Skip to main content

Glossary

One-line definitions for every load-bearing term. Each entry links to the page where the concept is defined in depth.

Platform & architecture

  • Agent Control Plane — Cordum's category. The governance layer that sits between autonomous agents and the real systems they act on.
  • Cordum — the platform. Go control plane + React dashboard + CAP wire protocol.
  • Pack — a reusable bundle of policies, workflows, topic mappings, and worker binaries that targets a domain (finance, ops, data). See Packs.
  • Trust Gap — the slice of agent behavior where deterministic policy is cheaper than LLM judgment: tool calls, data access, side effects. Cordum targets this slice.
  • Plan / Execute / Govern — Cordum governs execution and side effects; we explicitly do not plan for the agent (that's the LLM's job).

Services

  • API Gateway (cordum-api-gateway) — HTTP/WebSocket/gRPC entrypoint. Routes jobs, workflows, approvals, policy bundles, DLQ.
  • Scheduler (cordum-scheduler) — consumes bus events, gates jobs through the Safety Kernel, dispatches to worker pools.
  • Safety Kernel (cordum-safety-kernel) — gRPC decision engine. Evaluates every job pre-dispatch. See Safety Kernel.
  • Workflow Engine (cordum-workflow-engine) — executes DAG workflows with retries, timeouts, approvals, for_each. See Workflow Step Types.
  • Context Engine (cordum-context-engine) — builds context windows, maintains agent memory. See Context Engine.
  • Dashboard — React UI for operators (jobs, approvals, policy, audit).

Protocol

  • CAP (Cordum Agent Protocol) — the canonical wire contract. "MCP for agent behavior". Spec + SDKs in the cap repo. See Agent Protocol.
  • BusPacket — the envelope type every agent↔platform message travels in. oneof payload = JobRequest | JobResult | Heartbeat | SystemAlert | JobProgress | JobCancel | Handshake.
  • JobRequest / JobResult — the request/response payload pair for any agent action.
  • MCP — Model Context Protocol. Anthropic's standard for tool discovery + invocation. Complementary to CAP: MCP describes what an agent can say; CAP tracks what it did.

Bus subjects

  • sys.job.submit — new jobs entering the scheduler.
  • sys.job.result — job completions.
  • sys.job.progress — progress updates.
  • sys.job.cancel — cancel signals.
  • sys.job.dlq — dead-letter events.
  • sys.heartbeat — worker liveness fan-out.
  • sys.handshake — component registration.
  • sys.workflow.event — workflow engine emissions.
  • job.* — worker pool subjects (see config/pools.yaml).
  • worker.<id>.jobs — direct worker delivery.

Governance decisions

  • ALLOW — job proceeds.
  • DENY — job blocked; reason returned to caller.
  • ALLOW_WITH_CONSTRAINTS — job proceeds with scope/rate/redaction constraints attached.
  • REQUIRE_APPROVAL — job waits for a human in the approval queue.
  • Remediation — a machine-readable suggestion for how to convert a DENY or APPROVAL case into an ALLOW.

Output safety

  • Output Policy — redaction and scanner rules applied to job results (not requests). See Output Policy.
  • Output Safety — the scanner pipeline + quarantine flow. See Output Safety.
  • Redact — scrub matched substrings before returning the result.
  • Quarantine — hold the result, do not return, escalate for review.

Audit & chain

  • Audit Chain — append-only hash-chained SIEM event log per tenant. Each event includes seq, event_hash, prev_hash.
  • Chain Verification/api/v1/audit/verify walks the chain and reports gaps (missing / out-of-order / hash mismatch / retention-trimmed).
  • SIEM Exporter — webhook / syslog / Datadog / CloudWatch backends for streaming audit events off-platform.
  • Legal Hold — bypass retention expiry for a time range; events under hold are never trimmed.

Policy signing

  • Policy Bundle — versioned YAML/JSON policy artifact stored via configsvc.
  • Policy Signing — Ed25519 signature over the bundle's SHA-256 digest. Strict mode rejects unsigned bundles.
  • Shadow Policy — a candidate policy evaluated alongside the active one without affecting decisions, so operators can measure impact before promotion.

Workflow vocabulary

  • Run — one execution of a workflow.
  • Step — one node in a workflow's DAG.
  • Saga — a multi-step workflow with compensating actions on partial failure. See Agent Protocol.
  • Compensation — the undo action paired with a forward step.
  • Idempotency Key — caller-provided dedup token; same key returns the same run id.

MCP-specific

  • Scope Filter — per-identity allowlist of MCP tools, risk tier, and data classifications. Enforced before every tools/call.
  • Per-Tool Approval — a tool call can be gated behind a human approval keyed by (tool_name, args_hash).
  • Signed Outbound MCP Call — ECDSA-P256 signature on outbound tool invocations so downstream servers can verify provenance.

Enterprise-only

(Features in the cordum-enterprise repo, requiring a signed license.)

  • SSO / SAML — enterprise identity federation.
  • SCIM — automated user/group provisioning.
  • Advanced RBAC — role hierarchies, custom permissions.
  • Audit Export — SIEM connector with retention and chain-of-custody guarantees.