Skip to main content
Veto is sudo for AI agents. AI agents can execute code, call APIs, and modify production systems. Veto is the permission layer that sits between every agent action and execution—validating, blocking, or routing to human approval before anything runs.

The problem

AI agents are crossing from demos to production. Every major company is deploying agents that can execute code, access databases, call APIs, and interact with production systems. This creates a massive trust gap:
  • Agents can rm -rf / your filesystem
  • Agents can read .env and exfiltrate secrets
  • Agents can push untested code to main
  • Agents can make network requests you never see
  • Agents can run indefinitely without human approval
Today, teams either (1) disable agents entirely, (2) trust blindly and hope, or (3) build custom guardrails that don’t scale. There is no standard permission layer for AI agents.

The solution

Veto provides a simple, declarative way to govern agent behavior: 
const veto = await Veto.init();           // loads ./veto/veto.config.yaml + rules
const guarded = veto.wrap(tools);         // inject guardrails — types preserved
// pass guarded to your agent. done.
The agent is unaware it’s being governed. Your tools are unchanged. No behavior change for the AI.

How it works

┌───────────┐         ┌────────────┐         ┌──────────────┐
│ AI Agent  │────────▶│    Veto    │────────▶│  Your Tools  │
│  (LLM)    │         │  (Guard)   │         │  (Handlers)  │
└───────────┘         └────────────┘         └──────────────┘

                      ┌─────┴──────┐
                      │ YAML Rules │  block · allow · ask
                      └────────────┘
1

Agent calls a tool

Your AI agent attempts to call a tool like transfer_funds or git_push.
2

Veto intercepts and validates

Veto intercepts the call before execution. It evaluates deterministic conditions first (local, zero latency), then optionally uses LLM validation for semantic rules.
3

Action is taken

Based on your rules, Veto will:
  • allow → executes normally
  • block → denied with reason
  • ask → human approval queue
  • warn → logs warning but allows
  • log → silently logs for audit

Key features

Deterministic-first

Static conditions run locally, zero latency, no API call. LLM validation only when you need semantic reasoning.

Provider agnostic

Works with OpenAI, Anthropic, Google, LangChain, Vercel AI SDK, and any custom tool-calling setup.

Human-in-the-loop

ask action routes sensitive decisions to an approval queue instead of auto-blocking.

Audit trail

Every decision logged with tool name, arguments, rule matched, and outcome. Exportable as JSON or CSV.

Local-first

No cloud required. Fully offline. Optional Veto Cloud for team sync and dashboard.

Zero-config defaults

veto init generates sensible baseline rules. Production-hardened in under 10 minutes.

Simple rules, powerful control

Rules are YAML files in ./veto/rules/. Static conditions run locally with no API call. LLM validation is opt-in for semantic rules. 
rules:
  - id: block-large-transfers
    name: Block transfers over $1,000
    action: block
    tools: [transfer_funds]
    conditions:
      - field: arguments.amount
        operator: greater_than
        value: 1000

  - id: require-approval-for-push
    name: Require human approval before pushing to main
    action: ask
    tools: [git_push]
    description: "Intercept any push targeting the main branch."
Actions available: block · allow · warn · log · ask (human-in-the-loop)

Packages

PackageLanguageInstallDescription
veto-sdkTypeScriptnpm install veto-sdkSDK for guarded agentic apps
vetoPythonpip install vetoSame API, all major LLM providers
veto-cliTypeScriptnpm install -g veto-cliInteractive studio + headless automation

Next steps

Quickstart

Get started with Veto in under 5 minutes

Installation

Detailed installation and setup guide

Configuration

Learn about veto.config.yaml and rule structure

Examples

Real-world examples with LangChain, OpenAI, and more

Veto Cloud

The OSS SDK runs entirely local. Veto Cloud adds:
  • Natural language → policy YAML (no manual YAML writing)
  • Central policy sync across all team repos
  • Dashboard: decisions, blocked calls, pending approvals
  • Approval workflows for human-in-the-loop at scale
  • SSO, audit export, compliance reporting

Build docs developers (and LLMs) love

Get started for freeTalk to us