03 , policy

Writing rules in FPL.

FPL (Faramesh Policy Language) is the standard way to write Faramesh policies. It's purpose-built for AI agent governance , shorter than YAML, safer than Rego, and readable by anyone. Rules run top to bottom , first match wins. If nothing matches, default applies.

You can also write policies in plain English (compiled to FPL) or YAML. All three compile to the same internal engine.

See the same policy in each format

agent my-agent {
  default permit

  rules {
    deny! shell/run
      when cmd matches "rm -rf|DROP TABLE"
      reason: "destructive command blocked"

    defer stripe/refund
      when amount > 500
      notify: "finance-team"

    permit stripe/*
      when amount <= 500
  }
}

Good first rules (FPL)

Save these as policy.fpl and use them as your starting point.

agent my-agent {
  default deny

  rules {
    # Block destructive shell commands — permanently, no override
    deny! shell/run
      when cmd matches "rm -rf|DROP TABLE|terraform destroy"
      reason: "destructive command blocked"

    # Hold large payments for human review
    defer payment/transfer
      when amount > 1000
      notify: "finance-team"

    # Allow small payments automatically
    permit payment/transfer
      when amount <= 1000
  }
}

Policy commands

Commands for working with policy files.

Validate

Check for syntax errors before applying.

faramesh policy validate policy.fpl

Test a single call

Dry-run a specific tool call against the policy without starting the daemon.

faramesh policy test policy.fpl \
  --tool payment/transfer \
  --args '{"amount":1200}'

Inspect policy summary

Print a summary of all rules in the file.

faramesh policy inspect policy.fpl

Diff two policy files

See what changed between two versions before deploying.

faramesh policy diff old.fpl new.fpl