sudo for AI agents Stop agents from deleting files, leaking secrets, or pushing to prod — without slowing anyone down. Veto is the authorization kernel that sits between every agent action and execution.
rules : - id : block-large-transfers name : Block transfers over $1,000 action : block tools : [ transfer_funds ] conditions : - field : arguments.amount operator : greater_than value : 1000 - id : require-approval-for-push name : Require approval before pushing action : ask tools : [ git_push ]
Quick start Get Veto running in under 5 minutes. Works with any LLM provider and agent framework.
Install Veto
Install the SDK for your language:
Initialize configuration
Create your Veto configuration and default rules: This creates ./veto/veto.config.yaml and sensible default rules in ./veto/rules/.
Wrap your tools
Add Veto to your existing agent code: import { Veto } from 'veto-sdk' ; const veto = await Veto . init (); const guarded = veto . wrap ( myTools ); // Types preserved // Pass guarded tools to your agent const agent = createAgent ({ tools: guarded });
from veto import Veto veto = await Veto.init() guarded = veto.wrap(my_tools) # Pass guarded tools to your agent agent = create_agent( tools = guarded)
That’s it. Your agent is now governed by Veto rules. Explore by topic Dive into the documentation for your use case.
Core Concepts Learn how Veto intercepts and validates agent tool calls
Writing Rules Create YAML rules with deterministic conditions and semantic validation
TypeScript SDK Complete TypeScript SDK reference with type-safe APIs
Python SDK Python SDK for all major LLM providers and frameworks
CLI Reference Interactive Studio and headless policy operations
Integrations Drop-in support for LangChain, Vercel AI, OpenAI, and more
Key features Built for production. Works everywhere.
Deterministic-first Static conditions run locally with zero latency. No API call needed. LLM validation only for semantic rules.
Provider agnostic Works with OpenAI, Anthropic, Google, LangChain, Vercel AI SDK, and any custom tool-calling setup.
Human-in-the-loop Route sensitive decisions to an approval queue instead of auto-blocking. Full audit trail included.
Local-first No cloud required. Fully offline. Optional Veto Cloud for team sync and central dashboard.
Policy packs Pre-built rule sets for common agent use cases.
Coding Agent Protect against destructive file operations and unsafe git commands
Financial Operations Limit transaction amounts and require approval for high-value transfers
Deployment & Infrastructure Control production deployments and infrastructure changes
Data Access Restrict access to sensitive data and PII
Ready to secure your AI agents? Get started with Veto in under 5 minutes. No cloud account required.
Start Building 
