Xedge is a Lua development platform built upon the Barracuda App Server. Xedge provides a rapid development environment for edge devices. With Xedge, developers rapidly test and prototype code, bypassing the need for a full compile and deploy cycle. This accelerates the iteration and development process, enhancing productivity.

Xedge essentially transforms your embedded device into a high level operating system, allowing you to run multiple Lua applications simultaneously. With the Xedge IDE, you can develop not only web applications but also connect to IoT cloud service providers using the many IoT protocols supported by the platform. You can have applications running while developing new ones, all at the same time.

Video: How to use the Xedge IDE

The above video shows how to create a web app, open files, and make them sticky in the editor. The video also shows how to start and stop applications. In the video, we are using the Xedge integrated into our online Lua tutorial, and you may immediately test Xedge by navigating to the Lua tutorial: Xedge. With Xedge, you can create and manage any number of Lua (IoT) and LSP (web) applications. In the above video poster, you can see two applications running, indicated by the green color in the left pane. Note that the 'net' file system is a unique network file system that cannot be used without being initialized. See the tutorial Using the NetIO for details.

The Two Xedge Versions:

  1. Xedge for Mako Server - designed for High Level Operating Systems (HLOS)
  2. Xedge standalone - Designed for deep embedded RTOS powered devices

1) Xedge for Mako Server:

When utilizing the Mako Server, Xedge is typically loaded as follows:

mako -l::xedge.zip

To build Xedge for your Mako Server, start by downloading the BAS Resources from the GitHub repository. Once downloaded, go to the 'build' directory. Here, you can run either 'XedgeMako.cmd' for Windows or 'XedgeMako.sh' for Unix-based systems. For an immediate hands-on experience, check out the online Lua tutorial, which features a fully functional Xedge IDE that is ready to go.

2) Xedge standalone (RTOS):

When running standalone on an embedded device, the Xedge Lua application and the web UI are integrated into the firmware, along with an Xedge C application. For firmware build instructions, refer to the Xedge C application documentation. This document outlines the usage of Xedge.

Additionally, we offer an advanced Xedge reference version for the ESP32 microcontroller, known as Xedge32:

Using Xedge

Upon starting Xedge, the left pane displays the File Systems set up by the C code, which may vary depending on the platform Xedge is running on. To use Xedge, you must create an application by navigating into one of the file systems and selecting a directory as the root for the application. You can also create new directories using the file browser. Alternatively, you can choose a deployed Lua application packaged as a ZIP file, but note that the app will be read-only in the IDE. For more information on deploying applications, see the tutorial Xedge Application Deployment: From Installation to Creation.

The tutorial Your First Xedge32 Project is indispensable reading, even for those not interested in the ESP32. It provides valuable insights into effectively using the Xedge IDE.

Creating Xedge Applications

Begin by expanding a file system. Navigate to the destination directory or create a new one using the Context Menu. You can open the Context Menu by right-clicking on a resource or long-pressing using a tablet or phone. Select "New App" in the Context Menu to open the Application Configuration dialog. After creating an application, the left pane tree view refreshes, and your new app appears in the tree view.

Xedge Application Details

.Preload script:
Xedge provides the same .preload script as the Mako Server. See the tutorial Lua Environments for more information on how both Xedge and Mako Server sets up the application environments.

An application in Xedge is a directory or a zip file and comprises one or more Lua programs managed by Xedge. An application can include a .preload file containing Lua code and any number of individual Lua files with the .xlua extension. The .preload file and .xlua files automatically execute when an application starts and automatically stops when the application is turned off.

An application in Xedge can also include web applications. This is possible if the application is 'LSP enabled'. To make an application 'LSP enabled', you need to adjust its settings through the 'Application Configuration' menu. In simpler terms, the 'LSP enabled' setting allows your application to include and manage web applications. This is done through the 'Application Configuration' dialog. We'll delve into the specifics of web applications and 'LSP enabled' applications in detail later.

Every .preload file and .xlua file in an Xedge application runs in its own unique Lua environment. This means they operate separately and independently from each other. However, it's important to note that .xlua files inherit elements from the .preload file. This means that any functions, variables, or libraries defined in the .preload file can be used by the .xlua files. Further, each .preload file inherits from the global environment. This means that any elements defined in the global environment are also accessible to the .preload file and the .xlua files. Think of these environments like a stack of individual sheets, where each sheet represents an environment. The global environment is at the top, the .preload file environment is in the middle, and the .xlua file environments are at the bottom. This relationship is illustrated in figure 1.

Xedge Lua Environments

Figure 1: Applications and individual files managed by Xedge

If you are new to Lua, be sure to check out our online Lua scope tutorial. It provides a concise, comprehensive introduction to Lua environments.

The .xlua files are the cornerstones of the Lua REPL. Each running .xlua file should be considered as an independent program. Saving this file terminates any previous version, and the new version is loaded and executed. By separating Lua into individual programs, developers can work on one program while having separate programs run independently, enabling development in a running system.

An '.xlua' file is typically used to write non visual programs that interact with hardware resources, such as GPIO, or to operate as an MQTT client. However, it's not designed for creating web applications (visual applications).

Web Applications:

If you want to design web applications in Xedge, you'll need to use the 'LSP' (Lua Server Pages) feature. This requires enabling 'LSP' for your application, which you can do via the application configuration dialog.

An 'LSP-enabled' application contains files with the '.lsp' extension. Usually, there will be a file called 'index.lsp' in the root directory of the application, which serves as the entry point for your web application.

While '.lsp' pages can access the environment established by the '.preload' file, they do not inherit any elements from it, unlike '.xlua' files. To better understand how '.lsp' pages operate and interact with the rest of the application, please refer to the Command Environment section."

Lua REPL and Hardware Resources

Xedge has been specifically designed to enable rapid teardown and recreation of Lua programs, facilitating swift testing and development. The Lua language features a garbage collector that, over time, collects (destroys) any non-referenced Lua code. When restarting a program, the old version is dereferenced and replaced with a new one. However, when dealing with hardware resources, relying on the garbage collector may not be practical, as there might only be one or a very limited set of hardware resources. Generally, hardware resources must be released immediately in a REPL. For this reason, Xedge includes logic that can automatically shut down resources when a program is renewed.

For optimal results, hardware resources should not be declared using the Lua keyword "local" when using the REPL. If you do, ensure that you use the unload handler to release the resource. The unload handler is executed when the program is shut down (or replaced with a new version).

ESP32 example 1, not using the "local" keyword:

pin18 = esp32.gpio(18,"OUT")

ESP32 example 2, using the "local" keyword:

local pin18 = esp32.gpio(18,"OUT")

function onunload()

The above considerations apply to any resource, not just hardware resources, when using the REPL.

The Xedge Virtual File System

The Xedge UI is a Single Page Application (SPA) that primarily interacts with the Xedge server-side application through a virtualized file system. You can directly access this file system by navigating to http://device-address/rtl/apps/. figure 2 below shows the Web File Manager and the Windows File Explorer (mapped as a WebDAV drive). When using the Web File Manager or WebDAV, it is not possible to visually distinguish applications from file systems. You can directly access the files using any editor when the device is mapped as a WebDAV drive. For instance, saving an .xlua file using an external editor will trigger the logic for running the file on the server side.

Xedge Lua Environments

figure 2: Accessing the Xedge virtual file system.

Check the WebDAV product page if you are new to WebDAV.

Xedge API

Xedge extends the API provided by the Barracuda App Server with a few additional APIs. Additionally, the Xedge ESP32 reference version Xedge32 extends Xedge with a wealth of HW APIs.

The global xedge object includes many functions and objects. All of them should be considered private, except for the ones listed below.


A variable extracted from C code and presented as seconds since January 1, 1970.


Initializes a Lua code loader to enable the dynamic loading of Lua modules from within the application, specifically from a ".lua" sub-directory at the application's root directory. This function extends Lua's package loading mechanism by adding a custom loader to the package.cpath array, where Lua stores its module loaders. See Lua modules for details.

To facilitate the loading of Lua script modules from within your application, add the following line at the beginning of your application's .preload script:

xedge.createloader(io) -- io is the application's pre-defined IO interface

The loader is designed to function irrespective of the application's deployment state, supporting both deployed (ZIP) and non-deployed (directory) formats, ensuring flexibility across different deployment scenarios.

Note: Once a module is loaded using the require function, it remains in memory for the duration of the application's runtime. Restarting the application does not reload the module if its code has been modified. The following approach can be used to reload a module manually:

package.loaded["moduleName"] = nil

Replace "moduleName" with the actual name of your module. This command clears the previously loaded module, allowing "require" to reload it upon the following invocation.

xedge.elog(op, formatstring, ...)

Functions elog and eflush are enabled if the SMTP settings have been configured. Function elog either appends to the internal message queue or flushes the queue after 30 seconds if the option table includes the attribute flush set to true. Function eflush sets flush to true and immediately flushes the message queue by sending an email.

The option table op may include:

Note: When a browser is connected to the Xedge IDE, calling xedge.elog() has the same effect as calling xedge.log(). In other words, no email is sent or buffered, thus calling xedge.eflush() has no effect.

xedge.ha1(name, password [, realm])

Calculates and returns the MD5 HA1 digest. The realm defaults to 'Xedge' if not set.

xedge.log(formatstring, ...)

Send a message to the trace buffer, using priority 5, with the following prepended: 'Xedge:'.


The virtual file system used by Xedge provides the same API as the Barracuda App Server's IO Interface.

xedge.event(event, cb [, remove])

Xedge.event() serves as a messaging distribution handler. To subscribe to an events, install a callback function. To remove the callback, call the function with the same parameters and set the third argument to true.

To trigger an event, invoke the global function _XedgeEvent(event, ...). The first parameter must specify the event name. The _XedgeEvent() function is primarily designed for being called from C code, offering an efficient and straightforward approach to transmitting events to Lua code. For more details, consult the Xedge C application documentation. Additionally, see Xedge32 for information on how the C code generates events for the ESP32.

Note: The Xedge event mechanism uses an instance of the EventEmitter, and function _XedgeEvent() sets the retain flag on all events received.

Internally, Xedge creates an event when Lua code crashes, allowing you to implement logic that reboots the system if any of your scripts fail during runtime. The following example demonstrates how to design an event function that restarts the system in case your scripts experience runtime failures.

local function errEvent(emsg)
   -- arg1 is the error message, but it is already in the log buffer if SMTP is enabled
   xedge.eflush{subject="The code crashed"} -- Flush email with error message immediately
      ba.sleep(5000) -- Give SMTP time to send error message
      -- Call a Lua binding that reboots the system; the following works for ESP32

xedge.event("error",errEvent) -- Subscribe
xedge.sendmail(options [, cb])

Send email messages using the SMTP client library. The options argument is the same as the options argument used by the function mail:send(options); however, no instance needs to be created and no options need to be set when calling xedge.sendmail() if you have configured the Xedge SMTP settings. Calling xedge.sendmail() with an empty options table sends a test email to the email address configured in the Xedge SMTP settings. You typically call this function with the following options: to, subject, txtbody or htmlbody. The optional callback is called when the email has been sent or sending it failed. The callback receives two arguments (ok, err).

OTA and App Management

In the following app management functions, the name argument is either the name of the application as shown in the Xedge IDE or the path (URL) to the app, e.g., disk/test/myapp.zip.


Returns the configuration table if the zip file includes a .config script. The optional .config script is explained in the tutorial Mastering Xedge Application Deployment.


This function is designed to upgrade a deployed application packaged as a zip file. To use this function, replace the existing zip file with the new zip file before calling this function. The function stops the existing application if it is running and restarts the app using the latest zip file if the app is running. You can set forcerestart to true to force the application to start. Setting this argument to true saves the auto start and running state in the xedge.conf file and make sure the app auto starts at reboot.

This function also executes the upgrade√ā¬†function before starting the new app if the zip file includes a .config script and the table returned by .config includes the upgrade function, as explained in the Mastering Xedge Application Deployment tutorial. All other table fields are ignored.


Stop the application if it is running. Set the second argument to true if you want the app state to be saved in xedge.conf.


Start the application if it is not running. Set the second argument to true if you want the app state to be saved in xedge.conf.


You can access the configuration menu by clicking the 3 dots located in the top-right corner of the interface.

SMTP Settings

By enabling the SMTP settings, Xedge gains the ability to send crucial information via email. One notable feature includes reporting Lua exceptions. In case one of your Lua programs crashes, a detailed message will be sent to your email address. SMTP settings also enable the xedge.elog() function, allowing you to send messages through email. Keep in mind that, unless it's an emergency with the flush attribute set, messages are accumulated and sent in bulk either when the maximum size or time limit is reached. Note that email messaging is automatically disabled when the Xedge browser UI is connected to an Xedge device.

See the tutorial How to Send Emails with the Xedge IDE for a step-by-step guide to configuring the SMTP settings.

Automatic Certificate Management Environment (ACME)

Xedge simplifies installing and updating X.509 certificates, making it an easy-to-use solution for private network (LAN) deployments. This feature ensures that your browser remains warning-free when you access your Xedge device using an HTTPS address.

As shown in the above slideshow video, activating the Automatic Certificate Management Environment (ACME) feature is straightforward. Simply input a valid email address and choose a name for your device. Your email address will be sent to the Let's Encrypt Certificate Authority, while the device name you select becomes part of your fully qualified domain name, following the format: [name-selected].x.realtimelogic.com.

Xedge might recommend a unique name based on its configuration. For instance, a name like '4358f4' could be automatically generated, drawing from the lower 3 bytes of the MAC address. Feel free to choose any name, but be aware that already-used names will result in an error message.

Note that activating the automatic certificate management feature may take up to 3 minutes to become fully operational.

Elliptic Curve Cryptography Keys & soft Trusted Platform Module

When ACME is enabled through the user interface, it utilizes an integrated soft Trusted Platform Module (TPM). This module generates Elliptic Curve Cryptography (ECC) keys, which are never stored in plaintext. Instead, key attributes like the ECC curve type are saved in a key file on the disk. These attributes allow Xedge to regenerate the keys upon each startup. For a more detailed insight into this process, refer to the TPM section in Xedge's C code documentation.

Advanced Configuration with Lua

ACME can be configured programmatically for those who prefer a more hands-on approach using Lua. The ACME user interface, as shown in the above figure, interacts with two Lua modules: acme/bot and acme/dns. Both Lua modules are integral to the Mako Server and included in Xedge. Detailed documentation for these modules can be found in the Mako Server documentation.

Domain Name and Professional Use

It's important to note that x.realtimelogic.com is a test portal for SharkTrustX, suitable for testing and home use. However, for professional applications, setting up a dedicated portal is recommended. For more information on this, please refer to the SharkTrustX product page.

ACME References:

Reverse Connection

The Reverse Connection feature, included in the Let's Encrypt plugin, allows remote access to your Xedge via the SharkTrustX demo portal. This feature requires activation of the Automatic Certificate Management. You can easily enable or disable the remote connection at any time without the need to click the save button after toggling the Reverse Connection switch. See SharkTrustX for details.


Xedge supports both local user accounts and Single Sign-On (SSO). To open the Authentication Settings, click the 3 dots, followed by clicking on Authentication.

Note that installing an authenticator complicates the use of the Web File Manager and the WebDAV server. When an authenticator is installed, you must first log in to Xedge at the URL http://device-address/rtl/. After that, you can navigate to http://device-address/rtl/apps/. To use WebDAV, log in using your browser, navigate to the Web File Manager, and click the Session URL button, which generates a unique URL with an included token. Use this URL when mapping the WebDAV drive.

Local Users

You can create multiple local users. To add a new user, input the desired username and password. To remove an existing user, enter the username and leave the password field empty.

Single Sign-On (SSO)

SSO is a user authentication process that enables users to access multiple applications with just one set of login credentials.

If you are new to SSO, be sure to check out the Single Sign-On tutorial. It provides an introduction to using SSO with Xedge.

Xedge supports Azure AD SSO, a feature in Azure Active Directory that simplifies user access to multiple applications using a single set of credentials. To set up users, they must be part of the organization's Azure AD tenant, with appropriate roles and permissions assigned to access the desired applications. Configuring SSO involves registering the applications, defining user access, and managing authentication settings in the Azure portal.

Azure AD offers a free tier called "Azure Active Directory Free" with basic features that can support smaller-scale use, such as for personal or family purposes. To get started, you need to sign up for a free Microsoft Azure account and create an Azure AD tenant. Then, you can invite your friends as users in your tenant and configure access to applications using Azure AD and SSO.

After signing up for Azure AD, create the required SSO settings as follows:

  1. Open the Azure portal and click on the Azure Active Directory icon.
  2. In the left pane, click on App registrations.
  3. At the top of the page, click on + New registration.
  4. Enter a suitable name for your application.
  5. In most cases, the account type should be set to Single tenant.
  6. Click on Select a platform and choose Web.
  7. For the redirect URI, include all relevant sites, such as test sites. The redirect URI must be http(s)://name/rtl/login/. For example, if you are setting this up for testing purposes, enter the URLs http://localhost/rtl/login/ and https://localhost/rtl/login/.
  8. Click on Register at the bottom of the page.
  9. On the following page, make sure to copy and save both the Application (client) ID and Directory (tenant) ID.
  10. Navigate to Client credentials and click on Add a certificate or secret.
  11. Click on + New client secret.
  12. Provide a name for your client secret.
  13. Choose a suitable expiration date for the secret.
  14. Click on Add at the bottom of the page.
  15. Finally, copy the client secret Value immediately, as you will not be able to see this value again.
  16. Copy Directory (tenant) ID, Application (client) ID, and client secret Value, and insert into the authentication dialog.

After completing the above instructions, you can grant individual users within the organization access to the application by following these steps:

  1. In the Azure portal, click on the Azure Active Directory icon.
  2. In the left pane, click on Enterprise applications.
  3. Search for and select the application you just registered in the application list.
  4. Click on the Users and groups tab in the application's Overview page.
  5. Click on the + Add user button, located above the users list.
  6. In the Add Assignment panel, click on the Users and groups field.
  7. Search for and select the individual users you want to grant access to the application. You can select multiple users by clicking on the checkboxes next to their names.
  8. Once you've selected all the users you want to grant access to, click on the Select button at the bottom of the panel.
  9. Optionally, you can assign a specific role to the users by selecting it from the Role dropdown menu. If no roles are defined for the application, users will be assigned the default access.
  10. Click on the Assign button at the bottom of the panel to grant the selected users access to the application.