Skip to content
Cordum Edge

Action firewall for Claude Code and edge agents.

Put a policy, approval, and evidence boundary before local AI-agent actions execute — starting with Claude Code, extending through CordClaw for OpenClaw.

Command hooks
Policy decisions
Audit evidence
SESSION ACTIVE
Claude Code
cordumctl edge claude -- "deploy the production stack"
mode: enforce · session evidence: redacted
Claude
I'll start by checking the current deployment status, then I'll apply the new configuration to production.
BASHgit status --short
Allowed
M infra/prod.yaml
?? infra/secrets.env
BASHkubectl apply -f infra/prod.yaml
Review
Cordum Edge: Action Paused

Reason: Production write detected
Reference: edge_apr_7k2

Waiting for human approval...
Claude is thinking...
Illustrative interface
Example policy hold
Press Enter to interrupt

One Edge surface

One Edge boundary, adapted to the agent runtime.

Start with Claude Code command-hook governance or use CordClaw for OpenClaw. Claude Edge sends decisions into Cordum today; CordClaw enforces locally while its connected evidence path remains planned.

Runtime path

The agent can think freely. Actions cross a governed boundary.

01

Hook

Claude Code or an edge adapter emits a bounded action envelope before the tool executes.

02

Classify

Cordum maps tool intent, redacts sensitive fields, and hashes evidence for replay-safe decisions.

03

Decide

Gateway and Safety Kernel return allow, deny, require approval, throttle, or constrain.

04

Prove

Sessions, executions, action events, approvals, and artifact pointers form the audit trail.

Claude Edge

Start a governed Claude Code session without changing how developers work.

cordumctl edge claude launches Claude Code with generated command-hook settings. The hook talks to local cordum-agentd; agentd calls the Gateway; Safety Kernel owns the decision.

  • ALLOW known-safe actions without interrupting flow
  • DENY destructive or policy-breaking commands
  • REQUIRE_APPROVAL with retry-safe action/input hashes
  • CONSTRAIN actions with policy-defined limits
  • Export redacted evidence instead of raw prompts or secrets
Claude Edge quickstart
bash
# With Cordum Gateway running locally
export CORDUM_GATEWAY=https://localhost:8081
export CORDUM_TLS_CA=./certs/ca/ca.crt
export CORDUM_API_KEY="replace-with-your-api-key"
export CORDUM_TENANT_ID=default
cordumctl edge claude -- --print "summarize this repo"

# Verify local prerequisites without launching Claude
cordumctl edge doctor --json
Deployment posture

Quiet in observe mode. Decisive in strict mode.

Cordum Edge supports adoption without pretending a local developer wrapper is fleet enforcement. Start with visibility, add local risk gates, then enforce with managed settings and endpoint controls.

observe
Discovery visibility
Allows degraded actions while preserving evidence.
enforce
Local risk gates
Known-safe actions pass; risky or unknown actions stop.
enterprise-strict
Managed rollout
Fails closed when governance is unavailable.

Why it matters

Edge evidence connects local agent behavior to the control plane.

Two enforcement paths

Claude Edge uses Gateway and Safety Kernel decisions. CordClaw currently enforces through its local plugin and daemon; the connected job path remains planned.

Session hierarchy

EdgeSession → AgentExecution → AgentActionEvent gives reviewers a readable evidence chain.

No raw secrets

Events carry redacted summaries, stable hashes, and artifact pointers instead of raw prompts or keys.

Adapter roadmap

CordClaw is one adapter under Edge. Claude is the first hero path; more local agents can join the same model.

Govern the next Claude Code session before the risky tool runs.

Use the documented developer path for a local session, then add managed settings, endpoint controls, and trusted binaries for fleet enforcement.