Developers / Developer Tooling
Install the Cosantoir CLI, configure runtime credentials, and evaluate production modules from a shell.
Browse Documentation
Foundation
Product
Core Platform
Developers
Developer Tooling
Operations
Business
Billing and Plans
On This Page
No section anchors
# CLI
The @cosantoir/cli package is the operator shell for the same Developer Protection modules exposed by the SDK and backend runtime contract.
## Install
``bash
npm install -D @cosantoir/cli
`
## Configure
`bash
npx cosantoir login \
--api-key dp_live_example
`
The CLI stores local credentials in ~/.cosantoir/config.json. Environment variables still take precedence in CI:
`bash
export COSANTOIR_API_KEY=dp_live_example
`
## Runtime Checks
`bash
npx cosantoir doctor
npx cosantoir doctor --module rate_limit --module waf
npx cosantoir eval ip 203.0.113.24
npx cosantoir eval email security@example.com --user-id user_123
npx cosantoir eval rate-limit 203.0.113.24 --method POST --path /signup --user-id user_123
npx cosantoir eval waf 203.0.113.24 POST /api/login --user-agent 'Mozilla/5.0' --user-id user_123
npx cosantoir eval signup founder@example.com 203.0.113.24 --path /signup --user-id user_123
npx cosantoir eval bot 203.0.113.24 --path /api/chat --user-agent 'curl/8.6.0' --user-id user_123
`
doctor proves the runtime key resolves a site, loads policy, passes production billing gates, and grants the module scopes you plan to call. The eval commands then test specific request decisions. The API key identifies the billable Cosantoir workspace, project, site, environment, and policy. --user-id identifies the customer, tenant, or account that created the event.
Add --json when the command is feeding a release gate, Cloudflare deploy check, or incident script.
## MCP Config
`bash
npx cosantoir mcp config --json
`
Use this output to register the cosantoir-mcp` server with an MCP-compatible client. Keep the runtime API key in the client environment, not in checked-in config.