Dvar is a policy firewall for AI agents. It evaluates tool actions before side effects occur and returns a deterministic allow, deny, or require_approval decision.
Dvar complements application authorization, IAM, sandboxing, secrets management, database permissions, and network policy. It does not replace those controls, and it only protects actions that pass through its interception boundary.
Status
The current release is pre-stable. Review package release notes before upgrading and test policy behaviour before enabling enforcement in production.
Install
npm install @rokadhq/dvarInitialize a policy
npx dvar init
npx dvar validate
npx dvar test-policyThe generated policy starts in monitor mode. Monitor mode allows actions to execute while recording the decision Dvar would have enforced.
Protect a tool
import { createDvar } from "@rokadhq/dvar";
const dvar = await createDvar({ policyPath: "dvar.yaml" });
const readCustomer = dvar.protectTool({
name: "crm.read_customer",
capabilities: ["data.read"],
inputSchema: {
type: "object",
additionalProperties: false,
required: ["customerId"],
properties: {
customerId: { type: "string", minLength: 1 },
},
},
execute: async ({ customerId }: { customerId: string }) => ({
customerId,
status: "active",
}),
});Call the protected tool with execution context:
const customer = await readCustomer(
{ customerId: "customer-1" },
{
principal: { id: "user-1", type: "user" },
agent: { id: "support-agent" },
tenant: { id: "tenant-a" },
environment: "production",
},
);Operating modes
| Mode | Behaviour |
|---|---|
monitor | Executes the action and records would_allow, would_deny, or would_require_approval. |
enforce | Blocks denied and approval-gated actions before the executor runs. |
strict | Applies the strongest configured enforcement behaviour. |
off | Disables Dvar evaluation for the configured boundary. |
Current capabilities
- Declarative YAML and JSON policies
- Deterministic precedence
- Generic JavaScript and TypeScript tool wrappers
- JSON Schema argument validation
- Stable reason codes
- Privacy-conscious audit events
- Embedded policy tests
- JSONL replay that never invokes tools
- CLI commands for initialization, validation, diagnostics, testing, replay, and version inspection
Production rollout
- Define the tools and capabilities that cross the Dvar boundary.
- Start in
monitormode. - Review audit events and policy-test results.
- Correct unexpected decisions before enforcement.
- Enable enforcement gradually for high-risk actions.
- Keep application authorization, IAM, sandboxing, secrets, and infrastructure policy in place.