Bruno API Collections
What Bruno Is For
Section titled “What Bruno Is For”The repo keeps a Bruno workspace for manual local API checks. Use it for quick request-level smoke tests and debugging across auth, web proxy, API, and Mastra runtime boundaries.
Bruno is not a replacement for app tests, eval lanes, or browser verification. Mutating requests still change local data when they point at a running local stack.
Install Bruno
Section titled “Install Bruno”Install Bruno before opening the repo workspace.
- Download the desktop app from the official Bruno download docs.
- On macOS, Homebrew users can install Bruno with the current command from the official docs.
- Use Bruno 3.x for this workspace.
Open The Repo Workspace
Section titled “Open The Repo Workspace”- Open Bruno.
- Choose the workspace/open option in Bruno.
- Select
bruno/Leverage AI, the folder that containsworkspace.yml. - Select the
localhostworkspace environment.
The workspace file is bruno/Leverage AI/workspace.yml. It registers these collections:
authwebapimastra
Start The Local Stack
Section titled “Start The Local Stack”Start local infrastructure and apps before running requests:
bun run docker:upbun run devUse the app-specific setup flows when a request needs real local data, a web session, a linked connector account, or a created chat/library/upload record.
Choose A Collection
Section titled “Choose A Collection”| Collection | Base variable | Boundary |
|---|---|---|
auth |
AUTH_BASE_URL |
Direct auth-service routes, public access-request routes, and Better Auth session/account reads. |
web |
WEB_BASE_URL |
Same-origin Nuxt BFF/proxy routes under /api/*. |
api |
API_BASE_URL |
App-owned Mastra custom routes for chat, connectors, libraries, uploads, files, citations, and internal service diagnostics. |
mastra |
MASTRA_BASE_URL |
Built-in Mastra runtime inspection routes such as agents, workflows, tools, logs, and traces. |
Use api for product API behavior. Use mastra for runtime inspection only. Do not add built-in Mastra memory or vector mutation requests unless a task explicitly needs that low-level diagnostic path.
Set Variables
Section titled “Set Variables”The Bruno workspace environment stores shared non-secret URL and workflow placeholder variables in bruno/Leverage AI/environments/localhost.yml.
Shared URL variables:
AUTH_BASE_URLWEB_BASE_URLAPI_BASE_URLMASTRA_BASE_URL
Secret variables are declared in collection-local environments/localhost.bru files and must be set in Bruno, not committed:
AUTH_TOKENfor authenticated web/API/Mastra requests.USER_API_KEYfor product API smoke requests that must exercise the externalx-api-keycontract instead of bearer session auth.INTERNAL_SERVICE_API_KEYfor trusted internal API routes.MELTANO_API_KEYfor Meltano/service sync routes.
Workflow variables such as CHAT_ID, CONNECTOR_ID, API_KEY_ID, LIBRARY_ID, UPLOAD_ID, and FILE_ID are placeholders. Replace them with ids from prior Bruno responses, the local app UI, or targeted local data inspection.
Run A First Request
Section titled “Run A First Request”Start with read-only health or config checks:
- Run
web/healthto confirm the Nuxt app is reachable. - Run
auth/healthto confirm the auth service is reachable. - Run
api/chats/runtime-configafter the API stack is ready.
For authenticated requests, get or paste the expected token into Bruno’s local secret variable field before running the request. Do not commit token values.
Use AUTH_TOKEN for normal authenticated web/session requests, including web/settings/* API-key management requests. Use USER_API_KEY only for product API requests that intentionally set x-api-key, such as api/chats/list-chats-with-api-key.
Current Limits
Section titled “Current Limits”- The workspace is curated. It intentionally does not mirror every route.
- Mutating requests use safe sample payloads, but they still mutate local data when pointed at a running stack.
- Internal service routes are grouped under
api/Internal Service Routesand require explicit service-token variables. - API-key management requests live in the
webcollection because the UI uses the same-origin Nuxt BFF. - API-key product smoke requests live in the
apicollection and setauth: noneplus thex-api-keyheader directly. - File upload uses
UPLOAD_FILE_PATH; point it at a local fixture before running the request. - Connector requests require a real linked account and provider configuration when testing live local behavior.
When To Add Requests
Section titled “When To Add Requests”Add a Bruno request when it helps developers manually check a stable runtime boundary or a recurring local debugging flow.
Do not add:
- Temporary one-off requests.
- Exhaustive generated route mirrors.
- Old compatibility aliases.
- Requests for deprecated paths.
Keep new requests grouped by runtime boundary, use existing workspace variables before adding new ones, and add only placeholder values for non-secret ids.
Canonical Sources
Section titled “Canonical Sources”bruno/Leverage AI/workspace.ymlbruno/Leverage AI/environments/localhost.ymlapps/auth/src/index.tsapps/web/server/apiapps/api/src/routes/connectorsRoutes.tsbruno/Leverage AI/collections/web/settings/bruno/Leverage AI/collections/api/chats/list-chats-with-api-key.brudocs/features/authentication/spec.mddocs/features/chat/spec.mddocs/features/connectors/spec.mddocs/features/library/spec.mddocs/features/assistant-feedback/spec.md