InsForge

v2.1.7 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 13d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai ai-agents coding deno embeddings insforge

+7 more

nextjs oauth2 pgvector postgresql realtime vectors websockets

ReleasePort's take

Light signal

editorial:auto 13d

v2.1.7 fixes admin session refresh by persisting CSRF tokens, eliminates stale page state after idle periods, and adds cross-provider rate limiting for write endpoints.

Why it matters: CSRF token persistence prevents session anomalies in admin workflows. Rate limiting protects Deno/Vercel write endpoints. Test session behavior in dev before upgrading.

Summary

AI summary

Updates INS-140, fix, and skills across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Feature	Medium	Adds cross-provider rate limiting with write-endpoint limiter and backoff Adds cross-provider rate limiting with write-endpoint limiter and backoff Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Adds Open in PostHog button wired to /open deep-link Adds Open in PostHog button wired to /open deep-link Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix
Bugfix	Medium	Fixes stale page state after user remains idle Fixes stale page state after user remains idle Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	Fixes admin refresh and persists CSRF token across session Fixes admin refresh and persists CSRF token across session Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	Fixes false positive errors in function validation logic Fixes false positive errors in function validation logic Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	Skips INSFORGE_INTERNAL_URL cloud seed Skips INSFORGE_INTERNAL_URL cloud seed Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	Fixes broken and compressed Create Table button UI rendering Fixes broken and compressed Create Table button UI rendering Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	Corrects function validation false positives Corrects function validation false positives Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Refactor
Refactor	Medium	Unifies user context handling across application Unifies user context handling across application Source: llm_adapter@2026-05-22 Confidence: high	—
Refactor	Medium	Consolidates humanizer rules into doc-author and insforge-dev documentation Consolidates humanizer rules into doc-author and insforge-dev documentation Source: llm_adapter@2026-05-22 Confidence: low	—
Refactor	Medium	Points doc-author documentation to humanizer skill for deeper guidance Points doc-author documentation to humanizer skill for deeper guidance Source: llm_adapter@2026-05-22 Confidence: low	—
Refactor	Medium	Adds dashboard unit, component, and UI test pipelines Adds dashboard unit, component, and UI test pipelines Source: llm_adapter@2026-05-22 Confidence: low	—
Refactor	Medium	Adds more unit tests and component tests Adds more unit tests and component tests Source: llm_adapter@2026-05-22 Confidence: low	—
Refactor	Medium	Adds SECURITY.md policy documentation Adds SECURITY.md policy documentation Source: llm_adapter@2026-05-22 Confidence: low	—

Full changelog

What's Changed

Add dashboard unit, component, and UI test pipelines by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/1284
Add more unit tests and component tests by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/1289
INS-196 Cross-provider rate limiting: write-endpoint limiter + Deno/Vercel 429 backoff by @jwfing in https://github.com/InsForge/InsForge/pull/1270
INS-140: Investigate stale page state after being idle by @CarmenDou in https://github.com/InsForge/InsForge/pull/1294
Skip INSFORGE_INTERNAL_URL cloud seed by @malsomesh9 in https://github.com/InsForge/InsForge/pull/1298
docs: add SECURITY.md policy by @tonychang04 in https://github.com/InsForge/InsForge/pull/1308
[Bug] Fix admin refresh & persist csrf along session by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/1307
fix: repair the broken & compressed 'Create Table' button by @izhanwk in https://github.com/InsForge/InsForge/pull/1232
INS-227 Fix function validation false positives by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/1313
[Enhancement] Unify user context by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/1318
docs(skills): fold humanizer rules into doc-author + insforge-dev docs by @tonychang04 in https://github.com/InsForge/InsForge/pull/1325
feat(analytics): wire Open in PostHog button to /open deep-link by @CarmenDou in https://github.com/InsForge/InsForge/pull/1310
docs(doc-author): point to the humanizer skill for a deeper pass by @tonychang04 in https://github.com/InsForge/InsForge/pull/1326

New Contributors

@malsomesh9 made their first contribution in https://github.com/InsForge/InsForge/pull/1298
@izhanwk made their first contribution in https://github.com/InsForge/InsForge/pull/1232

Full Changelog: https://github.com/InsForge/InsForge/compare/v2.1.6...v2.1.7

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track InsForge

Get notified when new releases ship.

About InsForge

All releases →

Related context

Related tools

Earlier breaking changes

v2.1.8 Restricts raw SQL permission to project_admin role only.