From the creators of
VulnZapVulnZap

Deterministic guardrails for autonomous agents

Control what your AI agents can and cannot do with enforceable policies for browser execution.

Get startedStar us on GitHub
Veto terminal interface

The deployment gap

65% are experimenting. Only 11% are shipping.

65%
Piloting AI agents
11%
In production

The blocker isn't capability. It's authorization.

KPMG AI Pulse Survey, Q1 2025

Compatible with common agent frameworks

OpenAI
Anthropic
Google Gemini
LangChain
Playwright
MCP

Framework names are listed for compatibility context and do not imply endorsement.

What happens when your agent goes rogue?

run_agent.pypython3
navigateamazon.com/deals
search"best laptop deals"
clickbutton#add-to-cart
clickbutton#buy-now-1-click
clickbutton#buy-saved-items
evaluatelocalStorage.paymentMethods
$8,439 charged. Payment data leaked. No audit trail.

This is what "autonomous" looks like without authorization.

Core Features

Authorization primitives

Policy enforcement

Allow, deny, or require approval. Per domain, per action, per selector.

Real-time interception

Every tool call passes through Veto before execution. <5ms overhead.

Human-in-the-loop

Route sensitive actions to Slack, email, or dashboard for approval.

Full audit trail

Every decision logged. Searchable, exportable, compliance-ready.

Policy-as-code example

toolName: send_email
mode: deterministic
constraints:
- argumentName: recipient
enabled: true
regex: ".*@company\.com"
- argumentName: subject
enabled: true
minLength: 10

Every generation builds a permission layer.

1969
Bell Labs
gave Unix permissions.
Programs destroyed each other.
Multi-user computing.
1994
Netscape
gave the web the padlock.
Passwords flew in plaintext.
E-commerce.
2008
Apple
gave apps the permission dialog.
Apps had full device access.
The app economy.
2025
AI Agents have everything.
Where's ours?

Drop in. Lock down.

Three lines of code. Full authorization control.

import { chromium } from 'playwright'
import { Veto } from 'veto'
const browser = await chromium.launch()
const page = await browser.newPage()
const tools = [
  {
    type: 'function',
    function: {
      name: 'browser_navigate',
      description: 'Navigate to a URL',
      parameters: {
        type: 'object',
        properties: {
          url: { type: 'string' }
        },
        required: ['url']
      }
    }
  },
  {
    type: 'function',
    function: {
      name: 'browser_click',
      description: 'Click a selector',
      parameters: {
        type: 'object',
        properties: {
          selector: { type: 'string' }
        },
        required: ['selector']
      }
    }
  }
]
const toolHandlers = {
  browser_navigate: async ({ url }: { url: string }) = page.goto(url),
  browser_click: async ({ selector }: { selector: string }) = page.click(selector)
}
const veto = await Veto.init()
const wrappedTools = veto.wrap(tools)
await agent.run('Book a flight under $400', { tools: wrappedTools, toolHandlers })
1
Wrap toolsAgent calls them as usual
2
Validate argumentsPolicies match inputs
3
Enforce decisionsAllow, block, or approve
View documentation

Works with your stack

Drop-in integration with popular agent frameworks

Playwright
Browser automation
Browser Use
Browser-based agents
LangChain
LLM framework
LangGraph
Agent workflows
CrewAI
Multi-agent teams
Vercel AI
AI SDK
PydanticAI
Typed agents
MCP
Model Context Protocol

Pricing

Start free. Scale when ready.

Free

$0/mo
  • 10K decisions/mo
  • 10 policy generations/mo
  • 1 agent
  • 7-day logs

Team

$99/mo
  • 100K decisions/mo
  • 100 policy generations/mo
  • 10 agents
  • 30-day logs

Business

$499/mo
  • 1M decisions/mo
  • 1,000 policy generations/mo
  • Unlimited agents
  • 90-day logs

Enterprise

Custom
  • Unlimited decisions
  • Unlimited policy generations
  • Unlimited agents
  • Custom retention

Start free. No credit card required.

Get started freeTalk to us

FAQ

Veto intercepts every tool call your AI agent makes before execution. Each action is evaluated against your policies—allowing safe actions instantly, blocking dangerous ones, or routing sensitive operations to humans for approval.