Govern Claude Code before risky actions run.
Deny dangerous shell commands, require approval for production changes, and export redacted audit evidence without storing raw prompts or secrets.
- Shell and file action hooks
- Approval-bound retries
- Redacted evidence
Held before execution
An authorized reviewer can approve or reject this exact action hash.
Raw prompts and secrets are not shown in this evidence view.
Policy at the moment an action becomes risky.
These examples are from the included demo policy. Your deployed rules remain the authority.
Included demo policy
ALLOW
Known-safe tests and repository inspection can continue without an approval prompt.
Included demo policy
DENY
Credential reads and explicitly forbidden paths stop at the hook boundary.
Included demo policy
REQUIRE_APPROVAL
Guarded source writes pause until an authorized reviewer decides.
Policy capability
CONSTRAIN
Policy can bound network, path, or action scope instead of granting a blanket allow.
A policy boundary between intent and execution.
Claude Code remains the developer experience; Cordum supplies the decision and evidence path.
- 01
Claude proposes
A PreToolUse hook emits a bounded action envelope before the tool runs.
- 02
agentd classifies
Local agentd redacts sensitive fields and maps the action to policy intent.
- 03
Safety Kernel decides
Gateway policy returns allow, deny, approval, throttle, or constraints.
- 04
Reviewer decides
Approval binds to the exact tenant, requester, action, and input hash.
- 05
Evidence remains
The session timeline keeps redacted descriptors, hashes, and decision context.
Developer path
Launch Claude Code through Cordum Edge
Point the wrapper at your local Gateway, verify the resolved config, and use the included demo policy before changing enforcement rules.
- 1Configure Gateway accessSet the HTTPS Gateway URL, CA certificate, API key, and tenant.
- 2Launch the wrapperRun cordumctl edge claude with Claude arguments after --.
- 3Verify decisionsReview policy and approval evidence in Cordum.
export CORDUM_GATEWAY=https://localhost:8081 export CORDUM_TLS_CA=./certs/ca/ca.crt export CORDUM_API_KEY="replace-with-your-api-key" export CORDUM_TENANT_ID=default cordumctl edge claude -- --print "summarize this repo"
Local convenience is not fleet enforcement.
The wrapper makes evaluation and demos concrete, but an unmanaged developer can still launch another binary or remove local settings.
- Deploy administrator-managed Claude Code settings for team enforcement.
- Control endpoint permissions and verify hook and agentd binaries.
- Bootstrap credentials through a service or keychain, not checked-in settings.
Frequently Asked Questions
Does Cordum store raw Claude prompts?
Can developers bypass the local wrapper?
Which actions are blocked by default?
Put a decision in front of the next risky command.
Start with the documented Claude Code path, then plan managed rollout controls with your security and endpoint teams.