Skip to content
0.6.0 ReleasedStar us on GitHub
Cordum
Cordum
Product

The AI Agent Control Plane.

The missing layer between your agents and your infrastructure. Enforce policy, require approval, and record every action.

Safety KernelWorkflow EngineSchedulerBackbonePacks

Safety Kernel: Pre-Execution Governance.

The policy decision point for every agent action. If the policy doesn't allow it, the packet never leaves the kernel.

  • Real-time Policy
    Decisions in < 5ms
  • Human Gates
    Approval required for risky work
  • Constraint Logic
    Budgets, deny-paths, limits
  • Policy Simulation
    Test rules before they go live
safety-policy.yaml
rules:
  - name: prod-write-approval
    match:
      risk_tags: [prod, write]
    decision: REQUIRE_APPROVAL
    reason: "Production write detected"

  - name: kubectl-constraints
    match:
      capability: kubectl
    decision: ALLOW_WITH_CONSTRAINTS
    constraints:
      deny_paths: ["/kube-system/*"]
      max_runtime: 300s
incident-response.yaml
name: triage
steps:
  collect:
    type: worker
    topic: job.sre.collect
  
  approval:
    type: approval
    depends_on: [collect]
    
  remediate:
    type: worker
    topic: job.sre.patch
    depends_on: [approval]

Workflow Engine: DAG Orchestration.

Coordinate complex multi-agent sequences with explicit dependencies, retries, and failure semantics.

  • DAG Execution
    Parallel step orchestration
  • Schema Validation
    I/O contract enforcement
  • Saga Rollback
    Automatic undo on failure
  • Run Timeline
    Append-only audit records

Scheduler: Intelligent Routing.

The scheduler that knows when to stop. Least-loaded worker selection with capability-based routing and overload protection.

  • Least-Loaded
    Optimal worker scoring
  • Capability Filter
    Route to specialized tools
  • Backpressure
    Avoid worker exhaustion
  • Reconciler
    Detect and mark stale jobs
// Least-loaded scoring
score = active_jobs + (cpu_load/100) + (gpu_util/100)
// Capability filtering
job.requires = [kubectl, gpu]
worker.capabilities = [kubectl, s3, net:egress]
→ Capability Mismatch
Go
Statically linked binaries
NATS
Durable JetStream events
Redis
Pointer-based state store
Protobuf
Strict wire contracts

Backbone: Built for Production.

No Python glue. No side-cars. Just high-performance Go binaries and a durable event bus.

  • At-least-once delivery with NATS JetStream
  • Per-job locks for strict idempotency
  • Dead Letter Queue (DLQ) for failed actions
  • Prometheus-native metrics and structured logs

Packs: Extensibility Reimagined.

Install AI agents, workflows, and policy overlays without touching the core control plane. Declarative and safe.

  • Declarative pack.yaml for metadata and topics
  • Bundle schemas, workflows, and policy overlays
  • Verify pack integrity before installation
  • Soft uninstall preserves data while disabling routing
Explore Pack Docs
API
Pack Registry
incident-enricher
Installed
kubernetes-ops
Installed
github-agent
Installed
security-scanner
Installed

Enterprise Governance

For organizations that require advanced compliance, SSO, and dedicated support SLAs.

SSO / SAML
Advanced RBAC
SIEM Export
Book a DemoView Pricing

Ready to add policy to your agents?

Get Cordum running locally in under five minutes. No credit card required.

Try the QuickstartView on GitHub