What is Faramesh Labs?

Faramesh Labs is the execution control layer for AI agents. It provides policy-based governance, approval workflows, and production safety for autonomous systems.

How do I install Faramesh Labs?

You can install Faramesh Labs using Homebrew (brew install faramesh/tap/faramesh), Git, Go, or npm. Full install and setup docs are on docs.faramesh.dev.

Is Faramesh Labs production-ready?

Yes, Faramesh Labs is production-ready. It includes governance controls, approval workflows, and comprehensive logging for enterprise deployments.

What kind of agents does Faramesh Labs support?

Faramesh Labs supports all types of AI agents including coding agents, data agents, research agents, and custom autonomous systems.

Governance-as-Code for AI agents

Govern AI agents in one file.

Runtime governance for AI agents in production: identity, credentials, policy enforcement, audit trail, and compliance. One file, one runtime, on your infrastructure.

Quickstart View on GitHub

Works with LangGraph, LangChain, CrewAI, OpenAI Agents, Claude Code, Cursor, Bedrock, MCP, and more.

The problem

Your agent has more access than the job needs.

It can read mail, move money, open pull requests, talk to your customers. One bad prompt and you find out the hard way.

The surface

Every tool you give an agent is a way to act on the world. Most agents today have far more tools wired up than any one task actually needs.

The failure mode

A prompt injection, a confused model step, a stolen API key. You don't know which one it'll be. You know one of them is coming.

The blast radius

When it lands, it lands in production. The agent had real credentials. Whatever it did, it really did.

How Faramesh works

One runtime. One file. One verifiable log.

Faramesh runs alongside your agent, reads your policy, decides every tool call, and writes a tamper-evident audit trail. Works with the framework you already use.

01 Runtime

Runs alongside your agent.

A daemon you launch on your own infrastructure. Every tool call goes through it first.

faramesh dev

watching

$ faramesh dev

✓ Loaded governance.fms

✓ Watching payments-bot

✓ Listening localhost:8181

[14:47:08] PERMIT search_docs

[14:47:09] PERMIT read_file

[14:47:12] DEFER stripe/refund $8000

[14:47:15] PERMIT send_email

02 Policy

One file. One language.

Declare what each agent can do. Versioned in your repo.

governance.fms

agent "payments-bot" {
  rules {
    permit search_docs
    defer  stripe/refund if amount > $500
    deny!  stripe/payouts
  }
}

03 Audit

Every decision, hash-chained.

Tamper-evident log of every decision. Verifiable offline.

faramesh audit

2026-05-17T14:47:08Z DEFER apr-9001

2026-05-17T14:47:09Z PERMIT apr-9002

2026-05-17T14:47:12Z PERMIT apr-9003

DPR hash 7f3a...c891✓ verified

04 Compatibility

Works with the framework you already use.

Framework guides for the integrations you already use. Python and TypeScript SDKs. MCP-native.

LangGraph

LangChain

OpenAI Agents

CrewAI

Claude Code

Cursor

Bedrock

LangGraph

LangChain

OpenAI Agents

CrewAI

Claude Code

Cursor

Bedrock

The governance file

One file defines the entire policy.

Your governance.fms is the entire policy. Every tool call goes through the faramesh daemon first, gets a decision, and lands in a hash-chained log you can verify offline.

Every tool call gets checked against the rules block. permit, defer, and deny are evaluated top to bottom. First match wins. Conditions can check the amount, the host, the method, or any argument the agent passes.

governance.fms

agent "payments-bot" {
  default deny

  rules {
    permit stripe/charge  if amount < $500
    defer  stripe/charge  if amount >= $500
    defer  stripe/refund
    deny   stripe/payouts
    permit stripe/customers/* method GET
  }
}

Quickstart

From empty repo to governed agent.

Three commands. That's the whole install.

Faramesh inspects your repo, finds the agent framework you're using, and writes a starter governance.fms. Every tool starts deferred, nothing runs until you review.

✓ Framework detected: langgraph
✓ Tools discovered: 3 (search_docs, send_email, charge_card)
✓ governance.fms written
Next steps:
faramesh dev    run governed
faramesh apply  enforce

Registry

An ecosystem of policy, not a marketplace of features.

Pre-built providers, policy packs, and framework profiles you can import like Go packages. Pinned, signed, Git-native.

Every import is pinned.

Floating tags rejected at faramesh check. Same source, same hash, every audit. Upgrade with one line change, audit with faramesh plan.

Read the versioning policy

Signed at every layer.

Provider binaries verified with Ed25519. Policy packs signed by the registry key. Community packs ship with their own publisher key.

See the trust model

Just a Git repo.

No separate registry service. Fork the catalog. Use it as-is. Contribute back via pull request.

Browse the catalog

Contribute a pack

Every import is pinned to exact semver. The CLI resolves them from GitHub at faramesh apply. No floating tags. No surprises in production.

Get started

Governance you can deploy in three commands.

The same enforcement at every layer. Pinned, signed, deterministic.

$ curl -fsSL https://raw.githubusercontent.com/faramesh/faramesh-core/main/install.sh | bash

$ faramesh init

Get started View on GitHub

Open source. Self-hosted or cloud. No credit card required.

Talk to us

Two ways to get started.

Got a question?

Faramesh is open source and the community is on Slack. Ask questions, share what you’re building, and follow development.

Join our Slack GitHub Discussions

Deploying in production?

If you’re standing it up in a regulated environment, integrating with existing identity infrastructure, or thinking about Faramesh Cloud for your team, we’d like to talk. We read everything that comes in.

Email the founders Join our Slack