Safety Kernel

Definition

A safety kernel is the policy decision point of an agent control plane — a dedicated service that evaluates every agent action before dispatch and returns a decision such as ALLOW, DENY, REQUIRE_APPROVAL, or ALLOW_WITH_CONSTRAINTS.

How it works

In Cordum, the Safety Kernel is a gRPC decision engine the scheduler calls before dispatching any job. It evaluates the action against versioned policy rules — matching on tenant, topic, capabilities, risk tags, actor identity, and MCP tool context — and returns a normalized decision. Because the scheduler treats the kernel as part of the hot path, it uses short client timeouts and a circuit breaker to protect throughput, with an optional decision cache to avoid re-evaluating identical requests.

The decision set

Decisions are normalized to a small, deterministic set: ALLOW lets the job proceed; DENY blocks it and returns a reason to the caller; REQUIRE_APPROVAL holds the job in a human approval queue; and ALLOW_WITH_CONSTRAINTS lets it proceed with scope, rate, or redaction limits attached. A throttle decision is also available when a velocity rule's rate budget is exhausted. Output policy is evaluated separately, after execution, and can allow, redact, or quarantine a result before it returns to the caller.

Frequently asked questions

Related reading

• The Decision Types Every AI Agent Needs
• Policy-Before-Dispatch
• Agent Control Plane
• Cordum Product Overview