We intercepted OpenClaw and now control every one of its actions with Faramesh’s deterministic policy engine. All tool executions (bash, read, write, browser, canvas, etc.) are routed through a single non-bypassable chokepoint using the existing before_tool_call hook plus full HTTP invoke protection.

This is for teams running OpenClaw agents who want zero-trust governance, full audit visibility, and human-in-the-loop approvals without forking the codebase.

What's new:

• Reliable interception via runBeforeToolCallHook in src/agents/pi-tools.before-tool-call.ts

• Faramesh plugin registers before_tool_call and submits every call to POST /v1/actions

• HTTP direct-invoke bypass closed in tools-invoke-http.ts

• Every action appears in the dashboard (Allowed / Denied / Pending) with full provenance

• Complete integration guide, E2E test suite, and retry behavior documented

Every authorization decision is now permanently stored as a tamper-evident Decision Provenance Record (DPR) inside a cryptographically linked Merkle Chain. This is the exact provenance system described in our arXiv paper (2601.17744) — decision-centric, append-only, and mathematically verifiable.

You can now prove exactly why an action was allowed/denied (policy version, canonical action hash, state digest, outcome, and full chain linkage) without trusting execution logs or agent traces.

This is for compliance, security, forensics, and anyone who needs non-repudiable audit trails in regulated or high-stakes environments.

What's new:

• Merkle Chain (hash-chained append-only log with Merkle Tree support) for tamper-evident provenance

• Decision Provenance Records (DPR): canonical_action_hash, policy_version, state_hash, decision (PERMIT/DENY/DEFER), signature, seq, prev_hash

• Public Merkle Root timestamping (for independent third-party verification)

• Merkle Proof API (GET /v1/provenance/{hash}/proof) for efficient inclusion proofs

• Deterministic replay endpoint (POST /v1/replay) — re-evaluate any historical decision under new policies or states

• Full alignment with arXiv:2601.17744 guarantees (provenance-complete, replayable, decision-centric audit)

Policies have moved from disk-based YAML files to a fully versioned, database-backed store. On first startup Faramesh automatically imports any existing /policies/*.yaml files, then the engine reads exclusively from the policies table. The dashboard Governance tab and new Advanced tab give you one-click Allow/Ask/Deny plus a full JSON/YAML editor.

This is for teams that need scalable, auditable, compliance-grade policy management without redeployments or dual-system confusion.

What's new:

• Automatic one-time migration from YAML files to DB on startup

• Advanced policy editor with live JSON ↔ YAML toggle (powered by js-yaml)

• New API endpoints: POST /v1/policies/import-yaml, full CRUD with versioning

• Security hardening: 1 MB payload limit, regex complexity checks (<500 chars, no nested quantifiers), max 500 rules per policy

• CLI commands: faramesh policy create, push, validate, diff, test

• Removed all legacy YAML file endpoints and fallback logic

lived credentials from your secret store (HashiCorp Vault, AWS Secrets Manager, or the newly added Azure Key Vault), injects them into the connector, and never stores them.

This is for security and DevOps teams that want agents to use real credentials safely without hard-coding or long-lived tokens.

What's new:

• Full Azure Key Vault backend (azure-identity + azure-keyvault-secrets)

• Comprehensive test suite covering all three backends and connector wiring

• Clearer error messages when a secret is missing (includes exact secret path)

• SPIFFE/Vault JWT auth documentation for workload identity

• Updated architecture diagram and integration docs

Ten demos show Faramesh in real scenarios: blocking `rm -rf` while allowing `ls`, requiring approval for discounts over 30%, preventing infinite agent loops, and detecting PII in logs. Each demo targets a specific risk, data loss, cost overruns, compliance, and shows how policies and approvals address it.

This is for evaluators and technical leads who want to see concrete outcomes before adopting.

What's new:

• 10 demos across LangChain, CrewAI, AutoGen, MCP

• Float canonicalization (deterministic hashing)

• Customer service discount control (prevent 100% discounts)

• Healthcare PII redaction (SSN, credit cards)

• DevOps security (allow `ls`, block `rm -rf` and substitutes)

• Zero-trust cryptographic audit

• Latency benchmark (sub-2ms overhead)
  
  

Run individual demos from the `demo_agents` folder or use the interactive menu. Start the Faramesh server first; demos connect and demonstrate each scenario in minutes.

The Faramesh CLI now gives you complete command-line access to every major feature—server management, actions, policies, agents, runtimes, and diagnostics.

This is for SREs, platform teams, and anyone who prefers scripting or lives in the terminal.

What's new:

• Server commands faramesh serve, status, doctor, migrate

• Action management faramesh list, get, approve, deny, tail

• Policy commands faramesh policy show, set, list, create, validate, test, diff

• Agent & runtime commands faramesh agents list, runtimes list

• Full environment variable reference included in the new command-line reference.

The first release introduced the core model: every agent action passes through Faramesh, where a YAML policy engine decides allow, deny, or require approval. A SQLite-backed store, REST API, and web UI for approvals completed the loop. Python SDK and CLI made integration straightforward.

This laid the foundation for everything that followed, deterministic policy evaluation, audit trails, and human-in-the-loop workflows.

What's new:

• Policy-based action governance (allow, deny, require_approval)

• SQLite backend for actions

• YAML-based policy engine

• Basic REST API

• Web UI for action approval

• Python SDK and CLI tools

Configure policies in YAML or via API. Submit actions through the SDK or API; the engine evaluates, and the web UI handles approvals.

Power users can reach any page or action without the mouse. Press ⌘+K to open the command palette, search, and jump to Policies, Approvals, Usage, or Settings. Dedicated shortcuts (⌘+D, ⌘+P, ⌘+A, ⌘+U) take you straight to the main sections.

This is for anyone who wants to work faster and reduce repetitive clicks.

What's new:

• Command palette (⌘+K) with 14 commands, navigation, actions, theme

• Keyboard shortcuts: ⌘+D Dashboard, ⌘+P Policies, ⌘+A Approvals, ⌘+U Usage, ⌘+, Settings

• Real-time search and keyboard navigation (↑↓, Enter, Esc)
  
  

Press ⌘+K from anywhere in the dashboard to open the palette. Type to filter; use arrow keys and Enter to run a command.

A single dashboard now covers policies, approvals, usage, agents, integrations, API keys, and audit. Filter by agent, tool, or status. See pending approvals at a glance. Export usage and audit data to JSON or CSV. Accessible, keyboard-friendly, and mobile-responsive.

This is for operators and admins who need to manage governance daily without jumping between tools.

What's new:

• Dashboard with metrics (policies, approvals, usage) and activity feed

• Policies CRUD with filters and status

• Approvals workflow — approve, deny, view details

• Usage analytics with time-series charts and export (JSON/CSV)

• Agent monitoring UI with real-time status

• Integrations management (GitHub, Slack, Jira, etc.)

• API keys, generate, copy, revoke

• Audit log with filters and CSV export

• Settings for profile, org, billing, members

  
  

Navigate to each section from the sidebar. Use the command palette (⌘+K) and shortcuts (⌘+D for Dashboard, ⌘+P for Policies, ⌘+A for Approvals, ⌘+U for Usage, ⌘+, for Settings) for faster navigation.

Your AI agents can now get explicit approval before running high-risk actions. Instead of blocking everything or trusting blindly, you decide what needs a human check. When an agent tries to process a refund, run a shell command, or terminate AWS instances, Faramesh pauses and sends approval requests to Slack or email. Your team approves or denies with one click, no code required.

This is built for teams that want automation without losing control. Finance, DevOps, and customer support can safely delegate sensitive work to agents while keeping the final say.

What's new:

• Slack and Email approval notifications — approve or deny from your existing tools

• Approval callbacks with secure tokens — no extra auth for reviewers

• Policy rules for `require_approval` by tool, operation, and risk level

• Human-in-the-loop for payments, refunds, shell, and infrastructure changes

You define which actions need approval in your YAML policies. When an agent hits one, Faramesh sends the request; once approved, execution continues automatically.