What is Faramesh Labs?

Faramesh Labs is the execution control layer for AI agents. It provides policy-based governance, approval workflows, and production safety for autonomous systems.

How do I install Faramesh Labs?

You can install Faramesh Labs using Homebrew (brew install faramesh/tap/faramesh), Git, Go, or npm. Full install and setup docs are on docs.faramesh.dev.

Is Faramesh Labs production-ready?

Yes, Faramesh Labs is production-ready. It includes governance controls, approval workflows, and comprehensive logging for enterprise deployments.

What kind of agents does Faramesh Labs support?

Faramesh Labs supports all types of AI agents including coding agents, data agents, research agents, and custom autonomous systems.

Governance-as-Code for AI agents

Govern your agents in prod.

The open source policy layer for AI agents. Deterministic enforcement, real human approvals, tamper-evident audit. No LLM watching another LLM.

Early access View on GitHub

Open source. Self-hosted or cloud. Works with LangGraph, CrewAI, AutoGen, Claude Agents SDK, MCP, and 8 more.

faramesh • runtime

→stripe.refund(amount=5000)

DEFER

awaiting approval · amount > $1000

How it fits

Every action, checked before it runs.

Faramesh sits between your agents and the tools they call. Before any action runs, your policy decides what happens. Run it. Block it. Hold it for a human.

Your agents can't bypass it. There is no ungoverned path to your tools.

Non-bypassable

Deterministic

Auditable

Agent action

Attempting

stripe.refund(12000)

Policy check

PERMITaction runs

DENYblocked by policy

DEFERheld for approval

How policies are written

Policy as code, not prompts.

FPL, our native policy language for AI agents. Deterministic, versioned, and enforced on every tool call.

policies/default.fplFPL

v0.4.2

agent coding-bot {

default deny

framework "langchain"

rules {

default deny

deny! shell/* reason: "never shell in prod"

permit git/read

permit git/commit when branch != "main"

}

→ evaluate

action

evaluated in 2ms•faramesh v0.4.2

How it runs

Built for production.

Every tool call goes through five stages of defense. Scroll through a refund request as it flows through the runtime.

Stage 01 of 05

Your agent calls a tool

Your agents keep using their framework as normal. No wrappers, no code changes.

$ agent.invoke("refund #4821")

→ stripe.refund(4821)

Stage 02 of 05

Faramesh intercepts

Before the call reaches your tool, our runtime catches it. Non-bypassable.

intercept

captured before execution

Stage 03 of 05

Policy evaluates

Your FPL policy runs deterministically. Microseconds, not seconds.

policy.evaluate

rules/refund.fpl

matched: amount >= 500 → defer

Stage 04 of 05

Verdict fires

Permit, deny, or defer. The call either runs, is blocked, or waits for a human.

verdict

DEFER

awaiting human approval

Stage 05 of 05

Audit trail written

Every decision is hashed and chained. Tamper-evident record you can replay any time.

audit.log

sha256:a1f9c3…e7b4

signed & immutable

68 ns

Engine eval

per simple permit, zero allocations

58 µs

Full pipeline

median latency per decision

Frameworks

auto-patched at runtime, zero code changes

Framework support

Works with what you already use.

Drop in to any agent framework. No code changes. No lock-in.

Supported frameworks

13 frameworks. One integration point.

Auto-patches your framework's tool-call methods at runtime. Your agent code stays untouched.

LangGraph·

LangChain·

CrewAI·

AutoGen·

Pydantic AI·

Google ADK·

LlamaIndex·

AWS Strands·

OpenAI Agents SDK·

Smolagents·

Haystack·

Deep Agents·

AWS Bedrock AgentCore·

MCP Servers·

LangGraph·

LangChain·

CrewAI·

AutoGen·

Pydantic AI·

Google ADK·

LlamaIndex·

AWS Strands·

OpenAI Agents SDK·

Smolagents·

Haystack·

Deep Agents·

AWS Bedrock AgentCore·

MCP Servers·

Install

Choose the installation path that fits your environment.

Multiple platforms supported

Integration cost

code changes to your agent

Faramesh intercepts at the framework layer, not the application layer. Your agent stays exactly as it is.

Latency

~57us

per policy decision

Production-grade latency. Faster than a network round trip. Inline with every tool call.

What your team ships

From prototype to production.

The parts of shipping agents that aren't about the agent.

SHIP

Graduate agents from prototype to production.

Refund flows. Database writes. External APIs.

AUDIT

Produce board-ready evidence for every agent action.

Signed, immutable, and replayable. The trail your reviewers want.

OBSERVE

Know exactly why an agent did what it did.

Deterministic verdicts, not probabilistic guesses. The policy that ran. The rule that matched. The reason the verdict fired.

APPROVE

Route high-impact actions to a human before they run.

Large refunds. Production deploys. Wire transfers. Before, not after.

Pricing

Start free. Scale when you're ready.

Open source runtime. Managed platform. Enterprise-grade infrastructure. Choose where you start, and move up when your team does.

Open source

Free

Forever, for everyone

Faramesh Core

Self-hosted runtime enforcement for your agents.

Full FPL runtime
All 13 framework integrations
Non-bypassable enforcement
Tamper-evident audit log
Elastic License 2.0
Community support

View on GitHub

Recommended for teams

Pay as you go

Starts at

$0.80/ 1K decisions

No seats. No minimums.

Faramesh Cloud

Managed infrastructure with visual governance.

Everything in Core
Visual governance workspace
Managed control plane
Credential broker
Approval workflows (HITL)
Shared audit chain
Email support

Early access

Enterprise

Custom

Annual contracts

Enterprise

Org-wide deployment with compliance and controls.

Everything in Cloud
SSO and SCIM
Private VPC or on-prem
SOC 2, HIPAA, PCI-DSS
Multi-approver routing
Priority support and SLAs
Dedicated engineering contact

Every tier includes the full open source runtime. You never lose access to what you started with.

Get started

Ship your agents to production.

Every agent you deploy deserves a policy, an audit log, and a human in the loop.

Early access View on GitHub

Open source. Self-hosted or cloud. No credit card required.