Merge branch 'main' into dashbot-core

Author: animator

.github/dependabot.yml

@@ -0,0 +1,13 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "pub" # See documentation for possible values
+    directories:
+      - "/" # Location of package manifests
+      - "/packages/*/"
+    schedule:
+      interval: "monthly"

.github/workflows/aur-publish.yml

@@ -1,4 +1,6 @@
 name: Update AUR Package
+permissions:
+  contents: read
 
 on:
   push:
@@ -12,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Get version from pubspec
         id: get_version
@@ -42,7 +44,7 @@ jobs:
           echo "license_checksum=$LICENSE_CHECKSUM" >> $GITHUB_OUTPUT
 
       - name: Publish AUR package
-        uses: KSXGitHub/github-actions-deploy-aur@v2.7.0
+        uses: KSXGitHub/github-actions-deploy-aur@2ac5a4c1d7035885d46b10e3193393be8460b6f1 # v4.1.1
         with:
           pkgname: apidash-bin
           pkgbuild: |
@@ -85,4 +87,4 @@ jobs:
           commit_username: ${{ secrets.AUR_USERNAME }}
           commit_email: ${{ secrets.AUR_EMAIL }}
           ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
-          commit_message: "Update to version ${{ steps.get_version.outputs.version }}"
+          commit_message: "Update to version ${{ steps.get_version.outputs.version }}"

.github/workflows/scorecard.yml

@@ -0,0 +1,78 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '30 5 1 * *'
+  push:
+    branches: [ "main" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    # `publish_results: true` only works when run from the default branch. conditional can be removed if disabled.
+    if: github.event.repository.default_branch == github.ref_name || github.event_name == 'pull_request'
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+          # (Optional) Uncomment file_mode if you have a .gitattributes with files marked export-ignore
+          # file_mode: git
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard (optional).
+      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

lib/apitoolgen/request_consolidator.dart

@@ -50,7 +50,9 @@ class APIDashRequestDescription {
       if (bodyJSON != null) {
         getTyp(input, [i = 0]) {
           String indent = "\t";
-          for (int j = 0; j < i; j++) indent += "\t";
+          for (int j = 0; j < i; j++) {
+            indent += "\t";
+          }
           if (input.runtimeType.toString().toLowerCase().contains('map')) {
             String typd = '{';
             for (final z in input.keys) {

lib/consts.dart

@@ -512,3 +512,6 @@ const kMsgClearHistorySuccess = 'History cleared successfully';
 const kMsgClearHistoryError = 'Error clearing history';
 const kMsgShareError = "Unable to share";
 const kLabelGenerateUI = "Generate UI";
+// Terminal Page
+const kMsgNoLogs = 'No logs yet';
+const kMsgSendToView = 'Send a request to view its details in the console.';

lib/main.dart

@@ -19,7 +19,6 @@ void main() async {
 
   var settingsModel = await getSettingsFromSharedPrefs();
   var onboardingStatus = await getOnboardingStatusFromSharedPrefs();
-  initializeJsRuntime();
   final initStatus = await initApp(
     kIsDesktop,
     settingsModel: settingsModel,

lib/providers/collection_providers.dart

@@ -3,6 +3,7 @@ import 'package:apidash_core/apidash_core.dart';
 import 'package:flutter/material.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:apidash/consts.dart';
+import 'package:apidash/terminal/terminal.dart';
 import 'providers.dart';
 import '../models/models.dart';
 import '../services/services.dart';
@@ -320,7 +321,9 @@ class CollectionStateNotifier
     RequestModel executionRequestModel = requestModel!.copyWith();
 
     if (!requestModel.preRequestScript.isNullOrEmpty()) {
-      executionRequestModel = await handlePreRequestScript(
+      executionRequestModel = await ref
+          .read(jsRuntimeNotifierProvider.notifier)
+          .handlePreRequestScript(
         executionRequestModel,
         originalEnvironmentModel,
         (envModel, updatedValues) {
@@ -347,6 +350,18 @@ class CollectionStateNotifier
           executionRequestModel.httpRequestModel!);
     }
 
+    // Terminal: start network log
+    final terminal = ref.read(terminalStateProvider.notifier);
+    final logId = terminal.startNetwork(
+      apiType: executionRequestModel.apiType,
+      method: substitutedHttpRequestModel.method,
+      url: substitutedHttpRequestModel.url,
+      requestId: requestId,
+      requestHeaders: substitutedHttpRequestModel.enabledHeadersMap,
+      requestBodyPreview: substitutedHttpRequestModel.body,
+      isStreaming: true,
+    );
+
     // Set model to working and streaming
     state = {
       ...state!,
@@ -398,6 +413,17 @@ class CollectionStateNotifier
           ...state!,
           requestId: newRequestModel,
         };
+        // Terminal: append chunk preview
+        if (response != null && response.body.isNotEmpty) {
+          terminal.addNetworkChunk(
+            logId,
+            BodyChunk(
+              ts: DateTime.now(),
+              text: response.body,
+              sizeBytes: response.body.codeUnits.length,
+            ),
+          );
+        }
         unsave();
 
         if (historyModel != null && httpResponseModel != null) {
@@ -425,6 +451,7 @@ class CollectionStateNotifier
       if (!completer.isCompleted) {
         completer.complete((null, null, 'StreamError: $e'));
       }
+      terminal.failNetwork(logId, 'StreamError: $e');
     });
 
     final (response, duration, errorMessage) = await completer.future;
@@ -436,6 +463,7 @@ class CollectionStateNotifier
         isWorking: false,
         isStreaming: false,
       );
+      terminal.failNetwork(logId, errorMessage ?? 'Unknown error');
     } else {
       final statusCode = response.statusCode;
       httpResponseModel = baseHttpResponseModel.fromResponse(
@@ -461,6 +489,14 @@ class CollectionStateNotifier
         isWorking: false,
       );
 
+      terminal.completeNetwork(
+        logId,
+        statusCode: statusCode,
+        responseHeaders: response.headers,
+        responseBodyPreview: httpResponseModel?.body,
+        duration: duration,
+      );
+
       String newHistoryId = getNewUuid();
       historyModel = HistoryRequestModel(
         historyId: newHistoryId,
@@ -487,7 +523,9 @@ class CollectionStateNotifier
           .addHistoryRequest(historyModel!);
 
       if (!requestModel.postRequestScript.isNullOrEmpty()) {
-        newRequestModel = await handlePostResponseScript(
+        newRequestModel = await ref
+            .read(jsRuntimeNotifierProvider.notifier)
+            .handlePostResponseScript(
           newRequestModel,
           originalEnvironmentModel,
           (envModel, updatedValues) {