Enterprise Data Model
The cPod Enterprise Data Model (EDM) is a unified, graph-connected schema that represents the entities your organisation cares about — people, technology assets, software licences, physical hardware, cloud resources, risk findings, and the relationships between them.
Every SDK exposes each domain as a first-class namespace (sdk.people, sdk.technology, …). All domains share the same conventions: list, get, create, update, delete, and search.
All EDM schemas conform to JSON Schema Draft 2020-12 with additionalProperties: false. Fields not in the schema are rejected at ingest time.
Domains at a Glance
| Domain | SDK namespace | Core entities |
|---|---|---|
| People | sdk.people | Person |
| Groups | sdk.groups | Group, membership |
| Technology | sdk.technology | TechnologyAsset, AccessEntitlement |
| Licenses | sdk.licenses | SoftwareLicense, LicenseAssignment |
| Assets | sdk.assets | PhysicalAsset, CloudResource |
| Risk & Compliance | sdk.risk | Vulnerability, ComplianceControl, RiskItem |
| Relationships | sdk.relationships | Relationship |
| Data Sources | sdk.dataSources | DataSource |
Common Conventions
Entity IDs
Every entity carries a prefixed ID that encodes its type:
| Prefix | Entity |
|---|---|
per- | Person |
grp- | Group |
tas- | TechnologyAsset |
ent- | AccessEntitlement |
lic- | SoftwareLicense |
asg- | LicenseAssignment |
phy- | PhysicalAsset |
cld- | CloudResource |
vul- | Vulnerability |
ctl- | ComplianceControl |
rsk- | RiskItem |
rel- | Relationship |
ds- | DataSource |
Pagination
All list operations return a { items, nextCursor, total } envelope. Pass cursor to advance through pages. The default page size is 50; maximum is 500.
Timestamps
All entities include createdAt and updatedAt as ISO 8601 strings (UTC). These are set server-side and cannot be overridden.
Soft Delete
Deleting an entity sets status: 'deleted' and removes it from default list results. Pass { includeDeleted: true } to list to surface deleted records.
Graph Connections
EDM entities are not isolated records — they are nodes in a graph. A Person can be linked to a Group, a TechnologyAsset, a SoftwareLicense, and a Vulnerability through typed Relationship edges. Query these connections through the Relationships domain or via the expand parameter on individual get calls:
const person = await sdk.people.get('per-abc123', {
expand: ['groups', 'licenses', 'vulnerabilities'],
})
// person.groups → Group[]
// person.licenses → LicenseAssignment[]Expanded relations are read-only snapshots. To modify a relation, use the Relationships API directly.