Skip to content

Commit 405cb00

Browse files
committed
docs: tweaks
1 parent 68d2600 commit 405cb00

6 files changed

Lines changed: 111 additions & 24 deletions

File tree

README.md

Lines changed: 19 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,24 +18,29 @@
1818

1919
# Why isolated-function?
2020

21-
Sometimes your application needs to run JavaScript that did not come from your codebase.
21+
Sometimes your application needs to let users customize a piece of behavior with JavaScript.
2222

23-
That code might come from an AI agent, a customer-defined workflow, a plugin, a webhook transform, or an automation rule. You want the useful part: let people customize behavior with code. You do not want the dangerous part: letting that code read files, spawn processes, install anything it wants, or run forever.
23+
That code might be a function template for an AI agent, a customer-defined workflow, a plugin, a webhook transform, or an automation rule. You provide the shape of the function and the runtime context; users provide the custom logic. You want the useful part: programmable behavior without turning the rest of your application into the execution environment.
2424

25-
**isolated-function** gives you a small API for running that code in a separate Node.js process with clear limits:
25+
**isolated-function** gives you a small API for turning user-customizable function templates into controlled executions:
2626

27-
- give it a function
27+
- give it a function or generated function template
28+
- pass runtime arguments into it
2829
- choose what it is allowed to do
2930
- set memory and timeout limits
3031
- run it
3132
- get back the result, logs, errors, and timing data
3233

33-
It is a sandbox for the kind of code you need to execute, but do not fully trust.
34+
It is useful when your product needs user-defined logic, but you still want a narrow execution contract around what that logic can receive, return, import, and access.
3435

3536
# What it does
3637

3738
At a high level, isolated-function wraps a JavaScript function and runs it away from your main process.
3839

40+
The core use case is giving your product a controlled function template that users can customize. Your application owns the template, runtime arguments, dependencies, permissions, timeout, memory, result shape, logging, and cleanup. Users only customize the part of the function you intentionally expose.
41+
42+
This is the pattern used by [`@browserless/function`](https://github.com/microlinkhq/browserless/tree/master/packages/function): it lets users build functions that can access a Puppeteer `page` and related browser context, then runs those functions through isolated-function.
43+
3944
It can:
4045

4146
- run untrusted code in a separate process
@@ -47,7 +52,15 @@ It can:
4752
- allow only the packages you explicitly trust
4853
- return profiling data for compile, spawn, run, and total time
4954

50-
# Install
55+
# What it is not
56+
57+
isolated-function is not a virtual machine, microVM, container runtime, or hypervisor-based sandbox.
58+
59+
It isolates JavaScript by running it in a separate Node.js process with Node.js permissions and resource limits. That is useful for many plugin, workflow, webhook, and AI-agent use cases, but it is not the same security boundary as KVM, Firecracker, Kata Containers, gVisor, or another VM-backed isolation layer.
60+
61+
If you need to execute hostile multi-tenant code, use isolated-function behind a stronger runtime boundary such as a locked-down container, gVisor, Kata Containers, Firecracker, or another hypervisor-backed execution environment.
62+
63+
# Installation
5164

5265
```bash
5366
pnpm add isolated-function

docs/README.md

Lines changed: 19 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,24 +18,29 @@
1818

1919
# Why isolated-function?
2020

21-
Sometimes your application needs to run JavaScript that did not come from your codebase.
21+
Sometimes your application needs to let users customize a piece of behavior with JavaScript.
2222

23-
That code might come from an AI agent, a customer-defined workflow, a plugin, a webhook transform, or an automation rule. You want the useful part: let people customize behavior with code. You do not want the dangerous part: letting that code read files, spawn processes, install anything it wants, or run forever.
23+
That code might be a function template for an AI agent, a customer-defined workflow, a plugin, a webhook transform, or an automation rule. You provide the shape of the function and the runtime context; users provide the custom logic. You want the useful part: programmable behavior without turning the rest of your application into the execution environment.
2424

25-
**isolated-function** gives you a small API for running that code in a separate Node.js process with clear limits:
25+
**isolated-function** gives you a small API for turning user-customizable function templates into controlled executions:
2626

27-
- give it a function
27+
- give it a function or generated function template
28+
- pass runtime arguments into it
2829
- choose what it is allowed to do
2930
- set memory and timeout limits
3031
- run it
3132
- get back the result, logs, errors, and timing data
3233

33-
It is a sandbox for the kind of code you need to execute, but do not fully trust.
34+
It is useful when your product needs user-defined logic, but you still want a narrow execution contract around what that logic can receive, return, import, and access.
3435

3536
# What it does
3637

3738
At a high level, isolated-function wraps a JavaScript function and runs it away from your main process.
3839

40+
The core use case is giving your product a controlled function template that users can customize. Your application owns the template, runtime arguments, dependencies, permissions, timeout, memory, result shape, logging, and cleanup. Users only customize the part of the function you intentionally expose.
41+
42+
This is the pattern used by [`@browserless/function`](https://github.com/microlinkhq/browserless/tree/master/packages/function): it lets users build functions that can access a Puppeteer `page` and related browser context, then runs those functions through isolated-function.
43+
3944
It can:
4045

4146
- run untrusted code in a separate process
@@ -47,7 +52,15 @@ It can:
4752
- allow only the packages you explicitly trust
4853
- return profiling data for compile, spawn, run, and total time
4954

50-
# Install
55+
# What it is not
56+
57+
isolated-function is not a virtual machine, microVM, container runtime, or hypervisor-based sandbox.
58+
59+
It isolates JavaScript by running it in a separate Node.js process with Node.js permissions and resource limits. That is useful for many plugin, workflow, webhook, and AI-agent use cases, but it is not the same security boundary as KVM, Firecracker, Kata Containers, gVisor, or another VM-backed isolation layer.
60+
61+
If you need to execute hostile multi-tenant code, use isolated-function behind a stronger runtime boundary such as a locked-down container, gVisor, Kata Containers, Firecracker, or another hypervisor-backed execution environment.
62+
63+
# Installation
5164

5265
```bash
5366
pnpm add isolated-function

docs/src/css/style.css

Lines changed: 69 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -93,7 +93,10 @@ body:not(.sticky) .sidebar {
9393
background: var(--line);
9494
}
9595

96-
.sidebar-toggle,
96+
.sidebar-toggle {
97+
display: none;
98+
}
99+
97100
.badge,
98101
img[src*='shields.io'],
99102
.site-header {
@@ -592,23 +595,79 @@ section.cover {
592595
display: none;
593596
}
594597

598+
body {
599+
overflow-x: hidden;
600+
}
601+
595602
body:not(.sticky) .sidebar {
596-
display: none;
603+
opacity: 1;
604+
pointer-events: auto;
605+
visibility: visible;
606+
transform: none;
597607
}
598608

599609
.sidebar {
600-
position: static;
610+
position: fixed;
611+
top: 0;
612+
left: calc(-1 * (var(--sidebar-width) + 30px));
613+
width: var(--sidebar-width);
614+
height: 100vh;
615+
height: 100dvh;
616+
z-index: 3;
617+
border-right: 1px solid var(--line);
618+
border-bottom: 0;
619+
padding-top: 62px;
620+
transition: transform 0.25s ease-out;
621+
}
622+
623+
.sidebar-toggle {
624+
cursor: pointer;
625+
display: inherit;
626+
border: 0;
627+
outline: none;
628+
padding: 0 10px;
629+
left: 6px;
630+
transition: opacity 0.3s;
631+
z-index: 4;
632+
position: fixed;
633+
top: 0;
634+
height: 62px;
601635
width: 100%;
602-
height: auto;
603-
border-right: 0;
604-
border-bottom: 1px solid var(--line);
605-
opacity: 1;
606-
transform: none;
636+
background: var(--bg);
637+
}
638+
639+
.sidebar-toggle:focus-visible {
640+
outline: 2px solid var(--active);
641+
outline-offset: 2px;
642+
}
643+
644+
.sidebar-toggle span {
645+
background-color: var(--text);
646+
display: block;
647+
margin-bottom: 5px;
648+
width: 24px;
649+
height: 3px;
650+
}
651+
652+
body.sidebar-toggle {
653+
display: none;
654+
}
655+
656+
body.close .sidebar,
657+
body.close .content {
658+
transform: translateX(calc(var(--sidebar-width) + 30px));
659+
}
660+
661+
body.close .sidebar-toggle {
662+
background: var(--bg);
663+
transition: background-color 0.3s;
664+
width: calc(var(--sidebar-width) + 34px);
607665
}
608666

609667
.content {
610-
margin-left: 0;
611-
padding: 20px 12px 40px;
668+
margin: 0;
669+
padding: 62px 12px 40px;
670+
transition: transform 0.25s ease;
612671
}
613672

614673
.markdown-section h1,

docs/src/js/main.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,8 @@ const setupSidebarHighlight = () => {
7979

8080
const id = parseSectionId(link.getAttribute('href'))
8181
if (id) setActiveLink(links, id)
82+
83+
if (window.innerWidth <= 900) document.body.classList.remove('close')
8284
}
8385

8486
window.addEventListener('scroll', requestSync, { passive: true })

docs/static/main.min.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)