Rokad
Toda la documentación
Documentación de dvar

Frameworks, output, and local tools

Wrap framework tools, filter tool output, and supervise local subprocess execution with Dvar.

Ver repositorio
Documentación de dvar
Página 5 de 6

Dvar protects the boundary where an agent action enters a real system. In version 0.7 that boundary can be a framework tool, an MCP call, an ordinary function, a local subprocess, or a returned tool output.

Vercel AI SDK adapter

ts
import { protectVercelAISDKTools } from "@rokadhq/dvar/adapters/vercel-ai-sdk";

const tools = protectVercelAISDKTools(originalTools, {
  runtime: dvar,
  context: {
    principal: { id: "user-1", type: "user" },
    agent: { id: "assistant", framework: "vercel-ai-sdk" },
    environment: "production",
    session: { id: "session-1" }
  }
});

The adapter preserves the framework-facing tool shape and routes execution through Dvar. Calls to the original unwrapped tool objects bypass Dvar.

Output guard

ts
const dvar = await createDvar({
  policyPath: "dvar.yaml",
  outputGuard: {
    policy: {
      maxBytes: 64000,
      allowedContentTypes: ["json", "text"],
      redactBuiltInSecrets: true,
      deny: [{ id: "prompt-injection", pattern: "ignore previous instructions" }]
    }
  }
});

Output filtering happens before protected-tool results are returned to the application or model context. Denied output is not returned to protected-tool callers.

Stdio and local tools

ts
import { createStdioSupervisor } from "@rokadhq/dvar/stdio";

const supervisor = createStdioSupervisor({
  runtime: dvar,
  policy: {
    requireAbsoluteCommand: true,
    allowedExecutables: [{ command: "/usr/bin/git" }],
    timeoutMs: 10000,
    maxStdoutBytes: 32000,
    env: { inherit: false }
  }
});

Dvar spawns supervised processes with shell: false and does not inherit the parent environment by default. It can inspect executable identity, bound arguments, restrict cwd and paths, cap output, and record outcomes.

Boundary rule

Dvar is not a sandbox, IAM layer, secrets manager, DLP platform, or SIEM. It must be combined with operating-system permissions, workload isolation, application authorization, credential scoping, and network policy.