Let safe calls run
No human bottleneck inside policy.
Runtime authorization for AI agentsStop risky AI actions
Stop risky AI actions
before they happen.
Veto checks risky agent actions before money moves, data leaves, records change, or customers are contacted.Veto separates technical capability from what agents may do, checking risky actions before money moves, data leaves, records change, or customers are contacted.
Safe actions run. Risky actions wait. Forbidden actions stop. Every decision is recorded.
Works with OpenAI, Anthropic, Gemini, MCP, AI SDK, LangChain, LangGraph, CrewAI, Pydantic AI, Playwright, OpenClaw, Hermes, and x402.
works withRules that let agents act.
Write the policy in English. Veto turns it into reviewed rules: safe actions run, risky actions wait, forbidden actions stop.
Require approval
Refunds, exports, and record changes wait.
Stop or redact
Forbidden calls and sensitive data stay out.
Record every decision
Actor, tenant, tool, policy, approver.
draft.policyReview
Refunds over $200 need approval
Draft ready. Matching refunds will wait for approval.
Tool
issue_refund
Constraint
amount > 200
Verdict
require_approval
Approval required
The refund tool waits until a reviewer approves.
Veto governs the moment agents act.
Authentication tells you who the agent is. Sandboxes limit where it runs. Guardrails shape what it says. Observability shows what happened. Veto decides whether the action should execute while it can still be stopped.
Authentication is not approval
A valid agent identity does not approve the refund, export, or message.
Sandboxing is not policy
A sandbox contains code. It does not know whether this customer, amount, or record is allowed.
Guardrails are not enforcement
Prompts and model filters influence behavior. Veto checks the action outside the model.
Logs are not control
Logs explain after. Veto can hold or block before the side effect.
SDK
3 lines. Framework agnostic.
Wrap your tools once. Veto returns a verdict before any call runs. No rewrites, no proxy, no new framework.
Install
pnpm add veto-sdk
agent.tsveto-sdk
import { protect } from "veto-sdk";
const safeTools = await protect(tools);
const agent = createAgent({
tools: safeTools,
});Same agent. Same tools. Policy decides before execution.
Verdict
require_approval
Tool
issue_refund
Record
rec_7f3a
Give buyers the control proof they ask for.
When agents touch money, records, or customers, security asks one question: what stops the wrong call? Veto gives you the answer before procurement slows the deal.
MoneySet limitsTransfers, payouts, refunds.
PHIStop leaksEligibility, prior auth, messages, EHR writes.
ClaimsRoute exceptionsClaim edits, carrier messages, underwriting changes.
CasesHold releasesBenefits flows, procurement updates, exports, agency messages.
Where to begin
Accountability for every agent action.
Start with Wrap the agent's tools. Add policy. Test the decision. Show the record.
European CommissionEU AI Pact Signatory
Listed alongside Palantir and Porsche. Veto enforces human-defined rules before consequential agent actions and gives global teams decision records in minutes.