Skip to content
C
Cordum
Request AccessTalk to Sales
Launch Post

Introducing Cordum.

A deterministic control plane for autonomous workflows with policy decisions, approvals, and an append-only audit trail.

Jan 10, 2026
6 min read
Cordum Team
TL;DR

Cordum is a deterministic control plane for autonomous operations. It evaluates every job with a Safety Kernel, gates risky actions with approvals, and records a complete audit trail so teams can prove what happened and why.

Every job is evaluated before dispatch, with an explicit policy decision.
Approvals and constraints keep risky actions safe without blocking the safe path.
The core is stable. Domain logic ships as installable packs.
Table of Contents

Why now: Autonomous workflows are already touching production, but most teams do not have a reliable way to govern them. The risk is not the model; the risk is uncontrolled execution. That is the gap Cordum closes.

Why we built Cordum

Operations teams are moving faster than ever, and autonomous workflows are already automating work that used to require a human. But most of these workflows are held together by scripts and ad-hoc approvals that do not scale.

Cordum is built for a single purpose: make autonomous workflows safe and auditable without slowing the safe path. We want teams to ship autonomy to production without losing control.

What it is

Cordum is a deterministic control plane for autonomous workflows. It runs on NATS for the bus and Redis for state, with a Safety Kernel that evaluates every job before dispatch, and a workflow engine that orchestrates runs, approvals, and retries.

The core is intentionally boring: schedules, state, approvals, and audit trail. Domain logic lives in packs, not in the core.

Safety Kernel

The Safety Kernel is the policy decision point. It returns ALLOW, DENY, REQUIRE_APPROVAL, or ALLOW_WITH_CONSTRAINTS. Decisions are bound to a policy snapshot and recorded with a reason.

Approvals are explicit and tied to the exact job hash. Constraints keep risky actions within safe bounds like max runtime, diff size, or network egress allowlists.

Workflow Engine

Workflows are explicit DAGs. Runs emit a timeline of step states, approvals, and results. The engine can pause, retry, or resume a run without losing context.

workflow.yaml
name: incident-triage
steps:
  triage:
    type: worker
    topic: job.incident.enrich
    
  approval:
    type: approval
    depends_on: [triage]
    reason: "Review before remediation"
    
  remediate:
    type: worker
    topic: job.incident.remediate
    depends_on: [approval]
    constraints:
      max_lines_changed: 500
      max_runtime_sec: 900

Packs

Packs are how domain logic ships. Packs install workflow definitions, schemas, and policy overlays. Install does not execute code; you deploy workers separately on your own schedule.

This keeps the core stable while letting teams iterate on domain logic quickly. It is safe to upgrade core without rewiring every workflow.

Source-available by default

Cordum is source-available so you can inspect the control plane before it touches production. You can run and modify it for internal use. Hosted or resale use cases require a commercial agreement.

See /legal/license for full terms.

What is next

  • Policy Studio: Draft, simulate, publish, and rollback.
  • Approval Inbox: Batch actions and safer defaults.
  • Pack Registry: Signed pack bundles.
  • SDKs: More worker templates.

Get started

Request source access, run the Docker quickstart, and explore the dashboard. If you need enterprise controls or support, talk to the team.

Read more

AI governance in production: policy-first control planes
Read Article
Policy-as-code for AI workflows
Read Article
Approvals for autonomous workflows: fast human gates
Read Article