Cosantoir Docs
Developer DashboardStart integrating
Browse Documentation

Foundation

Getting Started

IntroductionQuickstartArchitectureTroubleshootingDeployment Models

Platform

Frameworks (SDK)

Next.jsExpressHonoBunDenoNestJSSvelteKitAstroFastifyNode.jsNuxtGoRustPython + FastAPIPython + FlaskReact Router & RemixSolid StartKoaAdonisJSElysia

Capabilities

Blueprints

Signup Abuse ProtectionGlobal Rate LimitingBot Fingerprinting

Product

Core Platform

Web AppDashboardSync CenterAccount Security

Developers

Developer Tools

CLISDKsMCP

API Reference

OverviewAuthenticationErrorsRate LimitsIntegrations API

Guides

Slack AutomationPagerDuty EscalationWebhook AutomationPolicy Profiles

Operations

Operations

Deployment ChecklistMonitoringIncident ResponseBackup and Restore

Business

Billing and Plans

Pricing OverviewInvoices and RefundsEnterprise Contracts
On This Page
Bootstrap the operatorRun live probesConfig and stateAudit laneFit with dashboard
Developer Tools@cosantoir/cliCredential persistence

The terminal lane should issue state, probe live traffic, and leave a telemetry trail you can trust.

The CLI in this repo already owns four jobs: login and config persistence, IP and email probes, WAF request evaluation, and an audit pass that reads recorded telemetry.

probe commands

3

IP, email, and WAF evaluations all run against the same core client.

state files

2

The CLI stores config in `~/.cosantoir` and appends telemetry to `~/.cosantoir/telemetry.jsonl`.

audit lane

1

The `audit` command summarizes recent activity using the configured OpenAI key.

cosantoir logineval ipeval emaileval waftelemetry.jsonlaudit --modelcosantoir logineval ipeval emaileval waftelemetry.jsonlaudit --model

Session bootstrap

Bootstrap the operator

Start by writing one known-good config instead of exporting temporary variables in every shell.

Persist API key, active site id, and base URL to `~/.cosantoir`.

Fall back to `COSANTOIR_API_KEY`, `COSANTOIR_GATEWAY_URL`, and `COSANTOIR_SITE_ID` if the file is missing.

Carry `OPENAI_API_KEY` through the same config path for the audit lane.

Command

Write the active operator context

bash
01cosantoir login \
02  --api-key dp_live_example \
03  --site-id site_prod_web \
04  --base-url http://localhost:4000

Config file

Persisted shape in ~/.cosantoir

json
01{
02  "apiKey": "dp_live_example",
03  "siteId": "site_prod_web",
04  "openaiKey": "sk-...",
05  "baseUrl": "http://localhost:4000"
06}

Fast investigation

Run live probes

Probe the most useful evaluator surfaces from the terminal before you escalate into broader debugging.

Probe pack

Core CLI request checks

bash
01cosantoir eval ip 198.51.100.24
02cosantoir eval email founder@example.com
03cosantoir eval waf 198.51.100.24 POST /signup
Each command uses the same stored config and the same underlying `@cosantoir/node` client.

IP lookup

Pull geography, network, and abuse posture without writing temporary code.

Email validation

Check disposable or suspicious sign-up addresses from the shell.

WAF probe

Simulate a request path directly against the runtime evaluator before the app surface gets blamed.

Persistent state

Config and state

The CLI becomes useful once it leaves behind inspectable state instead of ephemeral output.

Config

`~/.cosantoir`

JSON config holds API key, site id, base URL, and optional OpenAI key.

Telemetry

`telemetry.jsonl`

Every eval command appends a line so the audit lane has a real local history.

Fallback

Environment-first recovery

If config is missing, the CLI reconstructs state from the standard runtime env vars.

Recorded trail

Telemetry log shape

jsonl
01{"timestamp":"2026-03-24T13:02:10.000Z","source":"cli","action":"lookup_ip","ip":"198.51.100.24"}
02{"timestamp":"2026-03-24T13:03:18.000Z","source":"cli","action":"evaluate_waf","path":"/signup","result":"allow"}

Telemetry synthesis

Audit lane

The audit command reads recent CLI and MCP activity, then asks the configured OpenAI model to summarize anomalies and propose protection changes.

Requires `OPENAI_API_KEY` in the environment or persisted config.
Reads the most recent telemetry entries from `~/.cosantoir/telemetry.jsonl`.
Outputs a markdown report with anomaly findings and suggested runtime adjustments.

Command

Synthesize recent operator activity

bash
01cosantoir audit --model gpt-4o-mini

Surface choreography

Fit with dashboard

The CLI should narrow the problem quickly, then hand off to the right visual or agent surface only when you need more context than a terminal probe can provide.

Dashboard handoff

Move from probes to analytics

Use the web surface when you need policy editing, site analytics, and broader decision history.

SDK handoff

Move from probes to application code

Use the SDK matrix when the issue is really about wrapper selection or request integration.

MCP handoff

Move from probes to agents

Use MCP when an internal model needs safe tool access to the same runtime surface.

Last updated Mar 24, 2026