feat(ai): Improve ai context#8404
Open
naman-bruno wants to merge 2 commits into
Open
Conversation
naman-bruno
requested review from
bijin-bruno,
helloanoop,
lohit-bruno,
sid-bruno,
utkarsh-bruno and
vijayh-bruno
as code owners
Contributor
WalkthroughAdds AI variable payloads in the renderer, shared AI context formatting and search helpers in Electron, and variable forwarding through chat and script-generation IPC. The AI assist entry points and their consumer components now pass ChangesAI Variables Pipeline
Sequence Diagram(s)sequenceDiagram
participant ReactComponent
participant AIAssist
participant RendererAI as utils/ai
participant IPC as renderer:ai-generate-script
participant Context as context.js
participant LLM
ReactComponent->>AIAssist: variables={aiVariables}
AIAssist->>RendererAI: aiGenerateScript(..., variables)
RendererAI->>IPC: request payload with variables
IPC->>Context: formatRequestContext, formatVariablesList
IPC->>LLM: streamText with read_response and search_variables
LLM-->>IPC: text deltas + tool calls
IPC-->>AIAssist: { content, modelId }
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 12
🧹 Nitpick comments (3)
packages/bruno-electron/src/ipc/ai/context.js (1)
1-300: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winAdd backend tests for the context helpers.
This new module owns provider-facing redaction, response shaping, and variable search formatting; it should have direct tests for secret masking, body redaction, search limits, and empty-query behavior.
As per coding guidelines, “Add tests for any new functionality or meaningful changes.”
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/bruno-electron/src/ipc/ai/context.js` around lines 1 - 300, The new backend context helpers in context.js need direct test coverage for the redaction and formatting behavior they introduced. Add tests for the key symbols formatRequestContext, redactResponseValues, formatResponseShape, isSecretVariable, formatVariablesList, searchVariables, and formatSearchVariablesResult, verifying secret masking, response body shaping, search limit truncation, and empty-query handling. Place the tests alongside the existing backend test suite so these shared AI-facing rules stay covered as the module evolves.Source: Coding guidelines
packages/bruno-app/src/utils/ai/index.spec.js (1)
154-221: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winAdd regression coverage for OAuth2 redaction and override precedence.
These tests don’t cover OAuth2 credentials being present via
getAllVariables(), or higher-precedence runtime/request values overriding env/global names. Those are the risky paths for this new payload builder.As per coding guidelines, “Add tests for any new functionality or meaningful changes.”
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/bruno-app/src/utils/ai/index.spec.js` around lines 154 - 221, The current buildAiVariablesPayload test suite is missing regression coverage for OAuth2 credentials coming through getAllVariables and for runtime/request values overriding env/global entries. Add focused tests in buildAiVariablesPayload to verify OAuth2 fields are redacted like other secrets and that higher-precedence runtime/request names win over environment/global values without duplication, using the existing buildAiVariablesPayload and getAllVariables paths as the reference points.Source: Coding guidelines
packages/bruno-electron/src/ipc/ai/index.js (1)
230-260: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winAdd tests for the new script-generation path in
packages/bruno-electron/src/ipc/ai/index.js. ThestreamText+ tools flow needs coverage for tool calls, the no-variable branch, empty output, and response-shape lookup so regressions in script generation are caught.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/bruno-electron/src/ipc/ai/index.js` around lines 230 - 260, Add tests covering the script-generation flow in the AI IPC module by exercising the streamText-based path in the handler that builds scripts, including tool-call execution, the no-variable branch, empty output handling, and response-shape lookup. Focus on the relevant symbols around streamText, buildScriptSystemPrompt, buildScriptUserPrompt, stripCodeFences, and the returned { content, modelId } shape so regressions in the script-generation path are caught.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/bruno-app/src/components/AiChatSidebar/index.js`:
- Around line 365-371: The aiVariables payload is only including the active item
for request chats, so folder chats are missing folder-scoped variables. Update
the useMemo call in AiChatSidebar’s aiVariables to pass the active folder when
aiContext.kind is 'folder' (in addition to the request item when kind is
'request'), so buildAiVariablesPayload(collection, item) can fold the correct
scope into the prompt preview and search_variables results.
In `@packages/bruno-app/src/components/FolderSettings/Documentation/index.js`:
- Line 49: The FolderSettings Documentation component is building AI variables
without the current folder context, so folder-scoped variables are omitted.
Update the useMemo call in the Documentation component to pass the folder/item
object into buildAiVariablesPayload(collection, item) instead of null, ensuring
the AIAssist flow receives complete folder-doc context.
In `@packages/bruno-app/src/components/FolderSettings/Script/index.js`:
- Line 106: The aiVariables payload in the FolderSettings Script view is
omitting folder-scoped variables because buildAiVariablesPayload is called with
null instead of the current folder. Update the useMemo call in the Script
component to pass the in-scope folder value into
buildAiVariablesPayload(collection, folder) so AI assist and search_variables
include variables defined on the current folder.
In `@packages/bruno-app/src/components/FolderSettings/Tests/index.js`:
- Around line 42-43: The aiVariables payload is being built with no folder
context, so folder-local variables are omitted from the AIAssist setup in the
Tests component. Update the useMemo call in FolderSettings/Tests to build the
payload with the folder scope instead of null, using the existing
collection/folder data path so AIAssist receives the same variables context that
folder tests run with.
In `@packages/bruno-app/src/utils/ai/index.js`:
- Around line 131-170: The variable aggregation in the search helper is using
first-write wins via seen, which can return lower-precedence values instead of
the effective resolved value. Update the logic around add and the
getAllVariables collection loop to preserve variable precedence by either
starting from the final merged result of getAllVariables(item, collection) and
then annotating scope/secret metadata, or by allowing later higher-priority
sources to replace earlier entries instead of skipping them. Keep the existing
scope handling for env, globalEnvSecrets/globalEnvironmentVariables,
runtimeVariables, and the collection/folder/request variables so
search_variables reflects runtime resolution.
- Around line 167-178: `getAllVariables()` is already emitting OAuth2 entries,
so the later OAuth2 secret pass in `index.js` can skip `$oauth2.*.clientId`
after it has been added once with the wrong secret flag. Update the variable
collection flow around `getAllVariables`, `add`, and the explicit “OAuth2
credentials” block so OAuth2 names are excluded from the general pass (or
otherwise deferred) and only added in the dedicated secret-handling pass with
`secret: true`.
- Around line 100-108: Broaden the redaction logic in SENSITIVE_NAME_PATTERNS so
token-like fields such as refresh_token, id_token, csrfToken, and plain TOKEN
are matched and removed before building the renderer payload. Update the
relevant matcher in ai/index.js to cover these additional name variants, and
make the same change in the mirrored redaction list in context.js so both paths
stay consistent.
In `@packages/bruno-electron/src/ipc/ai/context.js`:
- Around line 147-174: Mask sensitive data before serializing structured request
bodies in the AI context builder: the body handling in the context.js request
formatting logic currently copies json and graphql.variables verbatim, so update
the same body-mode switch that handles json and graphql to recursively redact
secrets like password, client_secret, and refresh_token before appending to
parts. Reuse the existing masking approach used for formUrlEncoded and
multipartForm so the final formatted “Body” section still shows structure but
never exposes raw sensitive values.
- Around line 12-26: The sensitive-header redaction list in
SENSITIVE_HEADER_PATTERNS is missing generic token names, so provider-boundary
values like refresh_token, id_token, csrfToken, and TOKEN can slip through.
Update the pattern set used in the IPC AI context redaction logic to mirror the
renderer-side list and add matching cases for generic token-related names
alongside the existing authorization, cookie, api key, secret, and password
patterns.
In `@packages/bruno-electron/src/ipc/ai/index.js`:
- Line 212: The tool description for the variable search helper is too narrow
because it only points to bru.getEnvVar and bru.getVar, which can lead to
incorrect usage for collection/global/runtime scopes. Update the description in
the AI IPC tool definition to list the scope-specific Bruno getters alongside
the existing guidance, so callers know which getter to use for each returned
variable type. Use the description string in the tool metadata under the ai IPC
index to make this change.
In `@packages/bruno-electron/src/ipc/ai/script-prompts.js`:
- Around line 308-311: The AI prompt context is currently including full request
bodies through formatRequestContext, which can leak secrets or PII. Update the
prompt-building logic in script-prompts.js so the context passed to
formatRequestContext uses a redacted or capped body shape rather than the
default full body, while still keeping includeResponse enabled if needed. If
there is an existing helper or option for body masking in formatRequestContext
or related request-context formatting code, use that; otherwise disable body
inclusion until request-body redaction is available.
- Line 356: The search_variables tool instruction is too narrow because it only
mentions bru.getEnvVar and bru.getVar, which can lead generated code to use the
wrong accessor for collection, folder, request, global, or secret variables.
Update the wording in script-prompts.js around search_variables to explicitly
tell the model to use the returned scope to choose the correct runtime accessor
for the variable before referencing it in code, while still avoiding pasting
secret values.
---
Nitpick comments:
In `@packages/bruno-app/src/utils/ai/index.spec.js`:
- Around line 154-221: The current buildAiVariablesPayload test suite is missing
regression coverage for OAuth2 credentials coming through getAllVariables and
for runtime/request values overriding env/global entries. Add focused tests in
buildAiVariablesPayload to verify OAuth2 fields are redacted like other secrets
and that higher-precedence runtime/request names win over environment/global
values without duplication, using the existing buildAiVariablesPayload and
getAllVariables paths as the reference points.
In `@packages/bruno-electron/src/ipc/ai/context.js`:
- Around line 1-300: The new backend context helpers in context.js need direct
test coverage for the redaction and formatting behavior they introduced. Add
tests for the key symbols formatRequestContext, redactResponseValues,
formatResponseShape, isSecretVariable, formatVariablesList, searchVariables, and
formatSearchVariablesResult, verifying secret masking, response body shaping,
search limit truncation, and empty-query handling. Place the tests alongside the
existing backend test suite so these shared AI-facing rules stay covered as the
module evolves.
In `@packages/bruno-electron/src/ipc/ai/index.js`:
- Around line 230-260: Add tests covering the script-generation flow in the AI
IPC module by exercising the streamText-based path in the handler that builds
scripts, including tool-call execution, the no-variable branch, empty output
handling, and response-shape lookup. Focus on the relevant symbols around
streamText, buildScriptSystemPrompt, buildScriptUserPrompt, stripCodeFences, and
the returned { content, modelId } shape so regressions in the script-generation
path are caught.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 6c4e2b3d-466a-4a39-a010-398f2852bfde
📒 Files selected for processing (21)
packages/bruno-app/src/components/AIAssist/index.jspackages/bruno-app/src/components/AiChatSidebar/index.jspackages/bruno-app/src/components/CollectionApp/index.jspackages/bruno-app/src/components/CollectionSettings/Docs/index.jspackages/bruno-app/src/components/CollectionSettings/Script/index.jspackages/bruno-app/src/components/CollectionSettings/Tests/index.jspackages/bruno-app/src/components/Documentation/index.jspackages/bruno-app/src/components/FolderSettings/Documentation/index.jspackages/bruno-app/src/components/FolderSettings/Script/index.jspackages/bruno-app/src/components/FolderSettings/Tests/index.jspackages/bruno-app/src/components/RequestPane/AppCodeEditor/index.jspackages/bruno-app/src/components/RequestPane/Script/index.jspackages/bruno-app/src/components/RequestPane/Tests/index.jspackages/bruno-app/src/providers/ReduxStore/slices/chat.jspackages/bruno-app/src/utils/ai/index.jspackages/bruno-app/src/utils/ai/index.spec.jspackages/bruno-electron/src/ipc/ai/chat-prompts.jspackages/bruno-electron/src/ipc/ai/chat.jspackages/bruno-electron/src/ipc/ai/context.jspackages/bruno-electron/src/ipc/ai/index.jspackages/bruno-electron/src/ipc/ai/script-prompts.js
utkarsh-bruno
previously approved these changes
Jun 29, 2026
utkarsh-bruno
left a comment
utkarsh-bruno
left a comment
Collaborator
There was a problem hiding this comment.
Looks good to me.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/bruno-app/src/utils/ai/index.spec.js`:
- Around line 234-252: The secret-override and OAuth2 tests in
buildAiVariablesPayload are missing assertions for the scope field, so they
don’t verify the source classification that downstream variable listing/search
relies on. Update the affected specs in index.spec.js to assert tok.scope (and
the corresponding OAuth2 variable scope) alongside value and secret, using the
existing buildAiVariablesPayload and variable lookup logic so the tests cover
the observable output. Keep the expectations aligned with the intended source
semantics for each case.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: b5edd169-9a48-4633-a831-78f3c05fa9b9
📒 Files selected for processing (12)
packages/bruno-app/src/components/AiChatSidebar/index.jspackages/bruno-app/src/components/FolderSettings/Documentation/index.jspackages/bruno-app/src/components/FolderSettings/Script/index.jspackages/bruno-app/src/components/FolderSettings/Tests/index.jspackages/bruno-app/src/utils/ai/index.jspackages/bruno-app/src/utils/ai/index.spec.jspackages/bruno-electron/src/ipc/ai/chat-prompts.jspackages/bruno-electron/src/ipc/ai/chat.jspackages/bruno-electron/src/ipc/ai/context.jspackages/bruno-electron/src/ipc/ai/context.spec.jspackages/bruno-electron/src/ipc/ai/index.jspackages/bruno-electron/src/ipc/ai/script-prompts.js
🚧 Files skipped from review as they are similar to previous changes (10)
- packages/bruno-app/src/components/FolderSettings/Tests/index.js
- packages/bruno-app/src/components/FolderSettings/Script/index.js
- packages/bruno-app/src/components/FolderSettings/Documentation/index.js
- packages/bruno-app/src/components/AiChatSidebar/index.js
- packages/bruno-electron/src/ipc/ai/index.js
- packages/bruno-electron/src/ipc/ai/chat-prompts.js
- packages/bruno-electron/src/ipc/ai/script-prompts.js
- packages/bruno-app/src/utils/ai/index.js
- packages/bruno-electron/src/ipc/ai/context.js
- packages/bruno-electron/src/ipc/ai/chat.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
variablesprop for improved context handling.Contribution Checklist:
Note: Keeping the PR small and focused helps make it easier to review and merge. If you have multiple changes you want to make, please consider submitting them as separate pull requests.
Publishing to New Package Managers
Please see here for more information.
Summary by CodeRabbit