The platform for AI-accessible functions. Publish in Python, Go, Rust, JavaScript, or WebAssembly — then let agents discover, call, and trust your tools with full observability, sandboxed execution, and policy controls built in.
From solo founders to enterprise teams, FunctionFly provides the reliability and flexibility you need to focus on building great products.
Deploying your first app
You built an amazing product and now need trustworthy agent tooling without enterprise overhead. FunctionFly gives you multi-language functions, sandboxed execution, trust signals, and a path to scale safely.
Scaling agent + API workloads
Your team is shipping fast and agents are calling more tools every week. You need policy-friendly trust metadata, attestations, and execution-backed signals—not a pile of unvetted endpoints.
Governance and compliance
Your organization needs auditability, least-privilege access to tools, and consistent trust policies across agents and teams. Firecracker MicroVMs, attestations, and policy enforcement — without rewriting how you think about risk.
Publish once. Agents everywhere can discover, trust, and execute your tools — with full isolation and observability built in.
Publish in Python, Go, Rust, JavaScript, or WebAssembly. One SDK, every runtime — no rewrites when you switch languages.
Firecracker MicroVMs isolate every function call. Memory and CPU enforced at the hardware level — not containers.
Agents get history-backed trust signals so “works” and “safe” are distinguishable and policy-driven.
Spawn child agents, orchestrate messaging, evolve behavior over time, and schedule multi-agent tasks — all with quota controls.
Execution depth limits, recursion guards, wall-time caps, and memory constraints — so agents cannot go rogue on your infrastructure.
Route function calls across Cloudflare Workers, Fly.io, and custom backends — with trust-based selection and budget enforcement.
FunctionFly handles verification, isolation, routing, and observability — so you can focus on writing business logic.
Implement your function in Python, Go, Rust, JavaScript, or TypeScript. Your code runs in isolation — it cannot phone home or access the filesystem unless you grant capabilities explicitly.
Run ffly deploy. FunctionFly bundles your code, compiles it for the target runtime, signs the artifact, and runs multi-level verification checks before making it live.
Agents find your function through manifests and trust filters. Your function's trust score, verification tier, execution history, and capability declarations are all surfaced automatically.
Agents call your function over HTTPS. FunctionFly routes to the right backend, enforces policy limits, runs in a Wasm sandbox, and records every result for trust scoring.
Write once. Select your runtime at publish time — FunctionFly handles compilation, bundling, and isolation.
# functionfly.config.jsonc
{"name": "calculate-risk-score",
"runtime": "python",
"capabilities": ["kv:read", "fetch:read"]
}
# risk_score.py
import json
from functionfly import context, kv
async def handle(input: dict) -> dict:
user_id = input["user_id"]
history = await kv.get(f"risk:{user_id}")
score = compute_score(history or [])
return {"score": score, "band": band(score)}// functionfly.jsonc
// {"name": "forward-email", "runtime": "go", "capabilities": ["email:send"]\}
package functionfly
import (
"context"
"encoding/json"
fly "github.com/functionfly/functionfly/sdk/go"
)
type Input struct {
To string `json:"to"`
Subject string `json:"subject"`
Body string `json:"body"`
}
func Handle(ctx context.Context, input Input) (any, error) {
return map[string]any{
"sent": true,
"to": input.To,
"msg_id": ctx.Value(fly.TraceIDKey),
}, nil
}// functionfly.jsonc
// {"name": "mnemonic-check", "runtime": "wasm", "capabilities": []\}
use functionfly::prelude::*;
#[fnfly::function]
pub fn validate_mnemonic(phrase: String) -> MnemonicResult {
let words: Vec<String> = phrase.split_whitespace().map(String::from).collect();
MnemonicResult {
valid: words.len() == 24 && words.iter().all(is_valid_word),
word_count: words.len() as u32,
}
}// functionfly.config.jsonc
// {"name": "scrape-metadata", "runtime": "node20", "capabilities": ["fetch:read"]\}
export async function handle(input) {
const { url } = input;
const res = await fetch(url);
const html = await res.text();
return {
title: extract("<title>(.*?)</title>", html),
description: extract(`<meta name="description" content="(.*?)">`, html),
};
}// functionfly.config.jsonc
// {"name": "raroc-calculate", "runtime": "node20", "capabilities": ["kv:read", "kv:write"]\}
import { kv } from "functionfly";
interface RAROCInput {
pd: number;
lgd: number;
ead: number;
corr: number;
}
export async function handle(input: RAROCInput): Promise<RAROCResult> {
const key = `raroc:${hash(input)}`;
const cached = await kv.get(key);
if (cached) return JSON.parse(cached);
const result = computeRAROC(input);
await kv.set(key, JSON.stringify(result), { ttl: 3600 });
return result;
}Sandbox isolation means every function runs with zero implicit permissions. Capabilities are declared at publish time and enforced at runtime — there is no ambient authority.
functionfly.jsonc fetch:read — outbound HTTPS GETfetch:write — outbound HTTPS POST/PUT/PATCHwebsocket — persistent connectionskv:read — read from key-value storekv:write — write to key-value storestorage:* — any other storage accessemail:send — send transactional emailagent:message — inter-agent messagingnotification:push — push notificationsfunction:invoke — call other functionsagent:spawn — spawn child agents (Enterprise)exec:* — shell or subprocess executionExecution traces, trust scores, and metrics — so you know exactly what your agents are doing.
Every function call is recorded with input, output, latency, cost, and the full call stack. Trace a single execution from agent prompt to function result.
Trust scores are computed from real execution outcomes — not static analysis. High trust means a proven track record of correct results.
P50, P95, P99 latency per function. Cost per execution in USD. Set budget alerts and get notified before quotas hit.
Every verification submission, artifact signing, revocation event, and level change is logged immutably. Exportable to your SIEM.
Other options leave agents flying blind. We give them the trust infrastructure they need.
| Raw API Endpoints | Traditional FaaS Lambda, Cloud Functions | FunctionFly | |
|---|---|---|---|
| Agent-discoverable manifests | ❌ | ❌ | ✔ |
| Trust scores | ❌ | ❌ | ✔ |
| Multi-level verification | ❌ | ❌ | ✔ |
| Wasm sandbox isolation | ⓘ DIY | ❌ | ✔ |
| Firecracker VMs (Enterprise) | ❌ | ❌ | ✔ |
| Signed attestations | ❌ | ❌ | ✔ |
| Capability-based security | ❌ | ❌ | ✔ |
| Agent swarm orchestration | ❌ | ❌ | ✔ |
| Multi-provider routing | ❌ | ⓘ Manual | ✔ |
| Policy engine | ❌ | ❌ | ✔ |
| Execution traces + audit log | ⓘ Basic | ⓘ Cloud logs | ✔ |
Initialize, configure, deploy, and let agents start calling it — with trust scores computed automatically.
The ffly CLI is installed via Homebrew, the shell installer
(curl -fsSL https://raw.githubusercontent.com/functionfly/fly/main/scripts/install.sh | bash),
go install, or
GitHub Releases — not as an npm package.
Start free. Multi-language support, sandboxed execution, trust scoring, and full observability — so agents can call your functions with confidence.
Join the waitlist for early access to new features