Move restricted template rendering to plugin window

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: jackkav

packages/insomnia/PLUGIN_SYSTEM_POC.md

@@ -882,15 +882,11 @@ Co-locate unit tests with the plugin execution code in `packages/insomnia/src/pl
 packages/insomnia/src/plugins/create.ts imports fs and path from Node and is called directly from two renderer entry points: the create-plugin modal and root.tsx (theme installation). This is the most straightforward fix — move the filesystem writes to an IPC handler  
  in the main process and call it via window.main.
 
-2. Template tag extensions still run inside the renderer's Web Worker
+2. Template tag extensions now run in the plugin window
 
-This is the largest remaining piece. Nunjucks rendering runs in a Web Worker (ui/worker/templating-handler.ts), but the plugin template tag extensions (base-extension-worker.ts) are instantiated and executed inside that worker, which lives inside the renderer process.
-The worker already has nodeIntegrationInWorker: false, so the web worker is sandboxed — but the template tag plugin code still lives on the renderer side of the fence. For nodeIntegration: false on the renderer, all plugin code (including template tags) needs to move
-out.
+Restricted templating no longer spins up a renderer-owned Web Worker. Instead, the renderer serializes the render context and calls `window.main.plugins.renderTemplate(...)`, which executes the shared Nunjucks pipeline inside the plugin window.
 
-The cleanest solution — and the one you're already thinking about — is to move the entire templating pipeline into the plugin window. Template tags and request/action plugins would then share the same Node.js process and DB proxy. The custom  
- insomnia-templating-worker-database:// protocol (currently used by the web worker to reach the main process for DB calls, network requests, file reads, etc.) could be replaced entirely with the existing IPC database proxy. The renderer side becomes a thin caller:
-serialize the render context, send it over IPC, get back a rendered string.
+That means template tags now live on the same side of the process boundary as the other plugin surfaces (actions, hooks, bundled main actions) and can reuse the existing plugin window IPC/database proxy. The renderer side is now just a thin caller that sends the render input over IPC and receives the rendered string back.
 
 3. webviewTag: true on the main window
 
@@ -912,7 +908,7 @@ a malicious API response could attempt to exploit the webview. The right long-te
 ├─────┼───────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤  
  │ 1 │ Move createPlugin to main process │ Add IPC handler, replace fs/path calls with window.main.createPlugin(...) │
 ├─────┼───────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤  
- │ 2 │ Move templating pipeline to plugin window │ The plugin window replaces the web worker; renderer calls window.main.plugins.renderTemplate(context) over IPC; drop the insomnia-templating-worker-database:// protocol │  
+ │ 2 │ Move templating pipeline to plugin window │ Completed — restricted rendering now calls window.main.plugins.renderTemplate(context) over IPC and template tags execute in the plugin window │  
  ├─────┼───────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤  
  │ 3 │ Replace <webview> with sandboxed <iframe> │ Removes the last reason for webviewTag: true │  
  ├─────┼───────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤  

packages/insomnia/src/entry.plugin-window-preload.ts

@@ -1,5 +1,8 @@
 import { ipcRenderer } from 'electron';
 
+import { invokeWithNormalizedError } from './main/ipc/invoke';
+import type { RendererToMainBridgeAPI } from './main/ipc/main';
+
 // Provide window.app so plugin-loading code (which checks process.type === 'renderer')
 // can resolve the userData path without needing the main renderer's full preload.
 window.app = {
@@ -8,6 +11,13 @@ window.app = {
   process: { platform: process.platform as NodeJS.Platform },
 };
 
+window.main = {
+  secureReadFile: (options: { path: string }) => invokeWithNormalizedError('secureReadFile', options),
+  openInBrowser: (url: string) => ipcRenderer.send('openInBrowser', url),
+  curlRequest: (options: Parameters<RendererToMainBridgeAPI['curlRequest']>[0]) =>
+    invokeWithNormalizedError('curlRequest', options),
+} as Pick<RendererToMainBridgeAPI, 'secureReadFile' | 'openInBrowser' | 'curlRequest'> as RendererToMainBridgeAPI;
+
 // Bridge plugin UI calls to the main renderer window via IPC.
 // The plugin window has no visible DOM; these methods forward to the main renderer.
 window.showAlert = (options?: Record<string, any>) => {
@@ -35,6 +45,10 @@ window.dialog = {
 
 window.clipboard = {
   readText: () => ipcRenderer.sendSync('readText') as string,
-  writeText: (text: string) => { ipcRenderer.send('writeText', text); },
-  clear: () => { ipcRenderer.send('clear'); },
+  writeText: (text: string) => {
+    ipcRenderer.send('writeText', text);
+  },
+  clear: () => {
+    ipcRenderer.send('clear');
+  },
 };

packages/insomnia/src/entry.plugin-window.ts

@@ -12,14 +12,27 @@ interface PluginInvokeMessage {
   args: unknown;
 }
 
+function serializeInvocationError(error: unknown) {
+  if (!(error instanceof Error)) {
+    return { message: String(error) };
+  }
+
+  return {
+    name: error.name,
+    message: error.message,
+    stack: error.stack,
+    ...Object.fromEntries(Object.entries(error)),
+  };
+}
+
 ipcRenderer.on('plugins.invoke', async (_event, { id, method, args }: PluginInvokeMessage) => {
   try {
     const result = await invokePluginMethod(method, args);
     ipcRenderer.send('plugins.invokeResult', { id, result });
   } catch (error) {
     const errMsg = error instanceof Error ? error.message : String(error);
     console.error(`[plugin-window] Error in ${(error as any)?.method ?? method}: ${errMsg}`);
-    ipcRenderer.send('plugins.invokeResult', { id, error: errMsg });
+    ipcRenderer.send('plugins.invokeResult', { id, error: serializeInvocationError(error) });
   }
 });
 

packages/insomnia/src/entry.preload.ts

@@ -23,6 +23,7 @@ import type {
   ExecutePluginActionArgs,
   ExecutePluginMainActionArgs,
   PluginsBridgeAPI,
+  RenderTemplateArgs,
   RunTemplateTagActionArgs,
 } from './plugins/bridge-types';
 import type { PluginInvokeMethod } from './plugins/invoke-method';
@@ -376,6 +377,7 @@ const main: Window['main'] = {
     executeAction: (args: ExecutePluginActionArgs) => invokePluginBridgeMethod('executeAction', args),
     getTemplateTags: () => invokePluginBridgeMethod('getTemplateTags'),
     runTemplateTagAction: (args: RunTemplateTagActionArgs) => invokePluginBridgeMethod('runTemplateTagAction', args),
+    renderTemplate: (args: RenderTemplateArgs) => invokePluginBridgeMethod('renderTemplate', args),
     getBundlePlugins: () => invokePluginBridgeMethod('getBundlePlugins'),
     executePluginMainAction: (args: ExecutePluginMainActionArgs) =>
       invokePluginBridgeMethod('executePluginMainAction', args),

packages/insomnia/src/main/plugin-window.ts

@@ -14,6 +14,28 @@ let cachedHasRequestHooks: boolean | null = null;
 let cachedHasResponseHooks: boolean | null = null;
 const promptPendingRequests = new Map<string, (value: string | null) => void>();
 
+function normalizeInvocationError(error: unknown) {
+  if (!error || typeof error !== 'object') {
+    return new Error(String(error));
+  }
+
+  if (error instanceof Error) {
+    return error;
+  }
+
+  const normalized = new Error('message' in error && typeof error.message === 'string' ? error.message : String(error));
+
+  if ('name' in error && typeof error.name === 'string') {
+    normalized.name = error.name;
+  }
+  if ('stack' in error && typeof error.stack === 'string') {
+    normalized.stack = error.stack;
+  }
+
+  Object.assign(normalized, error);
+  return normalized;
+}
+
 // Bridge observability counters.  Kept in-memory and exposed via the
 // `plugins.getBridgeMetrics` IPC handler so devs / smoke tests / support
 // dumps can read the live state without scraping logs.
@@ -142,7 +164,7 @@ function ensureIpcListeners() {
 
   ipcMain.on(
     'plugins.invokeResult',
-    (event, { id, result, error }: { id: string; result?: unknown; error?: string }) => {
+    (event, { id, result, error }: { id: string; result?: unknown; error?: unknown }) => {
       if (event.sender !== pluginWindow?.webContents) {
         return;
       }
@@ -154,7 +176,7 @@ function ensureIpcListeners() {
       const duration = Date.now() - pending.startedAt;
       if (error) {
         recordInvocation(pending.method, 'error', duration);
-        pending.reject(new Error(error));
+        pending.reject(normalizeInvocationError(error));
       } else {
         recordInvocation(pending.method, 'ok', duration);
         pending.resolve(result);
@@ -302,6 +324,7 @@ export function registerPluginIpcHandlers() {
   ipcMain.handle('plugins.executeAction', (_event, args) => invokeInPluginWindow('executeAction', args));
   ipcMain.handle('plugins.getTemplateTags', () => invokeInPluginWindow('getTemplateTags'));
   ipcMain.handle('plugins.runTemplateTagAction', (_event, args) => invokeInPluginWindow('runTemplateTagAction', args));
+  ipcMain.handle('plugins.renderTemplate', (_event, args) => invokeInPluginWindow('renderTemplate', args));
   ipcMain.handle('plugins.getBundlePlugins', () => invokeInPluginWindow('getBundlePlugins'));
   ipcMain.handle('plugins.executePluginMainAction', (_event, args) =>
     invokeInPluginWindow('executePluginMainAction', args),

packages/insomnia/src/plugins/__tests__/invoke-method.test.ts

@@ -7,6 +7,7 @@ vi.mock('../context/store', () => ({ init: vi.fn().mockReturnValue({ store: {} }
 vi.mock('../context/network', () => ({ init: vi.fn().mockReturnValue({ network: {} }) }));
 vi.mock('../context/request', () => ({ init: vi.fn().mockReturnValue({ request: {} }) }));
 vi.mock('../context/response', () => ({ init: vi.fn().mockReturnValue({ response: {} }) }));
+vi.mock('../../templating', () => ({ render: vi.fn(), reload: vi.fn() }));
 vi.mock('~/insomnia-data', () => ({
   services: {
     settings: { get: vi.fn() },
@@ -20,6 +21,7 @@ vi.mock('~/insomnia-data', () => ({
   },
 }));
 
+import { render as renderTemplate } from '../../templating';
 import type { Plugin } from '../index';
 import { _testOnlySetPlugins } from '../index';
 import { invokePluginMethod } from '../invoke-method';
@@ -41,7 +43,9 @@ afterEach(() => {
 
 describe('invokePluginMethod', () => {
   it('serializes request action metadata', async () => {
-    _testOnlySetPlugins([makePlugin({ module: { requestActions: [{ label: 'Run', icon: 'bolt', action: vi.fn() }] } })]);
+    _testOnlySetPlugins([
+      makePlugin({ module: { requestActions: [{ label: 'Run', icon: 'bolt', action: vi.fn() }] } }),
+    ]);
 
     await expect(invokePluginMethod('getRequestActions')).resolves.toEqual([
       { label: 'Run', icon: 'bolt', pluginName: 'test-plugin' },
@@ -79,4 +83,59 @@ describe('invokePluginMethod', () => {
       }),
     ).rejects.toThrow('[plugin=test-plugin] boom');
   });
+
+  it('rehydrates serialized render context before rendering templates', async () => {
+    vi.mocked(renderTemplate).mockResolvedValue('rendered');
+
+    await expect(
+      invokePluginMethod('renderTemplate', {
+        input: '{{ foo }}',
+        path: 'body.text',
+        ignoreUndefinedEnvVariable: false,
+        context: {
+          foo: 'bar',
+          serializedFunctions: {
+            requestId: 'req_1',
+            workspaceId: 'wrk_1',
+            environmentId: 'env_1',
+            extraInfo: { requestChain: ['req_1'] },
+            globalEnvironmentId: 'genv_1',
+            keysContext: { keyContext: { foo: 'Base Env' } },
+            projectId: 'proj_1',
+            purpose: 'send',
+            settings: { dataFolders: [] },
+          },
+        },
+      }),
+    ).resolves.toBe('rendered');
+
+    expect(renderTemplate).toHaveBeenCalledWith(
+      '{{ foo }}',
+      expect.objectContaining({
+        path: 'body.text',
+        ignoreUndefinedEnvVariable: false,
+        context: expect.objectContaining({
+          foo: 'bar',
+          getMeta: expect.any(Function),
+          getEnvironmentId: expect.any(Function),
+          getExtraInfo: expect.any(Function),
+          getGlobalEnvironmentId: expect.any(Function),
+          getKeysContext: expect.any(Function),
+          getProjectId: expect.any(Function),
+          getPurpose: expect.any(Function),
+          getSettings: expect.any(Function),
+        }),
+      }),
+    );
+
+    const renderContext = vi.mocked(renderTemplate).mock.calls[0]?.[1]?.context as Record<string, any>;
+    expect(renderContext.getMeta()).toEqual({ requestId: 'req_1', workspaceId: 'wrk_1' });
+    expect(renderContext.getEnvironmentId()).toBe('env_1');
+    expect(renderContext.getExtraInfo()).toEqual({ requestChain: ['req_1'] });
+    expect(renderContext.getGlobalEnvironmentId()).toBe('genv_1');
+    expect(renderContext.getKeysContext()).toEqual({ keyContext: { foo: 'Base Env' } });
+    expect(renderContext.getProjectId()).toBe('proj_1');
+    expect(renderContext.getPurpose()).toBe('send');
+    expect(renderContext.getSettings()).toEqual({ dataFolders: [] });
+  });
 });

packages/insomnia/src/plugins/bridge-types.ts

@@ -1,5 +1,5 @@
 import type { ResponsePatch } from '../main/network/libcurl-promise';
-import type { RenderedRequest } from '../templating/types';
+import type { BaseRenderContext, RenderedRequest,RenderPurpose } from '../templating/types';
 import type { PluginTheme } from './misc';
 
 export interface SerializablePlugin {
@@ -38,6 +38,29 @@ export interface RunTemplateTagActionArgs {
   actionName: string;
 }
 
+export interface SerializedRenderContextFunctions {
+  requestId?: string;
+  workspaceId?: string;
+  environmentId?: string;
+  extraInfo?: ReturnType<BaseRenderContext['getExtraInfo']>;
+  globalEnvironmentId?: string;
+  keysContext: ReturnType<BaseRenderContext['getKeysContext']>;
+  projectId?: string;
+  purpose?: RenderPurpose;
+  settings?: Record<string, unknown>;
+}
+
+export type SerializedRenderContext = Record<string, any> & {
+  serializedFunctions: SerializedRenderContextFunctions;
+};
+
+export interface RenderTemplateArgs {
+  input: string;
+  context: SerializedRenderContext;
+  path: string;
+  ignoreUndefinedEnvVariable: boolean;
+}
+
 export type PluginActionType = 'request' | 'requestGroup' | 'workspace' | 'document';
 
 export interface ExecutePluginActionArgs {
@@ -80,6 +103,7 @@ export interface PluginsBridgeAPI {
   executeAction: (args: ExecutePluginActionArgs) => Promise<void>;
   getTemplateTags: () => Promise<SerializableTemplateTagMeta[]>;
   runTemplateTagAction: (args: RunTemplateTagActionArgs) => Promise<void>;
+  renderTemplate: (args: RenderTemplateArgs) => Promise<string>;
   getBundlePlugins: () => Promise<SerializablePlugin[]>;
   executePluginMainAction: (args: ExecutePluginMainActionArgs) => Promise<unknown>;
   hasRequestHooks: () => Promise<boolean>;

packages/insomnia/src/plugins/invoke-method.ts

@@ -1,8 +1,10 @@
+import * as templating from '../templating';
 import type {
   ApplyRequestHooksArgs,
   ApplyResponseHooksArgs,
   ExecutePluginActionArgs,
   ExecutePluginMainActionArgs,
+  RenderTemplateArgs,
   RunTemplateTagActionArgs,
 } from './bridge-types';
 import * as pluginApp from './context/app';
@@ -40,13 +42,33 @@ export type PluginInvokeMethod =
   | 'executeAction'
   | 'getTemplateTags'
   | 'runTemplateTagAction'
+  | 'renderTemplate'
   | 'getBundlePlugins'
   | 'executePluginMainAction'
   | 'hasRequestHooks'
   | 'hasResponseHooks'
   | 'applyRequestHooks'
   | 'applyResponseHooks';
 
+function rehydrateRenderContext(context: RenderTemplateArgs['context']) {
+  const { serializedFunctions, ...renderContext } = context;
+
+  return {
+    ...renderContext,
+    getMeta: () => ({
+      requestId: serializedFunctions.requestId,
+      workspaceId: serializedFunctions.workspaceId,
+    }),
+    getEnvironmentId: () => serializedFunctions.environmentId,
+    getExtraInfo: () => serializedFunctions.extraInfo,
+    getGlobalEnvironmentId: () => serializedFunctions.globalEnvironmentId,
+    getKeysContext: () => serializedFunctions.keysContext,
+    getProjectId: () => serializedFunctions.projectId,
+    getPurpose: () => serializedFunctions.purpose,
+    getSettings: () => serializedFunctions.settings,
+  };
+}
+
 function serializePlugin(p: Plugin) {
   return {
     name: p.name,
@@ -76,6 +98,7 @@ export async function invokePluginMethod(method: PluginInvokeMethod, args?: unkn
 
     case 'reloadPlugins': {
       await reloadPlugins();
+      templating.reload();
       return null;
     }
 
@@ -174,6 +197,15 @@ export async function invokePluginMethod(method: PluginInvokeMethod, args?: unkn
       return null;
     }
 
+    case 'renderTemplate': {
+      const { input, context, path, ignoreUndefinedEnvVariable } = args as RenderTemplateArgs;
+      return templating.render(input, {
+        context: rehydrateRenderContext(context),
+        path,
+        ignoreUndefinedEnvVariable,
+      });
+    }
+
     case 'hasRequestHooks': {
       const hooks = await getRequestHooks();
       return hooks.length > 0;