cPod SDK
cPod is an enterprise data platform built around a unified, graph-connected Enterprise Data Model (EDM). The cPod SDK is the typed access layer for that platform — available in TypeScript, Python, Go, and .NET.
Every SDK call is authenticated, authorized, and audited by the platform’s security layer automatically. You write business logic; cPod handles identity, policy enforcement, PII masking, and audit trails.
What You Can Do
| Domain | SDK service | What it gives you |
|---|---|---|
| People | sdk.people | Person and Group records from the EDM |
| Technology | sdk.technology | TechnologyAsset, AccessEntitlement |
| Licenses | sdk.licenses | SoftwareLicense, LicenseAssignment |
| Assets | sdk.assets | PhysicalAsset, CloudResource |
| Risk & Compliance | sdk.risk | Vulnerability, ComplianceControl, RiskItem |
| Relationships | sdk.relationships | Cross-domain graph edges |
| Skills | sdk.skills | Execute platform skills |
| Workflows | sdk.workflows | Orchestrate multi-step operations |
| Files | sdk.files | Managed file storage |
Quick Start
npm install @cpod/sdkimport { CpodClient } from '@cpod/sdk'
const sdk = CpodClient.fromEnv()
// CPOD_API_KEY=cpod_xxxxxxxxxxxxxxxxxxxx
// CPOD_BASE_URL=https://api.yourdomain.com (optional)
const people = await sdk.people.list({ limit: 20 })
console.log(people.items)The SDK manages OAuth tokens automatically — it fetches, caches, and refreshes them transparently using your CPOD_CLIENT_ID and CPOD_CLIENT_SECRET.
How Authentication Works
Your App → REST (Bearer <jwt>) → cpod-backend → gRPC [::1]:50051 → CoreSDK SidecarThe platform’s auth layer (CoreSDK) is a Rust security sidecar that runs alongside cpod-backend. It handles:
- OAuth 2.0 — token issuance, scope enforcement, PKCE flows
- Policy — per-tenant Rego/OPA rules evaluated on every request
- Audit — hash-chained tamper-evident log of every auth decision
- PII masking — automatic masking of sensitive fields before storage
Your app never calls CoreSDK directly. The SDK talks REST to cpod-backend, which proxies all auth decisions internally.
The sidecar is invisible to SDK consumers. You set CPOD_API_URL, CPOD_CLIENT_ID, and CPOD_CLIENT_SECRET. Everything else — token validation, Rego policy, audit — happens inside the platform.
Enterprise Data Model
The EDM is a graph-connected schema that spans your entire organization. Entities across domains are linked via typed Relationship edges, enabling queries like:
- Which people have access to which technology assets?
- Which licenses are assigned to which persons in which group?
- Which cloud resources are affected by which vulnerabilities?
All SDK types derive from the canonical EDM schemas (JSON Schema Draft 2020-12). The TypeScript SDK generates types first; Python, Go, and .NET types derive from the same definitions.
What’s Available
The table below shows coverage across all four SDK languages, docs, and the local emulator.
| Feature | TypeScript | Python | Go | .NET | Docs | Emulator |
|---|---|---|---|---|---|---|
| EDM: People | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| EDM: Groups | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| EDM: Technology Assets | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| EDM: Access Entitlements | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| EDM: Software Licenses | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| EDM: Physical Assets | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| EDM: Cloud Resources | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| EDM: Vulnerabilities | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| EDM: Compliance Controls | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| EDM: Risk Items | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| EDM: Relationships | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| EDM: Data Sources | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Storage: Files | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Storage: Document DB | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Storage: Key-Value | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Platform: Skills | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Platform: Workflows | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Platform: Jobs | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Platform: PII Masking | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Platform: Audit | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Platform: Feature Flags | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Platform: Secrets | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |