true,
-                    &format!("Setting {} to {}", refname, commit_to_merge.id()),
-                )?;
-                repo.set_head(&refname)?;
-                repo.checkout_head(Some(
-                    git2::build::CheckoutBuilder::default()
-                        .allow_conflicts(true)
-                        .conflict_style_merge(true)
-                        .force(),
-                ))?;
-            }
-        };
-    } else if analysis.0.is_normal() {
-        let head_commit = repo.reference_to_annotated_commit(&repo.head()?)?;
-        merge_normal(repo, &head_commit, commit_to_merge)?;
-    } else {
-        debug!("Skipping merge. Nothing to do")
-    }
-
-    Ok(())
-}
-
-pub(crate) fn merge_fast_forward(
-    repo: &Repository,
-    local_reference: &mut Reference,
-    remote_commit: &AnnotatedCommit,
-) -> crate::error::Result<()> {
-    info!("Performing fast forward");
-    let name = match local_reference.name() {
-        Some(s) => s.to_string(),
-        None => String::from_utf8_lossy(local_reference.name_bytes()).to_string(),
-    };
-    let msg = format!("Fast-Forward: Setting {} to id: {}", name, remote_commit.id());
-    local_reference.set_target(remote_commit.id(), &msg)?;
-    repo.set_head(&name)?;
-    repo.checkout_head(Some(
-        git2::build::CheckoutBuilder::default()
-            // For some reason, the force is required to make the working directory actually get
-            // updated I suspect we should be adding some logic to handle dirty working directory
-            // states, but this is just an example so maybe not.
-            .force(),
-    ))?;
-    Ok(())
-}
-
-pub(crate) fn merge_normal(
-    repo: &Repository,
-    local: &AnnotatedCommit,
-    remote: &AnnotatedCommit,
-) -> crate::error::Result<()> {
-    info!("Performing normal merge");
-    let local_tree = repo.find_commit(local.id())?.tree()?;
-    let remote_tree = repo.find_commit(remote.id())?.tree()?;
-    let ancestor = repo.find_commit(repo.merge_base(local.id(), remote.id())?)?.tree()?;
-
-    let mut idx = repo.merge_trees(&ancestor, &local_tree, &remote_tree, None)?;
-
-    if idx.has_conflicts() {
-        let conflicts = idx.conflicts()?;
-        for conflict in conflicts {
-            if let Ok(conflict) = conflict {
-                print_conflict(&conflict);
-            }
-        }
-        return Err(MergeConflicts);
-    }
-
-    let result_tree = repo.find_tree(idx.write_tree_to(repo)?)?;
-    // now create the merge commit
-    let msg = format!("Merge: {} into {}", remote.id(), local.id());
-    let sig = repo.signature()?;
-    let local_commit = repo.find_commit(local.id())?;
-    let remote_commit = repo.find_commit(remote.id())?;
-
-    // Do our merge commit and set current branch head to that commit.
-    let _merge_commit = repo.commit(
-        Some("HEAD"),
-        &sig,
-        &sig,
-        &msg,
-        &result_tree,
-        &[&local_commit, &remote_commit],
-    )?;
-
-    // Set working tree to match head.
-    repo.checkout_head(None)?;
-
-    Ok(())
-}
-
-fn print_conflict(conflict: &git2::IndexConflict) {
-    let ancestor = conflict.ancestor.as_ref().map(path_from_index_entry);
-    let ours = conflict.our.as_ref().map(path_from_index_entry);
-    let theirs = conflict.their.as_ref().map(path_from_index_entry);
-
-    println!("Conflict detected:");
-    if let Some(path) = ancestor {
-        println!("  Common ancestor: {:?}", path);
-    }
-    if let Some(path) = ours {
-        println!("  Ours: {:?}", path);
-    }
-    if let Some(path) = theirs {
-        println!("  Theirs: {:?}", path);
-    }
-}
-
-fn path_from_index_entry(entry: &IndexEntry) -> String {
-    String::from_utf8_lossy(entry.path.as_slice()).into_owned()
-}
--- a/crates/yaak-git/src/pull.rs
+++ b/crates/yaak-git/src/pull.rs
@@ -15,9 +15,23 @@ pub enum PullResult {
    Success { message: String },
    UpToDate,
    NeedsCredentials { url: String, error: Option<String> },
+    Diverged { remote: String, branch: String },
+    UncommittedChanges,
+}
+
+fn has_uncommitted_changes(dir: &Path) -> Result<bool> {
+    let repo = open_repo(dir)?;
+    let mut opts = git2::StatusOptions::new();
+    opts.include_ignored(false).include_untracked(false);
+    let statuses = repo.statuses(Some(&mut opts))?;
+    Ok(statuses.iter().any(|e| e.status() != git2::Status::CURRENT))
 }

 pub async fn git_pull(dir: &Path) -> Result<PullResult> {
+    if has_uncommitted_changes(dir)? {
+        return Ok(PullResult::UncommittedChanges);
+    }
+
    // Extract all git2 data before any await points (git2 types are not Send)
    let (branch_name, remote_name, remote_url) = {
        let repo = open_repo(dir)?;
@@ -56,6 +70,13 @@ pub async fn git_pull(dir: &Path) -> Result<PullResult> {
    }

    if !out.status.success() {
+        let combined_lower = combined.to_lowercase();
+        if combined_lower.contains("cannot fast-forward")
+            || combined_lower.contains("not possible to fast-forward")
+            || combined_lower.contains("diverged")
+        {
+            return Ok(PullResult::Diverged { remote: remote_name, branch: branch_name });
+        }
        return Err(GenericError(format!("Failed to pull {combined}")));
    }

@@ -66,6 +87,65 @@ pub async fn git_pull(dir: &Path) -> Result<PullResult> {
    Ok(PullResult::Success { message: format!("Pulled from {}/{}", remote_name, branch_name) })
 }

+pub async fn git_pull_force_reset(dir: &Path, remote: &str, branch: &str) -> Result<PullResult> {
+    // Step 1: fetch the remote
+    let fetch_out = new_binary_command(dir)
+        .await?
+        .args(["fetch", remote])
+        .env("GIT_TERMINAL_PROMPT", "0")
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git fetch: {e}")))?;
+
+    if !fetch_out.status.success() {
+        let stderr = String::from_utf8_lossy(&fetch_out.stderr);
+        return Err(GenericError(format!("Failed to fetch: {stderr}")));
+    }
+
+    // Step 2: reset --hard to remote/branch
+    let ref_name = format!("{}/{}", remote, branch);
+    let reset_out = new_binary_command(dir)
+        .await?
+        .args(["reset", "--hard", &ref_name])
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git reset: {e}")))?;
+
+    if !reset_out.status.success() {
+        let stderr = String::from_utf8_lossy(&reset_out.stderr);
+        return Err(GenericError(format!("Failed to reset: {}", stderr.trim())));
+    }
+
+    Ok(PullResult::Success { message: format!("Reset to {}/{}", remote, branch) })
+}
+
+pub async fn git_pull_merge(dir: &Path, remote: &str, branch: &str) -> Result<PullResult> {
+    let out = new_binary_command(dir)
+        .await?
+        .args(["pull", "--no-rebase", remote, branch])
+        .env("GIT_TERMINAL_PROMPT", "0")
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git pull --no-rebase: {e}")))?;
+
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    let combined = format!("{}{}", stdout, stderr);
+
+    info!("Pull merge status={} {combined}", out.status);
+
+    if !out.status.success() {
+        if combined.to_lowercase().contains("conflict") {
+            return Err(GenericError(
+                "Merge conflicts detected. Please resolve them manually.".to_string(),
+            ));
+        }
+        return Err(GenericError(format!("Failed to merge pull: {}", combined.trim())));
+    }
+
+    Ok(PullResult::Success { message: format!("Merged from {}/{}", remote, branch) })
+}
+
 // pub(crate) fn git_pull_old(dir: &Path) -> Result<PullResult> {
 //     let repo = open_repo(dir)?;
 //
--- a/crates/yaak-git/src/reset.rs
+++ b/crates/yaak-git/src/reset.rs
@@ -0,0 +1,20 @@
+use crate::binary::new_binary_command;
+use crate::error::Error::GenericError;
+use crate::error::Result;
+use std::path::Path;
+
+pub async fn git_reset_changes(dir: &Path) -> Result<()> {
+    let out = new_binary_command(dir)
+        .await?
+        .args(["reset", "--hard", "HEAD"])
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git reset: {e}")))?;
+
+    if !out.status.success() {
+        let stderr = String::from_utf8_lossy(&out.stderr);
+        return Err(GenericError(format!("Failed to reset: {}", stderr.trim())));
+    }
+
+    Ok(())
+}
--- a/crates/yaak-git/src/status.rs
+++ b/crates/yaak-git/src/status.rs
@@ -18,6 +18,8 @@ pub struct GitStatusSummary {
    pub origins: Vec<String>,
    pub local_branches: Vec<String>,
    pub remote_branches: Vec<String>,
+    pub ahead: u32,
+    pub behind: u32,
 }

 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize, TS)]
@@ -160,6 +162,18 @@ pub fn git_status(dir: &Path) -> crate::error::Result<GitStatusSummary> {
    let local_branches = local_branch_names(&repo)?;
    let remote_branches = remote_branch_names(&repo)?;

+    // Compute ahead/behind relative to remote tracking branch
+    let (ahead, behind) = (|| -> Option<(usize, usize)> {
+        let head = repo.head().ok()?;
+        let local_oid = head.target()?;
+        let branch_name = head.shorthand()?;
+        let upstream_ref =
+            repo.find_branch(&format!("origin/{branch_name}"), git2::BranchType::Remote).ok()?;
+        let upstream_oid = upstream_ref.get().target()?;
+        repo.graph_ahead_behind(local_oid, upstream_oid).ok()
+    })()
+    .unwrap_or((0, 0));
+
    Ok(GitStatusSummary {
        entries,
        origins,
@@ -168,5 +182,7 @@ pub fn git_status(dir: &Path) -> crate::error::Result<GitStatusSummary> {
        head_ref_shorthand,
        local_branches,
        remote_branches,
+        ahead: ahead as u32,
+        behind: behind as u32,
    })
 }
--- a/crates/yaak-git/src/util.rs
+++ b/crates/yaak-git/src/util.rs
@@ -47,10 +47,6 @@ pub(crate) fn remote_branch_names(repo: &Repository) -> Result<Vec<String>> {
    Ok(branches)
 }

-pub(crate) fn get_branch_by_name<'s>(repo: &'s Repository, name: &str) -> Result<Branch<'s>> {
-    Ok(repo.find_branch(name, BranchType::Local)?)
-}
-
 pub(crate) fn bytes_to_string(bytes: &[u8]) -> Result<String> {
    Ok(String::from_utf8(bytes.to_vec())?)
 }
--- a/crates/yaak-grpc/src/manager.rs
+++ b/crates/yaak-grpc/src/manager.rs
@@ -340,10 +340,9 @@ impl GrpcHandle {
        metadata: &BTreeMap<String, String>,
        validate_certificates: bool,
        client_cert: Option<ClientCertificateConfig>,
-        skip_cache: bool,
    ) -> Result<Vec<ServiceDefinition>> {
        // Ensure we have a pool; reflect only if missing
-        if skip_cache || self.get_pool(id, uri, proto_files).is_none() {
+        if self.get_pool(id, uri, proto_files).is_none() {
            info!("Reflecting gRPC services for {} at {}", id, uri);
            self.reflect(id, uri, proto_files, metadata, validate_certificates, client_cert)
                .await?;
--- a/crates/yaak-http/Cargo.toml
+++ b/crates/yaak-http/Cargo.toml
@@ -8,10 +8,11 @@ publish = false
 async-compression = { version = "0.4", features = ["tokio", "gzip", "deflate", "brotli", "zstd"] }
 async-trait = "0.1"
 brotli = "7"
-bytes = "1.5.0"
+bytes = "1.11.1"
 cookie = "0.18.1"
 flate2 = "1"
 futures-util = "0.3"
+http-body = "1"
 url = "2"
 zstd = "0.13"
 hyper-util = { version = "0.1.17", default-features = false, features = ["client-legacy"] }
--- a/crates/yaak-http/src/client.rs
+++ b/crates/yaak-http/src/client.rs
@@ -2,6 +2,8 @@ use crate::dns::LocalhostResolver;
 use crate::error::Result;
 use log::{debug, info, warn};
 use reqwest::{Client, Proxy, redirect};
+use std::sync::Arc;
+use yaak_models::models::DnsOverride;
 use yaak_tls::{ClientCertificateConfig, get_tls_config};

 #[derive(Clone)]
@@ -28,10 +30,14 @@ pub struct HttpConnectionOptions {
    pub validate_certificates: bool,
    pub proxy: HttpConnectionProxySetting,
    pub client_certificate: Option<ClientCertificateConfig>,
+    pub dns_overrides: Vec<DnsOverride>,
 }

 impl HttpConnectionOptions {
-    pub(crate) fn build_client(&self) -> Result<Client> {
+    /// Build a reqwest Client and return it along with the DNS resolver.
+    /// The resolver is returned separately so it can be configured per-request
+    /// to emit DNS timing events to the appropriate channel.
+    pub(crate) fn build_client(&self) -> Result<(Client, Arc<LocalhostResolver>)> {
        let mut client = Client::builder()
            .connection_verbose(true)
            .redirect(redirect::Policy::none())
@@ -40,15 +46,19 @@ impl HttpConnectionOptions {
            .no_brotli()
            .no_deflate()
            .referer(false)
-            .tls_info(true);
+            .tls_info(true)
+            // Disable connection pooling to ensure DNS resolution happens on each request
+            // This is needed so we can emit DNS timing events for each request
+            .pool_max_idle_per_host(0);

        // Configure TLS with optional client certificate
        let config =
            get_tls_config(self.validate_certificates, true, self.client_certificate.clone())?;
        client = client.use_preconfigured_tls(config);

-        // Configure DNS resolver
-        client = client.dns_resolver(LocalhostResolver::new());
+        // Configure DNS resolver - keep a reference to configure per-request
+        let resolver = LocalhostResolver::new(self.dns_overrides.clone());
+        client = client.dns_resolver(resolver.clone());

        // Configure proxy
        match self.proxy.clone() {
@@ -69,7 +79,7 @@ impl HttpConnectionOptions {
            self.client_certificate.is_some()
        );

-        Ok(client.build()?)
+        Ok((client.build()?, resolver))
    }
 }

--- a/crates/yaak-http/src/dns.rs
+++ b/crates/yaak-http/src/dns.rs
@@ -1,53 +1,185 @@
+use crate::sender::HttpResponseEvent;
 use hyper_util::client::legacy::connect::dns::{
    GaiResolver as HyperGaiResolver, Name as HyperName,
 };
+use log::info;
 use reqwest::dns::{Addrs, Name, Resolve, Resolving};
+use std::collections::HashMap;
 use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr};
 use std::str::FromStr;
 use std::sync::Arc;
+use std::time::Instant;
+use tokio::sync::{RwLock, mpsc};
 use tower_service::Service;
+use yaak_models::models::DnsOverride;
+
+/// Stores resolved addresses for a hostname override
+#[derive(Clone)]
+pub struct ResolvedOverride {
+    pub ipv4: Vec<Ipv4Addr>,
+    pub ipv6: Vec<Ipv6Addr>,
+}

 #[derive(Clone)]
 pub struct LocalhostResolver {
    fallback: HyperGaiResolver,
+    event_tx: Arc<RwLock<Option<mpsc::Sender<HttpResponseEvent>>>>,
+    overrides: Arc<HashMap<String, ResolvedOverride>>,
 }

 impl LocalhostResolver {
-    pub fn new() -> Arc<Self> {
+    pub fn new(dns_overrides: Vec<DnsOverride>) -> Arc<Self> {
        let resolver = HyperGaiResolver::new();
-        Arc::new(Self { fallback: resolver })
+
+        // Pre-parse DNS overrides into a lookup map
+        let mut overrides = HashMap::new();
+        for o in dns_overrides {
+            if !o.enabled {
+                continue;
+            }
+            let hostname = o.hostname.to_lowercase();
+
+            let ipv4: Vec<Ipv4Addr> =
+                o.ipv4.iter().filter_map(|s| s.parse::<Ipv4Addr>().ok()).collect();
+
+            let ipv6: Vec<Ipv6Addr> =
+                o.ipv6.iter().filter_map(|s| s.parse::<Ipv6Addr>().ok()).collect();
+
+            // Only add if at least one address is valid
+            if !ipv4.is_empty() || !ipv6.is_empty() {
+                overrides.insert(hostname, ResolvedOverride { ipv4, ipv6 });
+            }
+        }
+
+        Arc::new(Self {
+            fallback: resolver,
+            event_tx: Arc::new(RwLock::new(None)),
+            overrides: Arc::new(overrides),
+        })
+    }
+
+    /// Set the event sender for the current request.
+    /// This should be called before each request to direct DNS events
+    /// to the appropriate channel.
+    pub async fn set_event_sender(&self, tx: Option<mpsc::Sender<HttpResponseEvent>>) {
+        let mut guard = self.event_tx.write().await;
+        *guard = tx;
    }
 }

 impl Resolve for LocalhostResolver {
    fn resolve(&self, name: Name) -> Resolving {
        let host = name.as_str().to_lowercase();
+        let event_tx = self.event_tx.clone();
+        let overrides = self.overrides.clone();

+        info!("DNS resolve called for: {}", host);
+
+        // Check for DNS override first
+        if let Some(resolved) = overrides.get(&host) {
+            log::debug!("DNS override found for: {}", host);
+            let hostname = host.clone();
+            let mut addrs: Vec<SocketAddr> = Vec::new();
+
+            // Add IPv4 addresses
+            for ip in &resolved.ipv4 {
+                addrs.push(SocketAddr::new(IpAddr::V4(*ip), 0));
+            }
+
+            // Add IPv6 addresses
+            for ip in &resolved.ipv6 {
+                addrs.push(SocketAddr::new(IpAddr::V6(*ip), 0));
+            }
+
+            let addresses: Vec<String> = addrs.iter().map(|a| a.ip().to_string()).collect();
+
+            return Box::pin(async move {
+                // Emit DNS event for override
+                let guard = event_tx.read().await;
+                if let Some(tx) = guard.as_ref() {
+                    let _ = tx
+                        .send(HttpResponseEvent::DnsResolved {
+                            hostname,
+                            addresses,
+                            duration: 0,
+                            overridden: true,
+                        })
+                        .await;
+                }
+
+                Ok::<Addrs, Box<dyn std::error::Error + Send + Sync>>(Box::new(addrs.into_iter()))
+            });
+        }
+
+        // Check for .localhost suffix
        let is_localhost = host.ends_with(".localhost");
        if is_localhost {
+            let hostname = host.clone();
            // Port 0 is fine; reqwest replaces it with the URL's explicit
-            // port or the scheme’s default (80/443, etc.).
-            // (See docs note below.)
+            // port or the scheme's default (80/443, etc.).
            let addrs: Vec<SocketAddr> = vec![
                SocketAddr::new(IpAddr::V4(Ipv4Addr::LOCALHOST), 0),
                SocketAddr::new(IpAddr::V6(Ipv6Addr::LOCALHOST), 0),
            ];

+            let addresses: Vec<String> = addrs.iter().map(|a| a.ip().to_string()).collect();
+
            return Box::pin(async move {
+                // Emit DNS event for localhost resolution
+                let guard = event_tx.read().await;
+                if let Some(tx) = guard.as_ref() {
+                    let _ = tx
+                        .send(HttpResponseEvent::DnsResolved {
+                            hostname,
+                            addresses,
+                            duration: 0,
+                            overridden: false,
+                        })
+                        .await;
+                }
+
                Ok::<Addrs, Box<dyn std::error::Error + Send + Sync>>(Box::new(addrs.into_iter()))
            });
        }

+        // Fall back to system DNS
        let mut fallback = self.fallback.clone();
        let name_str = name.as_str().to_string();
+        let hostname = host.clone();
+
        Box::pin(async move {
-            match HyperName::from_str(&name_str) {
-                Ok(n) => fallback
-                    .call(n)
-                    .await
-                    .map(|addrs| Box::new(addrs) as Addrs)
-                    .map_err(|err| Box::new(err) as Box<dyn std::error::Error + Send + Sync>),
-                Err(e) => Err(Box::new(e) as Box<dyn std::error::Error + Send + Sync>),
+            let start = Instant::now();
+
+            let result = match HyperName::from_str(&name_str) {
+                Ok(n) => fallback.call(n).await,
+                Err(e) => return Err(Box::new(e) as Box<dyn std::error::Error + Send + Sync>),
+            };
+
+            let duration = start.elapsed().as_millis() as u64;
+
+            match result {
+                Ok(addrs) => {
+                    // Collect addresses for event emission
+                    let addr_vec: Vec<SocketAddr> = addrs.collect();
+                    let addresses: Vec<String> =
+                        addr_vec.iter().map(|a| a.ip().to_string()).collect();
+
+                    // Emit DNS event
+                    let guard = event_tx.read().await;
+                    if let Some(tx) = guard.as_ref() {
+                        let _ = tx
+                            .send(HttpResponseEvent::DnsResolved {
+                                hostname,
+                                addresses,
+                                duration,
+                                overridden: false,
+                            })
+                            .await;
+                    }
+
+                    Ok(Box::new(addr_vec.into_iter()) as Addrs)
+                }
+                Err(err) => Err(Box::new(err) as Box<dyn std::error::Error + Send + Sync>),
            }
        })
    }
--- a/crates/yaak-http/src/manager.rs
+++ b/crates/yaak-http/src/manager.rs
@@ -1,4 +1,5 @@
 use crate::client::HttpConnectionOptions;
+use crate::dns::LocalhostResolver;
 use crate::error::Result;
 use log::info;
 use reqwest::Client;
@@ -7,8 +8,15 @@ use std::sync::Arc;
 use std::time::{Duration, Instant};
 use tokio::sync::RwLock;

+/// A cached HTTP client along with its DNS resolver.
+/// The resolver is needed to set the event sender per-request.
+pub struct CachedClient {
+    pub client: Client,
+    pub resolver: Arc<LocalhostResolver>,
+}
+
 pub struct HttpConnectionManager {
-    connections: Arc<RwLock<BTreeMap<String, (Client, Instant)>>>,
+    connections: Arc<RwLock<BTreeMap<String, (CachedClient, Instant)>>>,
    ttl: Duration,
 }

@@ -20,21 +28,26 @@ impl HttpConnectionManager {
        }
    }

-    pub async fn get_client(&self, opt: &HttpConnectionOptions) -> Result<Client> {
+    pub async fn get_client(&self, opt: &HttpConnectionOptions) -> Result<CachedClient> {
        let mut connections = self.connections.write().await;
        let id = opt.id.clone();

        // Clean old connections
        connections.retain(|_, (_, last_used)| last_used.elapsed() <= self.ttl);

-        if let Some((c, last_used)) = connections.get_mut(&id) {
+        if let Some((cached, last_used)) = connections.get_mut(&id) {
            info!("Re-using HTTP client {id}");
            *last_used = Instant::now();
-            return Ok(c.clone());
+            return Ok(CachedClient {
+                client: cached.client.clone(),
+                resolver: cached.resolver.clone(),
+            });
        }

-        let c = opt.build_client()?;
-        connections.insert(id.into(), (c.clone(), Instant::now()));
-        Ok(c)
+        let (client, resolver) = opt.build_client()?;
+        let cached = CachedClient { client: client.clone(), resolver: resolver.clone() };
+        connections.insert(id.into(), (cached, Instant::now()));
+
+        Ok(CachedClient { client, resolver })
    }
 }
--- a/crates/yaak-http/src/sender.rs
+++ b/crates/yaak-http/src/sender.rs
@@ -2,7 +2,9 @@ use crate::decompress::{ContentEncoding, streaming_decoder};
 use crate::error::{Error, Result};
 use crate::types::{SendableBody, SendableHttpRequest};
 use async_trait::async_trait;
+use bytes::Bytes;
 use futures_util::StreamExt;
+use http_body::{Body as HttpBody, Frame, SizeHint};
 use reqwest::{Client, Method, Version};
 use std::fmt::Display;
 use std::pin::Pin;
@@ -31,7 +33,14 @@ pub enum HttpResponseEvent {
    },
    SendUrl {
        method: String,
+        scheme: String,
+        username: String,
+        password: String,
+        host: String,
+        port: u16,
        path: String,
+        query: String,
+        fragment: String,
    },
    ReceiveUrl {
        version: Version,
@@ -45,6 +54,12 @@ pub enum HttpResponseEvent {
    ChunkReceived {
        bytes: usize,
    },
+    DnsResolved {
+        hostname: String,
+        addresses: Vec<String>,
+        duration: u64,
+        overridden: bool,
+    },
 }

 impl Display for HttpResponseEvent {
@@ -59,7 +74,16 @@ impl Display for HttpResponseEvent {
                };
                write!(f, "* Redirect {} -> {} ({})", status, url, behavior_str)
            }
-            HttpResponseEvent::SendUrl { method, path } => write!(f, "> {} {}", method, path),
+            HttpResponseEvent::SendUrl { method, scheme, username, password, host, port, path, query, fragment } => {
+                let auth_str = if username.is_empty() && password.is_empty() {
+                    String::new()
+                } else {
+                    format!("{}:{}@", username, password)
+                };
+                let query_str = if query.is_empty() { String::new() } else { format!("?{}", query) };
+                let fragment_str = if fragment.is_empty() { String::new() } else { format!("#{}", fragment) };
+                write!(f, "> {} {}://{}{}:{}{}{}{}", method, scheme, auth_str, host, port, path, query_str, fragment_str)
+            }
            HttpResponseEvent::ReceiveUrl { version, status } => {
                write!(f, "< {} {}", version_to_str(version), status)
            }
@@ -67,6 +91,19 @@ impl Display for HttpResponseEvent {
            HttpResponseEvent::HeaderDown(name, value) => write!(f, "< {}: {}", name, value),
            HttpResponseEvent::ChunkSent { bytes } => write!(f, "> [{} bytes sent]", bytes),
            HttpResponseEvent::ChunkReceived { bytes } => write!(f, "< [{} bytes received]", bytes),
+            HttpResponseEvent::DnsResolved { hostname, addresses, duration, overridden } => {
+                if *overridden {
+                    write!(f, "* DNS override {} -> {}", hostname, addresses.join(", "))
+                } else {
+                    write!(
+                        f,
+                        "* DNS resolved {} to {} ({}ms)",
+                        hostname,
+                        addresses.join(", "),
+                        duration
+                    )
+                }
+            }
        }
    }
 }
@@ -85,7 +122,9 @@ impl From<HttpResponseEvent> for yaak_models::models::HttpResponseEventData {
                    RedirectBehavior::DropBody => "drop_body".to_string(),
                },
            },
-            HttpResponseEvent::SendUrl { method, path } => D::SendUrl { method, path },
+            HttpResponseEvent::SendUrl { method, scheme, username, password, host, port, path, query, fragment } => {
+                D::SendUrl { method, scheme, username, password, host, port, path, query, fragment }
+            }
            HttpResponseEvent::ReceiveUrl { version, status } => {
                D::ReceiveUrl { version: format!("{:?}", version), status }
            }
@@ -93,6 +132,9 @@ impl From<HttpResponseEvent> for yaak_models::models::HttpResponseEventData {
            HttpResponseEvent::HeaderDown(name, value) => D::HeaderDown { name, value },
            HttpResponseEvent::ChunkSent { bytes } => D::ChunkSent { bytes },
            HttpResponseEvent::ChunkReceived { bytes } => D::ChunkReceived { bytes },
+            HttpResponseEvent::DnsResolved { hostname, addresses, duration, overridden } => {
+                D::DnsResolved { hostname, addresses, duration, overridden }
+            }
        }
    }
 }
@@ -354,6 +396,9 @@ impl HttpSender for ReqwestSender {

        // Add headers
        for header in request.headers {
+            if header.0.is_empty() {
+                continue;
+            }
            req_builder = req_builder.header(&header.0, &header.1);
        }

@@ -370,10 +415,16 @@ impl HttpSender for ReqwestSender {
            Some(SendableBody::Bytes(bytes)) => {
                req_builder = req_builder.body(bytes);
            }
-            Some(SendableBody::Stream(stream)) => {
-                // Convert AsyncRead stream to reqwest Body
-                let stream = tokio_util::io::ReaderStream::new(stream);
-                let body = reqwest::Body::wrap_stream(stream);
+            Some(SendableBody::Stream { data, content_length }) => {
+                // Convert AsyncRead stream to reqwest Body. If content length is
+                // known, wrap with a SizedBody so hyper can set Content-Length
+                // automatically (for both HTTP/1.1 and HTTP/2).
+                let stream = tokio_util::io::ReaderStream::new(data);
+                let body = if let Some(len) = content_length {
+                    reqwest::Body::wrap(SizedBody::new(stream, len))
+                } else {
+                    reqwest::Body::wrap_stream(stream)
+                };
                req_builder = req_builder.body(body);
            }
        }
@@ -390,8 +441,15 @@ impl HttpSender for ReqwestSender {
        ));

        send_event(HttpResponseEvent::SendUrl {
-            path: sendable_req.url().path().to_string(),
            method: sendable_req.method().to_string(),
+            scheme: sendable_req.url().scheme().to_string(),
+            username: sendable_req.url().username().to_string(),
+            password: sendable_req.url().password().unwrap_or_default().to_string(),
+            host: sendable_req.url().host_str().unwrap_or_default().to_string(),
+            port: sendable_req.url().port_or_known_default().unwrap_or(0),
+            path: sendable_req.url().path().to_string(),
+            query: sendable_req.url().query().unwrap_or_default().to_string(),
+            fragment: sendable_req.url().fragment().unwrap_or_default().to_string(),
        });

        let mut request_headers = Vec::new();
@@ -470,6 +528,51 @@ impl HttpSender for ReqwestSender {
    }
 }

+/// A wrapper around a byte stream that reports a known content length via
+/// `size_hint()`. This lets hyper set the `Content-Length` header
+/// automatically based on the body size, without us having to add it as an
+/// explicit header — which can cause duplicate `Content-Length` headers and
+/// break HTTP/2.
+struct SizedBody<S> {
+    stream: std::sync::Mutex<S>,
+    remaining: u64,
+}
+
+impl<S> SizedBody<S> {
+    fn new(stream: S, content_length: u64) -> Self {
+        Self { stream: std::sync::Mutex::new(stream), remaining: content_length }
+    }
+}
+
+impl<S> HttpBody for SizedBody<S>
+where
+    S: futures_util::Stream<Item = std::result::Result<Bytes, std::io::Error>> + Send + Unpin + 'static,
+{
+    type Data = Bytes;
+    type Error = std::io::Error;
+
+    fn poll_frame(
+        self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+    ) -> Poll<Option<std::result::Result<Frame<Self::Data>, Self::Error>>> {
+        let this = self.get_mut();
+        let mut stream = this.stream.lock().unwrap();
+        match stream.poll_next_unpin(cx) {
+            Poll::Ready(Some(Ok(chunk))) => {
+                this.remaining = this.remaining.saturating_sub(chunk.len() as u64);
+                Poll::Ready(Some(Ok(Frame::data(chunk))))
+            }
+            Poll::Ready(Some(Err(e))) => Poll::Ready(Some(Err(e))),
+            Poll::Ready(None) => Poll::Ready(None),
+            Poll::Pending => Poll::Pending,
+        }
+    }
+
+    fn size_hint(&self) -> SizeHint {
+        SizeHint::with_exact(self.remaining)
+    }
+}
+
 fn version_to_str(version: &Version) -> String {
    match *version {
        Version::HTTP_09 => "HTTP/0.9".to_string(),
--- a/crates/yaak-http/src/transaction.rs
+++ b/crates/yaak-http/src/transaction.rs
@@ -168,6 +168,7 @@ impl<S: HttpSender> HttpTransaction<S> {
            response.drain().await?;

            // Update the request URL
+            let previous_url = current_url.clone();
            current_url = if location.starts_with("http://") || location.starts_with("https://") {
                // Absolute URL
                location
@@ -181,6 +182,8 @@ impl<S: HttpSender> HttpTransaction<S> {
                format!("{}/{}", base_path, location)
            };

+            Self::remove_sensitive_headers(&mut current_headers, &previous_url, &current_url);
+
            // Determine redirect behavior based on status code and method
            let behavior = if status == 303 {
                // 303 See Other always changes to GET
@@ -220,6 +223,33 @@ impl<S: HttpSender> HttpTransaction<S> {
        }
    }

+    /// Remove sensitive headers when redirecting to a different host.
+    /// This matches reqwest's `remove_sensitive_headers()` behavior and prevents
+    /// credentials from being forwarded to third-party servers (e.g., an
+    /// Authorization header sent from an API redirect to an S3 bucket).
+    fn remove_sensitive_headers(
+        headers: &mut Vec<(String, String)>,
+        previous_url: &str,
+        next_url: &str,
+    ) {
+        let previous_host = Url::parse(previous_url).ok().and_then(|u| {
+            u.host_str().map(|h| format!("{}:{}", h, u.port_or_known_default().unwrap_or(0)))
+        });
+        let next_host = Url::parse(next_url).ok().and_then(|u| {
+            u.host_str().map(|h| format!("{}:{}", h, u.port_or_known_default().unwrap_or(0)))
+        });
+        if previous_host != next_host {
+            headers.retain(|h| {
+                let name_lower = h.0.to_lowercase();
+                name_lower != "authorization"
+                    && name_lower != "cookie"
+                    && name_lower != "cookie2"
+                    && name_lower != "proxy-authorization"
+                    && name_lower != "www-authenticate"
+            });
+        }
+    }
+
    /// Check if a status code indicates a redirect
    fn is_redirect(status: u16) -> bool {
        matches!(status, 301 | 302 | 303 | 307 | 308)
@@ -269,9 +299,20 @@ mod tests {
    use tokio::io::AsyncRead;
    use tokio::sync::Mutex;

+    /// Captured request metadata for test assertions
+    #[derive(Debug, Clone)]
+    #[allow(dead_code)]
+    struct CapturedRequest {
+        url: String,
+        method: String,
+        headers: Vec<(String, String)>,
+    }
+
    /// Mock sender for testing
    struct MockSender {
        responses: Arc<Mutex<Vec<MockResponse>>>,
+        /// Captured requests for assertions
+        captured_requests: Arc<Mutex<Vec<CapturedRequest>>>,
    }

    struct MockResponse {
@@ -282,7 +323,10 @@ mod tests {

    impl MockSender {
        fn new(responses: Vec<MockResponse>) -> Self {
-            Self { responses: Arc::new(Mutex::new(responses)) }
+            Self {
+                responses: Arc::new(Mutex::new(responses)),
+                captured_requests: Arc::new(Mutex::new(Vec::new())),
+            }
        }
    }

@@ -290,9 +334,16 @@ mod tests {
    impl HttpSender for MockSender {
        async fn send(
            &self,
-            _request: SendableHttpRequest,
+            request: SendableHttpRequest,
            _event_tx: mpsc::Sender<HttpResponseEvent>,
        ) -> Result<HttpResponse> {
+            // Capture the request metadata for later assertions
+            self.captured_requests.lock().await.push(CapturedRequest {
+                url: request.url.clone(),
+                method: request.method.clone(),
+                headers: request.headers.clone(),
+            });
+
            let mut responses = self.responses.lock().await;
            if responses.is_empty() {
                Err(crate::error::Error::RequestError("No more mock responses".to_string()))
@@ -726,4 +777,116 @@ mod tests {
        assert!(result.is_ok());
        assert_eq!(request_count.load(Ordering::SeqCst), 2);
    }
+
+    #[tokio::test]
+    async fn test_cross_origin_redirect_strips_auth_headers() {
+        // Redirect from api.example.com -> s3.amazonaws.com should strip Authorization
+        let responses = vec![
+            MockResponse {
+                status: 302,
+                headers: vec![(
+                    "Location".to_string(),
+                    "https://s3.amazonaws.com/bucket/file.pdf".to_string(),
+                )],
+                body: vec![],
+            },
+            MockResponse { status: 200, headers: Vec::new(), body: b"PDF content".to_vec() },
+        ];
+
+        let sender = MockSender::new(responses);
+        let captured = sender.captured_requests.clone();
+        let transaction = HttpTransaction::new(sender);
+
+        let request = SendableHttpRequest {
+            url: "https://api.example.com/download".to_string(),
+            method: "GET".to_string(),
+            headers: vec![
+                ("Authorization".to_string(), "Basic dXNlcjpwYXNz".to_string()),
+                ("Accept".to_string(), "application/pdf".to_string()),
+            ],
+            options: crate::types::SendableHttpRequestOptions {
+                follow_redirects: true,
+                ..Default::default()
+            },
+            ..Default::default()
+        };
+
+        let (_tx, rx) = tokio::sync::watch::channel(false);
+        let (event_tx, _event_rx) = mpsc::channel(100);
+        let result = transaction.execute_with_cancellation(request, rx, event_tx).await.unwrap();
+        assert_eq!(result.status, 200);
+
+        let requests = captured.lock().await;
+        assert_eq!(requests.len(), 2);
+
+        // First request should have the Authorization header
+        assert!(
+            requests[0].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("authorization")),
+            "First request should have Authorization header"
+        );
+
+        // Second request (to different host) should NOT have the Authorization header
+        assert!(
+            !requests[1].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("authorization")),
+            "Redirected request to different host should NOT have Authorization header"
+        );
+
+        // Non-sensitive headers should still be present
+        assert!(
+            requests[1].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("accept")),
+            "Non-sensitive headers should be preserved across cross-origin redirects"
+        );
+    }
+
+    #[tokio::test]
+    async fn test_same_origin_redirect_preserves_auth_headers() {
+        // Redirect within the same host should keep Authorization
+        let responses = vec![
+            MockResponse {
+                status: 302,
+                headers: vec![(
+                    "Location".to_string(),
+                    "https://api.example.com/v2/download".to_string(),
+                )],
+                body: vec![],
+            },
+            MockResponse { status: 200, headers: Vec::new(), body: b"OK".to_vec() },
+        ];
+
+        let sender = MockSender::new(responses);
+        let captured = sender.captured_requests.clone();
+        let transaction = HttpTransaction::new(sender);
+
+        let request = SendableHttpRequest {
+            url: "https://api.example.com/v1/download".to_string(),
+            method: "GET".to_string(),
+            headers: vec![
+                ("Authorization".to_string(), "Bearer token123".to_string()),
+                ("Accept".to_string(), "application/json".to_string()),
+            ],
+            options: crate::types::SendableHttpRequestOptions {
+                follow_redirects: true,
+                ..Default::default()
+            },
+            ..Default::default()
+        };
+
+        let (_tx, rx) = tokio::sync::watch::channel(false);
+        let (event_tx, _event_rx) = mpsc::channel(100);
+        let result = transaction.execute_with_cancellation(request, rx, event_tx).await.unwrap();
+        assert_eq!(result.status, 200);
+
+        let requests = captured.lock().await;
+        assert_eq!(requests.len(), 2);
+
+        // Both requests should have the Authorization header (same host)
+        assert!(
+            requests[0].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("authorization")),
+            "First request should have Authorization header"
+        );
+        assert!(
+            requests[1].headers.iter().any(|(k, _)| k.eq_ignore_ascii_case("authorization")),
+            "Redirected request to same host should preserve Authorization header"
+        );
+    }
 }
--- a/crates/yaak-http/src/types.rs
+++ b/crates/yaak-http/src/types.rs
@@ -16,7 +16,13 @@ pub(crate) const MULTIPART_BOUNDARY: &str = "------YaakFormBoundary";

 pub enum SendableBody {
    Bytes(Bytes),
-    Stream(Pin<Box<dyn AsyncRead + Send + 'static>>),
+    Stream {
+        data: Pin<Box<dyn AsyncRead + Send + 'static>>,
+        /// Known content length for the stream, if available. This is used by
+        /// the sender to set the body size hint so that hyper can set
+        /// Content-Length automatically for both HTTP/1.1 and HTTP/2.
+        content_length: Option<u64>,
+    },
 }

 enum SendableBodyWithMeta {
@@ -31,7 +37,10 @@ impl From<SendableBodyWithMeta> for SendableBody {
    fn from(value: SendableBodyWithMeta) -> Self {
        match value {
            SendableBodyWithMeta::Bytes(b) => SendableBody::Bytes(b),
-            SendableBodyWithMeta::Stream { data, .. } => SendableBody::Stream(data),
+            SendableBodyWithMeta::Stream { data, content_length } => SendableBody::Stream {
+                data,
+                content_length: content_length.map(|l| l as u64),
+            },
        }
    }
 }
@@ -186,23 +195,11 @@ async fn build_body(
        }
    }

-    // Check if Transfer-Encoding: chunked is already set
-    let has_chunked_encoding = headers.iter().any(|h| {
-        h.0.to_lowercase() == "transfer-encoding" && h.1.to_lowercase().contains("chunked")
-    });
-
-    // Add a Content-Length header only if chunked encoding is not being used
-    if !has_chunked_encoding {
-        let content_length = match body {
-            Some(SendableBodyWithMeta::Bytes(ref bytes)) => Some(bytes.len()),
-            Some(SendableBodyWithMeta::Stream { content_length, .. }) => content_length,
-            None => None,
-        };
-
-        if let Some(cl) = content_length {
-            headers.push(("Content-Length".to_string(), cl.to_string()));
-        }
-    }
+    // NOTE: Content-Length is NOT set as an explicit header here. Instead, the
+    // body's content length is carried via SendableBody::Stream { content_length }
+    // and used by the sender to set the body size hint. This lets hyper handle
+    // Content-Length automatically for both HTTP/1.1 and HTTP/2, avoiding the
+    // duplicate Content-Length that breaks HTTP/2 servers.

    Ok((body.map(|b| b.into()), headers))
 }
@@ -928,7 +925,27 @@ mod tests {
    }

    #[tokio::test]
-    async fn test_no_content_length_with_chunked_encoding() -> Result<()> {
+    async fn test_no_content_length_header_added_by_build_body() -> Result<()> {
+        let mut body = BTreeMap::new();
+        body.insert("text".to_string(), json!("Hello, World!"));
+
+        let headers = vec![];
+
+        let (_, result_headers) =
+            build_body("POST", &Some("text/plain".to_string()), &body, headers).await?;
+
+        // Content-Length should NOT be set as an explicit header. Instead, the
+        // sender uses the body's size_hint to let hyper set it automatically,
+        // which works correctly for both HTTP/1.1 and HTTP/2.
+        let has_content_length =
+            result_headers.iter().any(|h| h.0.to_lowercase() == "content-length");
+        assert!(!has_content_length, "Content-Length should not be set as an explicit header");
+
+        Ok(())
+    }
+
+    #[tokio::test]
+    async fn test_chunked_encoding_header_preserved() -> Result<()> {
        let mut body = BTreeMap::new();
        body.insert("text".to_string(), json!("Hello, World!"));

@@ -938,11 +955,6 @@ mod tests {
        let (_, result_headers) =
            build_body("POST", &Some("text/plain".to_string()), &body, headers).await?;

-        // Verify that Content-Length is NOT present when Transfer-Encoding: chunked is set
-        let has_content_length =
-            result_headers.iter().any(|h| h.0.to_lowercase() == "content-length");
-        assert!(!has_content_length, "Content-Length should not be present with chunked encoding");
-
        // Verify that the Transfer-Encoding header is still present
        let has_chunked = result_headers.iter().any(|h| {
            h.0.to_lowercase() == "transfer-encoding" && h.1.to_lowercase().contains("chunked")
@@ -951,31 +963,4 @@ mod tests {

        Ok(())
    }
-
-    #[tokio::test]
-    async fn test_content_length_without_chunked_encoding() -> Result<()> {
-        let mut body = BTreeMap::new();
-        body.insert("text".to_string(), json!("Hello, World!"));
-
-        // Headers without Transfer-Encoding: chunked
-        let headers = vec![];
-
-        let (_, result_headers) =
-            build_body("POST", &Some("text/plain".to_string()), &body, headers).await?;
-
-        // Verify that Content-Length IS present when Transfer-Encoding: chunked is NOT set
-        let content_length_header =
-            result_headers.iter().find(|h| h.0.to_lowercase() == "content-length");
-        assert!(
-            content_length_header.is_some(),
-            "Content-Length should be present without chunked encoding"
-        );
-        assert_eq!(
-            content_length_header.unwrap().1,
-            "13",
-            "Content-Length should match the body size"
-        );
-
-        Ok(())
-    }
 }
--- a/crates/yaak-models/bindings/gen_models.ts
+++ b/crates/yaak-models/bindings/gen_models.ts
@@ -12,6 +12,8 @@ export type CookieExpires = { "AtUtc": string } | "SessionEnd";

 export type CookieJar = { model: "cookie_jar", id: string, createdAt: string, updatedAt: string, workspaceId: string, cookies: Array<Cookie>, name: string, };

+export type DnsOverride = { hostname: string, ipv4: Array<string>, ipv6: Array<string>, enabled?: boolean, };
+
 export type EditorKeymap = "default" | "vim" | "vscode" | "emacs";

 export type EncryptedKey = { encryptedKey: string, };
@@ -38,7 +40,7 @@ export type HttpRequest = { model: "http_request", id: string, createdAt: string

 export type HttpRequestHeader = { enabled?: boolean, name: string, value: string, id?: string, };

-export type HttpResponse = { model: "http_response", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, bodyPath: string | null, contentLength: number | null, contentLengthCompressed: number | null, elapsed: number, elapsedHeaders: number, error: string | null, headers: Array<HttpResponseHeader>, remoteAddr: string | null, requestContentLength: number | null, requestHeaders: Array<HttpResponseHeader>, status: number, statusReason: string | null, state: HttpResponseState, url: string, version: string | null, };
+export type HttpResponse = { model: "http_response", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, bodyPath: string | null, contentLength: number | null, contentLengthCompressed: number | null, elapsed: number, elapsedHeaders: number, elapsedDns: number, error: string | null, headers: Array<HttpResponseHeader>, remoteAddr: string | null, requestContentLength: number | null, requestHeaders: Array<HttpResponseHeader>, status: number, statusReason: string | null, state: HttpResponseState, url: string, version: string | null, };

 export type HttpResponseEvent = { model: "http_response_event", id: string, createdAt: string, updatedAt: string, workspaceId: string, responseId: string, event: HttpResponseEventData, };

@@ -47,7 +49,7 @@ export type HttpResponseEvent = { model: "http_response_event", id: string, crea
 * This mirrors `yaak_http::sender::HttpResponseEvent` but with serde support.
 * The `From` impl is in yaak-http to avoid circular dependencies.
 */
-export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, path: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, };
+export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, scheme: string, username: string, password: string, host: string, port: number, path: string, query: string, fragment: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, } | { "type": "dns_resolved", hostname: string, addresses: Array<string>, duration: bigint, overridden: boolean, };

 export type HttpResponseHeader = { name: string, value: string, };

@@ -91,6 +93,6 @@ export type WebsocketMessageType = "text" | "binary";

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, settingDnsOverrides: Array<DnsOverride>, };

 export type WorkspaceMeta = { model: "workspace_meta", id: string, workspaceId: string, createdAt: string, updatedAt: string, encryptionKey: EncryptedKey | null, settingSyncDir: string | null, };
--- a/crates/yaak-models/guest-js/store.ts
+++ b/crates/yaak-models/guest-js/store.ts
@@ -209,12 +209,24 @@ export function replaceModelsInStore<
 export function mergeModelsInStore<
  M extends AnyModel['model'],
  T extends Extract<AnyModel, { model: M }>,
->(model: M, models: T[]) {
+>(model: M, models: T[], filter?: (model: T) => boolean) {
  mustStore().set(modelStoreDataAtom, (prev: ModelStoreData) => {
    const existingModels = { ...prev[model] } as Record<string, T>;
+
+    // Merge in new models first
    for (const m of models) {
      existingModels[m.id] = m;
    }
+
+    // Then filter out unwanted models
+    if (filter) {
+      for (const [id, m] of Object.entries(existingModels)) {
+        if (!filter(m)) {
+          delete existingModels[id];
+        }
+      }
+    }
+
    return {
      ...prev,
      [model]: existingModels,
--- a/crates/yaak-models/migrations/20260111000000_dns-timing.sql
+++ b/crates/yaak-models/migrations/20260111000000_dns-timing.sql
@@ -0,0 +1,2 @@
+-- Add DNS resolution timing to http_responses
+ALTER TABLE http_responses ADD COLUMN elapsed_dns INTEGER DEFAULT 0 NOT NULL;
--- a/crates/yaak-models/migrations/20260112000000_dns-overrides.sql
+++ b/crates/yaak-models/migrations/20260112000000_dns-overrides.sql
@@ -0,0 +1,2 @@
+-- Add DNS overrides setting to workspaces
+ALTER TABLE workspaces ADD COLUMN setting_dns_overrides TEXT DEFAULT '[]' NOT NULL;
--- a/crates/yaak-models/migrations/20260119045146_remove-default-workspace-headers.sql
+++ b/crates/yaak-models/migrations/20260119045146_remove-default-workspace-headers.sql
@@ -0,0 +1,12 @@
+-- Filter out headers that match the hardcoded defaults (User-Agent: yaak, Accept: */*),
+-- keeping any other custom headers the user may have added.
+UPDATE workspaces
+SET headers = (
+    SELECT json_group_array(json(value))
+    FROM json_each(headers)
+    WHERE NOT (
+        (LOWER(json_extract(value, '$.name')) = 'user-agent' AND json_extract(value, '$.value') = 'yaak')
+        OR (LOWER(json_extract(value, '$.name')) = 'accept' AND json_extract(value, '$.value') = '*/*')
+    )
+)
+WHERE json_array_length(headers) > 0;
--- a/crates/yaak-models/src/models.rs
+++ b/crates/yaak-models/src/models.rs
@@ -73,6 +73,20 @@ pub struct ClientCertificate {
    pub enabled: bool,
 }

+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export, export_to = "gen_models.ts")]
+pub struct DnsOverride {
+    pub hostname: String,
+    #[serde(default)]
+    pub ipv4: Vec<String>,
+    #[serde(default)]
+    pub ipv6: Vec<String>,
+    #[serde(default = "default_true")]
+    #[ts(optional, as = "Option<bool>")]
+    pub enabled: bool,
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize, TS)]
 #[serde(rename_all = "snake_case")]
 #[ts(export, export_to = "gen_models.ts")]
@@ -303,6 +317,8 @@ pub struct Workspace {
    #[serde(default = "default_true")]
    pub setting_follow_redirects: bool,
    pub setting_request_timeout: i32,
+    #[serde(default)]
+    pub setting_dns_overrides: Vec<DnsOverride>,
 }

 impl UpsertModelInfo for Workspace {
@@ -343,6 +359,7 @@ impl UpsertModelInfo for Workspace {
            (SettingFollowRedirects, self.setting_follow_redirects.into()),
            (SettingRequestTimeout, self.setting_request_timeout.into()),
            (SettingValidateCertificates, self.setting_validate_certificates.into()),
+            (SettingDnsOverrides, serde_json::to_string(&self.setting_dns_overrides)?.into()),
        ])
    }

@@ -359,6 +376,7 @@ impl UpsertModelInfo for Workspace {
            WorkspaceIden::SettingFollowRedirects,
            WorkspaceIden::SettingRequestTimeout,
            WorkspaceIden::SettingValidateCertificates,
+            WorkspaceIden::SettingDnsOverrides,
        ]
    }

@@ -368,6 +386,7 @@ impl UpsertModelInfo for Workspace {
    {
        let headers: String = row.get("headers")?;
        let authentication: String = row.get("authentication")?;
+        let setting_dns_overrides: String = row.get("setting_dns_overrides")?;
        Ok(Self {
            id: row.get("id")?,
            model: row.get("model")?,
@@ -382,6 +401,7 @@ impl UpsertModelInfo for Workspace {
            setting_follow_redirects: row.get("setting_follow_redirects")?,
            setting_request_timeout: row.get("setting_request_timeout")?,
            setting_validate_certificates: row.get("setting_validate_certificates")?,
+            setting_dns_overrides: serde_json::from_str(&setting_dns_overrides).unwrap_or_default(),
        })
    }
 }
@@ -1333,6 +1353,7 @@ pub struct HttpResponse {
    pub content_length_compressed: Option<i32>,
    pub elapsed: i32,
    pub elapsed_headers: i32,
+    pub elapsed_dns: i32,
    pub error: Option<String>,
    pub headers: Vec<HttpResponseHeader>,
    pub remote_addr: Option<String>,
@@ -1381,6 +1402,7 @@ impl UpsertModelInfo for HttpResponse {
            (ContentLengthCompressed, self.content_length_compressed.into()),
            (Elapsed, self.elapsed.into()),
            (ElapsedHeaders, self.elapsed_headers.into()),
+            (ElapsedDns, self.elapsed_dns.into()),
            (Error, self.error.into()),
            (Headers, serde_json::to_string(&self.headers)?.into()),
            (RemoteAddr, self.remote_addr.into()),
@@ -1402,6 +1424,7 @@ impl UpsertModelInfo for HttpResponse {
            HttpResponseIden::ContentLengthCompressed,
            HttpResponseIden::Elapsed,
            HttpResponseIden::ElapsedHeaders,
+            HttpResponseIden::ElapsedDns,
            HttpResponseIden::Error,
            HttpResponseIden::Headers,
            HttpResponseIden::RemoteAddr,
@@ -1435,6 +1458,7 @@ impl UpsertModelInfo for HttpResponse {
            version: r.get("version")?,
            elapsed: r.get("elapsed")?,
            elapsed_headers: r.get("elapsed_headers")?,
+            elapsed_dns: r.get("elapsed_dns").unwrap_or_default(),
            remote_addr: r.get("remote_addr")?,
            status: r.get("status")?,
            status_reason: r.get("status_reason")?,
@@ -1471,7 +1495,21 @@ pub enum HttpResponseEventData {
    },
    SendUrl {
        method: String,
+        #[serde(default)]
+        scheme: String,
+        #[serde(default)]
+        username: String,
+        #[serde(default)]
+        password: String,
+        #[serde(default)]
+        host: String,
+        #[serde(default)]
+        port: u16,
        path: String,
+        #[serde(default)]
+        query: String,
+        #[serde(default)]
+        fragment: String,
    },
    ReceiveUrl {
        version: String,
@@ -1491,6 +1529,12 @@ pub enum HttpResponseEventData {
    ChunkReceived {
        bytes: usize,
    },
+    DnsResolved {
+        hostname: String,
+        addresses: Vec<String>,
+        duration: u64,
+        overridden: bool,
+    },
 }

 impl Default for HttpResponseEventData {
--- a/crates/yaak-models/src/queries/grpc_requests.rs
+++ b/crates/yaak-models/src/queries/grpc_requests.rs
@@ -1,3 +1,4 @@
+use super::dedupe_headers;
 use crate::db_context::DbContext;
 use crate::error::Result;
 use crate::models::{GrpcRequest, GrpcRequestIden, HttpRequestHeader};
@@ -87,6 +88,6 @@ impl<'a> DbContext<'a> {

        metadata.append(&mut grpc_request.metadata.clone());

-        Ok(metadata)
+        Ok(dedupe_headers(metadata))
    }
 }
--- a/crates/yaak-models/src/queries/http_requests.rs
+++ b/crates/yaak-models/src/queries/http_requests.rs
@@ -1,3 +1,4 @@
+use super::dedupe_headers;
 use crate::db_context::DbContext;
 use crate::error::Result;
 use crate::models::{Folder, FolderIden, HttpRequest, HttpRequestHeader, HttpRequestIden};
@@ -87,7 +88,7 @@ impl<'a> DbContext<'a> {

        headers.append(&mut http_request.headers.clone());

-        Ok(headers)
+        Ok(dedupe_headers(headers))
    }

    pub fn list_http_requests_for_folder_recursive(
--- a/crates/yaak-models/src/queries/mod.rs
+++ b/crates/yaak-models/src/queries/mod.rs
@@ -19,6 +19,26 @@ mod websocket_connections;
 mod websocket_events;
 mod websocket_requests;
 mod workspace_metas;
-mod workspaces;
+pub mod workspaces;

 const MAX_HISTORY_ITEMS: usize = 20;
+
+use crate::models::HttpRequestHeader;
+use std::collections::HashMap;
+
+/// Deduplicate headers by name (case-insensitive), keeping the latest (most specific) value.
+/// Preserves the order of first occurrence for each header name.
+pub(crate) fn dedupe_headers(headers: Vec<HttpRequestHeader>) -> Vec<HttpRequestHeader> {
+    let mut index_by_name: HashMap<String, usize> = HashMap::new();
+    let mut deduped: Vec<HttpRequestHeader> = Vec::new();
+    for header in headers {
+        let key = header.name.to_lowercase();
+        if let Some(&idx) = index_by_name.get(&key) {
+            deduped[idx] = header;
+        } else {
+            index_by_name.insert(key, deduped.len());
+            deduped.push(header);
+        }
+    }
+    deduped
+}
--- a/crates/yaak-models/src/queries/websocket_requests.rs
+++ b/crates/yaak-models/src/queries/websocket_requests.rs
@@ -1,3 +1,4 @@
+use super::dedupe_headers;
 use crate::db_context::DbContext;
 use crate::error::Result;
 use crate::models::{HttpRequestHeader, WebsocketRequest, WebsocketRequestIden};
@@ -95,6 +96,6 @@ impl<'a> DbContext<'a> {

        headers.append(&mut websocket_request.headers.clone());

-        Ok(headers)
+        Ok(dedupe_headers(headers))
    }
 }
--- a/crates/yaak-models/src/queries/workspaces.rs
+++ b/crates/yaak-models/src/queries/workspaces.rs
@@ -65,28 +65,7 @@ impl<'a> DbContext<'a> {
    }

    pub fn upsert_workspace(&self, w: &Workspace, source: &UpdateSource) -> Result<Workspace> {
-        let mut workspace = w.clone();
-
-        // Add default headers only for NEW workspaces (empty ID means insert, not update)
-        // This prevents re-adding headers if a user intentionally removes all headers
-        if workspace.id.is_empty() && workspace.headers.is_empty() {
-            workspace.headers = vec![
-                HttpRequestHeader {
-                    enabled: true,
-                    name: "User-Agent".to_string(),
-                    value: "yaak".to_string(),
-                    id: None,
-                },
-                HttpRequestHeader {
-                    enabled: true,
-                    name: "Accept".to_string(),
-                    value: "*/*".to_string(),
-                    id: None,
-                },
-            ];
-        }
-
-        self.upsert(&workspace, source)
+        self.upsert(w, source)
    }

    pub fn resolve_auth_for_workspace(
@@ -101,6 +80,28 @@ impl<'a> DbContext<'a> {
    }

    pub fn resolve_headers_for_workspace(&self, workspace: &Workspace) -> Vec<HttpRequestHeader> {
-        workspace.headers.clone()
+        let mut headers = default_headers();
+        headers.extend(workspace.headers.clone());
+        headers
    }
 }
+
+/// Global default headers that are always sent with requests unless overridden.
+/// These are prepended to the inheritance chain so workspace/folder/request headers
+/// can override or disable them.
+pub fn default_headers() -> Vec<HttpRequestHeader> {
+    vec![
+        HttpRequestHeader {
+            enabled: true,
+            name: "User-Agent".to_string(),
+            value: "yaak".to_string(),
+            id: None,
+        },
+        HttpRequestHeader {
+            enabled: true,
+            name: "Accept".to_string(),
+            value: "*/*".to_string(),
+            id: None,
+        },
+    ]
+}
--- a/crates/yaak-plugins/bindings/gen_events.ts
+++ b/crates/yaak-plugins/bindings/gen_events.ts
@@ -66,7 +66,9 @@ export type DeleteModelRequest = { model: string, id: string, };

 export type DeleteModelResponse = { model: AnyModel, };

-export type EditorLanguage = "text" | "javascript" | "json" | "html" | "xml" | "graphql" | "markdown";
+export type DialogSize = "sm" | "md" | "lg" | "full" | "dynamic";
+
+export type EditorLanguage = "text" | "javascript" | "json" | "html" | "xml" | "graphql" | "markdown" | "c" | "clojure" | "csharp" | "go" | "http" | "java" | "kotlin" | "objective_c" | "ocaml" | "php" | "powershell" | "python" | "r" | "ruby" | "shell" | "swift";

 export type EmptyPayload = {};

@@ -172,7 +174,11 @@ hideGutter?: boolean,
 /**
 * Language for syntax highlighting
 */
-language?: EditorLanguage, readOnly?: boolean, completionOptions?: Array<GenericCompletionOption>, 
+language?: EditorLanguage, readOnly?: boolean, 
+/**
+ * Fixed number of visible rows
+ */
+rows?: number, completionOptions?: Array<GenericCompletionOption>, 
 /**
 * The name of the input. The value will be stored at this object attribute in the resulting data
 */
@@ -476,9 +482,9 @@ label: string, title?: string, size?: WindowSize, dataDirKey?: string, };

 export type PluginContext = { id: string, label: string | null, workspaceId: string | null, };

-export type PromptFormRequest = { id: string, title: string, description?: string, inputs: Array<FormInput>, confirmText?: string, cancelText?: string, };
+export type PromptFormRequest = { id: string, title: string, description?: string, inputs: Array<FormInput>, confirmText?: string, cancelText?: string, size?: DialogSize, };

-export type PromptFormResponse = { values: { [key in string]?: JsonPrimitive } | null, };
+export type PromptFormResponse = { values: { [key in string]?: JsonPrimitive } | null, done?: boolean, };

 export type PromptTextRequest = { id: string, title: string, label: string, description?: string, defaultValue?: string, placeholder?: string, 
 /**
--- a/crates/yaak-plugins/bindings/gen_models.ts
+++ b/crates/yaak-plugins/bindings/gen_models.ts
@@ -12,6 +12,8 @@ export type CookieExpires = { "AtUtc": string } | "SessionEnd";

 export type CookieJar = { model: "cookie_jar", id: string, createdAt: string, updatedAt: string, workspaceId: string, cookies: Array<Cookie>, name: string, };

+export type DnsOverride = { hostname: string, ipv4: Array<string>, ipv6: Array<string>, enabled?: boolean, };
+
 export type EditorKeymap = "default" | "vim" | "vscode" | "emacs";

 export type EncryptedKey = { encryptedKey: string, };
@@ -38,7 +40,7 @@ export type HttpRequest = { model: "http_request", id: string, createdAt: string

 export type HttpRequestHeader = { enabled?: boolean, name: string, value: string, id?: string, };

-export type HttpResponse = { model: "http_response", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, bodyPath: string | null, contentLength: number | null, contentLengthCompressed: number | null, elapsed: number, elapsedHeaders: number, error: string | null, headers: Array<HttpResponseHeader>, remoteAddr: string | null, requestContentLength: number | null, requestHeaders: Array<HttpResponseHeader>, status: number, statusReason: string | null, state: HttpResponseState, url: string, version: string | null, };
+export type HttpResponse = { model: "http_response", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, bodyPath: string | null, contentLength: number | null, contentLengthCompressed: number | null, elapsed: number, elapsedHeaders: number, elapsedDns: number, error: string | null, headers: Array<HttpResponseHeader>, remoteAddr: string | null, requestContentLength: number | null, requestHeaders: Array<HttpResponseHeader>, status: number, statusReason: string | null, state: HttpResponseState, url: string, version: string | null, };

 export type HttpResponseEvent = { model: "http_response_event", id: string, createdAt: string, updatedAt: string, workspaceId: string, responseId: string, event: HttpResponseEventData, };

@@ -47,7 +49,7 @@ export type HttpResponseEvent = { model: "http_response_event", id: string, crea
 * This mirrors `yaak_http::sender::HttpResponseEvent` but with serde support.
 * The `From` impl is in yaak-http to avoid circular dependencies.
 */
-export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, path: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, };
+export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, scheme: string, username: string, password: string, host: string, port: number, path: string, query: string, fragment: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, } | { "type": "dns_resolved", hostname: string, addresses: Array<string>, duration: bigint, overridden: boolean, };

 export type HttpResponseHeader = { name: string, value: string, };

@@ -77,6 +79,6 @@ export type WebsocketEventType = "binary" | "close" | "frame" | "open" | "ping"

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, settingDnsOverrides: Array<DnsOverride>, };

 export type WorkspaceMeta = { model: "workspace_meta", id: string, workspaceId: string, createdAt: string, updatedAt: string, encryptionKey: EncryptedKey | null, settingSyncDir: string | null, };
--- a/crates/yaak-plugins/src/api.rs
+++ b/crates/yaak-plugins/src/api.rs
@@ -80,10 +80,7 @@ pub async fn check_plugin_updates(
 }

 /// Search for plugins in the registry.
-pub async fn search_plugins(
-    http_client: &Client,
-    query: &str,
-) -> Result<PluginSearchResponse> {
+pub async fn search_plugins(http_client: &Client, query: &str) -> Result<PluginSearchResponse> {
    let mut url = build_url("/search");
    {
        let mut query_pairs = url.query_pairs_mut();
--- a/crates/yaak-plugins/src/events.rs
+++ b/crates/yaak-plugins/src/events.rs
@@ -587,6 +587,19 @@ pub struct PromptFormRequest {
    pub confirm_text: Option<String>,
    #[ts(optional)]
    pub cancel_text: Option<String>,
+    #[ts(optional)]
+    pub size: Option<DialogSize>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, TS)]
+#[serde(rename_all = "snake_case")]
+#[ts(export, export_to = "gen_events.ts")]
+pub enum DialogSize {
+    Sm,
+    Md,
+    Lg,
+    Full,
+    Dynamic,
 }

 #[derive(Debug, Clone, Default, Serialize, Deserialize, TS)]
@@ -594,6 +607,8 @@ pub struct PromptFormRequest {
 #[ts(export, export_to = "gen_events.ts")]
 pub struct PromptFormResponse {
    pub values: Option<HashMap<String, JsonPrimitive>>,
+    #[ts(optional)]
+    pub done: Option<bool>,
 }

 #[derive(Debug, Clone, Default, Serialize, Deserialize, TS)]
@@ -936,6 +951,22 @@ pub enum EditorLanguage {
    Xml,
    Graphql,
    Markdown,
+    C,
+    Clojure,
+    Csharp,
+    Go,
+    Http,
+    Java,
+    Kotlin,
+    ObjectiveC,
+    Ocaml,
+    Php,
+    Powershell,
+    Python,
+    R,
+    Ruby,
+    Shell,
+    Swift,
 }

 impl Default for EditorLanguage {
@@ -966,6 +997,10 @@ pub struct FormInputEditor {
    #[ts(optional)]
    pub read_only: Option<bool>,

+    /// Fixed number of visible rows
+    #[ts(optional)]
+    pub rows: Option<i32>,
+
    #[ts(optional)]
    pub completion_options: Option<Vec<GenericCompletionOption>>,
 }
--- a/crates/yaak-plugins/src/manager.rs
+++ b/crates/yaak-plugins/src/manager.rs
@@ -31,7 +31,7 @@ use std::time::Duration;
 use tokio::fs::read_dir;
 use tokio::net::TcpListener;
 use tokio::sync::mpsc::error::TrySendError;
-use tokio::sync::{Mutex, mpsc};
+use tokio::sync::{Mutex, mpsc, oneshot};
 use tokio::time::{Instant, timeout};
 use yaak_models::models::Plugin;
 use yaak_models::util::generate_id;
@@ -43,6 +43,7 @@ pub struct PluginManager {
    subscribers: Arc<Mutex<HashMap<String, mpsc::Sender<InternalEvent>>>>,
    plugin_handles: Arc<Mutex<Vec<PluginHandle>>>,
    kill_tx: tokio::sync::watch::Sender<bool>,
+    killed_rx: Arc<Mutex<Option<oneshot::Receiver<()>>>>,
    ws_service: Arc<PluginRuntimeServerWebsocket>,
    vendored_plugin_dir: PathBuf,
    pub(crate) installed_plugin_dir: PathBuf,
@@ -70,6 +71,7 @@ impl PluginManager {
    ) -> PluginManager {
        let (events_tx, mut events_rx) = mpsc::channel(2048);
        let (kill_server_tx, kill_server_rx) = tokio::sync::watch::channel(false);
+        let (killed_tx, killed_rx) = oneshot::channel();

        let (client_disconnect_tx, mut client_disconnect_rx) = mpsc::channel(128);
        let (client_connect_tx, mut client_connect_rx) = tokio::sync::watch::channel(false);
@@ -81,6 +83,7 @@ impl PluginManager {
            subscribers: Default::default(),
            ws_service: Arc::new(ws_service.clone()),
            kill_tx: kill_server_tx,
+            killed_rx: Arc::new(Mutex::new(Some(killed_rx))),
            vendored_plugin_dir,
            installed_plugin_dir,
            dev_mode,
@@ -141,9 +144,15 @@ impl PluginManager {
        });

        // 2. Start Node.js runtime
-        start_nodejs_plugin_runtime(&node_bin_path, &plugin_runtime_main, addr, &kill_server_rx)
-            .await
-            .unwrap();
+        start_nodejs_plugin_runtime(
+            &node_bin_path,
+            &plugin_runtime_main,
+            addr,
+            &kill_server_rx,
+            killed_tx,
+        )
+        .await
+        .unwrap();
        info!("Waiting for plugins to initialize");
        init_plugins_task.await.unwrap();

@@ -296,8 +305,15 @@ impl PluginManager {
    pub async fn terminate(&self) {
        self.kill_tx.send_replace(true);

-        // Give it a bit of time to kill
-        tokio::time::sleep(Duration::from_millis(500)).await;
+        // Wait for the plugin runtime process to actually exit
+        let killed_rx = self.killed_rx.lock().await.take();
+        if let Some(rx) = killed_rx {
+            if timeout(Duration::from_secs(5), rx).await.is_err() {
+                warn!("Timed out waiting for plugin runtime to exit");
+            } else {
+                info!("Plugin runtime exited")
+            }
+        }
    }

    pub async fn reply(
@@ -378,7 +394,8 @@ impl PluginManager {
        plugins: Vec<PluginHandle>,
        timeout_duration: Duration,
    ) -> Result<Vec<InternalEvent>> {
-        let label = format!("wait[{}.{}]", plugins.len(), payload.type_name());
+        let event_type = payload.type_name();
+        let label = format!("wait[{}.{}]", plugins.len(), event_type);
        let (rx_id, mut rx) = self.subscribe(label.as_str()).await;

        // 1. Build the events with IDs and everything
@@ -412,10 +429,21 @@ impl PluginManager {

                // Timeout to prevent hanging forever if plugin doesn't respond
                if timeout(timeout_duration, collect_events).await.is_err() {
+                    let responded_ids: Vec<&String> =
+                        found_events.iter().filter_map(|e| e.reply_id.as_ref()).collect();
+                    let non_responding: Vec<&str> = events_to_send
+                        .iter()
+                        .filter(|e| !responded_ids.contains(&&e.id))
+                        .map(|e| e.plugin_name.as_str())
+                        .collect();
                    warn!(
-                        "Timeout waiting for plugin responses. Got {}/{} responses",
+                        "Timeout ({:?}) waiting for {} responses. Got {}/{} responses. \
+                        Non-responding plugins: [{}]",
+                        timeout_duration,
+                        event_type,
                        found_events.len(),
-                        events_to_send.len()
+                        events_to_send.len(),
+                        non_responding.join(", ")
                    );
                }

--- a/crates/yaak-plugins/src/native_template_functions.rs
+++ b/crates/yaak-plugins/src/native_template_functions.rs
@@ -196,7 +196,11 @@ pub fn decrypt_secure_template_function(
                    }
                }
                new_tokens.push(Token::Raw {
-                    text: template_function_secure_run(encryption_manager, args_map, plugin_context)?,
+                    text: template_function_secure_run(
+                        encryption_manager,
+                        args_map,
+                        plugin_context,
+                    )?,
                });
            }
            t => {
@@ -216,7 +220,8 @@ pub fn encrypt_secure_template_function(
    plugin_context: &PluginContext,
    template: &str,
 ) -> Result<String> {
-    let decrypted = decrypt_secure_template_function(&encryption_manager, plugin_context, template)?;
+    let decrypted =
+        decrypt_secure_template_function(&encryption_manager, plugin_context, template)?;
    let tokens = Tokens {
        tokens: vec![Token::Tag {
            val: Val::Fn {
@@ -231,7 +236,12 @@ pub fn encrypt_secure_template_function(

    Ok(transform_args(
        tokens,
-        &PluginTemplateCallback::new(plugin_manager, encryption_manager, plugin_context, RenderPurpose::Preview),
+        &PluginTemplateCallback::new(
+            plugin_manager,
+            encryption_manager,
+            plugin_context,
+            RenderPurpose::Preview,
+        ),
    )?
    .to_string())
 }
--- a/crates/yaak-plugins/src/nodejs.rs
+++ b/crates/yaak-plugins/src/nodejs.rs
@@ -4,6 +4,7 @@ use std::net::SocketAddr;
 use std::path::Path;
 use std::process::Stdio;
 use tokio::io::{AsyncBufReadExt, BufReader};
+use tokio::sync::oneshot;
 use tokio::sync::watch::Receiver;
 use yaak_common::command::new_xplatform_command;

@@ -19,6 +20,7 @@ pub async fn start_nodejs_plugin_runtime(
    plugin_runtime_main: &Path,
    addr: SocketAddr,
    kill_rx: &Receiver<bool>,
+    killed_tx: oneshot::Sender<()>,
 ) -> Result<()> {
    // HACK: Remove UNC prefix for Windows paths to pass to sidecar
    let plugin_runtime_main_str =
@@ -72,6 +74,7 @@ pub async fn start_nodejs_plugin_runtime(
            warn!("Failed to kill plugin runtime: {e}");
        }
        info!("Killed plugin runtime");
+        let _ = killed_tx.send(());
    });

    Ok(())
--- a/crates/yaak-plugins/src/template_callback.rs
+++ b/crates/yaak-plugins/src/template_callback.rs
@@ -46,7 +46,11 @@ impl TemplateCallback for PluginTemplateCallback {
        let fn_name = if fn_name == "Response" { "response" } else { fn_name };

        if fn_name == "secure" {
-            return template_function_secure_run(&self.encryption_manager, args, &self.plugin_context);
+            return template_function_secure_run(
+                &self.encryption_manager,
+                args,
+                &self.plugin_context,
+            );
        } else if fn_name == "keychain" || fn_name == "keyring" {
            return template_function_keychain_run(args);
        }
@@ -56,7 +60,8 @@ impl TemplateCallback for PluginTemplateCallback {
            primitive_args.insert(key, JsonPrimitive::from(value));
        }

-        let resp = self.plugin_manager
+        let resp = self
+            .plugin_manager
            .call_template_function(
                &self.plugin_context,
                fn_name,
--- a/crates/yaak-sync/bindings/gen_models.ts
+++ b/crates/yaak-sync/bindings/gen_models.ts
@@ -1,5 +1,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

+export type DnsOverride = { hostname: string, ipv4: Array<string>, ipv6: Array<string>, enabled?: boolean, };
+
 export type Environment = { model: "environment", id: string, workspaceId: string, createdAt: string, updatedAt: string, name: string, public: boolean, parentModel: string, parentId: string | null, variables: Array<EnvironmentVariable>, color: string | null, sortPriority: number, };

 export type EnvironmentVariable = { enabled?: boolean, name: string, value: string, id?: string, };
@@ -20,4 +22,4 @@ export type SyncState = { model: "sync_state", id: string, workspaceId: string,

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, settingDnsOverrides: Array<DnsOverride>, };
--- a/crates/yaak-sync/src/sync.rs
+++ b/crates/yaak-sync/src/sync.rs
@@ -296,11 +296,7 @@ pub fn compute_sync_ops(
        .collect()
 }

-fn workspace_models(
-    db: &DbContext,
-    version: &str,
-    workspace_id: &str,
-) -> Result<Vec<SyncModel>> {
+fn workspace_models(db: &DbContext, version: &str, workspace_id: &str) -> Result<Vec<SyncModel>> {
    // We want to include private environments here so that we can take them into account during
    // the sync process. Otherwise, they would be treated as deleted.
    let include_private_environments = true;
--- a/crates/yaak-templates/build-wasm.cjs
+++ b/crates/yaak-templates/build-wasm.cjs
@@ -0,0 +1,8 @@
+const { execSync } = require('node:child_process');
+
+if (process.env.SKIP_WASM_BUILD === '1') {
+  console.log('Skipping wasm-pack build (SKIP_WASM_BUILD=1)');
+  return;
+}
+
+execSync('wasm-pack build --target bundler', { stdio: 'inherit' });
--- a/crates/yaak-templates/package.json
+++ b/crates/yaak-templates/package.json
@@ -6,7 +6,7 @@
  "scripts": {
    "bootstrap": "npm run build",
    "build": "run-s build:*",
-    "build:pack": "wasm-pack build --target bundler",
+    "build:pack": "node build-wasm.cjs",
    "build:clean": "rimraf ./pkg/.gitignore"
  },
  "devDependencies": {
--- a/crates/yaak-templates/src/renderer.rs
+++ b/crates/yaak-templates/src/renderer.rs
@@ -81,6 +81,10 @@ impl RenderOptions {
    pub fn throw() -> Self {
        Self { error_behavior: RenderErrorBehavior::Throw }
    }
+
+    pub fn return_empty() -> Self {
+        Self { error_behavior: RenderErrorBehavior::ReturnEmpty }
+    }
 }

 impl RenderErrorBehavior {
--- a/crates/yaak-ws/index.ts
+++ b/crates/yaak-ws/index.ts
@@ -1,31 +1,5 @@
 import { invoke } from '@tauri-apps/api/core';
-import { WebsocketConnection, WebsocketEvent, WebsocketRequest } from '@yaakapp-internal/models';
-
-export function upsertWebsocketRequest(
-  request: WebsocketRequest | Partial<Omit<WebsocketRequest, 'id'>>,
-) {
-  return invoke('cmd_ws_upsert_request', {
-    request,
-  }) as Promise<WebsocketRequest>;
-}
-
-export function duplicateWebsocketRequest(requestId: string) {
-  return invoke('cmd_ws_duplicate_request', {
-    requestId,
-  }) as Promise<WebsocketRequest>;
-}
-
-export function deleteWebsocketRequest(requestId: string) {
-  return invoke('cmd_ws_delete_request', {
-    requestId,
-  });
-}
-
-export function deleteWebsocketConnection(connectionId: string) {
-  return invoke('cmd_ws_delete_connection', {
-    connectionId,
-  });
-}
+import { WebsocketConnection } from '@yaakapp-internal/models';

 export function deleteWebsocketConnections(requestId: string) {
  return invoke('cmd_ws_delete_connections', {
@@ -33,20 +7,6 @@ export function deleteWebsocketConnections(requestId: string) {
  });
 }

-export function listWebsocketRequests({ workspaceId }: { workspaceId: string }) {
-  return invoke('cmd_ws_list_requests', { workspaceId }) as Promise<WebsocketRequest[]>;
-}
-
-export function listWebsocketEvents({ connectionId }: { connectionId: string }) {
-  return invoke('cmd_ws_list_events', { connectionId }) as Promise<WebsocketEvent[]>;
-}
-
-export function listWebsocketConnections({ workspaceId }: { workspaceId: string }) {
-  return invoke('cmd_ws_list_connections', { workspaceId }) as Promise<
-    WebsocketConnection[]
-  >;
-}
-
 export function connectWebsocket({
  requestId,
  environmentId,
--- a/crates/yaak-ws/src/manager.rs
+++ b/crates/yaak-ws/src/manager.rs
@@ -2,6 +2,7 @@ use crate::connect::ws_connect;
 use crate::error::Result;
 use futures_util::stream::SplitSink;
 use futures_util::{SinkExt, StreamExt};
+use http::HeaderMap;
 use log::{debug, info, warn};
 use std::collections::HashMap;
 use std::sync::Arc;
@@ -10,7 +11,6 @@ use tokio::net::TcpStream;
 use tokio::sync::{Mutex, mpsc};
 use tokio_tungstenite::tungstenite::Message;
 use tokio_tungstenite::tungstenite::handshake::client::Response;
-use http::HeaderMap;
 use tokio_tungstenite::tungstenite::http::HeaderValue;
 use tokio_tungstenite::{MaybeTlsStream, WebSocketStream};
 use yaak_tls::ClientCertificateConfig;
--- a/crates/yaak-ws/src/render.rs
+++ b/crates/yaak-ws/src/render.rs
@@ -16,6 +16,9 @@ pub async fn render_websocket_request<T: TemplateCallback>(

    let mut url_parameters = Vec::new();
    for p in r.url_parameters.clone() {
+        if !p.enabled {
+            continue;
+        }
        url_parameters.push(HttpUrlParameter {
            enabled: p.enabled,
            name: parse_and_render(&p.name, vars, cb, opt).await?,
@@ -26,6 +29,9 @@ pub async fn render_websocket_request<T: TemplateCallback>(

    let mut headers = Vec::new();
    for p in r.headers.clone() {
+        if !p.enabled {
+            continue;
+        }
        headers.push(HttpRequestHeader {
            enabled: p.enabled,
            name: parse_and_render(&p.name, vars, cb, opt).await?,
--- a/flatpak/app.yaak.Yaak.metainfo.xml
+++ b/flatpak/app.yaak.Yaak.metainfo.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<component type="desktop-application">
+  <id>app.yaak.Yaak</id>
+
+  <name>Yaak</name>
+  <summary>An offline, Git friendly API Client</summary>
+
+  <developer id="app.yaak">
+    <name>Yaak</name>
+  </developer>
+
+  <metadata_license>MIT</metadata_license>
+  <project_license>MIT</project_license>
+
+  <url type="homepage">https://yaak.app</url>
+  <url type="bugtracker">https://yaak.app/feedback</url>
+  <url type="contact">https://yaak.app/feedback</url>
+  <url type="vcs-browser">https://github.com/mountain-loop/yaak</url>
+
+  <description>
+    <p>
+      A fast, privacy-first API client for REST, GraphQL, SSE, WebSocket,
+      and gRPC — built with Tauri, Rust, and React.
+    </p>
+    <p>Features include:</p>
+    <ul>
+      <li>REST, GraphQL, SSE, WebSocket, and gRPC support</li>
+      <li>Local-only data, secrets encryption, and zero telemetry</li>
+      <li>Git-friendly plain-text project storage</li>
+      <li>Environment variables and template functions</li>
+      <li>Request chaining and dynamic values</li>
+      <li>OAuth 2.0, Bearer, Basic, API Key, AWS, JWT, and NTLM authentication</li>
+      <li>Import from cURL, Postman, Insomnia, and OpenAPI</li>
+      <li>Extensible plugin system</li>
+    </ul>
+  </description>
+
+  <launchable type="desktop-id">app.yaak.Yaak.desktop</launchable>
+
+  <branding>
+    <color type="primary" scheme_preference="light">#8b32ff</color>
+    <color type="primary" scheme_preference="dark">#c293ff</color>
+  </branding>
+
+  <content_rating type="oars-1.1" />
+
+  <screenshots>
+    <screenshot type="default">
+      <caption>Crafting an API request</caption>
+      <image>https://assets.yaak.app/uploads/screenshot-BLG1w_2310x1326.png</image>
+    </screenshot>
+  </screenshots>
+
+  <releases>
+    <release version="2026.2.0" date="2026-02-10" />
+  </releases>
+</component>
--- a/flatpak/fix-lockfile.mjs
+++ b/flatpak/fix-lockfile.mjs
@@ -0,0 +1,75 @@
+#!/usr/bin/env node
+
+// Adds missing `resolved` and `integrity` fields to npm package-lock.json.
+//
+// npm sometimes omits these fields for nested dependencies inside workspace
+// packages. This breaks offline installs and tools like flatpak-node-generator
+// that need explicit tarball URLs for every package.
+//
+// Based on https://github.com/grant-dennison/npm-package-lock-add-resolved
+// (MIT License, Copyright (c) 2024 Grant Dennison)
+
+import { readFile, writeFile } from "node:fs/promises";
+import { get } from "node:https";
+
+const lockfilePath = process.argv[2] || "package-lock.json";
+
+function fetchJson(url) {
+  return new Promise((resolve, reject) => {
+    get(url, (res) => {
+      let data = "";
+      res.on("data", (chunk) => {
+        data += chunk;
+      });
+      res.on("end", () => {
+        if (res.statusCode === 200) {
+          resolve(JSON.parse(data));
+        } else {
+          reject(`${url} returned ${res.statusCode} ${res.statusMessage}`);
+        }
+      });
+      res.on("error", reject);
+    }).on("error", reject);
+  });
+}
+
+async function fillResolved(name, p) {
+  const version = p.version.replace(/^.*@/, "");
+  console.log(`Retrieving metadata for ${name}@${version}`);
+  const metadataUrl = `https://registry.npmjs.com/${name}/${version}`;
+  const metadata = await fetchJson(metadataUrl);
+  p.resolved = metadata.dist.tarball;
+  p.integrity = metadata.dist.integrity;
+}
+
+let changesMade = false;
+
+async function fillAllResolved(packages) {
+  for (const packagePath in packages) {
+    if (packagePath === "") continue;
+    if (!packagePath.includes("node_modules/")) continue;
+    const p = packages[packagePath];
+    if (p.link) continue;
+    if (!p.inBundle && !p.bundled && (!p.resolved || !p.integrity)) {
+      const packageName =
+        p.name ||
+        /^npm:(.+?)@.+$/.exec(p.version)?.[1] ||
+        packagePath.replace(/^.*node_modules\/(?=.+?$)/, "");
+      await fillResolved(packageName, p);
+      changesMade = true;
+    }
+  }
+}
+
+const oldContents = await readFile(lockfilePath, "utf-8");
+const packageLock = JSON.parse(oldContents);
+
+await fillAllResolved(packageLock.packages ?? []);
+
+if (changesMade) {
+  const newContents = JSON.stringify(packageLock, null, 2) + "\n";
+  await writeFile(lockfilePath, newContents);
+  console.log(`Updated ${lockfilePath}`);
+} else {
+  console.log("No changes needed.");
+}
--- a/flatpak/generate-sources.sh
+++ b/flatpak/generate-sources.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+#
+# Generate offline dependency source files for Flatpak builds.
+#
+# Prerequisites:
+#   pip install flatpak-node-generator tomlkit aiohttp
+#   Clone https://github.com/flatpak/flatpak-builder-tools (for cargo generator)
+#
+# Usage:
+#   ./flatpak/generate-sources.sh <flathub-repo-path>
+#   ./flatpak/generate-sources.sh ../flathub-repo
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+if [ $# -lt 1 ]; then
+    echo "Usage: $0 <flathub-repo-path>"
+    echo "Example: $0 ../flathub-repo"
+    exit 1
+fi
+
+FLATHUB_REPO="$(cd "$1" && pwd)"
+
+python3 "$SCRIPT_DIR/flatpak-builder-tools/cargo/flatpak-cargo-generator.py" \
+  -o "$FLATHUB_REPO/cargo-sources.json" "$REPO_ROOT/Cargo.lock"
+
+TMPDIR=$(mktemp -d)
+trap 'rm -rf "$TMPDIR"' EXIT
+
+cp "$REPO_ROOT/package-lock.json" "$TMPDIR/package-lock.json"
+cp "$REPO_ROOT/package.json" "$TMPDIR/package.json"
+
+node "$SCRIPT_DIR/fix-lockfile.mjs" "$TMPDIR/package-lock.json"
+
+node -e "
+  const fs = require('fs');
+  const p = process.argv[1];
+  const d = JSON.parse(fs.readFileSync(p, 'utf-8'));
+  for (const [name, info] of Object.entries(d.packages || {})) {
+    if (name && (info.link || !info.resolved)) delete d.packages[name];
+  }
+  fs.writeFileSync(p, JSON.stringify(d, null, 2));
+" "$TMPDIR/package-lock.json"
+
+flatpak-node-generator --no-requests-cache \
+  -o "$FLATHUB_REPO/node-sources.json" npm "$TMPDIR/package-lock.json"
--- a/flatpak/update-manifest.sh
+++ b/flatpak/update-manifest.sh
@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+#
+# Update the Flathub repo for a new release.
+#
+# Usage:
+#   ./flatpak/update-manifest.sh <version-tag> <flathub-repo-path>
+#   ./flatpak/update-manifest.sh v2026.2.0 ../flathub-repo
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+if [ $# -lt 2 ]; then
+    echo "Usage: $0 <version-tag> <flathub-repo-path>"
+    echo "Example: $0 v2026.2.0 ../flathub-repo"
+    exit 1
+fi
+
+VERSION_TAG="$1"
+VERSION="${VERSION_TAG#v}"
+FLATHUB_REPO="$(cd "$2" && pwd)"
+MANIFEST="$FLATHUB_REPO/app.yaak.Yaak.yml"
+METAINFO="$SCRIPT_DIR/app.yaak.Yaak.metainfo.xml"
+
+if [[ "$VERSION" == *-* ]]; then
+    echo "Skipping pre-release version '$VERSION_TAG' (only stable releases are published to Flathub)"
+    exit 0
+fi
+
+REPO="mountain-loop/yaak"
+COMMIT=$(git ls-remote "https://github.com/$REPO.git" "refs/tags/$VERSION_TAG" | cut -f1)
+
+if [ -z "$COMMIT" ]; then
+    echo "Error: Could not resolve commit for tag $VERSION_TAG"
+    exit 1
+fi
+
+echo "Tag: $VERSION_TAG"
+echo "Commit: $COMMIT"
+
+# Update git tag and commit in the manifest
+sed -i "s|tag: v.*|tag: $VERSION_TAG|" "$MANIFEST"
+sed -i "s|commit: .*|commit: $COMMIT|" "$MANIFEST"
+echo "Updated manifest tag and commit."
+
+# Regenerate offline dependency sources from the tagged lockfiles
+TMPDIR=$(mktemp -d)
+trap 'rm -rf "$TMPDIR"' EXIT
+
+echo "Fetching lockfiles from $VERSION_TAG..."
+curl -fsSL "https://raw.githubusercontent.com/$REPO/$VERSION_TAG/Cargo.lock" -o "$TMPDIR/Cargo.lock"
+curl -fsSL "https://raw.githubusercontent.com/$REPO/$VERSION_TAG/package-lock.json" -o "$TMPDIR/package-lock.json"
+curl -fsSL "https://raw.githubusercontent.com/$REPO/$VERSION_TAG/package.json" -o "$TMPDIR/package.json"
+
+echo "Generating cargo-sources.json..."
+python3 "$SCRIPT_DIR/flatpak-builder-tools/cargo/flatpak-cargo-generator.py" \
+  -o "$FLATHUB_REPO/cargo-sources.json" "$TMPDIR/Cargo.lock"
+
+echo "Generating node-sources.json..."
+node "$SCRIPT_DIR/fix-lockfile.mjs" "$TMPDIR/package-lock.json"
+
+node -e "
+  const fs = require('fs');
+  const p = process.argv[1];
+  const d = JSON.parse(fs.readFileSync(p, 'utf-8'));
+  for (const [name, info] of Object.entries(d.packages || {})) {
+    if (name && (info.link || !info.resolved)) delete d.packages[name];
+  }
+  fs.writeFileSync(p, JSON.stringify(d, null, 2));
+" "$TMPDIR/package-lock.json"
+
+flatpak-node-generator --no-requests-cache \
+  -o "$FLATHUB_REPO/node-sources.json" npm "$TMPDIR/package-lock.json"
+
+# Update metainfo with new release
+TODAY=$(date +%Y-%m-%d)
+sed -i "s|  <releases>|  <releases>\n    <release version=\"$VERSION\" date=\"$TODAY\" />|" "$METAINFO"
+echo "Updated metainfo with release $VERSION."
+
+echo ""
+echo "Done! Review the changes:"
+echo "  $MANIFEST"
+echo "  $METAINFO"
+echo "  $FLATHUB_REPO/cargo-sources.json"
+echo "  $FLATHUB_REPO/node-sources.json"
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,7 +12,8 @@
        "packages/plugin-runtime",
        "packages/plugin-runtime-types",
        "plugins-external/mcp-server",
-        "plugins-external/template-function-faker",
+        "plugins-external/faker",
+        "plugins-external/httpsnippet",
        "plugins/action-copy-curl",
        "plugins/action-copy-grpcurl",
        "plugins/action-send-folder",
@@ -62,8 +63,15 @@
        "crates/yaak-ws",
        "src-web"
      ],
+      "dependencies": {
+        "@codemirror/lang-go": "^6.0.1",
+        "@codemirror/lang-java": "^6.0.2",
+        "@codemirror/lang-php": "^6.0.2",
+        "@codemirror/lang-python": "^6.2.1",
+        "@codemirror/legacy-modes": "^6.5.2"
+      },
      "devDependencies": {
-        "@biomejs/biome": "^2.3.10",
+        "@biomejs/biome": "^2.3.13",
        "@tauri-apps/cli": "^2.9.6",
        "@yaakapp/cli": "^0.3.4",
        "dotenv-cli": "^11.0.0",
@@ -501,9 +509,9 @@
      }
    },
    "node_modules/@biomejs/biome": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-2.3.11.tgz",
-      "integrity": "sha512-/zt+6qazBWguPG6+eWmiELqO+9jRsMZ/DBU3lfuU2ngtIQYzymocHhKiZRyrbra4aCOoyTg/BmY+6WH5mv9xmQ==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-2.3.13.tgz",
+      "integrity": "sha512-Fw7UsV0UAtWIBIm0M7g5CRerpu1eKyKAXIazzxhbXYUyMkwNrkX/KLkGI7b+uVDQ5cLUMfOC9vR60q9IDYDstA==",
      "dev": true,
      "license": "MIT OR Apache-2.0",
      "bin": {
@@ -517,20 +525,20 @@
        "url": "https://opencollective.com/biome"
      },
      "optionalDependencies": {
-        "@biomejs/cli-darwin-arm64": "2.3.11",
-        "@biomejs/cli-darwin-x64": "2.3.11",
-        "@biomejs/cli-linux-arm64": "2.3.11",
-        "@biomejs/cli-linux-arm64-musl": "2.3.11",
-        "@biomejs/cli-linux-x64": "2.3.11",
-        "@biomejs/cli-linux-x64-musl": "2.3.11",
-        "@biomejs/cli-win32-arm64": "2.3.11",
-        "@biomejs/cli-win32-x64": "2.3.11"
+        "@biomejs/cli-darwin-arm64": "2.3.13",
+        "@biomejs/cli-darwin-x64": "2.3.13",
+        "@biomejs/cli-linux-arm64": "2.3.13",
+        "@biomejs/cli-linux-arm64-musl": "2.3.13",
+        "@biomejs/cli-linux-x64": "2.3.13",
+        "@biomejs/cli-linux-x64-musl": "2.3.13",
+        "@biomejs/cli-win32-arm64": "2.3.13",
+        "@biomejs/cli-win32-x64": "2.3.13"
      }
    },
    "node_modules/@biomejs/cli-darwin-arm64": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.3.11.tgz",
-      "integrity": "sha512-/uXXkBcPKVQY7rc9Ys2CrlirBJYbpESEDme7RKiBD6MmqR2w3j0+ZZXRIL2xiaNPsIMMNhP1YnA+jRRxoOAFrA==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.3.13.tgz",
+      "integrity": "sha512-0OCwP0/BoKzyJHnFdaTk/i7hIP9JHH9oJJq6hrSCPmJPo8JWcJhprK4gQlhFzrwdTBAW4Bjt/RmCf3ZZe59gwQ==",
      "cpu": [
        "arm64"
      ],
@@ -545,9 +553,9 @@
      }
    },
    "node_modules/@biomejs/cli-darwin-x64": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.3.11.tgz",
-      "integrity": "sha512-fh7nnvbweDPm2xEmFjfmq7zSUiox88plgdHF9OIW4i99WnXrAC3o2P3ag9judoUMv8FCSUnlwJCM1B64nO5Fbg==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.3.13.tgz",
+      "integrity": "sha512-AGr8OoemT/ejynbIu56qeil2+F2WLkIjn2d8jGK1JkchxnMUhYOfnqc9sVzcRxpG9Ycvw4weQ5sprRvtb7Yhcw==",
      "cpu": [
        "x64"
      ],
@@ -562,9 +570,9 @@
      }
    },
    "node_modules/@biomejs/cli-linux-arm64": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.3.11.tgz",
-      "integrity": "sha512-l4xkGa9E7Uc0/05qU2lMYfN1H+fzzkHgaJoy98wO+b/7Gl78srbCRRgwYSW+BTLixTBrM6Ede5NSBwt7rd/i6g==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.3.13.tgz",
+      "integrity": "sha512-xvOiFkrDNu607MPMBUQ6huHmBG1PZLOrqhtK6pXJW3GjfVqJg0Z/qpTdhXfcqWdSZHcT+Nct2fOgewZvytESkw==",
      "cpu": [
        "arm64"
      ],
@@ -579,9 +587,9 @@
      }
    },
    "node_modules/@biomejs/cli-linux-arm64-musl": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.3.11.tgz",
-      "integrity": "sha512-XPSQ+XIPZMLaZ6zveQdwNjbX+QdROEd1zPgMwD47zvHV+tCGB88VH+aynyGxAHdzL+Tm/+DtKST5SECs4iwCLg==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.3.13.tgz",
+      "integrity": "sha512-TUdDCSY+Eo/EHjhJz7P2GnWwfqet+lFxBZzGHldrvULr59AgahamLs/N85SC4+bdF86EhqDuuw9rYLvLFWWlXA==",
      "cpu": [
        "arm64"
      ],
@@ -596,9 +604,9 @@
      }
    },
    "node_modules/@biomejs/cli-linux-x64": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-2.3.11.tgz",
-      "integrity": "sha512-/1s9V/H3cSe0r0Mv/Z8JryF5x9ywRxywomqZVLHAoa/uN0eY7F8gEngWKNS5vbbN/BsfpCG5yeBT5ENh50Frxg==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-2.3.13.tgz",
+      "integrity": "sha512-s+YsZlgiXNq8XkgHs6xdvKDFOj/bwTEevqEY6rC2I3cBHbxXYU1LOZstH3Ffw9hE5tE1sqT7U23C00MzkXztMw==",
      "cpu": [
        "x64"
      ],
@@ -613,9 +621,9 @@
      }
    },
    "node_modules/@biomejs/cli-linux-x64-musl": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.3.11.tgz",
-      "integrity": "sha512-vU7a8wLs5C9yJ4CB8a44r12aXYb8yYgBn+WeyzbMjaCMklzCv1oXr8x+VEyWodgJt9bDmhiaW/I0RHbn7rsNmw==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.3.13.tgz",
+      "integrity": "sha512-0bdwFVSbbM//Sds6OjtnmQGp4eUjOTt6kHvR/1P0ieR9GcTUAlPNvPC3DiavTqq302W34Ae2T6u5VVNGuQtGlQ==",
      "cpu": [
        "x64"
      ],
@@ -630,9 +638,9 @@
      }
    },
    "node_modules/@biomejs/cli-win32-arm64": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.3.11.tgz",
-      "integrity": "sha512-PZQ6ElCOnkYapSsysiTy0+fYX+agXPlWugh6+eQ6uPKI3vKAqNp6TnMhoM3oY2NltSB89hz59o8xIfOdyhi9Iw==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.3.13.tgz",
+      "integrity": "sha512-QweDxY89fq0VvrxME+wS/BXKmqMrOTZlN9SqQ79kQSIc3FrEwvW/PvUegQF6XIVaekncDykB5dzPqjbwSKs9DA==",
      "cpu": [
        "arm64"
      ],
@@ -647,9 +655,9 @@
      }
    },
    "node_modules/@biomejs/cli-win32-x64": {
-      "version": "2.3.11",
-      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-2.3.11.tgz",
-      "integrity": "sha512-43VrG813EW+b5+YbDbz31uUsheX+qFKCpXeY9kfdAx+ww3naKxeVkTD9zLIWxUPfJquANMHrmW3wbe/037G0Qg==",
+      "version": "2.3.13",
+      "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-2.3.13.tgz",
+      "integrity": "sha512-trDw2ogdM2lyav9WFQsdsfdVy1dvZALymRpgmWsvSez0BJzBjulhOT/t+wyKeh3pZWvwP3VMs1SoOKwO3wecMQ==",
      "cpu": [
        "x64"
      ],
@@ -736,6 +744,19 @@
        "@lezer/css": "^1.1.7"
      }
    },
+    "node_modules/@codemirror/lang-go": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-go/-/lang-go-6.0.1.tgz",
+      "integrity": "sha512-7fNvbyNylvqCphW9HD6WFnRpcDjr+KXX/FgqXy5H5ZS0eC5edDljukm/yNgYkwTsgp2busdod50AOTIy6Jikfg==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.0.0",
+        "@codemirror/language": "^6.6.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.0.0",
+        "@lezer/go": "^1.0.0"
+      }
+    },
    "node_modules/@codemirror/lang-html": {
      "version": "6.4.11",
      "resolved": "https://registry.npmjs.org/@codemirror/lang-html/-/lang-html-6.4.11.tgz",
@@ -753,6 +774,16 @@
        "@lezer/html": "^1.3.12"
      }
    },
+    "node_modules/@codemirror/lang-java": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-java/-/lang-java-6.0.2.tgz",
+      "integrity": "sha512-m5Nt1mQ/cznJY7tMfQTJchmrjdjQ71IDs+55d1GAa8DGaB8JXWsVCkVT284C3RTASaY43YknrK2X3hPO/J3MOQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/language": "^6.0.0",
+        "@lezer/java": "^1.0.0"
+      }
+    },
    "node_modules/@codemirror/lang-javascript": {
      "version": "6.2.4",
      "resolved": "https://registry.npmjs.org/@codemirror/lang-javascript/-/lang-javascript-6.2.4.tgz",
@@ -793,6 +824,32 @@
        "@lezer/markdown": "^1.0.0"
      }
    },
+    "node_modules/@codemirror/lang-php": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-php/-/lang-php-6.0.2.tgz",
+      "integrity": "sha512-ZKy2v1n8Fc8oEXj0Th0PUMXzQJ0AIR6TaZU+PbDHExFwdu+guzOA4jmCHS1Nz4vbFezwD7LyBdDnddSJeScMCA==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/lang-html": "^6.0.0",
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.0.0",
+        "@lezer/php": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/lang-python": {
+      "version": "6.2.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-python/-/lang-python-6.2.1.tgz",
+      "integrity": "sha512-IRjC8RUBhn9mGR9ywecNhB51yePWCGgvHfY1lWN/Mrp3cKuHr0isDKia+9HnvhiWNnMpbGhWrkhuWOc09exRyw==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.3.2",
+        "@codemirror/language": "^6.8.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.2.1",
+        "@lezer/python": "^1.1.4"
+      }
+    },
    "node_modules/@codemirror/lang-xml": {
      "version": "6.1.0",
      "resolved": "https://registry.npmjs.org/@codemirror/lang-xml/-/lang-xml-6.1.0.tgz",
@@ -807,6 +864,21 @@
        "@lezer/xml": "^1.0.0"
      }
    },
+    "node_modules/@codemirror/lang-yaml": {
+      "version": "6.1.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-yaml/-/lang-yaml-6.1.2.tgz",
+      "integrity": "sha512-dxrfG8w5Ce/QbT7YID7mWZFKhdhsaTNOYjOkSIMt1qmC4VQnXSDSYVHHHn8k6kJUfIhtLo8t1JJgltlxWdsITw==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.0.0",
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.2.0",
+        "@lezer/lr": "^1.0.0",
+        "@lezer/yaml": "^1.0.0"
+      }
+    },
    "node_modules/@codemirror/language": {
      "version": "6.12.1",
      "resolved": "https://registry.npmjs.org/@codemirror/language/-/language-6.12.1.tgz",
@@ -821,6 +893,15 @@
        "style-mod": "^4.0.0"
      }
    },
+    "node_modules/@codemirror/legacy-modes": {
+      "version": "6.5.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/legacy-modes/-/legacy-modes-6.5.2.tgz",
+      "integrity": "sha512-/jJbwSTazlQEDOQw2FJ8LEEKVS72pU0lx6oM54kGpL8t/NJ2Jda3CZ4pcltiKTdqYSRk3ug1B3pil1gsjA6+8Q==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/language": "^6.0.0"
+      }
+    },
    "node_modules/@codemirror/lint": {
      "version": "6.9.2",
      "resolved": "https://registry.npmjs.org/@codemirror/lint/-/lint-6.9.2.tgz",
@@ -832,6 +913,19 @@
        "crelt": "^1.0.5"
      }
    },
+    "node_modules/@codemirror/merge": {
+      "version": "6.11.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/merge/-/merge-6.11.2.tgz",
+      "integrity": "sha512-NO5EJd2rLRbwVWLgMdhIntDIhfDtMOKYEZgqV5WnkNUS2oXOCVWLPjG/kgl/Jth2fGiOuG947bteqxP9nBXmMg==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.17.0",
+        "@lezer/highlight": "^1.0.0",
+        "style-mod": "^4.1.0"
+      }
+    },
    "node_modules/@codemirror/search": {
      "version": "6.5.11",
      "resolved": "https://registry.npmjs.org/@codemirror/search/-/search-6.5.11.tgz",
@@ -1386,9 +1480,9 @@
      }
    },
    "node_modules/@hono/node-server": {
-      "version": "1.19.8",
-      "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.8.tgz",
-      "integrity": "sha512-0/g2lIOPzX8f3vzW1ggQgvG5mjtFBDBHFAzI5SFAi2DzSqS9luJwqg9T6O/gKYLi+inS7eNxBeIFkkghIPvrMA==",
+      "version": "1.19.9",
+      "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.9.tgz",
+      "integrity": "sha512-vHL6w3ecZsky+8P5MD+eFfaGTyCeOHUIFYMGpQGbrBTSmNNoxv0if69rEZ5giu36weC5saFuznL411gRX7bJDw==",
      "license": "MIT",
      "engines": {
        "node": ">=18.14.1"
@@ -1542,6 +1636,17 @@
        "lezer-generator": "src/lezer-generator.cjs"
      }
    },
+    "node_modules/@lezer/go": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@lezer/go/-/go-1.0.1.tgz",
+      "integrity": "sha512-xToRsYxwsgJNHTgNdStpcvmbVuKxTapV0dM0wey1geMMRc9aggoVyKgzYp41D2/vVOx+Ii4hmE206kvxIXBVXQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.3.0"
+      }
+    },
    "node_modules/@lezer/highlight": {
      "version": "1.2.3",
      "resolved": "https://registry.npmjs.org/@lezer/highlight/-/highlight-1.2.3.tgz",
@@ -1562,6 +1667,17 @@
        "@lezer/lr": "^1.0.0"
      }
    },
+    "node_modules/@lezer/java": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/@lezer/java/-/java-1.1.3.tgz",
+      "integrity": "sha512-yHquUfujwg6Yu4Fd1GNHCvidIvJwi/1Xu2DaKl/pfWIA2c1oXkVvawH3NyXhCaFx4OdlYBVX5wvz2f7Aoa/4Xw==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0"
+      }
+    },
    "node_modules/@lezer/javascript": {
      "version": "1.5.4",
      "resolved": "https://registry.npmjs.org/@lezer/javascript/-/javascript-1.5.4.tgz",
@@ -1603,6 +1719,28 @@
        "@lezer/highlight": "^1.0.0"
      }
    },
+    "node_modules/@lezer/php": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/@lezer/php/-/php-1.0.5.tgz",
+      "integrity": "sha512-W7asp9DhM6q0W6DYNwIkLSKOvxlXRrif+UXBMxzsJUuqmhE7oVU+gS3THO4S/Puh7Xzgm858UNaFi6dxTP8dJA==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.1.0"
+      }
+    },
+    "node_modules/@lezer/python": {
+      "version": "1.1.18",
+      "resolved": "https://registry.npmjs.org/@lezer/python/-/python-1.1.18.tgz",
+      "integrity": "sha512-31FiUrU7z9+d/ElGQLJFXl+dKOdx0jALlP3KEOsGTex8mvj+SoE1FgItcHWK/axkxCHGUSpqIHt6JAWfWu9Rhg==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0"
+      }
+    },
    "node_modules/@lezer/xml": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/@lezer/xml/-/xml-1.0.6.tgz",
@@ -1614,6 +1752,17 @@
        "@lezer/lr": "^1.0.0"
      }
    },
+    "node_modules/@lezer/yaml": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@lezer/yaml/-/yaml-1.0.3.tgz",
+      "integrity": "sha512-GuBLekbw9jDBDhGur82nuwkxKQ+a3W5H0GfaAthDXcAu+XdpS43VlnxA9E9hllkpSP5ellRDKjLLj7Lu9Wr6xA==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.4.0"
+      }
+    },
    "node_modules/@marijn/find-cluster-break": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/@marijn/find-cluster-break/-/find-cluster-break-1.0.2.tgz",
@@ -1636,12 +1785,12 @@
      }
    },
    "node_modules/@modelcontextprotocol/sdk": {
-      "version": "1.25.2",
-      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.25.2.tgz",
-      "integrity": "sha512-LZFeo4F9M5qOhC/Uc1aQSrBHxMrvxett+9KLHt7OhcExtoiRN9DKgbZffMP/nxjutWDQpfMDfP3nkHI4X9ijww==",
+      "version": "1.26.0",
+      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.26.0.tgz",
+      "integrity": "sha512-Y5RmPncpiDtTXDbLKswIJzTqu2hyBKxTNsgKqKclDbhIgg1wgtf1fRuvxgTnRfcnxtvvgbIEcqUOzZrJ6iSReg==",
      "license": "MIT",
      "dependencies": {
-        "@hono/node-server": "^1.19.7",
+        "@hono/node-server": "^1.19.9",
        "ajv": "^8.17.1",
        "ajv-formats": "^3.0.1",
        "content-type": "^1.0.5",
@@ -1649,14 +1798,15 @@
        "cross-spawn": "^7.0.5",
        "eventsource": "^3.0.2",
        "eventsource-parser": "^3.0.0",
-        "express": "^5.0.1",
-        "express-rate-limit": "^7.5.0",
-        "jose": "^6.1.1",
+        "express": "^5.2.1",
+        "express-rate-limit": "^8.2.1",
+        "hono": "^4.11.4",
+        "jose": "^6.1.3",
        "json-schema-typed": "^8.0.2",
        "pkce-challenge": "^5.0.0",
        "raw-body": "^3.0.0",
        "zod": "^3.25 || ^4.0",
-        "zod-to-json-schema": "^3.25.0"
+        "zod-to-json-schema": "^3.25.1"
      },
      "engines": {
        "node": ">=18"
@@ -1982,6 +2132,19 @@
        "node": ">=16.9"
      }
    },
+    "node_modules/@readme/httpsnippet": {
+      "version": "11.0.0",
+      "resolved": "https://registry.npmjs.org/@readme/httpsnippet/-/httpsnippet-11.0.0.tgz",
+      "integrity": "sha512-XSyaAsJkZfmMO9R4WDlVJARZgd4wlImftSkMkKclidniXA1h6DTya9iTqJenQo9mHQLh3u6kAC3CDRaIV+LbLw==",
+      "license": "MIT",
+      "dependencies": {
+        "qs": "^6.11.2",
+        "stringify-object": "^3.3.0"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
    "node_modules/@replit/codemirror-emacs": {
      "version": "6.1.0",
      "resolved": "https://registry.npmjs.org/@replit/codemirror-emacs/-/codemirror-emacs-6.1.0.tgz",
@@ -3759,13 +3922,6 @@
        "@types/react": "*"
      }
    },
-    "node_modules/@types/shell-quote": {
-      "version": "1.7.5",
-      "resolved": "https://registry.npmjs.org/@types/shell-quote/-/shell-quote-1.7.5.tgz",
-      "integrity": "sha512-+UE8GAGRPbJVQDdxi16dgadcBfQ+KG2vgZhV1+3A1XmHbmwcdwhCUwIdy+d3pAGrbvgRoVSjeI9vOWyq376Yzw==",
-      "dev": true,
-      "license": "MIT"
-    },
    "node_modules/@types/unist": {
      "version": "3.0.3",
      "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz",
@@ -3997,6 +4153,10 @@
      "resolved": "plugins/auth-oauth2",
      "link": true
    },
+    "node_modules/@yaak/faker": {
+      "resolved": "plugins-external/faker",
+      "link": true
+    },
    "node_modules/@yaak/filter-jsonpath": {
      "resolved": "plugins/filter-jsonpath",
      "link": true
@@ -4005,6 +4165,10 @@
      "resolved": "plugins/filter-xpath",
      "link": true
    },
+    "node_modules/@yaak/httpsnippet": {
+      "resolved": "plugins-external/httpsnippet",
+      "link": true
+    },
    "node_modules/@yaak/importer-curl": {
      "resolved": "plugins/importer-curl",
      "link": true
@@ -6826,10 +6990,13 @@
      }
    },
    "node_modules/express-rate-limit": {
-      "version": "7.5.1",
-      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.1.tgz",
-      "integrity": "sha512-7iN8iPMDzOMHPUYllBEsQdWVB6fPDMPqwjBaFrgr4Jgr/+okjvzAy+UHlYYL/Vs0OsOrMkwS6PJDkFlJwoxUnw==",
+      "version": "8.2.1",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.2.1.tgz",
+      "integrity": "sha512-PCZEIEIxqwhzw4KF0n7QF4QqruVTcF73O5kFKUnGOyjbCCgizBBiFaYpd/fnBLUMPw/BWw9OsiN7GgrNYr7j6g==",
      "license": "MIT",
+      "dependencies": {
+        "ip-address": "10.0.1"
+      },
      "engines": {
        "node": ">= 16"
      },
@@ -7368,6 +7535,12 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
+    "node_modules/get-own-enumerable-property-symbols": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/get-own-enumerable-property-symbols/-/get-own-enumerable-property-symbols-3.0.2.tgz",
+      "integrity": "sha512-I0UBV/XOz1XkIJHEUDMZAbzCThU/H8DxmSfmdGcKPnVhu2VfFqr34jr9777IyaTYvxjedWhqVIilEDsCdP5G6g==",
+      "license": "ISC"
+    },
    "node_modules/get-proto": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
@@ -7811,9 +7984,9 @@
      }
    },
    "node_modules/hono": {
-      "version": "4.11.3",
-      "resolved": "https://registry.npmjs.org/hono/-/hono-4.11.3.tgz",
-      "integrity": "sha512-PmQi306+M/ct/m5s66Hrg+adPnkD5jiO6IjA7WhWw0gSBSo1EcRegwuI1deZ+wd5pzCGynCcn2DprnE4/yEV4w==",
+      "version": "4.11.7",
+      "resolved": "https://registry.npmjs.org/hono/-/hono-4.11.7.tgz",
+      "integrity": "sha512-l7qMiNee7t82bH3SeyUCt9UF15EVmaBvsppY2zQtrbIhl/yzBTny+YUxsVjSjQ6gaqaeVtZmGocom8TzBlA4Yw==",
      "license": "MIT",
      "engines": {
        "node": ">=16.9.0"
@@ -8096,6 +8269,15 @@
        "node": ">= 0.4"
      }
    },
+    "node_modules/ip-address": {
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.0.1.tgz",
+      "integrity": "sha512-NWv9YLW4PoW2B7xtzaS3NCot75m6nK7Icdv0o3lfMceJVRfSoQwqD4wEH5rLwoKJwUiZ/rfpiVBhnaF0FK4HoA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
    "node_modules/ip-bigint": {
      "version": "7.3.0",
      "resolved": "https://registry.npmjs.org/ip-bigint/-/ip-bigint-7.3.0.tgz",
@@ -8477,6 +8659,15 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
+    "node_modules/is-obj": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-1.0.1.tgz",
+      "integrity": "sha512-l4RyHgRqGN4Y3+9JHVrNqO+tN0rV5My76uW5/nuO4K1b6vw5G8d/cmFjP9tRfEsdhZNt0IFdZuK/c2Vr4Nb+Qg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
    "node_modules/is-plain-obj": {
      "version": "4.1.0",
      "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz",
@@ -13211,6 +13402,7 @@
      "version": "1.8.3",
      "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.3.tgz",
      "integrity": "sha512-ObmnIF4hXNg1BqhnHmgbDETF8dLPCggZWBjkQfhZpbszZnYur5DUljTcCHii5LC3J5E0yeO/1LIMyH+UvHQgyw==",
+      "dev": true,
      "license": "MIT",
      "engines": {
        "node": ">= 0.4"
@@ -13219,6 +13411,12 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
+    "node_modules/shlex": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/shlex/-/shlex-3.0.0.tgz",
+      "integrity": "sha512-jHPXQQk9d/QXCvJuLPYMOYWez3c43sORAgcIEoV7bFv5AJSJRAOyw5lQO12PMfd385qiLRCaDt7OtEzgrIGZUA==",
+      "license": "MIT"
+    },
    "node_modules/should": {
      "version": "13.2.3",
      "resolved": "https://registry.npmjs.org/should/-/should-13.2.3.tgz",
@@ -13737,6 +13935,29 @@
        "url": "https://github.com/sponsors/wooorm"
      }
    },
+    "node_modules/stringify-object": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/stringify-object/-/stringify-object-3.3.0.tgz",
+      "integrity": "sha512-rHqiFh1elqCQ9WPLIC8I0Q/g/wj5J1eMkyoiD6eoQApWHP0FtlK7rqnhmabL5VUY9JQCcqwwvlOaSuutekgyrw==",
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "get-own-enumerable-property-symbols": "^3.0.0",
+        "is-obj": "^1.0.1",
+        "is-regexp": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/stringify-object/node_modules/is-regexp": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-regexp/-/is-regexp-1.0.0.tgz",
+      "integrity": "sha512-7zjFAPO4/gwyQAAgRRmqeEeyIICSdmCqa3tsVHMdBzaXXRiqopZL4Cyghg/XulGWrtABTpbnYYzzIRffLkP4oA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
    "node_modules/strip-ansi": {
      "version": "7.1.2",
      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz",
@@ -15721,7 +15942,7 @@
    },
    "packages/plugin-runtime-types": {
      "name": "@yaakapp/api",
-      "version": "0.7.1",
+      "version": "0.8.0",
      "dependencies": {
        "@types/node": "^24.0.13"
      },
@@ -15736,14 +15957,69 @@
        "undici-types": "~7.16.0"
      }
    },
+    "plugins-external/faker": {
+      "name": "@yaak/faker",
+      "version": "1.1.1",
+      "dependencies": {
+        "@faker-js/faker": "^10.1.0"
+      },
+      "devDependencies": {
+        "@types/node": "^25.0.3",
+        "typescript": "^5.9.3"
+      }
+    },
+    "plugins-external/faker/node_modules/@faker-js/faker": {
+      "version": "10.3.0",
+      "resolved": "https://registry.npmjs.org/@faker-js/faker/-/faker-10.3.0.tgz",
+      "integrity": "sha512-It0Sne6P3szg7JIi6CgKbvTZoMjxBZhcv91ZrqrNuaZQfB5WoqYYbzCUOq89YR+VY8juY9M1vDWmDDa2TzfXCw==",
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/fakerjs"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": "^20.19.0 || ^22.13.0 || ^23.5.0 || >=24.0.0",
+        "npm": ">=10"
+      }
+    },
+    "plugins-external/httpsnippet": {
+      "name": "@yaak/httpsnippet",
+      "version": "1.0.3",
+      "dependencies": {
+        "@readme/httpsnippet": "^11.0.0"
+      },
+      "devDependencies": {
+        "@types/node": "^22.0.0",
+        "typescript": "^5.9.3"
+      }
+    },
+    "plugins-external/httpsnippet/node_modules/@types/node": {
+      "version": "22.19.9",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.19.9.tgz",
+      "integrity": "sha512-PD03/U8g1F9T9MI+1OBisaIARhSzeidsUjQaf51fOxrfjeiKN9bLVO06lHuHYjxdnqLWJijJHfqXPSJri2EM2A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~6.21.0"
+      }
+    },
+    "plugins-external/httpsnippet/node_modules/undici-types": {
+      "version": "6.21.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz",
+      "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==",
+      "dev": true,
+      "license": "MIT"
+    },
    "plugins-external/mcp-server": {
      "name": "@yaak/mcp-server",
-      "version": "0.1.7",
+      "version": "0.2.1",
      "dependencies": {
        "@hono/mcp": "^0.2.3",
        "@hono/node-server": "^1.19.7",
-        "@modelcontextprotocol/sdk": "^1.25.2",
-        "hono": "^4.11.3",
+        "@modelcontextprotocol/sdk": "^1.26.0",
+        "hono": "^4.11.7",
        "zod": "^3.25.76"
      },
      "devDependencies": {
@@ -15835,10 +16111,7 @@
      "name": "@yaak/importer-curl",
      "version": "0.1.0",
      "dependencies": {
-        "shell-quote": "^1.8.1"
-      },
-      "devDependencies": {
-        "@types/shell-quote": "^1.7.5"
+        "shlex": "^3.0.0"
      }
    },
    "plugins/importer-insomnia": {
@@ -15984,7 +16257,9 @@
        "@codemirror/lang-json": "^6.0.1",
        "@codemirror/lang-markdown": "^6.3.2",
        "@codemirror/lang-xml": "^6.1.0",
+        "@codemirror/lang-yaml": "^6.1.2",
        "@codemirror/language": "^6.11.0",
+        "@codemirror/merge": "^6.11.2",
        "@codemirror/search": "^6.5.11",
        "@dnd-kit/core": "^6.3.1",
        "@gilbarbara/deep-equal": "^0.3.1",
--- a/package.json
+++ b/package.json
@@ -11,7 +11,8 @@
    "packages/plugin-runtime",
    "packages/plugin-runtime-types",
    "plugins-external/mcp-server",
-    "plugins-external/template-function-faker",
+    "plugins-external/faker",
+    "plugins-external/httpsnippet",
    "plugins/action-copy-curl",
    "plugins/action-copy-grpcurl",
    "plugins/action-send-folder",
@@ -95,7 +96,7 @@
    "js-yaml": "^4.1.1"
  },
  "devDependencies": {
-    "@biomejs/biome": "^2.3.10",
+    "@biomejs/biome": "^2.3.13",
    "@tauri-apps/cli": "^2.9.6",
    "@yaakapp/cli": "^0.3.4",
    "dotenv-cli": "^11.0.0",
@@ -104,5 +105,12 @@
    "npm-run-all": "^4.1.5",
    "typescript": "^5.8.3",
    "vitest": "^3.2.4"
+  },
+  "dependencies": {
+    "@codemirror/lang-go": "^6.0.1",
+    "@codemirror/lang-java": "^6.0.2",
+    "@codemirror/lang-php": "^6.0.2",
+    "@codemirror/lang-python": "^6.2.1",
+    "@codemirror/legacy-modes": "^6.5.2"
  }
 }
--- a/packages/plugin-runtime-types/README.md
+++ b/packages/plugin-runtime-types/README.md
@@ -17,7 +17,7 @@ npx @yaakapp/cli generate
 ```

 For more details on creating plugins, check out
-the [Quick Start Guide](https://feedback.yaak.app/help/articles/6911763-plugins-quick-start)
+the [Quick Start Guide](https://yaak.app/docs/plugin-development/plugins-quick-start)

 ## Installation

--- a/packages/plugin-runtime-types/package.json
+++ b/packages/plugin-runtime-types/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@yaakapp/api",
-  "version": "0.7.1",
+  "version": "0.8.0",
  "keywords": [
    "api-client",
    "insomnia-alternative",
--- a/packages/plugin-runtime-types/src/bindings/gen_events.ts
+++ b/packages/plugin-runtime-types/src/bindings/gen_events.ts
@@ -66,7 +66,9 @@ export type DeleteModelRequest = { model: string, id: string, };

 export type DeleteModelResponse = { model: AnyModel, };

-export type EditorLanguage = "text" | "javascript" | "json" | "html" | "xml" | "graphql" | "markdown";
+export type DialogSize = "sm" | "md" | "lg" | "full" | "dynamic";
+
+export type EditorLanguage = "text" | "javascript" | "json" | "html" | "xml" | "graphql" | "markdown" | "c" | "clojure" | "csharp" | "go" | "http" | "java" | "kotlin" | "objective_c" | "ocaml" | "php" | "powershell" | "python" | "r" | "ruby" | "shell" | "swift";

 export type EmptyPayload = {};

@@ -172,7 +174,11 @@ hideGutter?: boolean,
 /**
 * Language for syntax highlighting
 */
-language?: EditorLanguage, readOnly?: boolean, completionOptions?: Array<GenericCompletionOption>, 
+language?: EditorLanguage, readOnly?: boolean, 
+/**
+ * Fixed number of visible rows
+ */
+rows?: number, completionOptions?: Array<GenericCompletionOption>, 
 /**
 * The name of the input. The value will be stored at this object attribute in the resulting data
 */
@@ -476,9 +482,9 @@ label: string, title?: string, size?: WindowSize, dataDirKey?: string, };

 export type PluginContext = { id: string, label: string | null, workspaceId: string | null, };

-export type PromptFormRequest = { id: string, title: string, description?: string, inputs: Array<FormInput>, confirmText?: string, cancelText?: string, };
+export type PromptFormRequest = { id: string, title: string, description?: string, inputs: Array<FormInput>, confirmText?: string, cancelText?: string, size?: DialogSize, };

-export type PromptFormResponse = { values: { [key in string]?: JsonPrimitive } | null, };
+export type PromptFormResponse = { values: { [key in string]?: JsonPrimitive } | null, done?: boolean, };

 export type PromptTextRequest = { id: string, title: string, label: string, description?: string, defaultValue?: string, placeholder?: string, 
 /**
--- a/packages/plugin-runtime-types/src/bindings/gen_models.ts
+++ b/packages/plugin-runtime-types/src/bindings/gen_models.ts
@@ -12,6 +12,8 @@ export type CookieExpires = { "AtUtc": string } | "SessionEnd";

 export type CookieJar = { model: "cookie_jar", id: string, createdAt: string, updatedAt: string, workspaceId: string, cookies: Array<Cookie>, name: string, };

+export type DnsOverride = { hostname: string, ipv4: Array<string>, ipv6: Array<string>, enabled?: boolean, };
+
 export type EditorKeymap = "default" | "vim" | "vscode" | "emacs";

 export type EncryptedKey = { encryptedKey: string, };
@@ -38,7 +40,7 @@ export type HttpRequest = { model: "http_request", id: string, createdAt: string

 export type HttpRequestHeader = { enabled?: boolean, name: string, value: string, id?: string, };

-export type HttpResponse = { model: "http_response", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, bodyPath: string | null, contentLength: number | null, contentLengthCompressed: number | null, elapsed: number, elapsedHeaders: number, error: string | null, headers: Array<HttpResponseHeader>, remoteAddr: string | null, requestContentLength: number | null, requestHeaders: Array<HttpResponseHeader>, status: number, statusReason: string | null, state: HttpResponseState, url: string, version: string | null, };
+export type HttpResponse = { model: "http_response", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, bodyPath: string | null, contentLength: number | null, contentLengthCompressed: number | null, elapsed: number, elapsedHeaders: number, elapsedDns: number, error: string | null, headers: Array<HttpResponseHeader>, remoteAddr: string | null, requestContentLength: number | null, requestHeaders: Array<HttpResponseHeader>, status: number, statusReason: string | null, state: HttpResponseState, url: string, version: string | null, };

 export type HttpResponseEvent = { model: "http_response_event", id: string, createdAt: string, updatedAt: string, workspaceId: string, responseId: string, event: HttpResponseEventData, };

@@ -47,7 +49,7 @@ export type HttpResponseEvent = { model: "http_response_event", id: string, crea
 * This mirrors `yaak_http::sender::HttpResponseEvent` but with serde support.
 * The `From` impl is in yaak-http to avoid circular dependencies.
 */
-export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, path: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, };
+export type HttpResponseEventData = { "type": "setting", name: string, value: string, } | { "type": "info", message: string, } | { "type": "redirect", url: string, status: number, behavior: string, } | { "type": "send_url", method: string, scheme: string, username: string, password: string, host: string, port: number, path: string, query: string, fragment: string, } | { "type": "receive_url", version: string, status: string, } | { "type": "header_up", name: string, value: string, } | { "type": "header_down", name: string, value: string, } | { "type": "chunk_sent", bytes: number, } | { "type": "chunk_received", bytes: number, } | { "type": "dns_resolved", hostname: string, addresses: Array<string>, duration: bigint, overridden: boolean, };

 export type HttpResponseHeader = { name: string, value: string, };

@@ -77,6 +79,6 @@ export type WebsocketEventType = "binary" | "close" | "frame" | "open" | "ping"

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, settingDnsOverrides: Array<DnsOverride>, };

 export type WorkspaceMeta = { model: "workspace_meta", id: string, workspaceId: string, createdAt: string, updatedAt: string, encryptionKey: EncryptedKey | null, settingSyncDir: string | null, };
--- a/packages/plugin-runtime-types/src/plugins/Context.ts
+++ b/packages/plugin-runtime-types/src/plugins/Context.ts
@@ -1,10 +1,12 @@
 import type {
  FindHttpResponsesRequest,
  FindHttpResponsesResponse,
+  FormInput,
  GetCookieValueRequest,
  GetCookieValueResponse,
  GetHttpRequestByIdRequest,
  GetHttpRequestByIdResponse,
+  JsonPrimitive,
  ListCookieNamesResponse,
  ListFoldersRequest,
  ListFoldersResponse,
@@ -25,8 +27,41 @@ import type {
  TemplateRenderRequest,
  WorkspaceInfo,
 } from '../bindings/gen_events.ts';
-import type { HttpRequest } from '../bindings/gen_models.ts';
+import type { Folder, HttpRequest } from '../bindings/gen_models.ts';
 import type { JsonValue } from '../bindings/serde_json/JsonValue';
+import type { MaybePromise } from '../helpers';
+
+export type CallPromptFormDynamicArgs = {
+  values: { [key in string]?: JsonPrimitive };
+};
+
+type AddDynamicMethod<T> = {
+  dynamic?: (
+    ctx: Context,
+    args: CallPromptFormDynamicArgs,
+  ) => MaybePromise<Partial<T> | null | undefined>;
+};
+
+// biome-ignore lint/suspicious/noExplicitAny: distributive conditional type pattern
+type AddDynamic<T> = T extends any
+  ? T extends { inputs?: FormInput[] }
+    ? Omit<T, 'inputs'> & {
+        inputs: Array<AddDynamic<FormInput>>;
+        dynamic?: (
+          ctx: Context,
+          args: CallPromptFormDynamicArgs,
+        ) => MaybePromise<
+          Partial<Omit<T, 'inputs'> & { inputs: Array<AddDynamic<FormInput>> }> | null | undefined
+        >;
+      }
+    : T & AddDynamicMethod<T>
+  : never;
+
+export type DynamicPromptFormArg = AddDynamic<FormInput>;
+
+type DynamicPromptFormRequest = Omit<PromptFormRequest, 'inputs'> & {
+  inputs: DynamicPromptFormArg[];
+};

 export type WorkspaceHandle = Pick<WorkspaceInfo, 'id' | 'name'>;

@@ -39,7 +74,7 @@ export interface Context {
  };
  prompt: {
    text(args: PromptTextRequest): Promise<PromptTextResponse['value']>;
-    form(args: PromptFormRequest): Promise<PromptFormResponse['values']>;
+    form(args: DynamicPromptFormRequest): Promise<PromptFormResponse['values']>;
  };
  store: {
    set<T>(key: string, value: T): Promise<void>;
@@ -82,6 +117,15 @@ export interface Context {
  };
  folder: {
    list(args?: ListFoldersRequest): Promise<ListFoldersResponse['folders']>;
+    getById(args: { id: string }): Promise<Folder | null>;
+    create(
+      args: Omit<Partial<Folder>, 'id' | 'model' | 'createdAt' | 'updatedAt'> &
+        Pick<Folder, 'workspaceId' | 'name'>,
+    ): Promise<Folder>;
+    update(
+      args: Omit<Partial<Folder>, 'model' | 'createdAt' | 'updatedAt'> & Pick<Folder, 'id'>,
+    ): Promise<Folder>;
+    delete(args: { id: string }): Promise<Folder>;
  };
  httpResponse: {
    find(args: FindHttpResponsesRequest): Promise<FindHttpResponsesResponse['httpResponses']>;
--- a/packages/plugin-runtime-types/src/plugins/index.ts
+++ b/packages/plugin-runtime-types/src/plugins/index.ts
@@ -2,21 +2,22 @@ import type { AuthenticationPlugin } from './AuthenticationPlugin';

 import type { Context } from './Context';
 import type { FilterPlugin } from './FilterPlugin';
+import type { FolderActionPlugin } from './FolderActionPlugin';
 import type { GrpcRequestActionPlugin } from './GrpcRequestActionPlugin';
 import type { HttpRequestActionPlugin } from './HttpRequestActionPlugin';
-import type { WebsocketRequestActionPlugin } from './WebsocketRequestActionPlugin';
-import type { WorkspaceActionPlugin } from './WorkspaceActionPlugin';
-import type { FolderActionPlugin } from './FolderActionPlugin';
 import type { ImporterPlugin } from './ImporterPlugin';
 import type { TemplateFunctionPlugin } from './TemplateFunctionPlugin';
 import type { ThemePlugin } from './ThemePlugin';
+import type { WebsocketRequestActionPlugin } from './WebsocketRequestActionPlugin';
+import type { WorkspaceActionPlugin } from './WorkspaceActionPlugin';

 export type { Context };
-export type { DynamicTemplateFunctionArg } from './TemplateFunctionPlugin';
 export type { DynamicAuthenticationArg } from './AuthenticationPlugin';
+export type { CallPromptFormDynamicArgs, DynamicPromptFormArg } from './Context';
+export type { DynamicTemplateFunctionArg } from './TemplateFunctionPlugin';
 export type { TemplateFunctionPlugin };
-export type { WorkspaceActionPlugin } from './WorkspaceActionPlugin';
 export type { FolderActionPlugin } from './FolderActionPlugin';
+export type { WorkspaceActionPlugin } from './WorkspaceActionPlugin';

 /**
 * The global structure of a Yaak plugin
--- a/packages/plugin-runtime/src/PluginInstance.ts
+++ b/packages/plugin-runtime/src/PluginInstance.ts
@@ -1,7 +1,12 @@
 import console from 'node:console';
 import { type Stats, statSync, watch } from 'node:fs';
 import path from 'node:path';
-import type { Context, PluginDefinition } from '@yaakapp/api';
+import type {
+  CallPromptFormDynamicArgs,
+  Context,
+  DynamicPromptFormArg,
+  PluginDefinition,
+} from '@yaakapp/api';
 import {
  applyFormInputDefaults,
  validateTemplateFunctionArgs,
@@ -11,6 +16,8 @@ import type {
  DeleteKeyValueResponse,
  DeleteModelResponse,
  FindHttpResponsesResponse,
+  Folder,
+  FormInput,
  GetCookieValueRequest,
  GetCookieValueResponse,
  GetHttpRequestByIdResponse,
@@ -54,6 +61,7 @@ export class PluginInstance {
  #mod: PluginDefinition;
  #pluginToAppEvents: EventChannel;
  #appToPluginEvents: EventChannel;
+  #pendingDynamicForms = new Map<string, DynamicPromptFormArg[]>();

  constructor(workerData: PluginWorkerData, pluginEvents: EventChannel) {
    this.#workerData = workerData;
@@ -105,6 +113,7 @@ export class PluginInstance {

  async terminate() {
    await this.#mod?.dispose?.();
+    this.#pendingDynamicForms.clear();
    this.#unimportModule();
  }

@@ -298,7 +307,7 @@ export class PluginInstance {
        const replyPayload: InternalEventPayload = {
          type: 'get_template_function_config_response',
          pluginRefId: this.#workerData.pluginRefId,
-          function: { ...fn, args: resolvedArgs },
+          function: { ...fn, args: stripDynamicCallbacks(resolvedArgs) },
        };
        this.#sendPayload(context, replyPayload, replyId);
        return;
@@ -325,7 +334,7 @@ export class PluginInstance {

        const replyPayload: InternalEventPayload = {
          type: 'get_http_authentication_config_response',
-          args: resolvedArgs,
+          args: stripDynamicCallbacks(resolvedArgs),
          actions: resolvedActions,
          pluginRefId: this.#workerData.pluginRefId,
        };
@@ -337,8 +346,8 @@ export class PluginInstance {
      if (payload.type === 'call_http_authentication_request' && this.#mod?.authentication) {
        const auth = this.#mod.authentication;
        if (typeof auth?.onApply === 'function') {
-          auth.args = await applyDynamicFormInput(ctx, auth.args, payload);
-          payload.values = applyFormInputDefaults(auth.args, payload.values);
+          const resolvedArgs = await applyDynamicFormInput(ctx, auth.args, payload);
+          payload.values = applyFormInputDefaults(resolvedArgs, payload.values);
          this.#sendPayload(
            context,
            {
@@ -663,10 +672,66 @@ export class PluginInstance {
          return reply.value;
        },
        form: async (args) => {
-          const reply: PromptFormResponse = await this.#sendForReply(context, {
-            type: 'prompt_form_request',
-            ...args,
+          // Resolve dynamic callbacks on initial inputs using default values
+          const defaults = applyFormInputDefaults(args.inputs, {});
+          const callArgs: CallPromptFormDynamicArgs = { values: defaults };
+          const resolvedInputs = await applyDynamicFormInput(
+            this.#newCtx(context),
+            args.inputs,
+            callArgs,
+          );
+          const strippedInputs = stripDynamicCallbacks(resolvedInputs);
+
+          // Build the event manually so we can get the event ID for keying
+          const eventToSend = this.#buildEventToSend(
+            context,
+            { type: 'prompt_form_request', ...args, inputs: strippedInputs },
+            null,
+          );
+
+          // Store original inputs (with dynamic callbacks) for later resolution
+          this.#pendingDynamicForms.set(eventToSend.id, args.inputs);
+
+          const reply = await new Promise<PromptFormResponse>((resolve) => {
+            const cb = (event: InternalEvent) => {
+              if (event.replyId !== eventToSend.id) return;
+
+              if (event.payload.type === 'prompt_form_response') {
+                const { done, values } = event.payload as PromptFormResponse;
+                if (done) {
+                  // Final response — resolve the promise and clean up
+                  this.#appToPluginEvents.unlisten(cb);
+                  this.#pendingDynamicForms.delete(eventToSend.id);
+                  resolve({ values } as PromptFormResponse);
+                } else {
+                  // Intermediate value change — resolve dynamic inputs and send back
+                  // Skip empty values (fired on initial mount before user interaction)
+                  const storedInputs = this.#pendingDynamicForms.get(eventToSend.id);
+                  if (storedInputs && values && Object.keys(values).length > 0) {
+                    const ctx = this.#newCtx(context);
+                    const callArgs: CallPromptFormDynamicArgs = { values };
+                    applyDynamicFormInput(ctx, storedInputs, callArgs)
+                      .then((resolvedInputs) => {
+                        const stripped = stripDynamicCallbacks(resolvedInputs);
+                        this.#sendPayload(
+                          context,
+                          { type: 'prompt_form_request', ...args, inputs: stripped },
+                          eventToSend.id,
+                        );
+                      })
+                      .catch((err) => {
+                        console.error('Failed to resolve dynamic form inputs', err);
+                      });
+                  }
+                }
+              }
+            };
+            this.#appToPluginEvents.listen(cb);
+
+            // Send the initial event after we start listening (to prevent race)
+            this.#sendEvent(eventToSend);
          });
+
          return reply.values;
        },
      },
@@ -782,6 +847,44 @@ export class PluginInstance {
          const { folders } = await this.#sendForReply<ListFoldersResponse>(context, payload);
          return folders;
        },
+        getById: async (args: { id: string }) => {
+          const payload = { type: 'list_folders_request' } as const;
+          const { folders } = await this.#sendForReply<ListFoldersResponse>(context, payload);
+          return folders.find((f) => f.id === args.id) ?? null;
+        },
+        create: async ({ name, ...args }) => {
+          const payload = {
+            type: 'upsert_model_request',
+            model: {
+              ...args,
+              name: name ?? '',
+              id: '',
+              model: 'folder',
+            },
+          } as InternalEventPayload;
+          const response = await this.#sendForReply<UpsertModelResponse>(context, payload);
+          return response.model as Folder;
+        },
+        update: async (args) => {
+          const payload = {
+            type: 'upsert_model_request',
+            model: {
+              model: 'folder',
+              ...args,
+            },
+          } as InternalEventPayload;
+          const response = await this.#sendForReply<UpsertModelResponse>(context, payload);
+          return response.model as Folder;
+        },
+        delete: async (args: { id: string }) => {
+          const payload = {
+            type: 'delete_model_request',
+            model: 'folder',
+            id: args.id,
+          } as InternalEventPayload;
+          const response = await this.#sendForReply<DeleteModelResponse>(context, payload);
+          return response.model as Folder;
+        },
      },
      cookies: {
        getValue: async (args: GetCookieValueRequest) => {
@@ -867,6 +970,17 @@ export class PluginInstance {
  }
 }

+function stripDynamicCallbacks(inputs: { dynamic?: unknown }[]): FormInput[] {
+  return inputs.map((input) => {
+    // biome-ignore lint/suspicious/noExplicitAny: stripping dynamic from union type
+    const { dynamic, ...rest } = input as any;
+    if ('inputs' in rest && Array.isArray(rest.inputs)) {
+      rest.inputs = stripDynamicCallbacks(rest.inputs);
+    }
+    return rest as FormInput;
+  });
+}
+
 function genId(len = 5): string {
  const alphabet = '01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  let id = '';
--- a/packages/plugin-runtime/src/common.ts
+++ b/packages/plugin-runtime/src/common.ts
@@ -1,9 +1,21 @@
-import type { Context, DynamicAuthenticationArg, DynamicTemplateFunctionArg } from '@yaakapp/api';
+import type {
+  CallPromptFormDynamicArgs,
+  Context,
+  DynamicAuthenticationArg,
+  DynamicPromptFormArg,
+  DynamicTemplateFunctionArg,
+} from '@yaakapp/api';
 import type {
  CallHttpAuthenticationActionArgs,
  CallTemplateFunctionArgs,
 } from '@yaakapp-internal/plugins';

+type AnyDynamicArg = DynamicTemplateFunctionArg | DynamicAuthenticationArg | DynamicPromptFormArg;
+type AnyCallArgs =
+  | CallTemplateFunctionArgs
+  | CallHttpAuthenticationActionArgs
+  | CallPromptFormDynamicArgs;
+
 export async function applyDynamicFormInput(
  ctx: Context,
  args: DynamicTemplateFunctionArg[],
@@ -18,30 +30,40 @@ export async function applyDynamicFormInput(

 export async function applyDynamicFormInput(
  ctx: Context,
-  args: (DynamicTemplateFunctionArg | DynamicAuthenticationArg)[],
-  callArgs: CallTemplateFunctionArgs | CallHttpAuthenticationActionArgs,
-): Promise<(DynamicTemplateFunctionArg | DynamicAuthenticationArg)[]> {
-  const resolvedArgs: (DynamicTemplateFunctionArg | DynamicAuthenticationArg)[] = [];
+  args: DynamicPromptFormArg[],
+  callArgs: CallPromptFormDynamicArgs,
+): Promise<DynamicPromptFormArg[]>;
+
+export async function applyDynamicFormInput(
+  ctx: Context,
+  args: AnyDynamicArg[],
+  callArgs: AnyCallArgs,
+): Promise<AnyDynamicArg[]> {
+  const resolvedArgs: AnyDynamicArg[] = [];
  for (const { dynamic, ...arg } of args) {
    const dynamicResult =
      typeof dynamic === 'function'
        ? await dynamic(
            ctx,
-            callArgs as CallTemplateFunctionArgs & CallHttpAuthenticationActionArgs,
+            callArgs as CallTemplateFunctionArgs &
+              CallHttpAuthenticationActionArgs &
+              CallPromptFormDynamicArgs,
          )
        : undefined;

    const newArg = {
      ...arg,
      ...dynamicResult,
-    } as DynamicTemplateFunctionArg | DynamicAuthenticationArg;
+    } as AnyDynamicArg;

    if ('inputs' in newArg && Array.isArray(newArg.inputs)) {
      try {
        newArg.inputs = await applyDynamicFormInput(
          ctx,
          newArg.inputs as DynamicTemplateFunctionArg[],
-          callArgs as CallTemplateFunctionArgs & CallHttpAuthenticationActionArgs,
+          callArgs as CallTemplateFunctionArgs &
+            CallHttpAuthenticationActionArgs &
+            CallPromptFormDynamicArgs,
        );
      } catch (e) {
        console.error('Failed to apply dynamic form input', e);
--- a/plugins-external/faker/tests/snapshots/init.test.ts.snap
+++ b/plugins-external/faker/tests/snapshots/init.test.ts.snap
@@ -0,0 +1,233 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`template-function-faker > exports all expected template functions 1`] = `
+[
+  "faker.airline.aircraftType",
+  "faker.airline.airline",
+  "faker.airline.airplane",
+  "faker.airline.airport",
+  "faker.airline.flightNumber",
+  "faker.airline.recordLocator",
+  "faker.airline.seat",
+  "faker.animal.bear",
+  "faker.animal.bird",
+  "faker.animal.cat",
+  "faker.animal.cetacean",
+  "faker.animal.cow",
+  "faker.animal.crocodilia",
+  "faker.animal.dog",
+  "faker.animal.fish",
+  "faker.animal.horse",
+  "faker.animal.insect",
+  "faker.animal.lion",
+  "faker.animal.petName",
+  "faker.animal.rabbit",
+  "faker.animal.rodent",
+  "faker.animal.snake",
+  "faker.animal.type",
+  "faker.color.cmyk",
+  "faker.color.colorByCSSColorSpace",
+  "faker.color.cssSupportedFunction",
+  "faker.color.cssSupportedSpace",
+  "faker.color.hsl",
+  "faker.color.human",
+  "faker.color.hwb",
+  "faker.color.lab",
+  "faker.color.lch",
+  "faker.color.rgb",
+  "faker.color.space",
+  "faker.commerce.department",
+  "faker.commerce.isbn",
+  "faker.commerce.price",
+  "faker.commerce.product",
+  "faker.commerce.productAdjective",
+  "faker.commerce.productDescription",
+  "faker.commerce.productMaterial",
+  "faker.commerce.productName",
+  "faker.commerce.upc",
+  "faker.company.buzzAdjective",
+  "faker.company.buzzNoun",
+  "faker.company.buzzPhrase",
+  "faker.company.buzzVerb",
+  "faker.company.catchPhrase",
+  "faker.company.catchPhraseAdjective",
+  "faker.company.catchPhraseDescriptor",
+  "faker.company.catchPhraseNoun",
+  "faker.company.name",
+  "faker.database.collation",
+  "faker.database.column",
+  "faker.database.engine",
+  "faker.database.mongodbObjectId",
+  "faker.database.type",
+  "faker.date.anytime",
+  "faker.date.between",
+  "faker.date.betweens",
+  "faker.date.birthdate",
+  "faker.date.future",
+  "faker.date.month",
+  "faker.date.past",
+  "faker.date.recent",
+  "faker.date.soon",
+  "faker.date.timeZone",
+  "faker.date.weekday",
+  "faker.finance.accountName",
+  "faker.finance.accountNumber",
+  "faker.finance.amount",
+  "faker.finance.bic",
+  "faker.finance.bitcoinAddress",
+  "faker.finance.creditCardCVV",
+  "faker.finance.creditCardIssuer",
+  "faker.finance.creditCardNumber",
+  "faker.finance.currency",
+  "faker.finance.currencyCode",
+  "faker.finance.currencyName",
+  "faker.finance.currencyNumericCode",
+  "faker.finance.currencySymbol",
+  "faker.finance.ethereumAddress",
+  "faker.finance.iban",
+  "faker.finance.litecoinAddress",
+  "faker.finance.pin",
+  "faker.finance.routingNumber",
+  "faker.finance.transactionDescription",
+  "faker.finance.transactionType",
+  "faker.git.branch",
+  "faker.git.commitDate",
+  "faker.git.commitEntry",
+  "faker.git.commitMessage",
+  "faker.git.commitSha",
+  "faker.hacker.abbreviation",
+  "faker.hacker.adjective",
+  "faker.hacker.ingverb",
+  "faker.hacker.noun",
+  "faker.hacker.phrase",
+  "faker.hacker.verb",
+  "faker.image.avatar",
+  "faker.image.avatarGitHub",
+  "faker.image.dataUri",
+  "faker.image.personPortrait",
+  "faker.image.url",
+  "faker.image.urlLoremFlickr",
+  "faker.image.urlPicsumPhotos",
+  "faker.internet.displayName",
+  "faker.internet.domainName",
+  "faker.internet.domainSuffix",
+  "faker.internet.domainWord",
+  "faker.internet.email",
+  "faker.internet.emoji",
+  "faker.internet.exampleEmail",
+  "faker.internet.httpMethod",
+  "faker.internet.httpStatusCode",
+  "faker.internet.ip",
+  "faker.internet.ipv4",
+  "faker.internet.ipv6",
+  "faker.internet.jwt",
+  "faker.internet.jwtAlgorithm",
+  "faker.internet.mac",
+  "faker.internet.password",
+  "faker.internet.port",
+  "faker.internet.protocol",
+  "faker.internet.url",
+  "faker.internet.userAgent",
+  "faker.internet.username",
+  "faker.location.buildingNumber",
+  "faker.location.cardinalDirection",
+  "faker.location.city",
+  "faker.location.continent",
+  "faker.location.country",
+  "faker.location.countryCode",
+  "faker.location.county",
+  "faker.location.direction",
+  "faker.location.language",
+  "faker.location.latitude",
+  "faker.location.longitude",
+  "faker.location.nearbyGPSCoordinate",
+  "faker.location.ordinalDirection",
+  "faker.location.secondaryAddress",
+  "faker.location.state",
+  "faker.location.street",
+  "faker.location.streetAddress",
+  "faker.location.timeZone",
+  "faker.location.zipCode",
+  "faker.lorem.lines",
+  "faker.lorem.paragraph",
+  "faker.lorem.paragraphs",
+  "faker.lorem.sentence",
+  "faker.lorem.sentences",
+  "faker.lorem.slug",
+  "faker.lorem.text",
+  "faker.lorem.word",
+  "faker.lorem.words",
+  "faker.music.album",
+  "faker.music.artist",
+  "faker.music.genre",
+  "faker.music.songName",
+  "faker.number.bigInt",
+  "faker.number.binary",
+  "faker.number.float",
+  "faker.number.hex",
+  "faker.number.int",
+  "faker.number.octal",
+  "faker.number.romanNumeral",
+  "faker.person.bio",
+  "faker.person.firstName",
+  "faker.person.fullName",
+  "faker.person.gender",
+  "faker.person.jobArea",
+  "faker.person.jobDescriptor",
+  "faker.person.jobTitle",
+  "faker.person.jobType",
+  "faker.person.lastName",
+  "faker.person.middleName",
+  "faker.person.prefix",
+  "faker.person.sex",
+  "faker.person.sexType",
+  "faker.person.suffix",
+  "faker.person.zodiacSign",
+  "faker.phone.imei",
+  "faker.phone.number",
+  "faker.science.chemicalElement",
+  "faker.science.unit",
+  "faker.string.alpha",
+  "faker.string.alphanumeric",
+  "faker.string.binary",
+  "faker.string.fromCharacters",
+  "faker.string.hexadecimal",
+  "faker.string.nanoid",
+  "faker.string.numeric",
+  "faker.string.octal",
+  "faker.string.sample",
+  "faker.string.symbol",
+  "faker.string.ulid",
+  "faker.string.uuid",
+  "faker.system.commonFileExt",
+  "faker.system.commonFileName",
+  "faker.system.commonFileType",
+  "faker.system.cron",
+  "faker.system.directoryPath",
+  "faker.system.fileExt",
+  "faker.system.fileName",
+  "faker.system.filePath",
+  "faker.system.fileType",
+  "faker.system.mimeType",
+  "faker.system.networkInterface",
+  "faker.system.semver",
+  "faker.vehicle.bicycle",
+  "faker.vehicle.color",
+  "faker.vehicle.fuel",
+  "faker.vehicle.manufacturer",
+  "faker.vehicle.model",
+  "faker.vehicle.type",
+  "faker.vehicle.vehicle",
+  "faker.vehicle.vin",
+  "faker.vehicle.vrm",
+  "faker.word.adjective",
+  "faker.word.adverb",
+  "faker.word.conjunction",
+  "faker.word.interjection",
+  "faker.word.noun",
+  "faker.word.preposition",
+  "faker.word.sample",
+  "faker.word.verb",
+  "faker.word.words",
+]
+`;
--- a/plugins-external/faker/tests/init.test.ts
+++ b/plugins-external/faker/tests/init.test.ts
@@ -1,9 +1,12 @@
 import { describe, expect, it } from 'vitest';

-describe('formatDatetime', () => {
-  it('returns formatted current date', async () => {
-    // Ensure the plugin imports properly
-    const faker = await import('../src/index');
-    expect(faker.plugin.templateFunctions?.length).toBe(226);
+describe('template-function-faker', () => {
+  it('exports all expected template functions', async () => {
+    const { plugin } = await import('../src/index');
+    const names = plugin.templateFunctions?.map((fn) => fn.name).sort() ?? [];
+
+    // Snapshot the full list of exported function names so we catch any
+    // accidental additions, removals, or renames across faker upgrades.
+    expect(names).toMatchSnapshot();
  });
 });
--- a/plugins-external/httpsnippet/README.md
+++ b/plugins-external/httpsnippet/README.md
@@ -0,0 +1,45 @@
+# Yaak HTTP Snippet Plugin
+
+Generate code snippets for HTTP requests in various languages and frameworks,
+powered by [@readme/httpsnippet](https://github.com/readmeio/httpsnippet).
+
+![Httpsnippet plugin](https://assets.yaak.app/uploads/httpsnippet-guiaX_1786x1420.png)
+
+## How It Works
+
+Right-click any HTTP request (or use the `...` menu) and select **Generate Code Snippet**.
+A dialog lets you pick a language and library, with a live preview of the generated code.
+Click **Copy to Clipboard** to copy the snippet. Your language and library selections are
+remembered for next time.
+
+## Supported Languages
+
+Each language supports one or more libraries:
+
+| Language | Libraries |
+|---|---|
+| C | libcurl |
+| Clojure | clj-http |
+| C# | HttpClient, RestSharp |
+| Go | Native |
+| HTTP | HTTP/1.1 |
+| Java | AsyncHttp, NetHttp, OkHttp, Unirest |
+| JavaScript | Axios, fetch, jQuery, XHR |
+| Kotlin | OkHttp |
+| Node.js | Axios, fetch, HTTP, Request, Unirest |
+| Objective-C | NSURLSession |
+| OCaml | CoHTTP |
+| PHP | cURL, Guzzle, HTTP v1, HTTP v2 |
+| PowerShell | Invoke-WebRequest, RestMethod |
+| Python | http.client, Requests |
+| R | httr |
+| Ruby | Native |
+| Shell | cURL, HTTPie, Wget |
+| Swift | URLSession |
+
+## Features
+
+- Renders template variables before generating snippets, so the output reflects real values
+- Supports all body types: JSON, form-urlencoded, multipart, GraphQL, and raw text
+- Includes authentication headers (Basic, Bearer, and API Key)
+- Includes query parameters and custom headers
--- a/plugins-external/httpsnippet/package.json
+++ b/plugins-external/httpsnippet/package.json
@@ -0,0 +1,24 @@
+{
+  "name": "@yaak/httpsnippet",
+  "private": true,
+  "version": "1.0.3",
+  "displayName": "HTTP Snippet",
+  "description": "Generate code snippets for HTTP requests in various languages and frameworks",
+  "minYaakVersion": "2026.2.0-beta.10",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mountain-loop/yaak.git",
+    "directory": "plugins-external/httpsnippet"
+  },
+  "scripts": {
+    "build": "yaakcli build",
+    "dev": "yaakcli dev"
+  },
+  "dependencies": {
+    "@readme/httpsnippet": "^11.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "typescript": "^5.9.3"
+  }
+}
--- a/plugins-external/httpsnippet/src/index.ts
+++ b/plugins-external/httpsnippet/src/index.ts
@@ -0,0 +1,314 @@
+import { availableTargets, type HarRequest, HTTPSnippet } from '@readme/httpsnippet';
+import type { EditorLanguage, HttpRequest, PluginDefinition } from '@yaakapp/api';
+
+// Get all available targets and build select options
+const targets = availableTargets();
+
+// Targets to exclude from the language list
+const excludedTargets = new Set(['json']);
+
+// Build language (target) options
+const languageOptions = targets
+  .filter((target) => !excludedTargets.has(target.key))
+  .map((target) => ({
+    label: target.title,
+    value: target.key,
+  }));
+
+// Preferred clients per target (shown first in the list)
+const preferredClients: Record<string, string> = {
+  javascript: 'fetch',
+  node: 'fetch',
+};
+
+// Get client options for a given target key
+function getClientOptions(targetKey: string) {
+  const target = targets.find((t) => t.key === targetKey);
+  if (!target) return [];
+  const preferred = preferredClients[targetKey];
+  return target.clients
+    .map((client) => ({
+      label: client.title,
+      value: client.key,
+    }))
+    .sort((a, b) => {
+      if (a.value === preferred) return -1;
+      if (b.value === preferred) return 1;
+      return 0;
+    });
+}
+
+// Get default client for a target
+function getDefaultClient(targetKey: string): string {
+  const options = getClientOptions(targetKey);
+  return options[0]?.value ?? '';
+}
+
+// Defaults
+const defaultTarget = 'javascript';
+
+// Map httpsnippet target key to editor language for syntax highlighting
+const editorLanguageMap: Record<string, EditorLanguage> = {
+  c: 'c',
+  clojure: 'clojure',
+  csharp: 'csharp',
+  go: 'go',
+  http: 'http',
+  java: 'java',
+  javascript: 'javascript',
+  kotlin: 'kotlin',
+  node: 'javascript',
+  objc: 'objective_c',
+  ocaml: 'ocaml',
+  php: 'php',
+  powershell: 'powershell',
+  python: 'python',
+  r: 'r',
+  ruby: 'ruby',
+  shell: 'shell',
+  swift: 'swift',
+};
+
+function getEditorLanguage(targetKey: string): EditorLanguage {
+  return editorLanguageMap[targetKey] ?? 'text';
+}
+
+// Convert Yaak HttpRequest to HAR format
+function toHarRequest(request: Partial<HttpRequest>) {
+  // Build URL with query parameters
+  let finalUrl = request.url || '';
+  const urlParams = (request.urlParameters ?? []).filter((p) => p.enabled !== false && !!p.name);
+  if (urlParams.length > 0) {
+    const [base, hash] = finalUrl.split('#');
+    const separator = base?.includes('?') ? '&' : '?';
+    const queryString = urlParams
+      .map((p) => `${encodeURIComponent(p.name)}=${encodeURIComponent(p.value)}`)
+      .join('&');
+    finalUrl = base + separator + queryString + (hash ? `#${hash}` : '');
+  }
+
+  // Build headers array
+  const headers: Array<{ name: string; value: string }> = (request.headers ?? [])
+    .filter((h) => h.enabled !== false && !!h.name)
+    .map((h) => ({ name: h.name, value: h.value }));
+
+  // Handle authentication
+  if (request.authentication?.disabled !== true) {
+    if (request.authenticationType === 'basic') {
+      const credentials = btoa(
+        `${request.authentication?.username ?? ''}:${request.authentication?.password ?? ''}`,
+      );
+      headers.push({ name: 'Authorization', value: `Basic ${credentials}` });
+    } else if (request.authenticationType === 'bearer') {
+      const prefix = request.authentication?.prefix ?? 'Bearer';
+      const token = request.authentication?.token ?? '';
+      headers.push({ name: 'Authorization', value: `${prefix} ${token}`.trim() });
+    } else if (request.authenticationType === 'apikey') {
+      if (request.authentication?.location === 'header') {
+        headers.push({
+          name: request.authentication?.key ?? 'X-Api-Key',
+          value: request.authentication?.value ?? '',
+        });
+      } else if (request.authentication?.location === 'query') {
+        const sep = finalUrl.includes('?') ? '&' : '?';
+        finalUrl = [
+          finalUrl,
+          sep,
+          encodeURIComponent(request.authentication?.key ?? 'token'),
+          '=',
+          encodeURIComponent(request.authentication?.value ?? ''),
+        ].join('');
+      }
+    }
+  }
+
+  // Build HAR request object
+  const har: Record<string, unknown> = {
+    method: request.method || 'GET',
+    url: finalUrl,
+    headers,
+  };
+
+  // Handle request body
+  const bodyType = request.bodyType ?? 'none';
+  if (bodyType !== 'none' && request.body) {
+    if (bodyType === 'application/x-www-form-urlencoded' && Array.isArray(request.body.form)) {
+      const params = request.body.form
+        .filter((p: { enabled?: boolean; name?: string }) => p.enabled !== false && !!p.name)
+        .map((p: { name: string; value: string }) => ({ name: p.name, value: p.value }));
+      har.postData = {
+        mimeType: 'application/x-www-form-urlencoded',
+        params,
+      };
+    } else if (bodyType === 'multipart/form-data' && Array.isArray(request.body.form)) {
+      const params = request.body.form
+        .filter((p: { enabled?: boolean; name?: string }) => p.enabled !== false && !!p.name)
+        .map((p: { name: string; value: string; file?: string; contentType?: string }) => {
+          const param: Record<string, string> = { name: p.name, value: p.value || '' };
+          if (p.file) param.fileName = p.file;
+          if (p.contentType) param.contentType = p.contentType;
+          return param;
+        });
+      har.postData = {
+        mimeType: 'multipart/form-data',
+        params,
+      };
+    } else if (bodyType === 'graphql' && typeof request.body.query === 'string') {
+      const body = {
+        query: request.body.query || '',
+        variables: maybeParseJSON(request.body.variables, undefined),
+      };
+      har.postData = {
+        mimeType: 'application/json',
+        text: JSON.stringify(body),
+      };
+    } else if (typeof request.body.text === 'string') {
+      har.postData = {
+        mimeType: bodyType,
+        text: request.body.text,
+      };
+    }
+  }
+
+  return har;
+}
+
+function maybeParseJSON<T>(v: unknown, fallback: T): T | unknown {
+  if (typeof v !== 'string') return fallback;
+  try {
+    return JSON.parse(v);
+  } catch {
+    return fallback;
+  }
+}
+
+export const plugin: PluginDefinition = {
+  httpRequestActions: [
+    {
+      label: 'Generate Code Snippet',
+      icon: 'copy',
+      async onSelect(ctx, args) {
+        // Render the request with variables resolved
+        const renderedRequest = await ctx.httpRequest.render({
+          httpRequest: args.httpRequest,
+          purpose: 'send',
+        });
+
+        // Convert to HAR format
+        const harRequest = toHarRequest(renderedRequest) as HarRequest;
+
+        // Get previously selected language or use defaults
+        const storedTarget = await ctx.store.get<string>('selectedTarget');
+        const initialTarget = storedTarget || defaultTarget;
+        const storedClient = await ctx.store.get<string>(`selectedClient:${initialTarget}`);
+        const initialClient = storedClient || getDefaultClient(initialTarget);
+
+        // Create snippet generator
+        const snippet = new HTTPSnippet(harRequest);
+        const generateSnippet = (target: string, client: string): string => {
+          const result = snippet.convert(target as any, client);
+          return (Array.isArray(result) ? result.join('\n') : result || '').replace(/\r\n/g, '\n');
+        };
+
+        // Generate initial code preview
+        let initialCode = '';
+        try {
+          initialCode = generateSnippet(initialTarget, initialClient);
+        } catch {
+          initialCode = '// Error generating snippet';
+        }
+
+        // Show dialog with language/library selectors and code preview
+        const result = await ctx.prompt.form({
+          id: 'httpsnippet',
+          title: 'Generate Code Snippet',
+          confirmText: 'Copy to Clipboard',
+          cancelText: 'Cancel',
+          size: 'md',
+          inputs: [
+            {
+              type: 'h_stack',
+              inputs: [
+                {
+                  type: 'select',
+                  name: 'target',
+                  label: 'Language',
+                  defaultValue: initialTarget,
+                  options: languageOptions,
+                },
+                {
+                  type: 'select',
+                  name: `client-${initialTarget}`,
+                  label: 'Library',
+                  defaultValue: initialClient,
+                  options: getClientOptions(initialTarget),
+                  dynamic(_ctx, { values }) {
+                    const targetKey = String(values.target || defaultTarget);
+                    const options = getClientOptions(targetKey);
+                    return {
+                      name: `client-${targetKey}`,
+                      options,
+                      defaultValue: options[0]?.value ?? '',
+                    };
+                  },
+                },
+              ],
+            },
+            {
+              type: 'editor',
+              name: 'code',
+              label: 'Preview',
+              language: getEditorLanguage(initialTarget),
+              defaultValue: initialCode,
+              readOnly: true,
+              rows: 15,
+              dynamic(_ctx, { values }) {
+                const targetKey = String(values.target || defaultTarget);
+                const clientKey = String(
+                  values[`client-${targetKey}`] || getDefaultClient(targetKey),
+                );
+                let code: string;
+                try {
+                  code = generateSnippet(targetKey, clientKey);
+                } catch {
+                  code = '// Error generating snippet';
+                }
+                return {
+                  defaultValue: code,
+                  language: getEditorLanguage(targetKey),
+                };
+              },
+            },
+          ],
+        });
+
+        if (result) {
+          // Store the selected language and library for next time
+          const selectedTarget = String(result.target || initialTarget);
+          const selectedClient = String(
+            result[`client-${selectedTarget}`] || getDefaultClient(selectedTarget),
+          );
+          await ctx.store.set('selectedTarget', selectedTarget);
+          await ctx.store.set(`selectedClient:${selectedTarget}`, selectedClient);
+
+          // Generate snippet for the selected language
+          try {
+            const codeText = generateSnippet(selectedTarget, selectedClient);
+            await ctx.clipboard.copyText(codeText);
+            await ctx.toast.show({
+              message: 'Code snippet copied to clipboard',
+              icon: 'copy',
+              color: 'success',
+            });
+          } catch (err) {
+            await ctx.toast.show({
+              message: `Failed to generate snippet: ${err}`,
+              icon: 'alert_triangle',
+              color: 'danger',
+            });
+          }
+        }
+      },
+    },
+  ],
+};
--- a/plugins-external/mcp-server/package.json
+++ b/plugins-external/mcp-server/package.json
@@ -1,10 +1,10 @@
 {
  "name": "@yaak/mcp-server",
  "private": true,
-  "version": "0.1.7",
+  "version": "0.2.1",
  "displayName": "MCP Server",
  "description": "Expose Yaak functionality via Model Context Protocol",
-  "minYaakVersion": "2025.10.0-beta.6",
+  "minYaakVersion": "2026.1.0",
  "repository": {
    "type": "git",
    "url": "https://github.com/mountain-loop/yaak.git",
@@ -17,8 +17,8 @@
  "dependencies": {
    "@hono/mcp": "^0.2.3",
    "@hono/node-server": "^1.19.7",
-    "@modelcontextprotocol/sdk": "^1.25.2",
-    "hono": "^4.11.3",
+    "@modelcontextprotocol/sdk": "^1.26.0",
+    "hono": "^4.11.7",
    "zod": "^3.25.76"
  },
  "devDependencies": {
--- a/plugins-external/mcp-server/src/tools/folder.ts
+++ b/plugins-external/mcp-server/src/tools/folder.ts
@@ -2,6 +2,12 @@ import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import * as z from 'zod';
 import type { McpServerContext } from '../types.js';
 import { getWorkspaceContext } from './helpers.js';
+import {
+  authenticationSchema,
+  authenticationTypeSchema,
+  headersSchema,
+  workspaceIdSchema,
+} from './schemas.js';

 export function registerFolderTools(server: McpServer, ctx: McpServerContext) {
  server.registerTool(
@@ -10,10 +16,7 @@ export function registerFolderTools(server: McpServer, ctx: McpServerContext) {
      title: 'List Folders',
      description: 'List all folders in a workspace',
      inputSchema: {
-        workspaceId: z
-          .string()
-          .optional()
-          .describe('Workspace ID (required if multiple workspaces are open)'),
+        workspaceId: workspaceIdSchema,
      },
    },
    async ({ workspaceId }) => {
@@ -30,4 +33,116 @@ export function registerFolderTools(server: McpServer, ctx: McpServerContext) {
      };
    },
  );
+
+  server.registerTool(
+    'get_folder',
+    {
+      title: 'Get Folder',
+      description: 'Get details of a specific folder by ID',
+      inputSchema: {
+        id: z.string().describe('The folder ID'),
+        workspaceId: workspaceIdSchema,
+      },
+    },
+    async ({ id, workspaceId }) => {
+      const workspaceCtx = await getWorkspaceContext(ctx, workspaceId);
+      const folder = await workspaceCtx.yaak.folder.getById({ id });
+
+      return {
+        content: [
+          {
+            type: 'text' as const,
+            text: JSON.stringify(folder, null, 2),
+          },
+        ],
+      };
+    },
+  );
+
+  server.registerTool(
+    'create_folder',
+    {
+      title: 'Create Folder',
+      description: 'Create a new folder in a workspace',
+      inputSchema: {
+        workspaceId: workspaceIdSchema,
+        name: z.string().describe('Folder name'),
+        folderId: z.string().optional().describe('Parent folder ID (for nested folders)'),
+        description: z.string().optional().describe('Folder description'),
+        sortPriority: z.number().optional().describe('Sort priority for ordering'),
+        headers: headersSchema.describe('Default headers to apply to requests in this folder'),
+        authenticationType: authenticationTypeSchema,
+        authentication: authenticationSchema,
+      },
+    },
+    async ({ workspaceId: ogWorkspaceId, ...args }) => {
+      const workspaceCtx = await getWorkspaceContext(ctx, ogWorkspaceId);
+      const workspaceId = await workspaceCtx.yaak.window.workspaceId();
+      if (!workspaceId) {
+        throw new Error('No workspace is open');
+      }
+
+      const folder = await workspaceCtx.yaak.folder.create({
+        workspaceId: workspaceId,
+        ...args,
+      });
+
+      return {
+        content: [{ type: 'text' as const, text: JSON.stringify(folder, null, 2) }],
+      };
+    },
+  );
+
+  server.registerTool(
+    'update_folder',
+    {
+      title: 'Update Folder',
+      description: 'Update an existing folder',
+      inputSchema: {
+        id: z.string().describe('Folder ID to update'),
+        workspaceId: workspaceIdSchema,
+        name: z.string().optional().describe('Folder name'),
+        folderId: z.string().optional().describe('Parent folder ID (for nested folders)'),
+        description: z.string().optional().describe('Folder description'),
+        sortPriority: z.number().optional().describe('Sort priority for ordering'),
+        headers: headersSchema.describe('Default headers to apply to requests in this folder'),
+        authenticationType: authenticationTypeSchema,
+        authentication: authenticationSchema,
+      },
+    },
+    async ({ id, workspaceId, ...updates }) => {
+      const workspaceCtx = await getWorkspaceContext(ctx, workspaceId);
+      // Fetch existing folder to merge with updates
+      const existing = await workspaceCtx.yaak.folder.getById({ id });
+      if (!existing) {
+        throw new Error(`Folder with ID ${id} not found`);
+      }
+      // Merge existing fields with updates
+      const folder = await workspaceCtx.yaak.folder.update({
+        ...existing,
+        ...updates,
+        id,
+      });
+      return {
+        content: [{ type: 'text' as const, text: JSON.stringify(folder, null, 2) }],
+      };
+    },
+  );
+
+  server.registerTool(
+    'delete_folder',
+    {
+      title: 'Delete Folder',
+      description: 'Delete a folder by ID',
+      inputSchema: {
+        id: z.string().describe('Folder ID to delete'),
+      },
+    },
+    async ({ id }) => {
+      const folder = await ctx.yaak.folder.delete({ id });
+      return {
+        content: [{ type: 'text' as const, text: `Deleted: ${folder.name} (${folder.id})` }],
+      };
+    },
+  );
 }
--- a/plugins-external/mcp-server/src/tools/httpRequest.ts
+++ b/plugins-external/mcp-server/src/tools/httpRequest.ts
@@ -2,6 +2,15 @@ import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import * as z from 'zod';
 import type { McpServerContext } from '../types.js';
 import { getWorkspaceContext } from './helpers.js';
+import {
+  authenticationSchema,
+  authenticationTypeSchema,
+  bodySchema,
+  bodyTypeSchema,
+  headersSchema,
+  urlParametersSchema,
+  workspaceIdSchema,
+} from './schemas.js';

 export function registerHttpRequestTools(server: McpServer, ctx: McpServerContext) {
  server.registerTool(
@@ -10,10 +19,7 @@ export function registerHttpRequestTools(server: McpServer, ctx: McpServerContex
      title: 'List HTTP Requests',
      description: 'List all HTTP requests in a workspace',
      inputSchema: {
-        workspaceId: z
-          .string()
-          .optional()
-          .describe('Workspace ID (required if multiple workspaces are open)'),
+        workspaceId: workspaceIdSchema,
      },
    },
    async ({ workspaceId }) => {
@@ -38,10 +44,7 @@ export function registerHttpRequestTools(server: McpServer, ctx: McpServerContex
      description: 'Get details of a specific HTTP request by ID',
      inputSchema: {
        id: z.string().describe('The HTTP request ID'),
-        workspaceId: z
-          .string()
-          .optional()
-          .describe('Workspace ID (required if multiple workspaces are open)'),
+        workspaceId: workspaceIdSchema,
      },
    },
    async ({ id, workspaceId }) => {
@@ -67,10 +70,7 @@ export function registerHttpRequestTools(server: McpServer, ctx: McpServerContex
      inputSchema: {
        id: z.string().describe('The HTTP request ID to send'),
        environmentId: z.string().optional().describe('Optional environment ID to use'),
-        workspaceId: z
-          .string()
-          .optional()
-          .describe('Workspace ID (required if multiple workspaces are open)'),
+        workspaceId: workspaceIdSchema,
      },
    },
    async ({ id, workspaceId }) => {
@@ -99,10 +99,7 @@ export function registerHttpRequestTools(server: McpServer, ctx: McpServerContex
      title: 'Create HTTP Request',
      description: 'Create a new HTTP request',
      inputSchema: {
-        workspaceId: z
-          .string()
-          .optional()
-          .describe('Workspace ID (required if multiple workspaces are open)'),
+        workspaceId: workspaceIdSchema,
        name: z
          .string()
          .optional()
@@ -111,62 +108,12 @@ export function registerHttpRequestTools(server: McpServer, ctx: McpServerContex
        method: z.string().optional().describe('HTTP method (defaults to GET)'),
        folderId: z.string().optional().describe('Parent folder ID'),
        description: z.string().optional().describe('Request description'),
-        headers: z
-          .array(
-            z.object({
-              name: z.string(),
-              value: z.string(),
-              enabled: z.boolean().default(true),
-            }),
-          )
-          .optional()
-          .describe('Request headers'),
-        urlParameters: z
-          .array(
-            z.object({
-              name: z.string(),
-              value: z.string(),
-              enabled: z.boolean().default(true),
-            }),
-          )
-          .optional()
-          .describe('URL query parameters'),
-        bodyType: z
-          .string()
-          .optional()
-          .describe(
-            'Body type. Supported values: "binary", "graphql", "application/x-www-form-urlencoded", "multipart/form-data", or any text-based type (e.g., "application/json", "text/plain")',
-          ),
-        body: z
-          .record(z.string(), z.any())
-          .optional()
-          .describe(
-            'Body content object. Structure varies by bodyType:\n' +
-              '- "binary": { filePath: "/path/to/file" }\n' +
-              '- "graphql": { query: "{ users { name } }", variables: "{\\"id\\": \\"123\\"}" }\n' +
-              '- "application/x-www-form-urlencoded": { form: [{ name: "key", value: "val", enabled: true }] }\n' +
-              '- "multipart/form-data": { form: [{ name: "field", value: "text", file: "/path/to/file", enabled: true }] }\n' +
-              '- text-based (application/json, etc.): { text: "raw body content" }',
-          ),
-        authenticationType: z
-          .string()
-          .optional()
-          .describe(
-            'Authentication type. Common values: "basic", "bearer", "oauth2", "apikey", "jwt", "awsv4", "oauth1", "ntlm", "none". Use null to inherit from parent folder/workspace.',
-          ),
-        authentication: z
-          .record(z.string(), z.any())
-          .optional()
-          .describe(
-            'Authentication configuration object. Structure varies by authenticationType:\n' +
-              '- "basic": { username: "user", password: "pass" }\n' +
-              '- "bearer": { token: "abc123", prefix: "Bearer" }\n' +
-              '- "oauth2": { clientId: "...", clientSecret: "...", grantType: "authorization_code", authorizationUrl: "...", accessTokenUrl: "...", scope: "...", ... }\n' +
-              '- "apikey": { location: "header" | "query", key: "X-API-Key", value: "..." }\n' +
-              '- "jwt": { algorithm: "HS256", secret: "...", payload: "{ ... }" }\n' +
-              '- "awsv4": { accessKeyId: "...", secretAccessKey: "...", service: "sts", region: "us-east-1", sessionToken: "..." }\n' +
-              '- "none": {}',
-          ),
+        headers: headersSchema.describe('Request headers'),
+        urlParameters: urlParametersSchema,
+        bodyType: bodyTypeSchema,
+        body: bodySchema,
+        authenticationType: authenticationTypeSchema,
+        authentication: authenticationSchema,
      },
    },
    async ({ workspaceId: ogWorkspaceId, ...args }) => {
@@ -194,68 +141,18 @@ export function registerHttpRequestTools(server: McpServer, ctx: McpServerContex
      description: 'Update an existing HTTP request',
      inputSchema: {
        id: z.string().describe('HTTP request ID to update'),
-        workspaceId: z.string().describe('Workspace ID'),
+        workspaceId: workspaceIdSchema,
        name: z.string().optional().describe('Request name'),
        url: z.string().optional().describe('Request URL'),
        method: z.string().optional().describe('HTTP method'),
        folderId: z.string().optional().describe('Parent folder ID'),
        description: z.string().optional().describe('Request description'),
-        headers: z
-          .array(
-            z.object({
-              name: z.string(),
-              value: z.string(),
-              enabled: z.boolean().default(true),
-            }),
-          )
-          .optional()
-          .describe('Request headers'),
-        urlParameters: z
-          .array(
-            z.object({
-              name: z.string(),
-              value: z.string(),
-              enabled: z.boolean().default(true),
-            }),
-          )
-          .optional()
-          .describe('URL query parameters'),
-        bodyType: z
-          .string()
-          .optional()
-          .describe(
-            'Body type. Supported values: "binary", "graphql", "application/x-www-form-urlencoded", "multipart/form-data", or any text-based type (e.g., "application/json", "text/plain")',
-          ),
-        body: z
-          .record(z.string(), z.any())
-          .optional()
-          .describe(
-            'Body content object. Structure varies by bodyType:\n' +
-              '- "binary": { filePath: "/path/to/file" }\n' +
-              '- "graphql": { query: "{ users { name } }", variables: "{\\"id\\": \\"123\\"}" }\n' +
-              '- "application/x-www-form-urlencoded": { form: [{ name: "key", value: "val", enabled: true }] }\n' +
-              '- "multipart/form-data": { form: [{ name: "field", value: "text", file: "/path/to/file", enabled: true }] }\n' +
-              '- text-based (application/json, etc.): { text: "raw body content" }',
-          ),
-        authenticationType: z
-          .string()
-          .optional()
-          .describe(
-            'Authentication type. Common values: "basic", "bearer", "oauth2", "apikey", "jwt", "awsv4", "oauth1", "ntlm", "none". Use null to inherit from parent folder/workspace.',
-          ),
-        authentication: z
-          .record(z.string(), z.any())
-          .optional()
-          .describe(
-            'Authentication configuration object. Structure varies by authenticationType:\n' +
-              '- "basic": { username: "user", password: "pass" }\n' +
-              '- "bearer": { token: "abc123", prefix: "Bearer" }\n' +
-              '- "oauth2": { clientId: "...", clientSecret: "...", grantType: "authorization_code", authorizationUrl: "...", accessTokenUrl: "...", scope: "...", ... }\n' +
-              '- "apikey": { location: "header" | "query", key: "X-API-Key", value: "..." }\n' +
-              '- "jwt": { algorithm: "HS256", secret: "...", payload: "{ ... }" }\n' +
-              '- "awsv4": { accessKeyId: "...", secretAccessKey: "...", service: "sts", region: "us-east-1", sessionToken: "..." }\n' +
-              '- "none": {}',
-          ),
+        headers: headersSchema.describe('Request headers'),
+        urlParameters: urlParametersSchema,
+        bodyType: bodyTypeSchema,
+        body: bodySchema,
+        authenticationType: authenticationTypeSchema,
+        authentication: authenticationSchema,
      },
    },
    async ({ id, workspaceId, ...updates }) => {
--- a/plugins-external/mcp-server/src/tools/schemas.ts
+++ b/plugins-external/mcp-server/src/tools/schemas.ts
@@ -0,0 +1,67 @@
+import * as z from 'zod';
+
+export const workspaceIdSchema = z
+  .string()
+  .optional()
+  .describe('Workspace ID (required if multiple workspaces are open)');
+
+export const headersSchema = z
+  .array(
+    z.object({
+      name: z.string(),
+      value: z.string(),
+      enabled: z.boolean().default(true),
+    }),
+  )
+  .optional();
+
+export const urlParametersSchema = z
+  .array(
+    z.object({
+      name: z.string(),
+      value: z.string(),
+      enabled: z.boolean().default(true),
+    }),
+  )
+  .optional()
+  .describe('URL query parameters');
+
+export const bodyTypeSchema = z
+  .string()
+  .optional()
+  .describe(
+    'Body type. Supported values: "binary", "graphql", "application/x-www-form-urlencoded", "multipart/form-data", or any text-based type (e.g., "application/json", "text/plain")',
+  );
+
+export const bodySchema = z
+  .record(z.string(), z.any())
+  .optional()
+  .describe(
+    'Body content object. Structure varies by bodyType:\n' +
+      '- "binary": { filePath: "/path/to/file" }\n' +
+      '- "graphql": { query: "{ users { name } }", variables: "{\\"id\\": \\"123\\"}" }\n' +
+      '- "application/x-www-form-urlencoded": { form: [{ name: "key", value: "val", enabled: true }] }\n' +
+      '- "multipart/form-data": { form: [{ name: "field", value: "text", file: "/path/to/file", enabled: true }] }\n' +
+      '- text-based (application/json, etc.): { text: "raw body content" }',
+  );
+
+export const authenticationTypeSchema = z
+  .string()
+  .optional()
+  .describe(
+    'Authentication type. Common values: "basic", "bearer", "oauth2", "apikey", "jwt", "awsv4", "oauth1", "ntlm", "none". Use null to inherit from parent.',
+  );
+
+export const authenticationSchema = z
+  .record(z.string(), z.any())
+  .optional()
+  .describe(
+    'Authentication configuration object. Structure varies by authenticationType:\n' +
+      '- "basic": { username: "user", password: "pass" }\n' +
+      '- "bearer": { token: "abc123", prefix: "Bearer" }\n' +
+      '- "oauth2": { clientId: "...", clientSecret: "...", grantType: "authorization_code", authorizationUrl: "...", accessTokenUrl: "...", scope: "...", ... }\n' +
+      '- "apikey": { location: "header" | "query", key: "X-API-Key", value: "..." }\n' +
+      '- "jwt": { algorithm: "HS256", secret: "...", payload: "{ ... }" }\n' +
+      '- "awsv4": { accessKeyId: "...", secretAccessKey: "...", service: "sts", region: "us-east-1", sessionToken: "..." }\n' +
+      '- "none": {}',
+  );
--- a/plugins/action-copy-curl/src/index.ts
+++ b/plugins/action-copy-curl/src/index.ts
@@ -10,7 +10,7 @@ export const plugin: PluginDefinition = {
      async onSelect(ctx, args) {
        const rendered_request = await ctx.httpRequest.render({
          httpRequest: args.httpRequest,
-          purpose: 'preview',
+          purpose: 'send',
        });
        const data = await convertToCurl(rendered_request);
        await ctx.clipboard.copyText(data);
--- a/plugins/auth-basic/package.json
+++ b/plugins/auth-basic/package.json
@@ -11,6 +11,7 @@
  "version": "0.1.0",
  "scripts": {
    "build": "yaakcli build",
-    "dev": "yaakcli dev"
+    "dev": "yaakcli dev",
+    "test": "vitest --run tests"
  }
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Gregory Schier	1127d7e3fa	Use consistent release title format in generate-release-notes command	2026-02-11 17:38:13 -08:00
Gregory Schier	7d4d228236	Fix HTTP/2 requests failing with duplicate Content-Length (#391 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-11 17:11:35 -08:00
Gregory Schier	565e053ee8	Fix auth tab crash when template rendering fails (#392 )	2026-02-11 14:59:17 -08:00
Gregory Schier	26aba6034f	Move faker plugin back to external (plugins-external/faker)	2026-02-11 10:22:20 -08:00
Gregory Schier	9a1d613034	Fix RPM bundle path validation for metainfo file	2026-02-11 08:14:16 -08:00
Gregory Schier	3e4de7d3c4	Move build scripts to Flathub repo, keep release prep scripts here	2026-02-11 07:28:56 -08:00
Gregory Schier	b64b5ec0f8	Refresh Git dropdown data on open and fetch periodically - Add refreshKey to useGit queries so dropdown data refreshes on open - Convert fetchAll from mutation to query with 10-minute refetch interval - Re-run status query after fetchAll completes via dataUpdatedAt key - Use placeholderData to keep previous data during key changes - Remove disabled state from Push, Pull, and Commit menu items	2026-02-11 07:20:53 -08:00
Gregory Schier	510d1c7d17	Remove Flatpak manifest (lives in Flathub repo)	2026-02-11 06:32:39 -08:00
Gregory Schier	ed13a62269	Use static desktop file and clean up manifest comments	2026-02-11 06:30:09 -08:00
Gregory Schier	935d613959	Move lockfile patch to standalone script	2026-02-10 23:35:14 -08:00
Gregory Schier	adeaaccc45	Add v2026.2.0 release to metainfo, simplify CI workflow - Metainfo is managed upstream (updated before tagging) - CI no longer modifies metainfo; just copies manifest and sources to Flathub - Flathub manifest installs metainfo from git source - Permissions reverted to read-only	2026-02-10 23:29:27 -08:00
Gregory Schier	d253093333	Revert "Simplify CI: metainfo releases only accumulate in Flathub repo" This reverts commit `f265b7a572`.	2026-02-10 23:26:52 -08:00
Gregory Schier	f265b7a572	Simplify CI: metainfo releases only accumulate in Flathub repo - Remove metainfo update from update-manifest.sh - Remove CI step that committed metainfo back to app repo - Revert permissions back to read-only - CI now inserts release entry directly into Flathub repo's metainfo	2026-02-10 23:26:22 -08:00
Gregory Schier	68b2ff016f	CI: rewrite metainfo paths for Flathub repo	2026-02-10 23:24:09 -08:00
Gregory Schier	a1c6295810	Clean up Flatpak manifest for v2026.2.0 - Update tag to v2026.2.0 - Use SKIP_WASM_BUILD env var instead of build-time package.json patch - Install metainfo from git source (remove temporary type: file source) - Fix fix-lockfile.mjs to skip workspace packages - CI: commit metainfo releases back to app repo, bump permissions to write	2026-02-10 23:19:23 -08:00
Gregory Schier	76ee3fa61b	Flatpak: build from source instead of repackaging debs (#389 )	2026-02-10 23:05:33 -08:00
Gregory Schier	7fef35ce0a	Ship metainfo in deb, remove from Flatpak manifest	2026-02-10 15:26:40 -08:00
Gregory Schier	654af09951	Bump GNOME runtime to 49, fix corrupted arm64 SHA256	2026-02-10 15:22:51 -08:00
Gregory Schier	484dcfade0	Add Flatpak and Flathub packaging support (#388 )	2026-02-10 14:38:40 -08:00
Gregory Schier	fda18c5434	Snapshot faker template function names in test Replace the brittle count assertion (toBe(226)) with a snapshot of all exported function names. This catches accidental additions, removals, or renames across faker upgrades with a clear diff. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-09 10:22:03 -08:00
Gregory Schier	a8176d6e9e	Skip disabled key-value entries during request rendering Skip disabled headers, metadata, URL parameters, and form body entries in the render phase for HTTP, gRPC, and WebSocket requests. Previously, disabled entries were still template-rendered even though they were filtered out later at the use site.	2026-02-09 10:17:43 -08:00
Gregory Schier	957d8d9d46	Move faker plugin from external to bundled	2026-02-09 08:43:49 -08:00
Gregory Schier	5f18bf25e2	Replace shell-quote with shlex for curl import (#387 )	2026-02-09 08:22:11 -08:00
Gregory Schier	66942eaf2c	Update httpsnippet plugin README and bump to v1.0.3	2026-02-07 15:20:20 -08:00
Zhizhen He	38796b1833	feat: add delete folder and copy id actions to folder settings (#380 )	2026-02-07 08:48:38 -08:00
dependabot[bot]	49ffa6fc45	Bump bytes from 1.10.1 to 1.11.1 (#379 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-07 08:48:03 -08:00
Brijmohan Siyag	1f56ba2eb6	Fix text input autocomplete not working with completionOptions (#368 )	2026-02-07 08:47:50 -08:00
Gregory Schier	f98a70ecb4	Add dynamic() support to prompt.form() plugin API (#386 )	2026-02-07 08:09:40 -08:00
dependabot[bot]	2984eb40c9	Bump time from 0.3.41 to 0.3.47 (#385 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-05 16:50:40 -08:00
Gregory Schier	cc5d4742f0	Don't select current request by default for response chaining	2026-02-05 13:08:08 -08:00
Gregory Schier	5b8e4b98a0	Use "send" preview mode for copy-as-curl	2026-02-05 08:31:28 -08:00
Gregory Schier	8637c90a21	Fix CSV responses ignoring raw view mode	2026-02-05 07:57:12 -08:00
dependabot[bot]	b88c5e71a0	Bump @modelcontextprotocol/sdk from 1.25.2 to 1.26.0 (#383 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-04 16:54:01 -08:00
dependabot[bot]	1899d512ab	Bump git2 from 0.20.2 to 0.20.4 (#384 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-04 16:53:50 -08:00
Gregory Schier	7c31718f5e	Git Improvements (#382 )	2026-02-04 11:46:04 -08:00
Gregory Schier	8f1463e5d0	More cleanup	2026-02-04 06:45:55 -08:00
Gregory Schier	0dc8807808	Cleanup more unused functions	2026-02-04 06:44:13 -08:00
Gregory Schier	f24a159b8a	Clean up unused functions	2026-02-04 06:28:45 -08:00
Zhizhen He	0b91d3aaff	feat: add breadcrumbs to folder setting (#296 )	2026-02-03 07:40:24 -08:00
Gregory Schier	431dc1c896	Adjust dev menu	2026-02-02 17:58:58 -08:00
Gregory Schier	bc8277b56b	Fix header behavior on cross-origin redirects (#378 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-02 17:58:27 -08:00
gschier	0afed185d9	Deploying to main from @ mountain-loop/yaak@55cee00601 🚀	2026-02-02 15:46:27 +00:00
Gregory Schier	55cee00601	More reliable plugin runtime kill	2026-02-02 07:45:19 -08:00
Gregory Schier	b41a8e04cb	Graceful oauth server shutdown	2026-02-02 07:31:55 -08:00
Gregory Schier	eff4519d91	Have cancellation work before the request is sent	2026-02-02 07:09:48 -08:00
Rahul Mishra	c4ce458f79	fix: pass down onClose properly (#376 )	2026-01-31 07:34:40 -08:00
Gregory Schier	f02ae35634	Fix auth plugin dynamic form inputs broken after first request The call_http_authentication_request handler was mutating auth.args with the result of applyDynamicFormInput(), which strips the dynamic callback functions. This permanently corrupted the plugin module's args, making all dynamic form controls (checkboxes, selects, etc.) unresponsive for that auth type after sending the first request.	2026-01-30 12:47:02 -08:00
Gregory Schier	c2f068970b	Add external browser support for OAuth2 authorization (#375 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-30 10:29:49 -08:00
Gregory Schier	eec2d6bc38	Fix multipart tab value	2026-01-29 09:01:44 -08:00
Gregory Schier	efa22e470e	Add diff viewer to git commit dialog (#374 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 08:50:56 -08:00
Gregory Schier	c00d2e981f	Fix basic auth failing when password field is empty or unset Handle undefined username/password values by defaulting to empty string, preventing "undefined" from being encoded in the Authorization header. Fixes https://feedback.yaak.app/p/strange-basic-auth-behaviour-in-202612 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-28 15:07:03 -08:00
Gregory Schier	9c45254952	Fix template tag theme colors	2026-01-28 13:08:22 -08:00
Gregory Schier	d031ff231a	Bump plugin runtime types	2026-01-28 08:43:19 -08:00
Gregory Schier	f056894ddb	Show full URL parts in Timeline debug view (#373 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-28 08:41:17 -08:00
dependabot[bot]	1b0315165f	Bump hono from 4.11.4 to 4.11.7 (#372 )	2026-01-28 08:37:10 -08:00
Gregory Schier	bd7e840a57	Fix x64 macOS build bundling wrong architecture binaries Set YAAK_TARGET_ARCH before npm run bootstrap so vendor scripts download the correct x64 binaries instead of arm64 ones. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-26 20:00:59 -08:00
Gregory Schier	8969748c3c	Add option to disable encryption when key is forgotten (#371 )	2026-01-26 15:40:02 -08:00
Gregory Schier	4e15ac10a6	Add folder CRUD operations to MCP server (#369 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-26 15:08:24 -08:00
Gregory Schier	47a3d44888	Git branch flow improvements (#370 )	2026-01-26 14:45:51 -08:00
Gregory Schier	eb10910d20	Update HttpMethodTag.tsx	2026-01-22 06:03:04 -08:00
Gregory Schier	6ba83d424d	Fix request method dropdown for GraphQL not showing HTTP method	2026-01-22 06:02:49 -08:00
Gregory Schier	beb47a6b6a	Refactor default headers to be injected dynamically (#367 )	2026-01-19 07:29:00 -08:00
Gregory Schier	1893b8f8dd	Enable source maps for production builds (#366 ) Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-19 05:12:26 -08:00
Gregory Schier	7a5bca7aae	Add text version of the response Timeline tab	2026-01-15 08:14:21 -08:00
Gregory Schier	9a75bc2ae7	Update release notes command	2026-01-15 07:22:46 -08:00
dependabot[bot]	65514e3882	Bump hono from 4.11.3 to 4.11.4 (#364 )	2026-01-15 07:18:27 -08:00
Gregory Schier	9ddaafb79f	Fix tab focusability	2026-01-15 07:17:25 -08:00
Gregory Schier	de47ee19ec	Fix authentication actions being called with unrendered args	2026-01-15 07:10:33 -08:00
Gregory Schier	ea730d0184	Fix clicking URL placeholder params not focusing value input The PairEditor ref callback used strict equality to determine when all rows were ready, but placeholder params (like :id) regenerate fresh IDs on every keystroke, causing rowsRef to accumulate entries. Using >= allows the ref to be set even when there are more registered rows than current pairs. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-14 11:28:09 -08:00
Gregory Schier	fe706998d4	Fix cursor style on template tags	2026-01-14 10:36:42 -08:00
Gregory Schier	99209e088f	Consolidate tab persistence logic into Tabs component - Move active tab persistence into Tabs component with storageKey + activeTabKey props - Change value prop to defaultValue so callers don't manage tab state - Add TabsRef with setActiveTab method for programmatic tab switching - Restore request_pane.focus_tab listener for :param placeholder clicks - Update all Tab consumers to use new pattern Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-14 10:32:10 -08:00
Gregory Schier	3eb29ff2fe	Fix gRPC schema refresh not invalidating cache The skip_cache flag in services() called reflect(), but reflect() had its own cache check that returned early. Simplified by removing skip_cache and always invalidating the pool in cmd_grpc_reflect, since that command is only called when fresh schema is needed. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-14 08:20:03 -08:00
Gregory Schier	b759003c83	Fix events from old connections showing in new connections Events from previous WebSocket/gRPC connections and HTTP responses were persisting in the store and displaying in new connections. Added filter parameter to mergeModelsInStore that clears old events when switching connections, plus render-time filtering as a safety net. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-14 07:58:32 -08:00
Gregory Schier	6cba38ac89	Strip empty headers before sending	2026-01-14 06:59:05 -08:00
Gregory Schier	ba8f85baaf	Update feedback links	2026-01-14 06:45:45 -08:00
Gregory Schier	9970d5fa6f	Fix lint issues	2026-01-13 09:32:52 -08:00
Gregory Schier	d550b42ca3	Add count badge to DNS tab and make workspace settings tabs reorderable	2026-01-13 09:24:56 -08:00
Gregory Schier	2e1f0cb53f	Adjust tab list margins	2026-01-13 09:24:53 -08:00
Gregory Schier	eead422ada	Fix HeadersEditor padding when no inherited headers	2026-01-13 09:24:48 -08:00
Gregory Schier	b5753da3b7	Fix dropdown opening on first click of inactive tab	2026-01-13 09:24:44 -08:00
Gregory Schier	ae2f2459e9	Improve EventViewer UX - Separate selected item from panel open state (closing panel keeps selection) - Scroll selected item into view when detail panel opens - Enter/Space opens detail panel, Escape closes it - Remove browser focus outline on scroll container - Add prefix prop to EventDetailHeader for labels - Make timestamp optional in EventViewerRow - Add close button to EventDetailHeader - Fix title truncation with min-w-0 - Consolidate HttpResponseTimeline title generation - Add ID/event labels to SSE detail header - Remove fake timestamp from SSE events Closes https://feedback.yaak.app/p/feedback-on-sse-viewer-ux-in-yaak	2026-01-13 09:05:50 -08:00
Gregory Schier	306e6f358a	feat: Add DNS timings and resolution overrides (#360 ) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-13 08:42:22 -08:00
Gregory Schier	822d52a57e	Better logging for plugin timeouts	2026-01-13 07:26:32 -08:00