Skip to content

feat: renderer IPC bridges + script security split + decouple scripting#10011

Closed
jackkav wants to merge 7 commits into
developfrom
feat/renderer-ipc-bridges
Closed

feat: renderer IPC bridges + script security split + decouple scripting#10011
jackkav wants to merge 7 commits into
developfrom
feat/renderer-ipc-bridges

Conversation

@jackkav
Copy link
Copy Markdown
Contributor

@jackkav jackkav commented Jun 2, 2026

Summary

This PR bundles 5 related, self-contained improvements extracted from PR #9996 (disable nodeIntegration) and pr/safe-utilities-cleanup. Each commit applies exactly one architectural technique to move Node-dependent logic out of the renderer or to improve module boundaries.

Changes

1. Script Security Split (commit: a015f4a)

  • Creates script-security-rules.ts — pure-data constants/types with zero Node imports
  • Strips those constants out of script-security-policy.ts, keeping only requireInterceptor-dependent logic
  • Renderer can now import security rules directly without pulling in Node dependencies

2. Testing IPC Adapter (commit: 4852f93)

  • Creates insomnia-testing.renderer.ts as a new renderer-safe surface
  • Splits insomnia-testing/src/generate/index.ts so generate() has zero Node imports (only generateToFile() depends on node:fs)
  • Adds alias in vite.config.ts to route renderer imports correctly
  • Allows the renderer to call window.main.runTests(src) via IPC instead of importing directly

3. gRPC Proto Validation IPC (commit: 7a48ec1)

  • Moves @grpc/proto-loader validation (uses node:path) to main process via new main/ipc/grpc.ts handler
  • Proto files modal now calls window.main.grpc.validateProtoFile instead of direct import
  • One-line additions to entry.preload.ts and main/ipc/electron.ts

4. Vault Adapter Split (commit: 6a9fa56)

  • Creates vault-adapter.ts (type definitions), vault-adapter.node.ts (Node-side), vault-adapter.renderer.ts (browser-safe via node-forge)
  • Node-side vault keeps node-forge; renderer calls window.main.vault.{en,de}cryptSecretValue via IPC bridge
  • Cleans up vault.ts to delegate to adapter

5. Decouple Renderer from Scripting (commit: 67c8c01)

  • New script insomnia-scripting-environment/scripts/generate-autocomplete.ts generates autocomplete snippets from types at build time
  • request-script-editor.tsx now imports auto-generated autocomplete-snippets.json instead of hardcoded snippets
  • Type-driven approach makes it easier to keep editor hints in sync with actual scripting API

Test Plan

  • npm run type-check -w insomnia passes
  • npm run type-check -w insomnia-testing passes
  • npm run lint -w insomnia passes
  • App loads without white screen or require is not defined errors in renderer console
  • Script editor renders autocomplete snippets correctly
  • Proto file import works and validates files via IPC
  • Vault crypto operations work (encrypt/decrypt environment secrets)
  • Test runner can be invoked from request script pre/post-request hooks

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 2, 2026
edited
Loading

✅ Circular References Report

Generated at: 2026-06-02T18:53:44.931Z
Status: ✅ NO CHANGE

Summary

Metric Base (develop) PR Change
Total Circular References 10 10 0 (0.00%)
Click to view all circular references in PR (10) 
insomnia-inso/src/db/models/types.ts -> insomnia-inso/src/db/types.ts
insomnia/src/network/network.ts -> insomnia-scripting-environment/src/objects/index.ts -> insomnia-scripting-environment/src/objects/collection.ts -> insomnia-scripting-environment/src/objects/response.ts
insomnia/src/network/network.ts -> insomnia-scripting-environment/src/objects/index.ts -> insomnia-scripting-environment/src/objects/insomnia.ts -> insomnia-scripting-environment/src/objects/interfaces.ts
insomnia/src/network/network.ts -> insomnia/src/common/render.ts
insomnia/src/plugins/index.ts -> insomnia/src/plugins/context/store.ts
insomnia/src/plugins/misc.ts -> insomnia/src/plugins/index.ts
insomnia/src/ui/components/settings/import-export.tsx -> insomnia/src/ui/components/modals/export-requests-modal.tsx
insomnia/src/ui/components/tabs/tab-list.tsx -> insomnia/src/ui/components/tabs/tab.tsx
insomnia/src/ui/components/templating/tag-editor-arg-sub-form.tsx -> insomnia/src/ui/components/templating/external-vault/external-vault-form.tsx
insomnia/src/ui/components/viewers/response-viewer.tsx -> insomnia/src/ui/components/viewers/response-multipart-viewer.tsx
Click to view all circular references in base branch (10) 
insomnia-inso/src/db/models/types.ts -> insomnia-inso/src/db/types.ts
insomnia/src/network/network.ts -> insomnia-scripting-environment/src/objects/index.ts -> insomnia-scripting-environment/src/objects/collection.ts -> insomnia-scripting-environment/src/objects/response.ts
insomnia/src/network/network.ts -> insomnia-scripting-environment/src/objects/index.ts -> insomnia-scripting-environment/src/objects/insomnia.ts -> insomnia-scripting-environment/src/objects/interfaces.ts
insomnia/src/network/network.ts -> insomnia/src/common/render.ts
insomnia/src/plugins/index.ts -> insomnia/src/plugins/context/store.ts
insomnia/src/plugins/misc.ts -> insomnia/src/plugins/index.ts
insomnia/src/ui/components/settings/import-export.tsx -> insomnia/src/ui/components/modals/export-requests-modal.tsx
insomnia/src/ui/components/tabs/tab-list.tsx -> insomnia/src/ui/components/tabs/tab.tsx
insomnia/src/ui/components/templating/tag-editor-arg-sub-form.tsx -> insomnia/src/ui/components/templating/external-vault/external-vault-form.tsx
insomnia/src/ui/components/viewers/response-viewer.tsx -> insomnia/src/ui/components/viewers/response-multipart-viewer.tsx

Analysis

No Change: This PR does not introduce or remove any circular references.

This report was generated automatically by comparing against the develop branch.

@jackkav jackkav closed this Jun 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jackkav