How-to guides

Guides for governing the next agent action.

Use these when an agent already has real tools and the next failure mode is concrete: role scope, human review, SOC 2 evidence, MCP policy, prompt-injection fallout, or tenant isolation. Each guide starts from the point where policy has to run.

Use these guides

Pick the guide closest to the risk in front of you. Implementation covers first enforcement. Integration covers frameworks and MCP. Compliance turns governed calls into decision records. Security covers prompt injection, exfiltration, and tenant breaks after tools are live. Each guide ends with a production checklist you can use in review.

Implementation

Put policy and review in front of an agent you already run.

How to implement RBAC for AI agents

Combine role-based access with runtime policy. Why RBAC alone is not enough and where each check belongs.

How to add human approval to AI agents

Define the review contract: approver context, timeout behavior, escalation, and the decision record left behind.

How to shadow-test AI agent policies

Run new policies in observe-only mode, measure false positives, and move to enforcement with a rollback path.

Integration

Place Veto at the framework, runtime, or protocol boundary your agents already use.

How to authorize Claude tool calls

Wrap tool_use blocks from the Anthropic SDK with a Veto decision before they execute.

How to enforce MCP tool policies

Run Veto as an MCP Gateway in front of your servers. Detect changed tool definitions and govern tool calls before forwarding.

Compliance

Produce decision records that customers, auditors, and reviewers can inspect.

How to record AI agent decisions for SOC 2

Set up decision records that map to CC6.1 and CC7.2. Schema, retention, and what auditors check.

How to record AI agent actions

Build a query-ready decision record of each governed tool call, decision, and approval. Records for review and forensics.

Security

Control the attack patterns that show up once agents can use real tools.

How to contain prompt injection in production

Defense in depth: input filtering, output validation, and tool-call authorization as the last line.

How to block data exfiltration from agents

Argument-level constraints on read tools. Row caps, PII column blocking, tenant boundaries.

How to set up multi-tenant AI agent isolation

Per-tenant policies, tenant-id propagation, and policy versioning when you serve many customers.

Framework authorization guides

New cited guides for tool-call authorization across the agent frameworks buyers are already using.

OpenAI Agents SDK: authorize AI agent tool calls

A practical OpenAI Agents SDK guide for checking tool calls before execution with policy, approval, and decision records.

OpenAI function calling: authorize AI agent tool calls

A practical OpenAI function calling guide for checking tool calls before execution with policy, approval, and decision records.

Anthropic tool use: authorize AI agent tool calls

A practical Claude tool use guide for checking tool calls before execution with policy, approval, and decision records.

Claude Code PreToolUse: authorize AI agent tool calls

A practical Claude Code hooks guide for checking tool calls before execution with policy, approval, and decision records.

Vercel AI SDK approval: authorize AI agent tool calls

A practical AI SDK tools guide for checking tool calls before execution with policy, approval, and decision records.

LangGraph interrupts: authorize AI agent tool calls

A practical LangGraph guide for checking tool calls before execution with policy, approval, and decision records.

LangChain tools: authorize AI agent tool calls

A practical LangChain guide for checking tool calls before execution with policy, approval, and decision records.

CrewAI tools: authorize AI agent tool calls

A practical CrewAI guide for checking tool calls before execution with policy, approval, and decision records.

AutoGen tools: authorize AI agent tool calls

A practical Microsoft AutoGen guide for checking tool calls before execution with policy, approval, and decision records.

Pydantic AI tools: authorize AI agent tool calls

A practical Pydantic AI guide for checking tool calls before execution with policy, approval, and decision records.

Semantic Kernel plugins: authorize AI agent tool calls

A practical Semantic Kernel guide for checking tool calls before execution with policy, approval, and decision records.

LlamaIndex agents: authorize AI agent tool calls

A practical LlamaIndex guide for checking tool calls before execution with policy, approval, and decision records.

Mastra tools: authorize AI agent tool calls

A practical Mastra guide for checking tool calls before execution with policy, approval, and decision records.

browser-use agents: authorize AI agent tool calls

A practical browser-use guide for checking tool calls before execution with policy, approval, and decision records.

Playwright agents: authorize AI agent tool calls

A practical Playwright guide for checking tool calls before execution with policy, approval, and decision records.

MCP tool allowlists: authorize AI agent tool calls

A practical MCP guide for checking tool calls before execution with policy, approval, and decision records.

Remote MCP approval gates: authorize AI agent tool calls

A practical Remote MCP guide for checking tool calls before execution with policy, approval, and decision records.

GitHub agent writes: authorize AI agent tool calls

A practical GitHub API guide for checking tool calls before execution with policy, approval, and decision records.

Slack agent messages: authorize AI agent tool calls

A practical Slack API guide for checking tool calls before execution with policy, approval, and decision records.

Salesforce agent writes: authorize AI agent tool calls

A practical Salesforce API guide for checking tool calls before execution with policy, approval, and decision records.

Release the next agent with authority at the tool boundary

Book a callInstall the SDK