https://github.com/cordum-io/cordum

Cordum (cordum.io) is a platform-only control plane for autonomous AI Agents and external workers. It uses NATS for the bus, Redis for state and payload pointers, and CAP v2 wire contracts for jobs, results, and heartbeats. Workers and product packs live outside this repo.Core cordum
https://github.com/cordum-io/cordum

ai-orchestration ai-safety autonomous-agents governance llm-agents workflow-engine

Last synced: 3 months ago
JSON representation

Cordum (cordum.io) is a platform-only control plane for autonomous AI Agents and external workers. It uses NATS for the bus, Redis for state and payload pointers, and CAP v2 wire contracts for jobs, results, and heartbeats. Workers and product packs live outside this repo.Core cordum

• Host: GitHub
• URL: https://github.com/cordum-io/cordum
• Owner: cordum-io
• License: other
• Created: 2026-01-11T16:56:02.000Z (5 months ago)
• Default Branch: main
• Last Pushed: 2026-03-03T13:20:29.000Z (3 months ago)
• Last Synced: 2026-03-03T17:43:28.969Z (3 months ago)
• Topics: ai-orchestration, ai-safety, autonomous-agents, governance, llm-agents, workflow-engine
• Language: Go
• Homepage: https://cordum.io/
• Size: 167 MB
• Stars: 464
• Watchers: 139
• Forks: 18
• Open Issues: 16
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: .github/CODEOWNERS
  • Security: SECURITY.md
  • Support: SUPPORT.md
  • Governance: GOVERNANCE.md
  • Roadmap: ROADMAP.md
  • Notice: NOTICE

Awesome Lists containing this project

• awesome-workflow-engines - Cordum - io/cordum.svg)](https://github.com/cordum-io/cordum) - Governance-first control plane for AI agents and external workers (policy-before-dispatch, approval gates, audit trails). (Full fledged product)
• Awesome-LLMOps - Cordum.io - only control plane for autonomous AI Agents and external workers. It uses NATS for the bus, Redis for state and payload pointers, and CAP v2 wire contracts for jobs, results, and heartbeats. Workers and product packs live outside this repo.Core cordum    (Orchestration / Application Framework)
• awesome-llmops - Cordum - first agent orchestration platform with pre-dispatch policy evaluation, output scanning (PII, secrets, injection), job scheduling, workflow engine, and full audit trail. |  | (Security / Frameworks for LLM security)
• awesome-devops-mcp-servers - cordum-io/cordum - Safety-first agent control plane with pre-dispatch policy evaluation (deny/escalate/allow), output scanning (PII, secrets, injection), job scheduling, and full audit trail. Native MCP server with stdio and HTTP/SSE transport. (Cloud Infrastructure / 🔒 Security)
• awesome-mcp-devtools - cordum-io/cordum - first agent orchestration platform. Supports stdio + HTTP/SSE transports with 6 tools (job submission, policy evaluation, output scanning, workflow triggering, audit queries, pool status) and 7 resources. (Frameworks / Common Lisp)
• awesome-llm-agents - Cordum - Safety-first agent orchestration (Frameworks)
• awesome-mlops - Cordum - Governance-first control plane for AI agents and external workers. (Workflow Tools)
• awesome-mcp-servers - **cordum-io/cordum 🏎** - Safety-first agent control plane with pre-dispatch policy evaluation (deny/escalate/allow), output scanning (PII, secrets, injection), job scheduling, and full audit trail. Native MCP server with stdio and HTTP/SSE transport. `http` `ai` `git` `github` (📦 Other)

README

          


  



Cordum




  AI Agent Governance Control Plan


  Deploy autonomous agents with built-in safety, observability, and control.





  

  

  

  



---

## The Problem

AI agents are powerful. They're also unpredictable.

Teams deploying agents in production face the **Trust Gap**: the distance between what an agent *can* do and what you're *confident* letting it do unsupervised.

Without governance, you're flying blind:

- No visibility into what agents are doing

- No safety rails before dangerous actions

- No audit trail when things go wrong

- No way to require human approval for sensitive operations

## The Solution

Cordum is a **control plane for AI agents** that closes the Trust Gap.

![Cordum control plane](./Screenshot%202026-01-23%20162612.png)

```

┌─────────────────────────────────────────────────────────────────┐

│                         Cordum                                  │

│                                                                 │

│  ┌──────────┐   ┌──────────┐   ┌──────────┐   ┌──────────────┐ │

│  │   API    │──▶│ Scheduler│──▶│  Safety  │──▶│ Worker Pools │ │

│  │ Gateway  │   │          │   │  Kernel  │   │              │ │

│  └──────────┘   └──────────┘   └──────────┘   └──────────────┘ │

│       │              │              │                │         │

│       ▼              ▼              ▼                ▼         │

│  [Dashboard]    [Workflows]    [Policies]      [Your Agents]   │

└─────────────────────────────────────────────────────────────────┘

```

**What Cordum does:**

- **Safety Kernel** — Policy checks (allow/deny/throttle/human-approve) before any job runs

- **Workflow Engine** — Orchestrate multi-step agent workflows with retries, approvals, and timeouts

- **Job Routing** — Distribute work across agent pools with capability-based routing

- **Observability** — Full audit trail, traces, and real-time dashboard

- **Human-in-the-Loop** — Require approval for sensitive operations

## Quickstart

**Prerequisites:** Docker, Docker Compose

```bash

# Clone the repo

git clone https://github.com/cordum-io/cordum.git

cd cordum

# Start everything

docker compose up -d

# Open dashboard

open http://localhost:8082

```

**Run the smoke test:**

```bash

./tools/scripts/platform_smoke.sh

```

That's it. You have a running Cordum instance with API, scheduler, safety kernel, and dashboard.

## How It Works

Cordum uses [CAP (Cordum Agent Protocol)](https://github.com/cordum-io/cap) for all agent communication:

1. **Submit** — Client submits a job via API

2. **Safety Check** — Scheduler asks Safety Kernel: allow, deny, throttle, or require approval?

3. **Dispatch** — Approved jobs route to the right worker pool via NATS

4. **Execute** — Your agent runs the job (using MCP, LangChain, whatever)

5. **Result** — Agent returns result; Cordum updates state and notifies client

```

Client ──▶ API ──▶ Scheduler ──▶ Safety Kernel ──▶ NATS ──▶ Agent Pool

                       │                              │

                       ▼                              ▼

                  [Redis State]                 [Your Agents]

```

**Key design choices:**

- **Payloads stay off the bus** — `context_ptr` and `result_ptr` reference Redis/S3, keeping the message bus lean

- **Protocol-first** — CAP is an independent spec; Cordum is the reference implementation

- **Workers are external** — Cordum is the control plane; your agents run wherever you want

## Key Features

| Feature | Description |

|---------|-------------|

| **Safety Policies** | Define rules for what agents can/can't do. Enforce before execution. |

| **Human Approval** | Flag sensitive jobs for manual review before they run. |

| **Workflows** | Multi-step DAGs with fan-out, retries, delays, and conditions. |

| **Pool Routing** | Route jobs by capability, region, or custom tags. |

| **Heartbeats** | Know which agents are alive, their capacity, and load. |

| **Audit Trail** | Every job, decision, and result logged and queryable. |

| **Dashboard** | Real-time UI for workflows, jobs, approvals, and policies. |

| **Multi-tenant** | API keys with RBAC for teams and environments. |

## Architecture

```

cordum/

├── cmd/                          # Service entrypoints + CLI

│   ├── cordum-api-gateway/       # API gateway (HTTP/WS + gRPC)

│   ├── cordum-scheduler/         # Scheduler + safety gating

│   ├── cordum-safety-kernel/     # Policy evaluation

│   ├── cordum-workflow-engine/   # Workflow orchestration

│   ├── cordum-context-engine/    # Optional context/memory service

│   └── cordumctl/                # CLI

├── core/                         # Core libraries

│   ├── controlplane/             # Gateway, scheduler, safety kernel

│   ├── context/                  # Context engine implementation

│   ├── infra/                    # Config, storage, bus, metrics

│   ├── protocol/                 # API protos + CAP aliases

│   └── workflow/                 # Workflow engine

├── dashboard/                    # React UI

├── sdk/                          # SDK + worker runtime

├── cordum-helm/                  # Helm chart

├── deploy/k8s/                   # Kubernetes manifests

└── docs/                         # Documentation

```

## Documentation

| Doc | Description |

|-----|-------------|

| [System Overview](docs/system_overview.md) | Architecture and data flow |

| [Core Reference](docs/CORE.MD) | Deep technical details |

| [Docker Guide](docs/DOCKER.md) | Running with Compose |

| [Agent Protocol](docs/AGENT_PROTOCOL.md) | CAP bus + pointer semantics |

| [Pack Format](docs/pack.md) | How to package agent capabilities |

| [Local E2E](docs/LOCAL_E2E.md) | Full local walkthrough |

## Protocol: CAP

Cordum implements [CAP (Cordum Agent Protocol)](https://github.com/cordum-io/cap) — an open protocol for distributed AI agent orchestration.

**CAP vs MCP:**

- **MCP** = tool-calling protocol for a single model

- **CAP** = job protocol for distributed agent clusters

They're complementary. Use CAP for orchestration, MCP inside your agents for tools.

Read more: [MCP vs CAP: Why Your AI Agents Need Both Protocols](https://dev.to/yaron_torgeman_104570d968/-mcp-vs-cap-why-your-ai-agents-need-both-protocols-3g4l)

## SDK

The Go SDK makes it easy to build CAP-compatible workers:

```go

import (

    "log"

    "github.com/cordum/cordum/sdk/runtime"

)

type Input struct {

    Prompt string `json:"prompt"`

}

type Output struct {

    Summary string `json:"summary"`

}

func main() {

    agent := &runtime.Agent{Retries: 2}

    runtime.Register(agent, "job.summarize", func(ctx runtime.Context, input Input) (Output, error) {

        // Your agent logic here

        return Output{Summary: input.Prompt}, nil

    })

    if err := agent.Start(); err != nil {

        log.Fatal(err)

    }

    select {}

}

```

SDKs: **Go** (stable) | Python (coming soon) | Node (coming soon)

## Community

- **Discord:** [Join the conversation](https://discord.gg/HGGHbU26)

- **GitHub Discussions:** [Ask questions](https://github.com/cordum-io/cordum/discussions)

- **Twitter/X:** [@coraboratedai](https://x.com/Cordum_io)

- **Email:** [admin@cordum.io](mailto:admin@cordum.io)

## Enterprise

Cordum Enterprise adds:

- SSO/SAML integration

- Advanced RBAC

- SIEM export

- Priority support

[Contact us](mailto:admin@cordum.io) for pricing.

## Governance

Cordum follows a transparent governance model with a protocol stability pledge, maintainer structure, and clear decision-making process. See [GOVERNANCE.md](GOVERNANCE.md) for details including:

- **Protocol Stability**: CAP v2 wire format frozen until February 2027

- **Security**: [SECURITY.md](SECURITY.md) for vulnerability reporting

- **Versioning**: Semantic versioning with deprecation policy

## Contributing

We welcome contributions! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.

## License

Licensed under [Business Source License 1.1 (BUSL-1.1)](LICENSE). 

Free for self-hosted and internal use. Not permitted for competing hosted/managed offerings. See LICENSE for details and Change Date.

---



  Ready to govern your AI agents?


  cordum.io · CAP Protocol · Discord





  ⭐ Star this repo if Cordum helps you deploy agents safely