Move insomnia-data models, services, database code, and common utilities into a dedicated workspace package. Update consumers to import from the new package entrypoints and declare workspace dependencies for the extracted package.
* feat(nunjucks): Swapped templating engine from Nunjucks to liquidJS
* fix: resolved circular references and linting issue
* fix: updated baseline with new naming schema, no new imports introduced.
* fix: patch for playwright test (6/6)
* fix(smoke): handle multi-collection import in importFixture without timing out
* fix(smoke): ensure correct env selected before table edit
* feat: adds functionality to lint specs with a user uploaded spectral ruleset file [INS-2338]
Co-authored-by: Copilot <copilot@github.com>
* chore: update var name
Co-authored-by: Copilot <copilot@github.com>
* chore: remove log
* feat: adds logic to persist rulesetFilePath
* feat: adds logic to remove a uploaded ruleset file and use default OAS ruleset
* feat: adds logic to clean up old ruleset file watcher
* chore: adds comment for testing
* chore: adds comment for clarity
* feat: adds logic to enable cunstom lint rules for cloud/git sync projects
Co-authored-by: Copilot <copilot@github.com>
* chore: remove file watcher for now
* chore: remove file watcher for now
Co-authored-by: Copilot <copilot@github.com>
* feat: adds proper logic to handle syncing rulesets for git sync/cloud sync projects
* chore: remove unneeded event
* feat: auto open up the lint pane if there are lint warnings/errors
Co-authored-by: Copilot <copilot@github.com>
* chore: update ApiSpec mutations to include rulesetContent as optional field; change from FormData to JSON
* feat: uses clientAction mutation hook to update db
* chore: adds logic to handle file not found
* feat: removes .spectral.yaml file name restriction
Co-authored-by: Copilot <copilot@github.com>
* chore: remove comment
* feat: adds some utils to validate user provided spectral ruleset file
Co-authored-by: Copilot <copilot@github.com>
* feat: adds view ruleset modal; slight refactoring to clean up code
Co-authored-by: Copilot <copilot@github.com>
* feat: fixes some styling
* chore: adds some comments
* chore: change function names/clean up
* feat: adds logic to flatten extended rulesets into inline prior to writing to disk
* chore: update comment
* chore: clean up
* chore: update comment
* chore: more comments
* chore: remove comment
* refactor: clean up code to make it more readable
* feat: address double writes when uploading
* chore: update comments/error messages
* chore: update comment
* test: adds unit tests for spectral ruleset validator
* test: adds unit tests for spectral ruleset validator
* test: add unit tests
* chore: cleanup code
* chore: make comments much clearer
* feat: adds proper error messages when user attempts to upload a rule set with severity tuples in extends
* feat: adds UI tweaks
* test: adds unit tests
* feat: adds proper logic to handle scenarios when file does not exist when syncing
* feat: adds proper logic to handle scenarios when file does not exist when syncing
* chore: sight clean up
* chore: bring back old code
* feat: adds logic to migrate rulesets when changing project types
* chore: update some styles
* chore: adds more styling changes
* chore: more styling updates
* feat: adds the ruleset to project scope instead of work space so git <> cloud can be compatible
* feat: adds functionality to get syncing project scoped rulesets working on cloud projects
* feat: adds logic to sync git FS/DB for project ruleset
* chore: refactor to use nedb as source of truth for rulesetContent for all projects.
* feat: adds logic to mitigate against repo replacing cloud project ruleset when migrating from cloud -> git project types
* chore: fixes imports order
* test: fixes e2e test
* fix: resolve aikido security suggestions
* chore: attempt to fix SSRF dns resolve
* chore: update error messages
* test: update tests
* chore: move helpers to common so inso can use them
* feat: adds functionality to flatten remote urls in spectral extends
* test: update tests
* feat: adds logic to validate remote extends before passing ruleset to spectral
* fix: set canDuplicate to false on the ProjectLintRuleset model
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* test: adds more test cases for verifying remote extends validations
* test: adds more test cases for verifying remote extends validations
* chore: disallow redirects when fetching in spectral resolver
* chore: adds aria labels for a11y
* chore: small clean ups
* test: update test
* feat: adds tooltip verbage to let user know that local file paths are flattened
* chore: address PR comments
* chore: address PR comments
* test: update unit test
* chore: address more PR feedback
* feat: adds ruleset file size restriction
* fix: address issue with git repo .spectral.yaml content overwriting the rulesetContent from cloud sync project when going from cloud -> git
* chore: remove unneeded function
* feat: adds segment event
* fix: adds logic to handle scenario where changing project type from cloud -> git would silently overwrite the cloud ruleset with the git one
* chore: typo
---------
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Alison Sabuwala <alison.sabuwala1024@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* updated plan
* feat: lift network.ts fs/path use behind window.main.timeline IPC bridge
Removes `node:fs` and `node:path` from the renderer-reachable
`src/network/network.ts`. Three timeline-path constructions and two
`appendFile` calls are replaced with narrow `window.main.timeline.getPath`
(sync IPC) and `window.main.timeline.appendToFile` (async IPC) helpers
that live in main, where Node builtins belong.
Path validation in `appendToTimeline` mirrors `writeResponseBodyToFile`:
only paths inside the `responses/` directory ending in `.timeline` are
accepted, preventing a compromised renderer from writing arbitrary files.
Updates `config/renderer-node-import-baseline.json` to remove the two
`src/network/network.ts` entries — the baseline shrinks as intended.
Part of the nodeIntegration: false migration (PR B).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: address Aikido path-traversal feedback and mock window.main in network tests
- `getTimelinePath`: use `path.resolve` + `path.relative` check instead of
`path.join` to prevent path-traversal attacks (Aikido medium severity finding)
- `network.test.ts`: add `vi.stubGlobal('window', ...)` mock for
`window.main.timeline` so tests don't throw "window is not defined" now
that `defaultSendActionRuntime` calls `window.main.timeline.appendToFile`
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: suppress echoServer stdout in playwright config
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: update insomnia-inso logger for consola v3 compatibility
FancyReporter and BasicReporter were removed in consola v3; LogLevel became
a type-only export and the runtime enum is now LogLevels. Replace with
createConsola + a local BasicReporter shim, and import LogLevels in cli.ts.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* refactor: address timeline IPC review concerns
- Convert timeline.getPath from sendSync to invoke (async) to avoid
blocking the renderer thread; path construction has no I/O
- Extract getResponsesDir() shared helper so both getTimelinePath and
appendToTimeline read the same source of truth, eliminating env-drift
between the two calls
- Guard mkdir with a Set so the responses directory is only created once
per process rather than on every appendFile call
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: upgrade consola to v3 and fix type/import issues in insomnia-inso
- Bump consola from ^2.15.3 to ^3.4.2 to match logger.ts which already used v3 API (createConsola)
- Fix logType → LogType (renamed in v3)
- Remove fancy option (removed in v3 ConsolaOptions)
- Use ConsolaInstance instead of Consola in result-report.ts so .log() resolves correctly
- Fix import sort in cli.ts
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: restore Node.js-safe fallbacks in network.ts for inso CLI
The timeline IPC bridge introduced window.main.timeline calls without
guarding against the inso CLI context where window is not defined.
The electron shim (aliased in the inso bundle) provides app.getPath
as a fallback, matching the pre-bridge behaviour.
- getTimelinePath: check typeof window before using IPC; fall back to
the electron shim path (os.tmpdir()/insomnia-send-request/responses)
- defaultSendActionRuntime.appendTimeline: fall back to fs.promises.appendFile
- tryToExecutePreRequestScript catch block: skip IPC appendToFile in
Node.js context
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: sort node: imports before third-party and replace if/else with ternary in network.ts
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: replace static fs/path imports with inline require() to pass renderer baseline check
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* refactor: replace process.type branching in network.ts with build-time adapter modules
Eliminates all runtime process.type and typeof window checks by introducing
network-adapter.renderer.ts and network-adapter.node.ts. Vite and Vitest resolve
the import to the renderer adapter; inso esbuild resolves to the node adapter.
No branching code remains in network.ts itself.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: restore object alias format in vite.config.ts to fix rollup build
Array-form alias with find:'~' was not matching prefix imports like
~/common/insomnia-fetch in the react-router production build. Object
form behaves correctly in Vite 7.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: resolve merge conflicts in logger.ts and cli.ts, restore AGENTS.md indented tree
- logger.ts: keep LogType (consola v3 casing), drop duplicate conflict markers
- cli.ts: remove stashed duplicate LogLevels import from conflict block
- AGENTS.md: restore indented hierarchy in Repository Structure and Data Model sections
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* remove cx
* fix: add path traversal guard to getTimelinePath in node adapter
Mirrors the same defence-in-depth check already present in the IPC handler.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix tests which use network from main
* flake
* refactor: replace bundler aliases with process.type runtime detection in network-adapter
Instead of three separate bundler aliases (Vite, esbuild main, esbuild inso),
network-adapter.ts now selects the correct adapter at runtime using
process.type === 'renderer'.
- Vite prod: process.type is already inlined as 'renderer' via define, so
Rollup tree-shakes the node branch
- esbuild main: define process.type='browser' so esbuild tree-shakes renderer branch
- esbuild inso: define process.type=undefined so esbuild tree-shakes renderer branch
- Vitest (insomnia): existing renderer alias kept for test environment
- Vitest (inso): add renderer alias to match pre-existing test behaviour and
avoid loading native node-libcurl module in tests
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: restore vite alias for network-adapter to fix server bundle build
The react-router build produces both client and server bundles. Without
the alias, the server bundle encountered a runtime require() for
'./network-adapter.renderer' that couldn't resolve (Vite inlines
process.type='renderer' via define for the server build too, so Rollup
tree-shakes to the renderer branch, but the module gets externalized in
the server bundle rather than inlined, leaving a broken runtime require).
Restoring the alias ensures both builds inline network-adapter.renderer
directly, which is safe because the module only defines functions —
window.main is never called at module init time.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feedback
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* Git server for smoke test
* Try to solve flaky test
* feat: remove unused Git hook samples and add Credentials tab functionality
- Deleted various sample Git hook scripts from the git-server fixture, including post-update, pre-applypatch, pre-commit, pre-merge-commit, pre-push, pre-rebase, pre-receive, prepare-commit-msg, push-to-checkout, sendemail-validate, and update hooks.
- Introduced a new PreferencesCredentialsTab class to manage Git credentials within the Insomnia Preferences.
- Updated the PreferencesPage to include the new Credentials tab for Git credentials management.
- Enhanced the ProjectPage with a method to create a Git Sync project, including branch creation and switching.
- Added comprehensive tests for Git Sync functionality, including creating branches, committing changes, and merging branches.
- Updated UI components to support new features, including data-testid attributes for better testability.
Co-authored-by: Copilot <copilot@github.com>
* feat: update path import and add Git sync tests
* revert package.json
* Update package.json
* feat: add new dependencies for Git HTTP mock server and related utilities
* refactor: remove commented-out code in addAccessTokenGitCredential function
* fix: update export tests to use toHaveLength for file count assertions
---------
Co-authored-by: Copilot <copilot@github.com>
* Use json-bigint for parsing JSON in the response template tag [#8988]
Large numbers can lose precision when parsed using JSON.parse.
* Add unit tests to verify behavior of response template tag when handling large numbers [#8988]
* Add additional tests to cover floating point numbers
* Add inline documentation explaining usage of json-bigint + storeAsString
* Remove bespoke type definition for json-bigint; install existing one
* Add support for configuring custom OpenAI-compatible LLM endpoints via URL.
* Includes new URL backend component, backend service updates, unit tests, and
* UI consistency improvements across all LLM configuration components.
* feat: form component
* feat: use twMerge to support class overide
* Spike: Add markdown format doc support for base-components (#9368)
* initial check-in
* add things
* update select.mdx
* use react live things
* add package-json
* Revert "add package-json"
This reverts commit c57abf6178f39e631ec7fe6634cb4e6afd950fdb.
* update comment
* update docs
* type fix
* tailwind v4 upgrade
* upgrade tailwind v4 in docusaurus
* feat: add more components (#9426)
* update
* update
---------
Co-authored-by: Kent Wang <kent.wang@konghq.com>
