Labsco
cordum-io logo

Cordum.io

β˜… 487

from cordum-io

The Control Plane for AI Agents

πŸ”₯πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedAccount requiredAdvanced setup

Cordum

Know What Your AI Agents Are Doing. Before They Do It. The Source-Available Agent Control Plane for Governance, Safety, and Trust. Includes Cordum Edge β€” a Compliance Firewall for Claude Code and other local AI-agent actions.

Discord Β· Discussions Β· Docs

The Problem: The Agent Risk Gap

Enterprises are rushing to deploy Autonomous AI Agents, but they're hitting a wall of risk. According to Gartner, 74% of enterprises see AI agents as a new attack vector, and over 40% of agentic AI projects will be canceled due to inadequate risk controls.

The current landscape leaves teams with a choice:

  • Restrict agents to simple, low-value read-only tasks.

  • Accept the risk of autonomous agents taking destructive, unmonitored actions.

Without a dedicated governance layer, you're flying blind:

  • No visibility: You don't know what your agents are doing until after they do it.

  • No safety rails: There's no way to intercept dangerous operations before they execute.

  • No human-in-the-loop: Sensitive actions happen without manual oversight.

  • No audit trail: When things go wrong, you can't reconstruct the chain of thought.

The Solution: Cordum Agent Control Plane

Cordum is an Agent Control Plane that provides a deterministic governance layer for probabilistic AI minds. It allows you to define, enforce, and audit the behavior of your Autonomous AI Agents across any framework or model.

Copy & paste β€” that's it
graph TB
 subgraph CP [AGENT CONTROL PLANE]
 direction LR
 G[API Gateway] --- S[Scheduler] --- SK[Safety Kernel]
 S --- WE[Workflow Engine]
 end
 
 subgraph AGENTS [AUTONOMOUS AGENT POOLS]
 direction LR
 A1[Financial Ops]
 A2[Data Science]
 A3[Customer Service]
 end
 
 CP -->|Governed Jobs| AGENTS
 AGENTS -->|Audit Trail| CP

Governance Across the Lifecycle

Cordum's Before/During/Across framework provides exhaustive control over your agent operations:

Copy & paste β€” that's it
graph LR
 subgraph BEFORE [1. BEFORE - Governance]
 P[Policy Evaluation] --> S[Safety Gating]
 S --> H[Human Approval]
 end
 subgraph DURING [2. DURING - Safety]
 M[Real-time Monitoring] --> C[Circuit Breakers]
 C --> A[Live Approvals]
 end
 subgraph ACROSS [3. ACROSS - Observability]
 F[Fleet Health] --> T[Audit Trail]
 T --> O[Optimization]
 end
 BEFORE --> DURING
 DURING --> ACROSS
  • BEFORE (Governance): Define declarative policies that evaluate job requests before an agent executes. Trigger safety kernel checks, throttle risky actions, or flag operations for human approval.

  • DURING (Safety): Real-time visibility into active agent runs. Monitor progress, handle step-level approvals, and enforce timeouts or circuit breakers on the fly.

  • ACROSS (Observability): Manage your entire fleet from a single control plane. Aggregate audit trails, track capability-based routing, and observe agent pool health in real-time.

Cordum Edge: Compliance Firewall for AI agents

Cordum Edge extends the control plane to local AI-agent actions. For Claude Code, cordumctl edge claude launches the real P0 path β€” command hook, local cordum-agentd, Gateway Edge APIs, Safety Kernel policy/evaluate, approvals, artifact pointers, and dashboard evidence.

Cordum stays quiet until governance matters. Developers see Cordum exactly when it protects them, their team, and production: before risky tools run, when an action needs approval, and when evidence must be exported. The wrapper is the developer/demo path; enterprise enforcement requires managed Claude settings and endpoint controls.

Approval provenance is resolved-only: destructive retries must have a matching approved approval record and a canonical resolved approval audit event for the same tenant/ref/hash. Requested-only audit rows are lifecycle context, not proof that the action was approved.

Start here: Edge overview, Claude Code guide, manual demo, and Edge API.

Development

The published-images path above pulls Cordum binaries from ghcr.io. Contributors who need to rebuild from source use the development override file:

Copy & paste β€” that's it
make dev-up # docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d --build
make dev-logs # tail compose logs
make dev-down # docker compose down

docker-compose.dev.yml re-pins every Cordum service to a local cordum/<name>:dev tag and forces the build: context, so source changes are reflected on the next --build. Upstream images (NATS, Redis) are untouched. See Makefile and docker-compose.dev.yml for full details.

Other useful contributor commands:

Command Purpose make build Build every service binary into bin/ (wraps make proto first). make build SERVICE=cordumctl Build a single service. make test Run the full Go test suite. make smoke Quick post-deploy smoke against a running stack.

Key Features

Governance Feature Why It Matters for Enterprise Safety Gating Prevents agents from executing destructive or unauthorized actions before they occur. Output Quarantine Automatically blocks PII leaks, secrets, or hallucinated results from reaching the client. Human-in-the-Loop Mandates human oversight for high-risk operations (e.g., financial transfers, prod access). Pool Segmentation Ensures sensitive data only reaches agents in trusted environments. Deterministic Audit Prove exactly why a decision was made with a full chain-of-thought audit trail. Governance Policies Declarative YAML-based rules that map enterprise risk to agent behavior. Policy Simulator Test your governance rules against historical data before rolling them out to production. Cordum Edge Compliance Firewall for local AI-agent actions (Claude Code today, more agents next): hook β†’ local agentd β†’ Gateway evaluate β†’ resolved approval provenance β†’ redacted evidence export. See docs/edge/README.md.

Architecture

Copy & paste β€” that's it
cordum/
β”œβ”€β”€ cmd/ # Service entrypoints + CLI
β”‚ β”œβ”€β”€ cordum-api-gateway/ # API gateway (HTTP/WS + gRPC)
β”‚ β”œβ”€β”€ cordum-scheduler/ # Scheduler + safety gating
β”‚ β”œβ”€β”€ cordum-safety-kernel/ # Policy evaluation
β”‚ β”œβ”€β”€ cordum-workflow-engine/ # Workflow orchestration
β”‚ β”œβ”€β”€ cordum-context-engine/ # Optional context/memory service
β”‚ └── cordumctl/ # CLI
β”œβ”€β”€ core/ # Core libraries
β”‚ β”œβ”€β”€ controlplane/ # Gateway, scheduler, safety kernel
β”‚ β”œβ”€β”€ context/ # Context engine implementation
β”‚ β”œβ”€β”€ infra/ # Config, storage, bus, metrics
β”‚ β”œβ”€β”€ protocol/ # API protos + CAP aliases
β”‚ └── workflow/ # Workflow engine
β”œβ”€β”€ dashboard/ # React UI
β”œβ”€β”€ sdk/ # SDK + worker runtime
β”œβ”€β”€ cordum-helm/ # Helm chart
β”œβ”€β”€ deploy/k8s/ # Kubernetes manifests
└── docs/ # Documentation

Documentation

Doc Description System Overview Architecture and data flow Core Reference Deep technical details Docker Guide Running with Compose Agent Protocol CAP bus + pointer semantics MCP Server MCP stdio + HTTP/SSE integration Pack Format How to package agent capabilities Local E2E Full local walkthrough Edge Quickstart New-engineer 30-min path: clone β†’ live stack β†’ governed Claude session Edge Reference Cordum Edge product, API, CLI, demo, runbook Production Guide TLS, HA, backups, incident runbooks

Protocol: CAP β€” The Open Standard for Agent Governance

Cordum implements CAP (Cordum Agent Protocol), an open protocol specifically designed for distributed AI agent governance. CAP provides a unified interface for defining agent capabilities, submitting jobs, and enforcing safety policies across heterogeneous agent pools.

CAP vs. MCP: Why You Need Both

While both are essential, they solve different parts of the agent stack:

Protocol Focus Level Responsibility MCP (Model Context Protocol) Tool Calling Local How a model interacts with a tool. CAP (Cordum Agent Protocol) Governance Network How an agent is governed within an enterprise.

  • MCP is for within the agent β€” it defines how a model calls local tools.

  • CAP is for above the agent β€” it defines the governance control plane for the entire agent fleet.

Use CAP for high-level orchestration and safety gating, and MCP inside your agents for fine-grained tool integration.

Read the full deep dive: MCP vs CAP: Why Your AI Agents Need Both Protocols

MCP Server

Cordum includes an MCP server framework with:

  • Standalone stdio mode via cmd/cordum-mcp (for Claude Desktop/Code local integration)

  • Gateway HTTP/SSE mode via /mcp/message and /mcp/sse (when mcp.enabled=true)

See docs/mcp-server.md for setup, auth headers, and client configuration examples.

SDK

The Go SDK makes it easy to build CAP-compatible workers:

Copy & paste β€” that's it
import (
 "log"

 "github.com/cordum/cordum/sdk/runtime"
)

type Input struct {
 Prompt string `json:"prompt"`
}

type Output struct {
 Summary string `json:"summary"`
}

func main() {
 agent := &runtime.Agent{Retries: 2}

 runtime.Register(agent, "job.summarize", func(ctx runtime.Context, input Input) (Output, error) {
 // Your agent logic here
 return Output{Summary: input.Prompt}, nil
 })

 if err := agent.Start(); err != nil {
 log.Fatal(err)
 }
 select {}
}

SDKs: Go (stable) | Python | Node

Integration Packs

Extend Cordum with 30+ integration packs for Slack, GitHub, AWS, Jira, Terraform, Datadog, PagerDuty, and more. Each pack is a CAP-native worker with policy-gated workflows.

Pack Category Description Slack Communication Approval notifications and agent alerts GitHub DevOps Govern agent actions on repositories AWS Cloud Policy-gated cloud operations Kubernetes DevOps Governed incident remediation Terraform DevOps Pre-apply governance for IaC Datadog Monitoring Alert-triggered governed workflows LangChain AI Framework Governance for LangChain tool calls MCP Bridge AI Framework Gateway governance for MCP tools

Browse all integrations β†’

Community

Enterprise

Cordum Enterprise features (shipped in core, unlocked by license entitlement):

  • SSO/SAML/OIDC integration + SCIM provisioning

  • Advanced RBAC with role hierarchy

  • SIEM export (webhook, syslog, Datadog, CloudWatch)

  • Legal hold + velocity rules + agent identity

  • Priority support

See docs/enterprise.md for the full entitlement matrix. The formerly separate cordum-enterprise repo was retired 2026-04-23.

Governance

Cordum follows a transparent governance model with a protocol stability pledge, maintainer structure, and clear decision-making process. See GOVERNANCE.md for details including:

  • Protocol Stability: CAP v2 wire format frozen until February 2027

  • Security: SECURITY.md for vulnerability reporting

  • Versioning: Semantic versioning with deprecation policy

Roadmap

See ROADMAP.md for the full feature roadmap, completed milestones, and planned work.

Changelog

See CHANGELOG.md for a detailed log of all changes by version.

Compared To

Feature Cordum Guardrails AI NeMo Guardrails Custom Middleware Pre-execution policy engine βœ… Safety Kernel ❌ Post-generation ⚠️ Dialog rails only ⚠️ Manual Human-in-the-loop approvals βœ… Built-in ❌ ❌ ⚠️ DIY Multi-agent fleet governance βœ… ❌ Single model ❌ Single model ❌ Deterministic audit trail βœ… ❌ ❌ ⚠️ Manual Framework agnostic βœ… Any via CAP ❌ Python only ❌ NVIDIA stack ❌ MCP governance βœ… Bridge + Gateway ❌ ❌ ❌ Local agent-action firewall βœ… Cordum Edge (Claude Code hook today) ❌ ❌ ⚠️ DIY

See detailed comparisons β†’

Contributing

We welcome contributions! See CONTRIBUTING.md for guidelines. Check out our good first issues to get started.

License

Licensed under Business Source License 1.1 (BUSL-1.1).

  • Self-host and use internally: Permitted

  • Modify and contribute back: Permitted

  • Offer as a competing hosted service: Not permitted

  • Change Date: January 1, 2029 β€” automatically converts to Apache License 2.0

See LICENSE for full terms.

Star History

Ready to govern your AI agents? CAP Protocol Β· Integrations Β· Discord

If Cordum helps you deploy agents safely, give it a ⭐