Database-Backed Policies and Editor

Policies have moved from disk-based YAML files to a fully versioned, database-backed store. On first startup Faramesh automatically imports any existing /policies/*.yaml files; after that the engine reads exclusively from the policies table. The dashboard gives you one-click Allow/Ask/Deny plus a full JSON/YAML editor. This is for teams that need scalable, auditable, compliance-grade policy management without redeployments or dual-system confusion.

Migration from YAML

One-time import — On first startup, if YAML files exist under /policies/*.yaml, Faramesh imports them into the database. No manual step required.
Single source of truth — After migration, the engine uses only the database. Legacy YAML file endpoints and fallback logic have been removed.
No dual system — You no longer need to keep YAML and DB in sync; all edits go through the API or dashboard.

Dashboard: Governance and Advanced tabs

Governance tab — Simple one-click controls: set categories (e.g. bash, filesystem, network) to Allow, Ask, or Deny.
Advanced tab — Full policy editor with:
- Live JSON ↔ YAML toggle — Edit in either format (powered by js-yaml).
- Full rule editing: match conditions, effects, reasons.
- Version history and activation.

API

Method	Path	Description
GET	`/v1/policies`	List policies
POST	`/v1/policies`	Create policy
PUT	`/v1/policies/{id}`	Update policy
DELETE	`/v1/policies/{id}`	Delete policy
POST	`/v1/policies/{id}/activate`	Activate policy
POST	`/v1/policies/import-yaml`	Import policy from YAML body (one-time or bulk).

Full request/response schemas: use the interactive docs at /docs.

Security and limits

Payload limit — 1 MB max per policy body.
Regex complexity — Regexes in match conditions are limited (e.g. < 500 characters, no nested quantifiers) to prevent ReDoS.
Rules per policy — Maximum 500 rules per policy.

These limits apply to both API and dashboard submissions.

CLI

faramesh policy create ...    # Create policy (from file or stdin)
faramesh policy push         # Push local YAML to server (import)
faramesh policy validate     # Validate policy file locally
faramesh policy diff         # Diff local vs server policy
faramesh policy test         # Run test cases against policy
faramesh policy list         # List policies
faramesh policy show         # Show current simple policy (by agent)
faramesh policy set <cat> allow|deny|ask   # Set category

faramesh policy create ...    # Create policy (from file or stdin)
faramesh policy push         # Push local YAML to server (import)
faramesh policy validate     # Validate policy file locally
faramesh policy diff         # Diff local vs server policy
faramesh policy test         # Run test cases against policy
faramesh policy list         # List policies
faramesh policy show         # Show current simple policy (by agent)
faramesh policy set <cat> allow|deny|ask   # Set category

faramesh policy create ...    # Create policy (from file or stdin)
faramesh policy push         # Push local YAML to server (import)
faramesh policy validate     # Validate policy file locally
faramesh policy diff         # Diff local vs server policy
faramesh policy test         # Run test cases against policy
faramesh policy list         # List policies
faramesh policy show         # Show current simple policy (by agent)
faramesh policy set <cat> allow|deny|ask   # Set category

See CLI for full command reference.

Table of content