npm - @testsmith/api-spector - Versions diffs - 0.0.7 → 0.0.9 - Mend

@testsmith/api-spector 0.0.7 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/out/main/chunks/mock-server-C0RlwZf_.js +240 -0
package/out/main/chunks/request-handler-9MdHOWVf.js +1041 -0
package/out/main/index.js +54 -519
package/out/main/mock.js +3 -1
package/out/main/runner.js +28 -23
package/out/preload/index.js +4 -0
package/out/renderer/assets/{index-x-2wMDPZ.js → index-C67sPzTG.js} +5986 -5315
package/out/renderer/assets/index-YkI5DFME.css +2 -0
package/out/renderer/index.html +2 -2
package/package.json +1 -1
package/out/main/chunks/mock-server-ZB7zpXh9.js +0 -102
package/out/main/chunks/script-runner-CmdLWmKN.js +0 -511
package/out/renderer/assets/index-DRGkbz0a.css +0 -2

package/out/main/index.js CHANGED Viewed

@@ -25,19 +25,19 @@ const electron = require("electron");
 const path = require("path");
 const fs = require("fs");
 const promises = require("fs/promises");
-const scriptRunner = require("./chunks/script-runner-CmdLWmKN.js");
-const undici = require("undici");
-const crypto = require("crypto");
+const requestHandler = require("./chunks/request-handler-9MdHOWVf.js");
 const uuid = require("uuid");
 const jsYaml = require("js-yaml");
+const undici = require("undici");
 const JSZip = require("jszip");
-const mockServer = require("./chunks/mock-server-ZB7zpXh9.js");
+const mockServer = require("./chunks/mock-server-C0RlwZf_.js");
 const http = require("http");
 const WebSocket = require("ws");
 const https = require("https");
 const Ajv = require("ajv");
-require("vm");
+require("crypto");
 require("dayjs");
+require("vm");
 require("tv4");
 require("jsonpath-plus");
 require("@xmldom/xmldom");
@@ -69,7 +69,7 @@ function registerFileHandlers(ipc) {
     const wsPath = result.filePaths[0];
     workspaceDir = path.dirname(wsPath);
     workspaceFile = wsPath;
-    await scriptRunner.loadGlobals(workspaceDir);
+    await requestHandler.loadGlobals(workspaceDir);
     await saveLastWorkspacePath(wsPath);
     const raw = await promises.readFile(wsPath, "utf8");
     return { workspace: JSON.parse(raw), workspacePath: wsPath };
@@ -83,7 +83,7 @@ function registerFileHandlers(ipc) {
     if (result.canceled || !result.filePath) return null;
     workspaceDir = path.dirname(result.filePath);
     workspaceFile = result.filePath;
-    await scriptRunner.loadGlobals(workspaceDir);
+    await requestHandler.loadGlobals(workspaceDir);
     await promises.mkdir(path.join(workspaceDir, "collections"), { recursive: true });
     await promises.mkdir(path.join(workspaceDir, "environments"), { recursive: true });
     const gitignore = "# api Spector — never commit secrets\n*.secrets\n.env.local\n";
@@ -147,10 +147,10 @@ function registerFileHandlers(ipc) {
     await promises.writeFile(result.filePath, content, "utf8");
     return true;
   });
-  ipc.handle("globals:get", () => scriptRunner.getGlobals());
+  ipc.handle("globals:get", () => requestHandler.getGlobals());
   ipc.handle("globals:set", async (_e, patch) => {
-    scriptRunner.setGlobals(patch);
-    await scriptRunner.persistGlobals();
+    requestHandler.setGlobals(patch);
+    await requestHandler.persistGlobals();
   });
   ipc.handle("file:closeWorkspace", async () => {
     workspaceDir = null;
@@ -164,7 +164,7 @@ function registerFileHandlers(ipc) {
     try {
       workspaceDir = path.dirname(wsPath);
       workspaceFile = wsPath;
-      await scriptRunner.loadGlobals(workspaceDir);
+      await requestHandler.loadGlobals(workspaceDir);
       const raw = await promises.readFile(wsPath, "utf8");
       return { workspace: JSON.parse(raw), workspacePath: wsPath };
     } catch {
@@ -175,471 +175,6 @@ function registerFileHandlers(ipc) {
 function getWorkspaceDir() {
   return workspaceDir;
 }
-async function buildAuthHeaders(auth, vars) {
-  const headers = {};
-  if (auth.type === "bearer") {
-    let token = auth.token ?? "";
-    if (!token && auth.tokenSecretRef) token = await scriptRunner.getSecret(auth.tokenSecretRef) ?? "";
-    token = scriptRunner.interpolate(token, vars);
-    if (token) headers["Authorization"] = `Bearer ${token}`;
-  }
-  if (auth.type === "basic") {
-    let password = auth.password ?? "";
-    if (!password && auth.passwordSecretRef) password = await scriptRunner.getSecret(auth.passwordSecretRef) ?? "";
-    password = scriptRunner.interpolate(password, vars);
-    const username = scriptRunner.interpolate(auth.username ?? "", vars);
-    headers["Authorization"] = `Basic ${Buffer.from(`${username}:${password}`).toString("base64")}`;
-  }
-  if (auth.type === "apikey" && auth.apiKeyIn === "header") {
-    let value = auth.apiKeyValue ?? "";
-    if (!value && auth.apiKeySecretRef) value = await scriptRunner.getSecret(auth.apiKeySecretRef) ?? "";
-    value = scriptRunner.interpolate(value, vars);
-    headers[auth.apiKeyName ?? "X-API-Key"] = value;
-  }
-  if (auth.type === "oauth2") {
-    const now = Date.now();
-    if (auth.oauth2CachedToken && auth.oauth2TokenExpiry && auth.oauth2TokenExpiry > now + 5e3) {
-      headers["Authorization"] = `Bearer ${auth.oauth2CachedToken}`;
-    }
-  }
-  return headers;
-}
-async function buildApiKeyParam(auth, vars) {
-  if (auth.type !== "apikey" || auth.apiKeyIn !== "query") return null;
-  let value = auth.apiKeyValue ?? "";
-  if (!value && auth.apiKeySecretRef) value = await scriptRunner.getSecret(auth.apiKeySecretRef) ?? "";
-  value = scriptRunner.interpolate(value, vars);
-  return { key: auth.apiKeyName ?? "apikey", value };
-}
-function parseDigestChallenge(wwwAuth) {
-  const extract = (key) => {
-    const m = new RegExp(`${key}="([^"]*)"`, "i").exec(wwwAuth);
-    return m ? m[1] : "";
-  };
-  const extractUnquoted = (key) => {
-    const m = new RegExp(`${key}=([^,\\s]+)`, "i").exec(wwwAuth);
-    return m ? m[1] : "";
-  };
-  return {
-    realm: extract("realm"),
-    nonce: extract("nonce"),
-    qop: extract("qop") || extractUnquoted("qop") || void 0,
-    algorithm: extract("algorithm") || extractUnquoted("algorithm") || "MD5",
-    opaque: extract("opaque") || void 0
-  };
-}
-function md5(s) {
-  return crypto.createHash("md5").update(s).digest("hex");
-}
-function buildDigestAuthHeader(challenge, username, password, method, uri) {
-  const { realm, nonce, qop, algorithm, opaque } = challenge;
-  const algo = (algorithm ?? "MD5").toUpperCase();
-  const ha1 = algo === "MD5-SESS" ? md5(`${md5(`${username}:${realm}:${password}`)}:${nonce}:`) : md5(`${username}:${realm}:${password}`);
-  const ha2 = md5(`${method}:${uri}`);
-  let response;
-  let nc;
-  let cnonce;
-  if (qop === "auth" || qop === "auth-int") {
-    nc = "00000001";
-    cnonce = crypto.randomBytes(8).toString("hex");
-    response = md5(`${ha1}:${nonce}:${nc}:${cnonce}:${qop}:${ha2}`);
-  } else {
-    response = md5(`${ha1}:${nonce}:${ha2}`);
-  }
-  let header = `Digest username="${username}", realm="${realm}", nonce="${nonce}", uri="${uri}", response="${response}"`;
-  if (qop) header += `, qop=${qop}`;
-  if (nc) header += `, nc=${nc}`;
-  if (cnonce) header += `, cnonce="${cnonce}"`;
-  if (opaque) header += `, opaque="${opaque}"`;
-  if (algo !== "MD5") header += `, algorithm=${algo}`;
-  return header;
-}
-async function performDigestAuth(url, method, auth, vars, fetchFn) {
-  const probeResp = await fetchFn(url, { method, headers: {} });
-  if (probeResp.status !== 401) return null;
-  const wwwAuth = probeResp.headers.get("www-authenticate") ?? "";
-  if (!wwwAuth.toLowerCase().startsWith("digest")) return null;
-  const challenge = parseDigestChallenge(wwwAuth);
-  let password = auth.password ?? "";
-  if (!password && auth.passwordSecretRef) password = await scriptRunner.getSecret(auth.passwordSecretRef) ?? "";
-  password = scriptRunner.interpolate(password, vars);
-  const username = scriptRunner.interpolate(auth.username ?? "", vars);
-  let uri = "/";
-  try {
-    uri = new URL(url).pathname + (new URL(url).search ?? "");
-  } catch {
-  }
-  return buildDigestAuthHeader(challenge, username, password, method, uri);
-}
-async function performNtlmRequest(_url, _method, _auth, _vars) {
-  throw new Error(
-    'NTLM auth is not yet implemented. Add "httpntlm" to package.json dependencies and implement performNtlmRequest in auth-builder.ts.'
-  );
-}
-async function fetchOAuth2Token(auth, vars) {
-  const flow = auth.oauth2Flow ?? "client_credentials";
-  if (flow === "authorization_code") {
-    throw new Error("authorization_code flow requires the oauth2:startFlow IPC call from the renderer.");
-  }
-  if (flow === "implicit") {
-    throw new Error("implicit flow cannot be performed server-side — tokens must be obtained via the browser redirect.");
-  }
-  const tokenUrl = scriptRunner.interpolate(auth.oauth2TokenUrl ?? "", vars);
-  if (!tokenUrl) throw new Error("OAuth 2.0: tokenUrl is required.");
-  const clientId = scriptRunner.interpolate(auth.oauth2ClientId ?? "", vars);
-  let clientSecret = auth.oauth2ClientSecret ?? "";
-  if (!clientSecret && auth.oauth2ClientSecretRef) {
-    clientSecret = await scriptRunner.getSecret(auth.oauth2ClientSecretRef) ?? "";
-  }
-  clientSecret = scriptRunner.interpolate(clientSecret, vars);
-  const params = new URLSearchParams();
-  params.set("grant_type", flow === "password" ? "password" : "client_credentials");
-  params.set("client_id", clientId);
-  params.set("client_secret", clientSecret);
-  if (auth.oauth2Scopes) params.set("scope", auth.oauth2Scopes);
-  if (flow === "password") {
-    let password = auth.password ?? "";
-    if (!password && auth.passwordSecretRef) password = await scriptRunner.getSecret(auth.passwordSecretRef) ?? "";
-    password = scriptRunner.interpolate(password, vars);
-    params.set("username", scriptRunner.interpolate(auth.username ?? "", vars));
-    params.set("password", password);
-  }
-  const { fetch: nodeFetch } = await import("undici");
-  const resp = await nodeFetch(tokenUrl, {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: params.toString()
-  });
-  if (!resp.ok) {
-    const body = await resp.text();
-    throw new Error(`OAuth 2.0 token request failed (${resp.status}): ${body}`);
-  }
-  const json = await resp.json();
-  const accessToken = String(json["access_token"] ?? "");
-  if (!accessToken) throw new Error("OAuth 2.0: token response missing access_token.");
-  const expiresIn = Number(json["expires_in"] ?? 3600);
-  const expiresAt = Date.now() + expiresIn * 1e3;
-  return {
-    accessToken,
-    expiresAt,
-    refreshToken: json["refresh_token"] ? String(json["refresh_token"]) : void 0
-  };
-}
-function maskPii(data, patterns) {
-  if (!patterns.length) return data;
-  try {
-    const obj = JSON.parse(data);
-    const masked = maskObject(obj, patterns);
-    return JSON.stringify(masked);
-  } catch {
-    return data;
-  }
-}
-function maskObject(obj, patterns) {
-  if (Array.isArray(obj)) return obj.map((item) => maskObject(item, patterns));
-  if (obj && typeof obj === "object") {
-    const result = {};
-    for (const [k, v] of Object.entries(obj)) {
-      if (patterns.some((p) => k.toLowerCase().includes(p.toLowerCase()))) {
-        result[k] = "[REDACTED]";
-      } else {
-        result[k] = maskObject(v, patterns);
-      }
-    }
-    return result;
-  }
-  return obj;
-}
-function maskHeaders(headers, patterns) {
-  if (!patterns.length) return headers;
-  const alwaysMask = ["authorization", "cookie", "set-cookie"];
-  const result = {};
-  for (const [k, v] of Object.entries(headers)) {
-    const lower = k.toLowerCase();
-    if (alwaysMask.includes(lower) || patterns.some((p) => lower.includes(p.toLowerCase()))) {
-      result[k] = "[REDACTED]";
-    } else {
-      result[k] = v;
-    }
-  }
-  return result;
-}
-async function buildDispatcher$1(proxy, tls) {
-  const connectOpts = {};
-  let hasTls = false;
-  if (tls) {
-    hasTls = true;
-    if (tls.rejectUnauthorized !== void 0) {
-      connectOpts["rejectUnauthorized"] = tls.rejectUnauthorized;
-    }
-    if (tls.caCertPath) {
-      try {
-        connectOpts["ca"] = await promises.readFile(tls.caCertPath);
-      } catch {
-      }
-    }
-    if (tls.clientCertPath) {
-      try {
-        connectOpts["cert"] = await promises.readFile(tls.clientCertPath);
-      } catch {
-      }
-    }
-    if (tls.clientKeyPath) {
-      try {
-        connectOpts["key"] = await promises.readFile(tls.clientKeyPath);
-      } catch {
-      }
-    }
-  }
-  if (proxy?.url) {
-    const proxyUri = proxy.auth ? proxy.url.replace("://", `://${encodeURIComponent(proxy.auth.username)}:${encodeURIComponent(proxy.auth.password)}@`) : proxy.url;
-    return new undici.ProxyAgent({
-      uri: proxyUri,
-      ...hasTls ? { connect: connectOpts } : {}
-    });
-  }
-  if (hasTls) {
-    return new undici.Agent({ connect: connectOpts });
-  }
-  return void 0;
-}
-function registerRequestHandler(ipc) {
-  ipc.handle("request:send", async (_e, payload) => {
-    const {
-      request: req,
-      environment,
-      collectionVars,
-      globals: payloadGlobals,
-      proxy,
-      tls,
-      piiMaskPatterns = []
-    } = payload;
-    const start = Date.now();
-    const liveGlobals = scriptRunner.getGlobals();
-    const mergedGlobals = { ...payloadGlobals, ...liveGlobals };
-    const envVars = await scriptRunner.buildEnvVars(environment);
-    let localVars = {};
-    const decryptionWarnings = [];
-    if (environment) {
-      const masterKeySet = Boolean(process.env["API_SPECTOR_MASTER_KEY"]);
-      for (const v of environment.variables) {
-        if (!v.enabled || !v.secret || !v.secretEncrypted) continue;
-        if (!masterKeySet) {
-          decryptionWarnings.push(`[warn] Secret "${v.key}" was not decrypted: API_SPECTOR_MASTER_KEY is not set. Use the master password modal or export the variable in your shell.`);
-        } else if (envVars[v.key] === void 0) {
-          decryptionWarnings.push(`[warn] Secret "${v.key}" could not be decrypted: wrong password or corrupted data.`);
-        }
-      }
-    }
-    let vars = scriptRunner.mergeVars(envVars, collectionVars, mergedGlobals, localVars);
-    let preScriptMeta = { consoleOutput: [] };
-    let updatedCollectionVars = { ...collectionVars };
-    let updatedEnvVars = { ...envVars };
-    let updatedGlobals = { ...mergedGlobals };
-    if (req.preRequestScript?.trim()) {
-      const result = await scriptRunner.runScript(req.preRequestScript, {
-        envVars: { ...envVars },
-        collectionVars: { ...collectionVars },
-        globals: { ...mergedGlobals },
-        localVars: {}
-      });
-      preScriptMeta = { error: result.error, consoleOutput: result.consoleOutput };
-      localVars = result.updatedLocalVars;
-      updatedEnvVars = result.updatedEnvVars;
-      updatedCollectionVars = result.updatedCollectionVars;
-      updatedGlobals = result.updatedGlobals;
-      scriptRunner.patchGlobals(result.updatedGlobals);
-      await scriptRunner.persistGlobals();
-      vars = scriptRunner.mergeVars(updatedEnvVars, updatedCollectionVars, updatedGlobals, localVars);
-    }
-    let response;
-    let sentRequest = { method: req.method, url: "", headers: {} };
-    const resolvedUrl = scriptRunner.buildUrl(req.url, req.params, vars);
-    const secretValues = /* @__PURE__ */ new Set();
-    if (environment) {
-      for (const v of environment.variables) {
-        if (!v.enabled) continue;
-        if ((v.secret || v.envRef) && envVars[v.key]) {
-          secretValues.add(envVars[v.key]);
-        }
-      }
-    }
-    function redactSecrets(s) {
-      if (!secretValues.size) return s;
-      let result = s;
-      for (const secret of secretValues) {
-        if (secret) result = result.split(secret).join("[*****]");
-      }
-      return result;
-    }
-    function redactSentRequest(sr) {
-      const headers = {};
-      for (const [k, v] of Object.entries(sr.headers)) {
-        headers[k] = redactSecrets(v);
-      }
-      return {
-        method: sr.method,
-        url: redactSecrets(sr.url),
-        headers,
-        body: sr.body !== void 0 ? redactSecrets(sr.body) : void 0
-      };
-    }
-    try {
-      const dispatcher = await buildDispatcher$1(proxy, tls);
-      if (req.auth.type === "oauth2") {
-        const now = Date.now();
-        const tokenMissing = !req.auth.oauth2CachedToken;
-        const tokenExpired = req.auth.oauth2TokenExpiry ? req.auth.oauth2TokenExpiry <= now + 5e3 : true;
-        if (tokenMissing || tokenExpired) {
-          const result = await fetchOAuth2Token(req.auth, vars);
-          req.auth.oauth2CachedToken = result.accessToken;
-          req.auth.oauth2TokenExpiry = result.expiresAt;
-        }
-      }
-      const authHeaders = await buildAuthHeaders(req.auth, vars);
-      const apiKeyParam = await buildApiKeyParam(req.auth, vars);
-      let finalUrl = resolvedUrl;
-      if (apiKeyParam) {
-        const sep = finalUrl.includes("?") ? "&" : "?";
-        finalUrl += `${sep}${encodeURIComponent(apiKeyParam.key)}=${encodeURIComponent(apiKeyParam.value)}`;
-      }
-      const buildHeaders2 = () => {
-        const h = new undici.Headers();
-        for (const header of req.headers) {
-          if (header.enabled && header.key) {
-            h.set(scriptRunner.interpolate(header.key, vars), scriptRunner.interpolate(header.value, vars));
-          }
-        }
-        for (const [k, v] of Object.entries(authHeaders)) h.set(k, v);
-        return h;
-      };
-      let body;
-      if (req.body.mode === "json" && req.body.json) {
-        body = scriptRunner.interpolate(req.body.json, vars);
-      } else if (req.body.mode === "form" && req.body.form) {
-        body = req.body.form.filter((p) => p.enabled && p.key).map((p) => `${encodeURIComponent(scriptRunner.interpolate(p.key, vars))}=${encodeURIComponent(scriptRunner.interpolate(p.value, vars))}`).join("&");
-      } else if (req.body.mode === "raw" && req.body.raw) {
-        body = scriptRunner.interpolate(req.body.raw, vars);
-      } else if (req.body.mode === "graphql" && req.body.graphql) {
-        const gql = req.body.graphql;
-        const gqlBody = { query: scriptRunner.interpolate(gql.query, vars) };
-        const rawVars = gql.variables?.trim();
-        if (rawVars) {
-          try {
-            gqlBody.variables = JSON.parse(scriptRunner.interpolate(rawVars, vars));
-          } catch {
-          }
-        }
-        if (gql.operationName?.trim()) gqlBody.operationName = gql.operationName.trim();
-        body = JSON.stringify(gqlBody);
-      } else if (req.body.mode === "soap" && req.body.soap) {
-        const soap = req.body.soap;
-        body = scriptRunner.interpolate(soap.envelope, vars);
-      }
-      const methodHasBody = !["GET", "HEAD"].includes(req.method);
-      const doFetch = async (overrideHeaders) => {
-        const h = overrideHeaders ?? buildHeaders2();
-        if (body !== void 0) {
-          if (!h.has("content-type")) {
-            if (req.body.mode === "json" || req.body.mode === "graphql") h.set("Content-Type", "application/json");
-            else if (req.body.mode === "form") h.set("Content-Type", "application/x-www-form-urlencoded");
-            else if (req.body.mode === "raw") h.set("Content-Type", req.body.rawContentType ?? "text/plain");
-            else if (req.body.mode === "soap") h.set("Content-Type", "text/xml; charset=utf-8");
-          }
-          if (req.body.mode === "soap" && req.body.soap?.soapAction && !h.has("soapaction")) {
-            h.set("SOAPAction", req.body.soap.soapAction);
-          }
-        }
-        const capturedHeaders = {};
-        h.forEach((value, key) => {
-          capturedHeaders[key] = value;
-        });
-        sentRequest = { method: req.method, url: finalUrl, headers: capturedHeaders, body: methodHasBody ? body : void 0 };
-        return undici.fetch(finalUrl, {
-          method: req.method,
-          headers: h,
-          body: methodHasBody ? body : void 0,
-          dispatcher
-        });
-      };
-      let fetchResp;
-      if (req.auth.type === "ntlm") {
-        await performNtlmRequest(finalUrl, req.method, req.auth, vars);
-        fetchResp = await doFetch();
-      } else if (req.auth.type === "digest") {
-        const probeFetch = async (url, init) => {
-          return undici.fetch(url, {
-            ...init,
-            dispatcher
-          });
-        };
-        const digestHeader = await performDigestAuth(finalUrl, req.method, req.auth, vars, probeFetch);
-        const h = buildHeaders2();
-        if (digestHeader) h.set("Authorization", digestHeader);
-        fetchResp = await doFetch(h);
-      } else {
-        fetchResp = await doFetch();
-      }
-      const responseBody = await fetchResp.text();
-      const durationMs = Date.now() - start;
-      const rawResponseHeaders = {};
-      fetchResp.headers.forEach((value, key) => {
-        rawResponseHeaders[key] = value;
-      });
-      const maskedBody = maskPii(responseBody, piiMaskPatterns);
-      const maskedHeaders = maskHeaders(rawResponseHeaders, piiMaskPatterns);
-      response = {
-        status: fetchResp.status,
-        statusText: fetchResp.statusText,
-        headers: maskedHeaders,
-        body: maskedBody,
-        bodySize: Buffer.byteLength(responseBody, "utf8"),
-        durationMs
-      };
-    } catch (err) {
-      response = {
-        status: 0,
-        statusText: "Error",
-        headers: {},
-        body: "",
-        bodySize: 0,
-        durationMs: Date.now() - start,
-        error: err instanceof Error ? err.message : String(err)
-      };
-    }
-    let postTestResults = [];
-    let postConsole = [];
-    let postError;
-    if (req.postRequestScript?.trim() && !response.error) {
-      const result = await scriptRunner.runScript(req.postRequestScript, {
-        envVars: { ...updatedEnvVars },
-        collectionVars: { ...updatedCollectionVars },
-        globals: { ...updatedGlobals },
-        localVars: { ...localVars },
-        response
-      });
-      postTestResults = result.testResults;
-      postConsole = result.consoleOutput;
-      postError = result.error;
-      updatedEnvVars = result.updatedEnvVars;
-      updatedCollectionVars = result.updatedCollectionVars;
-      updatedGlobals = result.updatedGlobals;
-      scriptRunner.patchGlobals(result.updatedGlobals);
-      await scriptRunner.persistGlobals();
-    }
-    const scriptResult = {
-      testResults: postTestResults,
-      consoleOutput: [...decryptionWarnings, ...preScriptMeta.consoleOutput, ...postConsole],
-      updatedEnvVars,
-      updatedCollectionVars,
-      updatedGlobals,
-      resolvedUrl,
-      preScriptError: preScriptMeta.error,
-      postScriptError: postError
-    };
-    return { response, scriptResult, sentRequest: redactSentRequest(sentRequest) };
-  });
-}
 const POSTMAN_RULES = [
   // Variables — environment
   [/\bpm\.environment\.get\(/g, "sp.environment.get("],
@@ -2699,13 +2234,13 @@ async function executeOne(req, collectionVars, envVars, globals, localVars, disp
     resolvedUrl: "",
     status: "running"
   };
-  let vars = scriptRunner.mergeVars(envVars, collectionVars, globals, localVars);
+  let vars = requestHandler.mergeVars(envVars, collectionVars, globals, localVars);
   let updatedEnvVars = { ...envVars };
   let updatedCollectionVars = { ...collectionVars };
   let updatedGlobals = { ...globals };
   let preScriptError;
   if (req.preRequestScript?.trim()) {
-    const r = await scriptRunner.runScript(req.preRequestScript, {
+    const r = await requestHandler.runScript(req.preRequestScript, {
       envVars: { ...envVars },
       collectionVars: { ...collectionVars },
       globals: { ...globals },
@@ -2716,11 +2251,11 @@ async function executeOne(req, collectionVars, envVars, globals, localVars, disp
     updatedEnvVars = r.updatedEnvVars;
     updatedCollectionVars = r.updatedCollectionVars;
     updatedGlobals = r.updatedGlobals;
-    scriptRunner.patchGlobals(r.updatedGlobals);
-    await scriptRunner.persistGlobals();
-    vars = scriptRunner.mergeVars(updatedEnvVars, updatedCollectionVars, updatedGlobals, localVars);
+    requestHandler.patchGlobals(r.updatedGlobals);
+    await requestHandler.persistGlobals();
+    vars = requestHandler.mergeVars(updatedEnvVars, updatedCollectionVars, updatedGlobals, localVars);
   }
-  const resolvedUrl = scriptRunner.buildUrl(req.url, req.params, vars);
+  const resolvedUrl = requestHandler.buildUrl(req.url, req.params, vars);
   base.resolvedUrl = resolvedUrl;
   const start = Date.now();
   try {
@@ -2729,23 +2264,23 @@ async function executeOne(req, collectionVars, envVars, globals, localVars, disp
       const tokenMissing = !req.auth.oauth2CachedToken;
       const tokenExpired = req.auth.oauth2TokenExpiry ? req.auth.oauth2TokenExpiry <= now + 5e3 : true;
       if (tokenMissing || tokenExpired) {
-        const result = await fetchOAuth2Token(req.auth, vars);
+        const result = await requestHandler.fetchOAuth2Token(req.auth, vars);
         req.auth.oauth2CachedToken = result.accessToken;
         req.auth.oauth2TokenExpiry = result.expiresAt;
       }
     }
-    const authHeaders = await buildAuthHeaders(req.auth, vars);
+    const authHeaders = await requestHandler.buildAuthHeaders(req.auth, vars);
     const headers = new undici.Headers();
     for (const h of req.headers) {
-      if (h.enabled && h.key) headers.set(scriptRunner.interpolate(h.key, vars), scriptRunner.interpolate(h.value, vars));
+      if (h.enabled && h.key) headers.set(requestHandler.interpolate(h.key, vars), requestHandler.interpolate(h.value, vars));
     }
     for (const [k, v] of Object.entries(authHeaders)) headers.set(k, v);
     let body;
     if (req.body.mode === "json" && req.body.json) {
-      body = scriptRunner.interpolate(req.body.json, vars);
+      body = requestHandler.interpolate(req.body.json, vars);
       if (!headers.has("content-type")) headers.set("Content-Type", "application/json");
     } else if (req.body.mode === "raw" && req.body.raw) {
-      body = scriptRunner.interpolate(req.body.raw, vars);
+      body = requestHandler.interpolate(req.body.raw, vars);
       if (!headers.has("content-type")) headers.set("Content-Type", req.body.rawContentType ?? "text/plain");
     }
     const methodHasBody = !["GET", "HEAD"].includes(req.method);
@@ -2757,14 +2292,14 @@ async function executeOne(req, collectionVars, envVars, globals, localVars, disp
     });
     let fetchResp;
     if (req.auth.type === "ntlm") {
-      await performNtlmRequest(resolvedUrl, req.method, req.auth, vars);
+      await requestHandler.performNtlmRequest(resolvedUrl, req.method, req.auth, vars);
       fetchResp = await doFetch(headers);
     } else if (req.auth.type === "digest") {
       const probeFetch = (url, init) => undici.fetch(url, {
         ...init,
         dispatcher
       });
-      const digestHeader = await performDigestAuth(resolvedUrl, req.method, req.auth, vars, probeFetch);
+      const digestHeader = await requestHandler.performDigestAuth(resolvedUrl, req.method, req.auth, vars, probeFetch);
       if (digestHeader) headers.set("Authorization", digestHeader);
       fetchResp = await doFetch(headers);
     } else {
@@ -2776,8 +2311,8 @@ async function executeOne(req, collectionVars, envVars, globals, localVars, disp
     fetchResp.headers.forEach((v, k) => {
       rawRespHeaders[k] = v;
     });
-    const maskedBody = maskPii(responseBody, piiMaskPatterns);
-    const maskedHeaders = maskHeaders(rawRespHeaders, piiMaskPatterns);
+    const maskedBody = requestHandler.maskPii(responseBody, piiMaskPatterns);
+    const maskedHeaders = requestHandler.maskHeaders(rawRespHeaders, piiMaskPatterns);
     const response = {
       status: fetchResp.status,
       statusText: fetchResp.statusText,
@@ -2790,7 +2325,7 @@ async function executeOne(req, collectionVars, envVars, globals, localVars, disp
     let consoleOutput = [];
     let postScriptError;
     if (req.postRequestScript?.trim()) {
-      const r = await scriptRunner.runScript(req.postRequestScript, {
+      const r = await requestHandler.runScript(req.postRequestScript, {
         envVars: updatedEnvVars,
         collectionVars: updatedCollectionVars,
         globals: updatedGlobals,
@@ -2803,8 +2338,8 @@ async function executeOne(req, collectionVars, envVars, globals, localVars, disp
       updatedEnvVars = r.updatedEnvVars;
       updatedCollectionVars = r.updatedCollectionVars;
       updatedGlobals = r.updatedGlobals;
-      scriptRunner.patchGlobals(r.updatedGlobals);
-      await scriptRunner.persistGlobals();
+      requestHandler.patchGlobals(r.updatedGlobals);
+      await requestHandler.persistGlobals();
     }
     const allPassed = testResults.every((t) => t.passed);
     const status = postScriptError ? "error" : testResults.length > 0 ? allPassed ? "passed" : "failed" : "passed";
@@ -2853,8 +2388,8 @@ const sleep = (ms) => new Promise((resolve2) => setTimeout(resolve2, ms));
 function registerRunnerHandler(ipc) {
   ipc.handle("runner:start", async (event, payload) => {
     const { items, environment, globals: payloadGlobals, proxy, tls, piiMaskPatterns = [], requestDelay = 0 } = payload;
-    const envVars = await scriptRunner.buildEnvVars(environment);
-    const liveGlobals = scriptRunner.getGlobals();
+    const envVars = await requestHandler.buildEnvVars(environment);
+    const liveGlobals = requestHandler.getGlobals();
     const globals = { ...payloadGlobals, ...liveGlobals };
     const dispatcher = await buildDispatcher(proxy, tls);
     const summary = { total: items.length, passed: 0, failed: 0, errors: 0, durationMs: 0 };
@@ -2920,14 +2455,14 @@ function registerOAuth2Handlers(ipc) {
   ipc.handle("oauth2:startFlow", async (_e, auth, vars) => {
     const port = auth.oauth2RedirectPort ?? 9876;
     const redirectUri = `http://localhost:${port}/callback`;
-    const authUrl = scriptRunner.interpolate(auth.oauth2AuthUrl ?? "", vars);
-    const tokenUrl = scriptRunner.interpolate(auth.oauth2TokenUrl ?? "", vars);
-    const clientId = scriptRunner.interpolate(auth.oauth2ClientId ?? "", vars);
+    const authUrl = requestHandler.interpolate(auth.oauth2AuthUrl ?? "", vars);
+    const tokenUrl = requestHandler.interpolate(auth.oauth2TokenUrl ?? "", vars);
+    const clientId = requestHandler.interpolate(auth.oauth2ClientId ?? "", vars);
     let clientSecret = auth.oauth2ClientSecret ?? "";
     if (!clientSecret && auth.oauth2ClientSecretRef) {
-      clientSecret = await scriptRunner.getSecret(auth.oauth2ClientSecretRef) ?? "";
+      clientSecret = await requestHandler.getSecret(auth.oauth2ClientSecretRef) ?? "";
     }
-    clientSecret = scriptRunner.interpolate(clientSecret, vars);
+    clientSecret = requestHandler.interpolate(clientSecret, vars);
     if (!authUrl) throw new Error("OAuth 2.0: authUrl is required for authorization_code flow.");
     if (!tokenUrl) throw new Error("OAuth 2.0: tokenUrl is required for authorization_code flow.");
     if (!clientId) throw new Error("OAuth 2.0: clientId is required.");
@@ -3002,13 +2537,13 @@ function registerOAuth2Handlers(ipc) {
     };
   });
   ipc.handle("oauth2:refreshToken", async (_e, auth, vars, refreshToken) => {
-    const tokenUrl = scriptRunner.interpolate(auth.oauth2TokenUrl ?? "", vars);
-    const clientId = scriptRunner.interpolate(auth.oauth2ClientId ?? "", vars);
+    const tokenUrl = requestHandler.interpolate(auth.oauth2TokenUrl ?? "", vars);
+    const clientId = requestHandler.interpolate(auth.oauth2ClientId ?? "", vars);
     let clientSecret = auth.oauth2ClientSecret ?? "";
     if (!clientSecret && auth.oauth2ClientSecretRef) {
-      clientSecret = await scriptRunner.getSecret(auth.oauth2ClientSecretRef) ?? "";
+      clientSecret = await requestHandler.getSecret(auth.oauth2ClientSecretRef) ?? "";
     }
-    clientSecret = scriptRunner.interpolate(clientSecret, vars);
+    clientSecret = requestHandler.interpolate(clientSecret, vars);
     if (!tokenUrl) throw new Error("OAuth 2.0: tokenUrl is required for refresh.");
     const { fetch: nodeFetch } = await import("undici");
     const params = new URLSearchParams();
@@ -3456,21 +2991,21 @@ function validateConsumerResponse(contract, actualStatus, actualHeaders, bodyTex
   return violations;
 }
 async function executeContract(req, vars) {
-  const url = scriptRunner.buildUrl(req.url, req.params, vars);
+  const url = requestHandler.buildUrl(req.url, req.params, vars);
   const start = Date.now();
   try {
     const headers = new undici.Headers();
     for (const h of req.headers) {
-      if (h.enabled && h.key) headers.set(scriptRunner.interpolate(h.key, vars), scriptRunner.interpolate(h.value, vars));
+      if (h.enabled && h.key) headers.set(requestHandler.interpolate(h.key, vars), requestHandler.interpolate(h.value, vars));
     }
-    const authHeaders = await buildAuthHeaders(req.auth, vars);
+    const authHeaders = await requestHandler.buildAuthHeaders(req.auth, vars);
     for (const [k, v] of Object.entries(authHeaders)) headers.set(k, v);
     let body;
     if (req.body.mode === "json" && req.body.json) {
-      body = scriptRunner.interpolate(req.body.json, vars);
+      body = requestHandler.interpolate(req.body.json, vars);
       if (!headers.has("content-type")) headers.set("Content-Type", "application/json");
     } else if (req.body.mode === "raw" && req.body.raw) {
-      body = scriptRunner.interpolate(req.body.raw, vars);
+      body = requestHandler.interpolate(req.body.raw, vars);
     }
     const resp = await undici.fetch(url, {
       method: req.method,
@@ -3625,7 +3160,7 @@ function validateRequestAgainstSpec(spec, req, envVars, requestBaseUrl) {
     const jsonContent = content["application/json"];
     if (jsonContent?.["schema"]) {
       try {
-        const data = JSON.parse(scriptRunner.interpolate(req.body.json, vars));
+        const data = JSON.parse(requestHandler.interpolate(req.body.json, vars));
         const schema = resolveSchema(spec, jsonContent["schema"]);
         const validate = ajv.compile(schema);
         if (!validate(data)) {
@@ -3761,18 +3296,18 @@ function getProviderResponseSchema(spec, req, envVars, statusCode, requestBaseUr
   return null;
 }
 async function executeRequest(req, vars) {
-  const url = scriptRunner.buildUrl(req.url, req.params, vars);
+  const url = requestHandler.buildUrl(req.url, req.params, vars);
   const start = Date.now();
   try {
     const headers = new undici.Headers();
     for (const h of req.headers) {
-      if (h.enabled && h.key) headers.set(scriptRunner.interpolate(h.key, vars), scriptRunner.interpolate(h.value, vars));
+      if (h.enabled && h.key) headers.set(requestHandler.interpolate(h.key, vars), requestHandler.interpolate(h.value, vars));
     }
-    const authHeaders = await buildAuthHeaders(req.auth, vars);
+    const authHeaders = await requestHandler.buildAuthHeaders(req.auth, vars);
     for (const [k, v] of Object.entries(authHeaders)) headers.set(k, v);
     let body;
     if (req.body.mode === "json" && req.body.json) {
-      body = scriptRunner.interpolate(req.body.json, vars);
+      body = requestHandler.interpolate(req.body.json, vars);
       if (!headers.has("content-type")) headers.set("Content-Type", "application/json");
     }
     const resp = await undici.fetch(url, {
@@ -3798,7 +3333,7 @@ async function runBidirectional(requests, envVars, collectionVars = {}, specUrl,
     (r) => r.contract && (r.contract.statusCode !== void 0 || r.contract.bodySchema || r.contract.headers?.length)
   );
   const results = await Promise.all(contractRequests.map(async (req) => {
-    const url = scriptRunner.buildUrl(req.url, req.params, vars);
+    const url = requestHandler.buildUrl(req.url, req.params, vars);
     const violations = [];
     const expectedStatus = req.contract.statusCode ?? 200;
     const consumerSchema = req.contract.bodySchema ? (() => {
@@ -3984,10 +3519,10 @@ function createWindow() {
   });
 }
 electron.app.whenReady().then(async () => {
-  await scriptRunner.initSecretStore(electron.app.getPath("userData"));
+  await requestHandler.initSecretStore(electron.app.getPath("userData"));
   registerFileHandlers(electron.ipcMain);
-  registerRequestHandler(electron.ipcMain);
-  scriptRunner.registerSecretHandlers(electron.ipcMain);
+  requestHandler.registerRequestHandler(electron.ipcMain);
+  requestHandler.registerSecretHandlers(electron.ipcMain);
   registerImportHandlers(electron.ipcMain);
   registerGenerateHandlers(electron.ipcMain);
   registerRunnerHandler(electron.ipcMain);