Action firewall for Claude Code and edge agents.
Put a policy, approval, and evidence boundary before local AI-agent actions execute — starting with Claude Code, extending through CordClaw for OpenClaw.
git status --short?? infra/secrets.env
kubectl apply -f infra/prod.yamlReason: Production write detected
Reference: edge_apr_7k2
One Edge surface
One Edge boundary, adapted to the agent runtime.
Start with Claude Code command-hook governance or use CordClaw for OpenClaw. Claude Edge sends decisions into Cordum today; CordClaw enforces locally while its connected evidence path remains planned.
Available today
Claude Edge
Launch Claude Code through Cordum so risky Bash, file, config, and tool actions are evaluated before execution.
OpenClaw adapter
CordClaw
Use the CordClaw adapter for OpenClaw policy profiles, local simulation, and audit guidance under the same Edge model.
Runtime path
The agent can think freely. Actions cross a governed boundary.
Hook
Claude Code or an edge adapter emits a bounded action envelope before the tool executes.
Classify
Cordum maps tool intent, redacts sensitive fields, and hashes evidence for replay-safe decisions.
Decide
Gateway and Safety Kernel return allow, deny, require approval, throttle, or constrain.
Prove
Sessions, executions, action events, approvals, and artifact pointers form the audit trail.
Claude Edge
Start a governed Claude Code session without changing how developers work.
cordumctl edge claude launches Claude Code with generated command-hook settings. The hook talks to local cordum-agentd; agentd calls the Gateway; Safety Kernel owns the decision.
- ALLOW known-safe actions without interrupting flow
- DENY destructive or policy-breaking commands
- REQUIRE_APPROVAL with retry-safe action/input hashes
- CONSTRAIN actions with policy-defined limits
- Export redacted evidence instead of raw prompts or secrets
# With Cordum Gateway running locally export CORDUM_GATEWAY=https://localhost:8081 export CORDUM_TLS_CA=./certs/ca/ca.crt export CORDUM_API_KEY="replace-with-your-api-key" export CORDUM_TENANT_ID=default cordumctl edge claude -- --print "summarize this repo" # Verify local prerequisites without launching Claude cordumctl edge doctor --json
Quiet in observe mode. Decisive in strict mode.
Cordum Edge supports adoption without pretending a local developer wrapper is fleet enforcement. Start with visibility, add local risk gates, then enforce with managed settings and endpoint controls.
Why it matters
Edge evidence connects local agent behavior to the control plane.
Two enforcement paths
Claude Edge uses Gateway and Safety Kernel decisions. CordClaw currently enforces through its local plugin and daemon; the connected job path remains planned.
Session hierarchy
EdgeSession → AgentExecution → AgentActionEvent gives reviewers a readable evidence chain.
No raw secrets
Events carry redacted summaries, stable hashes, and artifact pointers instead of raw prompts or keys.
Adapter roadmap
CordClaw is one adapter under Edge. Claude is the first hero path; more local agents can join the same model.
Govern the next Claude Code session before the risky tool runs.
Use the documented developer path for a local session, then add managed settings, endpoint controls, and trusted binaries for fleet enforcement.