@testsmith/api-spector 0.0.7 → 0.0.9

package/out/main/chunks/request-handler-9MdHOWVf.js

@@ -0,0 +1,1041 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+const undici = require("undici");
+const promises = require("fs/promises");
+const crypto = require("crypto");
+const path = require("path");
+const dayjs = require("dayjs");
+const vm = require("vm");
+const tv4 = require("tv4");
+const jsonpathPlus = require("jsonpath-plus");
+const xmldom = require("@xmldom/xmldom");
+function _interopNamespaceDefault(e) {
+  const n = Object.create(null, { [Symbol.toStringTag]: { value: "Module" } });
+  if (e) {
+    for (const k in e) {
+      if (k !== "default") {
+        const d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: () => e[k]
+        });
+      }
+    }
+  }
+  n.default = e;
+  return Object.freeze(n);
+}
+const vm__namespace = /* @__PURE__ */ _interopNamespaceDefault(vm);
+let globals = {};
+let currentDir = null;
+function globalsPath(dir) {
+  return path.join(dir, "globals.json");
+}
+async function loadGlobals(workspaceDir) {
+  currentDir = workspaceDir;
+  try {
+    const raw = await promises.readFile(globalsPath(workspaceDir), "utf8");
+    globals = JSON.parse(raw);
+  } catch {
+    globals = {};
+  }
+  return { ...globals };
+}
+async function persistGlobals() {
+  if (!currentDir) return;
+  await promises.writeFile(globalsPath(currentDir), JSON.stringify(globals, null, 2), "utf8");
+}
+function getGlobals() {
+  return { ...globals };
+}
+function setGlobals(next) {
+  globals = { ...next };
+}
+function patchGlobals(patch) {
+  globals = { ...globals, ...patch };
+}
+const MASTER_KEY_ENV = "API_SPECTOR_MASTER_KEY";
+let secretStore = {};
+let secretStorePath = null;
+async function initSecretStore(userDataPath) {
+  secretStorePath = path.join(userDataPath, "secrets.json");
+  try {
+    const raw = await promises.readFile(secretStorePath, "utf8");
+    secretStore = JSON.parse(raw);
+  } catch {
+    secretStore = {};
+  }
+}
+async function persistSecretStore() {
+  if (!secretStorePath) return;
+  await promises.writeFile(secretStorePath, JSON.stringify(secretStore, null, 2), "utf8");
+}
+function getSafeStorage() {
+  try {
+    const { safeStorage } = require("electron");
+    if (typeof safeStorage?.isEncryptionAvailable === "function") return safeStorage;
+    return null;
+  } catch {
+    return null;
+  }
+}
+function registerSecretHandlers(ipc) {
+  ipc.handle("secret:checkMasterKey", () => {
+    return { set: Boolean(process.env[MASTER_KEY_ENV]) };
+  });
+  ipc.handle("secret:setMasterKey", (_e, value) => {
+    process.env[MASTER_KEY_ENV] = value;
+  });
+  ipc.handle("secret:set", async (_e, ref, value) => {
+    const ss = getSafeStorage();
+    if (!ss || !ss.isEncryptionAvailable()) {
+      throw new Error("OS encryption is not available — set the secret via environment variable instead");
+    }
+    secretStore[ref] = ss.encryptString(value).toString("base64");
+    await persistSecretStore();
+  });
+}
+function decryptSecret(encrypted, salt, iv, password) {
+  const saltBuf = Buffer.from(salt, "base64");
+  const ivBuf = Buffer.from(iv, "base64");
+  const encBuf = Buffer.from(encrypted, "base64");
+  const key = crypto.pbkdf2Sync(password, saltBuf, 1e5, 32, "sha256");
+  const authTag = encBuf.subarray(encBuf.length - 16);
+  const ciphertext = encBuf.subarray(0, encBuf.length - 16);
+  const decipher = crypto.createDecipheriv("aes-256-gcm", key, ivBuf);
+  decipher.setAuthTag(authTag);
+  return Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf8");
+}
+async function getSecret(ref) {
+  const stored = secretStore[ref];
+  if (stored) {
+    const ss = getSafeStorage();
+    if (ss && ss.isEncryptionAvailable()) {
+      try {
+        return ss.decryptString(Buffer.from(stored, "base64"));
+      } catch {
+      }
+    }
+  }
+  return process.env[ref] ?? null;
+}
+let _fakerCache$1 = null;
+async function getFaker$1() {
+  if (!_fakerCache$1) _fakerCache$1 = await import("@faker-js/faker");
+  return _fakerCache$1.faker;
+}
+let _exprContext = null;
+async function buildDynamicVars() {
+  const faker = await getFaker$1();
+  const now = dayjs();
+  _exprContext = { faker, dayjs };
+  return {
+    $uuid: faker.string.uuid(),
+    $timestamp: String(Date.now()),
+    $isoTimestamp: now.toISOString(),
+    $randomInt: String(faker.number.int({ min: 0, max: 1e3 })),
+    $randomFloat: String(faker.number.float({ min: 0, max: 1e3, fractionDigits: 2 })),
+    $randomBoolean: String(faker.datatype.boolean()),
+    $randomEmail: faker.internet.email(),
+    $randomUsername: faker.internet.username(),
+    $randomPassword: faker.internet.password(),
+    $randomFullName: faker.person.fullName(),
+    $randomFirstName: faker.person.firstName(),
+    $randomLastName: faker.person.lastName(),
+    $randomWord: faker.lorem.word(),
+    $randomPhrase: faker.lorem.sentence(),
+    $randomUrl: faker.internet.url(),
+    $randomIp: faker.internet.ip(),
+    $randomHexColor: faker.color.rgb({ format: "hex", casing: "lower" })
+  };
+}
+function interpolate(str, vars) {
+  return str.replace(/\{\{([^}]+)\}\}/g, (match, key) => {
+    const trimmed = key.trim();
+    if (trimmed in vars) return vars[trimmed];
+    if (_exprContext && (trimmed.includes(".") || trimmed.includes("("))) {
+      try {
+        const result = vm__namespace.runInNewContext(trimmed, _exprContext);
+        if (result !== void 0 && result !== null) return String(result);
+      } catch {
+      }
+    }
+    return match;
+  });
+}
+function buildUrl(baseUrl, params, vars) {
+  const url = interpolate(baseUrl, vars);
+  const enabled = params.filter((p) => p.enabled && p.key);
+  if (!enabled.length) return url;
+  const sep = url.includes("?") ? "&" : "?";
+  const qs = enabled.map((p) => `${encodeURIComponent(interpolate(p.key, vars))}=${encodeURIComponent(interpolate(p.value, vars))}`).join("&");
+  return url + sep + qs;
+}
+async function buildEnvVars(environment) {
+  const vars = {};
+  if (!environment) return vars;
+  const masterKey = process.env["API_SPECTOR_MASTER_KEY"];
+  for (const v of environment.variables) {
+    if (!v.enabled) continue;
+    if (v.envRef) {
+      const envValue = process.env[v.envRef];
+      if (envValue !== void 0) vars[v.key] = envValue;
+    } else if (v.secret && v.secretEncrypted && v.secretSalt && v.secretIv) {
+      if (masterKey) {
+        try {
+          vars[v.key] = decryptSecret(v.secretEncrypted, v.secretSalt, v.secretIv, masterKey);
+        } catch {
+        }
+      }
+    } else {
+      vars[v.key] = v.value;
+    }
+  }
+  return vars;
+}
+function mergeVars(envVars, collectionVars, globals2, localVars = {}, dynamicVars = {}) {
+  return { ...dynamicVars, ...globals2, ...collectionVars, ...envVars, ...localVars };
+}
+function xmlFindAll(node, tag, nth) {
+  const results = [];
+  const siblings = Array.from(node.childNodes).filter((c) => c.nodeType === 1 && c.tagName === tag);
+  if (siblings[nth]) results.push(siblings[nth]);
+  for (const child of Array.from(node.childNodes)) {
+    if (child.nodeType === 1) results.push(...xmlFindAll(child, tag, nth));
+  }
+  return results;
+}
+function xmlQuerySelector(root, selector) {
+  const parts = selector.trim().split(/\s*>\s*/);
+  const m0 = parts[0].match(/^([A-Za-z0-9_:.-]+?)(?::nth-of-type\((\d+)\))?$/);
+  if (!m0) return null;
+  let candidates = xmlFindAll(root, m0[1], m0[2] ? parseInt(m0[2]) - 1 : 0);
+  for (let i = 1; i < parts.length; i++) {
+    const m = parts[i].match(/^([A-Za-z0-9_:.-]+?)(?::nth-of-type\((\d+)\))?$/);
+    if (!m) return null;
+    const tag = m[1];
+    const idx = m[2] ? parseInt(m[2]) - 1 : 0;
+    const next = [];
+    for (const node of candidates) {
+      const children = Array.from(node.childNodes).filter((c) => c.nodeType === 1 && c.tagName === tag);
+      if (children[idx]) next.push(children[idx]);
+    }
+    candidates = next;
+  }
+  return candidates[0] ?? null;
+}
+function makeSandboxDOMParser() {
+  return {
+    parseFromString(str, mime) {
+      const doc = new xmldom.DOMParser().parseFromString(str, mime);
+      doc.querySelector = (sel) => xmlQuerySelector(doc, sel);
+      return doc;
+    }
+  };
+}
+let _fakerCache = null;
+async function getFaker() {
+  if (!_fakerCache) _fakerCache = await import("@faker-js/faker");
+  return _fakerCache.faker;
+}
+function makeAsserter(value, negated = false) {
+  function doAssert(condition, msg) {
+    const passed = negated ? !condition : condition;
+    if (!passed) throw new AssertionError(msg);
+  }
+  const asserter = {};
+  const chainer = { get: () => asserter };
+  for (const key of ["to", "be", "been", "have", "that", "and", "is", "deep"]) {
+    Object.defineProperty(asserter, key, chainer);
+  }
+  Object.defineProperty(asserter, "not", { get: () => makeAsserter(value, !negated) });
+  Object.defineProperty(asserter, "ok", { get: () => {
+    doAssert(Boolean(value), `Expected ${JSON.stringify(value)} to be truthy`);
+    return asserter;
+  } });
+  Object.defineProperty(asserter, "true", { get: () => {
+    doAssert(value === true, `Expected ${JSON.stringify(value)} to be true`);
+    return asserter;
+  } });
+  Object.defineProperty(asserter, "false", { get: () => {
+    doAssert(value === false, `Expected ${JSON.stringify(value)} to be false`);
+    return asserter;
+  } });
+  Object.defineProperty(asserter, "null", { get: () => {
+    doAssert(value === null, `Expected ${JSON.stringify(value)} to be null`);
+    return asserter;
+  } });
+  Object.defineProperty(asserter, "undefined", { get: () => {
+    doAssert(value === void 0, `Expected value to be undefined`);
+    return asserter;
+  } });
+  asserter.equal = (expected) => {
+    doAssert(
+      value === expected,
+      `Expected ${JSON.stringify(value)} to ${negated ? "not " : ""}equal ${JSON.stringify(expected)}`
+    );
+    return asserter;
+  };
+  asserter.eq = asserter.equal;
+  asserter.eql = (expected) => {
+    doAssert(
+      JSON.stringify(value) === JSON.stringify(expected),
+      `Expected deep equal: ${JSON.stringify(value)} ${negated ? "!=" : "=="} ${JSON.stringify(expected)}`
+    );
+    return asserter;
+  };
+  asserter.include = (substr) => {
+    if (typeof value === "string") {
+      doAssert(
+        value.includes(String(substr)),
+        `Expected "${value}" to ${negated ? "not " : ""}include "${substr}"`
+      );
+    } else if (Array.isArray(value)) {
+      doAssert(
+        value.includes(substr),
+        `Expected array to ${negated ? "not " : ""}include ${JSON.stringify(substr)}`
+      );
+    }
+    return asserter;
+  };
+  asserter.contain = asserter.include;
+  asserter.property = (name, expected) => {
+    doAssert(
+      value != null && name in Object(value),
+      `Expected object to ${negated ? "not " : ""}have property "${name}"`
+    );
+    if (expected !== void 0) {
+      doAssert(
+        value[name] === expected,
+        `Expected property "${name}" to equal ${JSON.stringify(expected)}`
+      );
+    }
+    return asserter;
+  };
+  asserter.a = (type) => {
+    const actual = Array.isArray(value) ? "array" : typeof value;
+    doAssert(
+      actual === type,
+      `Expected ${JSON.stringify(value)} to ${negated ? "not " : ""}be a ${type}`
+    );
+    return asserter;
+  };
+  asserter.above = (n) => {
+    doAssert(value > n, `Expected ${value} to ${negated ? "not " : ""}be above ${n}`);
+    return asserter;
+  };
+  asserter.below = (n) => {
+    doAssert(value < n, `Expected ${value} to ${negated ? "not " : ""}be below ${n}`);
+    return asserter;
+  };
+  asserter.least = (n) => {
+    doAssert(value >= n, `Expected ${value} to ${negated ? "not " : ""}be at least ${n}`);
+    return asserter;
+  };
+  asserter.most = (n) => {
+    doAssert(value <= n, `Expected ${value} to ${negated ? "not " : ""}be at most ${n}`);
+    return asserter;
+  };
+  asserter.gt = asserter.above;
+  asserter.gte = asserter.least;
+  asserter.lt = asserter.below;
+  asserter.lte = asserter.most;
+  asserter.oneOf = (list) => {
+    doAssert(
+      list.includes(value),
+      `Expected ${JSON.stringify(value)} to ${negated ? "not " : ""}be one of ${JSON.stringify(list)}`
+    );
+    return asserter;
+  };
+  asserter.lengthOf = (n) => {
+    const len = value.length;
+    doAssert(
+      len === n,
+      `Expected length ${len} to ${negated ? "not " : ""}equal ${n}`
+    );
+    return asserter;
+  };
+  asserter.match = (re) => {
+    doAssert(
+      re.test(String(value)),
+      `Expected "${value}" to ${negated ? "not " : ""}match ${re}`
+    );
+    return asserter;
+  };
+  return asserter;
+}
+class AssertionError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "AssertionError";
+  }
+}
+function buildAt(ctx, testResults, consoleOutput) {
+  const { envVars, collectionVars, globals: globals2, localVars } = ctx;
+  function makeVarScope(store, scopeName) {
+    return {
+      get: (key) => store[key] ?? null,
+      set: (key, value) => {
+        store[key] = String(value);
+        consoleOutput.push(`[set] ${scopeName}.${key} = ${JSON.stringify(String(value))}`);
+      },
+      clear: (key) => {
+        delete store[key];
+        consoleOutput.push(`[set] ${scopeName}.${key} cleared`);
+      },
+      has: (key) => key in store,
+      toObject: () => ({ ...store })
+    };
+  }
+  const sp = {
+    // Variable scopes
+    variables: makeVarScope(localVars, "variables"),
+    environment: makeVarScope(envVars, "environment"),
+    collectionVariables: makeVarScope(collectionVars, "collectionVariables"),
+    globals: makeVarScope(globals2, "globals"),
+    // Convenience: get/set across all scopes (local wins)
+    variables_get: (key) => localVars[key] ?? envVars[key] ?? collectionVars[key] ?? globals2[key] ?? null,
+    variables_set: (key, value) => {
+      localVars[key] = String(value);
+    },
+    // Test runner
+    test: (name, fn) => {
+      try {
+        fn();
+        testResults.push({ name, passed: true });
+      } catch (err) {
+        testResults.push({
+          name,
+          passed: false,
+          error: err instanceof Error ? err.message : String(err)
+        });
+      }
+    },
+    // Expect / assertions
+    expect: (value) => makeAsserter(value, false),
+    // JSONPath query: sp.jsonPath(data, '$.store.book[?(@.price < 10)].title')
+    jsonPath: (data, expr) => jsonpathPlus.JSONPath({ path: expr, json: data })
+  };
+  if (ctx.response) {
+    const resp = ctx.response;
+    let parsedJson = void 0;
+    sp.response = {
+      code: resp.status,
+      status: `${resp.status} ${resp.statusText}`,
+      statusText: resp.statusText,
+      responseTime: resp.durationMs,
+      responseSize: resp.bodySize,
+      headers: {
+        get: (name) => resp.headers[name.toLowerCase()] ?? null,
+        toObject: () => resp.headers
+      },
+      json: () => {
+        if (parsedJson === void 0) parsedJson = JSON.parse(resp.body);
+        return parsedJson;
+      },
+      text: () => resp.body,
+      xmlText: (selector) => {
+        const doc = new xmldom.DOMParser().parseFromString(resp.body, "text/xml");
+        const node = xmlQuerySelector(doc, selector);
+        return node ? String(node.textContent ?? "").trim() : null;
+      },
+      to: {
+        have: {
+          status: (code) => {
+            if (resp.status !== code) throw new AssertionError(`Expected status ${resp.status} to be ${code}`);
+          }
+        }
+      }
+    };
+  }
+  return sp;
+}
+async function runScript(code, ctx, timeoutMs = 5e3) {
+  const faker = await getFaker();
+  const testResults = [];
+  const consoleOutput = [];
+  const envVarsCopy = { ...ctx.envVars };
+  const collectionCopy = { ...ctx.collectionVars };
+  const globalsCopy = { ...ctx.globals };
+  const localVarsCopy = { ...ctx.localVars };
+  const scriptCtx = {
+    envVars: envVarsCopy,
+    collectionVars: collectionCopy,
+    globals: globalsCopy,
+    localVars: localVarsCopy,
+    response: ctx.response
+  };
+  const sp = buildAt(scriptCtx, testResults, consoleOutput);
+  const captureConsole = {
+    log: (...args) => consoleOutput.push(args.map(String).join(" ")),
+    warn: (...args) => consoleOutput.push("[warn] " + args.map(String).join(" ")),
+    error: (...args) => consoleOutput.push("[error] " + args.map(String).join(" ")),
+    info: (...args) => consoleOutput.push("[info] " + args.map(String).join(" "))
+  };
+  const sandbox = {
+    sp,
+    DOMParser: makeSandboxDOMParser,
+    dayjs,
+    faker,
+    tv4,
+    console: captureConsole,
+    JSON,
+    Math,
+    Date,
+    parseInt,
+    parseFloat,
+    isNaN,
+    isFinite,
+    encodeURIComponent,
+    decodeURIComponent,
+    btoa: (s) => Buffer.from(s, "binary").toString("base64"),
+    atob: (s) => Buffer.from(s, "base64").toString("binary"),
+    setTimeout: void 0,
+    // not available in sync vm context
+    setInterval: void 0
+  };
+  try {
+    vm__namespace.runInNewContext(code, sandbox, { timeout: timeoutMs, filename: "script.js" });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return {
+      testResults,
+      consoleOutput,
+      updatedEnvVars: envVarsCopy,
+      updatedCollectionVars: collectionCopy,
+      updatedGlobals: globalsCopy,
+      updatedLocalVars: localVarsCopy,
+      error: message
+    };
+  }
+  return {
+    testResults,
+    consoleOutput,
+    updatedEnvVars: envVarsCopy,
+    updatedCollectionVars: collectionCopy,
+    updatedGlobals: globalsCopy,
+    updatedLocalVars: localVarsCopy
+  };
+}
+async function buildAuthHeaders(auth, vars) {
+  const headers = {};
+  if (auth.type === "bearer") {
+    let token = auth.token ?? "";
+    if (!token && auth.tokenSecretRef) token = await getSecret(auth.tokenSecretRef) ?? "";
+    token = interpolate(token, vars);
+    if (token) headers["Authorization"] = `Bearer ${token}`;
+  }
+  if (auth.type === "basic") {
+    let password = auth.password ?? "";
+    if (!password && auth.passwordSecretRef) password = await getSecret(auth.passwordSecretRef) ?? "";
+    password = interpolate(password, vars);
+    const username = interpolate(auth.username ?? "", vars);
+    headers["Authorization"] = `Basic ${Buffer.from(`${username}:${password}`).toString("base64")}`;
+  }
+  if (auth.type === "apikey" && auth.apiKeyIn === "header") {
+    let value = auth.apiKeyValue ?? "";
+    if (!value && auth.apiKeySecretRef) value = await getSecret(auth.apiKeySecretRef) ?? "";
+    value = interpolate(value, vars);
+    headers[auth.apiKeyName ?? "X-API-Key"] = value;
+  }
+  if (auth.type === "oauth2") {
+    const now = Date.now();
+    if (auth.oauth2CachedToken && auth.oauth2TokenExpiry && auth.oauth2TokenExpiry > now + 5e3) {
+      headers["Authorization"] = `Bearer ${auth.oauth2CachedToken}`;
+    }
+  }
+  return headers;
+}
+async function buildApiKeyParam(auth, vars) {
+  if (auth.type !== "apikey" || auth.apiKeyIn !== "query") return null;
+  let value = auth.apiKeyValue ?? "";
+  if (!value && auth.apiKeySecretRef) value = await getSecret(auth.apiKeySecretRef) ?? "";
+  value = interpolate(value, vars);
+  return { key: auth.apiKeyName ?? "apikey", value };
+}
+function parseDigestChallenge(wwwAuth) {
+  const extract = (key) => {
+    const m = new RegExp(`${key}="([^"]*)"`, "i").exec(wwwAuth);
+    return m ? m[1] : "";
+  };
+  const extractUnquoted = (key) => {
+    const m = new RegExp(`${key}=([^,\\s]+)`, "i").exec(wwwAuth);
+    return m ? m[1] : "";
+  };
+  return {
+    realm: extract("realm"),
+    nonce: extract("nonce"),
+    qop: extract("qop") || extractUnquoted("qop") || void 0,
+    algorithm: extract("algorithm") || extractUnquoted("algorithm") || "MD5",
+    opaque: extract("opaque") || void 0
+  };
+}
+function md5(s) {
+  return crypto.createHash("md5").update(s).digest("hex");
+}
+function buildDigestAuthHeader(challenge, username, password, method, uri) {
+  const { realm, nonce, qop, algorithm, opaque } = challenge;
+  const algo = (algorithm ?? "MD5").toUpperCase();
+  const ha1 = algo === "MD5-SESS" ? md5(`${md5(`${username}:${realm}:${password}`)}:${nonce}:`) : md5(`${username}:${realm}:${password}`);
+  const ha2 = md5(`${method}:${uri}`);
+  let response;
+  let nc;
+  let cnonce;
+  if (qop === "auth" || qop === "auth-int") {
+    nc = "00000001";
+    cnonce = crypto.randomBytes(8).toString("hex");
+    response = md5(`${ha1}:${nonce}:${nc}:${cnonce}:${qop}:${ha2}`);
+  } else {
+    response = md5(`${ha1}:${nonce}:${ha2}`);
+  }
+  let header = `Digest username="${username}", realm="${realm}", nonce="${nonce}", uri="${uri}", response="${response}"`;
+  if (qop) header += `, qop=${qop}`;
+  if (nc) header += `, nc=${nc}`;
+  if (cnonce) header += `, cnonce="${cnonce}"`;
+  if (opaque) header += `, opaque="${opaque}"`;
+  if (algo !== "MD5") header += `, algorithm=${algo}`;
+  return header;
+}
+async function performDigestAuth(url, method, auth, vars, fetchFn) {
+  const probeResp = await fetchFn(url, { method, headers: {} });
+  if (probeResp.status !== 401) return null;
+  const wwwAuth = probeResp.headers.get("www-authenticate") ?? "";
+  if (!wwwAuth.toLowerCase().startsWith("digest")) return null;
+  const challenge = parseDigestChallenge(wwwAuth);
+  let password = auth.password ?? "";
+  if (!password && auth.passwordSecretRef) password = await getSecret(auth.passwordSecretRef) ?? "";
+  password = interpolate(password, vars);
+  const username = interpolate(auth.username ?? "", vars);
+  let uri = "/";
+  try {
+    uri = new URL(url).pathname + (new URL(url).search ?? "");
+  } catch {
+  }
+  return buildDigestAuthHeader(challenge, username, password, method, uri);
+}
+async function performNtlmRequest(_url, _method, _auth, _vars) {
+  throw new Error(
+    'NTLM auth is not yet implemented. Add "httpntlm" to package.json dependencies and implement performNtlmRequest in auth-builder.ts.'
+  );
+}
+async function fetchOAuth2Token(auth, vars) {
+  const flow = auth.oauth2Flow ?? "client_credentials";
+  if (flow === "authorization_code") {
+    throw new Error("authorization_code flow requires the oauth2:startFlow IPC call from the renderer.");
+  }
+  if (flow === "implicit") {
+    throw new Error("implicit flow cannot be performed server-side — tokens must be obtained via the browser redirect.");
+  }
+  const tokenUrl = interpolate(auth.oauth2TokenUrl ?? "", vars);
+  if (!tokenUrl) throw new Error("OAuth 2.0: tokenUrl is required.");
+  const clientId = interpolate(auth.oauth2ClientId ?? "", vars);
+  let clientSecret = auth.oauth2ClientSecret ?? "";
+  if (!clientSecret && auth.oauth2ClientSecretRef) {
+    clientSecret = await getSecret(auth.oauth2ClientSecretRef) ?? "";
+  }
+  clientSecret = interpolate(clientSecret, vars);
+  const params = new URLSearchParams();
+  params.set("grant_type", flow === "password" ? "password" : "client_credentials");
+  params.set("client_id", clientId);
+  params.set("client_secret", clientSecret);
+  if (auth.oauth2Scopes) params.set("scope", auth.oauth2Scopes);
+  if (flow === "password") {
+    let password = auth.password ?? "";
+    if (!password && auth.passwordSecretRef) password = await getSecret(auth.passwordSecretRef) ?? "";
+    password = interpolate(password, vars);
+    params.set("username", interpolate(auth.username ?? "", vars));
+    params.set("password", password);
+  }
+  const { fetch: nodeFetch } = await import("undici");
+  const resp = await nodeFetch(tokenUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: params.toString()
+  });
+  if (!resp.ok) {
+    const body = await resp.text();
+    throw new Error(`OAuth 2.0 token request failed (${resp.status}): ${body}`);
+  }
+  const json = await resp.json();
+  const accessToken = String(json["access_token"] ?? "");
+  if (!accessToken) throw new Error("OAuth 2.0: token response missing access_token.");
+  const expiresIn = Number(json["expires_in"] ?? 3600);
+  const expiresAt = Date.now() + expiresIn * 1e3;
+  return {
+    accessToken,
+    expiresAt,
+    refreshToken: json["refresh_token"] ? String(json["refresh_token"]) : void 0
+  };
+}
+function maskPii(data, patterns) {
+  if (!patterns.length) return data;
+  try {
+    const obj = JSON.parse(data);
+    const masked = maskObject(obj, patterns);
+    return JSON.stringify(masked);
+  } catch {
+    return data;
+  }
+}
+function maskObject(obj, patterns) {
+  if (Array.isArray(obj)) return obj.map((item) => maskObject(item, patterns));
+  if (obj && typeof obj === "object") {
+    const result = {};
+    for (const [k, v] of Object.entries(obj)) {
+      if (patterns.some((p) => k.toLowerCase().includes(p.toLowerCase()))) {
+        result[k] = "[REDACTED]";
+      } else {
+        result[k] = maskObject(v, patterns);
+      }
+    }
+    return result;
+  }
+  return obj;
+}
+function maskHeaders(headers, patterns) {
+  if (!patterns.length) return headers;
+  const alwaysMask = ["authorization", "cookie", "set-cookie"];
+  const result = {};
+  for (const [k, v] of Object.entries(headers)) {
+    const lower = k.toLowerCase();
+    if (alwaysMask.includes(lower) || patterns.some((p) => lower.includes(p.toLowerCase()))) {
+      result[k] = "[REDACTED]";
+    } else {
+      result[k] = v;
+    }
+  }
+  return result;
+}
+async function buildDispatcher(proxy, tls) {
+  const connectOpts = {};
+  let hasTls = false;
+  if (tls) {
+    hasTls = true;
+    if (tls.rejectUnauthorized !== void 0) {
+      connectOpts["rejectUnauthorized"] = tls.rejectUnauthorized;
+    }
+    if (tls.caCertPath) {
+      try {
+        connectOpts["ca"] = await promises.readFile(tls.caCertPath);
+      } catch {
+      }
+    }
+    if (tls.clientCertPath) {
+      try {
+        connectOpts["cert"] = await promises.readFile(tls.clientCertPath);
+      } catch {
+      }
+    }
+    if (tls.clientKeyPath) {
+      try {
+        connectOpts["key"] = await promises.readFile(tls.clientKeyPath);
+      } catch {
+      }
+    }
+  }
+  if (proxy?.url) {
+    const proxyUri = proxy.auth ? proxy.url.replace("://", `://${encodeURIComponent(proxy.auth.username)}:${encodeURIComponent(proxy.auth.password)}@`) : proxy.url;
+    return new undici.ProxyAgent({
+      uri: proxyUri,
+      ...hasTls ? { connect: connectOpts } : {}
+    });
+  }
+  if (hasTls) {
+    return new undici.Agent({ connect: connectOpts });
+  }
+  return void 0;
+}
+function registerRequestHandler(ipc) {
+  ipc.handle("request:send", async (_e, payload) => {
+    const {
+      request: req,
+      environment,
+      collectionVars,
+      globals: payloadGlobals,
+      proxy,
+      tls,
+      piiMaskPatterns = []
+    } = payload;
+    const start = Date.now();
+    const liveGlobals = getGlobals();
+    const mergedGlobals = { ...payloadGlobals, ...liveGlobals };
+    const envVars = await buildEnvVars(environment);
+    let localVars = {};
+    const decryptionWarnings = [];
+    if (environment) {
+      const masterKeySet = Boolean(process.env["API_SPECTOR_MASTER_KEY"]);
+      for (const v of environment.variables) {
+        if (!v.enabled || !v.secret || !v.secretEncrypted) continue;
+        if (!masterKeySet) {
+          decryptionWarnings.push(`[warn] Secret "${v.key}" was not decrypted: API_SPECTOR_MASTER_KEY is not set. Use the master password modal or export the variable in your shell.`);
+        } else if (envVars[v.key] === void 0) {
+          decryptionWarnings.push(`[warn] Secret "${v.key}" could not be decrypted: wrong password or corrupted data.`);
+        }
+      }
+    }
+    const dynamicVars = await buildDynamicVars();
+    let vars = mergeVars(envVars, collectionVars, mergedGlobals, localVars, dynamicVars);
+    let preScriptMeta = { consoleOutput: [] };
+    let updatedCollectionVars = { ...collectionVars };
+    let updatedEnvVars = { ...envVars };
+    let updatedGlobals = { ...mergedGlobals };
+    if (req.preRequestScript?.trim()) {
+      const result = await runScript(req.preRequestScript, {
+        envVars: { ...envVars },
+        collectionVars: { ...collectionVars },
+        globals: { ...mergedGlobals },
+        localVars: {}
+      });
+      preScriptMeta = { error: result.error, consoleOutput: result.consoleOutput };
+      localVars = result.updatedLocalVars;
+      updatedEnvVars = result.updatedEnvVars;
+      updatedCollectionVars = result.updatedCollectionVars;
+      updatedGlobals = result.updatedGlobals;
+      patchGlobals(result.updatedGlobals);
+      await persistGlobals();
+      vars = mergeVars(updatedEnvVars, updatedCollectionVars, updatedGlobals, localVars, dynamicVars);
+    }
+    let response;
+    let sentRequest = { method: req.method, url: "", headers: {} };
+    const resolvedUrl = buildUrl(req.url, req.params, vars);
+    const secretValues = /* @__PURE__ */ new Set();
+    if (environment) {
+      for (const v of environment.variables) {
+        if (!v.enabled) continue;
+        if ((v.secret || v.envRef) && envVars[v.key]) {
+          secretValues.add(envVars[v.key]);
+        }
+      }
+    }
+    function redactSecrets(s) {
+      if (!secretValues.size) return s;
+      let result = s;
+      for (const secret of secretValues) {
+        if (secret) result = result.split(secret).join("[*****]");
+      }
+      return result;
+    }
+    function redactSentRequest(sr) {
+      const headers = {};
+      for (const [k, v] of Object.entries(sr.headers)) {
+        headers[k] = redactSecrets(v);
+      }
+      return {
+        method: sr.method,
+        url: redactSecrets(sr.url),
+        headers,
+        body: sr.body !== void 0 ? redactSecrets(sr.body) : void 0
+      };
+    }
+    try {
+      const dispatcher = await buildDispatcher(proxy, tls);
+      if (req.auth.type === "oauth2") {
+        const now = Date.now();
+        const tokenMissing = !req.auth.oauth2CachedToken;
+        const tokenExpired = req.auth.oauth2TokenExpiry ? req.auth.oauth2TokenExpiry <= now + 5e3 : true;
+        if (tokenMissing || tokenExpired) {
+          const result = await fetchOAuth2Token(req.auth, vars);
+          req.auth.oauth2CachedToken = result.accessToken;
+          req.auth.oauth2TokenExpiry = result.expiresAt;
+        }
+      }
+      const authHeaders = await buildAuthHeaders(req.auth, vars);
+      const apiKeyParam = await buildApiKeyParam(req.auth, vars);
+      let finalUrl = resolvedUrl;
+      if (apiKeyParam) {
+        const sep = finalUrl.includes("?") ? "&" : "?";
+        finalUrl += `${sep}${encodeURIComponent(apiKeyParam.key)}=${encodeURIComponent(apiKeyParam.value)}`;
+      }
+      const buildHeaders = () => {
+        const h = new undici.Headers();
+        for (const header of req.headers) {
+          if (header.enabled && header.key) {
+            h.set(interpolate(header.key, vars), interpolate(header.value, vars));
+          }
+        }
+        for (const [k, v] of Object.entries(authHeaders)) h.set(k, v);
+        return h;
+      };
+      let body;
+      if (req.body.mode === "json" && req.body.json) {
+        body = interpolate(req.body.json, vars);
+      } else if (req.body.mode === "form" && req.body.form) {
+        body = req.body.form.filter((p) => p.enabled && p.key).map((p) => `${encodeURIComponent(interpolate(p.key, vars))}=${encodeURIComponent(interpolate(p.value, vars))}`).join("&");
+      } else if (req.body.mode === "raw" && req.body.raw) {
+        body = interpolate(req.body.raw, vars);
+      } else if (req.body.mode === "graphql" && req.body.graphql) {
+        const gql = req.body.graphql;
+        const gqlBody = { query: interpolate(gql.query, vars) };
+        const rawVars = gql.variables?.trim();
+        if (rawVars) {
+          try {
+            gqlBody.variables = JSON.parse(interpolate(rawVars, vars));
+          } catch {
+          }
+        }
+        if (gql.operationName?.trim()) gqlBody.operationName = gql.operationName.trim();
+        body = JSON.stringify(gqlBody);
+      } else if (req.body.mode === "soap" && req.body.soap) {
+        const soap = req.body.soap;
+        body = interpolate(soap.envelope, vars);
+      }
+      const methodHasBody = !["GET", "HEAD"].includes(req.method);
+      const doFetch = async (overrideHeaders) => {
+        const h = overrideHeaders ?? buildHeaders();
+        if (body !== void 0) {
+          if (!h.has("content-type")) {
+            if (req.body.mode === "json" || req.body.mode === "graphql") h.set("Content-Type", "application/json");
+            else if (req.body.mode === "form") h.set("Content-Type", "application/x-www-form-urlencoded");
+            else if (req.body.mode === "raw") h.set("Content-Type", req.body.rawContentType ?? "text/plain");
+            else if (req.body.mode === "soap") h.set("Content-Type", "text/xml; charset=utf-8");
+          }
+          if (req.body.mode === "soap" && req.body.soap?.soapAction && !h.has("soapaction")) {
+            h.set("SOAPAction", req.body.soap.soapAction);
+          }
+        }
+        const capturedHeaders = {};
+        h.forEach((value, key) => {
+          capturedHeaders[key] = value;
+        });
+        sentRequest = { method: req.method, url: finalUrl, headers: capturedHeaders, body: methodHasBody ? body : void 0 };
+        return undici.fetch(finalUrl, {
+          method: req.method,
+          headers: h,
+          body: methodHasBody ? body : void 0,
+          dispatcher
+        });
+      };
+      let fetchResp;
+      if (req.auth.type === "ntlm") {
+        await performNtlmRequest(finalUrl, req.method, req.auth, vars);
+        fetchResp = await doFetch();
+      } else if (req.auth.type === "digest") {
+        const probeFetch = async (url, init) => {
+          return undici.fetch(url, {
+            ...init,
+            dispatcher
+          });
+        };
+        const digestHeader = await performDigestAuth(finalUrl, req.method, req.auth, vars, probeFetch);
+        const h = buildHeaders();
+        if (digestHeader) h.set("Authorization", digestHeader);
+        fetchResp = await doFetch(h);
+      } else {
+        fetchResp = await doFetch();
+      }
+      const responseBody = await fetchResp.text();
+      const durationMs = Date.now() - start;
+      const rawResponseHeaders = {};
+      fetchResp.headers.forEach((value, key) => {
+        rawResponseHeaders[key] = value;
+      });
+      const maskedBody = maskPii(responseBody, piiMaskPatterns);
+      const maskedHeaders = maskHeaders(rawResponseHeaders, piiMaskPatterns);
+      response = {
+        status: fetchResp.status,
+        statusText: fetchResp.statusText,
+        headers: maskedHeaders,
+        body: maskedBody,
+        bodySize: Buffer.byteLength(responseBody, "utf8"),
+        durationMs
+      };
+    } catch (err) {
+      response = {
+        status: 0,
+        statusText: "Error",
+        headers: {},
+        body: "",
+        bodySize: 0,
+        durationMs: Date.now() - start,
+        error: err instanceof Error ? err.message : String(err)
+      };
+    }
+    let postTestResults = [];
+    let postConsole = [];
+    let postError;
+    if (req.postRequestScript?.trim() && !response.error) {
+      const result = await runScript(req.postRequestScript, {
+        envVars: { ...updatedEnvVars },
+        collectionVars: { ...updatedCollectionVars },
+        globals: { ...updatedGlobals },
+        localVars: { ...localVars },
+        response
+      });
+      postTestResults = result.testResults;
+      postConsole = result.consoleOutput;
+      postError = result.error;
+      updatedEnvVars = result.updatedEnvVars;
+      updatedCollectionVars = result.updatedCollectionVars;
+      updatedGlobals = result.updatedGlobals;
+      patchGlobals(result.updatedGlobals);
+      await persistGlobals();
+    }
+    const scriptResult = {
+      testResults: postTestResults,
+      consoleOutput: [...decryptionWarnings, ...preScriptMeta.consoleOutput, ...postConsole],
+      updatedEnvVars,
+      updatedCollectionVars,
+      updatedGlobals,
+      resolvedUrl,
+      preScriptError: preScriptMeta.error,
+      postScriptError: postError
+    };
+    return { response, scriptResult, sentRequest: redactSentRequest(sentRequest) };
+  });
+  ipc.handle("script:run-hook", async (_e, payload) => {
+    const { script, envVars, collectionVars, globals: globals2 } = payload;
+    const result = await runScript(script, { envVars, collectionVars, globals: globals2, localVars: {} });
+    patchGlobals(result.updatedGlobals);
+    await persistGlobals();
+    return {
+      updatedEnvVars: result.updatedEnvVars,
+      updatedCollectionVars: result.updatedCollectionVars,
+      updatedGlobals: result.updatedGlobals,
+      consoleOutput: result.consoleOutput,
+      error: result.error
+    };
+  });
+}
+exports.buildAuthHeaders = buildAuthHeaders;
+exports.buildDispatcher = buildDispatcher;
+exports.buildDynamicVars = buildDynamicVars;
+exports.buildEnvVars = buildEnvVars;
+exports.buildUrl = buildUrl;
+exports.fetchOAuth2Token = fetchOAuth2Token;
+exports.getGlobals = getGlobals;
+exports.getSecret = getSecret;
+exports.initSecretStore = initSecretStore;
+exports.interpolate = interpolate;
+exports.loadGlobals = loadGlobals;
+exports.maskHeaders = maskHeaders;
+exports.maskPii = maskPii;
+exports.mergeVars = mergeVars;
+exports.patchGlobals = patchGlobals;
+exports.performDigestAuth = performDigestAuth;
+exports.performNtlmRequest = performNtlmRequest;
+exports.persistGlobals = persistGlobals;
+exports.registerRequestHandler = registerRequestHandler;
+exports.registerSecretHandlers = registerSecretHandlers;
+exports.runScript = runScript;
+exports.setGlobals = setGlobals;