Meet XTP

September 25, 2024
Steve Manuel

Today, I am excited to share that the XTP platform is open to the public in beta, enabling anyone to sign up and make their apps fully extensible! To get started straight away, click here to create an account.

What is XTP?

XTP is for making squishy software.

By "squishy", I mean that end-users can bend and mold an application to do something new; something its creator couldn't have predicted or hasn't the time to build themselves. Users are creative and capable of building incredible things, so why not let more users extend your application to better fit their needs? XTP makes this easy. For the first time, securely run end-user code directly in your application - with near-native performance and an easy programming model fit to your exact specification.

This introduction will cover many more details about security, extensibility, and how end-users program plugins. But first, some backstory...

Why did we build this?

While I was an engineer at Cloudflare, I helped work on the JavaScript edge platform "Workers". To oversimplify, Cloudflare Workers is a programmable layer embedded into the company's global CDN. Prior to adding the Workers platform, Cloudflare customers would configure proxy settings, if-else conditions, and other various traffic rules with drop-down menus and limited expression matching. This was "good enough" for the average customer, but as the company grew and was exposed to new use cases, the limitations kept customers from fully leveraging the product.

However, Workers enabled customers to expand on the hardcoded configuration options with the most powerful tool available to mankind: a programming language! Unrestricted, customers could build anything into the platform, with any level of complexity and sophistication they needed. No more rules engines, no more drop-down options, just a blank canvas to be fully programmed with code. This new flexibility helped customers more substantially depend on Cloudflare for more, and it eliminated the need to seek external solutions - Cloudflare could handle it.

Inspired by this level of extensibility, I thought, all software should be programmable like this...

Extensibility at your specification

It's worth noting, that while Workers is incredibly useful for Cloudflare users, it's mainly an HTTP request-response programming model. That means you're bound by the patterns developed for the Web: fetch, headers, body, etc. But your application deals with its own data structures, domain models, and functionality. This is where XTP shines.

Defining an extension system requires you to identify at what points inside your application you want to delegate some control to an end-user: given some data as input, run user logic and use its output. In XTP, you describe these extension points with a familiar OpenAPI-format schema, sprinkle a few lines of code from our SDKs at your extension points, and we handle the rest! XTP will generate libraries based on your domain types and functions, handle end-user plugin code intake & storage, continuous plugin code testing & simulation, and simple, latency-optimized code delivery via SDK or HTTP API.

Let's take a look at an example schema for a chat application, perhaps handling a /blinkify <message> command:

1version: v1-draft
2exports:
3  handleMessage:
4    description: Called when a message is sent to this plugin.
5    input:
6      contentType: application/json
7      description: The message without the slash command
8      $ref: "#/components/schemas/Message"
9    output:
10      contentType: application/json
11      description: The message you will reply with as the bot
12      $ref: "#/components/schemas/Message"
13components:
14  schemas:
15    MessageType:
16      description: Tells the application how to interpret this message.
17      enum:
18      - html
19      - text
20      - image
21    Message:
22      description: A message from the system
23      properties:
24        body:
25          type: string
26          description: The message body. Depends on the type
27        type:
28          $ref: "#/components/schemas/MessageType"
29        nick:
30          type: string
31          description: The nickname of the originator of the message
32          nullable: true

This schema declares the expectations of plugin code, such that it fits right in to your application. The "exports" are functions that the plugin makes available for your application to call, defining its inputs and outputs, and the "schemas" define the types of data that are used by the plugins. In this example, handleMessage is called any time a message is sent using a slash command like /blinkify.

With this schema, the XTP platform & developer tooling validate end-user code to fit this specification, and generate precisely compatible and idiomatic libraries in several programming languages, making it easy for end-users to build plugins against your application.

Here's an example of some TypeScript code generated from this spec (I filled in the function body):

import { Message, MessageType } from "./pdk";

/**
 * Called when a message is sent to this plugin.
 *
 * @param {Message} input The message without the slash command
 * @returns {Message} The message you will reply with as the bot
 */
export function handleMessageImpl(input: Message): Message {
  if (input.type === MessageType.text) {
    return {
      type: MessageType.html,
      body: `<blink>đź‘€${input.body.toUpperCase()}đź‘€</blink>`,
      nick: input.nick,
    };
  }

  return {
    type: MessageType.text,
    body: "invalid input",
    nick: "validation-bot"
  };
}

You'll notice it contains all the documentation and rich type information as notated in the schema example. As of today, XTP has pre-built code generators for TypeScript, Go, Rust, C#, C++, and Zig. Python is on its way, and many more to come too.

If you'd like to see this example in action, check out our end-to-end integration exercise and take it for a spin!

Security

Some of those languages are meant for systems-level programming... isn't it risky to run native code in-process within an app?

I'm glad you asked!

XTP leverages the latest advancements in virtualized software isolation technology. The code you see above actually compiles down to efficient WebAssembly (Wasm) instructions, that run in their own tightly controlled sandbox. Wasm memory is allocated separately from any other user code, and is strictly isolated in its own address-space away from your application code.

Wasm was designed to run untrusted code in the web browser, and we've made it easy to bring this same secure runtime directly into your application. Imagine what's possible if your system could be as flexible as the web!

For more information about XTP security and runtime characteristics, please reach out to us, and we'd be happy to go deeper with you.

The full package

So far you've learned how XTP makes it easy to integrate well-specified plugins into your app and how our schema-driven code generation makes for a great plugin developer experience. But, there's so much more to the equation. The XTP platform will also run your end-user submitted code before it's ever allowed to run in your application. You can write your own platform-hosted tests and simulate your exact environment. As your users push up plugin code, XTP validates that it runs correctly, producing expected outputs, and even completes in an acceptable amount of time.

Our convenient SDKs help match the right plugins to the right users or groups in your app, so you don't need to do all the bookkeeping yourself. XTP Guest management is entirely handled, and can even be white-labeled, so your customers never see anything but your brand and platform interfaces.

XTP wouldn't be an extensibility platform if it wasn't also fully extensible. Define your own validation and testing plugins that run continuously to keep your application safe from accidental errors in plugin code, or make your own library generators driven off the same XTP Schema we use to generate plugin libraries.

Learn all about what's possible with XTP on our docs, and reach out to set up a demo.

What's next?

We're only at the very beginning of a revolutionary change in software extensibility. We've opened up the platform to everyone, and are offering a capable Free plan so you can build and experiment to see what's possible. We'd love to see what you create, so please share with us on Discord or Slack! Perhaps you'll integrate to let users respond to system triggers, or let users bring their own API integrations, or build custom UI widgets & dashboards, or transform data in workflows?

If you're ready to take things to production or scale up your implementation, we also have Pro and Enterprise plans available for companies of all sizes.

It's an exciting day for us, and we hope you love XTP as much as we do!


Steve Manuel
Co-founder & CEO, Dylibso

Grow with customer use cases

Empower your users to customize your product precisely for them, while you focus on the core. A plugin system maximizes product flexibility to meet users' dynamic needs, so your product grows with your customers.

Meeting customers' needs →

Reduce churn & increase usage

Product adoption can be a double-edged sword. How do you prioritize a tidal wave of feature requests? Give users the freedom to make your product do more for them on their own timeline, and they'll stick around.

Improve customer retention →

Reclaim control of your roadmap

When customers can self-serve entire features, you can get back to building the vision. Take back valuable engineering time & innovate on your product.

On the road to roadmap freedom →

Deeper & advanced integrations

Going beyond the HTTP API, running customer code directly enables advanced use-cases compared to Webhooks & other system integration techniques.

More integration possibilities →

Pricing

Free

Create your proof-of-concept, integrating XTP into your app at no cost.

Enjoy full access to the XTP platform, limited by the number of apps, extension points, and plugins that can be created.

Full access, managing up to:

  • 1 App
  • 1 Team (up to 10 members)
  • 10 Authorized Guests (to push plugins)
  • 2 Extension Points
  • 100 Continuous plugin simulations (per month)

đź‘€ See what you can do with free XTP:

A quick intro to XTP - safely run user code in your program
Create a free account →

Enterprise

Fully white-label your implementation, contained entirely behind your system.
‍‍
Hands-on training, enablement, and onboarding provides your company with a solid path to integration success.

Meets advanced scenarios with:

  • Custom plan, fit to your needs
  • Tailored training sessions & assistance
  • Predictable, set pricing
  • Uptime SLA + up to 24/7 direct support
  • Private cloud & object storage integration
  • Access to compliance attestations including: SOC 2 Type 2, ISO 27001, & GDPR

Talk to our team to learn more about how best to leverage XTP in your product or platform.
‍‍

Contact Sales →
Custom

Leverage next-gen technology

Use XTP’s powerful plugin execution engine to easily and securely run customer code, directly within your application. Let us handle the storage, validation, distribution and monitoring all while presenting a top-notch experience for plugin developers.

Join the Waitlist
Have questions?
Connect with us!