How to Govern LlamaIndex Agents
LlamaIndex agents query data, call tools, and act on retrieval results. Cordum governs the action layer with policy checks before every tool invocation.
The problem with ungoverned LlamaIndex agents
- LlamaIndex agents combine retrieval with tool use. A query engine retrieves context and acts on it with no policy check in between.
- Custom tool specs define what agents can do but there is no declarative way to restrict when.
- Sub-question query engines decompose requests into steps. Each triggers tool calls without governance.
- Observability integrations show what happened. They do not enforce what should happen.
How Cordum governs LlamaIndex
Submit LlamaIndex tasks to Cordum
Route agent and query engine tasks as Cordum jobs. Safety Kernel evaluates tool access and data source permissions.
const job = {
type: "llamaindex.agent.run",
payload: {
agent: "data-analyst",
tools: ["sql-query", "chart-generate", "report-export"],
dataSources: ["sales-db", "analytics-warehouse"],
query: userQuery,
},
};
await cordumClient.jobs.submit(job);Govern data source access
Define policies controlling which data sources an agent can query based on user role and data classification.
Constrain tool execution scope
ALLOW_WITH_CONSTRAINTS to let agents query data but restrict writes, limit exports, or cap record counts.
Audit retrieval-to-action chains
Track the full chain from retrieval to action: what was retrieved, what policy evaluated, what action allowed.
LlamaIndex native vs Cordum governance
| Area | LlamaIndex Native | With Cordum |
|---|---|---|
| Pre-action policy check | Tools execute when called | Safety Kernel evaluates before tool execution |
| Data source access control | Per-tool implementation | Declarative per-source policies |
| Query decomposition governance | No inter-step checks | Policy check at each step |
| Approval workflows | None | REQUIRE_APPROVAL with configurable routing |
| Audit trail | Callbacks/LlamaTrace (observability) | Policy decision log + execution timeline |
FAQ
Does Cordum work with LlamaIndex query engines too?
Yes. Any component that triggers tool calls or external actions can be governed.
Can I restrict which indices an agent can query?
Yes. Policies match on data source identifiers per user role.
Related guides
Ready to govern your LlamaIndex agents?
Start with the open-source Cordum platform. Add policies, approvals, and audit trails in minutes.