Support moving multiple requests to another workspace (#396)

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
Co-authored-by: Gregory Schier <gschier1990@gmail.com>

.claude/commands/release/check-out-pr.md

@@ -1,35 +1,46 @@
 ---
 description: Review a PR in a new worktree
-allowed-tools: Bash(git worktree:*), Bash(gh pr:*)
+allowed-tools: Bash(git worktree:*), Bash(gh pr:*), Bash(git branch:*)
 ---
 
-Review a GitHub pull request in a new git worktree.
+Check out a GitHub pull request for review.
 
 ## Usage
 
 ```
-/review-pr <PR_NUMBER>
+/check-out-pr <PR_NUMBER>
 ```
 
 ## What to do
 
-1. List all open pull requests and ask the user to select one
+1. If no PR number is provided, list all open pull requests and ask the user to select one
 2. Get PR information using `gh pr view <PR_NUMBER> --json number,headRefName`
-3. Extract the branch name from the PR
-4. Create a new worktree at `../yaak-worktrees/pr-<PR_NUMBER>` using `git worktree add` with a timeout of at least 300000ms (5 minutes) since the post-checkout hook runs a bootstrap script
-5. Checkout the PR branch in the new worktree using `gh pr checkout <PR_NUMBER>`
-6. The post-checkout hook will automatically:
+3. **Ask the user** whether they want to:
+   - **A) Check out in current directory** — simple `gh pr checkout <PR_NUMBER>`
+   - **B) Create a new worktree** — isolated copy at `../yaak-worktrees/pr-<PR_NUMBER>`
+4. Follow the appropriate path below
+
+## Option A: Check out in current directory
+
+1. Run `gh pr checkout <PR_NUMBER>`
+2. Inform the user which branch they're now on
+
+## Option B: Create a new worktree
+
+1. Create a new worktree at `../yaak-worktrees/pr-<PR_NUMBER>` using `git worktree add` with a timeout of at least 300000ms (5 minutes) since the post-checkout hook runs a bootstrap script
+2. Checkout the PR branch in the new worktree using `gh pr checkout <PR_NUMBER>`
+3. The post-checkout hook will automatically:
    - Create `.env.local` with unique ports
    - Copy editor config folders
    - Run `npm install && npm run bootstrap`
-7. Inform the user:
+4. Inform the user:
    - Where the worktree was created
    - What ports were assigned
    - How to access it (cd command)
    - How to run the dev server
    - How to remove the worktree when done
 
-## Example Output
+### Example worktree output
 
 ```
 Created worktree for PR #123 at ../yaak-worktrees/pr-123

.claude/commands/release/generate-release-notes.md

@@ -43,5 +43,7 @@ The skill generates markdown-formatted release notes following this structure:
 After outputting the release notes, ask the user if they would like to create a draft GitHub release with these notes. If they confirm, create the release using:
 
 ```bash
-gh release create <tag> --draft --prerelease --title "<tag>" --notes '<release notes>'
+gh release create <tag> --draft --prerelease --title "Release <version>" --notes '<release notes>'
 ```
+
+**IMPORTANT**: The release title format is "Release XXXX" where XXXX is the version WITHOUT the `v` prefix. For example, tag `v2026.2.1-beta.1` gets title "Release 2026.2.1-beta.1".

Cargo.lock

@@ -52,6 +52,15 @@ dependencies = [
  "zerocopy",
 ]
 
+[[package]]
+name = "aho-corasick"
+version = "0.6.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "81ce3d38065e618af2d7b77e10c5ad9a069859b4be3c2250f674af3840d9c8a5"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "aho-corasick"
 version = "1.1.3"
@@ -90,7 +99,7 @@ checksum = "f6f39be698127218cca460cb624878c9aa4e2b47dba3b277963d2bf00bad263b"
 dependencies = [
  "android_log-sys",
  "env_filter",
- "log",
+ "log 0.4.29",
 ]
 
 [[package]]
@@ -175,7 +184,7 @@ checksum = "c1df21f715862ede32a0c525ce2ca4d52626bb0007f8c18b87a384503ac33e70"
 dependencies = [
  "clipboard-win",
  "image",
- "log",
+ "log 0.4.29",
  "objc2 0.6.1",
  "objc2-app-kit",
  "objc2-core-foundation",
@@ -999,7 +1008,7 @@ version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "117725a109d387c937a1533ce01b450cbde6b88abceea8473c4d7a85853cda3c"
 dependencies = [
- "lazy_static",
+ "lazy_static 1.5.0",
  "windows-sys 0.59.0",
 ]
 
@@ -1519,7 +1528,7 @@ dependencies = [
  "rustc_version",
  "toml 0.8.23",
  "vswhom",
- "winreg",
+ "winreg 0.55.0",
 ]
 
 [[package]]
@@ -1570,8 +1579,8 @@ version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "186e05a59d4c50738528153b83b0b0194d3a29507dfec16eccd4b342903397d0"
 dependencies = [
- "log",
- "regex",
+ "log 0.4.29",
+ "regex 1.11.1",
 ]
 
 [[package]]
@@ -1584,7 +1593,7 @@ dependencies = [
  "anstyle",
  "env_filter",
  "jiff",
- "log",
+ "log 0.4.29",
 ]
 
 [[package]]
@@ -1645,7 +1654,7 @@ name = "eventsource-client"
 version = "0.14.0"
 source = "git+https://github.com/yaakapp/rust-eventsource-client#60e0e3ac5038149c4778dc4979b09b152214f9a8"
 dependencies = [
- "log",
+ "log 0.4.29",
  "pin-project",
 ]
 
@@ -1693,7 +1702,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4316185f709b23713e41e3195f90edef7fb00c3ed4adc79769cf09cc762a3b29"
 dependencies = [
  "colored",
- "log",
+ "log 0.4.29",
 ]
 
 [[package]]
@@ -1702,7 +1711,7 @@ version = "0.3.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "38e2275cc4e4fc009b0669731a1e5ab7ebf11f469eaede2bab9309a5b4d6057f"
 dependencies = [
- "memoffset",
+ "memoffset 0.9.1",
  "rustc_version",
 ]
 
@@ -2143,7 +2152,7 @@ dependencies = [
  "bitflags 2.9.1",
  "libc",
  "libgit2-sys",
- "log",
+ "log 0.4.29",
  "openssl-probe",
  "openssl-sys",
  "url",
@@ -2284,6 +2293,21 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "handlebars"
+version = "0.29.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fb04af2006ea09d985fef82b81e0eb25337e51b691c76403332378a53d521edc"
+dependencies = [
+ "lazy_static 0.2.11",
+ "log 0.3.9",
+ "pest",
+ "quick-error",
+ "regex 0.2.11",
+ "serde",
+ "serde_json",
+]
+
 [[package]]
 name = "hashbrown"
 version = "0.12.3"
@@ -2356,7 +2380,7 @@ version = "0.29.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3b7410cae13cbc75623c98ac4cbfd1f0bedddf3227afc24f370cf0f50a44a11c"
 dependencies = [
- "log",
+ "log 0.4.29",
  "mac",
  "markup5ever",
  "match_token",
@@ -2517,7 +2541,7 @@ dependencies = [
  "core-foundation-sys",
  "iana-time-zone-haiku",
  "js-sys",
- "log",
+ "log 0.4.29",
  "wasm-bindgen",
  "windows-core",
 ]
@@ -2758,6 +2782,22 @@ dependencies = [
  "generic-array",
 ]
 
+[[package]]
+name = "interfaces"
+version = "0.0.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4ec8f50a973916cac3da5057c986db05cd3346f38c78e9bc24f64cc9f6a3978f"
+dependencies = [
+ "bitflags 1.3.2",
+ "cc",
+ "handlebars",
+ "lazy_static 1.5.0",
+ "libc",
+ "nix 0.23.2",
+ "serde",
+ "serde_derive",
+]
+
 [[package]]
 name = "ipnet"
 version = "2.11.0"
@@ -2844,7 +2884,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e67e8da4c49d6d9909fe03361f9b620f58898859f5c7aded68351e85e71ecf50"
 dependencies = [
  "jiff-static",
- "log",
+ "log 0.4.29",
  "portable-atomic",
  "portable-atomic-util",
  "serde_core",
@@ -2871,7 +2911,7 @@ dependencies = [
  "cfg-if",
  "combine",
  "jni-sys",
- "log",
+ "log 0.4.29",
  "thiserror 1.0.69",
  "walkdir",
  "windows-sys 0.45.0",
@@ -2950,7 +2990,7 @@ checksum = "eebcc3aff044e5944a8fbaf69eb277d11986064cba30c468730e8b9909fb551c"
 dependencies = [
  "byteorder",
  "dbus-secret-service",
- "log",
+ "log 0.4.29",
  "security-framework 2.11.1",
  "security-framework 3.5.1",
  "windows-sys 0.60.2",
@@ -2989,6 +3029,12 @@ dependencies = [
  "selectors",
 ]
 
+[[package]]
+name = "lazy_static"
+version = "0.2.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "76f033c7ad61445c5b347c7382dd1237847eb1bce590fe50365dcb33d546be73"
+
 [[package]]
 name = "lazy_static"
 version = "1.5.0"
@@ -3005,7 +3051,7 @@ dependencies = [
  "gtk",
  "gtk-sys",
  "libappindicator-sys",
- "log",
+ "log 0.4.29",
 ]
 
 [[package]]
@@ -3163,6 +3209,15 @@ dependencies = [
  "scopeguard",
 ]
 
+[[package]]
+name = "log"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e19e8d5c34a3e0e2223db8e060f9e8264aeeb5c5fc64a4ee9965c062211c024b"
+dependencies = [
+ "log 0.4.29",
+]
+
 [[package]]
 name = "log"
 version = "0.4.29"
@@ -3199,7 +3254,7 @@ version = "0.14.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c7a7213d12e1864c0f002f52c2923d4556935a43dec5e71355c2760e0f6e7a18"
 dependencies = [
- "log",
+ "log 0.4.29",
  "phf 0.11.3",
  "phf_codegen 0.11.3",
  "string_cache",
@@ -3248,6 +3303,15 @@ version = "2.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
 
+[[package]]
+name = "memoffset"
+version = "0.6.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce"
+dependencies = [
+ "autocfg",
+]
+
 [[package]]
 name = "memoffset"
 version = "0.9.1"
@@ -3302,7 +3366,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "78bed444cc8a2160f01cbcf811ef18cac863ad68ae8ca62092e8db51d51c761c"
 dependencies = [
  "libc",
- "log",
+ "log 0.4.29",
  "wasi 0.11.0+wasi-snapshot-preview1",
  "windows-sys 0.59.0",
 ]
@@ -3344,7 +3408,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "87de3442987e9dbec73158d5c715e7ad9072fda936bb03d19d7fa10e00520f0e"
 dependencies = [
  "libc",
- "log",
+ "log 0.4.29",
  "openssl",
  "openssl-probe",
  "openssl-sys",
@@ -3362,7 +3426,7 @@ checksum = "c3f42e7bbe13d351b6bead8286a43aac9534b82bd3cc43e47037f012ebfd62d4"
 dependencies = [
  "bitflags 2.9.1",
  "jni-sys",
- "log",
+ "log 0.4.29",
  "ndk-sys",
  "num_enum",
  "raw-window-handle",
@@ -3390,6 +3454,19 @@ version = "1.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "650eef8c711430f1a879fdd01d4745a7deea475becfb90269c06775983bbf086"
 
+[[package]]
+name = "nix"
+version = "0.23.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f3790c00a0150112de0f4cd161e3d7fc4b2d8a5542ffc35f099a2562aecb35c"
+dependencies = [
+ "bitflags 1.3.2",
+ "cc",
+ "cfg-if",
+ "libc",
+ "memoffset 0.6.5",
+]
+
 [[package]]
 name = "nix"
 version = "0.30.1"
@@ -3400,7 +3477,7 @@ dependencies = [
  "cfg-if",
  "cfg_aliases",
  "libc",
- "memoffset",
+ "memoffset 0.9.1",
 ]
 
 [[package]]
@@ -3431,7 +3508,7 @@ dependencies = [
  "inotify",
  "kqueue",
  "libc",
- "log",
+ "log 0.4.29",
  "mio",
  "notify-types",
  "walkdir",
@@ -3872,7 +3949,7 @@ version = "3.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "41fc863e2ca13dc2d5c34fb22ea4a588248ac14db929616ba65c45f21744b1e9"
 dependencies = [
- "log",
+ "log 0.4.29",
  "serde",
  "windows-sys 0.52.0",
 ]
@@ -3912,7 +3989,7 @@ dependencies = [
  "des",
  "getrandom 0.2.16",
  "hmac",
- "lazy_static",
+ "lazy_static 1.5.0",
  "rc2",
  "sha1",
  "yasna",
@@ -4000,6 +4077,12 @@ version = "2.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
 
+[[package]]
+name = "pest"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0a6dda33d67c26f0aac90d324ab2eb7239c819fc7b2552fe9faa4fe88441edc8"
+
 [[package]]
 name = "petgraph"
 version = "0.6.5"
@@ -4435,6 +4518,12 @@ dependencies = [
  "syn 1.0.109",
 ]
 
+[[package]]
+name = "quick-error"
+version = "1.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
+
 [[package]]
 name = "quick-xml"
 version = "0.32.0"
@@ -4529,7 +4618,7 @@ version = "0.8.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "51de85fb3fb6524929c8a2eb85e6b6d363de4e8c48f9e2c2eac4944abc181c93"
 dependencies = [
- "log",
+ "log 0.4.29",
  "parking_lot",
  "scheduled-thread-pool",
 ]
@@ -4696,16 +4785,29 @@ dependencies = [
  "thiserror 2.0.17",
 ]
 
+[[package]]
+name = "regex"
+version = "0.2.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9329abc99e39129fcceabd24cf5d85b4671ef7c29c50e972bc5afe32438ec384"
+dependencies = [
+ "aho-corasick 0.6.10",
+ "memchr",
+ "regex-syntax 0.5.6",
+ "thread_local",
+ "utf8-ranges",
+]
+
 [[package]]
 name = "regex"
 version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191"
 dependencies = [
- "aho-corasick",
+ "aho-corasick 1.1.3",
  "memchr",
  "regex-automata",
- "regex-syntax",
+ "regex-syntax 0.8.5",
 ]
 
 [[package]]
@@ -4714,9 +4816,18 @@ version = "0.4.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908"
 dependencies = [
- "aho-corasick",
+ "aho-corasick 1.1.3",
  "memchr",
- "regex-syntax",
+ "regex-syntax 0.8.5",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.5.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7d707a4fa2637f2dca2ef9fd02225ec7661fe01a53623c1e6515b6916511f7a7"
+dependencies = [
+ "ucd-util",
 ]
 
 [[package]]
@@ -4755,7 +4866,7 @@ dependencies = [
  "hyper-tls",
  "hyper-util",
  "js-sys",
- "log",
+ "log 0.4.29",
  "mime",
  "mime_guess",
  "native-tls",
@@ -4796,7 +4907,7 @@ dependencies = [
  "gobject-sys",
  "gtk-sys",
  "js-sys",
- "log",
+ "log 0.4.29",
  "objc2 0.6.1",
  "objc2-app-kit",
  "objc2-core-foundation",
@@ -4988,7 +5099,7 @@ dependencies = [
  "core-foundation 0.10.1",
  "core-foundation-sys",
  "jni",
- "log",
+ "log 0.4.29",
  "once_cell",
  "rustls",
  "rustls-native-certs",
@@ -5176,7 +5287,7 @@ dependencies = [
  "cssparser",
  "derive_more",
  "fxhash",
- "log",
+ "log 0.4.29",
  "phf 0.8.0",
  "phf_codegen 0.8.0",
  "precomputed-hash",
@@ -5544,7 +5655,7 @@ dependencies = [
  "core-graphics 0.24.0",
  "foreign-types 0.5.0",
  "js-sys",
- "log",
+ "log 0.4.29",
  "objc2 0.5.2",
  "objc2-foundation 0.2.2",
  "objc2-quartz-core 0.2.2",
@@ -5692,6 +5803,18 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "sysproxy"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9707a79d3b95683aa5a9521e698ffd878b8fb289727c25a69157fb85d529ffff"
+dependencies = [
+ "interfaces",
+ "thiserror 1.0.69",
+ "winapi",
+ "winreg 0.10.1",
+]
+
 [[package]]
 name = "system-configuration"
 version = "0.6.1"
@@ -5744,9 +5867,9 @@ dependencies = [
  "gdkx11-sys",
  "gtk",
  "jni",
- "lazy_static",
+ "lazy_static 1.5.0",
  "libc",
- "log",
+ "log 0.4.29",
  "ndk",
  "ndk-context",
  "ndk-sys",
@@ -5820,7 +5943,7 @@ dependencies = [
  "http-range",
  "jni",
  "libc",
- "log",
+ "log 0.4.29",
  "mime",
  "muda",
  "objc2 0.6.1",
@@ -5939,7 +6062,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "206dc20af4ed210748ba945c2774e60fd0acd52b9a73a028402caf809e9b6ecf"
 dependencies = [
  "arboard",
- "log",
+ "log 0.4.29",
  "serde",
  "serde_json",
  "tauri",
@@ -5974,7 +6097,7 @@ version = "2.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "313f8138692ddc4a2127c4c9607d616a46f5c042e77b3722450866da0aad2f19"
 dependencies = [
- "log",
+ "log 0.4.29",
  "raw-window-handle",
  "rfd",
  "serde",
@@ -6017,7 +6140,7 @@ dependencies = [
  "android_logger",
  "byte-unit",
  "fern",
- "log",
+ "log 0.4.29",
  "objc2 0.6.1",
  "objc2-foundation 0.3.1",
  "serde",
@@ -6059,7 +6182,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d8f08346c8deb39e96f86973da0e2d76cbb933d7ac9b750f6dc4daf955a6f997"
 dependencies = [
  "gethostname 1.0.2",
- "log",
+ "log 0.4.29",
  "os_info",
  "serde",
  "serde_json",
@@ -6077,10 +6200,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c374b6db45f2a8a304f0273a15080d98c70cde86178855fc24653ba657a1144c"
 dependencies = [
  "encoding_rs",
- "log",
+ "log 0.4.29",
  "open",
  "os_pipe",
- "regex",
+ "regex 1.11.1",
  "schemars",
  "serde",
  "serde_json",
@@ -6119,7 +6242,7 @@ dependencies = [
  "futures-util",
  "http",
  "infer",
- "log",
+ "log 0.4.29",
  "minisign-verify",
  "osakit",
  "percent-encoding",
@@ -6146,7 +6269,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "73736611e14142408d15353e21e3cca2f12a3cfb523ad0ce85999b6d2ef1a704"
 dependencies = [
  "bitflags 2.9.1",
- "log",
+ "log 0.4.29",
  "serde",
  "serde_json",
  "tauri",
@@ -6188,7 +6311,7 @@ dependencies = [
  "gtk",
  "http",
  "jni",
- "log",
+ "log 0.4.29",
  "objc2 0.6.1",
  "objc2-app-kit",
  "objc2-foundation 0.3.1",
@@ -6223,12 +6346,12 @@ dependencies = [
  "infer",
  "json-patch",
  "kuchikiki",
- "log",
+ "log 0.4.29",
  "memchr",
  "phf 0.11.3",
  "proc-macro2",
  "quote",
- "regex",
+ "regex 1.11.1",
  "schemars",
  "semver",
  "serde",
@@ -6328,6 +6451,15 @@ dependencies = [
  "syn 2.0.101",
 ]
 
+[[package]]
+name = "thread_local"
+version = "0.3.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c6b53e329000edc2b34dbe8545fd20e55a333362d0a321909685a19bd28c3f1b"
+dependencies = [
+ "lazy_static 1.5.0",
+]
+
 [[package]]
 name = "tiff"
 version = "0.9.1"
@@ -6472,7 +6604,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7a9daff607c6d2bf6c16fd681ccb7eecc83e4e2cdc1ca067ffaadfca5de7f084"
 dependencies = [
  "futures-util",
- "log",
+ "log 0.4.29",
  "rustls",
  "rustls-native-certs",
  "rustls-pki-types",
@@ -6816,7 +6948,7 @@ dependencies = [
  "data-encoding",
  "http",
  "httparse",
- "log",
+ "log 0.4.29",
  "rand 0.9.1",
  "rustls",
  "rustls-pki-types",
@@ -6837,13 +6969,19 @@ version = "1.18.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f"
 
+[[package]]
+name = "ucd-util"
+version = "0.1.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "abd2fc5d32b590614af8b0a20d837f32eca055edd0bbead59a9cfe80858be003"
+
 [[package]]
 name = "uds_windows"
 version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "89daebc3e6fd160ac4aa9fc8b3bf71e1f74fbf92367ae71fb83a037e8bf164b9"
 dependencies = [
- "memoffset",
+ "memoffset 0.9.1",
  "tempfile",
  "winapi",
 ]
@@ -6953,7 +7091,7 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "70acd30e3aa1450bc2eece896ce2ad0d178e9c079493819301573dae3c37ba6d"
 dependencies = [
- "regex",
+ "regex 1.11.1",
  "serde",
  "unic-ucd-ident",
  "url",
@@ -6965,6 +7103,12 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"
 
+[[package]]
+name = "utf8-ranges"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7fcfc827f90e53a02eaef5e535ee14266c1d569214c6aa70133a624d8a3164ba"
+
 [[package]]
 name = "utf8-width"
 version = "0.1.7"
@@ -7101,7 +7245,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6"
 dependencies = [
  "bumpalo",
- "log",
+ "log 0.4.29",
  "proc-macro2",
  "quote",
  "syn 2.0.101",
@@ -7848,6 +7992,15 @@ dependencies = [
  "memchr",
 ]
 
+[[package]]
+name = "winreg"
+version = "0.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "80d0f4e272c85def139476380b12f9ac60926689dd2e01d4923222f40580869d"
+dependencies = [
+ "winapi",
+]
+
 [[package]]
 name = "winreg"
 version = "0.55.0"
@@ -7874,7 +8027,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8e5ff8d0e60065f549fafd9d6cb626203ea64a798186c80d8e7df4f8af56baeb"
 dependencies = [
  "libc",
- "log",
+ "log 0.4.29",
  "os_pipe",
  "rustix 0.38.44",
  "tempfile",
@@ -7994,6 +8147,17 @@ dependencies = [
  "rustix 1.0.7",
 ]
 
+[[package]]
+name = "yaak-api"
+version = "0.1.0"
+dependencies = [
+ "log 0.4.29",
+ "reqwest",
+ "sysproxy",
+ "thiserror 2.0.17",
+ "yaak-common",
+]
+
 [[package]]
 name = "yaak-app"
 version = "0.0.0"
@@ -8003,7 +8167,7 @@ dependencies = [
  "cookie",
  "eventsource-client",
  "http",
- "log",
+ "log 0.4.29",
  "md5 0.8.0",
  "mime_guess",
  "openssl-sys",
@@ -8034,6 +8198,7 @@ dependencies = [
  "ts-rs",
  "url",
  "uuid",
+ "yaak-api",
  "yaak-common",
  "yaak-core",
  "yaak-crypto",
@@ -8060,7 +8225,7 @@ dependencies = [
  "clap",
  "dirs",
  "env_logger",
- "log",
+ "log 0.4.29",
  "serde_json",
  "tokio",
  "yaak-crypto",
@@ -8093,7 +8258,7 @@ dependencies = [
  "base64 0.22.1",
  "chacha20poly1305",
  "keyring",
- "log",
+ "log 0.4.29",
  "serde",
  "thiserror 2.0.17",
  "yaak-models",
@@ -8117,7 +8282,7 @@ version = "0.1.0"
 dependencies = [
  "chrono",
  "git2",
- "log",
+ "log 0.4.29",
  "serde",
  "serde_json",
  "serde_yaml",
@@ -8139,7 +8304,7 @@ dependencies = [
  "dunce",
  "hyper-rustls",
  "hyper-util",
- "log",
+ "log 0.4.29",
  "md5 0.7.0",
  "prost",
  "prost-reflect",
@@ -8167,10 +8332,11 @@ dependencies = [
  "cookie",
  "flate2",
  "futures-util",
+ "http-body",
  "hyper-util",
- "log",
+ "log 0.4.29",
  "mime_guess",
- "regex",
+ "regex 1.11.1",
  "reqwest",
  "serde",
  "serde_json",
@@ -8191,7 +8357,7 @@ name = "yaak-license"
 version = "0.1.0"
 dependencies = [
  "chrono",
- "log",
+ "log 0.4.29",
  "reqwest",
  "serde",
  "serde_json",
@@ -8199,9 +8365,9 @@ dependencies = [
  "tauri-plugin",
  "thiserror 2.0.17",
  "ts-rs",
+ "yaak-api",
  "yaak-common",
  "yaak-models",
- "yaak-tauri-utils",
 ]
 
 [[package]]
@@ -8210,7 +8376,7 @@ version = "0.1.0"
 dependencies = [
  "cocoa",
  "csscolorparser",
- "log",
+ "log 0.4.29",
  "objc",
  "rand 0.9.1",
  "tauri",
@@ -8224,7 +8390,7 @@ dependencies = [
  "chrono",
  "hex",
  "include_dir",
- "log",
+ "log 0.4.29",
  "nanoid",
  "r2d2",
  "r2d2_sqlite",
@@ -8249,11 +8415,11 @@ dependencies = [
  "futures-util",
  "hex",
  "keyring",
- "log",
+ "log 0.4.29",
  "md5 0.7.0",
  "path-slash",
  "rand 0.9.1",
- "regex",
+ "regex 1.11.1",
  "reqwest",
  "serde",
  "serde_json",
@@ -8283,7 +8449,7 @@ version = "0.1.0"
 dependencies = [
  "chrono",
  "hex",
- "log",
+ "log 0.4.29",
  "notify",
  "serde",
  "serde_json",
@@ -8300,12 +8466,8 @@ dependencies = [
 name = "yaak-tauri-utils"
 version = "0.1.0"
 dependencies = [
- "regex",
- "reqwest",
- "serde",
+ "regex 1.11.1",
  "tauri",
- "thiserror 2.0.17",
- "yaak-common",
 ]
 
 [[package]]
@@ -8313,7 +8475,7 @@ name = "yaak-templates"
 version = "0.1.0"
 dependencies = [
  "base64 0.22.1",
- "log",
+ "log 0.4.29",
  "serde",
  "serde-wasm-bindgen",
  "serde_json",
@@ -8327,7 +8489,7 @@ dependencies = [
 name = "yaak-tls"
 version = "0.1.0"
 dependencies = [
- "log",
+ "log 0.4.29",
  "p12",
  "rustls",
  "rustls-pemfile",
@@ -8344,7 +8506,7 @@ version = "0.1.0"
 dependencies = [
  "futures-util",
  "http",
- "log",
+ "log 0.4.29",
  "md5 0.8.0",
  "serde",
  "serde_json",
@@ -8408,7 +8570,7 @@ dependencies = [
  "futures-core",
  "futures-lite",
  "hex",
- "nix",
+ "nix 0.30.1",
  "ordered-stream",
  "serde",
  "serde_repr",
@@ -8575,7 +8737,7 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "aed5f10c571472911e37d8f7601a8dfba52b4f7f73a344015291b82ab292faf6"
 dependencies = [
- "log",
+ "log 0.4.29",
  "thiserror 2.0.17",
  "zip",
 ]
@@ -8594,7 +8756,7 @@ checksum = "edfc5ee405f504cd4984ecc6f14d02d55cfda60fa4b689434ef4102aae150cd7"
 dependencies = [
  "bumpalo",
  "crc32fast",
- "log",
+ "log 0.4.29",
  "simd-adler32",
 ]
 

Cargo.toml

@@ -15,6 +15,7 @@ members = [
     "crates/yaak-templates",
     "crates/yaak-tls",
     "crates/yaak-ws",
+    "crates/yaak-api",
     # CLI crates
     "crates-cli/yaak-cli",
     # Tauri-specific crates
@@ -58,6 +59,7 @@ yaak-sync = { path = "crates/yaak-sync" }
 yaak-templates = { path = "crates/yaak-templates" }
 yaak-tls = { path = "crates/yaak-tls" }
 yaak-ws = { path = "crates/yaak-ws" }
+yaak-api = { path = "crates/yaak-api" }
 
 # Internal crates - Tauri-specific
 yaak-fonts = { path = "crates-tauri/yaak-fonts" }

biome.json

@@ -47,7 +47,8 @@
       "!src-web/vite.config.ts",
       "!src-web/routeTree.gen.ts",
       "!packages/plugin-runtime-types/lib",
-      "!**/bindings"
+      "!**/bindings",
+      "!flatpak"
     ]
   }
 }

crates-tauri/yaak-app/Cargo.toml

@@ -57,6 +57,7 @@ url = "2"
 tokio-util = { version = "0.7", features = ["codec"] }
 ts-rs = { workspace = true }
 uuid = "1.12.1"
+yaak-api = { workspace = true }
 yaak-common = { workspace = true }
 yaak-tauri-utils = { workspace = true }
 yaak-core = { workspace = true }

crates-tauri/yaak-app/src/error.rs

@@ -36,7 +36,7 @@ pub enum Error {
     PluginError(#[from] yaak_plugins::error::Error),
 
     #[error(transparent)]
-    TauriUtilsError(#[from] yaak_tauri_utils::error::Error),
+    ApiError(#[from] yaak_api::Error),
 
     #[error(transparent)]
     ClipboardError(#[from] tauri_plugin_clipboard_manager::Error),

crates-tauri/yaak-app/src/http_request.rs

@@ -414,7 +414,7 @@ async fn execute_transaction<R: Runtime>(
             sendable_request.body = Some(SendableBody::Bytes(bytes));
             None
         }
-        Some(SendableBody::Stream(stream)) => {
+        Some(SendableBody::Stream { data: stream, content_length }) => {
             // Wrap stream with TeeReader to capture data as it's read
             // Use unbounded channel to ensure all data is captured without blocking the HTTP request
             let (body_chunk_tx, body_chunk_rx) = tokio::sync::mpsc::unbounded_channel::<Vec<u8>>();
@@ -448,7 +448,7 @@ async fn execute_transaction<R: Runtime>(
                 None
             };
 
-            sendable_request.body = Some(SendableBody::Stream(pinned));
+            sendable_request.body = Some(SendableBody::Stream { data: pinned, content_length });
             handle
         }
         None => {

crates-tauri/yaak-app/src/lib.rs

@@ -1095,8 +1095,13 @@ async fn cmd_get_http_authentication_config<R: Runtime>(
 
     // Convert HashMap<String, JsonPrimitive> to serde_json::Value for rendering
     let values_json: serde_json::Value = serde_json::to_value(&values)?;
-    let rendered_json =
-        render_json_value(values_json, environment_chain, &cb, &RenderOptions::throw()).await?;
+    let rendered_json = render_json_value(
+        values_json,
+        environment_chain,
+        &cb,
+        &RenderOptions::return_empty(),
+    )
+    .await?;
 
     // Convert back to HashMap<String, JsonPrimitive>
     let rendered_values: HashMap<String, JsonPrimitive> = serde_json::from_value(rendered_json)?;

crates-tauri/yaak-app/src/notifications.rs

@@ -10,7 +10,7 @@ use tauri::{AppHandle, Emitter, Manager, Runtime, WebviewWindow};
 use ts_rs::TS;
 use yaak_common::platform::get_os_str;
 use yaak_models::util::UpdateSource;
-use yaak_tauri_utils::api_client::yaak_api_client;
+use yaak_api::yaak_api_client;
 
 // Check for updates every hour
 const MAX_UPDATE_CHECK_SECONDS: u64 = 60 * 60;
@@ -101,7 +101,8 @@ impl YaakNotifier {
         let license_check = "disabled".to_string();
 
         let launch_info = get_or_upsert_launch_info(app_handle);
-        let req = yaak_api_client(app_handle)?
+        let app_version = app_handle.package_info().version.to_string();
+        let req = yaak_api_client(&app_version)?
             .request(Method::GET, "https://notify.yaak.app/notifications")
             .query(&[
                 ("version", &launch_info.current_version),

crates-tauri/yaak-app/src/plugins_ext.rs

@@ -31,7 +31,7 @@ use yaak_plugins::events::{Color, Icon, PluginContext, ShowToastRequest};
 use yaak_plugins::install::{delete_and_uninstall, download_and_install};
 use yaak_plugins::manager::PluginManager;
 use yaak_plugins::plugin_meta::get_plugin_meta;
-use yaak_tauri_utils::api_client::yaak_api_client;
+use yaak_api::yaak_api_client;
 
 static EXITING: AtomicBool = AtomicBool::new(false);
 
@@ -72,7 +72,8 @@ impl PluginUpdater {
 
         info!("Checking for plugin updates");
 
-        let http_client = yaak_api_client(window.app_handle())?;
+        let app_version = window.app_handle().package_info().version.to_string();
+        let http_client = yaak_api_client(&app_version)?;
         let plugins = window.app_handle().db().list_plugins()?;
         let updates = check_plugin_updates(&http_client, plugins.clone()).await?;
 
@@ -136,7 +137,8 @@ pub async fn cmd_plugins_search<R: Runtime>(
     app_handle: AppHandle<R>,
     query: &str,
 ) -> Result<PluginSearchResponse> {
-    let http_client = yaak_api_client(&app_handle)?;
+    let app_version = app_handle.package_info().version.to_string();
+    let http_client = yaak_api_client(&app_version)?;
     Ok(search_plugins(&http_client, query).await?)
 }
 
@@ -147,7 +149,8 @@ pub async fn cmd_plugins_install<R: Runtime>(
     version: Option<String>,
 ) -> Result<()> {
     let plugin_manager = Arc::new((*window.state::<PluginManager>()).clone());
-    let http_client = yaak_api_client(window.app_handle())?;
+    let app_version = window.app_handle().package_info().version.to_string();
+    let http_client = yaak_api_client(&app_version)?;
     let query_manager = window.state::<yaak_models::query_manager::QueryManager>();
     let plugin_context = window.plugin_context();
     download_and_install(
@@ -177,7 +180,8 @@ pub async fn cmd_plugins_uninstall<R: Runtime>(
 pub async fn cmd_plugins_updates<R: Runtime>(
     app_handle: AppHandle<R>,
 ) -> Result<PluginUpdatesResponse> {
-    let http_client = yaak_api_client(&app_handle)?;
+    let app_version = app_handle.package_info().version.to_string();
+    let http_client = yaak_api_client(&app_version)?;
     let plugins = app_handle.db().list_plugins()?;
     Ok(check_plugin_updates(&http_client, plugins).await?)
 }
@@ -186,7 +190,8 @@ pub async fn cmd_plugins_updates<R: Runtime>(
 pub async fn cmd_plugins_update_all<R: Runtime>(
     window: WebviewWindow<R>,
 ) -> Result<Vec<PluginNameVersion>> {
-    let http_client = yaak_api_client(window.app_handle())?;
+    let app_version = window.app_handle().package_info().version.to_string();
+    let http_client = yaak_api_client(&app_version)?;
     let plugins = window.db().list_plugins()?;
 
     // Get list of available updates (already filtered to only registry plugins)

crates-tauri/yaak-app/src/updates.rs

@@ -15,6 +15,9 @@ use ts_rs::TS;
 use yaak_models::util::generate_id;
 use yaak_plugins::manager::PluginManager;
 
+use url::Url;
+use yaak_api::get_system_proxy_url;
+
 use crate::error::Error::GenericError;
 use crate::is_dev;
 
@@ -87,8 +90,13 @@ impl YaakUpdater {
         info!("Checking for updates mode={} autodl={}", mode, auto_download);
 
         let w = window.clone();
-        let update_check_result = w
-            .updater_builder()
+        let mut updater_builder = w.updater_builder();
+        if let Some(proxy_url) = get_system_proxy_url() {
+            if let Ok(url) = Url::parse(&proxy_url) {
+                updater_builder = updater_builder.proxy(url);
+            }
+        }
+        let update_check_result = updater_builder
             .on_before_exit(move || {
                 // Kill plugin manager before exit or NSIS installer will fail to replace sidecar
                 // while it's running.

crates-tauri/yaak-app/src/uri_scheme.rs

@@ -12,7 +12,7 @@ use yaak_models::util::generate_id;
 use yaak_plugins::events::{Color, ShowToastRequest};
 use yaak_plugins::install::download_and_install;
 use yaak_plugins::manager::PluginManager;
-use yaak_tauri_utils::api_client::yaak_api_client;
+use yaak_api::yaak_api_client;
 
 pub(crate) async fn handle_deep_link<R: Runtime>(
     app_handle: &AppHandle<R>,
@@ -46,7 +46,8 @@ pub(crate) async fn handle_deep_link<R: Runtime>(
 
             let plugin_manager = Arc::new((*window.state::<PluginManager>()).clone());
             let query_manager = app_handle.db_manager();
-            let http_client = yaak_api_client(app_handle)?;
+            let app_version = app_handle.package_info().version.to_string();
+            let http_client = yaak_api_client(&app_version)?;
             let plugin_context = window.plugin_context();
             let pv = download_and_install(
                 plugin_manager,
@@ -86,7 +87,8 @@ pub(crate) async fn handle_deep_link<R: Runtime>(
                     return Ok(());
                 }
 
-                let resp = yaak_api_client(app_handle)?.get(file_url).send().await?;
+                let app_version = app_handle.package_info().version.to_string();
+                let resp = yaak_api_client(&app_version)?.get(file_url).send().await?;
                 let json = resp.bytes().await?;
                 let p = app_handle
                     .path()

crates-tauri/yaak-license/Cargo.toml

@@ -16,7 +16,7 @@ thiserror = { workspace = true }
 ts-rs = { workspace = true }
 yaak-common = { workspace = true }
 yaak-models = { workspace = true }
-yaak-tauri-utils = { workspace = true }
+yaak-api = { workspace = true }
 
 [build-dependencies]
 tauri-plugin = { workspace = true, features = ["build"] }

crates-tauri/yaak-license/src/error.rs

@@ -16,7 +16,7 @@ pub enum Error {
     ModelError(#[from] yaak_models::error::Error),
 
     #[error(transparent)]
-    TauriUtilsError(#[from] yaak_tauri_utils::error::Error),
+    ApiError(#[from] yaak_api::Error),
 
     #[error("Internal server error")]
     ServerError,

crates-tauri/yaak-license/src/license.rs

@@ -11,7 +11,7 @@ use yaak_common::platform::get_os_str;
 use yaak_models::db_context::DbContext;
 use yaak_models::query_manager::QueryManager;
 use yaak_models::util::UpdateSource;
-use yaak_tauri_utils::api_client::yaak_api_client;
+use yaak_api::yaak_api_client;
 
 /// Extension trait for accessing the QueryManager from Tauri Manager types.
 /// This is needed temporarily until all crates are refactored to not use Tauri.
@@ -118,11 +118,12 @@ pub async fn activate_license<R: Runtime>(
     license_key: &str,
 ) -> Result<()> {
     info!("Activating license {}", license_key);
-    let client = reqwest::Client::new();
+    let app_version = window.app_handle().package_info().version.to_string();
+    let client = yaak_api_client(&app_version)?;
     let payload = ActivateLicenseRequestPayload {
         license_key: license_key.to_string(),
         app_platform: get_os_str().to_string(),
-        app_version: window.app_handle().package_info().version.to_string(),
+        app_version,
     };
     let response = client.post(build_url("/licenses/activate")).json(&payload).send().await?;
 
@@ -155,11 +156,12 @@ pub async fn deactivate_license<R: Runtime>(window: &WebviewWindow<R>) -> Result
     let app_handle = window.app_handle();
     let activation_id = get_activation_id(app_handle).await;
 
-    let client = reqwest::Client::new();
+    let app_version = window.app_handle().package_info().version.to_string();
+    let client = yaak_api_client(&app_version)?;
     let path = format!("/licenses/activations/{}/deactivate", activation_id);
     let payload = DeactivateLicenseRequestPayload {
         app_platform: get_os_str().to_string(),
-        app_version: window.app_handle().package_info().version.to_string(),
+        app_version,
     };
     let response = client.post(build_url(&path)).json(&payload).send().await?;
 
@@ -186,9 +188,10 @@ pub async fn deactivate_license<R: Runtime>(window: &WebviewWindow<R>) -> Result
 }
 
 pub async fn check_license<R: Runtime>(window: &WebviewWindow<R>) -> Result<LicenseCheckStatus> {
+    let app_version = window.app_handle().package_info().version.to_string();
     let payload = CheckActivationRequestPayload {
         app_platform: get_os_str().to_string(),
-        app_version: window.package_info().version.to_string(),
+        app_version,
     };
     let activation_id = get_activation_id(window.app_handle()).await;
 
@@ -204,7 +207,7 @@ pub async fn check_license<R: Runtime>(window: &WebviewWindow<R>) -> Result<Lice
         (true, _) => {
             info!("Checking license activation");
             // A license has been activated, so let's check the license server
-            let client = yaak_api_client(window.app_handle())?;
+            let client = yaak_api_client(&payload.app_version)?;
             let path = format!("/licenses/activations/{activation_id}/check-v2");
             let response = client.post(build_url(&path)).json(&payload).send().await?;
 

crates-tauri/yaak-tauri-utils/Cargo.toml

@@ -6,8 +6,4 @@ publish = false
 
 [dependencies]
 tauri = { workspace = true }
-reqwest = { workspace = true, features = ["gzip"] }
-thiserror = { workspace = true }
-serde = { workspace = true, features = ["derive"] }
 regex = "1.11.0"
-yaak-common = { workspace = true }

crates-tauri/yaak-tauri-utils/src/api_client.rs

@@ -1,24 +0,0 @@
-use crate::error::Result;
-use reqwest::Client;
-use std::time::Duration;
-use tauri::http::{HeaderMap, HeaderValue};
-use tauri::{AppHandle, Runtime};
-use yaak_common::platform::{get_ua_arch, get_ua_platform};
-
-pub fn yaak_api_client<R: Runtime>(app_handle: &AppHandle<R>) -> Result<Client> {
-    let platform = get_ua_platform();
-    let version = app_handle.package_info().version.clone();
-    let arch = get_ua_arch();
-    let ua = format!("Yaak/{version} ({platform}; {arch})");
-    let mut default_headers = HeaderMap::new();
-    default_headers.insert("Accept", HeaderValue::from_str("application/json").unwrap());
-
-    let client = reqwest::ClientBuilder::new()
-        .timeout(Duration::from_secs(20))
-        .default_headers(default_headers)
-        .gzip(true)
-        .user_agent(ua)
-        .build()?;
-
-    Ok(client)
-}

crates-tauri/yaak-tauri-utils/src/error.rs

@@ -1,19 +0,0 @@
-use serde::{Serialize, Serializer};
-use thiserror::Error;
-
-#[derive(Error, Debug)]
-pub enum Error {
-    #[error(transparent)]
-    ReqwestError(#[from] reqwest::Error),
-}
-
-impl Serialize for Error {
-    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
-    where
-        S: Serializer,
-    {
-        serializer.serialize_str(self.to_string().as_ref())
-    }
-}
-
-pub type Result<T> = std::result::Result<T, Error>;

crates-tauri/yaak-tauri-utils/src/lib.rs

@@ -1,3 +1 @@
-pub mod api_client;
-pub mod error;
 pub mod window;

crates/yaak-api/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "yaak-api"
+version = "0.1.0"
+edition = "2024"
+publish = false
+
+[dependencies]
+log = { workspace = true }
+reqwest = { workspace = true, features = ["gzip"] }
+sysproxy = "0.3"
+thiserror = { workspace = true }
+yaak-common = { workspace = true }

crates/yaak-api/src/error.rs

@@ -0,0 +1,9 @@
+use thiserror::Error;
+
+#[derive(Error, Debug)]
+pub enum Error {
+    #[error(transparent)]
+    ReqwestError(#[from] reqwest::Error),
+}
+
+pub type Result<T> = std::result::Result<T, Error>;

crates/yaak-api/src/lib.rs

@@ -0,0 +1,70 @@
+mod error;
+
+pub use error::{Error, Result};
+
+use log::{debug, warn};
+use reqwest::Client;
+use reqwest::header::{HeaderMap, HeaderValue};
+use std::time::Duration;
+use yaak_common::platform::{get_ua_arch, get_ua_platform};
+
+/// Build a reqwest Client configured for Yaak's own API calls.
+///
+/// Includes a custom User-Agent, JSON accept header, 20s timeout, gzip,
+/// and automatic OS-level proxy detection via sysproxy.
+pub fn yaak_api_client(version: &str) -> Result<Client> {
+    let platform = get_ua_platform();
+    let arch = get_ua_arch();
+    let ua = format!("Yaak/{version} ({platform}; {arch})");
+
+    let mut default_headers = HeaderMap::new();
+    default_headers.insert("Accept", HeaderValue::from_str("application/json").unwrap());
+
+    let mut builder = reqwest::ClientBuilder::new()
+        .timeout(Duration::from_secs(20))
+        .default_headers(default_headers)
+        .gzip(true)
+        .user_agent(ua);
+
+    if let Some(sys) = get_enabled_system_proxy() {
+        let proxy_url = format!("http://{}:{}", sys.host, sys.port);
+        match reqwest::Proxy::all(&proxy_url) {
+            Ok(p) => {
+                let p = if !sys.bypass.is_empty() {
+                    p.no_proxy(reqwest::NoProxy::from_string(&sys.bypass))
+                } else {
+                    p
+                };
+                builder = builder.proxy(p);
+            }
+            Err(e) => {
+                warn!("Failed to configure system proxy: {e}");
+            }
+        }
+    }
+
+    Ok(builder.build()?)
+}
+
+/// Returns the system proxy URL if one is enabled, e.g. `http://host:port`.
+pub fn get_system_proxy_url() -> Option<String> {
+    let sys = get_enabled_system_proxy()?;
+    Some(format!("http://{}:{}", sys.host, sys.port))
+}
+
+fn get_enabled_system_proxy() -> Option<sysproxy::Sysproxy> {
+    match sysproxy::Sysproxy::get_system_proxy() {
+        Ok(sys) if sys.enable => {
+            debug!("Detected system proxy: http://{}:{}", sys.host, sys.port);
+            Some(sys)
+        }
+        Ok(_) => {
+            debug!("System proxy detected but not enabled");
+            None
+        }
+        Err(e) => {
+            debug!("Could not detect system proxy: {e}");
+            None
+        }
+    }
+}

crates/yaak-git/src/pull.rs

@@ -44,43 +44,65 @@ pub async fn git_pull(dir: &Path) -> Result<PullResult> {
         (branch_name, remote_name, remote_url)
     };
 
-    let out = new_binary_command(dir)
+    // Step 1: fetch the specific branch
+    // NOTE: We use fetch + merge instead of `git pull` to avoid conflicts with
+    // global git config (e.g. pull.ff=only) and the background fetch --all.
+    let fetch_out = new_binary_command(dir)
         .await?
-        .args(["pull", &remote_name, &branch_name])
+        .args(["fetch", &remote_name, &branch_name])
         .env("GIT_TERMINAL_PROMPT", "0")
         .output()
         .await
-        .map_err(|e| GenericError(format!("failed to run git pull: {e}")))?;
+        .map_err(|e| GenericError(format!("failed to run git fetch: {e}")))?;
 
-    let stdout = String::from_utf8_lossy(&out.stdout);
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    let combined = stdout + stderr;
+    let fetch_stdout = String::from_utf8_lossy(&fetch_out.stdout);
+    let fetch_stderr = String::from_utf8_lossy(&fetch_out.stderr);
+    let fetch_combined = format!("{fetch_stdout}{fetch_stderr}");
 
-    info!("Pulled status={} {combined}", out.status);
+    info!("Fetched status={} {fetch_combined}", fetch_out.status);
 
-    if combined.to_lowercase().contains("could not read") {
+    if fetch_combined.to_lowercase().contains("could not read") {
         return Ok(PullResult::NeedsCredentials { url: remote_url.to_string(), error: None });
     }
 
-    if combined.to_lowercase().contains("unable to access") {
+    if fetch_combined.to_lowercase().contains("unable to access") {
         return Ok(PullResult::NeedsCredentials {
             url: remote_url.to_string(),
-            error: Some(combined.to_string()),
+            error: Some(fetch_combined.to_string()),
         });
     }
 
-    if !out.status.success() {
-        let combined_lower = combined.to_lowercase();
-        if combined_lower.contains("cannot fast-forward")
-            || combined_lower.contains("not possible to fast-forward")
-            || combined_lower.contains("diverged")
+    if !fetch_out.status.success() {
+        return Err(GenericError(format!("Failed to fetch: {fetch_combined}")));
+    }
+
+    // Step 2: merge the fetched branch
+    let ref_name = format!("{}/{}", remote_name, branch_name);
+    let merge_out = new_binary_command(dir)
+        .await?
+        .args(["merge", "--ff-only", &ref_name])
+        .output()
+        .await
+        .map_err(|e| GenericError(format!("failed to run git merge: {e}")))?;
+
+    let merge_stdout = String::from_utf8_lossy(&merge_out.stdout);
+    let merge_stderr = String::from_utf8_lossy(&merge_out.stderr);
+    let merge_combined = format!("{merge_stdout}{merge_stderr}");
+
+    info!("Merged status={} {merge_combined}", merge_out.status);
+
+    if !merge_out.status.success() {
+        let merge_lower = merge_combined.to_lowercase();
+        if merge_lower.contains("cannot fast-forward")
+            || merge_lower.contains("not possible to fast-forward")
+            || merge_lower.contains("diverged")
         {
             return Ok(PullResult::Diverged { remote: remote_name, branch: branch_name });
         }
-        return Err(GenericError(format!("Failed to pull {combined}")));
+        return Err(GenericError(format!("Failed to merge: {merge_combined}")));
     }
 
-    if combined.to_lowercase().contains("up to date") {
+    if merge_combined.to_lowercase().contains("up to date") {
         return Ok(PullResult::UpToDate);
     }
 

crates/yaak-http/Cargo.toml

@@ -12,6 +12,7 @@ bytes = "1.11.1"
 cookie = "0.18.1"
 flate2 = "1"
 futures-util = "0.3"
+http-body = "1"
 url = "2"
 zstd = "0.13"
 hyper-util = { version = "0.1.17", default-features = false, features = ["client-legacy"] }

crates/yaak-http/src/sender.rs

@@ -2,7 +2,9 @@ use crate::decompress::{ContentEncoding, streaming_decoder};
 use crate::error::{Error, Result};
 use crate::types::{SendableBody, SendableHttpRequest};
 use async_trait::async_trait;
+use bytes::Bytes;
 use futures_util::StreamExt;
+use http_body::{Body as HttpBody, Frame, SizeHint};
 use reqwest::{Client, Method, Version};
 use std::fmt::Display;
 use std::pin::Pin;
@@ -413,10 +415,16 @@ impl HttpSender for ReqwestSender {
             Some(SendableBody::Bytes(bytes)) => {
                 req_builder = req_builder.body(bytes);
             }
-            Some(SendableBody::Stream(stream)) => {
-                // Convert AsyncRead stream to reqwest Body
-                let stream = tokio_util::io::ReaderStream::new(stream);
-                let body = reqwest::Body::wrap_stream(stream);
+            Some(SendableBody::Stream { data, content_length }) => {
+                // Convert AsyncRead stream to reqwest Body. If content length is
+                // known, wrap with a SizedBody so hyper can set Content-Length
+                // automatically (for both HTTP/1.1 and HTTP/2).
+                let stream = tokio_util::io::ReaderStream::new(data);
+                let body = if let Some(len) = content_length {
+                    reqwest::Body::wrap(SizedBody::new(stream, len))
+                } else {
+                    reqwest::Body::wrap_stream(stream)
+                };
                 req_builder = req_builder.body(body);
             }
         }
@@ -520,6 +528,51 @@ impl HttpSender for ReqwestSender {
     }
 }
 
+/// A wrapper around a byte stream that reports a known content length via
+/// `size_hint()`. This lets hyper set the `Content-Length` header
+/// automatically based on the body size, without us having to add it as an
+/// explicit header — which can cause duplicate `Content-Length` headers and
+/// break HTTP/2.
+struct SizedBody<S> {
+    stream: std::sync::Mutex<S>,
+    remaining: u64,
+}
+
+impl<S> SizedBody<S> {
+    fn new(stream: S, content_length: u64) -> Self {
+        Self { stream: std::sync::Mutex::new(stream), remaining: content_length }
+    }
+}
+
+impl<S> HttpBody for SizedBody<S>
+where
+    S: futures_util::Stream<Item = std::result::Result<Bytes, std::io::Error>> + Send + Unpin + 'static,
+{
+    type Data = Bytes;
+    type Error = std::io::Error;
+
+    fn poll_frame(
+        self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+    ) -> Poll<Option<std::result::Result<Frame<Self::Data>, Self::Error>>> {
+        let this = self.get_mut();
+        let mut stream = this.stream.lock().unwrap();
+        match stream.poll_next_unpin(cx) {
+            Poll::Ready(Some(Ok(chunk))) => {
+                this.remaining = this.remaining.saturating_sub(chunk.len() as u64);
+                Poll::Ready(Some(Ok(Frame::data(chunk))))
+            }
+            Poll::Ready(Some(Err(e))) => Poll::Ready(Some(Err(e))),
+            Poll::Ready(None) => Poll::Ready(None),
+            Poll::Pending => Poll::Pending,
+        }
+    }
+
+    fn size_hint(&self) -> SizeHint {
+        SizeHint::with_exact(self.remaining)
+    }
+}
+
 fn version_to_str(version: &Version) -> String {
     match *version {
         Version::HTTP_09 => "HTTP/0.9".to_string(),

crates/yaak-http/src/types.rs

@@ -16,7 +16,13 @@ pub(crate) const MULTIPART_BOUNDARY: &str = "------YaakFormBoundary";
 
 pub enum SendableBody {
     Bytes(Bytes),
-    Stream(Pin<Box<dyn AsyncRead + Send + 'static>>),
+    Stream {
+        data: Pin<Box<dyn AsyncRead + Send + 'static>>,
+        /// Known content length for the stream, if available. This is used by
+        /// the sender to set the body size hint so that hyper can set
+        /// Content-Length automatically for both HTTP/1.1 and HTTP/2.
+        content_length: Option<u64>,
+    },
 }
 
 enum SendableBodyWithMeta {
@@ -31,7 +37,10 @@ impl From<SendableBodyWithMeta> for SendableBody {
     fn from(value: SendableBodyWithMeta) -> Self {
         match value {
             SendableBodyWithMeta::Bytes(b) => SendableBody::Bytes(b),
-            SendableBodyWithMeta::Stream { data, .. } => SendableBody::Stream(data),
+            SendableBodyWithMeta::Stream { data, content_length } => SendableBody::Stream {
+                data,
+                content_length: content_length.map(|l| l as u64),
+            },
         }
     }
 }
@@ -186,23 +195,11 @@ async fn build_body(
         }
     }
 
-    // Check if Transfer-Encoding: chunked is already set
-    let has_chunked_encoding = headers.iter().any(|h| {
-        h.0.to_lowercase() == "transfer-encoding" && h.1.to_lowercase().contains("chunked")
-    });
-
-    // Add a Content-Length header only if chunked encoding is not being used
-    if !has_chunked_encoding {
-        let content_length = match body {
-            Some(SendableBodyWithMeta::Bytes(ref bytes)) => Some(bytes.len()),
-            Some(SendableBodyWithMeta::Stream { content_length, .. }) => content_length,
-            None => None,
-        };
-
-        if let Some(cl) = content_length {
-            headers.push(("Content-Length".to_string(), cl.to_string()));
-        }
-    }
+    // NOTE: Content-Length is NOT set as an explicit header here. Instead, the
+    // body's content length is carried via SendableBody::Stream { content_length }
+    // and used by the sender to set the body size hint. This lets hyper handle
+    // Content-Length automatically for both HTTP/1.1 and HTTP/2, avoiding the
+    // duplicate Content-Length that breaks HTTP/2 servers.
 
     Ok((body.map(|b| b.into()), headers))
 }
@@ -928,7 +925,27 @@ mod tests {
     }
 
     #[tokio::test]
-    async fn test_no_content_length_with_chunked_encoding() -> Result<()> {
+    async fn test_no_content_length_header_added_by_build_body() -> Result<()> {
+        let mut body = BTreeMap::new();
+        body.insert("text".to_string(), json!("Hello, World!"));
+
+        let headers = vec![];
+
+        let (_, result_headers) =
+            build_body("POST", &Some("text/plain".to_string()), &body, headers).await?;
+
+        // Content-Length should NOT be set as an explicit header. Instead, the
+        // sender uses the body's size_hint to let hyper set it automatically,
+        // which works correctly for both HTTP/1.1 and HTTP/2.
+        let has_content_length =
+            result_headers.iter().any(|h| h.0.to_lowercase() == "content-length");
+        assert!(!has_content_length, "Content-Length should not be set as an explicit header");
+
+        Ok(())
+    }
+
+    #[tokio::test]
+    async fn test_chunked_encoding_header_preserved() -> Result<()> {
         let mut body = BTreeMap::new();
         body.insert("text".to_string(), json!("Hello, World!"));
 
@@ -938,11 +955,6 @@ mod tests {
         let (_, result_headers) =
             build_body("POST", &Some("text/plain".to_string()), &body, headers).await?;
 
-        // Verify that Content-Length is NOT present when Transfer-Encoding: chunked is set
-        let has_content_length =
-            result_headers.iter().any(|h| h.0.to_lowercase() == "content-length");
-        assert!(!has_content_length, "Content-Length should not be present with chunked encoding");
-
         // Verify that the Transfer-Encoding header is still present
         let has_chunked = result_headers.iter().any(|h| {
             h.0.to_lowercase() == "transfer-encoding" && h.1.to_lowercase().contains("chunked")
@@ -951,31 +963,4 @@ mod tests {
 
         Ok(())
     }
-
-    #[tokio::test]
-    async fn test_content_length_without_chunked_encoding() -> Result<()> {
-        let mut body = BTreeMap::new();
-        body.insert("text".to_string(), json!("Hello, World!"));
-
-        // Headers without Transfer-Encoding: chunked
-        let headers = vec![];
-
-        let (_, result_headers) =
-            build_body("POST", &Some("text/plain".to_string()), &body, headers).await?;
-
-        // Verify that Content-Length IS present when Transfer-Encoding: chunked is NOT set
-        let content_length_header =
-            result_headers.iter().find(|h| h.0.to_lowercase() == "content-length");
-        assert!(
-            content_length_header.is_some(),
-            "Content-Length should be present without chunked encoding"
-        );
-        assert_eq!(
-            content_length_header.unwrap().1,
-            "13",
-            "Content-Length should match the body size"
-        );
-
-        Ok(())
-    }
 }

crates/yaak-templates/src/renderer.rs

@@ -81,6 +81,10 @@ impl RenderOptions {
     pub fn throw() -> Self {
         Self { error_behavior: RenderErrorBehavior::Throw }
     }
+
+    pub fn return_empty() -> Self {
+        Self { error_behavior: RenderErrorBehavior::ReturnEmpty }
+    }
 }
 
 impl RenderErrorBehavior {

plugins/auth-oauth2/package.json

@@ -13,5 +13,11 @@
     "build": "yaakcli build",
     "dev": "yaakcli dev",
     "test": "vitest --run tests"
+  },
+  "dependencies": {
+    "jsonwebtoken": "^9.0.2"
+  },
+  "devDependencies": {
+    "@types/jsonwebtoken": "^9.0.7"
   }
 }

plugins/auth-oauth2/src/fetchAccessToken.ts

@@ -4,26 +4,16 @@ import type { AccessTokenRawResponse } from './store';
 
 export async function fetchAccessToken(
   ctx: Context,
-  {
-    accessTokenUrl,
-    scope,
-    audience,
-    params,
-    grantType,
-    credentialsInBody,
-    clientId,
-    clientSecret,
-  }: {
+  args: {
     clientId: string;
-    clientSecret: string;
     grantType: string;
     accessTokenUrl: string;
     scope: string | null;
     audience: string | null;
-    credentialsInBody: boolean;
     params: HttpUrlParameter[];
-  },
+  } & ({ clientAssertion: string } | { clientSecret: string; credentialsInBody: boolean }),
 ): Promise<AccessTokenRawResponse> {
+  const { clientId, grantType, accessTokenUrl, scope, audience, params } = args;
   console.log('[oauth2] Getting access token', accessTokenUrl);
   const httpRequest: Partial<HttpRequest> = {
     method: 'POST',
@@ -34,7 +24,10 @@ export async function fetchAccessToken(
     },
     headers: [
       { name: 'User-Agent', value: 'yaak' },
-      { name: 'Accept', value: 'application/x-www-form-urlencoded, application/json' },
+      {
+        name: 'Accept',
+        value: 'application/x-www-form-urlencoded, application/json',
+      },
       { name: 'Content-Type', value: 'application/x-www-form-urlencoded' },
     ],
   };
@@ -42,11 +35,24 @@ export async function fetchAccessToken(
   if (scope) httpRequest.body?.form.push({ name: 'scope', value: scope });
   if (audience) httpRequest.body?.form.push({ name: 'audience', value: audience });
 
-  if (credentialsInBody) {
+  if ('clientAssertion' in args) {
     httpRequest.body?.form.push({ name: 'client_id', value: clientId });
-    httpRequest.body?.form.push({ name: 'client_secret', value: clientSecret });
+    httpRequest.body?.form.push({
+      name: 'client_assertion_type',
+      value: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
+    });
+    httpRequest.body?.form.push({
+      name: 'client_assertion',
+      value: args.clientAssertion,
+    });
+  } else if (args.credentialsInBody) {
+    httpRequest.body?.form.push({ name: 'client_id', value: clientId });
+    httpRequest.body?.form.push({
+      name: 'client_secret',
+      value: args.clientSecret,
+    });
   } else {
-    const value = `Basic ${Buffer.from(`${clientId}:${clientSecret}`).toString('base64')}`;
+    const value = `Basic ${Buffer.from(`${clientId}:${args.clientSecret}`).toString('base64')}`;
     httpRequest.headers?.push({ name: 'Authorization', value });
   }
 

plugins/auth-oauth2/src/grants/clientCredentials.ts

@@ -1,9 +1,99 @@
+import { createPrivateKey, randomUUID } from 'node:crypto';
 import type { Context } from '@yaakapp/api';
+import jwt, { type Algorithm } from 'jsonwebtoken';
 import { fetchAccessToken } from '../fetchAccessToken';
 import type { TokenStoreArgs } from '../store';
 import { getToken, storeToken } from '../store';
 import { isTokenExpired } from '../util';
 
+export const jwtAlgorithms = [
+  'HS256',
+  'HS384',
+  'HS512',
+  'RS256',
+  'RS384',
+  'RS512',
+  'PS256',
+  'PS384',
+  'PS512',
+  'ES256',
+  'ES384',
+  'ES512',
+  'none',
+] as const;
+
+export const defaultJwtAlgorithm = jwtAlgorithms[0];
+
+/**
+ * Build a signed JWT for the client_assertion parameter (RFC 7523).
+ *
+ * The `secret` value is auto-detected as one of:
+ *   - **JWK** – a JSON string containing a private-key object (has a `kty` field).
+ *   - **PEM** – a string whose trimmed form starts with `-----`.
+ *   - **HMAC secret** – anything else, used as-is for HS* algorithms.
+ */
+function buildClientAssertionJwt(params: {
+  clientId: string;
+  accessTokenUrl: string;
+  secret: string;
+  algorithm: Algorithm;
+}): string {
+  const { clientId, accessTokenUrl, secret, algorithm } = params;
+
+  const isHmac = algorithm.startsWith('HS') || algorithm === 'none';
+
+  // Resolve the signing key depending on format
+  let signingKey: jwt.Secret;
+  let kid: string | undefined;
+
+  const trimmed = secret.trim();
+
+  if (isHmac) {
+    // HMAC algorithms use the raw secret (string or Buffer)
+    signingKey = secret;
+  } else if (trimmed.startsWith('{')) {
+    // Looks like JSON - treat as JWK. There is surely a better way to detect JWK vs a raw secret, but this should work in most cases.
+    let jwk: any;
+    try {
+      jwk = JSON.parse(trimmed);
+    } catch {
+      throw new Error('Client Assertion secret looks like JSON but is not valid');
+    }
+
+    kid = jwk?.kid;
+    signingKey = createPrivateKey({ key: jwk, format: 'jwk' });
+  } else if (trimmed.startsWith('-----')) {
+    // PEM-encoded key
+    signingKey = createPrivateKey({ key: trimmed, format: 'pem' });
+  } else {
+    throw new Error(
+      'Client Assertion secret must be a JWK JSON object, a PEM-encoded key ' +
+        '(starting with -----), or a raw secret for HMAC algorithms.',
+    );
+  }
+
+  const now = Math.floor(Date.now() / 1000);
+  const payload = {
+    iss: clientId,
+    sub: clientId,
+    aud: accessTokenUrl,
+    iat: now,
+    exp: now + 300, // 5 minutes
+    jti: randomUUID(),
+  };
+
+  // Build the JWT header; include "kid" when available
+  const header: jwt.JwtHeader = { alg: algorithm, typ: 'JWT' };
+  if (kid) {
+    header.kid = kid;
+  }
+
+  return jwt.sign(JSON.stringify(payload), signingKey, {
+    algorithm: algorithm as jwt.Algorithm,
+    header,
+  });
+}
+
 export async function getClientCredentials(
   ctx: Context,
   contextId: string,
@@ -14,6 +104,10 @@ export async function getClientCredentials(
     scope,
     audience,
     credentialsInBody,
+    clientAssertionSecret,
+    clientAssertionSecretBase64,
+    clientCredentialsMethod,
+    clientAssertionAlgorithm,
   }: {
     accessTokenUrl: string;
     clientId: string;
@@ -21,6 +115,10 @@ export async function getClientCredentials(
     scope: string | null;
     audience: string | null;
     credentialsInBody: boolean;
+    clientAssertionSecret: string;
+    clientAssertionSecretBase64: boolean;
+    clientCredentialsMethod: string;
+    clientAssertionAlgorithm: string;
   },
 ) {
   const tokenArgs: TokenStoreArgs = {
@@ -34,16 +132,38 @@ export async function getClientCredentials(
     return token;
   }
 
-  const response = await fetchAccessToken(ctx, {
+  const common: Omit<
+    Parameters<typeof fetchAccessToken>[1],
+    'clientAssertion' | 'clientSecret' | 'credentialsInBody'
+  > = {
     grantType: 'client_credentials',
     accessTokenUrl,
     audience,
     clientId,
-    clientSecret,
     scope,
-    credentialsInBody,
     params: [],
-  });
+  };
+
+  const fetchParams: Parameters<typeof fetchAccessToken>[1] =
+    clientCredentialsMethod === 'client_assertion'
+      ? {
+          ...common,
+          clientAssertion: buildClientAssertionJwt({
+            clientId,
+            algorithm: clientAssertionAlgorithm as Algorithm,
+            accessTokenUrl,
+            secret: clientAssertionSecretBase64
+              ? Buffer.from(clientAssertionSecret, 'base64').toString('utf-8')
+              : clientAssertionSecret,
+          }),
+        }
+      : {
+          ...common,
+          clientSecret,
+          credentialsInBody,
+        };
+
+  const response = await fetchAccessToken(ctx, fetchParams);
 
   return storeToken(ctx, tokenArgs, response);
 }

plugins/auth-oauth2/src/index.ts

@@ -5,6 +5,7 @@ import type {
   JsonPrimitive,
   PluginDefinition,
 } from '@yaakapp/api';
+import type { Algorithm } from 'jsonwebtoken';
 import { DEFAULT_LOCALHOST_PORT, HOSTED_CALLBACK_URL, stopActiveServer } from './callbackServer';
 import {
   type CallbackType,
@@ -14,7 +15,11 @@ import {
   PKCE_PLAIN,
   PKCE_SHA256,
 } from './grants/authorizationCode';
-import { getClientCredentials } from './grants/clientCredentials';
+import {
+  defaultJwtAlgorithm,
+  getClientCredentials,
+  jwtAlgorithms,
+} from './grants/clientCredentials';
 import { getImplicit } from './grants/implicit';
 import { getPassword } from './grants/password';
 import type { AccessToken, TokenStoreArgs } from './store';
@@ -97,7 +102,10 @@ export const plugin: PluginDefinition = {
           };
           const token = await getToken(ctx, tokenArgs);
           if (token == null) {
-            await ctx.toast.show({ message: 'No token to copy', color: 'warning' });
+            await ctx.toast.show({
+              message: 'No token to copy',
+              color: 'warning',
+            });
           } else {
             await ctx.clipboard.copyText(token.response.access_token);
             await ctx.toast.show({
@@ -118,9 +126,15 @@ export const plugin: PluginDefinition = {
             clientId: stringArg(values, 'clientId'),
           };
           if (await deleteToken(ctx, tokenArgs)) {
-            await ctx.toast.show({ message: 'Token deleted', color: 'success' });
+            await ctx.toast.show({
+              message: 'Token deleted',
+              color: 'success',
+            });
           } else {
-            await ctx.toast.show({ message: 'No token to delete', color: 'warning' });
+            await ctx.toast.show({
+              message: 'No token to delete',
+              color: 'warning',
+            });
           }
         },
       },
@@ -139,6 +153,19 @@ export const plugin: PluginDefinition = {
         defaultValue: defaultGrantType,
         options: grantTypes,
       },
+      {
+        type: 'select',
+        name: 'clientCredentialsMethod',
+        label: 'Authentication Method',
+        description:
+          '"Client Secret" sends client_secret. \n' + '"Client Assertion" sends a signed JWT.',
+        defaultValue: 'client_secret',
+        options: [
+          { label: 'Client Secret', value: 'client_secret' },
+          { label: 'Client Assertion', value: 'client_assertion' },
+        ],
+        dynamic: hiddenIfNot(['client_credentials']),
+      },
       {
         type: 'text',
         name: 'clientId',
@@ -151,7 +178,47 @@ export const plugin: PluginDefinition = {
         label: 'Client Secret',
         optional: true,
         password: true,
-        dynamic: hiddenIfNot(['authorization_code', 'password', 'client_credentials']),
+        dynamic: hiddenIfNot(
+          ['authorization_code', 'password', 'client_credentials'],
+          (values) => values.clientCredentialsMethod === 'client_secret',
+        ),
+      },
+      {
+        type: 'select',
+        name: 'clientAssertionAlgorithm',
+        label: 'JWT Algorithm',
+        defaultValue: defaultJwtAlgorithm,
+        options: jwtAlgorithms.map((value) => ({
+          label: value === 'none' ? 'None' : value,
+          value,
+        })),
+        dynamic: hiddenIfNot(
+          ['client_credentials'],
+          ({ clientCredentialsMethod }) => clientCredentialsMethod === 'client_assertion',
+        ),
+      },
+      {
+        type: 'text',
+        name: 'clientAssertionSecret',
+        label: 'JWT Secret',
+        description:
+          'Can be HMAC, PEM or JWK. Make sure you pick the correct algorithm type above.',
+        password: true,
+        optional: true,
+        multiLine: true,
+        dynamic: hiddenIfNot(
+          ['client_credentials'],
+          ({ clientCredentialsMethod }) => clientCredentialsMethod === 'client_assertion',
+        ),
+      },
+      {
+        type: 'checkbox',
+        name: 'clientAssertionSecretBase64',
+        label: 'JWT secret is base64 encoded',
+        dynamic: hiddenIfNot(
+          ['client_credentials'],
+          ({ clientCredentialsMethod }) => clientCredentialsMethod === 'client_assertion',
+        ),
       },
       {
         type: 'text',
@@ -160,7 +227,10 @@ export const plugin: PluginDefinition = {
         label: 'Authorization URL',
         dynamic: hiddenIfNot(['authorization_code', 'implicit']),
         placeholder: authorizationUrls[0],
-        completionOptions: authorizationUrls.map((url) => ({ label: url, value: url })),
+        completionOptions: authorizationUrls.map((url) => ({
+          label: url,
+          value: url,
+        })),
       },
       {
         type: 'text',
@@ -169,7 +239,10 @@ export const plugin: PluginDefinition = {
         label: 'Access Token URL',
         placeholder: accessTokenUrls[0],
         dynamic: hiddenIfNot(['authorization_code', 'password', 'client_credentials']),
-        completionOptions: accessTokenUrls.map((url) => ({ label: url, value: url })),
+        completionOptions: accessTokenUrls.map((url) => ({
+          label: url,
+          value: url,
+        })),
       },
       {
         type: 'banner',
@@ -186,7 +259,8 @@ export const plugin: PluginDefinition = {
           {
             type: 'text',
             name: 'redirectUri',
-            label: 'Redirect URI',
+            label: 'Redirect URI (can be any valid URL)',
+            placeholder: 'https://mysite.example.com/oauth/callback',
             description:
               'URI the OAuth provider redirects to after authorization. Yaak intercepts this automatically in its embedded browser so any valid URI will work.',
             optional: true,
@@ -383,6 +457,11 @@ export const plugin: PluginDefinition = {
               { label: 'In Request Body', value: 'body' },
               { label: 'As Basic Authentication', value: 'basic' },
             ],
+            dynamic: (_ctx: Context, { values }: GetHttpAuthenticationConfigRequest) => ({
+              hidden:
+                values.grantType === 'client_credentials' &&
+                values.clientCredentialsMethod === 'client_assertion',
+            }),
           },
         ],
       },
@@ -484,7 +563,11 @@ export const plugin: PluginDefinition = {
             ? accessTokenUrl
             : `https://${accessTokenUrl}`,
           clientId: stringArg(values, 'clientId'),
+          clientAssertionAlgorithm: stringArg(values, 'clientAssertionAlgorithm') as Algorithm,
           clientSecret: stringArg(values, 'clientSecret'),
+          clientCredentialsMethod: stringArg(values, 'clientCredentialsMethod'),
+          clientAssertionSecret: stringArg(values, 'clientAssertionSecret'),
+          clientAssertionSecretBase64: !!values.clientAssertionSecretBase64,
           scope: stringArgOrNull(values, 'scope'),
           audience: stringArgOrNull(values, 'audience'),
           credentialsInBody,

src-web/commands/moveToWorkspace.tsx

@@ -3,23 +3,30 @@ import type { GrpcRequest, HttpRequest, WebsocketRequest } from '@yaakapp-intern
 import { MoveToWorkspaceDialog } from '../components/MoveToWorkspaceDialog';
 import { activeWorkspaceIdAtom } from '../hooks/useActiveWorkspace';
 import { createFastMutation } from '../hooks/useFastMutation';
+import { pluralizeCount } from '../lib/pluralize';
 import { showDialog } from '../lib/dialog';
 import { jotaiStore } from '../lib/jotai';
 
 export const moveToWorkspace = createFastMutation({
   mutationKey: ['move_workspace'],
-  mutationFn: async (request: HttpRequest | GrpcRequest | WebsocketRequest) => {
+  mutationFn: async (requests: (HttpRequest | GrpcRequest | WebsocketRequest)[]) => {
     const activeWorkspaceId = jotaiStore.get(activeWorkspaceIdAtom);
     if (activeWorkspaceId == null) return;
+    if (requests.length === 0) return;
+
+    const title =
+      requests.length === 1
+        ? 'Move Request'
+        : `Move ${pluralizeCount('Request', requests.length)}`;
 
     showDialog({
       id: 'change-workspace',
-      title: 'Move Workspace',
+      title,
       size: 'sm',
       render: ({ hide }) => (
         <MoveToWorkspaceDialog
           onDone={hide}
-          request={request}
+          requests={requests}
           activeWorkspaceId={activeWorkspaceId}
         />
       ),

src-web/components/DynamicForm.tsx

@@ -616,5 +616,16 @@ function KeyValueArg({
 
 function hasVisibleInputs(inputs: FormInput[] | undefined): boolean {
   if (!inputs) return false;
-  return inputs.some((i) => !i.hidden);
+
+  for (const input of inputs) {
+    if ('inputs' in input && !hasVisibleInputs(input.inputs)) {
+      // Has children, but none are visible
+      return false;
+    }
+    if (!input.hidden) {
+      return true;
+    }
+  }
+
+  return false;
 }

src-web/components/MoveToWorkspaceDialog.tsx

@@ -2,6 +2,7 @@ import type { GrpcRequest, HttpRequest, WebsocketRequest } from '@yaakapp-intern
 import { patchModel, workspacesAtom } from '@yaakapp-internal/models';
 import { useAtomValue } from 'jotai';
 import { useState } from 'react';
+import { pluralizeCount } from '../lib/pluralize';
 import { resolvedModelName } from '../lib/resolvedModelName';
 import { router } from '../lib/router';
 import { showToast } from '../lib/toast';
@@ -12,18 +13,21 @@ import { VStack } from './core/Stacks';
 
 interface Props {
   activeWorkspaceId: string;
-  request: HttpRequest | GrpcRequest | WebsocketRequest;
+  requests: (HttpRequest | GrpcRequest | WebsocketRequest)[];
   onDone: () => void;
 }
 
-export function MoveToWorkspaceDialog({ onDone, request, activeWorkspaceId }: Props) {
+export function MoveToWorkspaceDialog({ onDone, requests, activeWorkspaceId }: Props) {
   const workspaces = useAtomValue(workspacesAtom);
   const [selectedWorkspaceId, setSelectedWorkspaceId] = useState<string>(activeWorkspaceId);
 
+  const targetWorkspace = workspaces.find((w) => w.id === selectedWorkspaceId);
+  const isSameWorkspace = selectedWorkspaceId === activeWorkspaceId;
+
   return (
     <VStack space={4} className="mb-4">
       <Select
-        label="New Workspace"
+        label="Target Workspace"
         name="workspace"
         value={selectedWorkspaceId}
         onChange={setSelectedWorkspaceId}
@@ -34,27 +38,31 @@ export function MoveToWorkspaceDialog({ onDone, request, activeWorkspaceId }: Pr
       />
       <Button
         color="primary"
-        disabled={selectedWorkspaceId === activeWorkspaceId}
+        disabled={isSameWorkspace}
         onClick={async () => {
           const patch = {
             workspaceId: selectedWorkspaceId,
             folderId: null,
           };
 
-          await patchModel(request, patch);
+          await Promise.all(requests.map((r) => patchModel(r, patch)));
 
-          // Hide after a moment, to give time for request to disappear
+          // Hide after a moment, to give time for requests to disappear
           setTimeout(onDone, 100);
           showToast({
             id: 'workspace-moved',
-            message: (
-              <>
-                <InlineCode>{resolvedModelName(request)}</InlineCode> moved to{' '}
-                <InlineCode>
-                  {workspaces.find((w) => w.id === selectedWorkspaceId)?.name ?? 'unknown'}
-                </InlineCode>
-              </>
-            ),
+            message:
+              requests.length === 1 && requests[0] != null ? (
+                <>
+                  <InlineCode>{resolvedModelName(requests[0])}</InlineCode> moved to{' '}
+                  <InlineCode>{targetWorkspace?.name ?? 'unknown'}</InlineCode>
+                </>
+              ) : (
+                <>
+                  {pluralizeCount('request', requests.length)} moved to{' '}
+                  <InlineCode>{targetWorkspace?.name ?? 'unknown'}</InlineCode>
+                </>
+              ),
             action: ({ hide }) => (
               <Button
                 size="xs"
@@ -74,7 +82,7 @@ export function MoveToWorkspaceDialog({ onDone, request, activeWorkspaceId }: Pr
           });
         }}
       >
-        Move
+        {requests.length === 1 ? 'Move' : `Move ${pluralizeCount('Request', requests.length)}`}
       </Button>
     </VStack>
   );

src-web/components/Sidebar.tsx

@@ -278,6 +278,7 @@ function Sidebar({ className }: { className?: string }) {
         },
       },
       'sidebar.selected.duplicate': {
+        // Higher priority so this takes precedence over model.duplicate (same Meta+d binding)
         priority: 10,
         enable,
         cb: async (items: SidebarModel[]) => {
@@ -290,6 +291,18 @@ function Sidebar({ className }: { className?: string }) {
           }
         },
       },
+      'sidebar.selected.move': {
+        enable,
+        cb: async (items: SidebarModel[]) => {
+          const requests = items.filter(
+            (i): i is HttpRequest | GrpcRequest | WebsocketRequest =>
+              i.model === 'http_request' || i.model === 'grpc_request' || i.model === 'websocket_request'
+          );
+          if (requests.length > 0) {
+            moveToWorkspace.mutate(requests);
+          }
+        },
+      },
       'request.send': {
         enable,
         cb: async (items: SidebarModel[]) => {
@@ -320,6 +333,10 @@ function Sidebar({ className }: { className?: string }) {
 
       const workspaces = jotaiStore.get(workspacesAtom);
       const onlyHttpRequests = items.every((i) => i.model === 'http_request');
+      const requestItems = items.filter(
+        (i) =>
+          i.model === 'http_request' || i.model === 'grpc_request' || i.model === 'websocket_request',
+      );
 
       const initialItems: ContextMenuProps['items'] = [
         {
@@ -416,16 +433,13 @@ function Sidebar({ className }: { className?: string }) {
           onSelect: () => actions['sidebar.selected.duplicate'].cb(items),
         },
         {
-          label: 'Move',
+          label: items.length <= 1 ? 'Move' : `Move ${requestItems.length} Requests`,
+          hotKeyAction: 'sidebar.selected.move',
+          hotKeyLabelOnly: true,
           leftSlot: <Icon icon="arrow_right_circle" />,
-          hidden:
-            workspaces.length <= 1 ||
-            items.length > 1 ||
-            child.model === 'folder' ||
-            child.model === 'workspace',
+          hidden: workspaces.length <= 1 || requestItems.length === 0 || requestItems.length !== items.length,
           onSelect: () => {
-            if (child.model === 'folder' || child.model === 'workspace') return;
-            moveToWorkspace.mutate(child);
+            actions['sidebar.selected.move'].cb(items);
           },
         },
         {

src-web/components/core/Editor/Editor.css

@@ -434,11 +434,23 @@
 
   input {
     @apply bg-surface border-border-subtle focus:border-border-focus;
-    @apply border outline-none cursor-text;
+    @apply border outline-none;
   }
 
-  label {
-    @apply focus-within:text-text;
+  input.cm-textfield {
+      @apply cursor-text;
+  }
+
+  .cm-search label {
+    @apply inline-flex items-center h-6 px-1.5 rounded-sm border border-border-subtle cursor-default text-text-subtle text-xs;
+
+    input[type="checkbox"] {
+      @apply hidden;
+    }
+
+    &:has(:checked) {
+      @apply text-primary border-border;
+    }
   }
 
   /* Hide the "All" button */
@@ -446,4 +458,31 @@
   button[name="select"] {
     @apply hidden;
   }
+
+  /* Replace next/prev button text with chevron icons */
+
+  .cm-search button[name="next"],
+  .cm-search button[name="prev"] {
+    @apply text-[0px] w-7 h-6 inline-flex items-center justify-center border border-border-subtle mr-1;
+  }
+
+  .cm-search button[name="prev"]::after,
+  .cm-search button[name="next"]::after {
+    @apply block w-3.5 h-3.5 bg-text;
+    content: "";
+  }
+
+  .cm-search button[name="prev"]::after {
+    -webkit-mask-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24' fill='none' stroke='currentColor' stroke-width='2.5' stroke-linecap='round' stroke-linejoin='round'%3E%3Cpath d='M15 18l-6-6 6-6'/%3E%3C/svg%3E");
+    mask-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24' fill='none' stroke='currentColor' stroke-width='2.5' stroke-linecap='round' stroke-linejoin='round'%3E%3Cpath d='M15 18l-6-6 6-6'/%3E%3C/svg%3E");
+  }
+
+  .cm-search button[name="next"]::after {
+    -webkit-mask-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24' fill='none' stroke='currentColor' stroke-width='2.5' stroke-linecap='round' stroke-linejoin='round'%3E%3Cpath d='M9 18l6-6-6-6'/%3E%3C/svg%3E");
+    mask-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24' fill='none' stroke='currentColor' stroke-width='2.5' stroke-linecap='round' stroke-linejoin='round'%3E%3Cpath d='M9 18l6-6-6-6'/%3E%3C/svg%3E");
+  }
+
+  .cm-search-match-count {
+    @apply text-text-subtle text-xs font-mono whitespace-nowrap px-1.5 py-0.5 self-center;
+  }
 }

src-web/components/core/Editor/extensions.ts

@@ -67,6 +67,7 @@ import type { TwigCompletionOption } from './twig/completion';
 import { twig } from './twig/extension';
 import { pathParametersPlugin } from './twig/pathParameters';
 import { url } from './url/extension';
+import { searchMatchCount } from './searchMatchCount';
 
 export const syntaxHighlightStyle = HighlightStyle.define([
   {
@@ -256,6 +257,7 @@ export const readonlyExtensions = [
 
 export const multiLineExtensions = ({ hideGutter }: { hideGutter?: boolean }) => [
   search({ top: true }),
+  searchMatchCount(),
   hideGutter
     ? []
     : [

src-web/components/core/Editor/searchMatchCount.ts

@@ -0,0 +1,116 @@
+import { getSearchQuery, searchPanelOpen } from '@codemirror/search';
+import type { Extension } from '@codemirror/state';
+import { type EditorView, ViewPlugin, type ViewUpdate } from '@codemirror/view';
+
+/**
+ * A CodeMirror extension that displays the total number of search matches
+ * inside the built-in search panel.
+ */
+export function searchMatchCount(): Extension {
+  return ViewPlugin.fromClass(
+    class {
+      private countEl: HTMLElement | null = null;
+
+      constructor(private view: EditorView) {
+        this.updateCount();
+      }
+
+      update(update: ViewUpdate) {
+        // Recompute when doc changes, search state changes, or selection moves
+        const query = getSearchQuery(update.state);
+        const prevQuery = getSearchQuery(update.startState);
+        const open = searchPanelOpen(update.state);
+        const prevOpen = searchPanelOpen(update.startState);
+
+        if (update.docChanged || update.selectionSet || !query.eq(prevQuery) || open !== prevOpen) {
+          this.updateCount();
+        }
+      }
+
+      private updateCount() {
+        const state = this.view.state;
+        const open = searchPanelOpen(state);
+        const query = getSearchQuery(state);
+
+        if (!open) {
+          this.removeCountEl();
+          return;
+        }
+
+        this.ensureCountEl();
+
+        if (!query.search) {
+          if (this.countEl) {
+            this.countEl.textContent = '0/0';
+          }
+          return;
+        }
+
+        const selection = state.selection.main;
+        let count = 0;
+        let currentIndex = 0;
+        const MAX_COUNT = 9999;
+        const cursor = query.getCursor(state);
+        for (let result = cursor.next(); !result.done; result = cursor.next()) {
+          count++;
+          const match = result.value;
+          if (match.from <= selection.from && match.to >= selection.to) {
+            currentIndex = count;
+          }
+          if (count > MAX_COUNT) break;
+        }
+
+        if (this.countEl) {
+          if (count > MAX_COUNT) {
+            this.countEl.textContent = `${MAX_COUNT}+`;
+          } else if (count === 0) {
+            this.countEl.textContent = '0/0';
+          } else if (currentIndex > 0) {
+            this.countEl.textContent = `${currentIndex}/${count}`;
+          } else {
+            this.countEl.textContent = `0/${count}`;
+          }
+        }
+      }
+
+      private ensureCountEl() {
+        // Find the search panel in the editor DOM
+        const panel = this.view.dom.querySelector('.cm-search');
+        if (!panel) {
+          this.countEl = null;
+          return;
+        }
+
+        if (this.countEl && this.countEl.parentElement === panel) {
+          return; // Already attached
+        }
+
+        this.countEl = document.createElement('span');
+        this.countEl.className = 'cm-search-match-count';
+
+        // Reorder: insert prev button, then next button, then count after the search input
+        const searchInput = panel.querySelector('input');
+        const prevBtn = panel.querySelector('button[name="prev"]');
+        const nextBtn = panel.querySelector('button[name="next"]');
+        if (searchInput && searchInput.parentElement === panel) {
+          searchInput.after(this.countEl);
+          if (prevBtn) this.countEl.after(prevBtn);
+          if (nextBtn && prevBtn) prevBtn.after(nextBtn);
+        } else {
+          panel.prepend(this.countEl);
+        }
+      }
+
+      private removeCountEl() {
+        if (this.countEl) {
+          this.countEl.remove();
+          this.countEl = null;
+        }
+      }
+
+      destroy() {
+        this.removeCountEl();
+      }
+    },
+  );
+}

src-web/components/git/GitCommitDialog.tsx

@@ -176,7 +176,11 @@ export function GitCommitDialog({ syncDir, onDone, workspace }: Props) {
   }
 
   if (!hasAnythingToAdd) {
-    return <EmptyStateText>No changes since last commit</EmptyStateText>;
+    return (
+      <div className="h-full px-6 pb-4">
+        <EmptyStateText>No changes since last commit</EmptyStateText>
+      </div>
+    );
   }
 
   return (
@@ -230,14 +234,14 @@ export function GitCommitDialog({ syncDir, onDone, workspace }: Props) {
                     hideLabel
                   />
                   {commitError && <Banner color="danger">{commitError}</Banner>}
-                  <HStack alignItems="center">
+                  <HStack alignItems="center" space={2}>
                     <InlineCode>{status.data?.headRefShorthand}</InlineCode>
                     <HStack space={2} className="ml-auto">
                       <Button
                         color="secondary"
                         size="sm"
                         onClick={handleCreateCommit}
-                        disabled={!hasAddedAnything}
+                        disabled={!hasAddedAnything || message.trim().length === 0}
                         isLoading={isPushing}
                       >
                         Commit
@@ -245,7 +249,7 @@ export function GitCommitDialog({ syncDir, onDone, workspace }: Props) {
                       <Button
                         color="primary"
                         size="sm"
-                        disabled={!hasAddedAnything}
+                        disabled={!hasAddedAnything || message.trim().length === 0}
                         onClick={handleCreateCommitAndPush}
                         isLoading={isPushing}
                       >

src-web/components/git/GitDropdown.tsx

@@ -173,7 +173,6 @@ function SyncDropdownWithSyncDir({ syncDir }: { syncDir: string }) {
     { type: 'separator' },
     {
       label: 'Push',
-      hidden: !hasRemotes,
       leftSlot: <Icon icon="arrow_up_from_line" />,
       waitForOnSelect: true,
       async onSelect() {
@@ -192,7 +191,6 @@ function SyncDropdownWithSyncDir({ syncDir }: { syncDir: string }) {
     },
     {
       label: 'Pull',
-      hidden: !hasRemotes,
       leftSlot: <Icon icon="arrow_down_to_line" />,
       waitForOnSelect: true,
       async onSelect() {

src-web/components/git/callbacks.tsx

@@ -2,13 +2,13 @@ import type { GitCallbacks } from '@yaakapp-internal/git';
 import { sync } from '../../init/sync';
 import { promptCredentials } from './credentials';
 import { promptDivergedStrategy } from './diverged';
-import { promptUncommittedChangesStrategy } from './uncommitted';
 import { addGitRemote } from './showAddRemoteDialog';
+import { promptUncommittedChangesStrategy } from './uncommitted';
 
 export function gitCallbacks(dir: string): GitCallbacks {
   return {
     addRemote: async () => {
-      return addGitRemote(dir);
+      return addGitRemote(dir, 'origin');
     },
     promptCredentials: async ({ url, error }) => {
       const creds = await promptCredentials({ url, error });

src-web/components/git/showAddRemoteDialog.tsx

@@ -3,12 +3,12 @@ import { gitMutations } from '@yaakapp-internal/git';
 import { showPromptForm } from '../../lib/prompt-form';
 import { gitCallbacks } from './callbacks';
 
-export async function addGitRemote(dir: string): Promise<GitRemote> {
+export async function addGitRemote(dir: string, defaultName?: string): Promise<GitRemote> {
   const r = await showPromptForm({
     id: 'add-remote',
     title: 'Add Remote',
     inputs: [
-      { type: 'text', label: 'Name', name: 'name' },
+      { type: 'text', label: 'Name', name: 'name', defaultValue: defaultName },
       { type: 'text', label: 'URL', name: 'url' },
     ],
   });

src-web/hooks/useHotKey.ts

@@ -28,6 +28,7 @@ export type HotkeyAction =
   | 'sidebar.filter'
   | 'sidebar.selected.delete'
   | 'sidebar.selected.duplicate'
+  | 'sidebar.selected.move'
   | 'sidebar.selected.rename'
   | 'sidebar.expand_all'
   | 'sidebar.collapse_all'
@@ -58,6 +59,7 @@ const defaultHotkeysMac: Record<HotkeyAction, string[]> = {
   'sidebar.collapse_all': ['Meta+Shift+Minus'],
   'sidebar.selected.delete': ['Delete', 'Meta+Backspace'],
   'sidebar.selected.duplicate': ['Meta+d'],
+  'sidebar.selected.move': [],
   'sidebar.selected.rename': ['Enter'],
   'sidebar.focus': ['Meta+b'],
   'sidebar.context_menu': ['Control+Enter'],
@@ -87,6 +89,7 @@ const defaultHotkeysOther: Record<HotkeyAction, string[]> = {
   'sidebar.collapse_all': ['Control+Shift+Minus'],
   'sidebar.selected.delete': ['Delete', 'Control+Backspace'],
   'sidebar.selected.duplicate': ['Control+d'],
+  'sidebar.selected.move': [],
   'sidebar.selected.rename': ['Enter'],
   'sidebar.focus': ['Control+b'],
   'sidebar.context_menu': ['Alt+Insert'],
@@ -141,6 +144,7 @@ const hotkeyLabels: Record<HotkeyAction, string> = {
   'sidebar.collapse_all': 'Collapse All Folders',
   'sidebar.selected.delete': 'Delete Selected Sidebar Item',
   'sidebar.selected.duplicate': 'Duplicate Selected Sidebar Item',
+  'sidebar.selected.move': 'Move Selected to Workspace',
   'sidebar.selected.rename': 'Rename Selected Sidebar Item',
   'sidebar.focus': 'Focus or Toggle Sidebar',
   'sidebar.context_menu': 'Show Context Menu',