@testsmith/api-spector 0.0.1

package/out/main/index.js

@@ -0,0 +1,4003 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+const electron = require("electron");
+const path = require("path");
+const fs = require("fs");
+const promises = require("fs/promises");
+const scriptRunner = require("./chunks/script-runner-Ci5t2-bo.js");
+const undici = require("undici");
+const crypto = require("crypto");
+const uuid = require("uuid");
+const jsYaml = require("js-yaml");
+const JSZip = require("jszip");
+const mockServer = require("./chunks/mock-server-ZB7zpXh9.js");
+const http = require("http");
+const WebSocket = require("ws");
+const https = require("https");
+const Ajv = require("ajv");
+require("vm");
+require("dayjs");
+require("tv4");
+const LAST_WS_FILE = path.join(electron.app.getPath("userData"), "last-workspace.json");
+async function saveLastWorkspacePath(wsPath) {
+  await promises.writeFile(LAST_WS_FILE, JSON.stringify({ path: wsPath }), "utf8");
+}
+async function readLastWorkspacePath() {
+  try {
+    const raw = await promises.readFile(LAST_WS_FILE, "utf8");
+    return JSON.parse(raw).path ?? null;
+  } catch {
+    return null;
+  }
+}
+let workspaceDir = null;
+let workspaceFile = null;
+function atomicWrite(path2, data) {
+  return promises.writeFile(path2, data, "utf8");
+}
+function registerFileHandlers(ipc) {
+  ipc.handle("file:openWorkspace", async () => {
+    const result = await electron.dialog.showOpenDialog({
+      title: "Open Workspace",
+      filters: [{ name: "api Spector Workspace", extensions: ["spector", "json"] }],
+      properties: ["openFile"]
+    });
+    if (result.canceled || !result.filePaths[0]) return null;
+    const wsPath = result.filePaths[0];
+    workspaceDir = path.dirname(wsPath);
+    workspaceFile = wsPath;
+    await scriptRunner.loadGlobals(workspaceDir);
+    await saveLastWorkspacePath(wsPath);
+    const raw = await promises.readFile(wsPath, "utf8");
+    return { workspace: JSON.parse(raw), workspacePath: wsPath };
+  });
+  ipc.handle("file:newWorkspace", async () => {
+    const result = await electron.dialog.showSaveDialog({
+      title: "Create Workspace",
+      defaultPath: "my-workspace.spector",
+      filters: [{ name: "api Spector Workspace", extensions: ["spector", "json"] }]
+    });
+    if (result.canceled || !result.filePath) return null;
+    workspaceDir = path.dirname(result.filePath);
+    workspaceFile = result.filePath;
+    await scriptRunner.loadGlobals(workspaceDir);
+    await promises.mkdir(path.join(workspaceDir, "collections"), { recursive: true });
+    await promises.mkdir(path.join(workspaceDir, "environments"), { recursive: true });
+    const gitignore = "# api Spector — never commit secrets\n*.secrets\n.env.local\n";
+    await atomicWrite(path.join(workspaceDir, ".gitignore"), gitignore);
+    const ws = {
+      version: "1.0",
+      collections: [],
+      environments: [],
+      activeEnvironmentId: null
+    };
+    await atomicWrite(result.filePath, JSON.stringify(ws, null, 2));
+    await saveLastWorkspacePath(result.filePath);
+    return { workspace: ws, workspacePath: result.filePath };
+  });
+  ipc.handle("file:saveWorkspace", async (_e, ws) => {
+    if (!workspaceFile) return;
+    await atomicWrite(workspaceFile, JSON.stringify(ws, null, 2));
+  });
+  ipc.handle("file:loadCollection", async (_e, relPath) => {
+    if (!workspaceDir) throw new Error("No workspace open");
+    const raw = await promises.readFile(path.resolve(workspaceDir, relPath), "utf8");
+    return JSON.parse(raw);
+  });
+  ipc.handle("file:saveCollection", async (_e, relPath, col) => {
+    if (!workspaceDir) throw new Error("No workspace open");
+    const fullPath = path.resolve(workspaceDir, relPath);
+    await promises.mkdir(path.dirname(fullPath), { recursive: true });
+    await atomicWrite(fullPath, JSON.stringify(col, null, 2));
+  });
+  ipc.handle("file:loadEnvironment", async (_e, relPath) => {
+    if (!workspaceDir) throw new Error("No workspace open");
+    const raw = await promises.readFile(path.resolve(workspaceDir, relPath), "utf8");
+    return JSON.parse(raw);
+  });
+  ipc.handle("file:saveEnvironment", async (_e, relPath, env) => {
+    if (!workspaceDir) throw new Error("No workspace open");
+    const fullPath = path.resolve(workspaceDir, relPath);
+    await promises.mkdir(path.dirname(fullPath), { recursive: true });
+    await atomicWrite(fullPath, JSON.stringify(env, null, 2));
+  });
+  ipc.handle("dialog:pickDir", async () => {
+    const result = await electron.dialog.showOpenDialog({
+      title: "Select Output Directory",
+      properties: ["openDirectory", "createDirectory"]
+    });
+    return result.canceled ? null : result.filePaths[0];
+  });
+  ipc.handle("results:save", async (_e, content, defaultName) => {
+    const ext = defaultName.endsWith(".xml") ? "xml" : defaultName.endsWith(".html") ? "html" : "json";
+    const allFilters = [
+      { name: "JSON", extensions: ["json"] },
+      { name: "JUnit XML", extensions: ["xml"] },
+      { name: "HTML", extensions: ["html"] }
+    ];
+    const result = await electron.dialog.showSaveDialog({
+      title: "Save Test Results",
+      defaultPath: defaultName,
+      filters: ext === "xml" ? [allFilters[1], allFilters[0], allFilters[2]] : ext === "html" ? [allFilters[2], allFilters[0], allFilters[1]] : [allFilters[0], allFilters[1], allFilters[2]]
+    });
+    if (result.canceled || !result.filePath) return false;
+    await promises.writeFile(result.filePath, content, "utf8");
+    return true;
+  });
+  ipc.handle("globals:get", () => scriptRunner.getGlobals());
+  ipc.handle("globals:set", async (_e, patch) => {
+    scriptRunner.setGlobals(patch);
+    await scriptRunner.persistGlobals();
+  });
+  ipc.handle("file:closeWorkspace", async () => {
+    workspaceDir = null;
+    workspaceFile = null;
+    await promises.writeFile(LAST_WS_FILE, JSON.stringify({ path: null }), "utf8").catch(() => {
+    });
+  });
+  ipc.handle("file:getLastWorkspace", async () => {
+    const wsPath = await readLastWorkspacePath();
+    if (!wsPath) return null;
+    try {
+      workspaceDir = path.dirname(wsPath);
+      workspaceFile = wsPath;
+      await scriptRunner.loadGlobals(workspaceDir);
+      const raw = await promises.readFile(wsPath, "utf8");
+      return { workspace: JSON.parse(raw), workspacePath: wsPath };
+    } catch {
+      return null;
+    }
+  });
+}
+function getWorkspaceDir() {
+  return workspaceDir;
+}
+async function buildAuthHeaders(auth, vars) {
+  const headers = {};
+  if (auth.type === "bearer") {
+    let token = auth.token ?? "";
+    if (!token && auth.tokenSecretRef) token = await scriptRunner.getSecret(auth.tokenSecretRef) ?? "";
+    token = scriptRunner.interpolate(token, vars);
+    if (token) headers["Authorization"] = `Bearer ${token}`;
+  }
+  if (auth.type === "basic") {
+    let password = auth.password ?? "";
+    if (!password && auth.passwordSecretRef) password = await scriptRunner.getSecret(auth.passwordSecretRef) ?? "";
+    password = scriptRunner.interpolate(password, vars);
+    const username = scriptRunner.interpolate(auth.username ?? "", vars);
+    headers["Authorization"] = `Basic ${Buffer.from(`${username}:${password}`).toString("base64")}`;
+  }
+  if (auth.type === "apikey" && auth.apiKeyIn === "header") {
+    let value = auth.apiKeyValue ?? "";
+    if (!value && auth.apiKeySecretRef) value = await scriptRunner.getSecret(auth.apiKeySecretRef) ?? "";
+    value = scriptRunner.interpolate(value, vars);
+    headers[auth.apiKeyName ?? "X-API-Key"] = value;
+  }
+  if (auth.type === "oauth2") {
+    const now = Date.now();
+    if (auth.oauth2CachedToken && auth.oauth2TokenExpiry && auth.oauth2TokenExpiry > now + 5e3) {
+      headers["Authorization"] = `Bearer ${auth.oauth2CachedToken}`;
+    }
+  }
+  return headers;
+}
+async function buildApiKeyParam(auth, vars) {
+  if (auth.type !== "apikey" || auth.apiKeyIn !== "query") return null;
+  let value = auth.apiKeyValue ?? "";
+  if (!value && auth.apiKeySecretRef) value = await scriptRunner.getSecret(auth.apiKeySecretRef) ?? "";
+  value = scriptRunner.interpolate(value, vars);
+  return { key: auth.apiKeyName ?? "apikey", value };
+}
+function parseDigestChallenge(wwwAuth) {
+  const extract = (key) => {
+    const m = new RegExp(`${key}="([^"]*)"`, "i").exec(wwwAuth);
+    return m ? m[1] : "";
+  };
+  const extractUnquoted = (key) => {
+    const m = new RegExp(`${key}=([^,\\s]+)`, "i").exec(wwwAuth);
+    return m ? m[1] : "";
+  };
+  return {
+    realm: extract("realm"),
+    nonce: extract("nonce"),
+    qop: extract("qop") || extractUnquoted("qop") || void 0,
+    algorithm: extract("algorithm") || extractUnquoted("algorithm") || "MD5",
+    opaque: extract("opaque") || void 0
+  };
+}
+function md5(s) {
+  return crypto.createHash("md5").update(s).digest("hex");
+}
+function buildDigestAuthHeader(challenge, username, password, method, uri) {
+  const { realm, nonce, qop, algorithm, opaque } = challenge;
+  const algo = (algorithm ?? "MD5").toUpperCase();
+  const ha1 = algo === "MD5-SESS" ? md5(`${md5(`${username}:${realm}:${password}`)}:${nonce}:`) : md5(`${username}:${realm}:${password}`);
+  const ha2 = md5(`${method}:${uri}`);
+  let response;
+  let nc;
+  let cnonce;
+  if (qop === "auth" || qop === "auth-int") {
+    nc = "00000001";
+    cnonce = crypto.randomBytes(8).toString("hex");
+    response = md5(`${ha1}:${nonce}:${nc}:${cnonce}:${qop}:${ha2}`);
+  } else {
+    response = md5(`${ha1}:${nonce}:${ha2}`);
+  }
+  let header = `Digest username="${username}", realm="${realm}", nonce="${nonce}", uri="${uri}", response="${response}"`;
+  if (qop) header += `, qop=${qop}`;
+  if (nc) header += `, nc=${nc}`;
+  if (cnonce) header += `, cnonce="${cnonce}"`;
+  if (opaque) header += `, opaque="${opaque}"`;
+  if (algo !== "MD5") header += `, algorithm=${algo}`;
+  return header;
+}
+async function performDigestAuth(url, method, auth, vars, fetchFn) {
+  const probeResp = await fetchFn(url, { method, headers: {} });
+  if (probeResp.status !== 401) return null;
+  const wwwAuth = probeResp.headers.get("www-authenticate") ?? "";
+  if (!wwwAuth.toLowerCase().startsWith("digest")) return null;
+  const challenge = parseDigestChallenge(wwwAuth);
+  let password = auth.password ?? "";
+  if (!password && auth.passwordSecretRef) password = await scriptRunner.getSecret(auth.passwordSecretRef) ?? "";
+  password = scriptRunner.interpolate(password, vars);
+  const username = scriptRunner.interpolate(auth.username ?? "", vars);
+  let uri = "/";
+  try {
+    uri = new URL(url).pathname + (new URL(url).search ?? "");
+  } catch {
+  }
+  return buildDigestAuthHeader(challenge, username, password, method, uri);
+}
+async function performNtlmRequest(_url, _method, _auth, _vars) {
+  throw new Error(
+    'NTLM auth is not yet implemented. Add "httpntlm" to package.json dependencies and implement performNtlmRequest in auth-builder.ts.'
+  );
+}
+async function fetchOAuth2Token(auth, vars) {
+  const flow = auth.oauth2Flow ?? "client_credentials";
+  if (flow === "authorization_code") {
+    throw new Error("authorization_code flow requires the oauth2:startFlow IPC call from the renderer.");
+  }
+  if (flow === "implicit") {
+    throw new Error("implicit flow cannot be performed server-side — tokens must be obtained via the browser redirect.");
+  }
+  const tokenUrl = scriptRunner.interpolate(auth.oauth2TokenUrl ?? "", vars);
+  if (!tokenUrl) throw new Error("OAuth 2.0: tokenUrl is required.");
+  const clientId = scriptRunner.interpolate(auth.oauth2ClientId ?? "", vars);
+  let clientSecret = auth.oauth2ClientSecret ?? "";
+  if (!clientSecret && auth.oauth2ClientSecretRef) {
+    clientSecret = await scriptRunner.getSecret(auth.oauth2ClientSecretRef) ?? "";
+  }
+  clientSecret = scriptRunner.interpolate(clientSecret, vars);
+  const params = new URLSearchParams();
+  params.set("grant_type", flow === "password" ? "password" : "client_credentials");
+  params.set("client_id", clientId);
+  params.set("client_secret", clientSecret);
+  if (auth.oauth2Scopes) params.set("scope", auth.oauth2Scopes);
+  if (flow === "password") {
+    let password = auth.password ?? "";
+    if (!password && auth.passwordSecretRef) password = await scriptRunner.getSecret(auth.passwordSecretRef) ?? "";
+    password = scriptRunner.interpolate(password, vars);
+    params.set("username", scriptRunner.interpolate(auth.username ?? "", vars));
+    params.set("password", password);
+  }
+  const { fetch: nodeFetch } = await import("undici");
+  const resp = await nodeFetch(tokenUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: params.toString()
+  });
+  if (!resp.ok) {
+    const body = await resp.text();
+    throw new Error(`OAuth 2.0 token request failed (${resp.status}): ${body}`);
+  }
+  const json = await resp.json();
+  const accessToken = String(json["access_token"] ?? "");
+  if (!accessToken) throw new Error("OAuth 2.0: token response missing access_token.");
+  const expiresIn = Number(json["expires_in"] ?? 3600);
+  const expiresAt = Date.now() + expiresIn * 1e3;
+  return {
+    accessToken,
+    expiresAt,
+    refreshToken: json["refresh_token"] ? String(json["refresh_token"]) : void 0
+  };
+}
+function maskPii(data, patterns) {
+  if (!patterns.length) return data;
+  try {
+    const obj = JSON.parse(data);
+    const masked = maskObject(obj, patterns);
+    return JSON.stringify(masked);
+  } catch {
+    return data;
+  }
+}
+function maskObject(obj, patterns) {
+  if (Array.isArray(obj)) return obj.map((item) => maskObject(item, patterns));
+  if (obj && typeof obj === "object") {
+    const result = {};
+    for (const [k, v] of Object.entries(obj)) {
+      if (patterns.some((p) => k.toLowerCase().includes(p.toLowerCase()))) {
+        result[k] = "[REDACTED]";
+      } else {
+        result[k] = maskObject(v, patterns);
+      }
+    }
+    return result;
+  }
+  return obj;
+}
+function maskHeaders(headers, patterns) {
+  if (!patterns.length) return headers;
+  const alwaysMask = ["authorization", "cookie", "set-cookie"];
+  const result = {};
+  for (const [k, v] of Object.entries(headers)) {
+    const lower = k.toLowerCase();
+    if (alwaysMask.includes(lower) || patterns.some((p) => lower.includes(p.toLowerCase()))) {
+      result[k] = "[REDACTED]";
+    } else {
+      result[k] = v;
+    }
+  }
+  return result;
+}
+async function buildDispatcher$1(proxy, tls) {
+  const connectOpts = {};
+  let hasTls = false;
+  if (tls) {
+    hasTls = true;
+    if (tls.rejectUnauthorized !== void 0) {
+      connectOpts["rejectUnauthorized"] = tls.rejectUnauthorized;
+    }
+    if (tls.caCertPath) {
+      try {
+        connectOpts["ca"] = await promises.readFile(tls.caCertPath);
+      } catch {
+      }
+    }
+    if (tls.clientCertPath) {
+      try {
+        connectOpts["cert"] = await promises.readFile(tls.clientCertPath);
+      } catch {
+      }
+    }
+    if (tls.clientKeyPath) {
+      try {
+        connectOpts["key"] = await promises.readFile(tls.clientKeyPath);
+      } catch {
+      }
+    }
+  }
+  if (proxy?.url) {
+    const proxyUri = proxy.auth ? proxy.url.replace("://", `://${encodeURIComponent(proxy.auth.username)}:${encodeURIComponent(proxy.auth.password)}@`) : proxy.url;
+    return new undici.ProxyAgent({
+      uri: proxyUri,
+      ...hasTls ? { connect: connectOpts } : {}
+    });
+  }
+  if (hasTls) {
+    return new undici.Agent({ connect: connectOpts });
+  }
+  return void 0;
+}
+function registerRequestHandler(ipc) {
+  ipc.handle("request:send", async (_e, payload) => {
+    const {
+      request: req,
+      environment,
+      collectionVars,
+      globals: payloadGlobals,
+      proxy,
+      tls,
+      piiMaskPatterns = []
+    } = payload;
+    const start = Date.now();
+    const liveGlobals = scriptRunner.getGlobals();
+    const mergedGlobals = { ...payloadGlobals, ...liveGlobals };
+    const envVars = await scriptRunner.buildEnvVars(environment);
+    let localVars = {};
+    const decryptionWarnings = [];
+    if (environment) {
+      const masterKeySet = Boolean(process.env["API_SPECTOR_MASTER_KEY"]);
+      for (const v of environment.variables) {
+        if (!v.enabled || !v.secret || !v.secretEncrypted) continue;
+        if (!masterKeySet) {
+          decryptionWarnings.push(`[warn] Secret "${v.key}" was not decrypted: API_SPECTOR_MASTER_KEY is not set. Use the master password modal or export the variable in your shell.`);
+        } else if (envVars[v.key] === void 0) {
+          decryptionWarnings.push(`[warn] Secret "${v.key}" could not be decrypted: wrong password or corrupted data.`);
+        }
+      }
+    }
+    let vars = scriptRunner.mergeVars(envVars, collectionVars, mergedGlobals, localVars);
+    let preScriptMeta = { consoleOutput: [] };
+    let updatedCollectionVars = { ...collectionVars };
+    let updatedEnvVars = { ...envVars };
+    let updatedGlobals = { ...mergedGlobals };
+    if (req.preRequestScript?.trim()) {
+      const result = await scriptRunner.runScript(req.preRequestScript, {
+        envVars: { ...envVars },
+        collectionVars: { ...collectionVars },
+        globals: { ...mergedGlobals },
+        localVars: {}
+      });
+      preScriptMeta = { error: result.error, consoleOutput: result.consoleOutput };
+      localVars = result.updatedLocalVars;
+      updatedEnvVars = result.updatedEnvVars;
+      updatedCollectionVars = result.updatedCollectionVars;
+      updatedGlobals = result.updatedGlobals;
+      scriptRunner.patchGlobals(result.updatedGlobals);
+      await scriptRunner.persistGlobals();
+      vars = scriptRunner.mergeVars(updatedEnvVars, updatedCollectionVars, updatedGlobals, localVars);
+    }
+    let response;
+    let sentRequest = { method: req.method, url: "", headers: {} };
+    const resolvedUrl = scriptRunner.buildUrl(req.url, req.params, vars);
+    const secretValues = /* @__PURE__ */ new Set();
+    if (environment) {
+      for (const v of environment.variables) {
+        if (!v.enabled) continue;
+        if ((v.secret || v.envRef) && envVars[v.key]) {
+          secretValues.add(envVars[v.key]);
+        }
+      }
+    }
+    function redactSecrets(s) {
+      if (!secretValues.size) return s;
+      let result = s;
+      for (const secret of secretValues) {
+        if (secret) result = result.split(secret).join("[*****]");
+      }
+      return result;
+    }
+    function redactSentRequest(sr) {
+      const headers = {};
+      for (const [k, v] of Object.entries(sr.headers)) {
+        headers[k] = redactSecrets(v);
+      }
+      return {
+        method: sr.method,
+        url: redactSecrets(sr.url),
+        headers,
+        body: sr.body !== void 0 ? redactSecrets(sr.body) : void 0
+      };
+    }
+    try {
+      const dispatcher = await buildDispatcher$1(proxy, tls);
+      if (req.auth.type === "oauth2") {
+        const now = Date.now();
+        const tokenMissing = !req.auth.oauth2CachedToken;
+        const tokenExpired = req.auth.oauth2TokenExpiry ? req.auth.oauth2TokenExpiry <= now + 5e3 : true;
+        if (tokenMissing || tokenExpired) {
+          const result = await fetchOAuth2Token(req.auth, vars);
+          req.auth.oauth2CachedToken = result.accessToken;
+          req.auth.oauth2TokenExpiry = result.expiresAt;
+        }
+      }
+      const authHeaders = await buildAuthHeaders(req.auth, vars);
+      const apiKeyParam = await buildApiKeyParam(req.auth, vars);
+      let finalUrl = resolvedUrl;
+      if (apiKeyParam) {
+        const sep = finalUrl.includes("?") ? "&" : "?";
+        finalUrl += `${sep}${encodeURIComponent(apiKeyParam.key)}=${encodeURIComponent(apiKeyParam.value)}`;
+      }
+      const buildHeaders2 = () => {
+        const h = new undici.Headers();
+        for (const header of req.headers) {
+          if (header.enabled && header.key) {
+            h.set(scriptRunner.interpolate(header.key, vars), scriptRunner.interpolate(header.value, vars));
+          }
+        }
+        for (const [k, v] of Object.entries(authHeaders)) h.set(k, v);
+        return h;
+      };
+      let body;
+      if (req.body.mode === "json" && req.body.json) {
+        body = scriptRunner.interpolate(req.body.json, vars);
+      } else if (req.body.mode === "form" && req.body.form) {
+        body = req.body.form.filter((p) => p.enabled && p.key).map((p) => `${encodeURIComponent(scriptRunner.interpolate(p.key, vars))}=${encodeURIComponent(scriptRunner.interpolate(p.value, vars))}`).join("&");
+      } else if (req.body.mode === "raw" && req.body.raw) {
+        body = scriptRunner.interpolate(req.body.raw, vars);
+      } else if (req.body.mode === "graphql" && req.body.graphql) {
+        const gql = req.body.graphql;
+        const gqlBody = { query: scriptRunner.interpolate(gql.query, vars) };
+        const rawVars = gql.variables?.trim();
+        if (rawVars) {
+          try {
+            gqlBody.variables = JSON.parse(scriptRunner.interpolate(rawVars, vars));
+          } catch {
+          }
+        }
+        if (gql.operationName?.trim()) gqlBody.operationName = gql.operationName.trim();
+        body = JSON.stringify(gqlBody);
+      } else if (req.body.mode === "soap" && req.body.soap) {
+        const soap = req.body.soap;
+        body = scriptRunner.interpolate(soap.envelope, vars);
+      }
+      const methodHasBody = !["GET", "HEAD"].includes(req.method);
+      const doFetch = async (overrideHeaders) => {
+        const h = overrideHeaders ?? buildHeaders2();
+        if (body !== void 0) {
+          if (!h.has("content-type")) {
+            if (req.body.mode === "json" || req.body.mode === "graphql") h.set("Content-Type", "application/json");
+            else if (req.body.mode === "form") h.set("Content-Type", "application/x-www-form-urlencoded");
+            else if (req.body.mode === "raw") h.set("Content-Type", req.body.rawContentType ?? "text/plain");
+            else if (req.body.mode === "soap") h.set("Content-Type", "text/xml; charset=utf-8");
+          }
+          if (req.body.mode === "soap" && req.body.soap?.soapAction && !h.has("soapaction")) {
+            h.set("SOAPAction", req.body.soap.soapAction);
+          }
+        }
+        const capturedHeaders = {};
+        h.forEach((value, key) => {
+          capturedHeaders[key] = value;
+        });
+        sentRequest = { method: req.method, url: finalUrl, headers: capturedHeaders, body: methodHasBody ? body : void 0 };
+        return undici.fetch(finalUrl, {
+          method: req.method,
+          headers: h,
+          body: methodHasBody ? body : void 0,
+          dispatcher
+        });
+      };
+      let fetchResp;
+      if (req.auth.type === "ntlm") {
+        await performNtlmRequest(finalUrl, req.method, req.auth, vars);
+        fetchResp = await doFetch();
+      } else if (req.auth.type === "digest") {
+        const probeFetch = async (url, init) => {
+          return undici.fetch(url, {
+            ...init,
+            dispatcher
+          });
+        };
+        const digestHeader = await performDigestAuth(finalUrl, req.method, req.auth, vars, probeFetch);
+        const h = buildHeaders2();
+        if (digestHeader) h.set("Authorization", digestHeader);
+        fetchResp = await doFetch(h);
+      } else {
+        fetchResp = await doFetch();
+      }
+      const responseBody = await fetchResp.text();
+      const durationMs = Date.now() - start;
+      const rawResponseHeaders = {};
+      fetchResp.headers.forEach((value, key) => {
+        rawResponseHeaders[key] = value;
+      });
+      const maskedBody = maskPii(responseBody, piiMaskPatterns);
+      const maskedHeaders = maskHeaders(rawResponseHeaders, piiMaskPatterns);
+      response = {
+        status: fetchResp.status,
+        statusText: fetchResp.statusText,
+        headers: maskedHeaders,
+        body: maskedBody,
+        bodySize: Buffer.byteLength(responseBody, "utf8"),
+        durationMs
+      };
+    } catch (err) {
+      response = {
+        status: 0,
+        statusText: "Error",
+        headers: {},
+        body: "",
+        bodySize: 0,
+        durationMs: Date.now() - start,
+        error: err instanceof Error ? err.message : String(err)
+      };
+    }
+    let postTestResults = [];
+    let postConsole = [];
+    let postError;
+    if (req.postRequestScript?.trim() && !response.error) {
+      const result = await scriptRunner.runScript(req.postRequestScript, {
+        envVars: { ...updatedEnvVars },
+        collectionVars: { ...updatedCollectionVars },
+        globals: { ...updatedGlobals },
+        localVars: { ...localVars },
+        response
+      });
+      postTestResults = result.testResults;
+      postConsole = result.consoleOutput;
+      postError = result.error;
+      updatedEnvVars = result.updatedEnvVars;
+      updatedCollectionVars = result.updatedCollectionVars;
+      updatedGlobals = result.updatedGlobals;
+      scriptRunner.patchGlobals(result.updatedGlobals);
+      await scriptRunner.persistGlobals();
+    }
+    const scriptResult = {
+      testResults: postTestResults,
+      consoleOutput: [...decryptionWarnings, ...preScriptMeta.consoleOutput, ...postConsole],
+      updatedEnvVars,
+      updatedCollectionVars,
+      updatedGlobals,
+      resolvedUrl,
+      preScriptError: preScriptMeta.error,
+      postScriptError: postError
+    };
+    return { response, scriptResult, sentRequest: redactSentRequest(sentRequest) };
+  });
+}
+const POSTMAN_RULES = [
+  // Variables — environment
+  [/\bpm\.environment\.get\(/g, "sp.environment.get("],
+  [/\bpm\.environment\.set\(/g, "sp.environment.set("],
+  [/\bpm\.environment\.unset\(/g, "sp.environment.clear("],
+  [/\bpm\.environment\.has\(/g, "sp.environment.has("],
+  // Variables — collection
+  [/\bpm\.collectionVariables\.get\(/g, "sp.collectionVariables.get("],
+  [/\bpm\.collectionVariables\.set\(/g, "sp.collectionVariables.set("],
+  [/\bpm\.collectionVariables\.unset\(/g, "sp.collectionVariables.clear("],
+  [/\bpm\.collectionVariables\.has\(/g, "sp.collectionVariables.has("],
+  // Variables — globals
+  [/\bpm\.globals\.get\(/g, "sp.globals.get("],
+  [/\bpm\.globals\.set\(/g, "sp.globals.set("],
+  [/\bpm\.globals\.unset\(/g, "sp.globals.clear("],
+  [/\bpm\.globals\.has\(/g, "sp.globals.has("],
+  // Variables — local/request scope
+  [/\bpm\.variables\.get\(/g, "sp.variables.get("],
+  [/\bpm\.variables\.set\(/g, "sp.variables.set("],
+  // Tests & assertions
+  [/\bpm\.test\(/g, "sp.test("],
+  [/\bpm\.expect\(/g, "sp.expect("],
+  // Response — status
+  [/\bpm\.response\.to\.have\.status\(/g, "sp.response.to.have.status("],
+  [/\bpm\.response\.code\b/g, "sp.response.code"],
+  [/\bpm\.response\.status\b/g, "sp.response.status"],
+  [/\bpm\.response\.responseTime\b/g, "sp.response.responseTime"],
+  // Response — headers
+  [/\bpm\.response\.headers\.get\(/g, "sp.response.headers.get("],
+  // Response — body
+  [/\bpm\.response\.json\(\)/g, "sp.response.json()"],
+  [/\bpm\.response\.text\(\)/g, "sp.response.text()"]
+];
+const BRUNO_RULES = [
+  // Variables — environment
+  [/\bbru\.getEnvVar\(/g, "sp.environment.get("],
+  [/\bbru\.setEnvVar\(/g, "sp.environment.set("],
+  [/\bbru\.deleteEnvVar\(/g, "sp.environment.clear("],
+  // Variables — collection
+  [/\bbru\.getCollectionVar\(/g, "sp.collectionVariables.get("],
+  [/\bbru\.setCollectionVar\(/g, "sp.collectionVariables.set("],
+  [/\bbru\.deleteCollectionVar\(/g, "sp.collectionVariables.clear("],
+  // Variables — local/request scope
+  [/\bbru\.getVar\(/g, "sp.variables.get("],
+  [/\bbru\.setVar\(/g, "sp.variables.set("],
+  [/\bbru\.deleteVar\(/g, "sp.variables.clear("],
+  // Response — body (order matters: specific first)
+  [/\bres\.getBody\(\)\.json\(\)/g, "sp.response.json()"],
+  [/\bres\.getBody\(\)\.text\(\)/g, "sp.response.text()"],
+  [/\bres\.getBody\(\)/g, "sp.response.json()"],
+  // Response — status / headers / time
+  [/\bres\.getStatus\(\)/g, "sp.response.code"],
+  [/\bres\.getHeader\(/g, "sp.response.headers.get("],
+  [/\bres\.getResponseTime\(\)/g, "sp.response.responseTime"],
+  // Tests & assertions (bare expect/test — Bruno exposes them as globals)
+  [/(?<!\.)(?<!\w)expect\(/g, "sp.expect("],
+  [/(?<!\.)(?<!\w)test\(/g, "sp.test("]
+];
+const INSOMNIA_RULES = [
+  // Older SDK: insomnia.*
+  [/\binsomnia\.environment\.get\(/g, "sp.environment.get("],
+  [/\binsomnia\.environment\.set\(/g, "sp.environment.set("],
+  [/\binsomnia\.environment\.getItem\(/g, "sp.environment.get("],
+  [/\binsomnia\.environment\.setItem\(/g, "sp.environment.set("],
+  // Newer SDK: context.*
+  [/\bcontext\.environment\.get\(/g, "sp.environment.get("],
+  [/\bcontext\.environment\.set\(/g, "sp.environment.set("],
+  [/\bcontext\.environment\.getItem\(/g, "sp.environment.get("],
+  [/\bcontext\.environment\.setItem\(/g, "sp.environment.set("],
+  // Response
+  [/\bcontext\.response\.getBody\(\)\.json\(\)/g, "sp.response.json()"],
+  [/\bcontext\.response\.getBody\(\)/g, "sp.response.text()"],
+  [/\bcontext\.response\.getStatusCode\(\)/g, "sp.response.code"],
+  [/\bcontext\.response\.getHeader\(/g, "sp.response.headers.get("]
+];
+function translateScript(source, format) {
+  const rules = format === "postman" ? POSTMAN_RULES : format === "bruno" ? BRUNO_RULES : INSOMNIA_RULES;
+  return rules.reduce((src, [pattern, replacement]) => src.replace(pattern, replacement), source);
+}
+function parseHeaders$1(raw) {
+  return (raw ?? []).map((h) => ({
+    key: h.key ?? "",
+    value: h.value ?? "",
+    enabled: !h.disabled,
+    description: h.description ?? ""
+  }));
+}
+function parseParams$1(urlObj) {
+  if (!urlObj || typeof urlObj === "string") return [];
+  return (urlObj.query ?? []).map((p) => ({
+    key: p.key ?? "",
+    value: p.value ?? "",
+    enabled: !p.disabled,
+    description: p.description ?? ""
+  }));
+}
+function parseUrl(urlObj) {
+  if (!urlObj) return "";
+  if (typeof urlObj === "string") return urlObj;
+  return urlObj.raw ?? "";
+}
+function parseBody$1(body) {
+  if (!body) return { mode: "none" };
+  const mode = body.mode ?? "none";
+  if (mode === "raw") {
+    const lang = body.options?.raw?.language ?? "text";
+    if (lang === "json") return { mode: "json", json: body.raw ?? "" };
+    return { mode: "raw", raw: body.raw ?? "", rawContentType: "text/plain" };
+  }
+  if (mode === "urlencoded") {
+    return {
+      mode: "form",
+      form: (body.urlencoded ?? []).map((p) => ({
+        key: p.key ?? "",
+        value: p.value ?? "",
+        enabled: !p.disabled
+      }))
+    };
+  }
+  return { mode: "none" };
+}
+function parseAuth$1(auth) {
+  if (!auth) return { type: "none" };
+  const type = auth.type ?? "noauth";
+  if (type === "noauth" || type === "none") return { type: "none" };
+  if (type === "bearer") {
+    const entries = Object.fromEntries((auth.bearer ?? []).map((e) => [e.key, e.value]));
+    return { type: "bearer", token: entries.token ?? "" };
+  }
+  if (type === "basic") {
+    const entries = Object.fromEntries((auth.basic ?? []).map((e) => [e.key, e.value]));
+    return { type: "basic", username: entries.username ?? "", password: entries.password ?? "" };
+  }
+  if (type === "apikey") {
+    const entries = Object.fromEntries((auth.apikey ?? []).map((e) => [e.key, e.value]));
+    return {
+      type: "apikey",
+      apiKeyName: entries.key ?? "X-API-Key",
+      apiKeyValue: entries.value ?? "",
+      apiKeyIn: entries.in ?? "header"
+    };
+  }
+  return { type: "none" };
+}
+function translateMaybe(src, format) {
+  return src !== void 0 ? translateScript(src, format) : void 0;
+}
+function parseRequest(item, collectionAuth) {
+  const req = typeof item.request === "string" ? { url: item.request, method: "GET" } : item.request ?? {};
+  return {
+    id: uuid.v4(),
+    name: item.name ?? "Request",
+    method: (req.method ?? "GET").toUpperCase(),
+    url: parseUrl(req.url),
+    headers: parseHeaders$1(req.header),
+    params: parseParams$1(req.url),
+    auth: parseAuth$1(req.auth ?? collectionAuth),
+    body: parseBody$1(req.body),
+    description: req.description ?? "",
+    preRequestScript: translateMaybe(parseScript(item.event, "prerequest"), "postman"),
+    postRequestScript: translateMaybe(parseScript(item.event, "test"), "postman"),
+    meta: {}
+  };
+}
+function parseScript(events, listen) {
+  if (!Array.isArray(events)) return void 0;
+  const event = events.find((e) => e.listen === listen);
+  const exec = event?.script?.exec;
+  if (!exec) return void 0;
+  const src = Array.isArray(exec) ? exec.join("\n") : String(exec);
+  return src.trim() || void 0;
+}
+function parseFolder(item, requests, collectionAuth) {
+  const folder = {
+    id: uuid.v4(),
+    name: item.name ?? "Folder",
+    description: item.description ?? "",
+    folders: [],
+    requestIds: []
+  };
+  for (const child of item.item ?? []) {
+    if (Array.isArray(child.item)) {
+      folder.folders.push(parseFolder(child, requests, collectionAuth));
+    } else {
+      const req = parseRequest(child, collectionAuth);
+      requests[req.id] = req;
+      folder.requestIds.push(req.id);
+    }
+  }
+  return folder;
+}
+async function importPostman(filePath) {
+  const raw = await promises.readFile(filePath, "utf8");
+  const data = JSON.parse(raw);
+  const info = data.info ?? {};
+  const collectionAuth = data.auth;
+  const requests = {};
+  const rootFolder = {
+    id: uuid.v4(),
+    name: "root",
+    description: "",
+    folders: [],
+    requestIds: []
+  };
+  for (const item of data.item ?? []) {
+    if (Array.isArray(item.item)) {
+      rootFolder.folders.push(parseFolder(item, requests, collectionAuth));
+    } else {
+      const req = parseRequest(item, collectionAuth);
+      requests[req.id] = req;
+      rootFolder.requestIds.push(req.id);
+    }
+  }
+  return {
+    version: "1.0",
+    id: uuid.v4(),
+    name: info.name ?? "Imported Collection",
+    description: info.description ?? "",
+    rootFolder,
+    requests
+  };
+}
+async function loadSpec$1(filePath) {
+  const raw = await promises.readFile(filePath, "utf8");
+  if (filePath.endsWith(".yaml") || filePath.endsWith(".yml")) {
+    return jsYaml.load(raw);
+  }
+  return JSON.parse(raw);
+}
+async function loadSpecFromUrl(url) {
+  const resp = await undici.fetch(url);
+  if (!resp.ok) throw new Error(`HTTP ${resp.status} fetching ${url}`);
+  const text = await resp.text();
+  const ct = resp.headers.get("content-type") ?? "";
+  if (ct.includes("yaml") || url.endsWith(".yaml") || url.endsWith(".yml")) {
+    return jsYaml.load(text);
+  }
+  return JSON.parse(text);
+}
+function resolveRef$1(spec, ref) {
+  const parts = ref.replace(/^#\//, "").split("/");
+  return parts.reduce((obj, key) => obj?.[decodeURIComponent(key.replace(/~1/g, "/").replace(/~0/g, "~"))], spec);
+}
+function resolve(spec, obj, seen = /* @__PURE__ */ new Set()) {
+  if (!obj || typeof obj !== "object") return obj;
+  if (seen.has(obj)) return {};
+  if (Array.isArray(obj)) {
+    seen.add(obj);
+    return obj.map((item) => resolve(spec, item, seen));
+  }
+  if ("$ref" in obj) {
+    const target = resolveRef$1(spec, obj.$ref);
+    if (!target || seen.has(target)) return {};
+    return resolve(spec, target, seen);
+  }
+  seen.add(obj);
+  return Object.fromEntries(Object.entries(obj).map(([k, v]) => [k, resolve(spec, v, seen)]));
+}
+function schemaToExample(schema) {
+  if (!schema) return {};
+  if ("example" in schema) return schema.example;
+  if ("default" in schema) return schema.default;
+  switch (schema.type) {
+    case "object": {
+      const props = schema.properties ?? {};
+      return Object.fromEntries(Object.entries(props).map(([k, v]) => [k, schemaToExample(v)]));
+    }
+    case "array":
+      return [schemaToExample(schema.items ?? {})];
+    case "string":
+      return "string";
+    case "integer":
+      return 0;
+    case "number":
+      return 0;
+    case "boolean":
+      return true;
+    default:
+      return null;
+  }
+}
+function buildBody(operation, spec) {
+  const content = resolve(spec, operation.requestBody?.content ?? {});
+  if ("application/json" in content) {
+    const schema = resolve(spec, content["application/json"].schema ?? {});
+    const example = schemaToExample(schema);
+    return { mode: "json", json: JSON.stringify(example, null, 2) };
+  }
+  return { mode: "none" };
+}
+function buildParams(operation) {
+  return (operation.parameters ?? []).filter((p) => p.in === "query").map((p) => ({
+    key: p.name,
+    value: String(schemaToExample(p.schema ?? {}) ?? ""),
+    enabled: p.required ?? false,
+    description: p.description ?? ""
+  }));
+}
+function buildHeaders(operation) {
+  return (operation.parameters ?? []).filter((p) => p.in === "header").map((p) => ({
+    key: p.name,
+    value: "",
+    enabled: true,
+    description: p.description ?? ""
+  }));
+}
+function buildAuth(security, securitySchemes) {
+  for (const req of security ?? []) {
+    for (const schemeName of Object.keys(req)) {
+      const scheme = securitySchemes[schemeName];
+      if (!scheme) continue;
+      if (scheme.type === "http") {
+        if (scheme.scheme === "bearer") return { type: "bearer", token: "" };
+        if (scheme.scheme === "basic") return { type: "basic", username: "", password: "" };
+      }
+      if (scheme.type === "apiKey") {
+        return {
+          type: "apikey",
+          apiKeyName: scheme.name ?? "X-API-Key",
+          apiKeyValue: "",
+          apiKeyIn: scheme.in ?? "header"
+        };
+      }
+    }
+  }
+  return { type: "none" };
+}
+const HTTP_METHODS$1 = ["get", "post", "put", "patch", "delete", "head", "options"];
+function buildCollection(spec) {
+  const info = spec.info ?? {};
+  const servers = spec.servers ?? [{}];
+  const baseUrl = servers[0]?.url ?? "";
+  const securitySchemes = resolve(spec, spec.components?.securitySchemes ?? {});
+  const globalSecurity = spec.security ?? [];
+  const requests = {};
+  const foldersByTag = {};
+  for (const [pathStr, pathItem] of Object.entries(spec.paths ?? {})) {
+    const resolved = resolve(spec, pathItem);
+    const pathLevelParams = resolved.parameters ?? [];
+    for (const method of HTTP_METHODS$1) {
+      const operation = resolved[method];
+      if (!operation) continue;
+      const tags = operation.tags?.length ? operation.tags : ["default"];
+      const tag = tags[0];
+      const allParams = [...pathLevelParams, ...operation.parameters ?? []];
+      const opWithParams = { ...operation, parameters: allParams };
+      const security = operation.security ?? globalSecurity;
+      const req = {
+        id: uuid.v4(),
+        name: operation.summary ?? operation.operationId ?? `${method.toUpperCase()} ${pathStr}`,
+        method: method.toUpperCase(),
+        url: `${baseUrl}${pathStr}`,
+        headers: buildHeaders(opWithParams),
+        params: buildParams(opWithParams),
+        auth: buildAuth(security, securitySchemes),
+        body: buildBody(opWithParams, spec),
+        description: operation.description ?? "",
+        meta: { tags }
+      };
+      requests[req.id] = req;
+      if (!foldersByTag[tag]) {
+        foldersByTag[tag] = { id: uuid.v4(), name: tag, description: "", folders: [], requestIds: [] };
+      }
+      foldersByTag[tag].requestIds.push(req.id);
+    }
+  }
+  return {
+    version: "1.0",
+    id: uuid.v4(),
+    name: info.title ?? "Imported API",
+    description: info.description ?? "",
+    rootFolder: { id: uuid.v4(), name: "root", description: "", folders: Object.values(foldersByTag), requestIds: [] },
+    requests
+  };
+}
+async function importOpenApi(filePath) {
+  return buildCollection(await loadSpec$1(filePath));
+}
+async function importOpenApiFromUrl(url) {
+  return buildCollection(await loadSpecFromUrl(url));
+}
+function parseHeaders(headers) {
+  return (headers ?? []).map((h) => ({
+    key: h.name ?? "",
+    value: h.value ?? "",
+    enabled: !h.disabled,
+    description: h.description ?? ""
+  }));
+}
+function parseParams(params) {
+  return (params ?? []).map((p) => ({
+    key: p.name ?? "",
+    value: p.value ?? "",
+    enabled: !p.disabled,
+    description: p.description ?? ""
+  }));
+}
+function parseBody(body) {
+  if (!body) return { mode: "none" };
+  const mime = body.mimeType ?? "";
+  if (mime.includes("json") || mime === "application/json") {
+    return { mode: "json", json: body.text ?? "{}" };
+  }
+  if (mime === "application/graphql") {
+    return {
+      mode: "graphql",
+      graphql: { query: body.text ?? "", variables: "{}" }
+    };
+  }
+  if (mime === "application/x-www-form-urlencoded") {
+    return {
+      mode: "form",
+      form: (body.params ?? []).map((p) => ({
+        key: p.name ?? "",
+        value: p.value ?? "",
+        enabled: !p.disabled
+      }))
+    };
+  }
+  if (body.text) {
+    return { mode: "raw", raw: body.text, rawContentType: mime || "text/plain" };
+  }
+  return { mode: "none" };
+}
+function parseAuth(auth) {
+  if (!auth || !auth.type || auth.type === "none") return { type: "none" };
+  if (auth.type === "bearer") {
+    return { type: "bearer", token: auth.token ?? "" };
+  }
+  if (auth.type === "basic") {
+    return { type: "basic", username: auth.username ?? "", password: auth.password ?? "" };
+  }
+  if (auth.type === "apikey") {
+    return {
+      type: "apikey",
+      apiKeyName: auth.key ?? "X-API-Key",
+      apiKeyValue: auth.value ?? "",
+      apiKeyIn: auth.addTo === "queryParams" ? "query" : "header"
+    };
+  }
+  return { type: "none" };
+}
+async function importInsomnia(filePath) {
+  const raw = await promises.readFile(filePath, "utf8");
+  const data = JSON.parse(raw);
+  const resources = data.resources ?? [];
+  const workspace = resources.find((r) => r._type === "workspace") ?? {};
+  const workspaceId = workspace._id ?? "";
+  const requests = {};
+  const folderById = {};
+  const rootFolder = { id: uuid.v4(), name: "root", description: "", folders: [], requestIds: [] };
+  for (const r of resources) {
+    if (r._type !== "request_group") continue;
+    folderById[r._id] = {
+      id: uuid.v4(),
+      name: r.name ?? "Folder",
+      description: r.description ?? "",
+      folders: [],
+      requestIds: []
+    };
+  }
+  for (const r of resources) {
+    if (r._type !== "request") continue;
+    const req = {
+      id: uuid.v4(),
+      name: r.name ?? "Request",
+      method: (r.method ?? "GET").toUpperCase(),
+      url: r.url ?? "",
+      headers: parseHeaders(r.headers),
+      params: parseParams(r.parameters),
+      auth: parseAuth(r.authentication),
+      body: parseBody(r.body),
+      description: r.description ?? "",
+      preRequestScript: r.preRequestScript ? translateScript(String(r.preRequestScript).trim(), "insomnia") || void 0 : void 0,
+      postRequestScript: r.afterResponseScript ? translateScript(String(r.afterResponseScript).trim(), "insomnia") || void 0 : void 0,
+      meta: {}
+    };
+    requests[req.id] = req;
+    if (folderById[r.parentId]) {
+      folderById[r.parentId].requestIds.push(req.id);
+    } else {
+      rootFolder.requestIds.push(req.id);
+    }
+  }
+  for (const r of resources) {
+    if (r._type !== "request_group") continue;
+    const folder = folderById[r._id];
+    if (!folder) continue;
+    const isTopLevel = r.parentId === workspaceId || !folderById[r.parentId];
+    if (isTopLevel) {
+      rootFolder.folders.push(folder);
+    } else {
+      folderById[r.parentId].folders.push(folder);
+    }
+  }
+  return {
+    version: "1.0",
+    id: uuid.v4(),
+    name: workspace.name ?? "Imported Collection",
+    description: workspace.description ?? "",
+    rootFolder,
+    requests
+  };
+}
+function extractBlock(content, blockName) {
+  const lines = content.split("\n");
+  for (let i = 0; i < lines.length; i++) {
+    if (lines[i].trim() === `${blockName} {`) {
+      let depth = 1;
+      const blockLines = [];
+      i++;
+      while (i < lines.length && depth > 0) {
+        const trimmed = lines[i].trim();
+        if (trimmed === "{") depth++;
+        if (trimmed === "}") {
+          depth--;
+          if (depth === 0) break;
+        }
+        blockLines.push(lines[i]);
+        i++;
+      }
+      return blockLines.join("\n");
+    }
+  }
+  return null;
+}
+function parseKv(blockContent) {
+  if (!blockContent) return {};
+  const result = {};
+  for (const line of blockContent.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) continue;
+    const colonIdx = trimmed.indexOf(":");
+    if (colonIdx > 0) {
+      const key = trimmed.slice(0, colonIdx).trim();
+      const val = trimmed.slice(colonIdx + 1).trim();
+      if (key) result[key] = val;
+    }
+  }
+  return result;
+}
+const HTTP_METHODS = ["get", "post", "put", "patch", "delete", "head", "options"];
+function parseBruFile(content, fileName) {
+  const meta = parseKv(extractBlock(content, "meta"));
+  let method = "GET";
+  let methodAttrs = {};
+  for (const m of HTTP_METHODS) {
+    const block = extractBlock(content, m);
+    if (block !== null) {
+      method = m.toUpperCase();
+      methodAttrs = parseKv(block);
+      break;
+    }
+  }
+  const url = methodAttrs["url"] ?? "";
+  const bodyMode = methodAttrs["body"] ?? "none";
+  const authMode = methodAttrs["auth"] ?? "none";
+  const headers = Object.entries(parseKv(extractBlock(content, "headers"))).map(([k, v]) => ({
+    key: k,
+    value: v,
+    enabled: true
+  }));
+  const params = Object.entries(parseKv(extractBlock(content, "params:query"))).map(([k, v]) => ({
+    key: k,
+    value: v,
+    enabled: true
+  }));
+  let body = { mode: "none" };
+  if (bodyMode === "json") {
+    const jsonContent = extractBlock(content, "body:json") ?? "";
+    body = { mode: "json", json: jsonContent.trim() };
+  } else if (bodyMode === "text") {
+    const rawContent = extractBlock(content, "body:text") ?? "";
+    body = { mode: "raw", raw: rawContent.trim(), rawContentType: "text/plain" };
+  } else if (bodyMode === "formUrlEncoded") {
+    const form = Object.entries(parseKv(extractBlock(content, "body:form-urlencoded"))).map(([k, v]) => ({
+      key: k,
+      value: v,
+      enabled: true
+    }));
+    body = { mode: "form", form };
+  } else if (bodyMode === "graphql") {
+    const gqlContent = extractBlock(content, "body:graphql") ?? "";
+    body = { mode: "graphql", graphql: { query: gqlContent.trim(), variables: "{}" } };
+  }
+  let auth = { type: "none" };
+  if (authMode === "bearer") {
+    const bearerAttrs = parseKv(extractBlock(content, "auth:bearer"));
+    auth = { type: "bearer", token: bearerAttrs["token"] ?? "" };
+  } else if (authMode === "basic") {
+    const basicAttrs = parseKv(extractBlock(content, "auth:basic"));
+    auth = { type: "basic", username: basicAttrs["username"] ?? "", password: basicAttrs["password"] ?? "" };
+  } else if (authMode === "apikey") {
+    const apiKeyAttrs = parseKv(extractBlock(content, "auth:apikey"));
+    auth = {
+      type: "apikey",
+      apiKeyName: apiKeyAttrs["key"] ?? "X-API-Key",
+      apiKeyValue: apiKeyAttrs["value"] ?? "",
+      apiKeyIn: apiKeyAttrs["in"] === "query" ? "query" : "header"
+    };
+  }
+  return {
+    id: uuid.v4(),
+    name: meta["name"] ?? path.basename(fileName, ".bru"),
+    method,
+    url,
+    headers,
+    params,
+    auth,
+    body,
+    description: "",
+    preRequestScript: extractBlock(content, "script:pre-request") ? translateScript(extractBlock(content, "script:pre-request").trim(), "bruno") || void 0 : void 0,
+    postRequestScript: extractBlock(content, "script:post-response") ? translateScript(extractBlock(content, "script:post-response").trim(), "bruno") || void 0 : void 0,
+    meta: { seq: meta["seq"] !== void 0 ? Number(meta["seq"]) : 0 }
+  };
+}
+async function scanDir(dirPath, name, requests, ignore) {
+  const folder = { id: uuid.v4(), name, description: "", folders: [], requestIds: [] };
+  const entries = await promises.readdir(dirPath);
+  const bruRequests = [];
+  for (const entry of entries) {
+    if (ignore.has(entry)) continue;
+    const fullPath = path.join(dirPath, entry);
+    const s = await promises.stat(fullPath);
+    if (s.isDirectory()) {
+      const sub = await scanDir(fullPath, entry, requests, ignore);
+      if (sub.folders.length > 0 || sub.requestIds.length > 0) folder.folders.push(sub);
+    } else if (entry.endsWith(".bru")) {
+      const content = await promises.readFile(fullPath, "utf8");
+      const req = parseBruFile(content, entry);
+      requests[req.id] = req;
+      bruRequests.push(req);
+    }
+  }
+  bruRequests.sort((a, b) => (a.meta?.["seq"] ?? 0) - (b.meta?.["seq"] ?? 0));
+  folder.requestIds = bruRequests.map((r) => r.id);
+  return folder;
+}
+async function importBruno(filePath) {
+  const raw = await promises.readFile(filePath, "utf8");
+  const config = JSON.parse(raw);
+  const dirPath = filePath.slice(0, filePath.lastIndexOf("/") + 1) || ".";
+  const ignore = /* @__PURE__ */ new Set(["node_modules", ".git", ...config.ignore ?? []]);
+  const requests = {};
+  const rootFolder = await scanDir(dirPath, "root", requests, ignore);
+  return {
+    version: "1.0",
+    id: uuid.v4(),
+    name: config.name ?? "Imported Collection",
+    description: "",
+    rootFolder,
+    requests
+  };
+}
+function registerImportHandlers(ipc) {
+  ipc.handle("import:postman", async () => {
+    const result = await electron.dialog.showOpenDialog({
+      title: "Import Postman Collection",
+      filters: [{ name: "JSON", extensions: ["json"] }],
+      properties: ["openFile"]
+    });
+    if (result.canceled || !result.filePaths[0]) return null;
+    return importPostman(result.filePaths[0]);
+  });
+  ipc.handle("import:openapi", async () => {
+    const result = await electron.dialog.showOpenDialog({
+      title: "Import OpenAPI Definition",
+      filters: [{ name: "OpenAPI", extensions: ["json", "yaml", "yml"] }],
+      properties: ["openFile"]
+    });
+    if (result.canceled || !result.filePaths[0]) return null;
+    return importOpenApi(result.filePaths[0]);
+  });
+  ipc.handle("import:openapi-url", async (_event, url) => {
+    return importOpenApiFromUrl(url);
+  });
+  ipc.handle("import:insomnia", async () => {
+    const result = await electron.dialog.showOpenDialog({
+      title: "Import Insomnia Collection",
+      filters: [{ name: "JSON", extensions: ["json"] }],
+      properties: ["openFile"]
+    });
+    if (result.canceled || !result.filePaths[0]) return null;
+    return importInsomnia(result.filePaths[0]);
+  });
+  ipc.handle("import:bruno", async () => {
+    const result = await electron.dialog.showOpenDialog({
+      title: "Import Bruno Collection",
+      filters: [{ name: "Bruno Collection", extensions: ["json"] }],
+      properties: ["openFile"]
+    });
+    if (result.canceled || !result.filePaths[0]) return null;
+    return importBruno(result.filePaths[0]);
+  });
+}
+function safeName(name) {
+  return name.replace(/[^\w\s]/g, " ").split(/\s+/).filter(Boolean).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join(" ");
+}
+function robotVar(key) {
+  return "${" + key.replace(/\W+/g, "_").toUpperCase() + "}";
+}
+function envVar(key) {
+  return "%{" + key.replace(/\W+/g, "_").toUpperCase() + "}";
+}
+function interpolate(value, vars) {
+  return value.replace(/\{\{([^}]+)\}\}/g, (_, key) => {
+    const v = vars.get(key.trim());
+    return v?.secret ? envVar(key.trim()) : robotVar(key.trim());
+  });
+}
+function buildNameMap$2(root, requests) {
+  const map = /* @__PURE__ */ new Map();
+  const used = /* @__PURE__ */ new Set();
+  function visit(folder) {
+    for (const id of folder.requestIds) {
+      const req = requests[id];
+      if (!req) continue;
+      const base = safeName(req.name);
+      let name = base;
+      if (used.has(name)) {
+        let i = 2;
+        while (used.has(`${base} ${i}`)) i++;
+        name = `${base} ${i}`;
+      }
+      used.add(name);
+      map.set(id, name);
+    }
+    for (const sub of folder.folders) visit(sub);
+  }
+  visit(root);
+  return map;
+}
+function buildVariablesFile(environment) {
+  const lines = ["*** Variables ***"];
+  if (!environment) {
+    lines.push("# No environment — add your variables here");
+    lines.push("${BASE_URL}    http://localhost:8080");
+    return lines.join("\n") + "\n";
+  }
+  for (const v of environment.variables) {
+    if (!v.enabled) continue;
+    if (v.secret) {
+      lines.push(`# ${envVar(v.key)} — stored in OS keychain, never hardcoded`);
+    } else {
+      lines.push(`${robotVar(v.key)}    ${v.value}`);
+    }
+  }
+  return lines.join("\n") + "\n";
+}
+function jsonToRfDictPairs(json, vars) {
+  try {
+    const parsed = JSON.parse(json);
+    if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) return null;
+    const isFlat = Object.values(parsed).every((v) => typeof v !== "object" || v === null);
+    if (!isFlat) return null;
+    return Object.entries(parsed).map(([k, v]) => `${k}=${interpolate(String(v ?? ""), vars)}`).join("    ");
+  } catch {
+    return null;
+  }
+}
+function buildKeywordsFile(collection, varMap, nameMap) {
+  const lines = [
+    "*** Settings ***",
+    "Library    RequestsLibrary",
+    "Resource    variables.resource",
+    "",
+    "*** Keywords ***"
+  ];
+  function processFolder(folder) {
+    for (const reqId of folder.requestIds) {
+      const req = collection.requests[reqId];
+      if (!req) continue;
+      const kwName = nameMap.get(reqId);
+      const url = interpolate(req.url, varMap);
+      lines.push(kwName);
+      lines.push(`    [Documentation]    ${req.description || req.name}`);
+      const headerPairs = [];
+      const { auth } = req;
+      if (auth.type === "bearer") {
+        const ref = auth.tokenSecretRef ?? "API_TOKEN";
+        headerPairs.push(`Authorization=Bearer ${envVar(ref)}`);
+      } else if (auth.type === "basic") {
+        const passRef = auth.passwordSecretRef ?? "API_PASSWORD";
+        const user = auth.username ?? "";
+        lines.push(`    \${credentials}=    Evaluate    base64.b64encode(f"${user}:${envVar(passRef)}".encode()).decode()    base64`);
+        headerPairs.push(`Authorization=Basic \${credentials}`);
+      } else if (auth.type === "apikey" && auth.apiKeyIn === "header") {
+        const keyRef = auth.apiKeySecretRef ?? "API_KEY";
+        const keyName = auth.apiKeyName ?? "X-API-Key";
+        headerPairs.push(`${keyName}=${envVar(keyRef)}`);
+      }
+      for (const h of req.headers.filter((h2) => h2.enabled && h2.key)) {
+        headerPairs.push(`${h.key}=${interpolate(h.value, varMap)}`);
+      }
+      if (headerPairs.length) {
+        lines.push(`    VAR    &{headers}    ${headerPairs.join("    ")}`);
+      }
+      const enabledParams = req.params.filter((p) => p.enabled && p.key);
+      if (enabledParams.length) {
+        const pairs = enabledParams.map((p) => `${p.key}=${interpolate(p.value, varMap)}`).join("    ");
+        lines.push(`    VAR    &{params}    ${pairs}`);
+      }
+      const { body } = req;
+      const hasBody = body.mode !== "none" && !["GET", "HEAD"].includes(req.method);
+      if (hasBody && body.mode === "json" && body.json) {
+        const bodyPairs = jsonToRfDictPairs(body.json, varMap);
+        if (bodyPairs !== null) {
+          lines.push(`    VAR    &{body}    ${bodyPairs}`);
+        } else {
+          lines.push(`    VAR    \${body}    ${interpolate(body.json, varMap)}`);
+        }
+      }
+      const method = req.method.charAt(0) + req.method.slice(1).toLowerCase();
+      const callArgs = [];
+      if (headerPairs.length) callArgs.push("headers=${headers}");
+      if (enabledParams.length) callArgs.push("params=${params}");
+      if (hasBody && body.mode === "json") callArgs.push("json=${body}");
+      lines.push(`    \${response}=    ${method}    ${url}`);
+      if (callArgs.length) {
+        lines.push(`    ...    ${callArgs.join("    ")}`);
+      }
+      lines.push(`    RETURN    \${response}`);
+      lines.push("");
+    }
+    for (const sub of folder.folders) processFolder(sub);
+  }
+  processFolder(collection.rootFolder);
+  return lines.join("\n");
+}
+function buildTestSuite(collection, environment, nameMap) {
+  const colName = safeName(collection.name);
+  const envName = environment?.name ?? "default";
+  const lines = [
+    "*** Settings ***",
+    "Resource    ../resources/api_keywords.resource",
+    "",
+    `Suite Setup    Log    Running ${colName} against ${envName} environment`,
+    "",
+    "*** Test Cases ***"
+  ];
+  function processFolder(folder) {
+    for (const reqId of folder.requestIds) {
+      const req = collection.requests[reqId];
+      if (!req) continue;
+      const kwName = nameMap.get(reqId);
+      lines.push(kwName);
+      lines.push(`    [Documentation]    ${req.description || req.name}`);
+      lines.push(`    \${response}=    ${kwName}`);
+      lines.push(`    Status Should Be    200    \${response}`);
+      lines.push("");
+    }
+    for (const sub of folder.folders) processFolder(sub);
+  }
+  processFolder(collection.rootFolder);
+  return lines.join("\n");
+}
+function renderTree$5(paths) {
+  const root = {};
+  for (const p of [...paths].sort()) {
+    let cur = root;
+    for (const part of p.split("/")) {
+      cur = cur[part] ??= {};
+    }
+  }
+  function render(node, prefix = "") {
+    const entries = Object.entries(node);
+    return entries.flatMap(([name, children], i) => {
+      const last = i === entries.length - 1;
+      const lines = [`${prefix}${last ? "└── " : "├── "}${name}`];
+      if (Object.keys(children).length) lines.push(...render(children, prefix + (last ? "    " : "│   ")));
+      return lines;
+    });
+  }
+  return [".", ...render(root)].join("\n");
+}
+function buildReadme$5(collectionName, filePaths) {
+  const tree = renderTree$5(filePaths);
+  return `# ${collectionName} — API Tests (Robot Framework)
+
+## Project structure
+
+\`\`\`
+${tree}
+\`\`\`
+
+> Secrets are read from OS environment variables (e.g. \`%{API_TOKEN}\`).
+> Never hardcode secrets — export them in your shell or CI environment.
+
+## Setup
+
+\`\`\`sh
+pip install -r requirements.txt
+
+# Run all tests
+robot tests/
+
+# Override base URL
+BASE_URL=https://staging.example.com robot tests/
+\`\`\`
+`;
+}
+function generateRobotFramework(collection, environment) {
+  const varMap = new Map(
+    (environment?.variables ?? []).map((v) => [v.key, v])
+  );
+  const nameMap = buildNameMap$2(collection.rootFolder, collection.requests);
+  const slug2 = collection.name.replace(/\W+/g, "_").toLowerCase();
+  const contentFiles = [
+    { path: "resources/variables.resource", content: buildVariablesFile(environment) },
+    { path: "resources/api_keywords.resource", content: buildKeywordsFile(collection, varMap, nameMap) },
+    { path: `tests/test_${slug2}.robot`, content: buildTestSuite(collection, environment, nameMap) }
+  ];
+  const allPaths = ["requirements.txt", ...contentFiles.map((f) => f.path)];
+  return [
+    { path: "README.md", content: buildReadme$5(collection.name, allPaths) },
+    { path: "requirements.txt", content: "robotframework\nrobotframework-requests\n" },
+    ...contentFiles
+  ];
+}
+function slug$3(name) {
+  return name.replace(/\W+/g, "-").toLowerCase().replace(/^-|-$/g, "");
+}
+function toEnvVar$3(key) {
+  return key.replace(/\W+/g, "_").toUpperCase();
+}
+function interpolatePath$1(value) {
+  return value.replace(/\{\{([^}]+)\}\}/g, (_, key) => `\${process.env.${toEnvVar$3(key.trim())} ?? ''}`);
+}
+function buildNameMap$1(folder, requests) {
+  const map = /* @__PURE__ */ new Map();
+  const used = /* @__PURE__ */ new Set();
+  for (const id of folder.requestIds) {
+    const req = requests[id];
+    if (!req) continue;
+    const base = req.name;
+    let name = base;
+    if (used.has(name)) {
+      let i = 2;
+      while (used.has(`${base} ${i}`)) i++;
+      name = `${base} ${i}`;
+    }
+    used.add(name);
+    map.set(id, name);
+  }
+  return map;
+}
+function renderJsValue$1(value, indent) {
+  const next = indent + "  ";
+  if (value === null) return "null";
+  if (typeof value === "boolean" || typeof value === "number") return String(value);
+  if (typeof value === "string") {
+    if (value.includes("{{")) {
+      const s = value.replace(/\{\{([^}]+)\}\}/g, (_, k) => `\${process.env.${toEnvVar$3(k.trim())} ?? ''}`);
+      return "`" + s + "`";
+    }
+    return JSON.stringify(value);
+  }
+  if (Array.isArray(value)) {
+    if (!value.length) return "[]";
+    return `[
+${value.map((v) => next + renderJsValue$1(v, next)).join(",\n")},
+${indent}]`;
+  }
+  if (typeof value === "object") {
+    const entries = Object.entries(value);
+    if (!entries.length) return "{}";
+    return `{
+${entries.map(([k, v]) => `${next}${k}: ${renderJsValue$1(v, next)}`).join(",\n")},
+${indent}}`;
+  }
+  return JSON.stringify(value);
+}
+function buildPlaywrightConfig$1(environment) {
+  const baseUrl = environment?.variables.find(
+    (v) => ["base_url", "baseurl", "base-url"].includes(v.key.toLowerCase()) && !v.secret
+  )?.value ?? "http://localhost:3000";
+  return `import { defineConfig } from '@playwright/test'
+import * as dotenv from 'dotenv'
+
+dotenv.config({ path: '.env.local' });
+
+export default defineConfig({
+  testDir: './tests',
+  fullyParallel: true,
+  reporter: 'html',
+  use: {
+    baseURL: process.env.BASE_URL ?? '${baseUrl}',
+    extraHTTPHeaders: { Accept: 'application/json' },
+  },
+})
+`;
+}
+function buildSpec$1(folderName, folder, requests, nameMap) {
+  const tests = [];
+  for (const reqId of folder.requestIds) {
+    const req = requests[reqId];
+    if (!req) continue;
+    const testName = nameMap.get(reqId) ?? req.name;
+    const method = req.method.toLowerCase();
+    const path2 = req.url.replace(/^https?:\/\/[^/]+/, "").replace(/^\{\{[^}]+\}\}/, "") || "/";
+    const pathExpr = path2.includes("{{") ? "`" + interpolatePath$1(path2) + "`" : `'${path2}'`;
+    const optionParts = [];
+    const headerEntries = [];
+    const { auth } = req;
+    if (auth.type === "bearer") {
+      const ref = auth.tokenSecretRef ?? "API_TOKEN";
+      headerEntries.push(`Authorization: \`Bearer \${process.env.${toEnvVar$3(ref)} ?? ''}\``);
+    } else if (auth.type === "apikey" && auth.apiKeyIn === "header") {
+      const ref = auth.apiKeySecretRef ?? "API_KEY";
+      const name = auth.apiKeyName ?? "X-API-Key";
+      headerEntries.push(`'${name}': \`\${process.env.${toEnvVar$3(ref)} ?? ''}\``);
+    }
+    for (const h of req.headers.filter((h2) => h2.enabled && h2.key)) {
+      headerEntries.push(`'${h.key}': \`${interpolatePath$1(h.value)}\``);
+    }
+    if (headerEntries.length) {
+      optionParts.push(`      headers: {
+        ${headerEntries.join(",\n        ")},
+      }`);
+    }
+    const enabledParams = req.params.filter((p) => p.enabled && p.key);
+    if (enabledParams.length) {
+      const pairs = enabledParams.map((p) => `'${p.key}': '${interpolatePath$1(p.value)}'`).join(", ");
+      optionParts.push(`      params: { ${pairs} }`);
+    }
+    const hasBody = req.body.mode !== "none" && !["get", "head"].includes(method);
+    if (hasBody && req.body.mode === "json" && req.body.json) {
+      try {
+        const rendered = renderJsValue$1(JSON.parse(req.body.json), "      ");
+        optionParts.push(`      data: ${rendered}`);
+      } catch {
+        optionParts.push(`      data: \`${interpolatePath$1(req.body.json)}\``);
+      }
+    }
+    const optionsStr = optionParts.length ? `, {
+${optionParts.join(",\n")},
+    }` : "";
+    tests.push([
+      `  test('${testName}', async ({ request }) => {`,
+      `    const response = await request.${method}(${pathExpr}${optionsStr});`,
+      `    expect(response.ok()).toBeTruthy();`,
+      `  });`
+    ].join("\n"));
+  }
+  return `import { test, expect } from '@playwright/test'
+
+test.describe('${folderName}', () => {
+
+${tests.join("\n\n")}
+
+})
+`;
+}
+function buildPackageJson$3(collectionName) {
+  const name = collectionName.replace(/\W+/g, "-").toLowerCase();
+  return JSON.stringify({
+    name: `${name}-api-tests`,
+    version: "1.0.0",
+    private: true,
+    scripts: {
+      test: "playwright test",
+      "test:report": "playwright show-report"
+    },
+    devDependencies: {
+      "@playwright/test": "^1.44.0",
+      dotenv: "^16.4.0",
+      typescript: "^5.4.0"
+    }
+  }, null, 2) + "\n";
+}
+function renderTree$4(paths) {
+  const root = {};
+  for (const p of [...paths].sort()) {
+    let cur = root;
+    for (const part of p.split("/")) {
+      cur = cur[part] ??= {};
+    }
+  }
+  function render(node, prefix = "") {
+    const entries = Object.entries(node);
+    return entries.flatMap(([name, children], i) => {
+      const last = i === entries.length - 1;
+      const lines = [`${prefix}${last ? "└── " : "├── "}${name}`];
+      if (Object.keys(children).length) lines.push(...render(children, prefix + (last ? "    " : "│   ")));
+      return lines;
+    });
+  }
+  return [".", ...render(root)].join("\n");
+}
+function buildReadme$4(collectionName, filePaths) {
+  const tree = renderTree$4([...filePaths, ".env.local"]);
+  return `# ${collectionName} — API Tests (Playwright TypeScript)
+
+## Project structure
+
+\`\`\`
+${tree}
+\`\`\`
+
+> \`.env.local\` is git-ignored — fill in your secrets before running.
+
+## Setup
+
+\`\`\`sh
+npm install
+npx playwright install --with-deps chromium
+npm test
+\`\`\`
+`;
+}
+function generatePlaywright(collection, environment) {
+  const files = [];
+  function processFolder(folder, name) {
+    if (folder.requestIds.length > 0) {
+      const nameMap = buildNameMap$1(folder, collection.requests);
+      files.push({ path: `tests/${slug$3(name)}.spec.ts`, content: buildSpec$1(name, folder, collection.requests, nameMap) });
+    }
+    for (const sub of folder.folders) processFolder(sub, sub.name);
+  }
+  if (collection.rootFolder.requestIds.length > 0) processFolder(collection.rootFolder, collection.name);
+  for (const sub of collection.rootFolder.folders) processFolder(sub, sub.name);
+  const scaffoldPaths = ["package.json", "playwright.config.ts", ...files.map((f) => f.path)];
+  files.unshift(
+    { path: "package.json", content: buildPackageJson$3(collection.name) },
+    { path: "playwright.config.ts", content: buildPlaywrightConfig$1(environment) },
+    { path: "README.md", content: buildReadme$4(collection.name, scaffoldPaths) }
+  );
+  return files;
+}
+function slug$2(name) {
+  return name.replace(/\W+/g, "-").toLowerCase().replace(/^-|-$/g, "");
+}
+function toEnvVar$2(key) {
+  return key.replace(/\W+/g, "_").toUpperCase();
+}
+function interpolatePath(value) {
+  return value.replace(/\{\{([^}]+)\}\}/g, (_, key) => `\${process.env.${toEnvVar$2(key.trim())} ?? ''}`);
+}
+function buildNameMap(folder, requests) {
+  const map = /* @__PURE__ */ new Map();
+  const used = /* @__PURE__ */ new Set();
+  for (const id of folder.requestIds) {
+    const req = requests[id];
+    if (!req) continue;
+    const base = req.name;
+    let name = base;
+    if (used.has(name)) {
+      let i = 2;
+      while (used.has(`${base} ${i}`)) i++;
+      name = `${base} ${i}`;
+    }
+    used.add(name);
+    map.set(id, name);
+  }
+  return map;
+}
+function renderJsValue(value, indent) {
+  const next = indent + "  ";
+  if (value === null) return "null";
+  if (typeof value === "boolean" || typeof value === "number") return String(value);
+  if (typeof value === "string") {
+    if (value.includes("{{")) {
+      const s = value.replace(/\{\{([^}]+)\}\}/g, (_, k) => `\${process.env.${toEnvVar$2(k.trim())} ?? ''}`);
+      return "`" + s + "`";
+    }
+    return JSON.stringify(value);
+  }
+  if (Array.isArray(value)) {
+    if (!value.length) return "[]";
+    return `[
+${value.map((v) => next + renderJsValue(v, next)).join(",\n")},
+${indent}]`;
+  }
+  if (typeof value === "object") {
+    const entries = Object.entries(value);
+    if (!entries.length) return "{}";
+    return `{
+${entries.map(([k, v]) => `${next}${k}: ${renderJsValue(v, next)}`).join(",\n")},
+${indent}}`;
+  }
+  return JSON.stringify(value);
+}
+function buildPlaywrightConfig(environment) {
+  const baseUrl = environment?.variables.find(
+    (v) => ["base_url", "baseurl", "base-url"].includes(v.key.toLowerCase()) && !v.secret
+  )?.value ?? "http://localhost:3000";
+  return `// @ts-check
+const { defineConfig } = require('@playwright/test');
+require('dotenv').config({ path: '.env.local' });
+
+module.exports = defineConfig({
+  testDir: './tests',
+  fullyParallel: true,
+  reporter: 'html',
+  use: {
+    baseURL: process.env.BASE_URL ?? '${baseUrl}',
+    extraHTTPHeaders: { Accept: 'application/json' },
+  },
+});
+`;
+}
+function buildSpec(folderName, folder, requests, nameMap) {
+  const tests = [];
+  for (const reqId of folder.requestIds) {
+    const req = requests[reqId];
+    if (!req) continue;
+    const testName = nameMap.get(reqId) ?? req.name;
+    const method = req.method.toLowerCase();
+    const path2 = req.url.replace(/^https?:\/\/[^/]+/, "").replace(/^\{\{[^}]+\}\}/, "") || "/";
+    const pathExpr = path2.includes("{{") ? "`" + interpolatePath(path2) + "`" : `'${path2}'`;
+    const optionParts = [];
+    const headerEntries = [];
+    const { auth } = req;
+    if (auth.type === "bearer") {
+      const ref = auth.tokenSecretRef ?? "API_TOKEN";
+      headerEntries.push(`Authorization: \`Bearer \${process.env.${toEnvVar$2(ref)} ?? ''}\``);
+    } else if (auth.type === "apikey" && auth.apiKeyIn === "header") {
+      const ref = auth.apiKeySecretRef ?? "API_KEY";
+      const name = auth.apiKeyName ?? "X-API-Key";
+      headerEntries.push(`'${name}': \`\${process.env.${toEnvVar$2(ref)} ?? ''}\``);
+    }
+    for (const h of req.headers.filter((h2) => h2.enabled && h2.key)) {
+      headerEntries.push(`'${h.key}': \`${interpolatePath(h.value)}\``);
+    }
+    if (headerEntries.length) {
+      optionParts.push(`      headers: {
+        ${headerEntries.join(",\n        ")},
+      }`);
+    }
+    const enabledParams = req.params.filter((p) => p.enabled && p.key);
+    if (enabledParams.length) {
+      const pairs = enabledParams.map((p) => `'${p.key}': '${interpolatePath(p.value)}'`).join(", ");
+      optionParts.push(`      params: { ${pairs} }`);
+    }
+    const hasBody = req.body.mode !== "none" && !["get", "head"].includes(method);
+    if (hasBody && req.body.mode === "json" && req.body.json) {
+      try {
+        const rendered = renderJsValue(JSON.parse(req.body.json), "      ");
+        optionParts.push(`      data: ${rendered}`);
+      } catch {
+        optionParts.push(`      data: \`${interpolatePath(req.body.json)}\``);
+      }
+    }
+    const optionsStr = optionParts.length ? `, {
+${optionParts.join(",\n")},
+    }` : "";
+    tests.push([
+      `  test('${testName}', async ({ request }) => {`,
+      `    const response = await request.${method}(${pathExpr}${optionsStr});`,
+      `    expect(response.ok()).toBeTruthy();`,
+      `  });`
+    ].join("\n"));
+  }
+  return `const { test, expect } = require('@playwright/test');
+
+test.describe('${folderName}', () => {
+
+${tests.join("\n\n")}
+
+});
+`;
+}
+function buildPackageJson$2(collectionName) {
+  const name = collectionName.replace(/\W+/g, "-").toLowerCase();
+  return JSON.stringify({
+    name: `${name}-api-tests`,
+    version: "1.0.0",
+    private: true,
+    scripts: {
+      test: "playwright test",
+      "test:report": "playwright show-report"
+    },
+    devDependencies: {
+      "@playwright/test": "^1.44.0",
+      dotenv: "^16.4.0"
+    }
+  }, null, 2) + "\n";
+}
+function renderTree$3(paths) {
+  const root = {};
+  for (const p of [...paths].sort()) {
+    let cur = root;
+    for (const part of p.split("/")) {
+      cur = cur[part] ??= {};
+    }
+  }
+  function render(node, prefix = "") {
+    const entries = Object.entries(node);
+    return entries.flatMap(([name, children], i) => {
+      const last = i === entries.length - 1;
+      const lines = [`${prefix}${last ? "└── " : "├── "}${name}`];
+      if (Object.keys(children).length) lines.push(...render(children, prefix + (last ? "    " : "│   ")));
+      return lines;
+    });
+  }
+  return [".", ...render(root)].join("\n");
+}
+function buildReadme$3(collectionName, filePaths) {
+  const tree = renderTree$3([...filePaths, ".env.local"]);
+  return `# ${collectionName} — API Tests (Playwright JavaScript)
+
+## Project structure
+
+\`\`\`
+${tree}
+\`\`\`
+
+> \`.env.local\` is git-ignored — fill in your secrets before running.
+
+## Setup
+
+\`\`\`sh
+npm install
+npx playwright install --with-deps chromium
+npm test
+\`\`\`
+`;
+}
+function generatePlaywrightJs(collection, environment) {
+  const files = [];
+  function processFolder(folder, name) {
+    if (folder.requestIds.length > 0) {
+      const nameMap = buildNameMap(folder, collection.requests);
+      files.push({ path: `tests/${slug$2(name)}.spec.js`, content: buildSpec(name, folder, collection.requests, nameMap) });
+    }
+    for (const sub of folder.folders) processFolder(sub, sub.name);
+  }
+  if (collection.rootFolder.requestIds.length > 0) processFolder(collection.rootFolder, collection.name);
+  for (const sub of collection.rootFolder.folders) processFolder(sub, sub.name);
+  const scaffoldPaths = ["package.json", "playwright.config.js", ...files.map((f) => f.path)];
+  files.unshift(
+    { path: "package.json", content: buildPackageJson$2(collection.name) },
+    { path: "playwright.config.js", content: buildPlaywrightConfig(environment) },
+    { path: "README.md", content: buildReadme$3(collection.name, scaffoldPaths) }
+  );
+  return files;
+}
+function slug$1(name) {
+  return name.replace(/\W+/g, "-").toLowerCase().replace(/^-|-$/g, "");
+}
+function toEnvVar$1(key) {
+  return key.replace(/\W+/g, "_").toUpperCase();
+}
+function interpolateValue$1(value) {
+  return value.replace(/\{\{([^}]+)\}\}/g, (_, key) => `\${process.env.${toEnvVar$1(key.trim())} ?? ''}`);
+}
+function buildJestConfig$1() {
+  return `import type { Config } from 'jest'
+
+const config: Config = {
+  preset: 'ts-jest',
+  testEnvironment: 'node',
+  testMatch: ['**/tests/**/*.test.ts'],
+  setupFiles: ['dotenv/config'],
+}
+
+export default config
+`;
+}
+function buildClient$1(environment) {
+  const baseUrl = environment?.variables.find(
+    (v) => ["base_url", "baseurl", "base-url"].includes(v.key.toLowerCase()) && !v.secret
+  )?.value ?? "http://localhost:3000";
+  const secretVars = environment?.variables.filter((v) => v.secret && v.secretRef) ?? [];
+  const envComments = secretVars.map((v) => `# ${toEnvVar$1(v.key)}=<from keychain>`).join("\n");
+  return `import supertest from 'supertest'
+import * as dotenv from 'dotenv'
+
+dotenv.config({ path: '.env.local' });
+
+// Add secret env vars to .env.local:
+${envComments ? `// ${envComments.replace(/\n/g, "\n// ")}
+` : ""}export const BASE_URL = process.env.BASE_URL ?? '${baseUrl}';
+
+export const api = supertest(BASE_URL);
+`;
+}
+function buildTestFile$1(folderName, folder, requests) {
+  const tests = [];
+  const used = /* @__PURE__ */ new Set();
+  const nameMap = /* @__PURE__ */ new Map();
+  for (const id of folder.requestIds) {
+    const req = requests[id];
+    if (!req) continue;
+    const base = req.name;
+    let name = base;
+    if (used.has(name)) {
+      let i = 2;
+      while (used.has(`${base} ${i}`)) i++;
+      name = `${base} ${i}`;
+    }
+    used.add(name);
+    nameMap.set(id, name);
+  }
+  for (const reqId of folder.requestIds) {
+    const req = requests[reqId];
+    if (!req) continue;
+    const method = req.method.toLowerCase();
+    const path2 = interpolateValue$1(req.url.replace(/^https?:\/\/[^/]+/, "") || "/");
+    const enabledHeaders = req.headers.filter((h) => h.enabled && h.key);
+    const enabledParams = req.params.filter((p) => p.enabled && p.key);
+    const hasBody = req.body.mode !== "none" && !["get", "head"].includes(method);
+    const lines = [];
+    lines.push(`  it('${nameMap.get(reqId)}', async () => {`);
+    lines.push(`    const res = await api`);
+    lines.push(`      .${method}(\`${path2}\`)`);
+    for (const h of enabledHeaders) {
+      lines.push(`      .set('${h.key}', \`${interpolateValue$1(h.value)}\`)`);
+    }
+    if (enabledParams.length) {
+      const pairs = enabledParams.map((p) => `${p.key}: \`${interpolateValue$1(p.value)}\``).join(", ");
+      lines.push(`      .query({ ${pairs} })`);
+    }
+    if (hasBody) {
+      if (req.body.mode === "json") {
+        lines.push(`      .send(${req.body.json ?? "{}"})`);
+      } else if (req.body.mode === "form" && req.body.form) {
+        const pairs = req.body.form.filter((p) => p.enabled && p.key).map((p) => `${p.key}: \`${interpolateValue$1(p.value)}\``).join(", ");
+        lines.push(`      .type('form')`);
+        lines.push(`      .send({ ${pairs} })`);
+      }
+    }
+    lines[lines.length - 1] += ";";
+    lines.push(``);
+    lines.push(`    expect(res.status).toBe(200);`);
+    lines.push(`    // expect(res.body).toMatchObject({});`);
+    lines.push(`  })`);
+    tests.push(lines.join("\n"));
+  }
+  return `import { api } from '../helpers/api-client'
+
+describe('${folderName}', () => {
+${tests.join("\n\n")}
+})
+`;
+}
+function buildPackageJson$1(collectionName) {
+  const name = collectionName.replace(/\W+/g, "-").toLowerCase();
+  return JSON.stringify({
+    name: `${name}-api-tests`,
+    version: "1.0.0",
+    private: true,
+    scripts: { test: "jest" },
+    devDependencies: {
+      "@types/jest": "^29.5.0",
+      "@types/supertest": "^6.0.0",
+      dotenv: "^16.4.0",
+      jest: "^29.7.0",
+      supertest: "^7.0.0",
+      "ts-jest": "^29.1.0",
+      "ts-node": "^10.9.2",
+      typescript: "^5.4.0"
+    }
+  }, null, 2) + "\n";
+}
+function buildTsConfig() {
+  return JSON.stringify({
+    compilerOptions: {
+      target: "ES2020",
+      module: "commonjs",
+      strict: true,
+      esModuleInterop: true,
+      outDir: "dist"
+    },
+    include: ["**/*.ts"],
+    exclude: ["node_modules", "dist"]
+  }, null, 2) + "\n";
+}
+function renderTree$2(paths) {
+  const root = {};
+  for (const p of [...paths].sort()) {
+    let cur = root;
+    for (const part of p.split("/")) {
+      cur = cur[part] ??= {};
+    }
+  }
+  function render(node, prefix = "") {
+    const entries = Object.entries(node);
+    return entries.flatMap(([name, children], i) => {
+      const last = i === entries.length - 1;
+      const lines = [`${prefix}${last ? "└── " : "├── "}${name}`];
+      if (Object.keys(children).length) lines.push(...render(children, prefix + (last ? "    " : "│   ")));
+      return lines;
+    });
+  }
+  return [".", ...render(root)].join("\n");
+}
+function buildReadme$2(collectionName, filePaths) {
+  const tree = renderTree$2([...filePaths, ".env.local"]);
+  return `# ${collectionName} — API Tests (Supertest + Jest TypeScript)
+
+## Project structure
+
+\`\`\`
+${tree}
+\`\`\`
+
+> \`.env.local\` is git-ignored — fill in your secrets before running.
+
+## Setup
+
+\`\`\`sh
+npm install
+npm test
+\`\`\`
+`;
+}
+function generateSupertestTs(collection, environment) {
+  const files = [
+    { path: "jest.config.ts", content: buildJestConfig$1() },
+    { path: "helpers/api-client.ts", content: buildClient$1(environment) }
+  ];
+  function processFolder(folder, name) {
+    if (folder.requestIds.length > 0) {
+      files.push({
+        path: `tests/${slug$1(name)}.test.ts`,
+        content: buildTestFile$1(name, folder, collection.requests)
+      });
+    }
+    for (const sub of folder.folders) {
+      processFolder(sub, sub.name);
+    }
+  }
+  if (collection.rootFolder.requestIds.length > 0) {
+    processFolder(collection.rootFolder, collection.name);
+  }
+  for (const sub of collection.rootFolder.folders) {
+    processFolder(sub, sub.name);
+  }
+  const scaffoldPaths = ["package.json", "tsconfig.json", ...files.map((f) => f.path)];
+  files.unshift(
+    { path: "package.json", content: buildPackageJson$1(collection.name) },
+    { path: "tsconfig.json", content: buildTsConfig() },
+    { path: "README.md", content: buildReadme$2(collection.name, scaffoldPaths) }
+  );
+  return files;
+}
+function slug(name) {
+  return name.replace(/\W+/g, "-").toLowerCase().replace(/^-|-$/g, "");
+}
+function toEnvVar(key) {
+  return key.replace(/\W+/g, "_").toUpperCase();
+}
+function interpolateValue(value) {
+  return value.replace(/\{\{([^}]+)\}\}/g, (_, key) => `\${process.env.${toEnvVar(key.trim())} ?? ''}`);
+}
+function buildJestConfig() {
+  return `/** @type {import('jest').Config} */
+module.exports = {
+  testEnvironment: 'node',
+  testMatch: ['**/tests/**/*.test.js'],
+  setupFiles: ['dotenv/config'],
+}
+`;
+}
+function buildClient(environment) {
+  const baseUrl = environment?.variables.find(
+    (v) => ["base_url", "baseurl", "base-url"].includes(v.key.toLowerCase()) && !v.secret
+  )?.value ?? "http://localhost:3000";
+  const secretVars = environment?.variables.filter((v) => v.secret && v.secretRef) ?? [];
+  const envComments = secretVars.map((v) => `# ${toEnvVar(v.key)}=<from keychain>`).join("\n");
+  return `const supertest = require('supertest');
+require('dotenv').config({ path: '.env.local' });
+
+// Add secret env vars to .env.local:
+${envComments ? `// ${envComments.replace(/\n/g, "\n// ")}
+` : ""}const BASE_URL = process.env.BASE_URL ?? '${baseUrl}';
+
+module.exports.api = supertest(BASE_URL);
+`;
+}
+function buildTestFile(folderName, folder, requests) {
+  const tests = [];
+  const used = /* @__PURE__ */ new Set();
+  const nameMap = /* @__PURE__ */ new Map();
+  for (const id of folder.requestIds) {
+    const req = requests[id];
+    if (!req) continue;
+    const base = req.name;
+    let name = base;
+    if (used.has(name)) {
+      let i = 2;
+      while (used.has(`${base} ${i}`)) i++;
+      name = `${base} ${i}`;
+    }
+    used.add(name);
+    nameMap.set(id, name);
+  }
+  for (const reqId of folder.requestIds) {
+    const req = requests[reqId];
+    if (!req) continue;
+    const method = req.method.toLowerCase();
+    const path2 = interpolateValue(req.url.replace(/^https?:\/\/[^/]+/, "") || "/");
+    const enabledHeaders = req.headers.filter((h) => h.enabled && h.key);
+    const enabledParams = req.params.filter((p) => p.enabled && p.key);
+    const hasBody = req.body.mode !== "none" && !["get", "head"].includes(method);
+    const lines = [];
+    lines.push(`  it('${nameMap.get(reqId)}', async () => {`);
+    lines.push(`    const res = await api`);
+    lines.push(`      .${method}(\`${path2}\`)`);
+    for (const h of enabledHeaders) {
+      lines.push(`      .set('${h.key}', \`${interpolateValue(h.value)}\`)`);
+    }
+    if (enabledParams.length) {
+      const pairs = enabledParams.map((p) => `${p.key}: \`${interpolateValue(p.value)}\``).join(", ");
+      lines.push(`      .query({ ${pairs} })`);
+    }
+    if (hasBody) {
+      if (req.body.mode === "json") {
+        lines.push(`      .send(${req.body.json ?? "{}"})`);
+      } else if (req.body.mode === "form" && req.body.form) {
+        const pairs = req.body.form.filter((p) => p.enabled && p.key).map((p) => `${p.key}: \`${interpolateValue(p.value)}\``).join(", ");
+        lines.push(`      .type('form')`);
+        lines.push(`      .send({ ${pairs} })`);
+      }
+    }
+    lines[lines.length - 1] += ";";
+    lines.push(``);
+    lines.push(`    expect(res.status).toBe(200);`);
+    lines.push(`    // expect(res.body).toMatchObject({});`);
+    lines.push(`  })`);
+    tests.push(lines.join("\n"));
+  }
+  return `const { api } = require('../helpers/api-client');
+
+describe('${folderName}', () => {
+${tests.join("\n\n")}
+})
+`;
+}
+function buildPackageJson(collectionName) {
+  const name = collectionName.replace(/\W+/g, "-").toLowerCase();
+  return JSON.stringify({
+    name: `${name}-api-tests`,
+    version: "1.0.0",
+    private: true,
+    scripts: { test: "jest" },
+    devDependencies: {
+      dotenv: "^16.4.0",
+      jest: "^29.7.0",
+      supertest: "^7.0.0"
+    }
+  }, null, 2) + "\n";
+}
+function renderTree$1(paths) {
+  const root = {};
+  for (const p of [...paths].sort()) {
+    let cur = root;
+    for (const part of p.split("/")) {
+      cur = cur[part] ??= {};
+    }
+  }
+  function render(node, prefix = "") {
+    const entries = Object.entries(node);
+    return entries.flatMap(([name, children], i) => {
+      const last = i === entries.length - 1;
+      const lines = [`${prefix}${last ? "└── " : "├── "}${name}`];
+      if (Object.keys(children).length) lines.push(...render(children, prefix + (last ? "    " : "│   ")));
+      return lines;
+    });
+  }
+  return [".", ...render(root)].join("\n");
+}
+function buildReadme$1(collectionName, filePaths) {
+  const tree = renderTree$1([...filePaths, ".env.local"]);
+  return `# ${collectionName} — API Tests (Supertest + Jest JavaScript)
+
+## Project structure
+
+\`\`\`
+${tree}
+\`\`\`
+
+> \`.env.local\` is git-ignored — fill in your secrets before running.
+
+## Setup
+
+\`\`\`sh
+npm install
+npm test
+\`\`\`
+`;
+}
+function generateSupertestJs(collection, environment) {
+  const files = [
+    { path: "jest.config.js", content: buildJestConfig() },
+    { path: "helpers/api-client.js", content: buildClient(environment) }
+  ];
+  function processFolder(folder, name) {
+    if (folder.requestIds.length > 0) {
+      files.push({
+        path: `tests/${slug(name)}.test.js`,
+        content: buildTestFile(name, folder, collection.requests)
+      });
+    }
+    for (const sub of folder.folders) {
+      processFolder(sub, sub.name);
+    }
+  }
+  if (collection.rootFolder.requestIds.length > 0) {
+    processFolder(collection.rootFolder, collection.name);
+  }
+  for (const sub of collection.rootFolder.folders) {
+    processFolder(sub, sub.name);
+  }
+  const scaffoldPaths = ["package.json", ...files.map((f) => f.path)];
+  files.unshift(
+    { path: "package.json", content: buildPackageJson(collection.name) },
+    { path: "README.md", content: buildReadme$1(collection.name, scaffoldPaths) }
+  );
+  return files;
+}
+function javaClass(name) {
+  return name.replace(/[^\w\s]/g, " ").split(/\s+/).filter(Boolean).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join("");
+}
+function javaMethod(name) {
+  const parts = name.replace(/[^\w\s]/g, " ").split(/\s+/).filter(Boolean);
+  return parts[0].toLowerCase() + parts.slice(1).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join("");
+}
+function toEnvConst(key) {
+  return key.replace(/\W+/g, "_").toUpperCase();
+}
+function interpolateJava(value) {
+  return '"' + value.replace(/\{\{([^}]+)\}\}/g, (_, key) => {
+    const envKey = toEnvConst(key.trim());
+    return `" + System.getenv("${envKey}") + "`;
+  }) + '"';
+}
+function buildPom(collectionName) {
+  const artifact = collectionName.replace(/\W+/g, "-").toLowerCase();
+  return `<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
+             http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>com.example.api</groupId>
+  <artifactId>${artifact}-tests</artifactId>
+  <version>1.0.0-SNAPSHOT</version>
+  <packaging>jar</packaging>
+
+  <properties>
+    <java.version>17</java.version>
+    <maven.compiler.source>\${java.version}</maven.compiler.source>
+    <maven.compiler.target>\${java.version}</maven.compiler.target>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <rest-assured.version>5.4.0</rest-assured.version>
+    <junit.version>5.10.2</junit.version>
+  </properties>
+
+  <dependencies>
+    <!-- REST Assured -->
+    <dependency>
+      <groupId>io.rest-assured</groupId>
+      <artifactId>rest-assured</artifactId>
+      <version>\${rest-assured.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>io.rest-assured</groupId>
+      <artifactId>json-schema-validator</artifactId>
+      <version>\${rest-assured.version}</version>
+      <scope>test</scope>
+    </dependency>
+
+    <!-- JUnit 5 -->
+    <dependency>
+      <groupId>org.junit.jupiter</groupId>
+      <artifactId>junit-jupiter</artifactId>
+      <version>\${junit.version}</version>
+      <scope>test</scope>
+    </dependency>
+
+    <!-- Hamcrest -->
+    <dependency>
+      <groupId>org.hamcrest</groupId>
+      <artifactId>hamcrest</artifactId>
+      <version>2.2</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <version>3.2.5</version>
+      </plugin>
+    </plugins>
+  </build>
+</project>
+`;
+}
+function buildBaseTest(environment) {
+  const baseUrl = environment?.variables.find(
+    (v) => ["base_url", "baseurl", "base-url"].includes(v.key.toLowerCase()) && !v.secret
+  )?.value ?? "http://localhost:8080";
+  const secretVars = environment?.variables.filter((v) => v.secret && v.secretRef) ?? [];
+  const secretComments = secretVars.map(
+    (v) => `     * - ${toEnvConst(v.key)}=<value from keychain>`
+  ).join("\n");
+  return `package com.example.api;
+
+import io.restassured.RestAssured;
+import io.restassured.builder.RequestSpecBuilder;
+import io.restassured.http.ContentType;
+import io.restassured.specification.RequestSpecification;
+import org.junit.jupiter.api.BeforeAll;
+
+/**
+ * Base class for all API tests.
+ *
+ * Set the following environment variables before running:
+${secretComments ? secretComments + "\n" : ""} * - BASE_URL (optional, default: ${baseUrl})
+ */
+public class BaseTest {
+
+    protected static RequestSpecification requestSpec;
+
+    @BeforeAll
+    static void setupRestAssured() {
+        String baseUrl = System.getenv("BASE_URL") != null
+            ? System.getenv("BASE_URL")
+            : "${baseUrl}";
+
+        requestSpec = new RequestSpecBuilder()
+            .setBaseUri(baseUrl)
+            .setContentType(ContentType.JSON)
+            .setAccept(ContentType.JSON)
+            .build();
+
+        RestAssured.enableLoggingOfRequestAndResponseIfValidationFails();
+    }
+}
+`;
+}
+function buildTestClass(folderName, folder, requests) {
+  const className = javaClass(folderName) + "Test";
+  const methods = [];
+  const usedNames = /* @__PURE__ */ new Set();
+  const nameMap = /* @__PURE__ */ new Map();
+  for (const reqId of folder.requestIds) {
+    const req = requests[reqId];
+    if (!req) continue;
+    const base = javaMethod(req.name);
+    let name = base;
+    if (usedNames.has(name)) {
+      let i = 2;
+      while (usedNames.has(`${base}${i}`)) i++;
+      name = `${base}${i}`;
+    }
+    usedNames.add(name);
+    nameMap.set(reqId, name);
+  }
+  for (const reqId of folder.requestIds) {
+    const req = requests[reqId];
+    if (!req) continue;
+    const methodName = nameMap.get(reqId);
+    const method = req.method.toLowerCase();
+    const path2 = req.url.replace(/^https?:\/\/[^/]+/, "").replace(/^\{\{[^}]+\}\}/, "") || "/";
+    const javaPath = interpolateJava(path2);
+    const enabledHeaders = req.headers.filter((h) => h.enabled && h.key);
+    const enabledParams = req.params.filter((p) => p.enabled && p.key);
+    const hasBody = req.body.mode !== "none" && !["get", "head"].includes(method);
+    const lines = [];
+    lines.push(`    @Test`);
+    lines.push(`    public void ${methodName}() {`);
+    lines.push(`        given()`);
+    lines.push(`            .spec(requestSpec)`);
+    for (const h of enabledHeaders) {
+      lines.push(`            .header("${h.key}", ${interpolateJava(h.value)})`);
+    }
+    for (const p of enabledParams) {
+      lines.push(`            .queryParam("${p.key}", ${interpolateJava(p.value)})`);
+    }
+    if (hasBody) {
+      if (req.body.mode === "json" && req.body.json) {
+        const escaped = req.body.json.replace(/"/g, '\\"').replace(/\n/g, "\\n");
+        lines.push(`            .body("${escaped}")`);
+      }
+    }
+    lines.push(`        .when()`);
+    lines.push(`            .${method}(${javaPath})`);
+    lines.push(`        .then()`);
+    lines.push(`            .statusCode(200);`);
+    lines.push(`            // .body("field", equalTo("value"));`);
+    lines.push(`    }`);
+    methods.push(lines.join("\n"));
+  }
+  return `package com.example.api;
+
+import org.junit.jupiter.api.Test;
+
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.*;
+
+public class ${className} extends BaseTest {
+
+${methods.join("\n\n")}
+}
+`;
+}
+function renderTree(paths) {
+  const root = {};
+  for (const p of [...paths].sort()) {
+    let cur = root;
+    for (const part of p.split("/")) {
+      cur = cur[part] ??= {};
+    }
+  }
+  function render(node, prefix = "") {
+    const entries = Object.entries(node);
+    return entries.flatMap(([name, children], i) => {
+      const last = i === entries.length - 1;
+      const lines = [`${prefix}${last ? "└── " : "├── "}${name}`];
+      if (Object.keys(children).length) lines.push(...render(children, prefix + (last ? "    " : "│   ")));
+      return lines;
+    });
+  }
+  return [".", ...render(root)].join("\n");
+}
+function buildReadme(collectionName, filePaths) {
+  const tree = renderTree(filePaths);
+  return `# ${collectionName} — API Tests (REST Assured + JUnit 5)
+
+## Project structure
+
+\`\`\`
+${tree}
+\`\`\`
+
+## Setup
+
+Requires Java 17+ and Maven 3.8+.
+
+\`\`\`sh
+# Run all tests
+mvn test
+
+# Pass secrets as env vars
+BASE_URL=https://api.example.com mvn test
+\`\`\`
+`;
+}
+function generateRestAssured(collection, environment) {
+  const files = [
+    { path: "pom.xml", content: buildPom(collection.name) },
+    { path: "src/test/java/com/example/api/BaseTest.java", content: buildBaseTest(environment) }
+  ];
+  function processFolder(folder, name) {
+    if (folder.requestIds.length > 0) {
+      const className = javaClass(name) + "Test";
+      files.push({
+        path: `src/test/java/com/example/api/${className}.java`,
+        content: buildTestClass(name, folder, collection.requests)
+      });
+    }
+    for (const sub of folder.folders) {
+      processFolder(sub, sub.name);
+    }
+  }
+  if (collection.rootFolder.requestIds.length > 0) {
+    processFolder(collection.rootFolder, collection.name);
+  }
+  for (const sub of collection.rootFolder.folders) {
+    processFolder(sub, sub.name);
+  }
+  files.unshift({ path: "README.md", content: buildReadme(collection.name, files.map((f) => f.path)) });
+  return files;
+}
+function registerGenerateHandlers(ipc) {
+  ipc.handle("generate:code", (_e, opts) => {
+    const { collection, environment, target } = opts;
+    switch (target) {
+      case "robot_framework":
+        return generateRobotFramework(collection, environment);
+      case "playwright_ts":
+        return generatePlaywright(collection, environment);
+      case "playwright_js":
+        return generatePlaywrightJs(collection, environment);
+      case "supertest_ts":
+        return generateSupertestTs(collection, environment);
+      case "supertest_js":
+        return generateSupertestJs(collection, environment);
+      case "rest_assured":
+        return generateRestAssured(collection, environment);
+      default:
+        throw new Error(`Unknown target: ${target}`);
+    }
+  });
+  ipc.handle("generate:save", async (_e, files, outputDir) => {
+    for (const file of files) {
+      const fullPath = path.join(outputDir, file.path);
+      await promises.mkdir(path.dirname(fullPath), { recursive: true });
+      await promises.writeFile(fullPath, file.content, "utf8");
+    }
+  });
+  ipc.handle("generate:saveZip", async (_e, files, collectionName, target) => {
+    const colSlug = collectionName.replace(/\W+/g, "-").toLowerCase();
+    const targetSlug = target.replace(/_/g, "-");
+    const defaultName = `${colSlug}-${targetSlug}.zip`;
+    const { canceled, filePath } = await electron.dialog.showSaveDialog({
+      title: "Save as ZIP",
+      defaultPath: defaultName,
+      filters: [{ name: "ZIP Archive", extensions: ["zip"] }]
+    });
+    if (canceled || !filePath) return false;
+    const zip = new JSZip();
+    for (const file of files) zip.file(file.path, file.content);
+    const buffer = await zip.generateAsync({ type: "nodebuffer" });
+    await promises.writeFile(filePath, buffer);
+    return true;
+  });
+}
+async function buildDispatcher(proxy, tls) {
+  const connectOpts = {};
+  let hasTls = false;
+  if (tls) {
+    hasTls = true;
+    if (tls.rejectUnauthorized !== void 0) connectOpts["rejectUnauthorized"] = tls.rejectUnauthorized;
+    if (tls.caCertPath) {
+      try {
+        connectOpts["ca"] = await promises.readFile(tls.caCertPath);
+      } catch {
+      }
+    }
+    if (tls.clientCertPath) {
+      try {
+        connectOpts["cert"] = await promises.readFile(tls.clientCertPath);
+      } catch {
+      }
+    }
+    if (tls.clientKeyPath) {
+      try {
+        connectOpts["key"] = await promises.readFile(tls.clientKeyPath);
+      } catch {
+      }
+    }
+  }
+  if (proxy?.url) {
+    const proxyUri = proxy.auth ? proxy.url.replace("://", `://${encodeURIComponent(proxy.auth.username)}:${encodeURIComponent(proxy.auth.password)}@`) : proxy.url;
+    return new undici.ProxyAgent({
+      uri: proxyUri,
+      ...hasTls ? { connect: connectOpts } : {}
+    });
+  }
+  if (hasTls) return new undici.Agent({ connect: connectOpts });
+  return void 0;
+}
+async function executeOne(req, collectionVars, envVars, globals, localVars, dispatcher, piiMaskPatterns) {
+  const base = {
+    requestId: req.id,
+    name: req.name,
+    method: req.method,
+    resolvedUrl: "",
+    status: "running"
+  };
+  let vars = scriptRunner.mergeVars(envVars, collectionVars, globals, localVars);
+  let updatedEnvVars = { ...envVars };
+  let updatedCollectionVars = { ...collectionVars };
+  let updatedGlobals = { ...globals };
+  let preScriptError;
+  if (req.preRequestScript?.trim()) {
+    const r = await scriptRunner.runScript(req.preRequestScript, {
+      envVars: { ...envVars },
+      collectionVars: { ...collectionVars },
+      globals: { ...globals },
+      localVars: {}
+    });
+    preScriptError = r.error;
+    localVars = r.updatedLocalVars;
+    updatedEnvVars = r.updatedEnvVars;
+    updatedCollectionVars = r.updatedCollectionVars;
+    updatedGlobals = r.updatedGlobals;
+    scriptRunner.patchGlobals(r.updatedGlobals);
+    await scriptRunner.persistGlobals();
+    vars = scriptRunner.mergeVars(updatedEnvVars, updatedCollectionVars, updatedGlobals, localVars);
+  }
+  const resolvedUrl = scriptRunner.buildUrl(req.url, req.params, vars);
+  base.resolvedUrl = resolvedUrl;
+  const start = Date.now();
+  try {
+    if (req.auth.type === "oauth2") {
+      const now = Date.now();
+      const tokenMissing = !req.auth.oauth2CachedToken;
+      const tokenExpired = req.auth.oauth2TokenExpiry ? req.auth.oauth2TokenExpiry <= now + 5e3 : true;
+      if (tokenMissing || tokenExpired) {
+        const result = await fetchOAuth2Token(req.auth, vars);
+        req.auth.oauth2CachedToken = result.accessToken;
+        req.auth.oauth2TokenExpiry = result.expiresAt;
+      }
+    }
+    const authHeaders = await buildAuthHeaders(req.auth, vars);
+    const headers = new undici.Headers();
+    for (const h of req.headers) {
+      if (h.enabled && h.key) headers.set(scriptRunner.interpolate(h.key, vars), scriptRunner.interpolate(h.value, vars));
+    }
+    for (const [k, v] of Object.entries(authHeaders)) headers.set(k, v);
+    let body;
+    if (req.body.mode === "json" && req.body.json) {
+      body = scriptRunner.interpolate(req.body.json, vars);
+      if (!headers.has("content-type")) headers.set("Content-Type", "application/json");
+    } else if (req.body.mode === "raw" && req.body.raw) {
+      body = scriptRunner.interpolate(req.body.raw, vars);
+      if (!headers.has("content-type")) headers.set("Content-Type", req.body.rawContentType ?? "text/plain");
+    }
+    const methodHasBody = !["GET", "HEAD"].includes(req.method);
+    const doFetch = (h) => undici.fetch(resolvedUrl, {
+      method: req.method,
+      headers: h,
+      body: methodHasBody ? body : void 0,
+      dispatcher
+    });
+    let fetchResp;
+    if (req.auth.type === "ntlm") {
+      await performNtlmRequest(resolvedUrl, req.method, req.auth, vars);
+      fetchResp = await doFetch(headers);
+    } else if (req.auth.type === "digest") {
+      const probeFetch = (url, init) => undici.fetch(url, {
+        ...init,
+        dispatcher
+      });
+      const digestHeader = await performDigestAuth(resolvedUrl, req.method, req.auth, vars, probeFetch);
+      if (digestHeader) headers.set("Authorization", digestHeader);
+      fetchResp = await doFetch(headers);
+    } else {
+      fetchResp = await doFetch(headers);
+    }
+    const responseBody = await fetchResp.text();
+    const durationMs = Date.now() - start;
+    const rawRespHeaders = {};
+    fetchResp.headers.forEach((v, k) => {
+      rawRespHeaders[k] = v;
+    });
+    const maskedBody = maskPii(responseBody, piiMaskPatterns);
+    const maskedHeaders = maskHeaders(rawRespHeaders, piiMaskPatterns);
+    const response = {
+      status: fetchResp.status,
+      statusText: fetchResp.statusText,
+      headers: maskedHeaders,
+      body: maskedBody,
+      bodySize: Buffer.byteLength(responseBody, "utf8"),
+      durationMs
+    };
+    let testResults = [];
+    let consoleOutput = [];
+    let postScriptError;
+    if (req.postRequestScript?.trim()) {
+      const r = await scriptRunner.runScript(req.postRequestScript, {
+        envVars: updatedEnvVars,
+        collectionVars: updatedCollectionVars,
+        globals: updatedGlobals,
+        localVars,
+        response
+      });
+      testResults = r.testResults;
+      consoleOutput = r.consoleOutput;
+      postScriptError = r.error;
+      updatedEnvVars = r.updatedEnvVars;
+      updatedCollectionVars = r.updatedCollectionVars;
+      updatedGlobals = r.updatedGlobals;
+      scriptRunner.patchGlobals(r.updatedGlobals);
+      await scriptRunner.persistGlobals();
+    }
+    const allPassed = testResults.every((t) => t.passed);
+    const status = postScriptError ? "error" : testResults.length > 0 ? allPassed ? "passed" : "failed" : "passed";
+    const sentHeaders = {};
+    headers.forEach((v, k) => {
+      sentHeaders[k] = v;
+    });
+    return {
+      result: {
+        ...base,
+        status,
+        httpStatus: fetchResp.status,
+        durationMs,
+        testResults,
+        consoleOutput,
+        preScriptError,
+        postScriptError,
+        sentRequest: { headers: sentHeaders, body: body ?? void 0 },
+        receivedResponse: {
+          status: fetchResp.status,
+          statusText: fetchResp.statusText,
+          headers: maskedHeaders,
+          body: maskedBody
+        }
+      },
+      updatedEnvVars,
+      updatedCollectionVars,
+      updatedGlobals
+    };
+  } catch (err) {
+    return {
+      result: {
+        ...base,
+        status: "error",
+        durationMs: Date.now() - start,
+        error: err instanceof Error ? err.message : String(err),
+        preScriptError
+      },
+      updatedEnvVars,
+      updatedCollectionVars,
+      updatedGlobals
+    };
+  }
+}
+const sleep = (ms) => new Promise((resolve2) => setTimeout(resolve2, ms));
+function registerRunnerHandler(ipc) {
+  ipc.handle("runner:start", async (event, payload) => {
+    const { items, environment, globals: payloadGlobals, proxy, tls, piiMaskPatterns = [], requestDelay = 0 } = payload;
+    const envVars = await scriptRunner.buildEnvVars(environment);
+    const liveGlobals = scriptRunner.getGlobals();
+    const globals = { ...payloadGlobals, ...liveGlobals };
+    const dispatcher = await buildDispatcher(proxy, tls);
+    const summary = { total: items.length, passed: 0, failed: 0, errors: 0, durationMs: 0 };
+    const totalStart = Date.now();
+    let runEnvVars = { ...envVars };
+    let runCollectionVars = {};
+    let runGlobals = { ...globals };
+    for (const item of items) {
+      const runningUpdate = { status: "running", iterationLabel: item.iterationLabel };
+      event.sender.send("runner:progress", { requestId: item.request.id, ...runningUpdate });
+      const { result, updatedEnvVars, updatedCollectionVars, updatedGlobals } = await executeOne(
+        item.request,
+        { ...item.collectionVars, ...runCollectionVars },
+        runEnvVars,
+        runGlobals,
+        item.dataRow ?? {},
+        dispatcher,
+        piiMaskPatterns
+      );
+      runEnvVars = updatedEnvVars;
+      runCollectionVars = updatedCollectionVars;
+      runGlobals = updatedGlobals;
+      if (result.status === "passed") summary.passed++;
+      else if (result.status === "failed") summary.failed++;
+      else summary.errors++;
+      event.sender.send("runner:progress", { ...result, iterationLabel: item.iterationLabel });
+      if (requestDelay > 0 && item !== items[items.length - 1]) {
+        await sleep(requestDelay);
+      }
+    }
+    summary.durationMs = Date.now() - totalStart;
+    return summary;
+  });
+}
+function registerMockHandlers(ipc) {
+  ipc.handle("mock:start", async (e, server) => {
+    mockServer.setHitCallback((hit) => e.sender.send("mock:hit", hit));
+    await mockServer.startMock(server);
+  });
+  ipc.handle("mock:stop", async (_e, id) => {
+    await mockServer.stopMock(id);
+  });
+  ipc.handle("mock:isRunning", (_e, id) => mockServer.isRunning(id));
+  ipc.handle("mock:updateRoutes", (_e, id, routes) => {
+    mockServer.updateMockRoutes(id, routes);
+  });
+  ipc.handle("mock:runningIds", () => mockServer.getRunningIds());
+  ipc.handle("file:saveMock", async (_e, relPath, server) => {
+    const wsDir = getWorkspaceDir();
+    if (!wsDir) throw new Error("No workspace open");
+    const fullPath = path.join(wsDir, relPath);
+    await promises.mkdir(path.dirname(fullPath), { recursive: true });
+    await promises.writeFile(fullPath, JSON.stringify(server, null, 2), "utf8");
+  });
+  ipc.handle("file:loadMock", async (_e, relPath) => {
+    const wsDir = getWorkspaceDir();
+    if (!wsDir) throw new Error("No workspace open");
+    const raw = await promises.readFile(path.join(wsDir, relPath), "utf8");
+    return JSON.parse(raw);
+  });
+}
+function registerOAuth2Handlers(ipc) {
+  ipc.handle("oauth2:startFlow", async (_e, auth, vars) => {
+    const port = auth.oauth2RedirectPort ?? 9876;
+    const redirectUri = `http://localhost:${port}/callback`;
+    const authUrl = scriptRunner.interpolate(auth.oauth2AuthUrl ?? "", vars);
+    const tokenUrl = scriptRunner.interpolate(auth.oauth2TokenUrl ?? "", vars);
+    const clientId = scriptRunner.interpolate(auth.oauth2ClientId ?? "", vars);
+    let clientSecret = auth.oauth2ClientSecret ?? "";
+    if (!clientSecret && auth.oauth2ClientSecretRef) {
+      clientSecret = await scriptRunner.getSecret(auth.oauth2ClientSecretRef) ?? "";
+    }
+    clientSecret = scriptRunner.interpolate(clientSecret, vars);
+    if (!authUrl) throw new Error("OAuth 2.0: authUrl is required for authorization_code flow.");
+    if (!tokenUrl) throw new Error("OAuth 2.0: tokenUrl is required for authorization_code flow.");
+    if (!clientId) throw new Error("OAuth 2.0: clientId is required.");
+    const state = Math.random().toString(36).slice(2);
+    const authUrlFull = new URL(authUrl);
+    authUrlFull.searchParams.set("response_type", "code");
+    authUrlFull.searchParams.set("client_id", clientId);
+    authUrlFull.searchParams.set("redirect_uri", redirectUri);
+    authUrlFull.searchParams.set("state", state);
+    if (auth.oauth2Scopes) authUrlFull.searchParams.set("scope", auth.oauth2Scopes);
+    const code = await new Promise((resolve2, reject) => {
+      const server = http.createServer((req, res) => {
+        const reqUrl = new URL(req.url ?? "/", `http://localhost:${port}`);
+        if (!reqUrl.pathname.startsWith("/callback")) {
+          res.writeHead(404);
+          res.end();
+          return;
+        }
+        const returnedState = reqUrl.searchParams.get("state");
+        const returnedCode = reqUrl.searchParams.get("code");
+        const error = reqUrl.searchParams.get("error");
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end("<html><body><p>Authorization complete. You may close this tab.</p></body></html>");
+        server.close();
+        if (error) {
+          reject(new Error(`OAuth 2.0 authorization error: ${error}`));
+          return;
+        }
+        if (returnedState !== state) {
+          reject(new Error("OAuth 2.0: state mismatch."));
+          return;
+        }
+        if (!returnedCode) {
+          reject(new Error("OAuth 2.0: no code in callback."));
+          return;
+        }
+        resolve2(returnedCode);
+      });
+      server.on("error", reject);
+      server.listen(port, "127.0.0.1", () => {
+        electron.shell.openExternal(authUrlFull.toString()).catch(reject);
+      });
+      setTimeout(() => {
+        server.close();
+        reject(new Error("OAuth 2.0 authorization timed out (5 min)."));
+      }, 5 * 60 * 1e3);
+    });
+    const { fetch: nodeFetch } = await import("undici");
+    const params = new URLSearchParams();
+    params.set("grant_type", "authorization_code");
+    params.set("code", code);
+    params.set("redirect_uri", redirectUri);
+    params.set("client_id", clientId);
+    if (clientSecret) params.set("client_secret", clientSecret);
+    const resp = await nodeFetch(tokenUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: params.toString()
+    });
+    if (!resp.ok) {
+      const body = await resp.text();
+      throw new Error(`OAuth 2.0 token exchange failed (${resp.status}): ${body}`);
+    }
+    const json = await resp.json();
+    const accessToken = String(json["access_token"] ?? "");
+    if (!accessToken) throw new Error("OAuth 2.0: token response missing access_token.");
+    const expiresIn = Number(json["expires_in"] ?? 3600);
+    return {
+      accessToken,
+      expiresAt: Date.now() + expiresIn * 1e3,
+      refreshToken: json["refresh_token"] ? String(json["refresh_token"]) : void 0
+    };
+  });
+  ipc.handle("oauth2:refreshToken", async (_e, auth, vars, refreshToken) => {
+    const tokenUrl = scriptRunner.interpolate(auth.oauth2TokenUrl ?? "", vars);
+    const clientId = scriptRunner.interpolate(auth.oauth2ClientId ?? "", vars);
+    let clientSecret = auth.oauth2ClientSecret ?? "";
+    if (!clientSecret && auth.oauth2ClientSecretRef) {
+      clientSecret = await scriptRunner.getSecret(auth.oauth2ClientSecretRef) ?? "";
+    }
+    clientSecret = scriptRunner.interpolate(clientSecret, vars);
+    if (!tokenUrl) throw new Error("OAuth 2.0: tokenUrl is required for refresh.");
+    const { fetch: nodeFetch } = await import("undici");
+    const params = new URLSearchParams();
+    params.set("grant_type", "refresh_token");
+    params.set("refresh_token", refreshToken);
+    params.set("client_id", clientId);
+    if (clientSecret) params.set("client_secret", clientSecret);
+    const resp = await nodeFetch(tokenUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: params.toString()
+    });
+    if (!resp.ok) {
+      const body = await resp.text();
+      throw new Error(`OAuth 2.0 token refresh failed (${resp.status}): ${body}`);
+    }
+    const json = await resp.json();
+    const accessToken = String(json["access_token"] ?? "");
+    if (!accessToken) throw new Error("OAuth 2.0: refresh response missing access_token.");
+    const expiresIn = Number(json["expires_in"] ?? 3600);
+    return {
+      accessToken,
+      expiresAt: Date.now() + expiresIn * 1e3,
+      refreshToken: json["refresh_token"] ? String(json["refresh_token"]) : refreshToken
+    };
+  });
+}
+const connections = /* @__PURE__ */ new Map();
+function closeAllWsConnections() {
+  for (const [, ws] of connections) {
+    try {
+      ws.close();
+    } catch {
+    }
+  }
+  connections.clear();
+}
+function registerWsHandlers(ipc) {
+  ipc.handle("ws:connect", async (event, requestId, url, headers) => {
+    const existing = connections.get(requestId);
+    if (existing) {
+      existing.close();
+      connections.delete(requestId);
+    }
+    event.sender.send("ws:status", { requestId, status: "connecting" });
+    const ws = new WebSocket(url, { headers });
+    connections.set(requestId, ws);
+    ws.on("open", () => {
+      event.sender.send("ws:status", { requestId, status: "connected" });
+    });
+    ws.on("message", (data) => {
+      const message = {
+        id: uuid.v4(),
+        direction: "received",
+        data: data.toString(),
+        timestamp: Date.now()
+      };
+      event.sender.send("ws:message", { requestId, message });
+    });
+    ws.on("error", (err) => {
+      event.sender.send("ws:status", { requestId, status: "error", error: err.message });
+      connections.delete(requestId);
+    });
+    ws.on("close", () => {
+      event.sender.send("ws:status", { requestId, status: "disconnected" });
+      connections.delete(requestId);
+    });
+  });
+  ipc.handle("ws:send", async (_event, requestId, data) => {
+    const ws = connections.get(requestId);
+    if (!ws || ws.readyState !== WebSocket.OPEN) {
+      throw new Error("WebSocket is not connected");
+    }
+    ws.send(data);
+  });
+  ipc.handle("ws:disconnect", async (_event, requestId) => {
+    const ws = connections.get(requestId);
+    if (ws) {
+      ws.close();
+      connections.delete(requestId);
+    }
+  });
+}
+function fetchUrl(url, headers = {}) {
+  return new Promise((resolve2, reject) => {
+    const lib = url.startsWith("https") ? https : http;
+    const req = lib.get(url, { headers }, (res) => {
+      const chunks = [];
+      res.on("data", (chunk) => chunks.push(chunk));
+      res.on("end", () => resolve2(Buffer.concat(chunks).toString("utf8")));
+      res.on("error", reject);
+    });
+    req.on("error", reject);
+    req.setTimeout(15e3, () => {
+      req.destroy();
+      reject(new Error("WSDL fetch timed out"));
+    });
+  });
+}
+function parseWsdl(wsdlText) {
+  const nsMatch = wsdlText.match(/targetNamespace\s*=\s*["']([^"']+)["']/);
+  const targetNamespace = nsMatch ? nsMatch[1] : "";
+  const operationRegex = /<(?:wsdl:)?operation\s+name\s*=\s*["']([^"']+)["']/g;
+  const operationNames = /* @__PURE__ */ new Set();
+  let m;
+  while ((m = operationRegex.exec(wsdlText)) !== null) {
+    operationNames.add(m[1]);
+  }
+  const soapActionMap = {};
+  const bindingOpRegex = /<(?:wsdl:)?operation\s+name\s*=\s*["']([^"']+)["'][^>]*>([\s\S]*?)<\/(?:wsdl:)?operation>/g;
+  while ((m = bindingOpRegex.exec(wsdlText)) !== null) {
+    const opName = m[1];
+    const block = m[2];
+    const saMatch = block.match(/soapAction\s*=\s*["']([^"']*)["']/);
+    if (saMatch) soapActionMap[opName] = saMatch[1];
+  }
+  const operations = [];
+  for (const name of operationNames) {
+    const soapAction = soapActionMap[name];
+    const inputTemplate = buildEnvelopeTemplate(name, targetNamespace);
+    operations.push({ name, soapAction, inputTemplate });
+  }
+  return { operations, targetNamespace };
+}
+function buildEnvelopeTemplate(operationName, namespace) {
+  return `<?xml version="1.0" encoding="utf-8"?>
+<soap:Envelope
+  xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+  xmlns:tns="${namespace}">
+  <soap:Header/>
+  <soap:Body>
+    <tns:${operationName}>
+      <!-- Add parameters here -->
+    </tns:${operationName}>
+  </soap:Body>
+</soap:Envelope>`;
+}
+function registerSoapHandlers(ipc) {
+  ipc.handle("wsdl:fetch", async (_event, url, extraHeaders = {}) => {
+    const wsdlText = await fetchUrl(url, extraHeaders);
+    return parseWsdl(wsdlText);
+  });
+}
+function escMd(s) {
+  return s.replace(/[|\\`*_{}[\]()#+\-.!]/g, (c) => `\\${c}`);
+}
+function requestToMarkdown(req) {
+  const lines = [];
+  const methodLabel = req.protocol === "websocket" ? "WS" : req.method;
+  lines.push(`#### ${methodLabel} ${escMd(req.name)}`);
+  lines.push("");
+  if (req.description?.trim()) {
+    lines.push(req.description.trim());
+    lines.push("");
+  }
+  lines.push("**URL**");
+  lines.push("```");
+  lines.push(req.url || "(no url)");
+  lines.push("```");
+  lines.push("");
+  const enabledParams = req.params.filter((p) => p.enabled && p.key);
+  if (enabledParams.length) {
+    lines.push("**Query Parameters**");
+    lines.push("");
+    lines.push("| Key | Value | Description |");
+    lines.push("|-----|-------|-------------|");
+    for (const p of enabledParams) {
+      lines.push(`| ${escMd(p.key)} | ${escMd(p.value)} | ${escMd(p.description ?? "")} |`);
+    }
+    lines.push("");
+  }
+  const enabledHeaders = req.headers.filter((h) => h.enabled && h.key);
+  if (enabledHeaders.length) {
+    lines.push("**Headers**");
+    lines.push("");
+    lines.push("| Key | Value |");
+    lines.push("|-----|-------|");
+    for (const h of enabledHeaders) {
+      lines.push(`| ${escMd(h.key)} | ${escMd(h.value)} |`);
+    }
+    lines.push("");
+  }
+  if (req.auth.type !== "none") {
+    lines.push(`**Auth**: ${req.auth.type}`);
+    lines.push("");
+  }
+  const mode = req.body.mode;
+  if (mode === "json" && req.body.json?.trim()) {
+    lines.push("**Body** (JSON)");
+    lines.push("```json");
+    lines.push(req.body.json.trim());
+    lines.push("```");
+    lines.push("");
+  } else if (mode === "raw" && req.body.raw?.trim()) {
+    const ct = req.body.rawContentType ?? "text";
+    lines.push(`**Body** (${ct})`);
+    lines.push("```");
+    lines.push(req.body.raw.trim());
+    lines.push("```");
+    lines.push("");
+  } else if (mode === "graphql" && req.body.graphql?.query?.trim()) {
+    lines.push("**Body** (GraphQL)");
+    lines.push("```graphql");
+    lines.push(req.body.graphql.query.trim());
+    lines.push("```");
+    lines.push("");
+  } else if (mode === "soap" && req.body.soap?.envelope?.trim()) {
+    lines.push("**Body** (SOAP)");
+    lines.push("```xml");
+    lines.push(req.body.soap.envelope.trim());
+    lines.push("```");
+    lines.push("");
+  }
+  return lines.join("\n");
+}
+function folderToMarkdown(folder, requests, depth) {
+  const lines = [];
+  const heading = "#".repeat(depth);
+  if (folder.name !== "root") {
+    lines.push(`${heading} ${escMd(folder.name)}`);
+    lines.push("");
+    if (folder.description?.trim()) {
+      lines.push(folder.description.trim());
+      lines.push("");
+    }
+  }
+  for (const reqId of folder.requestIds) {
+    const req = requests[reqId];
+    if (req) {
+      lines.push(requestToMarkdown(req));
+    }
+  }
+  for (const sub of folder.folders) {
+    lines.push(folderToMarkdown(sub, requests, depth + 1));
+  }
+  return lines.join("\n");
+}
+function generateMarkdown(payload) {
+  const lines = [];
+  lines.push("# API Documentation");
+  lines.push("");
+  for (const { collection, requests } of payload.collections) {
+    lines.push(`## ${escMd(collection.name)}`);
+    lines.push("");
+    if (collection.description?.trim()) {
+      lines.push(collection.description.trim());
+      lines.push("");
+    }
+    lines.push(folderToMarkdown(collection.rootFolder, requests, 3));
+  }
+  return lines.join("\n");
+}
+function escHtml(s) {
+  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+const METHOD_COLORS = {
+  GET: "#34d399",
+  POST: "#60a5fa",
+  PUT: "#fbbf24",
+  PATCH: "#fb923c",
+  DELETE: "#f87171",
+  HEAD: "#6aa3c8",
+  OPTIONS: "#9ca3af",
+  WS: "#22d3ee"
+};
+function requestToHtml(req) {
+  const methodLabel = req.protocol === "websocket" ? "WS" : req.method;
+  const color = METHOD_COLORS[methodLabel] ?? "#9ca3af";
+  let html = `<div class="request">`;
+  html += `<h4><span class="method" style="color:${color}">${escHtml(methodLabel)}</span> ${escHtml(req.name)}</h4>`;
+  if (req.description?.trim()) {
+    html += `<p class="desc">${escHtml(req.description.trim())}</p>`;
+  }
+  html += `<div class="label">URL</div><pre><code>${escHtml(req.url || "(no url)")}</code></pre>`;
+  const enabledParams = req.params.filter((p) => p.enabled && p.key);
+  if (enabledParams.length) {
+    html += `<div class="label">Query Parameters</div><table><thead><tr><th>Key</th><th>Value</th><th>Description</th></tr></thead><tbody>`;
+    for (const p of enabledParams) {
+      html += `<tr><td>${escHtml(p.key)}</td><td>${escHtml(p.value)}</td><td>${escHtml(p.description ?? "")}</td></tr>`;
+    }
+    html += `</tbody></table>`;
+  }
+  const enabledHeaders = req.headers.filter((h) => h.enabled && h.key);
+  if (enabledHeaders.length) {
+    html += `<div class="label">Headers</div><table><thead><tr><th>Key</th><th>Value</th></tr></thead><tbody>`;
+    for (const h of enabledHeaders) {
+      html += `<tr><td>${escHtml(h.key)}</td><td>${escHtml(h.value)}</td></tr>`;
+    }
+    html += `</tbody></table>`;
+  }
+  if (req.auth.type !== "none") {
+    html += `<div class="label">Auth</div><p class="auth-type">${escHtml(req.auth.type)}</p>`;
+  }
+  const mode = req.body.mode;
+  if (mode === "json" && req.body.json?.trim()) {
+    html += `<div class="label">Body (JSON)</div><pre><code class="lang-json">${escHtml(req.body.json.trim())}</code></pre>`;
+  } else if (mode === "raw" && req.body.raw?.trim()) {
+    html += `<div class="label">Body (${escHtml(req.body.rawContentType ?? "text")})</div><pre><code>${escHtml(req.body.raw.trim())}</code></pre>`;
+  } else if (mode === "graphql" && req.body.graphql?.query?.trim()) {
+    html += `<div class="label">Body (GraphQL)</div><pre><code>${escHtml(req.body.graphql.query.trim())}</code></pre>`;
+  } else if (mode === "soap" && req.body.soap?.envelope?.trim()) {
+    html += `<div class="label">Body (SOAP)</div><pre><code>${escHtml(req.body.soap.envelope.trim())}</code></pre>`;
+  }
+  html += `</div>`;
+  return html;
+}
+function folderToHtml(folder, requests, depth) {
+  let html = "";
+  const tag = `h${Math.min(depth, 6)}`;
+  if (folder.name !== "root") {
+    html += `<${tag} class="folder-heading">${escHtml(folder.name)}</${tag}>`;
+    if (folder.description?.trim()) {
+      html += `<p class="folder-desc">${escHtml(folder.description.trim())}</p>`;
+    }
+  }
+  for (const reqId of folder.requestIds) {
+    const req = requests[reqId];
+    if (req) html += requestToHtml(req);
+  }
+  for (const sub of folder.folders) {
+    html += folderToHtml(sub, requests, depth + 1);
+  }
+  return html;
+}
+function generateHtml(payload) {
+  let body = "";
+  for (const { collection, requests } of payload.collections) {
+    body += `<section class="collection"><h2>${escHtml(collection.name)}</h2>`;
+    if (collection.description?.trim()) {
+      body += `<p class="collection-desc">${escHtml(collection.description.trim())}</p>`;
+    }
+    body += folderToHtml(collection.rootFolder, requests, 3);
+    body += `</section>`;
+  }
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+<title>API Documentation</title>
+<style>
+  *, *::before, *::after { box-sizing: border-box; }
+  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; background: #0f1117; color: #e2e8f0; margin: 0; padding: 2rem; line-height: 1.6; }
+  h1 { font-size: 2rem; color: #f8fafc; border-bottom: 2px solid #1e293b; padding-bottom: .5rem; }
+  h2 { font-size: 1.5rem; color: #f1f5f9; margin-top: 2.5rem; border-bottom: 1px solid #1e293b; padding-bottom: .4rem; }
+  h3 { font-size: 1.2rem; color: #cbd5e1; margin-top: 2rem; }
+  h4 { font-size: 1rem; margin: 0 0 .5rem; display: flex; align-items: center; gap: .5rem; color: #f1f5f9; }
+  .method { font-weight: 700; font-family: monospace; font-size: .85rem; }
+  .collection { margin-bottom: 3rem; }
+  .collection-desc, .folder-desc, .desc { color: #94a3b8; font-size: .9rem; margin: .25rem 0 1rem; }
+  .request { background: #1e2433; border: 1px solid #2d3748; border-radius: 8px; padding: 1rem 1.25rem; margin: 1rem 0; }
+  .label { font-size: .7rem; font-weight: 700; letter-spacing: .07em; text-transform: uppercase; color: #64748b; margin: .75rem 0 .3rem; }
+  pre { background: #131924; border: 1px solid #2d3748; border-radius: 6px; padding: .75rem 1rem; overflow-x: auto; margin: 0; }
+  code { font-family: 'JetBrains Mono', 'Fira Mono', monospace; font-size: .8rem; color: #a5f3fc; }
+  table { border-collapse: collapse; width: 100%; font-size: .85rem; margin: .25rem 0; }
+  th { background: #131924; color: #64748b; font-weight: 600; text-align: left; padding: .4rem .6rem; border: 1px solid #2d3748; }
+  td { padding: .35rem .6rem; border: 1px solid #2d3748; color: #cbd5e1; font-family: monospace; font-size: .8rem; }
+  .auth-type { background: #1e2433; border: 1px solid #2d3748; border-radius: 4px; display: inline-block; padding: .2rem .6rem; font-size: .8rem; color: #a5f3fc; margin: 0; }
+  .folder-heading { color: #94a3b8; font-size: 1.05rem; }
+</style>
+</head>
+<body>
+<h1>API Documentation</h1>
+${body}
+</body>
+</html>`;
+}
+function registerDocsHandlers(ipc) {
+  ipc.handle("docs:generate", async (_event, payload) => {
+    if (payload.format === "html") {
+      return generateHtml(payload);
+    }
+    return generateMarkdown(payload);
+  });
+}
+const ajv$1 = new Ajv({ allErrors: true, strict: false });
+function validateConsumerResponse(contract, actualStatus, actualHeaders, bodyText) {
+  const violations = [];
+  if (contract.statusCode !== void 0 && actualStatus !== contract.statusCode) {
+    violations.push({
+      type: "status_mismatch",
+      message: `Expected status ${contract.statusCode}, got ${actualStatus}`,
+      expected: String(contract.statusCode),
+      actual: String(actualStatus)
+    });
+  }
+  for (const expected of contract.headers ?? []) {
+    if (!expected.required) continue;
+    const actual = actualHeaders[expected.key.toLowerCase()];
+    if (actual === void 0) {
+      violations.push({
+        type: "missing_header",
+        message: `Required header "${expected.key}" is absent`,
+        expected: expected.value || "(any)",
+        actual: "(absent)"
+      });
+    } else if (expected.value && actual.split(";")[0].trim().toLowerCase() !== expected.value.split(";")[0].trim().toLowerCase()) {
+      violations.push({
+        type: "missing_header",
+        message: `Header "${expected.key}" has unexpected value`,
+        expected: expected.value,
+        actual
+      });
+    }
+  }
+  if (contract.bodySchema?.trim()) {
+    let schema;
+    try {
+      schema = JSON.parse(contract.bodySchema);
+    } catch {
+      violations.push({
+        type: "schema_violation",
+        message: "Contract bodySchema is not valid JSON"
+      });
+      return violations;
+    }
+    let data;
+    try {
+      data = JSON.parse(bodyText);
+    } catch {
+      violations.push({
+        type: "schema_violation",
+        message: "Response body is not valid JSON — cannot validate against schema"
+      });
+      return violations;
+    }
+    try {
+      const validate = ajv$1.compile(schema);
+      if (!validate(data)) {
+        for (const err of validate.errors ?? []) {
+          violations.push({
+            type: "schema_violation",
+            message: err.message ?? "Schema violation",
+            path: err.instancePath || "/"
+          });
+        }
+      }
+    } catch (e) {
+      violations.push({
+        type: "schema_violation",
+        message: `Schema compile error: ${e instanceof Error ? e.message : String(e)}`
+      });
+    }
+  }
+  return violations;
+}
+async function executeContract(req, vars) {
+  const url = scriptRunner.buildUrl(req.url, req.params, vars);
+  const start = Date.now();
+  try {
+    const headers = new undici.Headers();
+    for (const h of req.headers) {
+      if (h.enabled && h.key) headers.set(scriptRunner.interpolate(h.key, vars), scriptRunner.interpolate(h.value, vars));
+    }
+    const authHeaders = await buildAuthHeaders(req.auth, vars);
+    for (const [k, v] of Object.entries(authHeaders)) headers.set(k, v);
+    let body;
+    if (req.body.mode === "json" && req.body.json) {
+      body = scriptRunner.interpolate(req.body.json, vars);
+      if (!headers.has("content-type")) headers.set("Content-Type", "application/json");
+    } else if (req.body.mode === "raw" && req.body.raw) {
+      body = scriptRunner.interpolate(req.body.raw, vars);
+    }
+    const resp = await undici.fetch(url, {
+      method: req.method,
+      headers,
+      body: !["GET", "HEAD"].includes(req.method) ? body : void 0
+    });
+    const bodyText = await resp.text();
+    const rawHeaders = {};
+    resp.headers.forEach((v, k) => {
+      rawHeaders[k] = v;
+    });
+    const violations = validateConsumerResponse(req.contract, resp.status, rawHeaders, bodyText);
+    return {
+      requestId: req.id,
+      requestName: req.name,
+      method: req.method,
+      url,
+      passed: violations.length === 0,
+      violations,
+      durationMs: Date.now() - start,
+      actualStatus: resp.status
+    };
+  } catch (err) {
+    return {
+      requestId: req.id,
+      requestName: req.name,
+      method: req.method,
+      url,
+      passed: false,
+      violations: [{
+        type: "status_mismatch",
+        message: `Request failed: ${err instanceof Error ? err.message : String(err)}`
+      }],
+      durationMs: Date.now() - start
+    };
+  }
+}
+async function runConsumerContracts(requests, envVars, collectionVars = {}) {
+  const vars = { ...envVars, ...collectionVars };
+  const contractRequests = requests.filter(
+    (r) => r.contract && (r.contract.statusCode !== void 0 || r.contract.bodySchema || r.contract.headers?.length)
+  );
+  const start = Date.now();
+  const results = await Promise.all(contractRequests.map((r) => executeContract(r, vars)));
+  const passed = results.filter((r) => r.passed).length;
+  return {
+    mode: "consumer",
+    total: results.length,
+    passed,
+    failed: results.length - passed,
+    results,
+    durationMs: Date.now() - start
+  };
+}
+const ajv = new Ajv({ allErrors: true, strict: false });
+async function loadSpec(specUrl, specPath) {
+  if (specUrl) {
+    const resp = await undici.fetch(specUrl);
+    if (!resp.ok) throw new Error(`HTTP ${resp.status} loading spec from ${specUrl}`);
+    const text = await resp.text();
+    const ct = resp.headers.get("content-type") ?? "";
+    return ct.includes("yaml") || specUrl.endsWith(".yaml") || specUrl.endsWith(".yml") ? jsYaml.load(text) : JSON.parse(text);
+  }
+  if (specPath) {
+    const raw = await promises.readFile(specPath, "utf8");
+    return specPath.endsWith(".yaml") || specPath.endsWith(".yml") ? jsYaml.load(raw) : JSON.parse(raw);
+  }
+  throw new Error("Either specUrl or specPath must be provided");
+}
+function resolveRef(spec, ref) {
+  const parts = ref.replace(/^#\//, "").split("/");
+  return parts.reduce((obj, key) => obj?.[key], spec);
+}
+function resolveSchema(spec, obj, seen = /* @__PURE__ */ new Set()) {
+  if (!obj || typeof obj !== "object") return obj;
+  if (seen.has(obj)) return {};
+  if (Array.isArray(obj)) {
+    seen.add(obj);
+    return obj.map((i) => resolveSchema(spec, i, seen));
+  }
+  const o = obj;
+  if ("$ref" in o) {
+    const target = resolveRef(spec, o["$ref"]);
+    return resolveSchema(spec, target, seen);
+  }
+  seen.add(obj);
+  return Object.fromEntries(Object.entries(o).map(([k, v]) => [k, resolveSchema(spec, v, seen)]));
+}
+function getServerBases(spec) {
+  const servers = spec["servers"] ?? [];
+  if (!servers.length) return [""];
+  return servers.map((s) => {
+    const raw = s.url ?? "";
+    try {
+      return new URL(raw).pathname.replace(/\/$/, "");
+    } catch {
+      return raw.replace(/\/$/, "");
+    }
+  });
+}
+function urlPathname(raw, baseUrl) {
+  try {
+    const pathname = new URL(raw).pathname;
+    if (baseUrl) {
+      try {
+        const basePath = new URL(baseUrl).pathname.replace(/\/$/, "");
+        if (basePath && pathname.startsWith(basePath)) return pathname.slice(basePath.length) || "/";
+      } catch {
+      }
+    }
+    return pathname;
+  } catch {
+    return raw.split("?")[0];
+  }
+}
+function pathTemplateToRegex(base, template) {
+  const combined = (base + template).replace(/\/+/g, "/");
+  const pattern = combined.replace(/\{[^}]+\}/g, "[^/]+");
+  return new RegExp("^" + pattern + "/?$");
+}
+function findOperation(spec, method, reqUrl, requestBaseUrl) {
+  const bases = getServerBases(spec);
+  const pathname = urlPathname(reqUrl, requestBaseUrl);
+  const paths = spec["paths"] ?? {};
+  for (const [template, pathItem] of Object.entries(paths)) {
+    const resolved = resolveSchema(spec, pathItem);
+    for (const base of bases) {
+      if (pathTemplateToRegex(base, template).test(pathname)) {
+        const op = resolved[method.toLowerCase()];
+        return op ? { pathTemplate: template, operation: op } : null;
+      }
+    }
+  }
+  return null;
+}
+function validateRequestAgainstSpec(spec, req, envVars, requestBaseUrl) {
+  const violations = [];
+  const vars = envVars;
+  const url = req.url.replace(/\{\{([^}]+)\}\}/g, (_, k) => vars[k] ?? `{{${k}}}`);
+  const match = findOperation(spec, req.method, url, requestBaseUrl);
+  if (!match) {
+    violations.push({
+      type: "unknown_path",
+      message: `No operation found in spec for ${req.method} ${url}`
+    });
+    return violations;
+  }
+  const { operation } = match;
+  if (req.body.mode === "json" && req.body.json?.trim()) {
+    const requestBody = resolveSchema(spec, operation["requestBody"]);
+    const content = requestBody?.["content"] ?? {};
+    const jsonContent = content["application/json"];
+    if (jsonContent?.["schema"]) {
+      try {
+        const data = JSON.parse(scriptRunner.interpolate(req.body.json, vars));
+        const schema = resolveSchema(spec, jsonContent["schema"]);
+        const validate = ajv.compile(schema);
+        if (!validate(data)) {
+          for (const err of validate.errors ?? []) {
+            violations.push({
+              type: "request_body_invalid",
+              message: err.message ?? "Request body schema violation",
+              path: err.instancePath || "/"
+            });
+          }
+        }
+      } catch (e) {
+        violations.push({
+          type: "request_body_invalid",
+          message: `Could not validate request body: ${e instanceof Error ? e.message : String(e)}`
+        });
+      }
+    }
+  }
+  const parameters = resolveSchema(spec, operation["parameters"] ?? []);
+  for (const param of parameters) {
+    const p = param;
+    if (p["in"] === "query" && p["required"] === true) {
+      const name = p["name"];
+      if (!req.params.some((kv) => kv.enabled && kv.key === name)) {
+        violations.push({
+          type: "request_body_invalid",
+          message: `Required query parameter "${name}" is missing`,
+          path: `query.${name}`
+        });
+      }
+    }
+  }
+  return violations;
+}
+async function runProviderVerification(requests, envVars, specUrl, specPath, requestBaseUrl) {
+  const spec = await loadSpec(specUrl, specPath);
+  const start = Date.now();
+  const results = requests.map((req) => {
+    const violations = validateRequestAgainstSpec(spec, req, envVars, requestBaseUrl);
+    const url = req.url.replace(/\{\{([^}]+)\}\}/g, (_, k) => envVars[k] ?? `{{${k}}}`);
+    return {
+      requestId: req.id,
+      requestName: req.name,
+      method: req.method,
+      url,
+      passed: violations.length === 0,
+      violations
+    };
+  });
+  const passed = results.filter((r) => r.passed).length;
+  return {
+    mode: "provider",
+    total: results.length,
+    passed,
+    failed: results.length - passed,
+    results,
+    durationMs: Date.now() - start
+  };
+}
+function checkSchemaCompatibility(consumerSchema, providerSchema, path2 = "") {
+  const violations = [];
+  if (!consumerSchema || !providerSchema) return violations;
+  const cType = consumerSchema["type"];
+  const pType = providerSchema["type"];
+  if (cType && pType && cType !== pType) {
+    const ok = cType === "integer" && pType === "number" || cType === "number" && pType === "integer";
+    if (!ok) {
+      violations.push({
+        type: "schema_incompatible",
+        message: `Type mismatch${path2 ? ` at "${path2}"` : ""}: consumer expects "${cType}", provider offers "${pType}"`,
+        path: path2 || "/",
+        expected: cType,
+        actual: pType
+      });
+      return violations;
+    }
+  }
+  if (cType === "array" || Array.isArray(consumerSchema["items"])) {
+    const cItems = consumerSchema["items"];
+    const pItems = providerSchema["items"];
+    if (cItems && pItems) {
+      violations.push(...checkSchemaCompatibility(cItems, pItems, path2 ? `${path2}[]` : "[]"));
+    }
+    return violations;
+  }
+  if (cType === "object" || consumerSchema["properties"]) {
+    const cProps = consumerSchema["properties"] ?? {};
+    const pProps = providerSchema["properties"] ?? {};
+    const cRequired = consumerSchema["required"] ?? [];
+    for (const field of cRequired) {
+      const fieldPath = path2 ? `${path2}.${field}` : field;
+      if (!(field in pProps)) {
+        violations.push({
+          type: "schema_incompatible",
+          message: `Consumer requires field "${fieldPath}" which is not defined in provider schema`,
+          path: fieldPath,
+          expected: "(defined)",
+          actual: "(absent)"
+        });
+      }
+    }
+    for (const [field, cPropSchema] of Object.entries(cProps)) {
+      if (field in pProps) {
+        const fieldPath = path2 ? `${path2}.${field}` : field;
+        violations.push(...checkSchemaCompatibility(
+          cPropSchema,
+          pProps[field],
+          fieldPath
+        ));
+      }
+    }
+  }
+  return violations;
+}
+function getProviderResponseSchema(spec, req, envVars, statusCode, requestBaseUrl) {
+  const url = req.url.replace(/\{\{([^}]+)\}\}/g, (_, k) => envVars[k] ?? `{{${k}}}`);
+  const match = findOperation(spec, req.method, url, requestBaseUrl);
+  if (!match) return null;
+  const responses = match.operation["responses"] ?? {};
+  const candidates = [String(statusCode), `${String(statusCode)[0]}xx`, "2XX", "2xx", "default"];
+  for (const candidate of candidates) {
+    const resp = responses[candidate];
+    if (resp) {
+      const resolved = resolveSchema(spec, resp);
+      const content = resolved["content"] ?? {};
+      const json = content["application/json"];
+      if (json?.["schema"]) {
+        return resolveSchema(spec, json["schema"]);
+      }
+    }
+  }
+  return null;
+}
+async function executeRequest(req, vars) {
+  const url = scriptRunner.buildUrl(req.url, req.params, vars);
+  const start = Date.now();
+  try {
+    const headers = new undici.Headers();
+    for (const h of req.headers) {
+      if (h.enabled && h.key) headers.set(scriptRunner.interpolate(h.key, vars), scriptRunner.interpolate(h.value, vars));
+    }
+    const authHeaders = await buildAuthHeaders(req.auth, vars);
+    for (const [k, v] of Object.entries(authHeaders)) headers.set(k, v);
+    let body;
+    if (req.body.mode === "json" && req.body.json) {
+      body = scriptRunner.interpolate(req.body.json, vars);
+      if (!headers.has("content-type")) headers.set("Content-Type", "application/json");
+    }
+    const resp = await undici.fetch(url, {
+      method: req.method,
+      headers,
+      body: !["GET", "HEAD"].includes(req.method) ? body : void 0
+    });
+    const bodyText = await resp.text();
+    const rawHdrs = {};
+    resp.headers.forEach((v, k) => {
+      rawHdrs[k] = v;
+    });
+    return { status: resp.status, headers: rawHdrs, body: bodyText, durationMs: Date.now() - start };
+  } catch (err) {
+    return err instanceof Error ? err : new Error(String(err));
+  }
+}
+async function runBidirectional(requests, envVars, collectionVars = {}, specUrl, specPath, requestBaseUrl) {
+  const spec = await loadSpec(specUrl, specPath);
+  const vars = { ...envVars, ...collectionVars };
+  const start = Date.now();
+  const contractRequests = requests.filter(
+    (r) => r.contract && (r.contract.statusCode !== void 0 || r.contract.bodySchema || r.contract.headers?.length)
+  );
+  const results = await Promise.all(contractRequests.map(async (req) => {
+    const url = scriptRunner.buildUrl(req.url, req.params, vars);
+    const violations = [];
+    const expectedStatus = req.contract.statusCode ?? 200;
+    const consumerSchema = req.contract.bodySchema ? (() => {
+      try {
+        return JSON.parse(req.contract.bodySchema);
+      } catch {
+        return null;
+      }
+    })() : null;
+    if (consumerSchema) {
+      const providerSchema = getProviderResponseSchema(spec, req, vars, expectedStatus, requestBaseUrl);
+      if (!providerSchema) {
+        violations.push({
+          type: "schema_incompatible",
+          message: `No response schema found in spec for ${req.method} ${url} → ${expectedStatus}`
+        });
+      } else {
+        violations.push(...checkSchemaCompatibility(consumerSchema, providerSchema));
+      }
+    }
+    const result = await executeRequest(req, vars);
+    if (result instanceof Error) {
+      violations.push({ type: "status_mismatch", message: `Request failed: ${result.message}` });
+      return { requestId: req.id, requestName: req.name, method: req.method, url, passed: false, violations };
+    }
+    const liveViolations = validateConsumerResponse(
+      req.contract,
+      result.status,
+      result.headers,
+      result.body
+    );
+    violations.push(...liveViolations);
+    return {
+      requestId: req.id,
+      requestName: req.name,
+      method: req.method,
+      url,
+      passed: violations.length === 0,
+      violations,
+      durationMs: result.durationMs,
+      actualStatus: result.status
+    };
+  }));
+  const passed = results.filter((r) => r.passed).length;
+  return {
+    mode: "bidirectional",
+    total: results.length,
+    passed,
+    failed: results.length - passed,
+    results,
+    durationMs: Date.now() - start
+  };
+}
+function inferSchema(data) {
+  if (data === null || data === void 0) return { type: "null" };
+  if (typeof data === "boolean") return { type: "boolean" };
+  if (typeof data === "number") {
+    return Number.isInteger(data) ? { type: "integer" } : { type: "number" };
+  }
+  if (typeof data === "string") return { type: "string" };
+  if (Array.isArray(data)) {
+    if (data.length === 0) return { type: "array", items: {} };
+    return { type: "array", items: inferSchema(data[0]) };
+  }
+  if (typeof data === "object") {
+    const obj = data;
+    const properties = {};
+    const required = [];
+    for (const [key, value] of Object.entries(obj)) {
+      properties[key] = inferSchema(value);
+      if (value !== null && value !== void 0) required.push(key);
+    }
+    const schema = { type: "object", properties };
+    if (required.length > 0) schema["required"] = required;
+    return schema;
+  }
+  return {};
+}
+function inferSchemaFromJson(json) {
+  try {
+    return inferSchema(JSON.parse(json));
+  } catch {
+    return null;
+  }
+}
+function registerContractHandlers(ipc) {
+  ipc.handle("contract:run", async (_e, payload) => {
+    const { mode, requests, envVars, collectionVars = {}, specUrl, specPath, requestBaseUrl } = payload;
+    switch (mode) {
+      case "consumer":
+        return runConsumerContracts(requests, envVars, collectionVars);
+      case "provider":
+        return runProviderVerification(requests, envVars, specUrl, specPath, requestBaseUrl);
+      case "bidirectional":
+        return runBidirectional(requests, envVars, collectionVars, specUrl, specPath, requestBaseUrl);
+    }
+  });
+  ipc.handle("contract:inferSchema", (_e, jsonBody) => {
+    const schema = inferSchemaFromJson(jsonBody);
+    return schema ? JSON.stringify(schema, null, 2) : null;
+  });
+}
+function createSplashWindow() {
+  const splash = new electron.BrowserWindow({
+    width: 420,
+    height: 280,
+    frame: false,
+    resizable: false,
+    movable: true,
+    center: true,
+    skipTaskbar: true,
+    alwaysOnTop: true,
+    backgroundColor: "#1e1b2e",
+    webPreferences: { contextIsolation: true }
+  });
+  const splashPath = electron.app.isPackaged ? path.join(process.resourcesPath, "splash.html") : path.join(electron.app.getAppPath(), "resources/splash.html");
+  splash.loadFile(splashPath);
+  return splash;
+}
+function loadAppIcon() {
+  const pngCandidates = [
+    path.join(electron.app.getAppPath(), "build/icon.png"),
+    path.join(electron.app.getAppPath(), "resources/icon.png"),
+    path.join(__dirname, "../../build/icon.png")
+  ];
+  for (const p of pngCandidates) {
+    if (fs.existsSync(p)) return electron.nativeImage.createFromPath(p);
+  }
+  const svgCandidates = [
+    path.join(electron.app.getAppPath(), "resources/icon.svg"),
+    path.join(__dirname, "../../resources/icon.svg")
+  ];
+  for (const p of svgCandidates) {
+    if (fs.existsSync(p)) {
+      const dataUrl = "data:image/svg+xml;base64," + fs.readFileSync(p).toString("base64");
+      return electron.nativeImage.createFromDataURL(dataUrl);
+    }
+  }
+  return void 0;
+}
+function createWindow() {
+  const splash = createSplashWindow();
+  const appIcon = loadAppIcon();
+  if (appIcon && process.platform === "darwin" && electron.app.dock) {
+    electron.app.dock.setIcon(appIcon);
+  }
+  const win = new electron.BrowserWindow({
+    width: 1440,
+    height: 900,
+    minWidth: 900,
+    minHeight: 600,
+    titleBarStyle: "hiddenInset",
+    backgroundColor: "#1e1b2e",
+    icon: appIcon,
+    show: false,
+    webPreferences: {
+      preload: path.join(__dirname, "../preload/index.js"),
+      contextIsolation: true,
+      nodeIntegration: false,
+      sandbox: false
+    }
+  });
+  if (process.env["ELECTRON_RENDERER_URL"]) {
+    win.loadURL(process.env["ELECTRON_RENDERER_URL"]);
+  } else {
+    win.loadFile(path.join(__dirname, "../renderer/index.html"));
+  }
+  win.webContents.once("did-finish-load", () => {
+    setTimeout(() => {
+      splash.close();
+      win.show();
+    }, 1200);
+  });
+  win.webContents.on("before-input-event", (_e, input) => {
+    if (input.type !== "keyDown") return;
+    const devToolsShortcut = input.key === "F12" || input.key === "I" && input.shift && (input.meta || input.control);
+    if (devToolsShortcut) win.webContents.toggleDevTools();
+  });
+}
+electron.app.whenReady().then(() => {
+  registerFileHandlers(electron.ipcMain);
+  registerRequestHandler(electron.ipcMain);
+  scriptRunner.registerSecretHandlers(electron.ipcMain);
+  registerImportHandlers(electron.ipcMain);
+  registerGenerateHandlers(electron.ipcMain);
+  registerRunnerHandler(electron.ipcMain);
+  registerMockHandlers(electron.ipcMain);
+  registerOAuth2Handlers(electron.ipcMain);
+  registerWsHandlers(electron.ipcMain);
+  registerSoapHandlers(electron.ipcMain);
+  registerDocsHandlers(electron.ipcMain);
+  registerContractHandlers(electron.ipcMain);
+  createWindow();
+  electron.app.on("activate", () => {
+    if (electron.BrowserWindow.getAllWindows().length === 0) createWindow();
+  });
+});
+electron.app.on("window-all-closed", () => {
+  if (process.platform !== "darwin") electron.app.quit();
+});
+electron.app.on("before-quit", async () => {
+  closeAllWsConnections();
+  await mockServer.stopAll();
+});