Run the App Node

Start the MDK App Node programmatically, as a standalone process, or connected to a remote ORK over HRPC

Overview

This guide covers three ways to run the App Node: programmatically via startAppNode() (the standard production path), connected to a remote ORK over HRPC (cross-host deployments), and as a standalone process from the source tree (for contributors).

If App Node, ORK, or plugin are unfamiliar, read terminology first. For a deeper explanation of what the App Node owns and how it connects to ORK, read the App Node concept page.

Prerequisites

Node.js >=24 (LTS)
npm >=11
Commands are run from the repository root
An ORK instance running and reachable, or orkIpc: false to start without a live ORK (development only)

Programmatic path

Most teams embed startAppNode() in their own Node.js application rather than running the App Node as a separate process. This is the standard production path.

1.1 Development (no auth)

Use noAuth: true during local development to skip the JWT requirement:

const { getOrk, startAppNode } = require('@tetherto/mdk')

const ork = await getOrk()
const server = await startAppNode({ ork, port: 3000, noAuth: true })
// HTTP server is up at http://localhost:3000

noAuth: true disables JWT validation on all routes. Never use this in production.

1.2 Production (OAuth2)

Pass an auth block to enable OAuth2. Google and Microsoft providers are built in:

const { getOrk, startAppNode } = require('@tetherto/mdk')

const ork = await getOrk()
const server = await startAppNode({
  ork,
  port: 3000,
  auth: {
    h0: {
      method: 'google',
      credentials: { client: { id: 'YOUR_CLIENT_ID', secret: 'YOUR_CLIENT_SECRET' } },
      users: ['admin@example.com']
    }
  }
})

Replace the users array with the email addresses that should have access. A copy of the full OAuth2 config format ships in backend/core/app-node/config/facs/httpd-oauth2.config.json.example. The generated httpd-oauth2.config.json (written to opts.root/config/facs/ on first start) persists your settings across restarts — edit that file rather than the code.

The full configuration reference, including all startAppNode() options, is in the App Node API reference.

Cross-host path (HRPC)

Use this path when ORK runs on a separate host. Pass the ORK HRPC gateway public key to startAppNode() instead of an ORK instance. The HRPC transport is selected automatically and IPC is disabled.

2.1 Obtain the ORK gateway key

On the host running ORK, start ORK and print its public key:

const { getOrk } = require('@tetherto/mdk')

const ork = await getOrk()
console.log('ORK gateway key:', ork.getPublicKey().toString('hex'))

Share that hex string with the App Node host.

2.2 Start the App Node with `orkKey`

const { startAppNode } = require('@tetherto/mdk')

const server = await startAppNode({
  orkKey: '<ork-gateway-pubkey-hex>',
  port: 3000,
  noAuth: true   // replace with auth config for production
})

Pre v1.0, ORK's auth.whitelist defaults to empty and admits any HRPC caller. For production deployments, add the App Node's DHT public key to ORK's allowlist — see the App Node concept page and opts.orkKey reference.

Standalone path

To run the App Node directly from the source tree without embedding it:

cd backend/core/app-node
npm install
npm run dev

For production mode:

npm start

The standalone path is intended for contributors working on the App Node itself. For application development, embed startAppNode() in your own project rather than running it standalone.

Next steps

Add routes with the plugin system
Review all configuration options
Understand the extension model, auth design, and ORK connection
Choose a deployment shape

Run the App Node

On this page