DotBoxD
Source-generated, contract-first .NET extension runtime. One C# contract, used three ways — all driven by Roslyn source generators, with no runtime reflection on the hot path.
The three ways to use one contract
| Mode | What it does | Start here |
|---|---|---|
| Services | The host implements a contract; clients call it remotely over RPC. | Tutorial › |
| Kernels | A client supplies validated logic (e.g. a Where/Select event filter) the host runs safely inside a fuel-metered sandbox. |
Tutorial › |
| Pushdown | A plugin ships its own sandboxed batch operation that runs server-side, collapsing N round-trips into one. | Tutorial › |
The Services and channel libraries target netstandard2.1, so they run on Unity / IL2CPP.
The Kernels and Pushdown stack targets net10.0.
Install
# Full net10.0 stack (Services + Kernels + Pushdown):
dotnet add package DotBoxD --prerelease
# Unity / netstandard2.1 service bundle:
dotnet add package DotBoxD.Services.All --prerelease
Then follow Getting started or jump straight into a Tutorial.
Explore the docs
- 📘 Guide — concepts (Services, Kernels, Pushdown, the runtime), security model, and reference (diagnostics, schemas).
- 🎓 Tutorials — end-to-end walkthroughs: your first service, event pipelines with
RunLocal, and a pushdown server extension. - 🧩 Examples — an annotated tour of the maintained GameServer sample.
- 🔎 API reference — generated from the source of every published package.
Security in one line
Safe mode is the real boundary: a kernel is restricted IR that is validated, capability-gated,
fuel/quota-metered, and (for compiled mode) verified before it runs — consumers never supply C#, IL,
or arbitrary host calls. Trusted-plugin mode (AssemblyLoadContext) is not a sandbox. Read
Sandbox caveats before deploying.
DotBoxD merges the former standalone ShaRPC (RPC) and Safe-IR (kernel sandbox) projects into one contract-first runtime. It is MIT licensed.