echokit

Global Request Headers - Executive Summary

πŸ“‹ Feature Overview

What: A new settings panel that allows developers to inject, override, or remove HTTP headers on ALL outgoing requests without modifying code.

Why: Developers frequently need to test with different auth tokens, tenant IDs, feature flags, or API keys. Currently, they must either:

How: A simple UI in Settings where users can add header rules that are automatically applied to all fetch/XHR requests in the browser.


🎯 Key Benefits for Developers

1. Zero Code Changes

Before: Change environment variable β†’ Rebuild β†’ Redeploy β†’ Test
After:  Add header in EchoKit UI β†’ Refresh page β†’ Test

Time Saved: 5-30 minutes per test iteration

2. Instant Switching

Toggle between different auth tokens/tenants with ONE CLICK
Perfect for multi-tenant testing, role-based access testing, etc.

3. Team Collaboration

Export header configuration β†’ Share JSON with team β†’ Import β†’ Everyone has same setup
No more "it works on my machine" issues related to headers

4. URL-Scoped Control

Apply headers only to specific APIs:
- /api/v1/* β†’ Add X-API-Version: 1.0
- /admin/* β†’ Add Authorization: Bearer admin-token
- /graphql β†’ Add X-GraphQL-Context: {...}

πŸ—οΈ Architecture

User adds header in Settings UI
         ↓
Background service worker stores in chrome.storage
         ↓
Injected script receives updated state
         ↓
fetch/XHR hooks apply headers before network request
         ↓
Headers are included in recorded interactions

Key Components:

  1. Settings UI (extension/shared/app.js) - User configuration
  2. Background Worker (extension/background.js) - State management
  3. Injected Script (extension/injected.js) - Header application
  4. Storage (chrome.storage.local) - Persistence

πŸ’‘ Use Cases

Use Case 1: Multi-Tenant Testing

Scenario: SaaS app with tenant isolation
Problem: Need to test tenant A, B, C without switching accounts
Solution:

{ "key": "X-Tenant-ID", "value": "tenant-a", "mode": "override", "enabled": true }
{ "key": "X-Tenant-ID", "value": "tenant-b", "mode": "override", "enabled": false }
{ "key": "X-Tenant-ID", "value": "tenant-c", "mode": "override", "enabled": false }

Toggle between tenants instantly.

Use Case 2: Bearer Token Testing

Scenario: Test with different user roles/permissions
Problem: Login/logout cycles are slow and break flow
Solution:

{ "key": "Authorization", "value": "Bearer user-token", "mode": "override" }

Swap tokens without re-authenticating.

Use Case 3: Feature Flag Injection

Scenario: Test unreleased features
Problem: Feature flags controlled by backend, need code deploy to test
Solution:

{ "key": "X-Feature-Flags", "value": "new-checkout,beta-ui", "mode": "add" }

Enable flags client-side for testing.

Use Case 4: Remove Tracking Headers

Scenario: Clean testing without analytics noise
Problem: Tracking headers pollute logs and metrics during dev
Solution:

{ "key": "X-Client-ID", "mode": "remove" }
{ "key": "X-Session-ID", "mode": "remove" }

Strip headers before requests are sent.


🎨 UI Design

Settings Panel Layout

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  Global Request Headers                                         β”‚
β”‚  Inject, override, or remove headers on all outgoing requests   β”‚
β”‚                                                                  β”‚
β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”¬β”€β”€β”€β” β”‚
β”‚  β”‚ Header Name   β”‚ Value        β”‚ Mode     β”‚ URL    β”‚ βœ“ β”‚ Γ— β”‚ β”‚
β”‚  β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”Όβ”€β”€β”€β”€ β”‚
β”‚  β”‚ Authorization β”‚ Bearer abc.. β”‚ override β”‚ /api   β”‚ βœ“ β”‚ Γ— β”‚ β”‚
β”‚  β”‚ X-Tenant-ID   β”‚ tenant-42    β”‚ add      β”‚        β”‚ βœ“ β”‚ Γ— β”‚ β”‚
β”‚  β”‚ X-Debug       β”‚              β”‚ remove   β”‚        β”‚   β”‚ Γ— β”‚ β”‚
β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”΄β”€β”€β”€β”˜ β”‚
β”‚                                                                  β”‚
β”‚  [+ Add Request Header]                                         β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Columns:


πŸ”§ Header Modes

Mode 1: add

Behavior: Add header if it doesn’t exist (skip if already present)
Use Case: Default headers that app might already send

Original: { "Content-Type": "application/json" }
Rule: { "key": "X-Custom", "value": "test", "mode": "add" }
Result: { "Content-Type": "application/json", "X-Custom": "test" }

Mode 2: override

Behavior: Set header value (replace if exists, add if doesn’t)
Use Case: Force specific header value

Original: { "Authorization": "Bearer old-token" }
Rule: { "key": "Authorization", "value": "Bearer new-token", "mode": "override" }
Result: { "Authorization": "Bearer new-token" }

Mode 3: remove

Behavior: Delete header from request
Use Case: Strip tracking/analytics headers

Original: { "Authorization": "Bearer token", "X-Track": "123" }
Rule: { "key": "X-Track", "mode": "remove" }
Result: { "Authorization": "Bearer token" }

πŸ“Š Comparison: Global vs Per-API Headers

Aspect Global Request Headers Per-API Override Headers
Scope All matching requests Single API interaction
Setup One-time in Settings Manual per API
URL Filtering βœ… Yes ❌ No
Persistence Survives refresh Tied to recording
Best For Auth, tenant IDs, flags Mock-specific responses

Can both be used? Yes! Global headers apply first, then per-API overrides.


πŸš€ Implementation Plan

Phase 1: Core Feature (Week 1-2)

Phase 2: Polish (Week 3)

Phase 3: Advanced (Future)


πŸ“ˆ Success Metrics


πŸŽ“ Documentation Artifacts

  1. βœ… Feature Spec (FEATURE_GLOBAL_REQUEST_HEADERS.md) - Full technical design
  2. βœ… Implementation Guide (IMPLEMENTATION_GUIDE_REQUEST_HEADERS.md) - Step-by-step code changes
  3. βœ… Config Examples (DEVELOPER_CONFIG_EXAMPLES.md) - 10+ real-world templates
  4. βœ… Rollout Plan (PRODUCT_STRATEGY_ROLLOUT.md) - GTM strategy and timeline
  5. βœ… Architecture Diagrams - Flow charts and comparisons
  6. βœ… This Summary - Executive overview

Vision: Complete Request/Response manipulation suite for developers.


βœ… Next Steps

  1. Review this plan with engineering team
  2. Prioritize in next sprint planning
  3. Assign development tasks
  4. Kickoff with design review meeting
  5. Target Launch: 2-3 weeks from start

Questions? See the detailed docs in /memory/FEATURE_*.md