Getting Started
Two paths — pick the one that fits:
| Path | Best for | |
|---|---|---|
| ⚡ | Scaffold with create-cpod-app | New project — get a running app in 60 seconds |
| 🔧 | Manual setup | Adding cPod to an existing codebase |
Scaffold a New App#
One command gives you a complete, running app with OAuth auth, MCP tool registration, and example API routes:
bash
npx create-cpod-app my-appPython/Go/.NET install via the Install the SDK commands below; the emulator is a portal toggle.
Run the scaffolder#
bash
npx create-cpod-app my-appThe guided CLI will ask:
- Template — TypeScript (Node.js) or .NET (C#)
- Description — a short description of your app
- Include example MCP tool + route? — recommended yes
It generates a project in ./my-app/ with everything wired up.
Get your credentials#
You need two things before running the app:
API key — sign in at cyberpod.app/dashboard and copy your API key.
App ID — register your app once with the API:
bash
curl -X POST https://api.cyberpod.app/api/v1/apps/register \
-H "Authorization: Bearer $CPOD_API_KEY" \
-H "Content-Type: application/json" \
-d '{"name": "my-app", "description": "My first cPod app"}'Response:
json
{ "appId": "app_01abc...", "name": "my-app", ... }Save the appId.
Configure environment#
bash
cd my-app
cp .env.example .envEdit .env:
bash
CPOD_API_KEY=your_api_key_here
CPOD_APP_ID=app_01abc...
# Uncomment this to use the local emulator instead of production
# CPOD_API_URL=http://localhost:4000Run your app#
bash
npm install
npm run devServer starts on http://localhost:3000.
bash
dotnet runServer starts on http://localhost:5000.
Verify it works#
bash
# Health check
curl http://localhost:3000/health
# {"status":"ok","timestamp":"..."}
# List people from cPod
curl -H "Authorization: Bearer $CPOD_API_KEY" http://localhost:3000/people
# Call an MCP tool through the proxy
curl -X POST http://localhost:3000/mcp/call \
-H "Content-Type: application/json" \
-d '{"tool":"get_person","arguments":{"id":"per-001"}}'Local development without credentials? Uncomment CPOD_API_URL=http://localhost:4000 in your .env and start the emulator — any Bearer token works, no account needed. See Emulator guide.
What create-cpod-app generates#
TypeScript template#
code
my-app/
├── src/
│ └── index.ts # Fastify app with people endpoint + MCP proxy route
├── package.json # @cpod/sdk, fastify, dotenv
├── tsconfig.json
├── .env.example
└── README.md
The generated src/index.ts:
- Creates a
CpodClientfrom env vars viaCpodClient.fromEnv() - Defines MCP tools and registers them on startup via
client.mcp.register(tools) - Exposes
/health,/people, and/mcp/callroutes - Gracefully skips MCP registration if
CPOD_APP_IDis not set
.NET template#
code
my-app/
├── Program.cs # ASP.NET Minimal API with MCP registration on startup
├── MyApp.csproj # Cpod.SDK, DotNetEnv packages
├── appsettings.json
├── .env.example
└── README.md
The generated Program.cs:
- Registers
CpodClientas a singleton via DI (CpodClient.FromEnv()) - Defines and registers MCP tools on startup
- Exposes
/health,/people, and/mcp/callendpoints
How MCP tools work in the scaffolded app#
The generated app registers a get_person tool on startup:
TypeScript
typescript
// On startup:
await client.mcp.register([
{
name: 'get_person',
endpoint: '/api/v1/people/{id}',
method: 'GET',
inputSchema: { ... }
}
])Python
python
# On startup:
await client.mcp.register([
{
"name": "get_person",
"endpoint": "/api/v1/people/{id}",
"method": "GET",
"input_schema": { ... },
}
])Go
go
// On startup:
_, _ = client.Mcp.Register(ctx, []cpod.McpTool{
{
Name: "get_person",
Endpoint: "/api/v1/people/{id}",
Method: "GET",
InputSchema: map[string]any{ /* ... */ },
},
}).NET
csharp
// On startup:
await client.Mcp.RegisterAsync(new[]
{
new McpTool
{
Name = "get_person",
Endpoint = "/api/v1/people/{id}",
Method = "GET",
InputSchema = new { /* ... */ },
},
});Once registered, any AI agent can invoke this tool through the cPod proxy — even from outside your app:
bash
# Called by Claude, GPT-4, LangChain, or any agent
curl -X POST https://api.cyberpod.app/api/v1/mcp/call \
-H "Authorization: Bearer $AGENT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"tool": "get_person",
"arguments": { "id": "per-001" },
"appId": "'$CPOD_APP_ID'"
}'The platform audits every call, applies PII masking if configured, and resolves secret headers — your app code never sees the raw agent request.
Manual Setup#
Adding cPod to an existing project.
Install the SDK#
bash
npm install @cpod/sdkNode.js 18+. Full TypeScript types included.
bash
pip install cpod-sdkPython 3.9+. Async-first with asyncio.
bash
go get github.com/ZySec-AI/cpod-sdk/sdks/goGo 1.21+
bash
dotnet add package Cpod.SDK.NET 8+
Set environment variables#
Local emulator (no credentials needed):
bash
export CPOD_API_URL=http://localhost:4000
export CPOD_API_KEY=dev-tokenProduction:
bash
export CPOD_API_URL=https://api.cyberpod.app
export CPOD_API_KEY=<bearer-token> # from POST /api/v1/auth/token
export CPOD_APP_ID=<your-app-id> # from POST /api/v1/apps/registerMake your first call#
typescript
import { CpodClient } from '@cpod/sdk'
const client = CpodClient.fromEnv()
const people = await client.people.persons.list({ limit: 5 })
console.log(people.items)python
import asyncio
from cpod import CpodClient
async def main():
client = CpodClient.from_env()
people = await client.people.list(limit=5)
for person in people.items:
print(person.display_name)
asyncio.run(main())go
client, err := cpod.NewFromEnv()
if err != nil { panic(err) }
people, err := client.People.List(context.Background(), nil)
for _, p := range people.Items {
fmt.Println(p.DisplayName)
}csharp
var client = CpodClient.FromEnv();
var people = await client.People.ListAsync(limit: 5);
foreach (var person in people.Items)
Console.WriteLine(person.DisplayName);Environment Variables Reference#
| Variable | Required | Description |
|---|---|---|
CPOD_API_KEY | Yes | Bearer token — any string for emulator, OAuth token for production |
CPOD_API_URL | No | API base URL — defaults to https://api.cyberpod.app |
CPOD_APP_ID | For MCP | App ID from POST /api/v1/apps/register |
CPOD_CLIENT_ID | For OAuth | Same as CPOD_APP_ID — used by getAppToken() |
CPOD_CLIENT_SECRET | For OAuth | Service account secret from credentials rotate endpoint |
CPOD_BASE_URL | No | Alias for CPOD_API_URL (legacy, still supported) |
Never commit .env to source control. Use a secrets manager (Vault, AWS Secrets Manager, Doppler) in production.
Setup Checklist#
Local emulator
-
cd emulator && node src/index.jsstarts without errors -
curl http://localhost:4000/v1/healthreturns{"status":"ok",...} -
CPOD_API_URL=http://localhost:4000andCPOD_API_KEY=dev-tokenare set - First SDK call (
client.people.persons.list()) returns records from seed data
Production
- App registered — have
CPOD_APP_IDfromPOST /api/v1/apps/register - Credentials rotated — have
CPOD_CLIENT_SECRETstored in secrets manager -
POST /api/v1/auth/tokenreturns anaccess_tokenwithout errors -
CPOD_API_URL=https://api.cyberpod.appandCPOD_APP_IDset in deployment env - First SDK call succeeds against production
MCP tools
-
client.mcp.register(tools)completes on startup -
POST /api/v1/mcp/callreturns a result for your tool - Agent can reach your tool via the cPod proxy URL
What's next#
- Authentication — register an app, get service account credentials, OAuth token exchange
- Apps & MCP — full MCP tool reference, AI-first controls, launch checklist
- Agent Authentication — how external agents (Claude, LangChain) call your tools
- Emulator — full emulator reference, seed data, CI usage
- SDK Reference —
client.mcp.*method reference for all 4 languages - Enterprise Data Model — all domains: people, technology, risk, projects, GRC, SOC