AI Skill Hub 推荐使用:cordum MCP工具 是一款优质的AI工具。AI 综合评分 7.8 分,在同类工具中表现稳健。如果你正在寻找可靠的AI工具解决方案,这是一个值得深入了解的选择。
cordum MCP工具 是一款基于 Go 开发的开源工具,专注于 智能体治理、MCP协议、AI编排 等核心功能。作为 GitHub 开源项目,它拥有活跃的社区支持和持续的版本迭代,代码完全透明可审计,支持本地部署以保护数据隐私。无论是个人使用还是集成到企业工作流,都能提供稳定可靠的解决方案。
cordum MCP工具 是一款基于 Go 开发的开源工具,专注于 智能体治理、MCP协议、AI编排 等核心功能。作为 GitHub 开源项目,它拥有活跃的社区支持和持续的版本迭代,代码完全透明可审计,支持本地部署以保护数据隐私。无论是个人使用还是集成到企业工作流,都能提供稳定可靠的解决方案。
# 方式一:go install(推荐) go install github.com/cordum-io/cordum@latest # 方式二:从源码编译 git clone https://github.com/cordum-io/cordum cd cordum go build -o cordum . # 方式三:下载预编译二进制 # 访问 Releases 页面下载对应平台二进制文件 # https://github.com/cordum-io/cordum/releases
# 查看帮助 cordum --help # 基本运行 cordum [options] <input> # 详细使用说明请查阅文档 # https://github.com/cordum-io/cordum
# cordum 配置说明 # 查看配置选项 cordum --config-example > config.yml # 常见配置项 # output_dir: ./output # log_level: info # workers: 4 # 环境变量(覆盖配置文件) export CORDUM_CONFIG="/path/to/config.yml"
<p align="center"> <img src="dashboard/public/logo.png" alt="Cordum" width="200"/> </p>
<p align="center"> <a href="https://artifacthub.io/packages/helm/cordum/cordum"><img src="https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/cordum" alt="Artifact Hub" /></a> </p>
<p align="center"> <strong>Know What Your AI Agents Are Doing. Before They Do It.</strong><br/> The Source-Available <strong>Agent Control Plane</strong> for Governance, Safety, and Trust.<br/> <em>Includes <strong>Cordum Edge</strong> — a Compliance Firewall for Claude Code and other local AI-agent actions.</em> </p>
<p align="center"> <a href="https://github.com/cordum-io/cordum/stargazers"><img src="https://img.shields.io/github/stars/cordum-io/cordum?style=social" alt="Stars"/></a> <a href="https://github.com/cordum-io/cordum/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-BUSL--1.1-blue" alt="License"/></a> <a href="https://github.com/cordum-io/cordum/releases"><img src="https://img.shields.io/github/v/release/cordum-io/cordum?sort=semver" alt="Release"/></a> <a href="https://github.com/cordum-io/cordum/actions/workflows/ci.yml"><img src="https://github.com/cordum-io/cordum/actions/workflows/ci.yml/badge.svg" alt="CI"/></a> <a href="https://goreportcard.com/report/github.com/cordum-io/cordum"><img src="https://goreportcard.com/badge/github.com/cordum-io/cordum" alt="Go Report Card"/></a> <a href="https://discord.gg/nvHzPCcWWt"><img src="https://img.shields.io/badge/discord-join-5865F2?logo=discord&logoColor=white" alt="Discord"/></a> <a href="https://github.com/cordum-io/cap"><img src="https://img.shields.io/badge/protocol-CAP%20v2-green" alt="CAP Protocol"/></a> </p>
<p align="center"> <a href="https://discord.gg/nvHzPCcWWt">Discord</a> · <a href="https://github.com/cordum-io/cordum/discussions">Discussions</a> · <a href="docs/">Docs</a> </p>
---
| Governance Feature | Why It Matters for Enterprise |
|---|---|
| **Safety Gating** | Prevents agents from executing destructive or unauthorized actions *before* they occur. |
| **Output Quarantine** | Automatically blocks PII leaks, secrets, or hallucinated results from reaching the client. |
| **Human-in-the-Loop** | Mandates human oversight for high-risk operations (e.g., financial transfers, prod access). |
| **Pool Segmentation** | Ensures sensitive data only reaches agents in trusted environments. |
| **Deterministic Audit** | Prove exactly *why* a decision was made with a full chain-of-thought audit trail. |
| **Governance Policies** | Declarative YAML-based rules that map enterprise risk to agent behavior. |
| **Policy Simulator** | Test your governance rules against historical data before rolling them out to production. |
| **Cordum Edge** | Compliance Firewall for local AI-agent actions (Claude Code today, more agents next): hook → local agentd → Gateway evaluate → resolved approval provenance → redacted evidence export. See [docs/edge/README.md](docs/edge/README.md). |
helm install cordum oci://ghcr.io/cordum-io/cordum/charts/cordum \
--namespace cordum --create-namespace \
--set secrets.apiKey=$(openssl rand -hex 32) \
--set redis.auth.password=$(openssl rand -hex 32) \
--set ingress.enabled=true \
--set ingress.className=nginx \
--set ingress.api.host=api.cordum.example.com \
--set ingress.dashboard.host=cordum.example.com
See cordum-helm/ for the full Helm chart reference. Chart also available on Artifact Hub.
Container images (multi-arch: linux/amd64 + linux/arm64):
| Image | GHCR | Docker Hub |
|---|---|---|
api-gateway | [ghcr.io/cordum-io/cordum/api-gateway](https://github.com/cordum-io/cordum/pkgs/container/cordum%2Fapi-gateway) | [cordum/api-gateway](https://hub.docker.com/r/cordum/api-gateway) |
scheduler | ghcr.io/cordum-io/cordum/scheduler | [cordum/scheduler](https://hub.docker.com/r/cordum/scheduler) |
safety-kernel | ghcr.io/cordum-io/cordum/safety-kernel | [cordum/safety-kernel](https://hub.docker.com/r/cordum/safety-kernel) |
workflow-engine | ghcr.io/cordum-io/cordum/workflow-engine | [cordum/workflow-engine](https://hub.docker.com/r/cordum/workflow-engine) |
context-engine | ghcr.io/cordum-io/cordum/context-engine | [cordum/context-engine](https://hub.docker.com/r/cordum/context-engine) |
mcp | ghcr.io/cordum-io/cordum/mcp | cordum/mcp |
dashboard | ghcr.io/cordum-io/cordum/dashboard | [cordum/dashboard](https://hub.docker.com/r/cordum/dashboard) |
Full catalogue, tag policy, cosign verification recipe, and multi-arch notes: docs/deployment/images.md.
```bash
One command stands up the full stack — API gateway, scheduler, safety kernel, workflow engine, context engine, dashboard, NATS, and TLS-secured Redis — with auto-generated secrets, auto-provisioned certificates, and a post-deploy smoke test that exercises a real approval workflow:
git clone https://github.com/cordum-io/cordum.git
cd cordum
./tools/scripts/quickstart.sh
Prerequisites: Docker Desktop v4+ (or Engine v20.10+ with Compose v2, ≥ 4 GB RAM allocated), Go 1.24+ (for first-run cert generation), and curl. On Windows use MSYS2 / Git Bash / WSL.
What you get at the end: - Dashboard at http://localhost:8082 — log in as admin / ChangeMe123! (the default dev password, also saved to .env as CORDUM_ADMIN_PASSWORD; change it before exposing the stack). - Gateway at http://localhost:8081 with a generated CORDUM_API_KEY in .env. - TLS CA, server, and client keypairs under ./certs/. - A working approval-gate workflow proven by the built-in platform_smoke.sh run.
Full walkthrough, platform notes, and troubleshooting: docs/quickstart.md.
Cordum Edge governs Claude Code tool calls in the developer's terminal — the hook denies risky actions before they run, requires approval on edits, and exports a redacted evidence bundle for every session. Once the platform stack is up (above), point Claude Code at Cordum:
export CORDUM_GATEWAY=https://localhost:8081
export CORDUM_API_KEY=$(grep CORDUM_API_KEY .env | cut -d= -f2)
export CORDUM_TENANT_ID=default
./bin/cordumctl edge claude
The wrapper renders a temporary settings.json, spawns cordum-agentd on a local loopback nonce, and starts Claude Code with the command hook installed. Read .env is denied; Edit/Write requires approval; safe reads pass through untouched. The dashboard shows the live session timeline at /edge/sessions.
For approved destructive actions, Edge does not trust the approval store alone: the ProvenanceGate also requires a resolved approval audit event for the same tenant, approval_ref, and action_hash. An approval-requested event by itself does not satisfy provenance, and raw prompts, transcripts, and tool payloads are kept out of audit evidence.
Full 30-minute walkthrough: docs/quickstart-edge.md. Reference: docs/edge/README.md.
---
Once the stack is up, install the demo-quickstart pack and run the governance demo:
cordumctl pack install ./demo/quickstart/pack
cordumctl demo run quickstart
A single hello, operator! workflow fans out to three topics and exercises every safety-kernel decision class in under 30 seconds:
+--------------------+--------------------------+--------------------+---------
| Step | Topic | Verdict | Reason
+--------------------+--------------------------+--------------------+---------
| greet | job.demo-quickstart.greet | ALLOW | Safe…
| attempt_delete | job.demo-quickstart.delete-all | DENY | Block…
| escalate_admin | job.demo-quickstart.admin | REQUIRE_APPROVAL | Sign…
+--------------------+--------------------------+--------------------+---------
Full walkthrough, rule-by-rule explanation, and extension recipe: demo/quickstart/README.md.
export CORDUM_API_KEY="your-key-here" go run ./cmd/cordumctl up open http://localhost:8082 ``` </details>
The Go SDK makes it easy to build CAP-compatible workers:
import (
"log"
"github.com/cordum/cordum/sdk/runtime"
)
type Input struct {
Prompt string `json:"prompt"`
}
type Output struct {
Summary string `json:"summary"`
}
func main() {
agent := &runtime.Agent{Retries: 2}
runtime.Register(agent, "job.summarize", func(ctx runtime.Context, input Input) (Output, error) {
// Your agent logic here
return Output{Summary: input.Prompt}, nil
})
if err := agent.Start(); err != nil {
log.Fatal(err)
}
select {}
}
Extend Cordum with 30+ integration packs for Slack, GitHub, AWS, Jira, Terraform, Datadog, PagerDuty, and more. Each pack is a CAP-native worker with policy-gated workflows.
| Pack | Category | Description |
|---|---|---|
| Slack | Communication | Approval notifications and agent alerts |
| GitHub | DevOps | Govern agent actions on repositories |
| AWS | Cloud | Policy-gated cloud operations |
| Kubernetes | DevOps | Governed incident remediation |
| Terraform | DevOps | Pre-apply governance for IaC |
| Datadog | Monitoring | Alert-triggered governed workflows |
| LangChain | AI Framework | Governance for LangChain tool calls |
| MCP Bridge | AI Framework | Gateway governance for MCP tools |
While both are essential, they solve different parts of the agent stack:
| Protocol | Focus | Level | Responsibility |
|---|---|---|---|
| **MCP** (Model Context Protocol) | **Tool Calling** | Local | How a model interacts with a tool. |
| **CAP** (Cordum Agent Protocol) | **Governance** | Network | How an agent is governed within an enterprise. |
Use CAP for high-level orchestration and safety gating, and MCP inside your agents for fine-grained tool integration.
Read the full deep dive: MCP vs CAP: Why Your AI Agents Need Both Protocols
| Feature | Cordum | Guardrails AI | NeMo Guardrails | Custom Middleware |
|---|---|---|---|---|
| Pre-execution policy engine | ✅ Safety Kernel | ❌ Post-generation | ⚠️ Dialog rails only | ⚠️ Manual |
| Human-in-the-loop approvals | ✅ Built-in | ❌ | ❌ | ⚠️ DIY |
| Multi-agent fleet governance | ✅ | ❌ Single model | ❌ Single model | ❌ |
| Deterministic audit trail | ✅ | ❌ | ❌ | ⚠️ Manual |
| Framework agnostic | ✅ Any via CAP | ❌ Python only | ❌ NVIDIA stack | ❌ |
| MCP governance | ✅ Bridge + Gateway | ❌ | ❌ | ❌ |
| Local agent-action firewall | ✅ Cordum Edge (Claude Code hook today) | ❌ | ❌ | ⚠️ DIY |
| Issue | Fix |
|---|---|
| Port already in use | docker compose down then retry, or check lsof -i :8082 |
| Docker out of memory | Allocate at least 4 GB RAM to Docker Desktop |
| Can't login to dashboard | Default is admin / ChangeMe123! (in .env as CORDUM_ADMIN_PASSWORD); ensure CORDUM_USER_AUTH_ENABLED=true. Custom passwords must be ≥12 chars + uppercase + digit + special |
| TLS/SSL cert errors | Remove ./certs/ and re-run — certs auto-regenerate |
openssl not found | Not needed — quickstart.sh auto-generates keys without it |
| Go build fails | Requires Go 1.24+ — check with go version |
| Stale config after changes | redis-cli DEL cfg:system:default then restart |
For detailed troubleshooting, see docs/troubleshooting.md.
Cordum 是一个专为 AI Agent 设计的治理平台,旨在让开发者能够清晰掌控 AI 代理的行为。通过提供强大的监控与控制能力,Cordum 确保在 AI 代理执行任何操作之前,其行为都在预期的安全范围内,帮助企业实现对 AI 自动化流程的深度感知与管理。
Cordum 为企业级应用提供了核心治理功能。通过 Safety Gating(安全门控)机制,可以在破坏性或未经授权的操作��生前进行拦截;同时具备 Output Guardrails(输出护栏)功能,确保 AI 生成内容的合规性与质量。这些特性为 AI Agent 的落地提供了必要的安全保障。
在开始使用之前,请确保您的开发环境已安装 Docker Desktop v4+ 或 Docker Engine v20.10+(需包含 Compose v2 插件),并为 Docker 分配至少 4 GB 的 RAM。此外,建议安装 jq 工具,以便于解析 API 返回的 JSON 数据。
Cordum 支持通过 Helm 进行 Kubernetes 部署。您可以使用提供的 Helm Chart 快速安装,并通过命令行参数配置 secrets.apiKey、redis.auth.password 以及 Ingress 的域名设置。安装完成后,系统会自动处理证书与命名空间,确保生产环境的安全运行。
项目提供了极简的 Quickstart 脚本,只需运行 `./tools/scripts/quickstart.sh` 即可一键启动包含 API gateway、scheduler、safety kernel、workflow engine 及 Redis 在内的全栈环境。此外,Cordum 还支持 Edge 模式,作为 Claude Code 的合规防火墙,在开发者终端拦截高风险操作并导出审计证据。
用户可以通过编辑 .env 文件来配置关键参数,例如设置 CORDUM_API_KEY。对于本地开发调试,可以使用 cordumctl 工具进行管理,并通过指定的本地端口访问 Dashboard 界面进行实时监控与配置调整。
Cordum 提供了官方 Go SDK,方便开发者快速构建符合 CAP 标准的 Worker。通过集成 SDK,您可以轻松定义 Agent 的重试机制与运行逻辑,实现与 Cordum 治理框架的无缝对接,让自定义的 AI 逻辑也能享受安全护栏的保护。
Cordum 拥有强大的扩展能力,支持通过 Integration Packs 扩展功能。目前已提供包括 Slack、GitHub、AWS、Jira、Terraform、Datadog 及 PagerDuty 在内的 30 多个集成包。每个集成包都是一个原生的 CAP Worker,能够实现带有策略门控(Policy-gated)的自动化工作流。
针对常见问题,如果遇到端口占用,请尝试使用 `docker compose down` 或通过 `lsof` 命令检查;若遇到 Docker 内存不足,请增加 Docker Desktop 的内存分配;若无法登录 Dashboard,请检查 .env 文件中的 CORDUM_ADMIN_PASSWORD 初始密码设置。
cordum填补AI智能体治理空白,架构设计专业,Go实现保证性能。社区关注度中等,适合前沿探索者采用。
该工具使用 NOASSERTION 协议,商用场景请仔细阅读协议条款,必要时咨询法律意见。
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
📄 NOASSERTION — 请查阅原始协议条款了解具体使用限制。
总体来看,cordum MCP工具 是一款质量良好的AI工具,在同类工具中具备一定竞争力。AI Skill Hub 将持续追踪其更新动态,建议收藏备用,结合自身场景选择合适时机引入使用。
| 原始名称 | cordum |
| 原始描述 | 开源MCP工具:The open agent control plane. Govern autonomous AI agents with pre-execution pol。⭐479 · Go |
| Topics | 智能体治理MCP协议AI编排策略控制开源框架 |
| GitHub | https://github.com/cordum-io/cordum |
| License | NOASSERTION |
| 语言 | Go |
收录时间:2026-05-16 · 更新时间:2026-05-19 · License:NOASSERTION · AI Skill Hub 不对第三方内容的准确性作法律背书。