cordum

Full walkthrough, rule-by-rule explanation, and extension recipe: demo/quickstart/README.md.

Edge Quickstart (Compliance Firewall for Claude Code)

Cordum Edge governs Claude Code tool calls in the developer's terminal — the hook denies risky actions before they run, requires approval on edits, and exports a redacted evidence bundle for every session. Once the platform stack is up (above), point Claude Code at Cordum:

export CORDUM_GATEWAY=https://localhost:8081
export CORDUM_API_KEY=$(grep CORDUM_API_KEY .env | cut -d= -f2)
export CORDUM_TENANT_ID=default
./bin/cordumctl edge claude

The wrapper renders a temporary settings.json, spawns cordum-agentd on a local loopback nonce, and starts Claude Code with the command hook installed. Read .env is denied; Edit/Write requires approval; safe reads pass through untouched. The dashboard shows the live session timeline at /edge/sessions.

Full 30-minute walkthrough: docs/quickstart-edge.md. Reference: docs/edge/README.md.

The Problem: The Agent Risk Gap

Enterprises are rushing to deploy Autonomous AI Agents, but they're hitting a wall of risk. According to Gartner, 74% of enterprises see AI agents as a new attack vector, and over 40% of agentic AI projects will be canceled due to inadequate risk controls.

The current landscape leaves teams with a choice:

1. Restrict agents to simple, low-value read-only tasks.
2. Accept the risk of autonomous agents taking destructive, unmonitored actions.

Without a dedicated governance layer, you're flying blind:

• No visibility: You don't know what your agents are doing until after they do it.
• No safety rails: There's no way to intercept dangerous operations before they execute.
• No human-in-the-loop: Sensitive actions happen without manual oversight.
• No audit trail: When things go wrong, you can't reconstruct the chain of thought.

The Solution: Cordum Agent Control Plane

Cordum is an Agent Control Plane that provides a deterministic governance layer for probabilistic AI minds. It allows you to define, enforce, and audit the behavior of your Autonomous AI Agents across any framework or model.

graph TB
    subgraph CP [AGENT CONTROL PLANE]
        direction LR
        G[API Gateway] --- S[Scheduler] --- SK[Safety Kernel]
        S --- WE[Workflow Engine]
    end
    
    subgraph AGENTS [AUTONOMOUS AGENT POOLS]
        direction LR
        A1[Financial Ops]
        A2[Data Science]
        A3[Customer Service]
    end
    
    CP -->|Governed Jobs| AGENTS
    AGENTS -->|Audit Trail| CP

Governance Across the Lifecycle

Cordum's Before/During/Across framework provides exhaustive control over your agent operations:

graph LR
    subgraph BEFORE [1. BEFORE - Governance]
        P[Policy Evaluation] --> S[Safety Gating]
        S --> H[Human Approval]
    end
    subgraph DURING [2. DURING - Safety]
        M[Real-time Monitoring] --> C[Circuit Breakers]
        C --> A[Live Approvals]
    end
    subgraph ACROSS [3. ACROSS - Observability]
        F[Fleet Health] --> T[Audit Trail]
        T --> O[Optimization]
    end
    BEFORE --> DURING
    DURING --> ACROSS

• BEFORE (Governance): Define declarative policies that evaluate job requests before an agent executes. Trigger safety kernel checks, throttle risky actions, or flag operations for human approval.
• DURING (Safety): Real-time visibility into active agent runs. Monitor progress, handle step-level approvals, and enforce timeouts or circuit breakers on the fly.
• ACROSS (Observability): Manage your entire fleet from a single control plane. Aggregate audit trails, track capability-based routing, and observe agent pool health in real-time.

Cordum Edge: Compliance Firewall for AI agents

Cordum Edge extends the control plane to local AI-agent actions. For Claude Code, cordumctl edge claude launches the real P0 path — command hook, local cordum-agentd, Gateway Edge APIs, Safety Kernel policy/evaluate, approvals, artifact pointers, and dashboard evidence.

Cordum stays quiet until governance matters. Developers see Cordum exactly when it protects them, their team, and production: before risky tools run, when an action needs approval, and when evidence must be exported. The wrapper is the developer/demo path; enterprise enforcement requires managed Claude settings and endpoint controls.

Start here: Edge overview, Claude Code guide, manual demo, and Edge API.

Quickstart

First Time?

| Goal | Path | |------|------| | Just want to try it? | ./tools/scripts/quickstart.sh — one-command install from source (guide) | | Run the full stack from pre-built images? | docker compose pull && docker compose up -d (below) — once release images ship to ghcr.io | | Developing Cordum? | See Development |

Prerequisites

• Docker Desktop v4+ or Docker Engine v20.10+ with the Compose v2 plugin (≥ 4 GB RAM allocated to Docker).
• jq (recommended, for parsing API responses).

Run the published images

git clone https://github.com/cordum-io/cordum.git
cd cordum
export CORDUM_API_KEY=$(openssl rand -hex 32)
export REDIS_PASSWORD=$(openssl rand -hex 16)
docker compose pull         # pulls every Cordum service from ghcr.io
docker compose up -d        # starts the stack — no source build needed

Dashboard: http://localhost:8082 Login: admin / admin123 (change in .env → CORDUM_ADMIN_PASSWORD)

Pin a specific release by exporting CORDUM_VERSION=1.2.3 before `docker compose