Know What Your AI Agents Are Doing. Before They Do It.
The Source-Available Agent Control Plane for Governance, Safety, and Trust.
Discord · Discussions · Docs
Enterprises are rushing to deploy Autonomous AI Agents, but they're hitting a wall of risk. According to Gartner, 74% of enterprises see AI agents as a new attack vector, and over 40% of agentic AI projects will be canceled due to inadequate risk controls.
The current landscape leaves teams with a choice:
- Restrict agents to simple, low-value read-only tasks.
- Accept the risk of autonomous agents taking destructive, unmonitored actions.
Without a dedicated governance layer, you're flying blind:
- No visibility: You don't know what your agents are doing until after they do it.
- No safety rails: There's no way to intercept dangerous operations before they execute.
- No human-in-the-loop: Sensitive actions happen without manual oversight.
- No audit trail: When things go wrong, you can't reconstruct the chain of thought.
Cordum is an Agent Control Plane that provides a deterministic governance layer for probabilistic AI minds. It allows you to define, enforce, and audit the behavior of your Autonomous AI Agents across any framework or model.
graph TB
subgraph CP [AGENT CONTROL PLANE]
direction LR
G[API Gateway] --- S[Scheduler] --- SK[Safety Kernel]
S --- WE[Workflow Engine]
end
subgraph AGENTS [AUTONOMOUS AGENT POOLS]
direction LR
A1[Financial Ops]
A2[Data Science]
A3[Customer Service]
end
CP -->|Governed Jobs| AGENTS
AGENTS -->|Audit Trail| CP
Cordum's Before/During/Across framework provides exhaustive control over your agent operations:
graph LR
subgraph BEFORE [1. BEFORE - Governance]
P[Policy Evaluation] --> S[Safety Gating]
S --> H[Human Approval]
end
subgraph DURING [2. DURING - Safety]
M[Real-time Monitoring] --> C[Circuit Breakers]
C --> A[Live Approvals]
end
subgraph ACROSS [3. ACROSS - Observability]
F[Fleet Health] --> T[Audit Trail]
T --> O[Optimization]
end
BEFORE --> DURING
DURING --> ACROSS
- BEFORE (Governance): Define declarative policies that evaluate job requests before an agent executes. Trigger safety kernel checks, throttle risky actions, or flag operations for human approval.
- DURING (Safety): Real-time visibility into active agent runs. Monitor progress, handle step-level approvals, and enforce timeouts or circuit breakers on the fly.
- ACROSS (Observability): Manage your entire fleet from a single control plane. Aggregate audit trails, track capability-based routing, and observe agent pool health in real-time.
| Goal | Path |
|---|---|
| Just want to try it? | ./tools/scripts/quickstart.sh (below) |
| Manual step-by-step? | docs/quickstart.md |
| Developing Cordum? | CONTRIBUTING.md |
- Docker Desktop v4+ or Docker CLI v20.10+ with Compose v2 (4GB+ RAM allocated)
- jq (recommended, for parsing API responses)
- Go 1.24+ (optional, only needed for
cordumctlor cert generation)
git clone https://github.com/cordum-io/cordum.git
cd cordum
./tools/scripts/quickstart.shThat's it. The script auto-creates .env, generates API keys and Redis password, builds all services, and runs health checks. No manual configuration needed.
Dashboard: http://localhost:8082
Login: admin / admin123 (change in .env → CORDUM_ADMIN_PASSWORD)
Manual setup (without quickstart script)
cp .env.example .env
# Edit .env: set CORDUM_API_KEY (or generate: openssl rand -hex 32)
export CORDUM_API_KEY="your-key-here"
go run ./cmd/cordumctl up
open http://localhost:8082helm install cordum oci://ghcr.io/cordum-io/cordum/charts/cordum \
--namespace cordum --create-namespace \
--set secrets.apiKey=$(openssl rand -hex 32) \
--set redis.auth.password=$(openssl rand -hex 32) \
--set ingress.enabled=true \
--set ingress.className=nginx \
--set ingress.api.host=api.cordum.example.com \
--set ingress.dashboard.host=cordum.example.comSee cordum-helm/ for the full Helm chart reference. Chart also available on Artifact Hub.
Container images (multi-arch: amd64 + arm64):
| Image | Registry |
|---|---|
cordum/api-gateway |
Docker Hub |
cordum/scheduler |
Docker Hub |
cordum/safety-kernel |
Docker Hub |
cordum/workflow-engine |
Docker Hub |
cordum/context-engine |
Docker Hub |
cordum/dashboard |
Docker Hub |
Also available on GHCR: ghcr.io/cordum-io/cordum/{service}:{version}
| Port | Service |
|---|---|
| 8082 | Dashboard |
| 8081 | API Gateway (HTTPS) |
| 9080 | gRPC Gateway |
| 4222 | NATS |
| 6379 | Redis |
| 9092 | Gateway Metrics |
| 9093 | Workflow Engine Health |
| 50051 | Safety Kernel (gRPC) |
| 50400 | Context Engine (gRPC) |
Port conflicts? If any port is already in use, either stop the conflicting service or override ports in your
.envfile before starting the stack.
# Submit a test job
curl -sS --cacert ./certs/ca/ca.crt \
-X POST https://localhost:8081/api/v1/jobs \
-H "X-API-Key: $CORDUM_API_KEY" -H "X-Tenant-ID: default" \
-H "Content-Type: application/json" \
-d '{"topic":"job.default","context":{"prompt":"hello"}}'
# Stop the stack
docker compose down
# View logs
docker compose logs -f api-gateway| Issue | Fix |
|---|---|
| Port already in use | docker compose down then retry, or check lsof -i :8082 |
| Docker out of memory | Allocate at least 4 GB RAM to Docker Desktop |
| Can't login to dashboard | Default credentials: admin / admin123 |
| TLS/SSL cert errors | Remove ./certs/ and re-run — certs auto-regenerate |
openssl not found |
Not needed — quickstart.sh auto-generates keys without it |
| Go build fails | Requires Go 1.24+ — check with go version |
| Stale config after changes | redis-cli DEL cfg:system:default then restart |
For detailed troubleshooting, see docs/troubleshooting.md.
| Governance Feature | Why It Matters for Enterprise |
|---|---|
| Safety Gating | Prevents agents from executing destructive or unauthorized actions before they occur. |
| Output Quarantine | Automatically blocks PII leaks, secrets, or hallucinated results from reaching the client. |
| Human-in-the-Loop | Mandates human oversight for high-risk operations (e.g., financial transfers, prod access). |
| Pool Segmentation | Ensures sensitive data only reaches agents in trusted environments. |
| Deterministic Audit | Prove exactly why a decision was made with a full chain-of-thought audit trail. |
| Governance Policies | Declarative YAML-based rules that map enterprise risk to agent behavior. |
| Policy Simulator | Test your governance rules against historical data before rolling them out to production. |
cordum/
├── cmd/ # Service entrypoints + CLI
│ ├── cordum-api-gateway/ # API gateway (HTTP/WS + gRPC)
│ ├── cordum-scheduler/ # Scheduler + safety gating
│ ├── cordum-safety-kernel/ # Policy evaluation
│ ├── cordum-workflow-engine/ # Workflow orchestration
│ ├── cordum-context-engine/ # Optional context/memory service
│ └── cordumctl/ # CLI
├── core/ # Core libraries
│ ├── controlplane/ # Gateway, scheduler, safety kernel
│ ├── context/ # Context engine implementation
│ ├── infra/ # Config, storage, bus, metrics
│ ├── protocol/ # API protos + CAP aliases
│ └── workflow/ # Workflow engine
├── dashboard/ # React UI
├── sdk/ # SDK + worker runtime
├── cordum-helm/ # Helm chart
├── deploy/k8s/ # Kubernetes manifests
└── docs/ # Documentation
| Doc | Description |
|---|---|
| System Overview | Architecture and data flow |
| Core Reference | Deep technical details |
| Docker Guide | Running with Compose |
| Agent Protocol | CAP bus + pointer semantics |
| MCP Server | MCP stdio + HTTP/SSE integration |
| Pack Format | How to package agent capabilities |
| Local E2E | Full local walkthrough |
| Production Guide | TLS, HA, backups, incident runbooks |
Cordum implements CAP (Cordum Agent Protocol), an open protocol specifically designed for distributed AI agent governance. CAP provides a unified interface for defining agent capabilities, submitting jobs, and enforcing safety policies across heterogeneous agent pools.
While both are essential, they solve different parts of the agent stack:
| Protocol | Focus | Level | Responsibility |
|---|---|---|---|
| MCP (Model Context Protocol) | Tool Calling | Local | How a model interacts with a tool. |
| CAP (Cordum Agent Protocol) | Governance | Network | How an agent is governed within an enterprise. |
- MCP is for within the agent — it defines how a model calls local tools.
- CAP is for above the agent — it defines the governance control plane for the entire agent fleet.
Use CAP for high-level orchestration and safety gating, and MCP inside your agents for fine-grained tool integration.
Read the full deep dive: MCP vs CAP: Why Your AI Agents Need Both Protocols
Cordum includes an MCP server framework with:
- Standalone stdio mode via
cmd/cordum-mcp(for Claude Desktop/Code local integration) - Gateway HTTP/SSE mode via
/mcp/messageand/mcp/sse(whenmcp.enabled=true)
See docs/mcp-server.md for setup, auth headers, and client configuration examples.
The Go SDK makes it easy to build CAP-compatible workers:
import (
"log"
"github.com/cordum/cordum/sdk/runtime"
)
type Input struct {
Prompt string `json:"prompt"`
}
type Output struct {
Summary string `json:"summary"`
}
func main() {
agent := &runtime.Agent{Retries: 2}
runtime.Register(agent, "job.summarize", func(ctx runtime.Context, input Input) (Output, error) {
// Your agent logic here
return Output{Summary: input.Prompt}, nil
})
if err := agent.Start(); err != nil {
log.Fatal(err)
}
select {}
}SDKs: Go (stable) | Python | Node
Extend Cordum with 30+ integration packs for Slack, GitHub, AWS, Jira, Terraform, Datadog, PagerDuty, and more. Each pack is a CAP-native worker with policy-gated workflows.
| Pack | Category | Description |
|---|---|---|
| Slack | Communication | Approval notifications and agent alerts |
| GitHub | DevOps | Govern agent actions on repositories |
| AWS | Cloud | Policy-gated cloud operations |
| Kubernetes | DevOps | Governed incident remediation |
| Terraform | DevOps | Pre-apply governance for IaC |
| Datadog | Monitoring | Alert-triggered governed workflows |
| LangChain | AI Framework | Governance for LangChain tool calls |
| MCP Bridge | AI Framework | Gateway governance for MCP tools |
- Discord: Join the conversation
- GitHub Discussions: Ask questions
- Twitter/X: @Cordum_io
- Email: See SECURITY.md for contact details
Cordum Enterprise adds:
- SSO/SAML integration
- Advanced RBAC
- SIEM export
- Priority support
See cordum-enterprise for details.
Cordum follows a transparent governance model with a protocol stability pledge, maintainer structure, and clear decision-making process. See GOVERNANCE.md for details including:
- Protocol Stability: CAP v2 wire format frozen until February 2027
- Security: SECURITY.md for vulnerability reporting
- Versioning: Semantic versioning with deprecation policy
See ROADMAP.md for the full feature roadmap, completed milestones, and planned work.
See CHANGELOG.md for a detailed log of all changes by version.
| Feature | Cordum | Guardrails AI | NeMo Guardrails | Custom Middleware |
|---|---|---|---|---|
| Pre-execution policy engine | ✅ Safety Kernel | ❌ Post-generation | ||
| Human-in-the-loop approvals | ✅ Built-in | ❌ | ❌ | |
| Multi-agent fleet governance | ✅ | ❌ Single model | ❌ Single model | ❌ |
| Deterministic audit trail | ✅ | ❌ | ❌ | |
| Framework agnostic | ✅ Any via CAP | ❌ Python only | ❌ NVIDIA stack | ❌ |
| MCP governance | ✅ Bridge + Gateway | ❌ | ❌ | ❌ |
We welcome contributions! See CONTRIBUTING.md for guidelines. Check out our good first issues to get started.
Licensed under Business Source License 1.1 (BUSL-1.1).
- Self-host and use internally: Permitted
- Modify and contribute back: Permitted
- Offer as a competing hosted service: Not permitted
- Change Date: January 1, 2029 — automatically converts to Apache License 2.0
See LICENSE for full terms.
Ready to govern your AI agents?
CAP Protocol · Integrations · Discord
If Cordum helps you deploy agents safely, give it a ⭐