frontpage.

Hi HN, I’m Yaron, a DevOps engineer working on AI infrastructure.

I built Cordum because I saw a huge gap between "AI Demos" and "Production Safety." Everyone is building Agents, but no one wants to give them write-access to sensitive APIs (like refunds, database deletions, or server management).

The problem is that LLMs are probabilistic, but our infrastructure requires deterministic guarantees.

Cordum is an open-source "Safety Kernel" that sits between your LLM and your execution environment. Think of it as a firewall/proxy for agentic actions.

Instead of relying on the prompt to "please be safe," Cordum enforces policy at the protocol layer: 1. It intercepts the agent's intent. 2. Checks it against a strict policy (e.g., "Refund > $50 requires human approval"). 3. Manages the execution via a state machine.

Tech Stack: - Written in Go (for performance and concurrency). - Uses NATS JetStream for the message bus. - Redis for state management.

It’s still early days, but I’d love your feedback on the architecture and the approach to agent governance.

Repo: https://github.com/cordum-io/cordum

Happy to answer any questions!

Show HN: Lume 0.2 – Build and Run macOS VMs with unattended setup

Show HN: Xenia – A monospaced font built with a custom Python engine

Show HN: HTTP:COLON – A quick HTTP header/directive inspector and reference

Show HN: Figma-use – CLI to control Figma for AI agents

Show HN: Terravision – Generate Cloud architecture diagrams from Terraform code

Show HN: GibRAM an in-memory ephemeral GraphRAG runtime for retrieval

Show HN: Opal Editor, free Obsidian alternative for markdown and site publishing

Show HN: Mist – a lightweight, self-hosted PaaS

Show HN: built a 24h-clock based radial planner to help with ADHD time blindness

Show HN: Available.dev – Craigslist for Developer Availability

Show HN: ChunkHound, a local-first tool for understanding large codebases

Show HN: Speed Miners – A tiny RTS resource mini-game

Show HN: Streaming gigabyte medical images from S3 without downloading them

Show HN: I built a "sudo" mechanism for AI agents

Show HN: I made a Tetris based block puzzle game

Show HN: I learned to code at 84 to build a privacy-first location app

Show HN: Kling.to – Self-hosted email marketing with full data ownership

Show HN: Crowdsourced job market index – DjinniPulse

Show HN: RqLui – A free open-source webui for Rqlite written in Quasar

Show HN: An alternative to 'flat' image generators for layout-heavy design

Show HN: KeyEnv – CLI-first secrets manager for dev teams (Rust)

Show HN: I built a tool to assist AI agents to know when a PR is good to go

Show HN: DailySpace – Daily astronomy photos with rocket launch tracking

Show HN: Finite – NixOS Flake for Pi-Hole and Unbound on Raspberry Pi

Show HN: App to spoof GPS location on iOS without jailbreaking

Show HN: Teamlibra/ry: a Zig framework for Cursor that makes prompting better

Show HN: Lance – Open lakehouse format for multimodal AI datasets

Show HN: Hekate – A Zero-Copy ZK Engine Overcoming the Memory Wall

Show HN: WebTerm – Browser-based terminal emulator

Show HN: Tusk Drift – Turn production traffic into API tests

Show HN: I built a "sudo" mechanism for AI agents

Comments

Show HN: Lume 0.2 – Build and Run macOS VMs with unattended setup

Show HN: Xenia – A monospaced font built with a custom Python engine

Show HN: HTTP:COLON – A quick HTTP header/directive inspector and reference

Show HN: Figma-use – CLI to control Figma for AI agents

Show HN: Terravision – Generate Cloud architecture diagrams from Terraform code

Show HN: GibRAM an in-memory ephemeral GraphRAG runtime for retrieval

Show HN: Opal Editor, free Obsidian alternative for markdown and site publishing

Show HN: Mist – a lightweight, self-hosted PaaS

Show HN: built a 24h-clock based radial planner to help with ADHD time blindness

Show HN: Available.dev – Craigslist for Developer Availability

Show HN: ChunkHound, a local-first tool for understanding large codebases

Show HN: Speed Miners – A tiny RTS resource mini-game

Show HN: Streaming gigabyte medical images from S3 without downloading them

Show HN: I built a "sudo" mechanism for AI agents

Show HN: I made a Tetris based block puzzle game

Show HN: I learned to code at 84 to build a privacy-first location app

Show HN: Kling.to – Self-hosted email marketing with full data ownership

Show HN: Crowdsourced job market index – DjinniPulse

Show HN: RqLui – A free open-source webui for Rqlite written in Quasar

Show HN: An alternative to 'flat' image generators for layout-heavy design

Show HN: KeyEnv – CLI-first secrets manager for dev teams (Rust)

Show HN: I built a tool to assist AI agents to know when a PR is good to go

Show HN: DailySpace – Daily astronomy photos with rocket launch tracking

Show HN: Finite – NixOS Flake for Pi-Hole and Unbound on Raspberry Pi

Show HN: App to spoof GPS location on iOS without jailbreaking

Show HN: Teamlibra/ry: a Zig framework for Cursor that makes prompting better

Show HN: Lance – Open lakehouse format for multimodal AI datasets

Show HN: Hekate – A Zero-Copy ZK Engine Overcoming the Memory Wall

Show HN: WebTerm – Browser-based terminal emulator

Show HN: Tusk Drift – Turn production traffic into API tests