Use Examples
Examples show Caracal integrated into concrete applications and automation scripts. Use them after the first tutorials when you want runnable code that matches a specific integration job.
Choose an example
Section titled “Choose an example”| Goal | Start here | Code path |
|---|---|---|
| Need a local protected target for the first Gateway call. | Run Echo Upstream | examples/echoUpstream |
| Want to automate zone setup from a script or pipeline through the Control API. | Bootstrap Control State | examples/controlBootstrap |
| Need to prove a provider-backed resource is ready. | Check Provider Readiness | examples/providerPreflight |
| Need to turn a denial into a safe policy fix. | Iterate Policy Safely | examples/policyIterate |
| Want to launch a plain CLI agent with injected provider credentials. | Launch Research Agent | examples/ResearchAgent |
| Want a full app reference lab with agents, providers, Gateway, STS, and Console inspection. | Run Lynx Capital | examples/lynxCapital |
Recommended order
Section titled “Recommended order”- Start with Run Echo Upstream if you have not completed a Gateway-mediated request yet.
- Use Bootstrap Control State when automation should own zone setup instead of manual Console clicks.
- Run Check Provider Readiness before the first real provider-backed Gateway call.
- Use Iterate Policy Safely when an audit denial needs to become a tested policy change.
- Try Launch Research Agent to see
caracal runinject provider-native credentials into an existing-style CLI process. - Study Run Lynx Capital when you need a full app topology and live Console inspection path.
Use examples safely
Section titled “Use examples safely”- Start Caracal through the released runtime and Console path described by the example.
- Use Console for zones, applications, providers, resources, policies, control keys, and runtime profiles.
- Keep example fixtures inside their own
examples/<name>directory. - Run each example’s offline tests before adapting it.
- Do not commit provider secrets, admin tokens, or real third-party credentials.

