The Control Plane for Autonomous AI Enforce policy before execution, require human approvals where risk demands it, and keep a full audit trail — from first act
The Control Plane for Autonomous AI Enforce policy before execution, require human approvals where risk demands it, and keep a full audit trail — from first action to final result.
README
Cordum
Know What Your AI Agents Are Doing. Before They Do It.
The Source-Available Agent Control Plane for Governance, Safety, and Trust.
One command stands up the full stack — API gateway, scheduler, safety
kernel, workflow engine, context engine, dashboard, NATS, and
TLS-secured Redis — with auto-generated secrets, auto-provisioned
certificates, and a post-deploy smoke test that exercises a real
approval workflow:
git clone https://github.com/cordum-io/cordum.git
cd cordum
./tools/scripts/quickstart.sh
Prerequisites: Docker Desktop v4+ (or Engine v20.10+ with Compose v2,
≥ 4 GB RAM allocated), Go 1.24+ (for first-run cert generation), and
curl. On Windows use MSYS2 / Git Bash / WSL.
Enterprises are rushing to deploy Autonomous AI Agents, but they're hitting a wall of risk. According to Gartner, 74% of enterprises see AI agents as a new attack vector, and over 40% of agentic AI projects will be canceled due to inadequate risk controls.
The current landscape leaves teams with a choice:
Restrict agents to simple, low-value read-only tasks.
Accept the risk of autonomous agents taking destructive, unmonitored actions.
Without a dedicated governance layer, you're flying blind:
No visibility: You don't know what your agents are doing until after they do it.
No safety rails: There's no way to intercept dangerous operations before they execute.
No human-in-the-loop: Sensitive actions happen without manual oversight.
No audit trail: When things go wrong, you can't reconstruct the chain of thought.
The Solution: Cordum Agent Control Plane
Cordum is an Agent Control Plane that provides a deterministic governance layer for probabilistic AI minds. It allows you to define, enforce, and audit the behavior of your Autonomous AI Agents across any framework or model.
graph TB
subgraph CP [AGENT CONTROL PLANE]
direction LR
G[API Gateway] --- S[Scheduler] --- SK[Safety Kernel]
S --- WE[Workflow Engine]
end
subgraph AGENTS [AUTONOMOUS AGENT POOLS]
direction LR
A1[Financial Ops]
A2[Data Science]
A3[Customer Service]
end
CP -->|Governed Jobs| AGENTS
AGENTS -->|Audit Trail| CP
Governance Across the Lifecycle
Cordum's Before/During/Across framework provides exhaustive control over your agent operations:
graph LR
subgraph BEFORE [1. BEFORE - Governance]
P[Policy Evaluation] --> S[Safety Gating]
S --> H[Human Approval]
end
subgraph DURING [2. DURING - Safety]
M[Real-time Monitoring] --> C[Circuit Breakers]
C --> A[Live Approvals]
end
subgraph ACROSS [3. ACROSS - Observability]
F[Fleet Health] --> T[Audit Trail]
T --> O[Optimization]
end
BEFORE --> DURING
DURING --> ACROSS
BEFORE (Governance): Define declarative policies that evaluate job requests before an agent executes. Trigger safety kernel checks, throttle risky actions, or flag operations for human approval.
DURING (Safety): Real-time visibility into active agent runs. Monitor progress, handle step-level approvals, and enforce timeouts or circuit breakers on the fly.
ACROSS (Observability): Manage your entire fleet from a single control plane. Aggregate audit trails, track capability-based routing, and observe agent pool health in real-time.
Quickstart
First Time?
Goal
Path
Just want to try it?
./tools/scripts/quickstart.sh — one-command install from source (guide)
Run the full stack from pre-built images?
docker compose pull && docker compose up -d (below) — once release images ship to ghcr.io
Docker Desktop v4+ or Docker Engine v20.10+ with the Compose v2 plugin (≥ 4 GB RAM allocated to Docker).
jq (recommended, for parsing API responses).
Run the published images
git clone https://github.com/cordum-io/cordum.git
cd cordum
export CORDUM_API_KEY=$(openssl rand -hex 32)
export REDIS_PASSWORD=$(openssl rand -hex 16)
docker compose pull # pulls every Cordum service from ghcr.io
docker compose up -d # starts the stack — no source build needed
Dashboard:http://localhost:8082Login:admin / admin123 (change in .env → CORDUM_ADMIN_PASSWORD)
Pin a specific release by exporting CORDUM_VERSION=1.2.3 before
docker compose pull. Defaults to :latest, which only moves on stable
release tags (pre-release suffixes such as -rc.1 never promote
:latest).
Verifying image signatures
Every release-tag image is signed with cosign keyless OIDC. Verify
before deploying to production:
See docs/deployment/images.md for the full
image catalogue, multi-arch pull instructions, and tag policy.
Manual setup (without docker compose)
cp .env.example .env
# Edit .env: set CORDUM_API_KEY (or generate: openssl rand -hex 32)
export CORDUM_API_KEY="your-key-here"
go run ./cmd/cordumctl up
open http://localhost:8082
The published-images path above pulls Cordum binaries from ghcr.io.
Contributors who need to rebuild from source use the development override
file:
make dev-up # docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d --build
make dev-logs # tail compose logs
make dev-down # docker compose down
docker-compose.dev.yml re-pins every Cordum service to a local
cordum/<name>:dev tag and forces the build: context, so source
changes are reflected on the next --build. Upstream images (NATS,
Redis) are untouched. See Makefile and docker-compose.dev.yml for
full details.
Other useful contributor commands:
Command
Purpose
make build
Build every service binary into bin/ (wraps make proto first).
make build SERVICE=cordumctl
Build a single service.
make test
Run the full Go test suite.
make smoke
Quick post-deploy smoke against a running stack.
Key Features
Governance Feature
Why It Matters for Enterprise
Safety Gating
Prevents agents from executing destructive or unauthorized actions before they occur.
Output Quarantine
Automatically blocks PII leaks, secrets, or hallucinated results from reaching the client.
Human-in-the-Loop
Mandates human oversight for high-risk operations (e.g., financial transfers, prod access).
Pool Segmentation
Ensures sensitive data only reaches agents in trusted environments.
Deterministic Audit
Prove exactly why a decision was made with a full chain-of-thought audit trail.
Governance Policies
Declarative YAML-based rules that map enterprise risk to agent behavior.
Policy Simulator
Test your governance rules against historical data before rolling them out to production.
Protocol: CAP — The Open Standard for Agent Governance
Cordum implements CAP (Cordum Agent Protocol), an open protocol specifically designed for distributed AI agent governance. CAP provides a unified interface for defining agent capabilities, submitting jobs, and enforcing safety policies across heterogeneous agent pools.
CAP vs. MCP: Why You Need Both
While both are essential, they solve different parts of the agent stack:
Protocol
Focus
Level
Responsibility
MCP (Model Context Protocol)
Tool Calling
Local
How a model interacts with a tool.
CAP (Cordum Agent Protocol)
Governance
Network
How an agent is governed within an enterprise.
MCP is for within the agent — it defines how a model calls local tools.
CAP is for above the agent — it defines the governance control plane for the entire agent fleet.
Use CAP for high-level orchestration and safety gating, and MCP inside your agents for fine-grained tool integration.
Extend Cordum with 30+ integration packs for Slack, GitHub, AWS, Jira, Terraform, Datadog, PagerDuty, and more. Each pack is a CAP-native worker with policy-gated workflows.
See docs/enterprise.md for the full entitlement matrix.
The formerly separate cordum-enterprise repo was retired 2026-04-23.
Governance
Cordum follows a transparent governance model with a protocol stability pledge, maintainer structure, and clear decision-making process. See GOVERNANCE.md for details including:
Protocol Stability: CAP v2 wire format frozen until February 2027
