Bruno vs Postman vs Curlex — Feature Comparison

Generated: May 2026
Curlex findings are based on direct source code audit — every cell verified by reading components/, services/, utils/, src-tauri/ source files. Documentation files (ROADMAP.md, key-features.md) were deliberately excluded.

Legend

SymbolMeaning
Fully implemented (source-verified)
⚠️Partial / limited implementation
Not implemented

1. Core Architecture & Philosophy

AspectBrunoPostmanCurlex
Open source✅ MIT❌ Proprietary
Local-first (no cloud account required)
Cloud sync❌ (Git-based only)✅ (mandatory)⚠️ (optional Git sync)
Collections stored as plain-text files on disk✅ (Bru lang / YAML)❌ (IndexedDB)
Git-native collaboration⚠️ (push/pull via settings)
Desktop app✅ (Electron)✅ (Electron)✅ (Tauri/Rust — far lighter)
CLI tool for CI/CD✅ (bru CLI)✅ (newman)
Auto-update✅ (updater.rs)
Free tier✅ Unlimited⚠️ Limited

2. Protocol Support

ProtocolBrunoPostmanCurlex
REST / HTTP
GraphQL (queries + variables)✅ (components/graphql/, 11 files)
GraphQL subscriptions✅ (graphql_ws.rs Tauri command)
GraphQL schema introspection✅ (graphqlSchemaService.ts)
GraphQL visual query builder✅ (GraphQLSchemaExplorer.tsx)
gRPC (unary + streams)
WebSocket (general)❌ (only GraphQL-over-WS)
SOAP / XML❌ (can send XML body, no WSDL)
HTTP/2
HTTP/3

3. Authentication

Auth TypeBrunoPostmanCurlex
No Auth
Basic Auth✅ (BasicAuthForm.tsx + urlBuilder.ts)
Bearer Token✅ (BearerTokenForm.tsx)
API Key (header or query)✅ (ApiKeyForm.tsx, addTo: 'header'|'query')
OAuth 1.0 with full HMAC-SHA1/SHA256 signing✅ (urlBuilder.ts lines 331–455, RFC 3986 encoding)
OAuth 2.0 — Authorization Code✅ (oauth2Service.ts, oauth2.rs)
OAuth 2.0 — Auth Code + PKCE (S256/plain)✅ (PKCE challenge generation implemented)
OAuth 2.0 — Client Credentials
OAuth 2.0 — Password Grant
OAuth 2.0 — Implicit✅ (parseImplicitRedirectFragment())
OAuth 2.0 — Token auto-refresh✅ (desktopAgentService.ts lines 221–249)
Digest Auth
NTLM Auth
AWS Signature v4
Inherited auth from parent folder/collection✅ (collectionHelpers.ts resolveInheritedAuth())
SSL client certificates✅ (ClientCertificateConfig + settingsSlice.ts)
mTLS / custom CA bundle✅ (caPath in ClientCertificateConfig)

4. Request Building

FeatureBrunoPostmanCurlex
HTTP methods: GET POST PUT PATCH DELETE HEAD OPTIONS✅ (enum HttpMethod in types.ts)
Query params editor with enabled/disabled toggle
Request headers editor
Body: raw JSON / XML / HTML / Text
Body: form-data
Body: x-www-form-urlencoded
Body: binary
Body: GraphQL (query + variables + operationName)
Per-request timeout✅ (settingsSlice.ts requestTimeout, default 5000ms)
Follow redirects toggle✅ (followRedirectsDefault in settings + per-request)
Proxy configuration
SSL verification toggle✅ (sslVerificationEnabled in settingsSlice.ts)
Request description (Markdown)✅ (description field on Request, rendered via react-markdown)

5. Response Handling

FeatureBrunoPostmanCurlex
Response body (JSON/XML/HTML/Text)
JSON pretty print
JSONPath filtering✅ (jsonpath-plus library)
Response headers view
Cookies view
Status / time / size metrics
Redirect chain visualization✅ (redirectHops with per-hop headers)
HTTP waterfall timing (DNS/TCP/TLS/TTFB/download)✅ (WaterfallTooltip.tsx, TimelineView.tsx)
Binary / PDF response rendering✅ (BinaryViewSelector.tsx, PdfPreview.tsx)
Response visualization scripts❌ (no bru.visualize() equivalent)
Saved response examples⚠️ (large bodies stored as artifacts, no named examples UI)

6. Variables & Environments

FeatureBrunoPostmanCurlex
Environment variables
Collection variables
Folder-level variables
Global variables✅ (globalVariables in environmentSlice.ts)
Local / request-level variables (from pre-req script)✅ (injected at script execution time)
Secret / masked variables✅ (VariableType = 'default' | 'secret', secretMasker.ts)
Dynamic variables✅ (60+ built-ins in dynamicVariables.ts: $guid, $timestamp, $randomEmail, $randomIP, etc.)
Variable scope precedence chain✅ (data → env → collection → global, urlBuilder.ts lines 84–120)
Env import / export
Active environment indicator

7. Scripting & Automation

FeatureBrunoPostmanCurlex
Pre-request scripts (executed before HTTP dispatch)✅ (preRequestExecutor.ts, fires before dispatch in runner)
Post-response / test scripts✅ (executor.ts, executeTestScript())
Scripts run in background thread✅ (Web Workers: testScript.worker.ts, preRequest.worker.ts)
Collection-level scripts
Folder-level scripts
Script API (fc.* / pm.*)✅ (pmAPI.tsfc.test, fc.expect, fc.response, fc.environment, fc.collectionVariables, fc.execution)
Execution flow control (setNextRequest, skipRequest, abort)✅ (preRequestAPI.ts fc.execution.*)
Chai-style BDD assertions✅ (fc.response.to.have.status(), .to.have.jsonBody(), .to.have.jsonSchema(), etc.)
variables.replaceIn() inline substitution✅ (fc.variables.replaceIn())
External npm libraries in scripts❌ (sandbox is a Function() constructor, no require/import)
No-code assertions UI (visual)

8. Collections & Organization

FeatureBrunoPostmanCurlex
Collections with nested folders (unlimited depth)✅ (recursive CollectionFolder type)
Drag-and-drop reorder✅ (@dnd-kit/core, SortableList.tsx)
Multiple workspaces✅ (workspacesSlice.ts)
Request duplication✅ (duplicateRequest() thunk)
Favorite / pin collections✅ (isFavorite on Collection)
Sidebar search / filter✅ (SearchSidebarWidget.tsx, GlobalSearch.tsx)
Request history (last 50)✅ (historySlice.ts, MAX 50 items)
Collection-level documentation✅ (CollectionDocViewer.tsx, Markdown)

9. Collection Runner & Testing

FeatureBrunoPostmanCurlex
Collection runner✅ (collectionRunner.ts, 300+ lines)
Request selection for run✅ (requestIds? in CollectionRunOptions)
Delay between requests✅ (delayMs option)
Retries per request✅ (retryCount, retryDelayMs)
Stop on failure✅ (stopOnFailure option)
Data-driven testing (CSV / JSON iteration)✅ (datasetEngine.ts — RFC 4180 CSV + JSON array/object support)
Run history persistence✅ (collectionRunnerDb.ts)
Run report: JUnit XML✅ (junitExportService.ts)
Run report: HTML✅ (htmlExportService.ts)
Run report: PDF✅ (pdfExportService.ts)
CI/CD runner via CLI✅ (bru run)✅ (newman)
GitHub Actions / Jenkins integration

10. Import & Export

FormatBrunoPostmanCurlex
Postman v2.1 import✅ (PostmanParser.ts — auth, body, folders, vars)
cURL import✅ (CurlParser.ts — headers, body, auth, URL)
OpenAPI / Swagger import✅ (OpenApiParser.ts — OAS 3.0 + Swagger 2.0, $ref resolution)
Insomnia import❌ (no dedicated parser)
WSDL / SOAP import
OpenAPI export✅ (OpenApiExporter.ts — generates OAS 3.0 from collection)
OpenAPI two-way sync
Native format export
Environment export
Postman script translatorN/A

11. Code Generation

TargetBrunoPostmanCurlex
cURL
Fetch (JS)
Axios
Node.js HTTP
Python (requests)
PHP cURL
Java (OkHttp)
Dart HTTP
Go
Ruby
C#
Swift

12. Secret & Security Management

FeatureBrunoPostmanCurlex
.env file support⚠️ (importable as environment, not auto-loaded from disk)
Internal vault secrets ({{vault:name}})✅ (vaultService.ts, domain-restricted, resolved pre-dispatch)
AWS Secrets Manager integration
Azure Key Vault integration
HashiCorp Vault integration
Secret masking in reports/console✅ (secretMasker.ts)
System keychain storage✅ (keychainClient.ts, 6 bridge methods via keychain.rs)
No cloud transmission of data

13. Git & Collaboration

FeatureBrunoPostmanCurlex
Git-native storage (files/folders on disk)
Push / pull / commit via UI✅ (gitRepoManager.ts, git.rs Tauri commands)
Auto-sync on interval✅ (autoInterval setting, gitSync.ts)
Conflict detection
GitHub / GitLab / Bitbucket / Azure DevOps GUI⚠️ (any Git remote via URL, no provider-specific auth UI)
Real-time team collaboration
Role-based access via Git permissions✅ (paid)

14. API Documentation

FeatureBrunoPostmanCurlex
Per-request Markdown description✅ (description on Request, react-markdown)
Collection-level docs viewer✅ (CollectionDocViewer.tsx)
Auto-generate API docs
Publish docs to web✅ (paid)
Response examples (named, saved)

15. Developer Experience & UX

FeatureBrunoPostmanCurlex
Cookie jar + manager UI✅ (tough-cookie, CookieManagerModal.tsx)
Request history✅ (historySlice.ts, 50-item limit)
Console / logging panel✅ (ConsolePanel.tsx — INFO/WARN/ERROR/TRACE + script logs)
Keyboard shortcuts (11 bindings)✅ (shortcuts.ts — Send, Save, Close Tab, Global Search, etc.)
Dark / light / system theme✅ (theme: 'dark'|'light'|'system' in settings)
In-app keyboard shortcuts reference✅ (overlay panel)
Native app menus (File/Edit/View/Help)✅ (menuBuilder.ts, menu.rs)
Mock servers✅ (paid)
API monitoring✅ (paid)
AI-assisted features✅ (agent integrations)✅ (Postbot)

16. Desktop Integration (Curlex advantage via Tauri)

FeatureBruno (Electron)Postman (Electron)Curlex (Tauri/Rust)
App binary size~300 MB~400 MB~15 MB
Memory footprintHighVery HighLow
HTTP layerNode.jsNode.jsNative Rust (http.rs)
System keychain✅ (keychain.rs)
Native file dialogs✅ (files.rs)
Network diagnostics✅ (network_probe.rs)
TLS info capture✅ (cert chain details in response)
Auto-update✅ (updater.rs)

17. Enterprise Features

FeatureBrunoPostmanCurlex
SAML SSO✅ (paid)✅ (paid)
SCIM provisioning✅ (paid)✅ (paid)
Audit logs✅ (via Git)✅ (paid)
License managementN/A
Self-hosted✅ (local desktop)✅ (Tauri local)

Summary Scorecard (Code-Accurate)

CategoryBrunoPostmanCurlex
Protocol support8/1010/106/10
Authentication9/1010/108/10
Variables & environments9/109/109/10
Scripting & automation9/1010/107/10
Collections & organization8/109/109/10
Runner & testing9/109/108/10
Import / export9/109/107/10
Secret management10/106/107/10
Git & collaboration10/107/106/10
Developer experience8/109/108/10
Enterprise7/109/102/10
Desktop performance6/105/1010/10
Overall89/12092/12087/120

Curlex is significantly more capable than the ROADMAP.md implied. Many features the roadmap listed as "planned" are already fully implemented in source code, including: all OAuth 2.0 grant types, full dynamic variables (60+), global variables, pre-request script execution, data-driven testing, drag-and-drop, request history, client certificates, SSL toggle, waterfall view, and more.

Where Curlex Wins vs Bruno

  • Tauri runtime — ~15 MB binary vs ~300 MB Electron; native Rust HTTP layer
  • PDF run reports — neither Bruno nor Postman have built-in PDF export
  • Internal vault secrets — domain-restricted {{vault:name}} secrets, resolved pre-dispatch
  • System keychain — OS-level secure storage (neither Bruno nor Postman have this)
  • TLS certificate chain info — exposed in response details
  • Network diagnosticsnetwork_probe.rs Tauri command
  • Favorite/pin collections — quick access pinning
  • Dart HTTP code generation — niche target neither competitor covers
  • Redirect chain visualization — per-hop headers and status codes
  • Waterfall timing (DNS/TCP/TLS/TTFB/download) — shown in every response

Feature Gaps: Making Curlex Aligned with Bruno

This section lists only genuinely missing features confirmed by code audit. Items the roadmap listed as "missing" that are actually implemented have been removed.

Tier 1 — Critical Gaps (Highest Impact)

1. Proxy Configuration

Gap: Zero proxy support. Corporate/enterprise users behind HTTP/HTTPS/SOCKS5 proxies cannot use Curlex.
What's needed:

  • HTTP / HTTPS / SOCKS5 proxy settings in Settings UI
  • System proxy detection toggle
  • Per-request proxy override
  • Proxy authentication credentials
    Affected files: settingsSlice.ts, desktopAgentService.ts, http.rs, SettingsModal.tsx

2. Digest Authentication

Gap: Missing auth type — widely used by legacy, enterprise, and WebDAV APIs.
What's needed:

  • AuthType extended with 'digest'
  • Digest auth form (username, password, realm, nonce/algorithm fields)
  • MD5 / SHA-256 digest computation (RFC 2617 / RFC 7616)
  • Two-round-trip challenge-response handling
    Affected files: types.ts, components/auth/, urlBuilder.ts, http.rs

3. AWS Signature v4 Authentication

Gap: Essential for AWS API Gateway, S3, and all native AWS services. Common requirement for backend teams.
What's needed:

  • AWS Signature v4 auth form (Access Key, Secret Key, Region, Service)
  • Canonical request + string-to-sign + signing key construction
  • Authorization header and x-amz-date / x-amz-security-token injection
    Affected files: types.ts, components/auth/, urlBuilder.ts

4. Collection-Level & Folder-Level Scripts

Gap: Scripts only exist on individual requests. Bruno runs scripts at collection and folder level, enabling shared setup/teardown.
What's needed:

  • preRequestScript?: string and testScript?: string on Collection and CollectionFolder types
  • Script execution chain: collection → folder → request (pre-request), then reverse (test)
  • UI script editors in collection and folder detail panels
    Affected files: types.ts, collectionRunner.ts, components/sidebar/

5. Folder-Level Variables

Gap: Only global → collection → environment scopes exist. Bruno supports per-folder variables for isolated sub-group configuration.
What's needed:

  • variables?: Variable[] on CollectionFolder type
  • Folder variables resolved between collection and environment in precedence chain
    Affected files: types.ts, urlBuilder.ts getAvailableVariables(), folder detail UI

6. General WebSocket Support

Gap: GraphQL subscriptions work over WebSocket (via graphql_ws.rs) but there is no general-purpose WebSocket request type.
What's needed:

  • WebSocket request mode in the request type system
  • Connect / disconnect lifecycle UI
  • Message send panel (text / binary)
  • Incoming message log
    Affected files: types.ts, new components/websocket/, new websocket.rs Tauri command

Tier 2 — High Value

7. External npm Libraries in Scripts

Gap: Scripts run in a Function() sandbox with no module system. Bruno allows importing from a curated set of inbuilt libraries.
What's needed:

  • Allowlist of common libraries available in script sandbox: lodash, moment, uuid, crypto-js, ajv, faker, xml2js
  • require('lodash') works inside pre-request and test scripts
    Affected files: testScript/executor.ts, testScript/preRequestExecutor.ts

8. Insomnia Import

Gap: No dedicated Insomnia v4 parser. Insomnia is widely used and teams migrating would import existing collections.
What's needed:

  • Insomnia v4 JSON parser in services/parsers/
  • Map Insomnia workspaces → collections, requests, environments
    Affected files: services/parsers/InsomniaParser.ts (new), importService.ts

9. OpenAPI Two-Way Sync

Gap: Curlex can import and export OpenAPI but cannot stay in sync with an evolving OAS file. Bruno has live OAS sync.
What's needed:

  • Track the OAS source file path per collection
  • Detect changes and offer to re-sync
  • Merge strategy for manually added requests vs OAS-generated ones
    Affected files: OpenApiExporter.ts, OpenApiParser.ts, collection type

10. No-Code Assertions UI (Visual Test Builder)

Gap: All tests require writing JavaScript. Bruno has a GUI assertion editor (field → operator → value).
What's needed:

  • Visual assertion row editor in the test tab (select path, operator, expected value)
  • Compiles assertion rows to fc.test() script automatically
    Affected files: new components/assertions/AssertionsEditor.tsx, test script panel

11. NTLM Authentication

Gap: Required for Windows Active Directory and Azure AD-protected internal APIs.
What's needed:

  • NTLM auth form (username, password, domain, workstation)
  • NTLM Type-1 / Type-2 / Type-3 message handshake — likely needs Rust native implementation
    Affected files: types.ts, components/auth/, http.rs

12. Response Visualization Scripts

Gap: No equivalent to Bruno's bru.visualize() / Postman's pm.visualizer.set() for rendering custom HTML response views.
What's needed:

  • fc.visualize(template, data) API in test script context
  • HTML preview panel in response tab
    Affected files: pmAPI.ts, executor.ts, ResponsePanel.tsx

13. Named Response Examples

Gap: Large bodies are stored as artifacts but there is no named "example" concept tied to a request, like in Bruno / Postman.
What's needed:

  • examples?: ResponseExample[] on Request type
  • "Save as example" button in response panel
  • Example selector in request view
    Affected files: types.ts, ResponsePanel.tsx, CollectionDocViewer.tsx

Tier 3 — Nice to Have

14. gRPC Support

Gap: gRPC is increasingly common for internal microservice APIs.
What's needed: Proto file management, unary + client/server/bidi streaming, gRPC reflection
Estimated effort: Very high — requires new Tauri Rust command + full UI

15. WSDL / SOAP Import

Gap: Legacy enterprise APIs are still heavily SOAP-based.
What's needed: WSDL parser → generate SOAP XML request stubs in a collection
Estimated effort: High

16. Cloud Secret Manager Integrations

Gap: Curlex has an internal vault but no integrations with AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault (Bruno has all three).
What's needed: Secret provider plugin system; fetch secret by key at request time
Estimated effort: Medium per provider

17. Auto-Generated API Documentation

Gap: No way to generate human-readable API docs from a collection.
What's needed: Export collection as Markdown or HTML documentation with request/response examples
Affected files: new services/docGenerator.ts

18. CLI Tool (curlex run)

Gap: No CLI runner for CI/CD pipelines. Both Bruno and Postman/newman have this.
What's needed: Node.js CLI: curlex run <collection> --env <env> --data <csv> --reporter junit
Estimated effort: High — requires extracting runner logic from Tauri into a standalone package

19. AI-Assisted Features

Gap: No AI integration for request generation, script writing, or documentation.
What's needed: LLM API hook for "generate request from description", "write test for this response"
Estimated effort: Medium

Accurate Priority Matrix

PriorityFeatureComplexity
P0 🔴Proxy configurationMedium
P0 🔴Digest authenticationLow
P0 🔴AWS Signature v4Low
P1 🟠Collection/folder-level scriptsMedium
P1 🟠Folder-level variablesLow
P1 🟠General WebSocket supportHigh
P1 🟠External npm libs in scriptsMedium
P1 🟠Insomnia importLow
P1 🟠OpenAPI two-way syncMedium
P1 🟠No-code assertions UIMedium
P2 🟡NTLM authenticationMedium
P2 🟡Response visualization scriptsLow
P2 🟡Named response examplesLow
P3 🟢gRPC supportVery high
P3 🟢WSDL/SOAP importHigh
P3 🟢Cloud secret managersMedium
P3 🟢Auto-generated API docsMedium
P3 🟢CLI toolHigh
P3 🟢AI-assisted featuresMedium