Status: v1.8.0 - Production-Ready Modular Architecture
Bazzounquester has evolved from a simple HTTP CLI tool into a comprehensive API testing platform with Postman-level capabilities. This document describes the current architecture, design decisions, and modular structure.
- Modularity - Clean separation of concerns with focused modules
- Testability - Every module has comprehensive unit tests (280+ total)
- Extensibility - Easy to add new features without breaking existing code
- Performance - Rust's zero-cost abstractions for maximum speed
- User Experience - Beautiful terminal output, intuitive API
- 280+ Unit Tests - Comprehensive test coverage
- 13+ Modules - Clean separation of concerns
- 8,000+ Lines of Code - Production-ready implementation
- ~85% Test Coverage - High-quality codebase
- Zero Dependencies on Unsafe Code - Memory-safe Rust
src/
โโโ main.rs # CLI entry point & REPL
โโโ lib.rs # Public library exports
โ
โโโ http/ # Core HTTP functionality
โ โโโ mod.rs # Module exports
โ โโโ client.rs # HTTP client (reqwest wrapper)
โ โโโ request.rs # Request builder pattern
โ โโโ response.rs # Response handling & formatting
โ โโโ method.rs # HTTP method enum
โ
โโโ auth/ # Authentication modules
โ โโโ mod.rs # Auth system exports
โ โโโ basic.rs # Basic authentication (RFC 7617)
โ โโโ bearer.rs # Bearer token authentication
โ โโโ apikey.rs # API key (header/query)
โ โโโ oauth2.rs # OAuth 2.0 (5 grant types)
โ
โโโ upload/ # File upload system
โ โโโ mod.rs # Upload module exports
โ โโโ file.rs # FileUpload with MIME detection
โ โโโ form.rs # FormData builder
โ โโโ multipart.rs # Multipart request builder
โ
โโโ scripts/ # Scripting engine
โ โโโ mod.rs # Script system exports
โ โโโ script.rs # Script definition (pre/post)
โ โโโ engine.rs # Rhai execution engine
โ โโโ context.rs # Script execution context
โ
โโโ assertions/ # Validation framework
โ โโโ mod.rs # Assertion exports
โ โโโ assertion.rs # Assertion definition
โ โโโ matcher.rs # 14 matcher types
โ โโโ validator.rs # Response validation
โ
โโโ workflow/ # Request chaining
โ โโโ mod.rs # Workflow exports
โ โโโ step.rs # WorkflowStep builder
โ โโโ chain.rs # RequestChain container
โ โโโ executor.rs # Workflow execution engine
โ โโโ variables.rs # Variable substitution
โ
โโโ collections/ # Collections & workspaces
โ โโโ mod.rs # Collection exports
โ โโโ collection.rs # Request collection
โ โโโ workspace.rs # Workspace management
โ โโโ storage.rs # Persistence layer
โ
โโโ env/ # Environment management
โ โโโ mod.rs # Environment exports
โ โโโ environment.rs # Environment variables
โ โโโ manager.rs # Multi-env management
โ โโโ substitutor.rs # Variable substitution
โ
โโโ session/ # Session & cookie handling
โ โโโ mod.rs # Session exports
โ โโโ session.rs # Session management
โ โโโ cookies.rs # Cookie jar (cookie_store)
โ
โโโ history/ # Request history
โโโ mod.rs # History exports
โโโ manager.rs # History storage
โโโ entry.rs # History entry
โโโ logger.rs # Request/response logging
Purpose: Core HTTP client functionality
Key Types:
HttpClient- Wrapper aroundreqwest::blocking::ClientRequestBuilder- Fluent API for building requestsHttpResponse- Response container with timingHttpMethod- Enum for all HTTP methods
Design Decisions:
- Blocking API for simplicity (async planned for v2.0)
- Builder pattern for intuitive request construction
- Automatic JSON pretty-printing
- Response timing built-in
Example:
let client = HttpClient::new();
let request = RequestBuilder::new(HttpMethod::Get, "https://api.example.com")
.header("Authorization", "Bearer token")
.query("page", "1")
.build()?;
let response = client.execute(request)?;Purpose: Support all major authentication methods
Implementations:
- RFC 7617 compliant
- Base64 encoding
- Username/password pairs
- JWT token support
- Simple token wrapper
- Header injection
- Header-based:
X-API-Key: secret - Query-based:
?api_key=secret - Custom key names
Five grant types:
- Authorization Code - Web app flow
- Implicit - Client-side apps (deprecated but supported)
- Password - Resource owner credentials
- Client Credentials - Machine-to-machine
- Refresh Token - Token renewal
Design Decisions:
- Trait-based design for extensibility
- Each auth type is independent
- Easy integration with
RequestBuilder
Purpose: Multipart form data and file uploads
Key Types:
FileUpload- Single file representationFormData- Form builder (fields + files)MultipartBuilder- Constructs multipart requests
Features:
- Automatic MIME type detection (
mime_guess) - Custom filename support
- File size validation
- Mixed text fields and file uploads
Example:
let file = FileUpload::new("./document.pdf", "file")?;
let mut form = FormData::new();
form.add_field("title", "Document");
form.add_file(file)?;
let multipart = form.build()?;Purpose: Pre/post-request automation with JavaScript-like scripts
Key Types:
Script- Script definition (code + type)ScriptEngine- Rhai execution engineScriptContext- Variable storage + console output
Features:
- Pre-request scripts (setup, dynamic data)
- Post-request scripts (extraction, validation)
- Console logging
- Variable get/set
- Response access in post-scripts
Available in Scripts:
variables.get(name)/variables.set(name, value)response.status,response.body,response.timeconsole.log(message)- JSON parsing/stringifying
- Math operations
Example:
let script = Script::post(r#"
let data = JSON.parse(response.body);
variables.set("token", data.auth.token);
console.log("Token extracted: " + data.auth.token);
"#);
let mut engine = ScriptEngine::new();
engine.execute(&script, &mut context)?;Purpose: Response validation and testing
Key Types:
Assertion- Single assertion (field + matcher)Matcher- Comparison logic (14 types)ResponseValidator- Runs assertions against responses
Supported Matchers:
Equals/NotEquals- Exact matchingContains/NotContains- Substring searchStartsWith/EndsWith- Prefix/suffixRegex- Pattern matchingLessThan/LessThanOrEqual- Numeric</<=GreaterThan/GreaterThanOrEqual- Numeric>/>=IsEmpty/IsNotEmpty- Empty string checkHasLength- Exact lengthIsNull/IsNotNull- Null checks
Example:
let assertions = vec![
Assertion::new("$.status", Matcher::new(MatcherType::Equals, "200")),
Assertion::new("$.data.email", Matcher::new(MatcherType::Contains, "@")),
Assertion::new("$.data.age", Matcher::new(MatcherType::GreaterThan, "0")),
];
let validator = ResponseValidator::new(assertions);
let results = validator.validate(&response)?;Purpose: Multi-step request chaining with variable extraction
Key Types:
WorkflowStep- Single step (request + scripts + assertions + extractions)RequestChain- Container for ordered stepsWorkflowExecutor- Executes chains with variable substitutionVariableSubstitutor- Replaces{{var}}placeholders
Features:
- Variable extraction from JSON responses (
$.path.to.field) - Variable substitution in URLs, headers, and bodies
- Pre/post scripts per step
- Assertions per step
- Iteration over datasets
- Detailed execution results
Example:
let login = WorkflowStep::new("login")
.request(RequestBuilder::new(Post, "/login").body(credentials))
.extract_variable("token", "$.auth.token");
let fetch = WorkflowStep::new("fetch")
.request(RequestBuilder::new(Get, "/user/{{user_id}}")
.header("Authorization", "Bearer {{token}}"))
.assertion(Assertion::new("$.status", Matcher::equals("success")));
let chain = RequestChain::new("auth_flow")
.step(login)
.step(fetch);
let result = executor.execute(&chain)?;Purpose: Organize and persist request collections
Key Types:
Collection- Named group of requestsWorkspace- Container for multiple collectionsStorage- Persistence (YAML/JSON)
Features:
- Save/load collections
- Import/export formats
- Request organization
- Tagging and metadata
Purpose: Manage variables across environments
Key Types:
Environment- Key-value variable storeEnvironmentManager- Multi-environment handlingVariableSubstitutor-{{var}}replacement
Features:
- Multiple environments (dev, staging, prod)
- Active environment switching
- Global vs collection-scoped variables
- Secret management
Purpose: Cookie handling and session persistence
Key Types:
Session- Session containerCookieJar- Cookie storage (cookie_storecrate)
Features:
- Automatic cookie extraction
- Cookie persistence across requests
- Session save/load
- Cookie expiration handling
Purpose: Track and replay past requests
Key Types:
HistoryManager- History storageHistoryEntry- Single request/response pairHistoryLogger- Automatic logging
Features:
- Automatic request logging
- Search and filter
- Replay from history
- Export to JSON/YAML
tests/
โโโ integration/ # End-to-end tests (planned)
โโโ fixtures/ # Test data
โโโ common/ # Shared test utilities
Unit Tests:
- Every module has
#[cfg(test)]tests - 280+ tests covering all features
- Mock HTTP servers using
mockitoandwiremock
Test Examples:
http/client.rs- 15 testsauth/oauth2.rs- 39 testsscripts/engine.rs- 29 testsassertions/matcher.rs- 46 testsworkflow/executor.rs- 23 tests
cargo test # All tests
cargo test --lib # Unit tests only
cargo test -- --nocapture # With output| Crate | Version | Purpose |
|---|---|---|
clap |
4.5 | CLI argument parsing |
reqwest |
0.12 | HTTP client (blocking) |
tokio |
1.x | Async runtime (future use) |
serde |
1.0 | Serialization |
serde_json |
1.0 | JSON handling |
colored |
2.1 | Terminal colors |
rustyline |
14.0 | REPL/readline |
rhai |
1.21 | Scripting engine |
base64 |
0.22 | Base64 encoding |
cookie_store |
0.21 | Cookie management |
mime_guess |
2.0 | MIME type detection |
uuid |
1.11 | ID generation |
chrono |
0.4 | Date/time |
directories |
6.0 | Standard directories |
serde_yaml |
0.9 | YAML serialization |
regex |
1.11 | Regular expressions |
| Crate | Version | Purpose |
|---|---|---|
mockito |
1.5 | HTTP mocking |
wiremock |
0.6 | HTTP server mocking |
criterion |
0.5 | Benchmarking |
tempfile |
3.14 | Temporary files |
- Cold Start: ~50ms (REPL launch)
- Request Overhead: <10ms (builder + client setup)
- Memory: ~20MB baseline (REPL mode)
- Test Suite: ~2s for 280 tests
- Async/Await - Non-blocking I/O with Tokio
- Connection Pooling - Reuse HTTP connections
- HTTP/2 - Multiplexing
- Lazy Initialization - Defer module loading
- Full async/await implementation
- Tokio-based execution
- Connection pooling
- HTTP/2 support
- WebSocket client
- GraphQL support
- gRPC support
- Server-Sent Events (SSE)
- Performance testing (load generation)
- Mock server
- CI/CD runner (Newman-like)
- Security testing
RequestBuilder- Fluent request constructionWorkflowStep- Step-by-step workflow buildingFormData- Form construction
HttpClient- SimplifiesreqwestAPIWorkflowExecutor- Orchestrates complex workflows
Matcher- 14 different comparison strategies- Authentication types - Multiple auth strategies
HistoryManager- Persistence abstractionWorkspace- Collection storage
- No Unsafe Code - 100% safe Rust
- Input Validation - URL parsing, file paths
- Secret Handling - Environment variables for secrets
- HTTPS by Default - Secure connections
- Cookie Security - Respect HttpOnly, Secure flags
- Certificate pinning
- OWASP API Security checks
- Secrets detection in requests
- Security header analysis
cargo doc --open # Generate and open docsAll public types and functions are documented with:
- Purpose and usage
- Examples
- Parameter descriptions
- Return values
- โ 280+ passing tests
- โ ~85% test coverage
- โ 13 modular components
- โ Zero unsafe code
- โ Comprehensive examples
- โ Production-ready error handling
- 90%+ test coverage
- <1s test suite execution
- HTTP/2 support
- Async architecture
- 1000+ RPS throughput
When adding new features:
- Follow Module Structure - Keep related code together
- Write Tests First - TDD approach
- Document Public APIs - Rustdoc comments
- Use Builder Patterns - For complex types
- Avoid Unsafe Code - Unless absolutely necessary
- Error Handling - Use
Result<T>everywhere
| Version | Date | Key Changes |
|---|---|---|
| v1.0.0 | 2025-11-13 | Initial release - Basic HTTP client |
| v1.1.0 | 2025-11-13 | Modular architecture + tests |
| v1.2.0 | 2025-11-13 | Collections + history |
| v1.3.0 | 2025-11-13 | Sessions + cookies |
| v1.4.0 | 2025-11-14 | File uploads |
| v1.5.0 | 2025-11-14 | Authentication suite |
| v1.6.0 | 2025-11-14 | Scripting engine |
| v1.7.0 | 2025-11-14 | Assertions system |
| v1.8.0 | 2025-11-15 | Workflows + chaining |
Last Updated: 2025-11-15 Version: 1.8.0