Choose Your Production Integration Path
Use this bridge after the tutorials. Pick the guide that matches the boundary you will own in production.
Choose by Boundary
Section titled “Choose by Boundary”| If your production path is… | Continue with |
|---|---|
| Route HTTP traffic through Caracal Gateway | Protect a Gateway-Routed HTTP API |
| Add Caracal session and Gateway calls to app code | TypeScript SDK, Python SDK, or Go SDK |
| Protect an Express resource server | Protect an Express App |
| Protect a FastMCP resource server | Protect a FastMCP App |
Protect a Go net/http resource server | Protect a Go net/http Service |
| Protect an MCP server without a dedicated connector | Protect an MCP Server |
| Run an existing CLI or worker under injected runtime tokens | Run an Agent with caracal run |
| Model zones, apps, resources, and customer boundaries | Model Your Application in Caracal |
| Configure provider credentials or OAuth | Define Resources and Providers and Provider Recipes |
| Debug denies or unexpected allows | Debug Authorization Decisions |
| Delegate work between agents | Implement Multi-Agent Delegation |
| Export or query audit evidence | Tail and Query the Audit Stream |
| Require fresh proof for sensitive actions | Step-Up Re-Authentication |
Choose by Team Role
Section titled “Choose by Team Role”| Role | Start with |
|---|---|
| App engineer | SDK guide for your language, then Gateway or connector guide. |
| Platform engineer | Production Integration Patterns, then operations pages. |
| Security reviewer | Debug Authorization Decisions, Audit and Request Traces, and Review the Threat Model. |
| Policy owner | Author Policy Data and Activate a Policy Set. |
Next Step
Section titled “Next Step”Open Guides and follow the path that matches your boundary.