Skip to main content
Veto is available for both TypeScript/JavaScript and Python. Choose your preferred language below.

System requirements

  • Node.js: 18.0.0 or higher
  • Package manager: npm, yarn, or pnpm
  • TypeScript (optional): 5.3.0 or higher

Install the SDK

npm install veto-sdk
Install the CLI globally for interactive commands:
npm install -g veto-cli

Initialize your project

Run veto init to create the Veto configuration structure in your project: 
npx veto init
This command creates the following structure: 
project-root/
├── veto/
│   ├── veto.config.yaml    # Main configuration
│   ├── rules/
│   │   └── defaults.yaml   # Default rules
│   └── .env.example        # Example environment variables
└── .gitignore              # Updated with veto/.env

Directory structure explained

1

veto.config.yaml

Main configuration file. Defines validation mode, logging level, and rule directories.
version: "1.0"
mode: "strict"
logging:
  level: "info"
rules:
  directory: "./rules"
  recursive: true
2

rules/ directory

Contains YAML rule files. You can organize rules by domain (e.g., financial.yaml, devops.yaml, security.yaml).
# veto/rules/defaults.yaml
version: "1.0"
name: default-rules
rules:
  - id: example-rule
    name: Example Rule
    action: log
    description: "Logs all tool calls for audit purposes"
3

.env.example

Template for environment variables. Copy to .env and add your API keys.
# LLM Provider API Keys (for semantic validation)
OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...
GEMINI_API_KEY=...
GOOGLE_API_KEY=...

# Veto Cloud (optional)
VETO_API_KEY=veto_...
VETO_PROJECT_ID=proj_...

Initialize options

You can customize the initialization with flags:

Force overwrite

Overwrite existing Veto configuration: 
veto init --force

Use a policy pack

Start with a built-in policy pack: 
veto init --pack finance
veto init --pack devops
veto init --pack security
Policy packs are pre-configured rule sets for common use cases. You can customize them after initialization.

Specify directory

Initialize in a specific directory: 
veto init --directory ./packages/my-agent

Verify installation

Check that Veto is installed correctly:
Create a test file test-veto.ts:
import { Veto } from 'veto-sdk';

async function test() {
  const veto = await Veto.init();
  console.log('✅ Veto initialized successfully!');
  console.log(veto.getHistoryStats());
}

test().catch(console.error);
Run it:
npx tsx test-veto.ts
# or
node --loader ts-node/esm test-veto.ts
You should see: 
✅ Veto initialized successfully!
{'total_calls': 0, 'allowed_calls': 0, 'denied_calls': 0, ...}

CLI commands

The Veto CLI provides interactive and headless commands:

Interactive Studio

Launch the full-screen terminal UI: 
veto
# or
veto studio
Full-screen terminal UI for managing policies, reviewing decisions, running tests, and monitoring agent activity.

Policy generation

Generate policy YAML from natural language: 
veto policy generate \
  --tool transfer_funds \
  --prompt "block transfers over $500 to unverified recipients" \
  --save ./veto/rules/financial.yaml

Guard check

Test a tool call against your rules: 
veto guard check \
  --tool transfer_funds \
  --args '{"amount": 600, "to_account": "EXT-123"}' \
  --json
Output: 
{
  "decision": "block",
  "rule": "block-large-transfers",
  "reason": "amount 600 > threshold 500"
}

Coverage scan

Check which tools have rules: 
veto scan                      # Show coverage report
veto scan --fail-uncovered     # Exit 1 if any tool is unguarded (CI gate)
veto scan --suggest            # Include YAML suggestions for uncovered tools

Policy diff

Compare policy versions: 
veto diff financial.yaml                         # Compare with git HEAD
veto diff --old ./rules-v1 --new ./rules-v2      # Compare two snapshots
See the CLI reference for the complete list of commands and options.

Docker installation

Run Veto in a containerized environment: 
FROM node:20-alpine

WORKDIR /app

COPY package.json package-lock.json ./
RUN npm install

COPY . .

# Initialize Veto
RUN npx veto init

CMD ["node", "agent.js"]
Build and run: 
docker build -t my-agent .
docker run -e OPENAI_API_KEY=$OPENAI_API_KEY my-agent

Environment variables

Veto uses environment variables for configuration:
VariableDescriptionRequired
OPENAI_API_KEYOpenAI API key for semantic validationNo
ANTHROPIC_API_KEYAnthropic API key for semantic validationNo
GEMINI_API_KEY / GOOGLE_API_KEYGoogle Gemini API keyNo
VETO_API_KEYVeto Cloud API keyNo
VETO_PROJECT_IDVeto Cloud project IDNo
VETO_CONFIG_PATHCustom path to veto.config.yamlNo
VETO_MODEOverride mode from config (strict / log)No
Never commit API keys to version control. Always use environment variables or a secrets manager.

Update Veto

Keep Veto up to date: 
npm update veto-sdk
npm update -g veto-cli
Check your installed version: 
npm list veto-sdk
veto version

Troubleshooting

Make sure you’ve run veto init in your project root. Veto looks for ./veto/veto.config.yaml relative to your current working directory.You can specify a custom path:
const veto = await Veto.init({ configPath: '/path/to/veto' });
Ensure your tsconfig.json has:
{
  "compilerOptions": {
    "module": "ESNext",
    "moduleResolution": "bundler"
  }
}
Veto uses ESM imports. If using Node.js, add "type": "module" to your package.json.
Make sure you’re using Python 3.10 or higher:
python --version
If you’re using virtual environments, ensure Veto is installed in the active environment:
pip list | grep veto
Check your veto.config.yaml:
rules:
  directory: "./rules"  # Path relative to veto/
  recursive: true       # Scan subdirectories
Verify your rule files are valid YAML:
veto scan --format json

Next steps

Quickstart

Build your first guarded agent in 5 minutes

Configuration

Deep dive into veto.config.yaml options

Writing rules

Learn the rule YAML syntax

Examples

Real-world integrations with popular frameworks

Build docs developers (and LLMs) love

Get started for freeTalk to us