faramesh.devBETA
docsgithubcommunityget started →

docs

Getting Started

Core

FPL

Governance

Operations

Reference

github ↗slack ↗community ↗

04 , run and monitor

Starting and watching.

Option A — faramesh run (recommended)

Prepend faramesh run to your agent command. Faramesh detects the framework, patches tool dispatch, strips ambient credentials, and activates the strongest enforcement available on your OS.

bash
faramesh run -- python agent.py
faramesh run --policy payment.fpl -- python agent.py
faramesh run --enforce full -- python agent.py

Useful flags for faramesh run:

--enforce auto|full|minimal|noneEnforcement level (default: auto).
--brokerStrip ambient API keys from the child process.
--policyPolicy file to load.
--no-seccompSkip seccomp-BPF (Linux).
--no-landlockSkip Landlock filesystem restrictions (Linux).
--no-netnsSkip network namespace (Linux + root).

Option B — faramesh serve (daemon mode)

Start the Faramesh governance daemon. Agents connect via the Unix socket.

bash
faramesh serve \
  --policy policy.fpl

Useful flags

Pass these to faramesh serve to configure the daemon.

--data-dirWhere WAL/DB files are stored.
--socketUnix socket path for the SDK adapter.
--log-leveldebug | info | warn | error
--metrics-portExposes /metrics for Prometheus.
--proxy-portStarts the HTTP proxy adapter.
--grpc-portStarts the gRPC daemon adapter.
--mcp-proxy-portStarts the MCP HTTP gateway.
--mcp-targetTarget MCP server URL (used with --mcp-proxy-port).

Full production start command

Recommended baseline for running Faramesh in production.

bash
faramesh serve \
  --policy /etc/faramesh/policy.fpl \
  --data-dir /var/lib/faramesh \
  --socket /var/run/faramesh.sock \
  --metrics-port 9108

Monitor live decisions

Stream all verdicts as they happen.

All decisions

Stream every PERMIT / DENY / DEFER verdict.

bash
faramesh audit tail

Filter by agent

Only show decisions for a specific agent ID.

bash
faramesh audit tail \
  --agent my-agent

Verify chain integrity

Check that the audit log has not been tampered with.

bash
faramesh audit verify /var/lib/faramesh/faramesh.db

Reload policy without restart

Apply a new policy file without stopping the daemon.

bash
faramesh policy reload \
  --data-dir /var/lib/faramesh

Explain a deny

Show the full rule context and reason for the last blocked action.

bash
faramesh explain --last-deny \
  --db /var/lib/faramesh/faramesh.db \
  --policy /etc/faramesh/policy.fpl

Need help? Use any of these support options.

open an issuejoin slackcommunity/forum
MIT License
docsgithubcommunityget started →