Skip to content

DvalinCodeThe approvable coding agent for regulated teams

Any model · local-first · policy-bound · audit-ready — AI coding your security team can actually approve.

DvalinCode

Install in 60 seconds

Don't take the claims on trust — verify them on your own machine:

sh
curl -fsSL https://raw.githubusercontent.com/arthurpanhku/dvalincode/main/scripts/install.sh | bash
dvalincode trust

trust prints this install's live security posture: the resolved org policy and its hash, per-boundary network enforcement (provider · shell · MCP), and the tamper-evident audit status — the exact evidence a security reviewer needs, straight from the tool itself.

Then let the agent work, and prove what it did after the fact:

sh
dvalincode report verify    # re-derive the hash chain of the last run's audit log

Windows builds and manual downloads for every platform are on the releases page, with SHA256SUMS.txt and build provenance attestation for each archive.

One binary, three frontends

Run dvalincode bare for an interactive terminal agent with streaming output, inline approvals, and red/green diffs — or dvalincode serve to host the web GUI for browser and remote use. An experimental desktop app ships on a separate pre-release track. All three drive the same agent core.

DvalinCode web GUI

Built for teams that need a "yes" from security

DvalinCode is an approvable agent runtime, not just another coding agent. The product is the evidence a security, compliance, or platform team needs to safely allow AI coding in finance, healthcare, and other confidential codebases:

  • Controllable — an org policy bounds the blast radius.
  • Transparentdvalincode trust makes the posture self-verifiable.
  • Auditable — the hash-chained log proves what every run did.

Start with the threat model to see the full attack surface — malicious AGENTS.md, poisoned MCP servers, prompt-injection escalation, egress, audit tampering — each mapped to the control that defends it and the honest residual gap.

Released under the MIT License. Not affiliated with any AI vendor.