What is Faramesh Labs?

Faramesh Labs is the execution control layer for AI agents. It provides policy-based governance, approval workflows, and production safety for autonomous systems.

How do I install Faramesh Labs?

You can install Faramesh Labs using Homebrew (brew install faramesh/tap/faramesh), Git, Go, or npm. Full install and setup docs are on docs.faramesh.dev.

Is Faramesh Labs production-ready?

Yes, Faramesh Labs is production-ready. It includes governance controls, approval workflows, and comprehensive logging for enterprise deployments.

What kind of agents does Faramesh Labs support?

Faramesh Labs supports all types of AI agents including coding agents, data agents, research agents, and custom autonomous systems.

Policy engine

Define what agents can do.

Faramesh evaluates every tool call against your rules before the action runs. Write policies in FPL, the Faramesh Policy Language, or in YAML or Python annotations.

How the engine works

Deterministic decisions before anything runs.

Faramesh evaluates every tool call against rules in code, not against a second AI watching the first. Policies are written in FPL, the Faramesh Policy Language we built for agent governance.

DETERMINISTIC

Same input, same output.

Faramesh evaluates rules with code, not models. No probability. No drift. Every verdict is reproducible from the same inputs.

FIRST MATCH WINS

Rules evaluate in order.

Each rule is checked top to bottom. The first one that matches decides. Predictable to read, easy to debug, no surprise interactions.

DENY BY DEFAULT

If nothing matches, nothing happens.

When no rule covers an action, the engine blocks it. Safety by default, not safety by hoping you covered every edge case.

TAMPER EVIDENT

Every decision is signed and chained.

Each verdict is hashed and linked to the previous one. You can replay any decision and prove the log was not modified after the fact.

Anatomy of a policy

Anatomy of a Faramesh policy.

A real payment-bot policy. Default deny, budget enforcement, phase-aware permissions, mandatory shell deny, vault-brokered credentials. Each piece tells the engine what to do at evaluation time.

fpl

agent payment-bot {
  default deny
  model "gpt-4o"
  framework "langgraph"

  budget session {
    max $500
    daily $2000
    max_calls 
    on_exceed deny
  }

  phase intake {
    permit read_customer
    permit get_order
  }

  rules {
    deny! shell/* reason: "never shell"
    defer stripe/refund when amount > 
      notify: "finance"
      reason: "high value refund"
    permit stripe/* when amount <= 
  }

  credential stripe {
    backend vault
    path secret/data/stripe/live
    ttl 
  }
}

How to read it

1agent
Rules evaluate per agent. Different agents, different permissions.
2budget
Spend, calls, and time limits. Hits the cap, blocks the call.
3phase
Stage-aware permissions. Some tools only allowed during intake.
4deny!
Mandatory deny. Compile-time guarantee no later rule can override.
5credential
Vault-brokered. Issued only after the rule permits the call.

Engine primitives

Six primitives the engine enforces.

Each card shows a single primitive in FPL. Compose them into the policies your team actually needs. Same primitives work in YAML.

POSTURE

Mandatory deny.

deny! is compile-time enforced. No later rule can override it. Stronger than YAML's documentation conventions.

agent default {
  default deny
  rules {
    deny! shell/* reason: "never"
    permit http/get
  }
}

ALLOWLIST

Tool paths with globs.

Permit specific tool operations. Glob patterns match families of calls.

rules {
  permit http/get
  permit http/get/*
  permit vault/probe/*
}

BUDGET

Spending limits.

Cap calls per session and dollars per day. Currency is a first-class type.

budget session {
  max_calls 
  daily $10
  on_exceed deny
}

CONDITIONS

Expression-aware permits.

Permits and defers can require runtime conditions. Dotted paths, equality, comparison.

rules {
  permit idp/probe
    when principal.verified == true
}

CREDENTIAL

Brokered credentials.

Bind credentials to specific tool calls. Vault issues only after policy permits.

credential vault_probe {
  scope vault/probe
  backend vault
  max_scope payments
}

APPROVAL

Defer to a human.

Route high-impact actions to operators. Notify the right team. Block until someone decides.

defer stripe/refund
  when amount > 
  notify: "finance"
  reason: "high value refund"

68 ns

Engine eval

per simple permit, zero allocations

58 µs

Full pipeline

median latency per decision

100%

Tamper-evident

every verdict hashed and chained

Three ways to write

Pick the format that fits.

Same engine, three formats. FPL is canonical. YAML works as an interchange format. Code annotations let you keep policy next to the function it governs. Faramesh compiles all three to the same internal representation.

fpl

agent payment-bot {
  default deny
  model "gpt-4o"
  framework "langgraph"

  budget session {
    max $500
    daily $2000
    on_exceed deny
  }

  rules {
    deny! shell/* reason: "never shell"
    defer stripe/refund when amount > 
      notify: "finance"
      reason: "high value refund"
    permit stripe/* when amount <= 
  }

  credential stripe {
    backend vault
    path secret/data/stripe/live
    ttl 
  }
}

Natural language compile

Describe the policy. Faramesh writes it.

Run faramesh policy compile with a plain English description. Faramesh outputs valid FPL, validates the syntax, and backtests it against your action history before activation.

Input

intent.txt

# Acme support agent policy

deny all shell commands, no exceptions
defer refunds over $500 to a finance reviewer
allow read-only http get requests by default
require approval for any database write
log every action with the requesting user

compile

Output

policy.fpl

agent default {
  default deny

  rules {
    permit http/get
    permit http/get/*

    defer stripe/refund
      when amount > $500
      reason: "refund routed to finance"

    require_approval db/write
      reason: "writes need human review"

    deny! shell/*
      reason: "shell commands blocked"
  }

  audit {
    include actor_id
    include timestamp
  }
}

Output is reviewed before activation. Backtested against real action history.

Keep exploring

Policies are one piece.

RUNTIME

Runtime enforcement

How the policy gets enforced. Sub-millisecond decisions on every tool call.

AUDIT

Audit and compliance

Tamper-evident decision logs for every policy verdict. SOC 2 ready.

INTEGRATIONS

Framework integrations

13 frameworks today. One-line wraps for the agents you already build.

Get started

Ship your agents to production.

Every agent you deploy deserves a policy, an audit log, and a human in the loop.

Early access View on GitHub

Open source. Self-hosted or cloud. No credit card required.