Faramesh Docs
Tutorials & guides

Offboarding and decommissioning

Remove Faramesh enforcement, export final audit evidence, and retire stacks cleanly.

Before you remove Faramesh

  1. Export audit evidence

    faramesh audit export --stack ./my-stack --out ./audit-archive
faramesh audit verify --stack ./my-stack

  2. Revoke brokered credentials: rotate Vault paths, cloud IAM roles, and API keys that providers issued to agents.

  3. Document final policy: archive governance.fms, governance.compiled.json, and import pins for retention policy.

Stop enforcement

faramesh destroy --stack ./my-stack

Or remove the daemon unit / sidecar from orchestration manifests and redeploy agents without the SDK shim or MCP proxy URL.

Remove interception

TierUndo
SDK shimRestore native tool list in agent code
MCP proxyPoint MCP client back to original server URL
HTTP proxyRestore direct vendor endpoint

Clean local state

rm -rf .faramesh

Removes cached providers, import cache, and WAL (only after export if audit retention requires it).

Partial offboarding

To keep audit but pause enforcement, use runtime { mode = "monitor" } (if enabled in your version) or detach providers while retaining WAL verify behavior in staging first.

Deploying Faramesh at scale

Topologies, fleet operations, catalog mirrors, and production posture for platform teams.

Contributing to Faramesh

How to clone the repos, find the right code, and open a pull request. Across core, docs, SDKs, and the registry.

On this page

Before you remove FarameshStop enforcementRemove interceptionClean local statePartial offboardingRelated