Changelog
All notable changes to this project will be documented in this file.
v0.3.2 — Embedded Docs & Rate Limit Multiplier
Date: 2026-06-14
- In-App Docs Embeds GitHub Pages: The browser UI Docs tab now loads the full published documentation site (
https://dprakash2101.github.io/overload/) directly in a full-height iframe — complete with the site's own sidebar and navigation. No duplicate navigation in the app. - Configurable Phase 2 Multiplier: Rate limit tests now support a configurable
rate_limit_exceed_multiplier(2×–10×) for Phase 2 instead of the hardcoded 2×. Exposed via browser UI slider, CLI--exceed-multiplierflag, MCP server parameter, and config file. - Tests: 4 new tests for custom multiplier values. 261 tests total, all passing.
v0.3.1 — Security Patch
Date: 2026-06-09
- GitHub Actions — Script Injection Fix: All
${{ inputs.version }}interpolations inpublish.ymlhave been replaced with safe environment variable bindings (INPUT_VERSION). A newvalidate-versionjob gates downstream jobs and rejects version inputs that don't match a semver pattern. - API — Path Traversal Fix: The
/api/collection/load-local,/api/environment/load-local, and/api/data/load-localendpoints now reject any path outside the working directory usingos.path.realpath()(covers symlink escapes). Error responses no longer expose raw exception messages. - Tests: 5 new security tests (254 total, all passing).
v0.3.0 — Per-Run Folders, Responses JSON, Robust Cancellation, CSV Testing, Request Selection, Report on Stop, In-app Docs, Beginner Mode, MCP Server
Date: 2026-06-09
- Per-Run Report Folders: Each run now writes to its own folder
reports/run_<run_id>/containingreport.html,meta.json(history sidecar), and optionallyresponses.json. Run history is restored on restart by scanningreports/run_*/meta.json(legacy flat*_meta.jsonsidecars are still read). - Response Body Saving: Enable
--save-responses(CLI) or the "Save response bodies" toggle (UI) to capture the first 10 KB of each response. Bodies are written toresponses.jsonin the run folder — not embedded in the HTML report. NewGET /api/runs/{id}/responsesendpoint; Results table shows a Responses download button when bodies were captured. - Robust Cancellation: Fixed: stopping a test via the watchdog hard-cancel (
task.cancel()) now always generates a partial report from collected data.HttpClientpopulates aresult_sinkon every completed request soservice.pyretains partial results even across anasyncio.CancelledError. Both graceful stop and hard cancel producestatus="stopped"with an HTML report. - CSV Data-Driven Testing: Attach a CSV file and each request fills its
{{placeholders}}from a different row (round-robin) — URLs, headers, body, query params, and auth all covered. New--data PATHflag onoverload runandoverload sequential. Browser UI shows a drag-and-drop CSV card with matched/unmatched placeholder feedback. New API endpoints:POST /api/data/upload,POST /api/data/load-local,POST /api/data/clear,GET /api/data/status. - Request Selection: Cherry-pick a subset of requests before running. Per-request checkboxes in the collection tree, Select All / Select None buttons, a live "N of M selected" counter, and folder checkboxes with indeterminate-state support.
POST /api/test/startreturns HTTP 400 whenselected_requestsis explicitly empty. - Report on Stop: Cooperative cancellation —
POST /api/test/stopsets a cancel event and gives the pattern a 10-second grace window to return partial results before the watchdog hard-cancels. Stopped runs show action buttons in the Results table. - In-app Documentation: New "Docs" tab — two-pane layout, 8 topics, all client-side navigation.
- Beginner-Friendly Live Dashboard:
?tooltip chips on all KPI labels. "Beginner mode" toggle with plain-English phase descriptions; persisted inlocalStorage. - MCP Server:
overload mcpsubcommand exposes Overload as six tools to Claude Code, Codex CLI, and GitHub Copilot. Install:pip install "overload-cli[mcp]". - Tests: 249 tests total, all passing.
v0.2.1 — Live Dashboard Fixes
Date: 2026-06-06
- Live Dashboard (all 10 test types): All patterns now emit progress at least every ~0.5 s via a time-based throttle. Previously, Ramp and Stress blocked up to 30 s between updates. All 8 engine patterns switched from
asyncio.gathertoadd_done_callback+asyncio.as_completedso the dashboard updates as each response arrives. - BreakpointPattern Probe Fixed: The internal
_probe()coroutine previously usedasyncio.gatherand blocked silently for up to 5 s per binary-search probe (RPS × 5 s). Now usesadd_done_callback+asyncio.as_completedso progress emits throughout each probe. - Rate Limit 50–60 s Delay Fixed: The task-dispatch loop now emits a
sent N/Mprogress update per request. Cooldown ticks every second with a countdown label. Previously the dashboard was silent for the entire 60 s phase. - Accurate Progress Bar:
total_requestsin rate limit tests is always the full cumulative total (cap + 2×cap) so the bar never resets to 0% when Phase 2 starts. - Client-Side Elapsed Timer: A 1 s
setIntervalin the browser ticks the elapsed counter independently, so it never freezes between WebSocket messages. - Fluid Status Chart: Status-code doughnut now does incremental
chart.update()instead of destroy + recreate, eliminating jank during rapid updates. - Tests: 27 new tests in
test_load_patterns.pycovering throttle behaviour,_safe_done_callback, and per-pattern liveness for all 8 engine patterns (Burst, Ramp, Load, Stress, Spike, Soak, Breakpoint, Custom). Additional rate limit tests for live progress and cumulative totals. 177 tests total, all passing.
v0.2.0 — Rate Limit Redesign
Date: 2026-06-02
- Rate Limit Redesign: Complete rewrite of the Rate Limit pattern. Unit changed from req/s to req/min. Old burst+ramp approach replaced with a deterministic 2-phase validation:
- Phase 1 — sends exactly
rate_limit_capreq/min for 60 s (at the stated limit) - Cooldown — waits 15 s for the sliding window to reset
- Phase 2 — sends
2 × rate_limit_capreq/min for 60 s (deliberately exceeds the limit)
- Phase 1 — sends exactly
- Verdict System: Each run now returns one of three outcomes:
working,not_working, ortoo_strict. - Live Phase Dashboard: Browser UI shows the current phase label and description in real time during the test.
- Report: HTML report section renamed to "Rate Limit Validation" with a phase-summary bar chart and a prominent verdict banner.
- Removed
rate_limit_requestsconfig field — onlyrate_limit_cap(req/min) remains. - Tests: 26 new unit tests for the rate limit engine covering verdict logic, phase mechanics, progress callbacks, and cancellation.
v0.1.1 — Initial Release
Date: 2026-05-30
- Initial PyPI Release: The first public release of
overload-cli. - Postman Collection Support: Native parsing of Postman Collections (v2.0.0 and v2.1.0) without conversion.
- Web UI: Launched the interactive Browser UI using FastAPI and Vanilla JS for visual test configuration.
- 10 Load Patterns: Included Burst, Load, Stress, Spike, Soak, Ramp, Breakpoint, Custom, Rate Limit, and Sequential testing profiles.
- Authentication: Full support for Postman auth inheritance, Basic Auth, Bearer tokens, API Keys, and OAuth2 Client Credentials flow.
- Dynamic Variables: Integration with Postman dynamic variables (
$randomInt,$guid, etc.). - CI/CD Assertions: Implemented threshold evaluation for pipeline gating.
- HTML Reports: Auto-generating standalone HTML reports with Chart.js visualizations.
- Export Formats: JSON, CSV, and JUnit XML outputs.