docs

Getting Started

Core

FPL

Governance

Operations

Reference

github ↗slack ↗community ↗

07 , FPL language

FPL — The Standard Policy Language

FPL (Faramesh Policy Language) is the standard and canonical policy language for Faramesh. Every policy is FPL. YAML and natural language are alternative input formats , they compile to FPL before the engine evaluates them. FPL is the source of truth.

Why FPL exists

Governing AI agents with YAML, OPA/Rego, or Cedar requires a senior engineer who understands authorization, schema design, and the agent framework's internals. That bottlenecks governance to a tiny pool of people. A compliance officer, a CISO, or a legal team member cannot write Rego or navigate a 200-line YAML policy.

FPL solves this by providing agent-native primitives as first-class language constructs , sessions, budgets, delegation chains, workflow phases, credential bindings, and mandatory deny , not as convention-over-configuration hacks layered on top of a general-purpose format. The result is a policy language that's shorter, safer, and readable by anyone who understands the business rules.

How FPL compares

FPLYAML + exprOPA / RegoCedar

Agent primitivesBuilt-inConventionNoNo

Mandatory denyCompile-timeDocs onlyRuntimeRuntime

Session budgetsBuilt-inManualNoNo

Delegation chainsBuilt-inManualNoNo

NLP compilationYesNoNoNo

BacktestBuilt-inManualManualNo

Lines (typical)2565+80+50+

Four input modes, one engine

FPL is canonical. The other three modes compile to FPL before evaluation.

MODEHOW IT WORKS

FPL directlyWrite structured, readable policy in .fpl files. This is the standard path.

Natural languageWrite English like "deny all shell commands." Faramesh compiles it to FPL, validates, and backtests against real history before activation.

YAMLAlways supported as an interchange format. Both FPL and YAML compile to the same internal representation.

Code annotations@faramesh.tool(defer_above=500) annotations in source code are extracted to FPL automatically.

The deny! invariant

deny! is a compile-time constraint. It is the most important construct in FPL. When you write deny! shell/*, no child policy, no priority rule, no extends chain, and no subsequent permit rule can override it. The compiler enforces this structurally , it is not a runtime convention or a documentation practice. OPA, Cedar, and YAML-based engines rely on documentation to express "this rule must never be overridden." FPL makes it a language guarantee.

Backtest before activation

Every policy compiled from natural language is backtested against real DPR (Decision-Provenance Record) history before the user sees it. Faramesh replays the new policy against past decisions and shows what would have changed: "23 of your last 847 decisions would have been deferred." The user sees the impact and decides whether to activate. This makes NLP compilation trustworthy rather than a black box.

Structured FPL example

A complete agent policy expressed in FPL. This single file defines the default stance, model constraints, budget tracking, phased rules, delegation limits, ambient credential stripping, selectors, and credential bindings.

agent.fplfpl

agent support-bot {
  default deny
  model  gpt-4o
  framework langchain

  budget session {
    max_usd  5.00
    max_calls 200
  }

  phase intake {
    permit crm/lookup
    permit kb/search
  }

  phase execution {
    permit email/send
    defer  refund/issue when amount > 500
    permit refund/issue when amount <= 500
  }

  rules {
    deny shell/*
    deny fs/write
  }

  delegate {
    to finance-team scope refund/issue ceiling 2000
  }

  ambient {
    strip OPENAI_API_KEY
    strip STRIPE_API_KEY
  }

  selector {
    tag pii effect defer
  }

  credential {
    backend vault
    path    secret/data/support
  }
}

NLP compilation

Write policy in plain English and compile it to FPL. The NLP compiler maps natural language constraints to structured policy blocks.

bash

faramesh policy compile \
  "deny all shell commands, defer refunds over $500 to finance"

YAML decompilation

Convert an existing YAML policy back into FPL for easier editing.

bash

faramesh policy fpl decompile policy.yaml

GitOps workflow

FPL files are plain text and designed for version control. Commit them alongside your application code. Validate in CI before deploy. Diff policy changes in pull requests the same way you diff code.

bash

# CI pipeline step — validate before merge
faramesh policy validate agent.fpl

# Backtest against production history
faramesh policy backtest agent.fpl \
  --db /var/lib/faramesh/faramesh.db

# Diff two policy versions
faramesh policy diff agent-v1.fpl agent-v2.fpl

FPL is the source of truth. YAML is an interchange format. Always edit the FPL file and let the compiler produce the internal representation.

FPL block reference

Every construct available in FPL, with its purpose.

BLOCKPURPOSE

agentTop-level container. Names the agent and sets the default stance (permit or deny).

defaultWhat happens when no rule matches: permit or deny.

modelConstrains which LLM model the agent is allowed to use.

frameworkDeclares the agent framework for auto-detection hints.

budgetSession-level budget: max cost, max calls, daily limits, and what happens when exceeded.

phaseWorkflow phases with their own permit/deny/defer rules. Only one phase is active at a time.

rulesGlobal rules applied outside of phases. permit, deny, deny!, and defer with conditions.

delegateDelegation grants: which tools a sub-agent can use, with scope ceiling and TTL.

ambientLists environment variables to strip from the agent process.

selectorExternal data sources (risk scores, tags) bound to the policy context.

credentialCredential broker bindings: backend, path, field, and TTL.

Need help? Use any of these support options.

open an issue join slack community/forum

MIT License

docs github community get started →