What is Faramesh Labs?

Faramesh Labs is the execution control layer for AI agents. It provides policy-based governance, approval workflows, and production safety for autonomous systems.

How do I install Faramesh Labs?

You can install Faramesh Labs using Homebrew (brew install faramesh/tap/faramesh), Git, Go, or npm. Full install and setup docs are on docs.faramesh.dev.

Is Faramesh Labs production-ready?

Yes, Faramesh Labs is production-ready. It includes governance controls, approval workflows, and comprehensive logging for enterprise deployments.

What kind of agents does Faramesh Labs support?

Faramesh Labs supports all types of AI agents including coding agents, data agents, research agents, and custom autonomous systems.

Multi-agent systems

Govern multi-agent systems before authority drifts.

Orchestrators, planner-worker-reviewer chains, A2A protocols. Trust between agents is the attack surface. One compromised handoff can poison everything downstream. Faramesh enforces policy at every boundary.

Tools we cover

One layer. Every handoff.

Whatever runtime your orchestrator uses, the policy boundary is the same. Faramesh hooks each agent's tool layer and validates handoffs between them. One compromised agent can't infect the rest.

LangGraph

Wraps the graph runtime, governs every node

CrewAI

Governs every crew action and handoff

OpenAI Agents SDK

Hooks into Runner before tool execution and handoffs

Claude Agents SDK

Intercepts subagent tool calls before execution

Google ADK + A2A

Validates agent cards and inter-agent calls

Custom Python agents

One command, zero code changes

What's at stake

The handoff is the attack surface.

One agent gets prompt-injected. The injection becomes context for the next. Trust between agents propagates the attack faster than any single agent can detect. WAFs and traditional perimeter tools are blind to it.

Cascade path · representative scenario30 seconds to system collapse

Routine task

Orchestrator delegates to a research agent.

Tainted output

Research agent fetches a webpage with embedded prompt injection.

Handoff to executor

Planner accepts the research, plans an action against an internal API.

Authority drift

Executor inherits trust from the planner. The injection is now policy.

Cascade complete

Compromised agent infects the rest. WAFs see only valid traffic.

Every step looked rational. Faramesh would have stopped step 3 at the planner-to-executor handoff.

Other multi-agent risks

Confused-deputy attacks

An agent's authority gets exercised on behalf of an attacker who tricked the agent into acting.

Memory poisoning

Malicious instructions persist in vector stores, ready to fire weeks later when a trigger condition hits.

Audit gaps across agents

Each agent logs its own actions. Nothing logs the handoff that authorized them.

Recent signals$45M crypto agent breachApr 2026 88% hit by agent incidentsMar 2026 40% of pilots fail in 6 monthsFeb 2026

Keep exploring

Other ways teams use Faramesh.

Use case

Coding agents

Govern Cursor, Claude Code, Copilot, and custom coding agents before they touch production.

Use case

Payment agents

Govern refund agents, dispute bots, and AI commerce flows before money moves.

Use case

Customer support agents

Govern AI agents handling customer escalations, refunds, and account changes.

What changes when Faramesh is in front

Stop cascades at the handoff.

Faramesh validates inter-agent calls against policy before they execute. A compromised research agent can't authorize an executor it shouldn't reach.

Authority that doesn't drift.

Each agent runs with its own bounded permission set. Handoffs require explicit policy approval. Trust between agents is enforced, not assumed.

Evidence at every boundary.

Full audit trail of which agent invoked which, with what context, and which policy approved it. When something goes sideways, you know the exact handoff that broke.

Ship governed multi-agent systems.

Early access View on GitHub