MCPcopy Index your code
hub / github.com/cordum-io/cordum

github.com/cordum-io/cordum @v1.1.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.1.0 ↗ · + Follow
27,476 symbols 116,970 edges 3,526 files 6,946 documented · 25%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Cordum

Cordum

Artifact Hub

Know What Your AI Agents Are Doing. Before They Do It.

The Source-Available Agent Control Plane for Governance, Safety, and Trust.

Includes Cordum Edge — a Compliance Firewall for Claude Code and other local AI-agent actions.

Stars License Release CI Go Report Card Discord CAP Protocol

Discord · Discussions · Docs


Quickstart

One command stands up the full stack — API gateway, scheduler, safety kernel, workflow engine, context engine, dashboard, NATS, and TLS-secured Redis — with auto-generated secrets, auto-provisioned certificates, and a post-deploy smoke test that exercises a real approval workflow:

git clone https://github.com/cordum-io/cordum.git
cd cordum
./tools/scripts/quickstart.sh

Prerequisites: Docker Desktop v4+ (or Engine v20.10+ with Compose v2, ≥ 4 GB RAM allocated), Go 1.24+ (for first-run cert generation), and curl. On Windows use MSYS2 / Git Bash / WSL.

What you get at the end: - Dashboard at http://localhost:8082 — log in as admin / ChangeMe123! (the default dev password, also saved to .env as CORDUM_ADMIN_PASSWORD; change it before exposing the stack). - Gateway at http://localhost:8081 with a generated CORDUM_API_KEY in .env. - TLS CA, server, and client keypairs under ./certs/. - A working approval-gate workflow proven by the built-in platform_smoke.sh run.

Full walkthrough, platform notes, and troubleshooting: docs/quickstart.md.

See a 3-verdict demo

Once the stack is up, install the demo-quickstart pack and run the governance demo:

cordumctl pack install ./demo/quickstart/pack
cordumctl demo run quickstart

A single hello, operator! workflow fans out to three topics and exercises every safety-kernel decision class in under 30 seconds:

  +--------------------+--------------------------+--------------------+---------
  | Step               | Topic                    | Verdict            | Reason
  +--------------------+--------------------------+--------------------+---------
  | greet              | job.demo-quickstart.greet           | ALLOW              | Safe…
  | attempt_delete     | job.demo-quickstart.delete-all      | DENY               | Block…
  | escalate_admin     | job.demo-quickstart.admin           | REQUIRE_APPROVAL   | Sign…
  +--------------------+--------------------------+--------------------+---------

Full walkthrough, rule-by-rule explanation, and extension recipe: demo/quickstart/README.md.

Edge Quickstart (Compliance Firewall for Claude Code)

Cordum Edge governs Claude Code tool calls in the developer's terminal — the hook denies risky actions before they run, requires approval on edits, and exports a redacted evidence bundle for every session. Once the platform stack is up (above), point Claude Code at Cordum:

export CORDUM_GATEWAY=https://localhost:8081
export CORDUM_API_KEY=$(grep CORDUM_API_KEY .env | cut -d= -f2)
export CORDUM_TENANT_ID=default
./bin/cordumctl edge claude

The wrapper renders a temporary settings.json, spawns cordum-agentd on a local loopback nonce, and starts Claude Code with the command hook installed. Read .env is denied; Edit/Write requires approval; safe reads pass through untouched. The dashboard shows the live session timeline at /edge/sessions.

For approved destructive actions, Edge does not trust the approval store alone: the ProvenanceGate also requires a resolved approval audit event for the same tenant, approval_ref, and action_hash. An approval-requested event by itself does not satisfy provenance, and raw prompts, transcripts, and tool payloads are kept out of audit evidence.

Full 30-minute walkthrough: docs/quickstart-edge.md. Reference: docs/edge/README.md.


The Problem: The Agent Risk Gap

Enterprises are rushing to deploy Autonomous AI Agents, but they're hitting a wall of risk. According to Gartner, 74% of enterprises see AI agents as a new attack vector, and over 40% of agentic AI projects will be canceled due to inadequate risk controls.

The current landscape leaves teams with a choice: 1. Restrict agents to simple, low-value read-only tasks. 2. Accept the risk of autonomous agents taking destructive, unmonitored actions.

Without a dedicated governance layer, you're flying blind: - No visibility: You don't know what your agents are doing until after they do it. - No safety rails: There's no way to intercept dangerous operations before they execute. - No human-in-the-loop: Sensitive actions happen without manual oversight. - No audit trail: When things go wrong, you can't reconstruct the chain of thought.

The Solution: Cordum Agent Control Plane

Cordum is an Agent Control Plane that provides a deterministic governance layer for probabilistic AI minds. It allows you to define, enforce, and audit the behavior of your Autonomous AI Agents across any framework or model.

graph TB
    subgraph CP [AGENT CONTROL PLANE]
        direction LR
        G[API Gateway] --- S[Scheduler] --- SK[Safety Kernel]
        S --- WE[Workflow Engine]
    end

    subgraph AGENTS [AUTONOMOUS AGENT POOLS]
        direction LR
        A1[Financial Ops]
        A2[Data Science]
        A3[Customer Service]
    end

    CP -->|Governed Jobs| AGENTS
    AGENTS -->|Audit Trail| CP

nWwQVRVqwlZKeRbBZvkSof-img-2_1771930624000_na1fn_ZGFzaGJvYXJkLXByZXZpZXctZGFyaw

Governance Across the Lifecycle

Cordum's Before/During/Across framework provides exhaustive control over your agent operations:

graph LR
    subgraph BEFORE [1. BEFORE - Governance]
        P[Policy Evaluation] --> S[Safety Gating]
        S --> H[Human Approval]
    end
    subgraph DURING [2. DURING - Safety]
        M[Real-time Monitoring] --> C[Circuit Breakers]
        C --> A[Live Approvals]
    end
    subgraph ACROSS [3. ACROSS - Observability]
        F[Fleet Health] --> T[Audit Trail]
        T --> O[Optimization]
    end
    BEFORE --> DURING
    DURING --> ACROSS
  • BEFORE (Governance): Define declarative policies that evaluate job requests before an agent executes. Trigger safety kernel checks, throttle risky actions, or flag operations for human approval.
  • DURING (Safety): Real-time visibility into active agent runs. Monitor progress, handle step-level approvals, and enforce timeouts or circuit breakers on the fly.
  • ACROSS (Observability): Manage your entire fleet from a single control plane. Aggregate audit trails, track capability-based routing, and observe agent pool health in real-time.

Cordum Edge: Compliance Firewall for AI agents

Cordum Edge extends the control plane to local AI-agent actions. For Claude Code, cordumctl edge claude launches the real P0 path — command hook, local cordum-agentd, Gateway Edge APIs, Safety Kernel policy/evaluate, approvals, artifact pointers, and dashboard evidence.

Cordum stays quiet until governance matters. Developers see Cordum exactly when it protects them, their team, and production: before risky tools run, when an action needs approval, and when evidence must be exported. The wrapper is the developer/demo path; enterprise enforcement requires managed Claude settings and endpoint controls.

Approval provenance is resolved-only: destructive retries must have a matching approved approval record and a canonical resolved approval audit event for the same tenant/ref/hash. Requested-only audit rows are lifecycle context, not proof that the action was approved.

Start here: Edge overview, Claude Code guide, manual demo, and Edge API.

Quickstart

First Time?

Goal Path
Just want to try it? ./tools/scripts/quickstart.sh — one-command install from source (guide)
Run the full stack from pre-built images? docker compose pull && docker compose up -d (below) — once release images ship to ghcr.io
Developing Cordum? See Development

Prerequisites

  • Docker Desktop v4+ or Docker Engine v20.10+ with the Compose v2 plugin (≥ 4 GB RAM allocated to Docker).
  • jq (recommended, for parsing API responses).

Run the published images

git clone https://github.com/cordum-io/cordum.git
cd cordum
export CORDUM_API_KEY=$(openssl rand -hex 32)
export REDIS_PASSWORD=$(openssl rand -hex 16)
docker compose pull         # pulls every Cordum service from ghcr.io
docker compose up -d        # starts the stack — no source build needed

Dashboard: http://localhost:8082 Login: this path leaves user auth off by default — sign in on the dashboard with your CORDUM_API_KEY. To enable admin password login instead, set CORDUM_USER_AUTH_ENABLED=true and a policy-compliant CORDUM_ADMIN_PASSWORD (≥ 12 chars, with an uppercase letter, a digit, and a special character) in .env, then docker compose up -d. (The quickstart script does this for you.)

Pin a specific release by exporting CORDUM_VERSION=1.2.3 before docker compose pull. Defaults to :latest, which only moves on stable release tags (pre-release suffixes such as -rc.1 never promote :latest).

Verifying image signatures

Every release-tag image is signed with cosign keyless OIDC. Verify before deploying to production:

cosign verify ghcr.io/cordum-io/cordum/api-gateway:1.2.3 \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp 'https://github\.com/cordum-io/cordum/\.github/workflows/docker\.yml@refs/tags/v.*'

See docs/deployment/images.md for the full image catalogue, multi-arch pull instructions, and tag policy.

Manual setup (without docker compose)

cp .env.example .env
# Edit .env: set CORDUM_API_KEY (or generate: openssl rand -hex 32)
export CORDUM_API_KEY="your-key-here"
go run ./cmd/cordumctl up
open http://localhost:8082

Deploy to Kubernetes

helm install cordum oci://ghcr.io/cordum-io/cordum/charts/cordum \
  --namespace cordum --create-namespace \
  --set secrets.apiKey=$(openssl rand -hex 32) \
  --set redis.auth.password=$(openssl rand -hex 32) \
  --set ingress.enabled=true \
  --set ingress.className=nginx \
  --set ingress.api.host=api.cordum.example.com \
  --set ingress.dashboard.host=cordum.example.com

See cordum-helm/ for the full Helm chart reference. Chart also available on Artifact Hub.

Container images (multi-arch: linux/amd64 + linux/arm64):

Image GHCR Docker Hub
api-gateway ghcr.io/cordum-io/cordum/api-gateway cordum/api-gateway
scheduler ghcr.io/cordum-io/cordum/scheduler cordum/scheduler
safety-kernel ghcr.io/cordum-io/cordum/safety-kernel cordum/safety-kernel
workflow-engine ghcr.io/cordum-io/cordum/workflow-engine cordum/workflow-engine
context-engine ghcr.io/cordum-io/cordum/context-engine cordum/context-engine
mcp ghcr.io/cordum-io/cordum/mcp cordum/mcp
dashboard ghcr.io/cordum-io/cordum/dashboard cordum/dashboard

latest release api-gateway image size ![dashboard image size](https://img.shields.io/docker/image-size/cordum/dashboard/latest?la

Extension points exported contracts — how you extend this code

ActionGate (Interface)
ActionGate is the contract every gate implements. Evaluate MUST be idempotent and side-effect free (gates are evaluated [10 …
core/policy/actiongates/types.go
AuditSender (Interface)
AuditSender receives audit events for asynchronous export. Both BufferedExporter and NATSAuditPublisher implement this i [20 …
core/audit/nats.go
Bus (Interface)
Bus abstracts the message bus so the scheduler can remain decoupled from concrete transport implementations. [20 implementers]
core/model/bus.go
SafetyChecker (Interface)
SafetyChecker determines if a job request may proceed. [21 implementers]
core/controlplane/scheduler/types.go
OutboundClient (Interface)
OutboundClient is the minimal interface AuditedOutboundClient wraps. Task-ba236f62's signed-outbound client MUST impleme [6 …
core/mcp/audit_invocation.go
PolicyEvaluator (Interface)
PolicyEvaluator is the narrow abstraction the runner depends on so it can be unit-tested against a fake policy while bei [29 …
core/evals/runner/types.go
TenantResolver (Interface)
TenantResolver maps a pod (and its enclosing namespace) to a tenant identifier + the source label that describes which p [23 …
core/edge/shadow/k8s/mapping.go
TopicsLister (Interface)
TopicsLister returns all topics the tenant can publish to. [8 implementers]
core/governance/health.go

Core symbols most depended-on inside this repo

Set
called by 1489
core/edge/keychain/keyring.go
Now
called by 1243
core/edge/agentd/types.go
Add
called by 1099
core/controlplane/scheduler/types.go
Run
called by 917
core/evals/extraction/extractor.go
Is
called by 907
core/controlplane/gateway/handlers_pools.go
Close
called by 640
core/audit/nats.go
get
called by 573
core/mcp/filter_cache.go
Error
called by 493
core/controlplane/gateway/auth/rbac.go

Shape

Function 16,355
Method 7,529
Struct 1,724
Interface 1,119
Class 589
TypeAlias 110
FuncType 47
Enum 3

Languages

Go64%
Python19%
TypeScript17%

Modules by API surface

core/controlplane/scheduler/engine_test.go185 symbols
dashboard/src/api/types.ts162 symbols
dashboard/src/api/transform.ts162 symbols
core/infra/metrics/metrics.go144 symbols
dashboard/src/api/generated/edge/edge.ts141 symbols
cmd/cordumctl/pack.go128 symbols
core/edge/observability.go127 symbols
core/infra/store/job_store.go126 symbols
dashboard/src/api/generated/policy/policy.ts120 symbols
core/controlplane/scheduler/engine.go115 symbols
core/controlplane/gateway/auth/scim.go115 symbols
core/edge/store_redis.go111 symbols

For agents

$ claude mcp add cordum \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact