-
-
Notifications
You must be signed in to change notification settings - Fork 2
plugin functions v8
Edge Functions runtime using a V8/Deno isolate pool with TypeScript support, HTTP triggers, and strict SSRF protection. Pro plugin, requires license.
Requires: Pro license or higher.
nself license set nself_pro_...
nself license set nself_pro_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
nself plugin install functions-v8
nself buildThe license is validated against ping.nself.org/license/validate. An insufficient tier returns an error and the purchase URL.
The functions-v8 plugin runs short-lived TypeScript functions in isolated Deno subprocess pools. Each function invocation gets a fresh Deno process, an allowlist-only environment (no OS env inheritance), a configurable memory ceiling, and a hard execution timeout. Functions are deployed as TypeScript source code, stored in Postgres, and invoked over HTTP.
Capabilities:
- TypeScript + Deno standard library support
- Per-function environment variables (stored encrypted in Postgres)
- Configurable isolate pool size for concurrency control
- Hard wall-clock execution timeout (returns HTTP 504 on breach)
- Prometheus metrics at
/metrics - Structured JSON logs with per-function log retention
- SSRF protection enforced at the runtime level (see below)
# Deploy function source code
curl -X POST http://your-nself-host:3088/functions/v1 \
-H 'Content-Type: application/json' \
-H 'X-Internal-Secret: $PLUGIN_INTERNAL_SECRET' \
-d '{
"name": "hello-world",
"source_code": "export default async function handler(req) { return new Response(JSON.stringify({hello: \"world\"})); }"
}'curl -X POST http://your-nself-host:3088/functions/v1/hello-world/invoke \
-H 'Content-Type: application/json' \
-d '{"name":"nSelf"}'The function receives the request body via Deno.stdin and writes its response to stdout. The HTTP status code is determined by the exit code and output format.
Functions run under Deno with access to the Deno standard library (https://deno.land/std@0.208.0/). Example function:
// Read request body from stdin
const body = await new Response(Deno.stdin.readable).text()
const input = JSON.parse(body || '{}')
const result = {
message: `Hello, ${input.name || 'world'}!`,
timestamp: new Date().toISOString(),
}
console.log(JSON.stringify(result))Outbound network access is deny-by-default. The plugin does NOT pass --allow-net unrestricted to Deno. Instead:
- By default,
--deny-netis set — user functions have no outbound network access. - Operators may set
NSELF_ALLOW_NETto a comma-separated list of specific external hostnames to permit. -
RFC-1918 and loopback addresses are always blocked, even if listed in
NSELF_ALLOW_NET. The Go runtime filters them before constructing the Deno command.
This satisfies the Security-Always-Free Doctrine: no SSRF vector is exposed by default, and no paywall blocks the protection.
# Allow only a specific external API
NSELF_ALLOW_NET=api.openai.com,hooks.slack.com nself startAttempting fetch('http://192.168.1.1/') from user code will fail with a Deno permission error. This is verified by the test suite (TestIsPrivateHost_RFC1918).
Each invocation runs in a separate Deno subprocess:
- No shared memory between invocations
- OS environment is NOT inherited — only explicitly permitted env vars are injected
- Memory ceiling enforced via
--v8-flags=--max-old-space-size=<MB> -
--no-npmprevents npm: specifiers from downloading packages at runtime -
--no-configpreventsdeno.jsonfrom the host filesystem from being loaded
| Env Var | Required | Default | Description |
|---|---|---|---|
DATABASE_URL |
Yes | — | Postgres connection string |
FUNCTIONS_EDGE_PORT |
No | 3088 |
HTTP server port |
FUNCTIONS_EDGE_POOL_SIZE |
No | 5 |
Max concurrent function invocations |
FUNCTIONS_EDGE_MAX_DURATION_MS |
No | 30000 |
Max execution time per invocation (ms) |
FUNCTIONS_EDGE_MAX_MEMORY_MB |
No | 128 |
V8 heap limit per isolate (MB) |
FUNCTIONS_EDGE_LOG_RETENTION_DAYS |
No | 7 |
Function log retention (days) |
DENO_BINARY_PATH |
No | /usr/bin/deno |
Path to the Deno binary |
PLUGIN_INTERNAL_SECRET |
No | — | Shared secret for internal API calls |
NSELF_ALLOW_NET |
No | — | Comma-separated external hostname allowlist |
| Table | Purpose |
|---|---|
np_edge_functions |
Function metadata (name, status, invoke/error counts) |
np_edge_function_versions |
Versioned source code; one active version per function |
np_edge_function_env |
Per-function environment key/value pairs |
np_function_logs |
Structured execution logs with TTL-based retention |
np_edge_functions includes source_account_id TEXT NOT NULL DEFAULT 'primary' for multi-app isolation (Convention A).
| Method | Path | Auth | Description |
|---|---|---|---|
GET |
/health |
none | Health check |
GET |
/metrics |
internal | Prometheus metrics |
GET |
/functions/v1 |
internal | List functions |
POST |
/functions/v1 |
internal | Deploy a function |
GET |
/functions/v1/:name |
internal | Get function metadata |
DELETE |
/functions/v1/:name |
internal | Delete a function |
POST |
/functions/v1/:name/invoke |
internal | Invoke a function |
GET |
/functions/v1/:name/logs |
internal | Fetch function logs |
Internal routes require the X-Internal-Secret header matching PLUGIN_INTERNAL_SECRET.
This plugin runs on port 3088 (CS_7 slot per the nSelf port registry).
This plugin is not included in a named bundle. Access is granted with any Pro license tier or ɳSelf+.
ɳSelf CLI v1.0.9. MIT licensed. Docs CC BY 4.0.
GitHub · Issues · Discussions · nself.org · docs.nself.org
Getting Started
Commands
- Commands, Overview
- Lifecycle: cmd-init · cmd-build · cmd-start · cmd-stop · cmd-restart · cmd-dev
- Monitoring: cmd-status · cmd-logs · cmd-health · cmd-urls · cmd-doctor · cmd-monitor · cmd-alerts · cmd-sentry · cmd-watchdog · cmd-dogfood
- Data: cmd-db · cmd-backup · cmd-dr · cmd-queue · cmd-webhooks
- Config: cmd-config · cmd-service · cmd-env · cmd-promote
- Networking: cmd-ssl · cmd-trust · cmd-dns-setup
- Security: cmd-security · cmd-secrets · cmd-waf
- Tenancy: cmd-tenant · cmd-billing
- Plugins: cmd-plugin · cmd-license
- AI: cmd-ai · cmd-claw · cmd-model
- Templates: cmd-template
- Utilities: cmd-exec · cmd-clean · cmd-reset · cmd-update · cmd-upgrade · cmd-version · cmd-admin · cmd-migrate · cmd-migrate-firebase · cmd-migrate-supabase · cmd-completion
Features
- Features, Overview
- Feature-Auth
- Feature-Storage
- Feature-Search
- Feature-Functions
- Feature-Email
- Feature-Monitoring
- Feature-Plugins
- Feature-ɳClaw, AI Assistant
- Feature-ɳChat, Messaging
- Feature-ɳTV, Media Player
- Feature-ɳFamily, Family Social
- Feature-ɳCloud, Managed Hosting
- Feature-Memory-Rooms, Knowledge Organization
- Feature-Agent-Dashboard, Agent Metrics
- Feature-Image-Generation, AI Image Generation
Configuration
- Configuration, Overview
- Config-Env-Vars
- Config-Postgres
- Config-Hasura
- Config-Auth
- Config-Nginx
- Config-Optional-Services
- Config-Custom-Services
- Config-System
Plugins (87 + 10 monitoring)
Free (25)
- plugin-backup
- plugin-content-acquisition
- plugin-content-progress
- plugin-cron
- plugin-donorbox
- plugin-feature-flags
- plugin-github
- plugin-github-runner
- plugin-invitations
- plugin-jobs
- plugin-link-preview
- plugin-mdns
- plugin-mlflow
- plugin-monitoring
- plugin-notifications
- plugin-notify
- plugin-paypal
- plugin-search
- plugin-shopify
- plugin-stripe
- plugin-subtitle-manager
- plugin-tokens
- plugin-torrent-manager
- plugin-vpn
- plugin-webhooks
Pro (62)
- plugin-access-controls
- plugin-activity-feed
- plugin-admin-api
- nself-ai-gateway
- nself-ai-cc
- nself-ai-mcp
- plugin-analytics
- plugin-auth
- plugin-backup-pro
- plugin-bots
- plugin-browser
- plugin-calendar
- plugin-cdn
- plugin-chat
- plugin-claw
- plugin-claw-budget
- plugin-claw-news
- plugin-claw-web
- plugin-cloudflare
- plugin-cms
- plugin-compliance
- plugin-cron-pro
- plugin-ddns
- plugin-devices
- plugin-documents
- plugin-donorbox-pro
- plugin-entitlements
- plugin-epg
- plugin-file-processing
- plugin-game-metadata
- plugin-geocoding
- plugin-geolocation
- plugin-google
- plugin-home
- plugin-idme
- plugin-knowledge-base
- plugin-linkedin
- plugin-livekit
- plugin-media-processing
- plugin-meetings
- plugin-moderation
- plugin-mux
- plugin-notify-pro
- plugin-object-storage
- plugin-observability
- plugin-paypal-pro
- plugin-photos
- plugin-podcast
- plugin-post
- plugin-realtime
- plugin-recording
- plugin-retro-gaming
- plugin-rom-discovery
- plugin-shopify-pro
- plugin-social
- plugin-sports
- plugin-stream-gateway
- plugin-streaming
- plugin-stripe-pro
- plugin-support
- plugin-tmdb
- plugin-voice
- plugin-web3
- plugin-workflows
Planned (26)
plugin-auditplugin-blogplugin-checkoutplugin-commerceplugin-drmplugin-exportplugin-flowplugin-importplugin-ldapplugin-mailgunplugin-mediaplugin-oauth-providersplugin-pagesplugin-postmarkplugin-rate-limitplugin-reportsplugin-samlplugin-schedulerplugin-sendgridplugin-ssoplugin-subscriptionplugin-thumbplugin-transcoderplugin-twilioplugin-wafplugin-watermark
Guides
- Guide-Production-Deployment
- Guide-SSL-Setup
- Guide-Multi-Tenancy
- Guide-Security-Hardening
- Guide-Monitoring-Setup
- Guide-Backup-Restore
- Guide-Custom-Services
- Guide-Migration-from-v1
Architecture
Reference
- API-Reference
- reference-error-codes, Error Codes
Licensing
Security
Brand
Operations
- operations/release-cascade, Release Cascade
- operations/self-healing, Self-Healing Schema
- operations/redis-tuning, Redis Pool Tuning
- operations/meilisearch-warmup, MeiliSearch Warm-Up
- operations/jwt-rotation, JWT Key Rotation
- operations/windows-wsl2-setup, Windows / WSL2 Setup
- operations/gemini-oauth-reauth, Gemini OAuth Reauth
Contributing
Admin
- USER-ACTION-QUEUE, Pending Admin Actions