MVAR: Deterministic execution firewall for LLM agents (50 attacks blocked)

One clarification: MVAR is not a prompt filter and not a model judge.

The enforcement happens at the execution boundary. If model output reaches a critical sink (shell, filesystem, credentials, etc.) with untrusted provenance, the runtime blocks the call deterministically.

The repo includes the full attack corpus and proof pack if anyone wants to test the enforcement model locally.. Cheers - Shawn