Skip to content

fix(linting): resolved TOC/TOU issue (INS-2691); adds refresh button to recompile a ruleset; address minor bugs#9991

Merged
fiosman merged 12 commits into
developfrom
sec/INS-2691
Jun 4, 2026
Merged

fix(linting): resolved TOC/TOU issue (INS-2691); adds refresh button to recompile a ruleset; address minor bugs#9991
fiosman merged 12 commits into
developfrom
sec/INS-2691

Conversation

@kwburns-kong
Copy link
Copy Markdown
Contributor

@kwburns-kong kwburns-kong commented May 29, 2026
edited by fiosman
Loading

What this PR does

  • Remote extends URLs were fetched twice. Once for validation, once (unguarded) by the lint worker. This PR resolves the TROC/TOU issues by compiling the ruleset once in the main process into a flattened, validated, URL-free object and lint off that, as a result, the worker has nothing left to re-fetch.
  • Adds a refresh button to recompile a ruleset if a referenced remote URL ruleset has its ruleset content changed (fixes issue with user getting stale data).
  • Addresses few bugs where deleting a project/deselecting a custom rule set would not clear NeDB records/local scratch paths for the ruleset.

github-advanced-security[bot]
github-advanced-security AI found potential problems May 29, 2026
View reviewed changes
Comment thread packages/insomnia/src/main/spectral-ruleset-refresh.ts Fixed
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 29, 2026
edited
Loading

✅ Circular References Report

Generated at: 2026-06-04T17:20:50.471Z
Status: ✅ NO CHANGE

Summary

Metric Base (develop) PR Change
Total Circular References 8 8 0 (0.00%)
Click to view all circular references in PR (8) 
insomnia-inso/src/db/models/types.ts -> insomnia-inso/src/db/types.ts
insomnia/src/network/network.ts -> insomnia-scripting-environment/src/objects/index.ts -> insomnia-scripting-environment/src/objects/collection.ts -> insomnia-scripting-environment/src/objects/response.ts
insomnia/src/network/network.ts -> insomnia-scripting-environment/src/objects/index.ts -> insomnia-scripting-environment/src/objects/insomnia.ts -> insomnia-scripting-environment/src/objects/interfaces.ts
insomnia/src/network/network.ts -> insomnia/src/common/render.ts
insomnia/src/ui/components/settings/import-export.tsx -> insomnia/src/ui/components/modals/export-requests-modal.tsx
insomnia/src/ui/components/tabs/tab-list.tsx -> insomnia/src/ui/components/tabs/tab.tsx
insomnia/src/ui/components/templating/tag-editor-arg-sub-form.tsx -> insomnia/src/ui/components/templating/external-vault/external-vault-form.tsx
insomnia/src/ui/components/viewers/response-viewer.tsx -> insomnia/src/ui/components/viewers/response-multipart-viewer.tsx
Click to view all circular references in base branch (8) 
insomnia-inso/src/db/models/types.ts -> insomnia-inso/src/db/types.ts
insomnia/src/network/network.ts -> insomnia-scripting-environment/src/objects/index.ts -> insomnia-scripting-environment/src/objects/collection.ts -> insomnia-scripting-environment/src/objects/response.ts
insomnia/src/network/network.ts -> insomnia-scripting-environment/src/objects/index.ts -> insomnia-scripting-environment/src/objects/insomnia.ts -> insomnia-scripting-environment/src/objects/interfaces.ts
insomnia/src/network/network.ts -> insomnia/src/common/render.ts
insomnia/src/ui/components/settings/import-export.tsx -> insomnia/src/ui/components/modals/export-requests-modal.tsx
insomnia/src/ui/components/tabs/tab-list.tsx -> insomnia/src/ui/components/tabs/tab.tsx
insomnia/src/ui/components/templating/tag-editor-arg-sub-form.tsx -> insomnia/src/ui/components/templating/external-vault/external-vault-form.tsx
insomnia/src/ui/components/viewers/response-viewer.tsx -> insomnia/src/ui/components/viewers/response-multipart-viewer.tsx

Analysis

No Change: This PR does not introduce or remove any circular references.

This report was generated automatically by comparing against the develop branch.

@fiosman fiosman force-pushed the sec/INS-2691 branch 2 times, most recently from 69aa91f to 7357374 Compare June 3, 2026 19:35
@fiosman fiosman marked this pull request as ready for review June 3, 2026 19:38
@fiosman fiosman requested review from a team and Copilot June 3, 2026 19:38
aikido-pr-checks[bot]
aikido-pr-checks Bot reviewed Jun 3, 2026
View reviewed changes
Comment thread packages/insomnia/src/main/spectral-ruleset-cache.ts
Copilot AI reviewed Jun 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a TOC/TOU gap in Spectral linting by moving remote-extends fetching/validation/flattening into a single main-process compilation step, so the lint worker never re-fetches remote ruleset URLs. It also improves cleanup when rulesets/projects are removed by deleting associated NeDB records and compiled scratch paths.

Changes:

  • Switch renderer/route linting calls from rulesetPath to { projectId, rulesetContent }, and compile a URL-free ruleset in the main process before linting.
  • Add a main-process compiled-ruleset cache (spectral-ruleset-cache) with tests, plus new compileSpectralRulesetFromContent logic and tests.
  • Ensure project deletion and ruleset unselect flows remove the ProjectLintRuleset record and compiled ruleset directory.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
packages/insomnia/src/routes/organization.$organizationId.project.$projectId.workspace.$workspaceId.spec.tsx Updates editor linting integration to pass ruleset content + projectId; updates ruleset selection/cleanup behavior.
packages/insomnia/src/routes/organization.$organizationId.project.$projectId.workspace.$workspaceId.spec.generate-request-collection.tsx Uses project-scoped ruleset content for linting before generating a collection.
packages/insomnia/src/routes/organization.$organizationId.project.$projectId.delete.tsx Deletes ProjectLintRuleset record and compiled ruleset cache during project deletion.
packages/insomnia/src/main/spectral-ruleset-cache.ts New cache module that writes/deletes a compiled (flattened, URL-free) .spectral.yaml per project.
packages/insomnia/src/main/ipc/main.ts Updates lintSpec IPC to compile ruleset content in main and adds deleteCompiledRuleset IPC.
packages/insomnia/src/main/ipc/electron.ts Renames IPC channel type from deleteRulesetFile to deleteCompiledRuleset.
packages/insomnia/src/main/tests/spectral-ruleset-cache.test.ts Adds unit tests for compiled ruleset pathing, caching, and deletion.
packages/insomnia/src/main/tests/bundle-spectral-ruleset.test.ts Adds tests for compileSpectralRulesetFromContent and adjusts an https error assertion.
packages/insomnia/src/entry.preload.ts Exposes deleteCompiledRuleset to the renderer via preload bridge.
packages/insomnia/src/common/bundle-spectral-ruleset.ts Adds remote-inlining compilation path (compileSpectralRulesetFromContent) and supporting flattening logic.
packages/insomnia-inso/src/commands/lint-specification.ts Updates inso lint flow to compile remote extends into a URL-free ruleset before loading it.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread ...a/src/routes/organization.$organizationId.project.$projectId.workspace.$workspaceId.spec.tsx Outdated
Comment thread packages/insomnia/src/main/spectral-ruleset-cache.ts
Comment thread packages/insomnia/src/main/spectral-ruleset-cache.ts Outdated
@fiosman fiosman removed the request for review from a team June 3, 2026 20:06
@kwburns-kong
Copy link
Copy Markdown
Contributor Author

kwburns-kong commented Jun 4, 2026

@fiosman, INS-2691, INS-2601 are resolved. With regards to INS-2600, there is another circumvention, can you add 0.0.0.0 to the block list, it resolves to 127.0.0.1.

@fiosman
Copy link
Copy Markdown
Contributor

fiosman commented Jun 4, 2026
edited by atlassian Bot
Loading

@fiosman, INS-2691, INS-2601 are resolved. With regards to INS-2600, there is another circumvention, can you add 0.0.0.0 to the block list, it resolves to 127.0.0.1.

@kwburns-kong should be good now 👍 thanks for spotting this!

@fiosman fiosman changed the title fix(linting): resolved TOC/TOU issue (INS-2691) fix(linting): resolved TOC/TOU issue (INS-2691); adds refresh button to recompile a ruleset; address minor bugs Jun 4, 2026
@fiosman fiosman requested a review from a team June 4, 2026 15:19
ryan-willis
ryan-willis approved these changes Jun 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@ryan-willis ryan-willis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice nice nice

@fiosman fiosman merged commit 3752d54 into develop Jun 4, 2026
21 checks passed
@fiosman fiosman deleted the sec/INS-2691 branch June 4, 2026 17:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ryan-willis ryan-willis ryan-willis approved these changes

+2 more reviewers

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

@aikido-pr-checks aikido-pr-checks[bot] aikido-pr-checks[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@kwburns-kong @fiosman @ryan-willis @github-advanced-security