the problem
An agent can delete your database, blast emails to every customer, or issue a $50,000 refund. Without Faramesh, nothing stops it. There's no checkpoint. No approval step. No record of what happened.
Some tools claim to solve this with AI, a second model that "monitors" the first. But that's just more probability on top of probability. You don't want your database deletion policy to be a suggestion. Faramesh enforces rules with code. No model in the middle. No guessing.
how it works
Faramesh is a policy guard for AI agent tool calls. Every time your agent tries to do something, Faramesh checks it against your rules and returns one of three verdicts:
If Faramesh itself has an error, the action is blocked. It never fails open.
set your rules
FPL is the standard policy language for Faramesh. It has first-class constructs for sessions, budgets, delegation, and mandatory deny (deny!) , things that YAML and Rego can only approximate. Write in FPL directly, or in plain English and let Faramesh compile it for you. YAML is also supported.
compile natural language: faramesh policy compile intent.txt
one command
Prepend faramesh run to whatever you already run. Faramesh detects the framework, patches tool dispatch, strips ambient API keys, and sets up network interception , automatically.
Works with 13 frameworks out of the box:
LangGraph · LangChain · CrewAI · AutoGen · Pydantic AI · Google ADK · LlamaIndex · AWS Strands · OpenAI Agents · Smolagents · Haystack · Deep Agents · MCP Servers
Credentials brokered through 6 backends: Vault, AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, 1Password, Infisical.
Runs on Linux, macOS, and Windows. Linux gets kernel-level enforcement (seccomp-BPF, Landlock, network namespaces). macOS and Windows get proxy-based interception and credential brokering.
get started
Install, then run. Faramesh sets everything up for you.
1. install
2. govern your agent
That's it. Faramesh detects your framework, loads your policy, and starts governing. Every tool call is checked. Every decision is logged. Run faramesh audit tail to watch live.
works with your stack
Faramesh doesn't just "support" these tools. It hooks into their internals so every tool call is governed before it executes , not after.
Faramesh wraps OpenClaw's tool dispatch. Every tool call goes through your policy before OpenClaw executes it. Ambient credentials are stripped and brokered. read the guide →
NemoClaw agents run inside Faramesh's sandbox. Faramesh owns the process, patches the framework, and enforces network-level isolation on Linux. read the guide →
Deep Agents are LangGraph-based. Faramesh patches BaseTool.run() and injects middleware at the AgentMiddleware layer. Multi-agent delegation is tracked. read the guide →
Faramesh governs MCP tool calls from IDE agents. Wrap the MCP server with faramesh mcp wrap and every tool call is policy-checked. read the guide →
docs spotlight
If you are deploying this week, start with these pages. They cover MCP governance, production hardening, and failure recovery.
Wrap MCP servers and enforce tool-call policy before execution.
open guide →Live verdict streams, metrics export, and operational observability.
open guide →Hardening baseline, identity model, and rollout checklist.
open guide →Fast fixes for daemon startup, adapters, and policy mismatches.
open guide →Free and open source. The SDK runs fully self-hosted with no account required. When you're ready for more, Faramesh Cloud Platform (FCP) adds a web dashboard, team approval workflows, Slack alerts, and compliance-ready audit exports.