feat: move plugin loading to dedicated hidden BrowserWindow (Phase 1)#9889
Merged
jackkav merged 39 commits intoMay 20, 2026
Conversation
jackkav
changed the title
jackkav
force-pushed
the
chore/move-plugins-to-hidden-window
branch
from
2223c13 to
6efa211
Compare
![aikido-pr-checks[bot]](https://avatars.githubusercontent.com/in/898896?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Pull request overview
This PR moves plugin enumeration/loading for the UI renderer behind a dedicated hidden Electron BrowserWindow (with Node integration) and routes renderer-side plugin interactions through a typed IPC bridge, as the first phase toward renderer hardening.
Changes:
- Added a hidden “plugin window” (HTML + entry + preload) and a main-process manager that proxies plugin API calls over IPC.
- Updated UI codepaths (themes, plugin reload, settings plugins list) to call
window.main.plugins.*instead of importing the plugin runtime directly. - Introduced serializable bridge types plus new unit tests covering plugin behaviors and plugin hook handling; updated build/esbuild entrypoints to ship the new window scripts.
Reviewed changes
Copilot reviewed 24 out of 24 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/insomnia/src/ui/renderer-listeners.ts | Route plugin reload through window.main.plugins.reloadPlugins() |
| packages/insomnia/src/ui/hooks/use-global-keyboard-shortcuts.ts | Route plugin reload shortcut through the plugins bridge |
| packages/insomnia/src/ui/hooks/theme.ts | Fetch themes via plugins bridge instead of direct plugin API call |
| packages/insomnia/src/ui/components/settings/plugins.tsx | Use SerializablePlugin and fetch plugin list via bridge |
| packages/insomnia/src/root.tsx | Reload plugins via bridge during theme install/apply flow |
| packages/insomnia/src/plugins/index.ts | Add test helper to control in-memory plugin list |
| packages/insomnia/src/plugins/bridge-types.ts | Define serializable plugin/theme/action metadata boundary + bridge API |
| packages/insomnia/src/plugins/tests/themes.test.ts | Add baseline tests for built-in theme list + plugin theme merge behavior |
| packages/insomnia/src/plugins/tests/index.test.ts | Add broad unit tests for plugin exports (hooks/actions/tags/themes) and errors |
| packages/insomnia/src/plugin-window.html | Add HTML host for hidden plugin window script |
| packages/insomnia/src/network/network.ts | Export internal hook-application helpers for unit testing |
| packages/insomnia/src/network/tests/plugin-hooks.test.ts | Add unit tests around request/response plugin hook behavior |
| packages/insomnia/src/main/window-utils.ts | Create plugin window during window initialization; export destroy helper |
| packages/insomnia/src/main/plugin-window.ts | Implement plugin window lifecycle + IPC proxying + pending request map |
| packages/insomnia/src/main/ipc/main.ts | Add plugins bridge type to main IPC surface; register plugin IPC handlers |
| packages/insomnia/src/main/ipc/electron.ts | Extend IPC channel type unions for new plugin channels |
| packages/insomnia/src/entry.preload.ts | Expose window.main.plugins.* bridge methods in renderer preload |
| packages/insomnia/src/entry.plugin-window.ts | Implement plugin-window-side dispatcher and result serialization |
| packages/insomnia/src/entry.plugin-window-preload.ts | Provide minimal window.app shim to support plugin path resolution |
| packages/insomnia/scripts/build.ts | Copy plugin-window HTML into production build output |
| packages/insomnia/esbuild.entrypoints.ts | Add esbuild entrypoints/watchers for plugin window + preload bundles |
| packages/insomnia/PLUGIN_SYSTEM_POC.md | Add architecture/plan documentation for the plugin system POC |
| packages/insomnia-smoke-test/playwright.config.ts | Change local reporter configuration |
| AGENTS.md | Add guidance on minimizing command output and cx navigation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
jackkav
force-pushed
the
chore/move-plugins-to-hidden-window
branch
from
d01ff18 to
2835bce
Compare
ryan-willis
reviewed
May 5, 2026
Contributor
There was a problem hiding this comment.
I'd prefer to keep this in Confluence
Contributor
Author
There was a problem hiding this comment.
Its easier for the llm to reference here. I'll get rid of it once the work is done though and can add it to confluence for posterity.
ryan-willis
previously approved these changes
May 5, 2026
Member
|
Some plugin APIs that rely on the main window (e.g., showAlert, showWrapper) will trigger errors following this change. These APIs may require bridging to the main window to maintain functionality. And if the previous plugins depend on some of the window APIs, like height and width, they also break. As well as if the plugins are trying to append DOMs. Is this acceptable? |
Contributor
Author
|
feedback concern: templating now runs in main, which means templating has access to nodejs again, temporarily. injecting custom UI, in to the DOM won't work anymore, because it was using ambiant renderer libraries like React. We could add these to the plugin context and build bridges but this would be securable. |
jackkav
force-pushed
the
chore/move-plugins-to-hidden-window
branch
from
f985e6b to
d472861
Compare
jackkav
force-pushed
the
chore/move-plugins-to-hidden-window
branch
from
d472861 to
7784ef7
Compare
- Set npm loglevel=warn to suppress install/run progress noise - Switch Playwright local reporter from list to dot (less output per test, CI unchanged) - Add scripts/setup.sh for one-time local git config (compact log, short status) - Document setup script in AGENTS.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Revert loglevel=warn from .npmrc — too broad, suppresses CI output - Remove shell alias suggestions from setup.sh — out of scope for a repo script Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Removes setup.sh in favour of explicit quiet-command guidance that benefits all agents (Claude, Copilot, Codex) without requiring a one-time setup step. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
cx gives agents a cost ladder (overview → symbols → definition → read) that reduces file reads for all agents that read AGENTS.md — complementary to CodeGraph which is Claude Code-specific. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All plugin API calls (getThemes, getPlugins, getActivePlugins, reloadPlugins, getRequestActions, getRequestGroupActions, getWorkspaceActions, getDocumentActions) are now routed through a dedicated hidden BrowserWindow with nodeIntegration:true instead of running directly in the renderer. IPC relay: renderer → ipcMain.handle → plugin window webContents → ipcRenderer.send back to main → resolve renderer promise via pending-request map with 30s timeout. Renderer-side callers updated to use window.main.plugins.* bridge. Two new esbuild entry points added (plugin-window, plugin-window-preload). Dev build threshold updated from 3 to 6 to account for all contexts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Moves requestHooks and responseHooks execution into the hidden plugin window via the IPC bridge. The default-headers built-in runs in the renderer (no IPC). A cached hasRequestHooks/hasResponseHooks check in the main process avoids any plugin window round-trip per request when no user plugins have hooks registered. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
_applyRequestPluginHooks and _applyResponsePluginHooks now use window.main.plugins.* IPC only in the Electron renderer. In the main process (OAuth2 token exchange via get-token.ts) and Node.js CLI (insomnia-inso), they fall back to loading plugins directly via plugins.getRequestHooks/getResponseHooks. This fixes: - inso CLI: "window is not defined" in all run collection/test commands - Electron: OAuth2 token exchange failing with "no access token provided" Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Playwright's firstWindow() was racing with the plugin window and sometimes returning it instead of the main app window. By deferring createPluginWindow() to did-finish-load on the main window, the plugin window is guaranteed to not exist yet when firstWindow() resolves. Removes the findMainWindow polling fallback from the test fixture. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…textMenuTag type Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…dler Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…gin window to main renderer Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ged app crash The preload was statically importing invokePluginMethod which pulled the entire plugin system (network stack, NeDB, plugin contexts) into the preload bundle. In production the bundle is built fresh from source, causing a module-level crash before window.main is set — breaking the critical backup smoke test with "Cannot read properties of undefined (reading 'secretStorage')". Move the INSOMNIA_ENABLE_PLUGIN_BRIDGE killswitch into a new renderer-bridge.ts module that lives in the Vite renderer bundle where those deps already exist. The preload now always uses IPC for all plugin calls. All window.main.plugins.* call sites updated to use the bridge. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jackkav
force-pushed
the
chore/move-plugins-to-hidden-window
branch
from
01770b5 to
1292547
Compare
ZxBing0066
reviewed
May 20, 2026
| | 'plugins.getThemes' | ||
| | 'plugins.getWorkspaceActions' | ||
| | 'plugins.reloadPlugins' | ||
| | 'plugin-ui-prompt' |
Member
There was a problem hiding this comment.
Some of the plugin channels' naming style are inconsistent.
|
|
||
| Prefer cx over reading files. Escalate: overview → symbols → definition/references → Read tool. | ||
|
|
||
| ### Quick reference |
Member
There was a problem hiding this comment.
This seems more like a skill rather than an agent instruction. How do you think?
ZxBing0066
reviewed
May 20, 2026
| import type { Settings, UserSession } from '~/insomnia-data'; | ||
| import { models, services } from '~/insomnia-data'; | ||
| import { executePluginMainAction, reloadPlugins } from '~/plugins'; | ||
| import { executePluginMainAction } from '~/plugins'; |
Member
There was a problem hiding this comment.
Should we call executePluginMainAction from the bridge here?
| hasResponseHooks: () => invokePluginBridgeMethod('hasResponseHooks'), | ||
| applyRequestHooks: (args: ApplyRequestHooksArgs) => invokePluginBridgeMethod('applyRequestHooks', args), | ||
| applyResponseHooks: (args: ApplyResponseHooksArgs) => invokePluginBridgeMethod('applyResponseHooks', args), | ||
| getBridgeMetrics: () => invokeWithNormalizedError('plugins.getBridgeMetrics'), |
Member
There was a problem hiding this comment.
Should we use invokePluginBridgeMethod here instead of invokeWithNormalizedError here?
ZxBing0066
reviewed
May 20, 2026
| }); | ||
|
|
||
| ipcMain.on('plugin-ui-prompt-result', (_event, { id, value }: { id: string; value: string | null }) => { | ||
| const resolve = promptPendingRequests.get(id); |
Member
There was a problem hiding this comment.
No sender check here as other handlers, is it missing?
| (async () => { | ||
| try { | ||
| await initDatabase(pluginWindowDatabase); | ||
| initServices(servicesNodeImpl); |
Member
There was a problem hiding this comment.
It's better to use servicesProxy instead of the servicesNodeImpl to avoid unnecessary imports to the hidden window.
ZxBing0066
approved these changes
May 20, 2026
2 tasks
jackkav
added a commit
that referenced
this pull request
May 21, 2026
Rename plugin-invoke → plugins.invoke to match the plugins.* dot-notation used by all other plugin IPC channels introduced in PR #9889. Also add the missing plugin handle channels to the HandleChannels type union in electron.ts (getBridgeMetrics, hasRequestHooks, hasResponseHooks, applyRequestHooks, applyResponseHooks). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jackkav
added a commit
that referenced
this pull request
May 21, 2026
* fix: address plugin bridge review comments from PR #9889 - rename plugin-ui-* IPC channels to plugins.ui* for naming consistency - add sender validation to plugins.uiPromptResult handler - use invokePluginBridgeMethod for getBridgeMetrics (adds it to PluginInvokeMethod) - use window.main.plugins.executePluginMainAction in root.tsx instead of direct import - use servicesProxy instead of servicesNodeImpl in plugin window entry Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: address Copilot review comments on plugin bridge PR - Remove getBridgeMetrics from PluginInvokeMethod since it is handled by the main process directly and has no case in invokePluginMethod() - Route getBridgeMetrics in preload via ipcRenderer.invoke directly - Use plugins.executePluginMainAction in root.tsx to respect the INSOMNIA_ENABLE_PLUGIN_BRIDGE rollback switch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feedback * fix: normalize plugin IPC channel naming and complete HandleChannels Rename plugin-invoke → plugins.invoke to match the plugins.* dot-notation used by all other plugin IPC channels introduced in PR #9889. Also add the missing plugin handle channels to the HandleChannels type union in electron.ts (getBridgeMetrics, hasRequestHooks, hasResponseHooks, applyRequestHooks, applyResponseHooks). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * use invoke helper --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Moves all plugin loading and execution out of the UI renderer into a dedicated hidden `BrowserWindow` with `nodeIntegration: true`. The renderer communicates with the plugin window exclusively over IPC.
What changed
Architecture
What's bridged (Phase 1 complete)
Hook bridging design
Request and response hooks mutate their context objects by reference, which only works within a single process. To cross the IPC boundary the plugin window receives a serialized copy of the request/response, runs all registered hooks against it, and returns the fully mutated object — matching the same pattern used by pre-request scripts.
The built-in default-headers hook runs in the renderer without any IPC (it has no plugin dependency). A `hasRequestHooks`/`hasResponseHooks` result is cached in the main process after the first check and cleared on `reloadPlugins`, so requests incur zero plugin-window round-trips when no user plugins have hooks registered.
Non-renderer process handling
`_applyRequestPluginHooks` and `_applyResponsePluginHooks` guard on `process.type !== 'renderer'` before using the IPC bridge. In the Electron main process (OAuth token exchange) and in the inso CLI (Node.js), hooks are applied directly via `plugins.getRequestHooks()` / `plugins.getResponseHooks()` without any IPC.
Intentionally remaining in renderer
Security fixes (from review)
Playwright fixture
The plugin window is created after the main window's `did-finish-load` event, so Playwright's `firstWindow()` always returns the main app window. No fixture fallback or polling is needed.
Test plan
🤖 Generated with Claude Code
closes INS-2466