Rokad
Back to work
AI-agent securityPre-stable development

Dvar

An open-source policy firewall for AI-agent actions, tool calls, and Model Context Protocol connections.

Category

AI-agent security

Status

Pre-stable development

Year

2026

Rokad role

Product strategy, policy architecture, TypeScript engineering

Rokad workPre-stable development

The product

Dvar is an open-source policy firewall for AI-agent actions, tool calls, and Model Context Protocol connections. It evaluates a proposed action before the side effect occurs and returns a deterministic decision: allow, deny, or require_approval.

The product is designed to make agent behaviour inspectable and governable at the boundary where software begins to act on systems, data, infrastructure, or external services.

The problem

AI agents can reason probabilistically while the systems they operate require deterministic control. Prompt instructions alone are not an adequate authorization, approval, or audit boundary for sensitive tool actions.

Dvar separates model reasoning from action policy. The agent may propose an operation, but execution proceeds only after the policy runtime evaluates the principal, agent, tenant, environment, capability, tool, and arguments.

Core capabilities

  • Declarative YAML and JSON policy.
  • Deterministic rule precedence and stable reason codes.
  • allow, deny, and require_approval decisions.
  • off, monitor, enforce, and strict operating modes.
  • TypeScript and Node.js-first tool wrappers.
  • JSON Schema argument validation.
  • Human approval gates for sensitive actions.
  • Privacy-conscious audit events and replay.
  • Embedded policy tests and CLI validation.
  • A path for Model Context Protocol policy enforcement.

Security boundary

Dvar complements application authorization, IAM, secrets management, sandboxing, database permissions, and network policy. It does not replace those controls, and it only protects actions that pass through its interception boundary.

This boundary is explicit by design. Dvar is not an agent framework, a generic AI gateway, or a model-based security judge.

Adoption model

Teams can begin in monitor mode, compare expected and actual decisions, run policy tests, review audit evidence, and then introduce enforcement gradually around higher-risk tools and capabilities.

Current stage

Dvar is in pre-stable development. Its current direction focuses on a compact deterministic runtime, clear policy semantics, generic TypeScript integration, approval workflows, auditability, and production-safe rollout.

Continue through the work

Every project is part of a larger capability system.