Today, IÂ am excited to share that the XTPÂ platform is open to the public in beta, enabling anyone to sign up and make their apps fully extensible! To get started straight away, click here to create an account.
What is XTP?
XTPÂ is for making squishy software.
By "squishy", I mean that end-users can bend and mold an application to do something new; something its creator couldn't have predicted or hasn't the time to build themselves. Users are creative and capable of building incredible things, so why not let more users extend your application to better fit their needs? XTP makes this easy. For the first time, securely run end-user code directly in your application - with near-native performance and an easy programming model fit to your exact specification.
This introduction will cover many more details about security, extensibility, and how end-users program plugins. But first, some backstory...
Why did we build this?
While I was an engineer at Cloudflare, I helped work on the JavaScript edge platform "Workers". To oversimplify, Cloudflare Workers is a programmable layer embedded into the company's global CDN. Prior to adding the Workers platform, Cloudflare customers would configure proxy settings, if-else conditions, and other various traffic rules with drop-down menus and limited expression matching. This was "good enough"Â for the average customer, but as the company grew and was exposed to new use cases, the limitations kept customers from fully leveraging the product.
However, Workers enabled customers to expand on the hardcoded configuration options with the most powerful tool available to mankind:Â a programming language! Unrestricted, customers could build anything into the platform, with any level of complexity and sophistication they needed. No more rules engines, no more drop-down options, just a blank canvas to be fully programmed with code. This new flexibility helped customers more substantially depend on Cloudflare for more, and it eliminated the need to seek external solutions - Cloudflare could handle it.
Inspired by this level of extensibility, I thought, all software should be programmable like this...
Extensibility at your specification
It's worth noting, that while Workers is incredibly useful for Cloudflare users, it's mainly an HTTP request-response programming model. That means you're bound by the patterns developed for the Web:Â fetch, headers, body, etc. But your application deals with its own data structures, domain models, and functionality. This is where XTPÂ shines.
Defining an extension system requires you to identify at what points inside your application you want to delegate some control to an end-user:Â given some data as input, run user logic and use its output. In XTP, you describe these extension points with a familiar OpenAPI-format schema, sprinkle a few lines of code from our SDKs at your extension points, and we handle the rest! XTPÂ will generate libraries based on your domain types and functions, handle end-user plugin code intake &Â storage, continuous plugin code testing & simulation, and simple, latency-optimized code delivery via SDKÂ or HTTPÂ API.
Let's take a look at an example schema for a chat application, perhaps handling a /blinkify <message>
command:
version: v1-draft
exports:
handleMessage:
description: Called when a message is sent to this plugin.
input:
contentType: application/json
description: The message without the slash command
$ref: "#/components/schemas/Message"
output:
contentType: application/json
description: The message you will reply with as the bot
$ref: "#/components/schemas/Message"
components:
schemas:
MessageType:
description: Tells the application how to interpret this message.
enum:
- html
- text
- image
Message:
description: A message from the system
properties:
body:
type: string
description: The message body. Depends on the type
type:
$ref: "#/components/schemas/MessageType"
nick:
type: string
description: The nickname of the originator of the message
nullable: true
This schema declares the expectations of plugin code, such that it fits right in to your application. The "exports" are functions that the plugin makes available for your application to call, defining its inputs and outputs, and the "schemas"Â define the types of data that are used by the plugins. In this example, handleMessage
is called any time a message is sent using a slash command like /blinkify.
With this schema, the XTP platform & developer tooling validate end-user code to fit this specification, and generate precisely compatible and idiomatic libraries in several programming languages, making it easy for end-users to build plugins against your application.
Here's an example of some TypeScript code generated from this spec (I filled in the function body):
import { Message, MessageType } from "./pdk";
/**
* Called when a message is sent to this plugin.
*
* @param {Message} input The message without the slash command
* @returns {Message} The message you will reply with as the bot
*/
export function handleMessageImpl(input: Message): Message {
if (input.type === MessageType.text) {
return {
type: MessageType.html,
body: `<blink>đź‘€${input.body.toUpperCase()}đź‘€</blink>`,
nick: input.nick,
};
}
return {
type: MessageType.text,
body: "invalid input",
nick: "validation-bot"
};
}
You'll notice it contains all the documentation and rich type information as notated in the schema example. As of today, XTP has pre-built code generators for TypeScript, Go, Rust, C#, C++, and Zig. Python is on its way, and many more to come too.
If you'd like to see this example in action, check out our end-to-end integration exercise and take it for a spin!
Security
Some of those languages are meant for systems-level programming... isn't it risky to run native code in-process within an app?
I'm glad you asked!
XTP leverages the latest advancements in virtualized software isolation technology. The code you see above actually compiles down to efficient WebAssembly (Wasm) instructions, that run in their own tightly controlled sandbox. Wasm memory is allocated separately from any other user code, and is strictly isolated in its own address-space away from your application code.
Wasm was designed to run untrusted code in the web browser, and we've made it easy to bring this same secure runtime directly into your application. Imagine what's possible if your system could be as flexible as the web!
For more information about XTP security and runtime characteristics, please reach out to us, and we'd be happy to go deeper with you.
The full package
So far you've learned how XTPÂ makes it easy to integrate well-specified plugins into your app and how our schema-driven code generation makes for a great plugin developer experience. But, there's so much more to the equation. The XTPÂ platform will also run your end-user submitted code before it's ever allowed to run in your application. You can write your own platform-hosted tests and simulate your exact environment. As your users push up plugin code, XTPÂ validates that it runs correctly, producing expected outputs, and even completes in an acceptable amount of time.
Our convenient SDKs help match the right plugins to the right users or groups in your app, so you don't need to do all the bookkeeping yourself. XTP Guest management is entirely handled, and can even be white-labeled, so your customers never see anything but your brand and platform interfaces.
XTP wouldn't be an extensibility platform if it wasn't also fully extensible. Define your own validation and testing plugins that run continuously to keep your application safe from accidental errors in plugin code, or make your own library generators driven off the same XTPÂ Schema we use to generate plugin libraries.
Learn all about what's possible with XTPÂ on our docs, and reach out to set up a demo.
What's next?
We're only at the very beginning of a revolutionary change in software extensibility. We've opened up the platform to everyone, and are offering a capable Free plan so you can build and experiment to see what's possible. We'd love to see what you create, so please share with us on Discord or Slack! Perhaps you'll integrate to let users respond to system triggers, or let users bring their own API integrations, or build custom UI widgets &Â dashboards, or transform data in workflows?
If you're ready to take things to production or scale up your implementation, we also have Pro and Enterprise plans available for companies of all sizes.
It's an exciting day for us, and we hope you love XTP as much as we do!
Steve Manuel
Co-founder &Â CEO, Dylibso