Rokad

Getting started

Install Dvar and place deterministic policy controls in front of AI-agent tool actions.

View repository
dvar documentation
Page 1 of 1

Dvar is a policy firewall for AI agents. It evaluates tool actions before side effects occur and returns a deterministic allow, deny, or require_approval decision.

Dvar complements application authorization, IAM, sandboxing, secrets management, database permissions, and network policy. It does not replace those controls, and it only protects actions that pass through its interception boundary.

Status

The current release is pre-stable. Review package release notes before upgrading and test policy behaviour before enabling enforcement in production.

Install

bash
npm install @rokadhq/dvar

Initialize a policy

bash
npx dvar init
npx dvar validate
npx dvar test-policy

The generated policy starts in monitor mode. Monitor mode allows actions to execute while recording the decision Dvar would have enforced.

Protect a tool

ts
import { createDvar } from "@rokadhq/dvar";

const dvar = await createDvar({ policyPath: "dvar.yaml" });

const readCustomer = dvar.protectTool({
  name: "crm.read_customer",
  capabilities: ["data.read"],
  inputSchema: {
    type: "object",
    additionalProperties: false,
    required: ["customerId"],
    properties: {
      customerId: { type: "string", minLength: 1 },
    },
  },
  execute: async ({ customerId }: { customerId: string }) => ({
    customerId,
    status: "active",
  }),
});

Call the protected tool with execution context:

ts
const customer = await readCustomer(
  { customerId: "customer-1" },
  {
    principal: { id: "user-1", type: "user" },
    agent: { id: "support-agent" },
    tenant: { id: "tenant-a" },
    environment: "production",
  },
);

Operating modes

ModeBehaviour
monitorExecutes the action and records would_allow, would_deny, or would_require_approval.
enforceBlocks denied and approval-gated actions before the executor runs.
strictApplies the strongest configured enforcement behaviour.
offDisables Dvar evaluation for the configured boundary.

Current capabilities

  • Declarative YAML and JSON policies
  • Deterministic precedence
  • Generic JavaScript and TypeScript tool wrappers
  • JSON Schema argument validation
  • Stable reason codes
  • Privacy-conscious audit events
  • Embedded policy tests
  • JSONL replay that never invokes tools
  • CLI commands for initialization, validation, diagnostics, testing, replay, and version inspection

Production rollout

  1. Define the tools and capabilities that cross the Dvar boundary.
  2. Start in monitor mode.
  3. Review audit events and policy-test results.
  4. Correct unexpected decisions before enforcement.
  5. Enable enforcement gradually for high-risk actions.
  6. Keep application authorization, IAM, sandboxing, secrets, and infrastructure policy in place.