Hey HN,<p>one of our goals for our product was to make it easily extendable by ourselves and our customers. To achieve this, we came up with the idea of Scriptable. At the core, Scriptable allows product teams to accept and run code from anyone to extend their products in various forms without the usual risk of running untrusted code.<p>In our case, we allow users and ourselves to easily extend our product (Questmate.com) with user-defined UI components, as well as logic that can run at certain events (e.g., a form is being submitted).<p>To give you just a few concrete examples of what we and the users of our product were able to achieve using this "magic escape hatch":<p>- Giving limited access to smart devices, from Philips Hue to your Tesla (<a href="https://twitter.com/sreuter/status/1597410646198394881/photo/1" rel="nofollow">https://twitter.com/sreuter/status/1597410646198394881/photo...</a>)<p>- Rendering form dropdowns, backed by data coming live from Airtable, Slack, Google Sheets, and other APIs. (See video @ <a href="https://www.questmate.com/integrations/airtable" rel="nofollow">https://www.questmate.com/integrations/airtable</a>)
- Sending back into an Airtable, a Slack room and others and our destinations (example use case: <a href="https://www.questmate.com/visitor-management" rel="nofollow">https://www.questmate.com/visitor-management</a>)<p>Scriptable also allows you (the product owner/developer) to define your own layers, which allows them to inject everything from custom data objects to actual API clients into the global context of the function. And to top it off, you can automagically pre-authenticate HTTP requests by automatically adding headers to outbound fetch requests without exposing any actual credentials/access tokens to script authors.