Skip to content

Bruno API Collections

The repo keeps a Bruno workspace for manual local API checks. Use it for quick request-level smoke tests and debugging across auth, web proxy, API, and Mastra runtime boundaries.

Bruno is not a replacement for app tests, eval lanes, or browser verification. Mutating requests still change local data when they point at a running local stack.

Install Bruno before opening the repo workspace.

  • Download the desktop app from the official Bruno download docs.
  • On macOS, Homebrew users can install Bruno with the current command from the official docs.
  • Use Bruno 3.x for this workspace.
  1. Open Bruno.
  2. Choose the workspace/open option in Bruno.
  3. Select bruno/Leverage AI, the folder that contains workspace.yml.
  4. Select the localhost workspace environment.

The workspace file is bruno/Leverage AI/workspace.yml. It registers these collections:

  • auth
  • web
  • api
  • mastra

Start local infrastructure and apps before running requests:

Terminal window
bun run docker:up
bun run dev

Use the app-specific setup flows when a request needs real local data, a web session, a linked connector account, or a created chat/library/upload record.

Collection Base variable Boundary
auth AUTH_BASE_URL Direct auth-service routes, public access-request routes, and Better Auth session/account reads.
web WEB_BASE_URL Same-origin Nuxt BFF/proxy routes under /api/*.
api API_BASE_URL App-owned Mastra custom routes for chat, connectors, libraries, uploads, files, citations, and internal service diagnostics.
mastra MASTRA_BASE_URL Built-in Mastra runtime inspection routes such as agents, workflows, tools, logs, and traces.

Use api for product API behavior. Use mastra for runtime inspection only. Do not add built-in Mastra memory or vector mutation requests unless a task explicitly needs that low-level diagnostic path.

The Bruno workspace environment stores shared non-secret URL and workflow placeholder variables in bruno/Leverage AI/environments/localhost.yml.

Shared URL variables:

  • AUTH_BASE_URL
  • WEB_BASE_URL
  • API_BASE_URL
  • MASTRA_BASE_URL

Secret variables are declared in collection-local environments/localhost.bru files and must be set in Bruno, not committed:

  • AUTH_TOKEN for authenticated web/API/Mastra requests.
  • USER_API_KEY for product API smoke requests that must exercise the external x-api-key contract instead of bearer session auth.
  • INTERNAL_SERVICE_API_KEY for trusted internal API routes.
  • MELTANO_API_KEY for Meltano/service sync routes.

Workflow variables such as CHAT_ID, CONNECTOR_ID, API_KEY_ID, LIBRARY_ID, UPLOAD_ID, and FILE_ID are placeholders. Replace them with ids from prior Bruno responses, the local app UI, or targeted local data inspection.

Start with read-only health or config checks:

  1. Run web/health to confirm the Nuxt app is reachable.
  2. Run auth/health to confirm the auth service is reachable.
  3. Run api/chats/runtime-config after the API stack is ready.

For authenticated requests, get or paste the expected token into Bruno’s local secret variable field before running the request. Do not commit token values.

Use AUTH_TOKEN for normal authenticated web/session requests, including web/settings/* API-key management requests. Use USER_API_KEY only for product API requests that intentionally set x-api-key, such as api/chats/list-chats-with-api-key.

  • The workspace is curated. It intentionally does not mirror every route.
  • Mutating requests use safe sample payloads, but they still mutate local data when pointed at a running stack.
  • Internal service routes are grouped under api/Internal Service Routes and require explicit service-token variables.
  • API-key management requests live in the web collection because the UI uses the same-origin Nuxt BFF.
  • API-key product smoke requests live in the api collection and set auth: none plus the x-api-key header directly.
  • File upload uses UPLOAD_FILE_PATH; point it at a local fixture before running the request.
  • Connector requests require a real linked account and provider configuration when testing live local behavior.

Add a Bruno request when it helps developers manually check a stable runtime boundary or a recurring local debugging flow.

Do not add:

  • Temporary one-off requests.
  • Exhaustive generated route mirrors.
  • Old compatibility aliases.
  • Requests for deprecated paths.

Keep new requests grouped by runtime boundary, use existing workspace variables before adding new ones, and add only placeholder values for non-secret ids.

  • bruno/Leverage AI/workspace.yml
  • bruno/Leverage AI/environments/localhost.yml
  • apps/auth/src/index.ts
  • apps/web/server/api
  • apps/api/src/routes/connectorsRoutes.ts
  • bruno/Leverage AI/collections/web/settings/
  • bruno/Leverage AI/collections/api/chats/list-chats-with-api-key.bru
  • docs/features/authentication/spec.md
  • docs/features/chat/spec.md
  • docs/features/connectors/spec.md
  • docs/features/library/spec.md
  • docs/features/assistant-feedback/spec.md