npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@sddion/chainbox

v1.0.6

Published

Execution-first backend framework for Next.js

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sddionsddion

Keywords

nextjsbackendframeworkexecutionserverlesstypescriptrpc-lessdistributed-executioncapabilitieszero-trustsecurity-by-deletionapi-lessmeshhonoviteexpress

Readme

Chainbox

Chainbox is an execution-first backend framework that turns backend logic into callable capabilities.
It eliminates APIs as an architectural concern by shifting complexity and security from the network layer into a deterministic execution fabric.

Call logic. Not endpoints.
Pay for outcomes. Not attempts.

📚 Read the Documentation

Why Chainbox

Modern backends are dominated by APIs — endpoints, routes, retries, gateways, and glue code. This model leaks complexity, expands attack surface, and charges developers for failures.

Chainbox takes a different stance:

  • Execution is the primitive, not transport.
  • Capabilities replace endpoints, not wrap them.
  • Security is structural, not procedural.
  • Outcomes matter more than attempts.

Chainbox does not optimize APIs.
It removes them from the critical path.

Zero-Surface Security Model

Chainbox is built on Security by Deletion.
By mapping logic to capabilities instead of HTTP endpoints, entire classes of vulnerabilities are eliminated by design:

  • Public API Attack Surface → GONE
    No per-capability URLs. No endpoint scanning. No verb abuse.

  • Credential Leakage → GONE
    Frontend never sees database keys or service secrets.
    All secrets live strictly inside the execution fabric.

  • Transport Injection → GONE
    Inputs are data, not commands.
    No query-string poisoning or header abuse.

  • CORS / CSRF → GONE
    Browser-level transport attacks do not apply to a non-endpoint system.

Security is enforced by architecture, not discipline.

Core Concepts

Logical Functions

Backend logic is defined as named, stateless, transport-agnostic functions.

  • Location: src/app/_chain/
  • Mapping:
    src/app/_chain/User/Create.tsUser.Create

Logical Functions are the unit of execution and authorization.

Capability Calls

Functions call other functions using ctx.call().

  • No fetch
  • No REST
  • No RPC
  • No service URLs

This enables seamless logic chaining without network boilerplate.

Execution Context (ctx)

Every function receives a controlled execution context exposing only allowed capabilities:

  • input — Call payload (pure data)

  • call(fn, input) — Invoke another capability

  • parallel() — Concurrent execution

  • db — Identity-aware database access (RLS preserved)

  • kv / blob — Stateful primitives

  • env — Secure environment variables

  • trace — Deterministic execution tracing

  • trace — Deterministic execution tracing

  • adapter(name) — Secure external I/O

There is no ambient access. Everything is explicit.

External I/O (Adapters)

Direct fetch() calls are blocked by default. To talk to the outside world, you must use registered adapters.

// src/app/_chain/Payment/Charge.ts
export default async function (ctx: Ctx) {
  // Safe, monitored, and policy-compliant
  const stripe = ctx.adapter("stripe");
  return await stripe.charges.create(ctx.input);
}

Security Policy

Validation happens before execution starts.

  • Role-Based: Functions can enforce strict role requirements.
  • Identity-Aware: ctx.identity is immutably bound to the trace.
  • Zero-Trust: No identity = No execution (if policy exists).

Usage

1. Define a Logical Function

src/app/_chain/Math/Add.ts

import { Ctx } from "@sddion/chainbox";

export default async function (ctx: Ctx) {
  const { a, b } = ctx.input;
  return a + b;
}

2. Call It from Anywhere

The same call works in:

  • Server Components
  • Client Components
  • Nested Chainbox functions
  • Mesh nodes
import { Call } from "@sddion/chainbox/client";

const sum = await Call("Math.Add", { a: 10, b: 20 });

No transport decisions. No environment branching. No API routes.

Execution Model (High Level)

  1. A capability is called: Call("User.Create", input)

  2. Chainbox plans execution (local or remote)

  3. The function runs inside a controlled runtime

  4. Retries, caching, and circuit breakers are handled internally

  5. A single outcome is produced:

    • SUCCESS
    • FAILURE
    • TIMEOUT
    • CIRCUIT_OPEN
    • FORBIDDEN

Retries are implementation details. Outcomes are the contract.

Cloud Compatibility

Chainbox is library-first, not platform-exclusive.

It runs on:

  • AWS (Lambda, Fargate, EKS)
  • Google Cloud (Cloud Run, Functions)
  • Vercel / self-hosted Node
  • Local development

Chainbox does not replace cloud providers. It makes their compute more efficient and easier to reason about.

What Chainbox Is Not

  • ❌ Not an API framework
  • ❌ Not RPC / REST / GraphQL
  • ❌ Not a serverless clone
  • ❌ Not a microservices orchestrator

Chainbox is an execution kernel for backend logic.

The Principle

Chainbox is not how the backend should be optimized. It is how it should have worked all along.