Skip to content
0.6.0 ReleasedStar us on GitHub
Cordum
Cordum
Launch Post

Introducing Cordum.

The control plane for autonomous AI agents with policy decisions, approvals, and an append-only audit trail.

Jan 10, 2026
6 min read
Cordum Team
TL;DR

Cordum is the control plane for autonomous AI agents. It evaluates every job with a Safety Kernel, gates risky actions with approvals, and records a complete audit trail so teams can prove what happened and why.

Every job is evaluated before dispatch, with an explicit policy decision.
Approvals and constraints keep risky actions safe without blocking the safe path.
The core is stable. Domain logic ships as installable packs.
Table of Contents

Why now: Autonomous AI agents are already touching production, but most teams do not have a reliable way to govern them. The risk is not the model; the risk is uncontrolled execution. That is the gap Cordum closes.

Why we built Cordum

Operations teams are moving faster than ever, and autonomous AI agents are already automating work that used to require a human. But most of these agents are held together by scripts and ad-hoc approvals that do not scale.

Cordum is built for a single purpose: make autonomous AI agents safe and auditable without slowing the safe path. We want teams to ship autonomy to production without losing control.

What it is

Cordum is the control plane for autonomous AI agents. It runs on NATS for the bus and Redis for state, with a Safety Kernel that evaluates every job before dispatch, and a workflow engine that orchestrates runs, approvals, and retries.

The core is intentionally boring: schedules, state, approvals, and audit trail. Domain logic lives in packs, not in the core.

Safety Kernel

The Safety Kernel is the policy decision point. It returns ALLOW, DENY, REQUIRE_APPROVAL, or ALLOW_WITH_CONSTRAINTS. Decisions are bound to a policy snapshot and recorded with a reason.

Approvals are explicit and tied to the exact job hash. Constraints keep risky actions within safe bounds like max runtime, diff size, or network egress allowlists.

Workflow Engine

Workflows are explicit DAGs. Runs emit a timeline of step states, approvals, and results. The engine can pause, retry, or resume a run without losing context.

workflow.yaml
name: incident-triage
steps:
  triage:
    type: worker
    topic: job.incident.enrich
    
  approval:
    type: approval
    depends_on: [triage]
    reason: "Review before remediation"
    
  remediate:
    type: worker
    topic: job.incident.remediate
    depends_on: [approval]
    constraints:
      max_lines_changed: 500
      max_runtime_sec: 900

Packs

Packs are how domain logic ships. Packs install workflow definitions, schemas, and policy overlays. Install does not execute code; you deploy workers separately on your own schedule.

This keeps the core stable while letting teams iterate on domain logic quickly. It is safe to upgrade core without rewiring every workflow.

BUSL-1.1 by default

Cordum uses the Business Source License (BUSL-1.1) so you can inspect the control plane before it touches production. You can run and modify it for internal use. Hosted or resale use cases require a commercial agreement.

See /legal/license for full terms.

What is next

  • Policy Studio: Draft, simulate, publish, and rollback.
  • Approval Inbox: Batch actions and safer defaults.
  • Pack Registry: Signed pack bundles.
  • SDKs: More worker templates.

Get started

Clone the repo, run the Docker quickstart, and explore the dashboard. If you need enterprise controls or support, talk to the team.

Read more

Temporal vs Cordum: reliability models for autonomous AI agents
Read Article
CAP protocol capabilities: reliable jobs, heartbeats, and rollback
Read Article
How to Add Governance to Model Context Protocol (MCP) Servers
Read Article