How to Govern LangChain Agents
LangChain makes it easy to build agents. It does not make it easy to control what those agents do in production. Cordum adds pre-dispatch governance without touching your chain logic.
The problem with ungoverned LangChain agents
- LangChain callbacks fire after tool execution. You see what happened, not what is about to happen. No native pre-dispatch checkpoint.
- Custom middleware for approvals means every team builds its own. No standard policy format, no shared audit trail.
- ReAct loops can chain 20+ tool calls. Without governance, one bad reasoning step cascades into real-world side effects.
- When compliance asks which policy allowed this agent to send that email, grep-ing callback logs is not a satisfying answer.
How Cordum governs LangChain
Route agent jobs through Cordum
Submit LangChain agent tasks as Cordum jobs via CAP v2. The Safety Kernel evaluates every job against your policy bundle before dispatch.
// Submit a LangChain agent job
const job = {
type: "langchain.agent.run",
payload: {
chain: "research-assistant",
input: userQuery,
tools: ["web-search", "email-send", "db-write"],
},
};
await cordumClient.jobs.submit(job);Define policies for tool access
Restrict which tools a LangChain agent can invoke based on user role, input classification, or time of day. Policies are version-controlled and hot-reloaded.
# cordum-policy.yaml
rules:
- name: restrict-email-send
match:
tools_contains: "email-send"
action: REQUIRE_APPROVAL
- name: block-db-write-after-hours
match:
tools_contains: "db-write"
time_after: "18:00"
action: DENYApprove or constrain high-risk actions
REQUIRE_APPROVAL pauses execution until an approver acts. ALLOW_WITH_CONSTRAINTS scopes the action.
Audit every decision
Every policy evaluation, approval, and result in a queryable run timeline.
LangChain native vs Cordum governance
| Area | LangChain Native | With Cordum |
|---|---|---|
| Pre-dispatch policy check | Callbacks are post-execution hooks | Safety Kernel evaluates before dispatch |
| Approval workflows | Must build custom | Built-in with policy-linked approvers |
| Tool-level access control | Per-chain code changes | Declarative policy rules, hot-reloaded |
| Audit trail | Callback logs (unstructured) | Structured run timeline with policy evidence |
| Output safety | None | Post-execution ALLOW / REDACT / QUARANTINE |
| Constrained execution | Binary allow/deny only | ALLOW_WITH_CONSTRAINTS for scoped actions |
FAQ
Do I need to rewrite my LangChain chains?
No. Your LangChain code runs inside a Cordum worker.
Can Cordum govern LangGraph agents too?
Yes. LangGraph runs are submitted as jobs.
What happens if an approval times out?
The job moves to the DLQ. Configure auto-deny or auto-escalate.
Related guides
Ready to govern your LangChain agents?
Start with the open-source Cordum platform. Add policies, approvals, and audit trails in minutes.