pub enum Function {
Show 61 variants
FindAll {
collection: String,
},
Query {
collection: String,
filter: Option<Value>,
sort: Option<Vec<SortFieldConfig>>,
limit: Option<Value>,
skip: Option<Value>,
},
Project {
fields: Vec<String>,
exclude: bool,
},
Group {
by_fields: Vec<String>,
functions: Vec<GroupFunctionConfig>,
},
Count {
output_field: String,
},
FindById {
collection: String,
record_id: String,
},
FindOne {
collection: String,
key: String,
value: Value,
},
Insert {
collection: String,
record: Value,
bypass_ripple: Option<bool>,
ttl: Option<Value>,
},
Update {
collection: String,
filter: Value,
updates: Value,
bypass_ripple: Option<bool>,
ttl: Option<Value>,
},
UpdateById {
collection: String,
record_id: String,
updates: Value,
bypass_ripple: Option<bool>,
ttl: Option<Value>,
},
FindOneAndUpdate {
collection: String,
filter: Value,
updates: Value,
bypass_ripple: Option<bool>,
ttl: Option<Value>,
},
UpdateWithAction {
collection: String,
filter: Value,
actions: Value,
bypass_ripple: Option<bool>,
},
Delete {
collection: String,
filter: Value,
bypass_ripple: Option<bool>,
},
DeleteById {
collection: String,
record_id: String,
bypass_ripple: Option<bool>,
},
BatchInsert {
collection: String,
records: Value,
bypass_ripple: Option<bool>,
},
BatchDelete {
ids: Value,
bypass_ripple: bool,
},
HttpRequest {
url: String,
method: String,
headers: Option<HashMap<String, String>>,
body: Option<Value>,
timeout_seconds: Option<u64>,
output_field: Option<String>,
},
VectorSearch {
query_vector: Vec<f32>,
options: Option<Value>,
},
TextSearch {
collection: String,
query_text: Value,
fields: Option<Vec<String>>,
limit: Option<Value>,
fuzzy: Option<bool>,
},
HybridSearch {
text_query: String,
vector_query: Vec<f32>,
options: Option<Value>,
},
Chat {
messages: Vec<ChatMessage>,
model: Option<String>,
temperature: Option<f32>,
max_tokens: Option<i32>,
},
Embed {
input_field: String,
output_field: String,
model: Option<String>,
},
If {
condition: FunctionCondition,
then_functions: Vec<Box<Function>>,
else_functions: Option<Vec<Box<Function>>>,
},
ForEach {
functions: Vec<Box<Function>>,
},
CallFunction {
function_label: String,
params: Option<HashMap<String, Value>>,
},
CreateSavepoint {
name: String,
},
RollbackToSavepoint {
name: String,
},
ReleaseSavepoint {
name: String,
},
KvGet {
key: Value,
},
KvSet {
key: Value,
value: Value,
ttl: Option<Value>,
},
KvDelete {
key: Value,
},
KvExists {
key: Value,
output_field: Option<String>,
},
KvQuery {
pattern: Option<Value>,
include_expired: bool,
},
SWR {
cache_key: String,
ttl: Value,
url: String,
method: String,
headers: Option<HashMap<String, String>>,
body: Option<Value>,
timeout_seconds: Option<u64>,
output_field: Option<String>,
collection: Option<String>,
},
BcryptHash {
plain: String,
cost: Option<u32>,
output_field: String,
},
BcryptVerify {
plain: String,
hash_field: String,
output_field: String,
},
RandomToken {
bytes: usize,
encoding: Option<String>,
output_field: String,
},
JwtSign {
claims: HashMap<String, Value>,
secret: String,
algorithm: Option<String>,
expires_in_secs: Option<i64>,
output_field: String,
},
JwtVerify {
token_field: String,
secret: String,
algorithm: Option<String>,
output_field: String,
},
EmailSend {
to: String,
subject: String,
body: String,
from: String,
reply_to: Option<String>,
api_key: String,
provider: Option<String>,
html: Option<bool>,
output_field: Option<String>,
},
HmacSign {
input: String,
secret: String,
algorithm: Option<String>,
output_field: String,
encoding: Option<String>,
},
HmacVerify {
input: String,
provided_mac: String,
secret: String,
algorithm: Option<String>,
encoding: Option<String>,
output_field: String,
},
AesEncrypt {
plaintext: String,
key: String,
key_encoding: Option<String>,
output_field: String,
},
AesDecrypt {
ciphertext_field: String,
key: String,
key_encoding: Option<String>,
output_field: String,
},
UuidGenerate {
output_field: String,
},
TotpGenerate {
secret: String,
digits: Option<u32>,
period: Option<u64>,
algorithm: Option<String>,
output_field: String,
},
TotpVerify {
code: String,
secret: String,
digits: Option<u32>,
period: Option<u64>,
algorithm: Option<String>,
skew: Option<u8>,
output_field: String,
},
Base64Encode {
input: String,
url_safe: Option<bool>,
output_field: String,
},
Base64Decode {
input: String,
url_safe: Option<bool>,
output_field: String,
},
HexEncode {
input: String,
output_field: String,
},
HexDecode {
input: String,
output_field: String,
},
Slugify {
input: String,
output_field: String,
},
IdempotencyClaim {
key: String,
ttl_secs: u64,
output_field: String,
},
RateLimit {
key: String,
limit: u64,
window_secs: u64,
on_exceed: Option<String>,
output_field: String,
},
LockAcquire {
key: String,
ttl_secs: u64,
output_field: String,
},
LockRelease {
key: String,
token: String,
output_field: String,
},
TryCatch {
try_functions: Vec<Box<Function>>,
catch_functions: Vec<Box<Function>>,
output_error_field: Option<String>,
},
Parallel {
functions: Vec<Box<Function>>,
wait_for_all: bool,
},
Sleep {
duration_ms: Value,
},
Return {
fields: HashMap<String, Value>,
status_code: Option<u16>,
},
Validate {
schema: Value,
data_field: String,
on_error: Option<Vec<Box<Function>>>,
},
}Expand description
Function step in a pipeline
Variants§
FindAll
Find all records in collection
Query
Query records with advanced options
Fields
sort: Option<Vec<SortFieldConfig>>Project
Project specific fields
Group
Group records with functions
Count
Count records
FindById
Find record by ID
FindOne
Find one record by key/value
Insert
Insert a record
Update
Update records matching filter
Fields
UpdateById
Update record by ID
Fields
FindOneAndUpdate
Find one record and update atomically
Fields
UpdateWithAction
Update with actions (increment/decrement)
Delete
Delete records matching filter
DeleteById
Delete record by ID
BatchInsert
Batch insert records
BatchDelete
Batch delete records
HttpRequest
HTTP request
Fields
VectorSearch
Vector search
TextSearch
Text search
Fields
HybridSearch
Hybrid search (text + vector)
Chat
AI Chat completion
Fields
messages: Vec<ChatMessage>Embed
Generate embeddings for field in records
If
Conditional execution
Fields
condition: FunctionConditionForEach
For each record, execute Functions
CallFunction
Call a saved UserFunction by label
CreateSavepoint
Create a savepoint for partial rollback
RollbackToSavepoint
Rollback to a specific savepoint
ReleaseSavepoint
Release a savepoint (no longer needed)
KvGet
Get a value from the KV store Returns {value: } on hit, {value: null} on miss
KvSet
Set a value in the KV store
KvDelete
Delete a key from the KV store
KvExists
Check if a key exists in the KV store
KvQuery
Query the KV store with a pattern
SWR
SWR (Stale-While-Revalidate) pattern for external API caching Automatically handles: KV cache check → HTTP request → KV cache set → optional audit storage
Fields
BcryptHash
Bcrypt-hash a plaintext value and write the result onto every
record in the working data (creates a single result record if the
working set is empty). Use in a compound users_register function.
Requires ekoDB >= 0.41.0.
Fields
BcryptVerify
Verify a plaintext against a bcrypt hash stored on the first
record in the working data; writes a boolean result into
output_field. Pair with an If stage for login flows.
Requires ekoDB >= 0.41.0.
Fields
RandomToken
Generate a cryptographically-random token and add it to every record in the working data. Requires ekoDB >= 0.41.0.
Fields
JwtSign
Sign a JWT and write the resulting token to every working
record. claims is the payload; iat and exp are
auto-stamped when expires_in_secs is set. Pair with
BcryptVerify to issue a session token after login. Use
"{{env.JWT_SECRET}}" for secret so the LLM never sees
the operator-owned signing key. Requires ekoDB >= 0.42.0.
Fields
JwtVerify
Verify a JWT held in token_field on the first working
record. On success, writes the decoded claims object into
output_field. On failure (invalid signature, malformed,
expired, missing token), writes null. Branch with
If { FieldEquals { field: output_field, value: null } } to
reject. Requires ekoDB >= 0.42.0.
Fields
EmailSend
Send a transactional email through a provider’s REST API.
Today only provider = "sendgrid" is supported. Pull the
API key from {{env.SENDGRID_API_KEY}} so the LLM never
sees the operator-owned secret. Result envelope
{provider_status, provider_message, provider} is written
to output_field (defaults to "email_send").
Requires ekoDB >= 0.42.0.
Fields
HmacSign
HMAC-SHA256/384/512 message authentication. Pair with
HmacVerify for inbound webhook signing or pre-signed URL
generation. Requires ekoDB >= 0.42.0.
Fields
HmacVerify
HMAC verification (constant-time). Writes a boolean.
Fields
AesEncrypt
AES-256-GCM authenticated encryption. Writes
{ciphertext, nonce} (both base64) to output_field.
AesDecrypt
AES-256-GCM authenticated decryption. Reads the envelope
from ciphertext_field, writes the recovered plaintext or
null (fail-closed).
UuidGenerate
Generate a v4 UUID into output_field.
TotpGenerate
Generate a TOTP code (RFC 6238) from a base32 secret.
Fields
TotpVerify
Verify a user-submitted TOTP code; tolerates skew
time-steps either side (default 1).
Fields
Base64Encode
Base64 encode (url_safe = Some(true) for URL-safe / no-pad).
Base64Decode
Base64 decode → UTF-8 string. Fail-closed.
HexEncode
Hex encode (lowercase).
HexDecode
Hex decode → UTF-8 string. Fail-closed.
Slugify
URL-friendly slug.
IdempotencyClaim
Idempotency-key claim. Atomically claims the key (KV SETNX
with TTL); on first call writes {claimed: true, key}, on
replay writes {claimed: false, key, response}.
Requires ekoDB >= 0.42.0.
RateLimit
Fixed-window rate-limit gate. Increments a counter under
rate:<key>:<window-floor>; over-limit either errors
(on_exceed = "fail", default) or writes allowed: false
(on_exceed = "skip").
LockAcquire
Distributed-lock acquire (token-fenced). On success writes
{acquired: true, token}; pass that token to LockRelease.
LockRelease
Distributed-lock release; only deletes the key when the
stored token matches token (prevents foreign release).
TryCatch
Try/Catch error handling for graceful failure recovery. Executes try_functions, and if any fail, executes catch_functions.
Fields
Parallel
Execute multiple functions in parallel (concurrently). All functions run simultaneously, results are merged.
Sleep
Sleep/delay execution for rate limiting or timing control.
Return
Return a shaped response (final output formatting). Constructs the final response object from current execution context.
Validate
Validate data against a JSON schema before processing.