aarvion-ai-governance
v0.0.3
Published
Aarvion developer data plane (Node/TS) - govern your agent's LLM/HTTP calls locally against the same signed policies your sidecar enforces.
Maintainers
Readme
aarvion-ai-governance (Node/TS)
The Aarvion developer data plane for Node — govern your agent's LLM/HTTP calls
locally against the same signed policies your sidecar enforces. The TS/Node
counterpart to aarvion-ai-governance (Python): same CP backend, same bundles,
same OPA engine, decisions tagged source: sdk.
Install
npm install aarvion-ai-governanceThe SDK spawns a local OPA to evaluate policy. On first run it auto-downloads a
pinned, checksum-verified OPA to ~/.aarvion/opa/ — no separate install needed.
A system opa on PATH (or AARVION_OPA_PATH) is used if present; set
AARVION_OPA_AUTODOWNLOAD=0 to disable the download.
Connect an agent
npx aarvion init --api-key aav_... # writes .aarvion.toml (0600)
# or headless: set AARVION_RUNTIME_KEY (+ AARVION_CP_URL for self-hosted)Govern your agent
import * as aarvion from 'aarvion-ai-governance';
import OpenAI from 'openai';
await aarvion.init(); // resolves config, starts local OPA
const client = new OpenAI({ fetch: aarvion.governedFetch() });
// every request now runs: build ext_authz input → local OPA → allow / deny(403) / redact → provenanceOr wrap an existing client / fetch:
aarvion.wrap(client); // client exposing a settable `fetch` (openai/anthropic)
const gf = aarvion.wrap(fetch); // a governed fetchA denied request comes back as a synthetic 403 (mirroring the sidecar:
x-policy-violated / x-policy-reason), so your normal HTTP error path handles
it; redacted bodies are rewritten in flight.
CLI
aarvion whoami # show resolved local config (secrets redacted)
aarvion check --host api.openai.com --path /v1/chat/completions --body @req.json # CI gate (exit 3 on deny)
aarvion status # bundle / provenance chain stateTrust model
The SDK is an addition to the sidecar DP, not a replacement: out-of-process
enforcement can't be bypassed; the in-process SDK is cooperative dev tooling.
Decisions are tagged source: sdk and excluded from compliance evidence packs.
What your devs test on a laptop is the bit-for-bit policy set prod enforces.
Parity with the Python SDK
Same surfaces: init / wrap / active / Session, the aarvion CLI
(init/whoami/check/status), local-OPA runtime (signed bundle pull, same
data.envoy.authz.allow entrypoint), the PII redact rewrite (byte-identical
placeholders), and the source:sdk hash-chained provenance push. Interception
is at the fetch layer (Node) instead of the httpx transport (Python).
