The product
Dvar is an open-source policy firewall for AI-agent actions, tool calls, and Model Context Protocol connections. It evaluates a proposed action before the side effect occurs and returns a deterministic decision: allow, deny, or require_approval.
The product is designed to make agent behaviour inspectable and governable at the boundary where software begins to act on systems, data, infrastructure, or external services.
The problem
AI agents can reason probabilistically while the systems they operate require deterministic control. Prompt instructions alone are not an adequate authorization, approval, or audit boundary for sensitive tool actions.
Dvar separates model reasoning from action policy. The agent may propose an operation, but execution proceeds only after the policy runtime evaluates the principal, agent, tenant, environment, capability, tool, and arguments.
Core capabilities
- Declarative YAML and JSON policy.
- Deterministic rule precedence and stable reason codes.
allow,deny, andrequire_approvaldecisions.off,monitor,enforce, andstrictoperating modes.- TypeScript and Node.js-first tool wrappers.
- JSON Schema argument validation.
- Human approval gates for sensitive actions.
- Privacy-conscious audit events and replay.
- Embedded policy tests and CLI validation.
- A path for Model Context Protocol policy enforcement.
Security boundary
Dvar complements application authorization, IAM, secrets management, sandboxing, database permissions, and network policy. It does not replace those controls, and it only protects actions that pass through its interception boundary.
This boundary is explicit by design. Dvar is not an agent framework, a generic AI gateway, or a model-based security judge.
Adoption model
Teams can begin in monitor mode, compare expected and actual decisions, run policy tests, review audit evidence, and then introduce enforcement gradually around higher-risk tools and capabilities.
Current stage
Dvar is in pre-stable development. Its current direction focuses on a compact deterministic runtime, clear policy semantics, generic TypeScript integration, approval workflows, auditability, and production-safe rollout.