The New AI Agent Primitive: Why Policy Needs Its Own Language (And Why YAML and Rego Fall Short)

Source: Dev.to

Introduction

AI agents are no longer experiments. They’re writing code, moving money, and operating infrastructure. As they gain autonomy, a critical question emerges: how do you safely control what they can do?

Most teams start with system prompts and YAML configs. Some move to generic policy engines like OPA/Rego or Cedar. However, neither approach was designed specifically for agents. YAML lacks native concepts such as budgets, phases, and delegation. Rego is powerful but generic, treating “deny” as a runtime afterthought.

The Need for a Dedicated Agent Policy Language

That’s why FPL (Faramesh Policy Language) was created—a domain‑specific language purpose‑built for AI agent governance. It is not a repurposed config format; it is a new primitive for the agentic stack.

Comparing Approaches

YAML‑Based Policies

A typical agent policy in YAML with expression evaluation looks like this (abbreviated):

# Example (abbreviated)
agent:
  budget: 1000
  phases:
    - name: init
      allow: true
    - name: execute
      deny: false
  delegation:
    max_amount: 500

Even in this simplified version, agent‑specific concepts like budgets, phases, and delegation are merely conventions—they’re not enforced by the language. There’s no guarantee that a later rule won’t accidentally override a deny, and as policies grow, YAML becomes hard to maintain.

Rego‑Based Policies

Rego is a general‑purpose policy language designed for infrastructure authorization. Writing a simple agent policy requires learning a new logic language:

# Example (abbreviated)
package agent

default allow = false

allow {
    input.budget  500 to finance

    deny! {
        command == "shell"
    }
}

In FPL, deny! is a compile‑time constraint that cannot be overridden by any other rule, regardless of position or priority. In Rego and YAML‑based systems, “deny” is merely a runtime decision, making accidental permission grants possible. FPL eliminates that class of error.

Natural Language Compilation & Backtesting

Policies can be written in plain English and compiled to FPL:

faramesh policy compile "deny all shell commands, defer refunds over $500 to finance"

FPL files are plain‑text (.fpl), version‑controlled, and validated in CI. The language includes a formal EBNF grammar, a conformance test suite, and editor tooling (VS Code, JetBrains, Neovim) is on the way. It compiles to the same internal representation as YAML, allowing mixed‑format workflows.

Policies can also be expressed as:

• Code annotations – @faramesh.tool(defer_above=500)
• YAML (interchange format)
• Natural language (compiled to FPL)

Why FPL Is a Game‑Changer

As agents move into production, policy becomes a core primitive—on par with the agent’s model or tools. YAML was never intended for this purpose, and Rego was built for static infrastructure, not dynamic, multi‑step agent workflows. FPL is the first language designed specifically for AI agents. It reduces complexity, eliminates entire classes of configuration errors, and gives safety teams a way to enforce policy without rewriting the agent.

Getting Started

If you’re building agents, stop hoping that prompts or YAML will hold. Try FPL.

• GitHub repository: – language spec, examples, conformance tests
• Documentation: – complete language reference
• Core library: