GitHub - faramesh/faramesh-core: Governance-as-Code for AI agents. Declarative constraints with deterministic enforcement. Provisioning Identity, Tool-based rules, Brokering Credentials & Ensuring safe deployment

2 min read Original article ↗

Faramesh

Every agent tool call is a policy decision.

Declare permissions in governance.fms. A local daemon permits, defers, or denies each tool call before it runs. Decisions are hash-chained in a WAL. No SDK lock-in. No cloud required.

License: MPL-2.0 Stars Latest release CI Docs

Slack Quickstart

Faramesh decisions streaming in real time

Install

curl -fsSL https://install.faramesh.dev/install.sh | bash
faramesh version

Also Homebrew, npx, Go install, or build from git. All install paths →

Works with the agent stack you already have

LangGraph · LangChain · CrewAI · OpenAI Agents · Claude Agents SDK · Claude Code · Cursor · MCP · AutoGen · AG2 · LlamaIndex · Pydantic AI · Bedrock · Semantic Kernel

13 frameworks today. SDK shim, MCP proxy, HTTP proxy, or A2A. Pick the tier that matches the agent. Framework guides →

What you get

  • Deterministic decisions. Pure functions over policy and the action payload. No LLM in the decision path.
  • Non-bypassable enforcement. Local daemon. Every tool call goes through it. No SDK to forget to wrap.
  • Identity-bound. SPIFFE SVIDs, OIDC, or cloud workload identity. Credentials brokered at the call site.
  • Tamper-evident audit. Decision Provenance Records, hash-chained WAL, optional KMS signing.

A policy

agent "support-bot" {
  default deny

  rules {
    permit crm/customers/read
    permit crm/tickets/create
    permit email/send             if domain == "@yourcompany.com"
    defer  email/send             if domain != "@yourcompany.com"
    defer  billing/cancel_subscription
    deny   billing/delete_account
  }

  rate_limit "email/send": 50 per hour

  budget daily {
    max       $20
    on_exceed defer
  }
}

External emails go to a human. Cancellations require a click. Deletion is impossible without editing the policy. Daily spend ceiling. Every decision lands in a verifiable log.

More policy patterns → · FPL reference →

How Faramesh compares

Faramesh is the local enforcement daemon for tool-call decisions. It's narrower than full-stack agent platforms (Microsoft AGT) and operates outside the model output evaluation layer (Galileo Agent Control). Detailed comparison →

Documentation

Start here · Why Faramesh · Quickstart · Write your first policy

Concepts · How it works · Interception · Enforcement · Auditing

Reference · FPL · Stack file · CLI · Python SDK · TypeScript SDK

Community

Slack for daily conversation. GitHub Discussions for design proposals. Contributing guide for the policy pack registry and framework adapters.

Star this repo if you ship AI agents to production

It helps other engineers find Faramesh.

License

MPL-2.0.

Built by

Amjad Fatmi and Brian Hall at Faramesh Labs.