Skip to content

Comments

feat: Create YAML import endpoint for Tangle Deploy to preview pipeline#1829

Open
yuechao-qin wants to merge 1 commit intomasterfrom
ycq/tangle-deploy-investigate-run
Open

feat: Create YAML import endpoint for Tangle Deploy to preview pipeline#1829
yuechao-qin wants to merge 1 commit intomasterfrom
ycq/tangle-deploy-investigate-run

Conversation

@yuechao-qin
Copy link
Collaborator

@yuechao-qin yuechao-qin commented Feb 20, 2026

tangle-ui

Description

Add /import route to enable opening pipeline YAML files directly in the browser editor from external tools.

Look at PR-28268 for Video Demos for what this PR supports.

Changes

  • New ImportPage component (src/routes/Import/index.tsx) — fetches a pipeline YAML from a URL query parameter (?url=...), imports it into IndexedDB via importPipelineFromYaml, and redirects to the editor
  • Step indicator UI showing fetch → import → open progress, with error handling and a "Back to Home" fallback
  • Registered /import route in router.ts
  • Unit tests covering success path, fetch failures, empty content, missing URL param, and network errors

Test Steps

  1. Run npm run start (frontend on localhost:3000)
  2. Run tangle-view-pipeline <any_pipeline.yaml> --ui-url http://localhost:3000 — browser should open, show the step indicator, and redirect to the editor with the pipeline loaded
  3. Visit http://localhost:3000/#/import (no url param) — should show "Missing 'url' parameter" error with Back to Home button
  4. Visit http://localhost:3000/#/import?url=http://bad-url — should show fetch error UI
  5. Run npm test -- src/routes/Import/Import.test.tsx — all 6 tests should pass

Copy link
Collaborator Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@yuechao-qin yuechao-qin marked this pull request as ready for review February 20, 2026 02:05
@yuechao-qin yuechao-qin requested a review from a team as a code owner February 20, 2026 02:05
Copy link

Ark-kun commented Feb 20, 2026

http://localhost:3000/#/import?url=http://bad-url
This might be dangerous from security perspective. Pipelines can contain malicious components. Users can be redirected to pipeline importing URLs.

We wanted to implement this feature for sample pipelines, but eventually went with a preloaded set of pipelines.

Although, doing such importing in the browser is still more secure than doing that in the backend (which is more privileged and has access to internal resources).

Copy link

Ark-kun commented Feb 20, 2026

>/import

I think we need the name to be more specific so that it does not conflict with things like importing components.

Also, I'de like the frontend to minimize the number of root route "directories". In some circumstances we need to route HTTP requests between UI and API server (on same domain) and URL prefixes makes that easier.
I'd suggest something like /app/commands/import_pipeline or /app/editor/import_pipeline

Copy link
Collaborator

In order to properly load remote resource we would need a proxy to:

  1. sanitize malicious endpoints
  2. avoid CORS issues
  3. validate pipelines

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants