faramesh.devBETA
docsgithubcommunityget started →

docs

Getting Started

Core

FPL

Governance

Operations

Reference

github ↗slack ↗community ↗

08 , CLI reference

CLI Reference

Every Faramesh command, grouped by plane. Run faramesh <command> --help for detailed flag documentation on any command.

commanddescription

Installation

demoRun built-in demo traffic against the daemon
initScaffold a new Faramesh project with default policy
detectDetect agent framework, runtime, and OS capabilities
statusShow daemon status and loaded policy summary
stopGracefully stop the running daemon

Daemon

serveStart the governance daemon (flags: --policy, --data-dir, --socket, --metrics-port, --proxy-port, --grpc-port, --mcp-proxy-port, --mcp-target)

Execution

runWrap and govern an agent process (auto-detect, patch, sandbox)

Policy

policy validate <policy.fpl|policy.yaml>Check a policy file for syntax / semantic errors
policy inspect <policy.yaml>Print a summary of all rules in the file
policy diff <old.yaml> <new.yaml>Show differences between two policy versions
policy backtestReplay deterministic fixtures (optional: --policy, --fixtures)
policy compileNLP → FPL compilation from natural language
policy fplFPL sub-commands (decompile, format)
policy test <policy.yaml>Run policy against a single tool call (--tool required)
policy debug <policy.yaml>Trace rule evaluation for a specific tool call (--tool required)
policy analyzeAnalyze policy coverage and rule effectiveness
policy cover <policy.yaml>Show coverage report for policy rules
policy suite <policy.yaml> --fixtures <suite.yaml>Run a policy test suite
policy reloadHot-reload policy without restarting daemon

Session

session open <agent-id>Open a new session with optional budget and TTL
session close <agent-id>Close an active session
session listList all sessions (active and closed)
session budget <agent-id>Show or set budget for a session
session reset <agent-id>Reset session counters
session inspect <agent-id>Detailed session state and history
session purpose declare <agent-id> <purpose>Declare purpose for a session

Agent

agent approve <defer-token>Approve a deferred action
agent deny <defer-token>Deny a deferred action
agent kill <agent-id>Activate kill switch for an agent
agent unkill <agent-id>Deactivate kill switch
agent killedList agents with active kill switches
agent pendingList actions awaiting approval
agent listList all known agents
agent inspect <agent-id>Detailed agent state and statistics
agent history <agent-id>Decision history for a specific agent

Audit

audit tailStream live verdicts
audit verify <db-path>Verify DPR chain integrity
audit export <dpr.db>Export audit records (JSON, CSV, JSONL)
audit stats <dpr.db>Aggregate statistics over the audit log

Credential

credential register <name>Register a credential with a backend
credential listList registered credentials
credential inspect <name>Show credential metadata and health
credential rotate <name>Trigger credential rotation
credential healthCheck backend connectivity
credential revoke <name>Revoke a credential binding
credential audit <name>Show credential access history

Delegation

delegate grant <from-agent> <to-agent>Grant delegation to a principal with scope and ceiling
delegate list <agent-id>List active delegations
delegate revoke <from-agent> <to-agent>Revoke a delegation
delegate inspect <delegation-token>Show delegation details and chain
delegate verify <delegation-token>Verify a delegation token
delegate chain <agent-id>Show the full delegation chain

Identity

identity verifyVerify an identity attestation
identity trustSet trust level for an identity
identity whoamiShow current identity
identity attestCreate an identity attestation
identity federationShow federation membership
identity trust-levelQuery trust level for a principal

Incident

incident declareDeclare a new incident
incident listList all incidents
incident inspect <incident-id>Show incident details and timeline
incident isolate <agent-id>Isolate an agent during an incident
incident evidence <incident-id>Retrieve evidence artifacts for an incident
incident resolve <incident-id>Mark an incident as resolved
incident playbook <incident-id>Show recommended incident response playbook

Schedule

schedule createCreate a scheduled execution
schedule listList all scheduled executions
schedule inspect <schedule-id>Show schedule details
schedule cancel <schedule-id>Cancel a scheduled execution
schedule approve <schedule-id>Approve a pending scheduled execution
schedule pendingList schedules awaiting approval
schedule historyShow schedule execution history

Provenance

provenance signSign a policy or artifact
provenance verify <agent-id>Verify provenance attestation
provenance inspect <agent-id>Show provenance metadata
provenance diff <agent-id>Diff current runtime vs signed provenance
provenance listList signed artifacts

Model

model register <name>Register a model for integrity tracking
model verifyVerify model integrity against registered hash
model consistencyCheck model consistency across deployments
model listList registered models
model alert <agent-id>Show model integrity alerts for an agent

Operations

Use the ops command group for operations workflows.

ops policy-change propose <policy.yaml>Propose a policy change (four-eyes workflow)
ops policy-change listList pending policy change proposals
ops policy-change approve <proposal-id>Approve a policy change proposal
ops policy-change reject <proposal-id>Reject a policy change proposal
ops auditOperator audit log
ops loginOperator login
ops logoutOperator logout
ops whoamiShow current operator identity

Fleet

fleet listList all agents across the fleet
fleet push <instance-id>Publish a push control event for an instance
fleet kill <instance-id>Publish a kill control event for an instance

Hub

hub search <query>Search the policy hub for shared policies
hub install <pack-ref>Install a policy from the hub
hub publish <path>Publish a policy to the hub
hub verify <pack-ref>Verify a hub policy signature

Federation

federation trust addAdd a trusted external organisation
federation trust listList trusted organisations
federation trust revokeRevoke trust from an organisation
federation receipt verify <receipt-token>Verify a cross-org governance receipt
federation receipt issueIssue a governance receipt

Chaos

chaos-test degradedToggle degraded mode on the daemon
chaos-test faultToggle fault injection mode on the daemon
chaos-test run --scenarioRun a named chaos scenario
chaos-test list-scenariosList all available chaos scenarios

Compensation

compensate buildBuild a compensation workflow from a DPR record
compensate listList compensation workflows
compensate inspectShow compensation workflow details
compensate applyApply a compensation workflow
compensate statusShow compensation status
compensate retryRetry a failed compensation step

Compliance

compliance export --wal <dpr.wal>Export deterministic compliance evidence bundle

Supply Chain

sign file --private-key <key.pem> --file <path>Sign a build artifact or policy file
verify digest <file>Print SHA-256 digest for a file
verify manifest <manifest.json>Verify an artifact manifest
verify buildinfo [expected.json]Emit or verify reproducible build info
verify signature --public-key <pub.pem> --file <path> --signature <sig>Verify an artifact signature
sbomGenerate software bill of materials

MCP

mcp wrap -- <command> [args...]Wrap an MCP server process and intercept tool calls at stdio level

Auth

auth loginAuthenticate with the Faramesh platform
auth logoutClear stored credentials
auth statusShow current authentication status

Utility

explainExplain why a specific decision was made
--versionPrint Faramesh version and build info

Need help? Use any of these support options.

open an issuejoin slackcommunity/forum
MIT License
docsgithubcommunityget started →