LangGraph Agent Guardrails with Veto
Runtime authorization for LangGraph agents. Enforce policies at graph nodes, control state transitions, and add approval checkpoints without modifying your agent architecture.
Why LangGraph agents need guardrails
LangGraph agents operate as state machines, transitioning between nodes based on conditions and tool outputs. This state-based architecture creates unique authorization challenges: each node may need different permissions, state transitions can trigger sensitive operations, and complex graphs make it hard to trace authorization boundaries. Veto adds authorization checkpoints at any node in your graph, ensuring every tool call and state transition is evaluated against policy before execution.
Quick start
Wrap your LangGraph tools with Veto's protect() function. Add authorization nodes to your graph for state-based policy evaluation.
from langgraph.graph import StateGraph, END
from veto import protect # Add Veto SDK
# Define your agent state
class AgentState(TypedDict):
messages: list
tools: list
context: dict
# Create tools with Veto protection
tools = protect([
{
"name": "process_payment",
"description": "Process a payment for a customer",
"parameters": {
"type": "object",
"properties": {
"amount": {"type": "number"},
"customer_id": {"type": "string"},
},
},
},
{
"name": "query_database",
"description": "Query the customer database",
"parameters": {
"type": "object",
"properties": {
"query": {"type": "string"},
"tables": {"type": "array"},
},
},
},
])
# Build your graph
workflow = StateGraph(AgentState)
workflow.add_node("agent", agent_node)
workflow.add_node("tools", tool_node)
workflow.set_entry_point("agent")
workflow.compile()State-based authorization patterns
LangGraph's state machine architecture enables powerful authorization patterns that go beyond simple tool-call interception. Add authorization at the graph level for comprehensive control.
Node-level checkpoints
Add authorization nodes between any two nodes in your graph. Control which transitions are allowed based on current state, user context, and tool outputs.
State-aware policies
Write policies that consider the entire conversation state, not just individual tool calls. Block operations based on previous actions or accumulated context.
Human-in-the-loop routing
Route sensitive operations to approval nodes that pause graph execution until human review. Resume automatically on approval or terminate on denial.
Conditional edges
Use authorization decisions to determine graph flow. Branch to different nodes based on policy outcomes: allow, deny, or escalate for review.
Integration features
Drop-in tool protection
Wrap your LangGraph tools with protect() for instant authorization. No changes to tool definitions or agent logic.
State context injection
Authorization policies automatically receive LangGraph state as context. Make decisions based on conversation history, user roles, and accumulated data.
Graph-aware approvals
Approval requests include full graph context: current node, execution path, and state snapshot. Reviewers see the complete picture.
Streaming support
Works with LangGraph's streaming mode. Authorization decisions happen inline without interrupting the streaming response.
Related integrations
Frequently asked questions
How does Veto integrate with LangGraph's state machine?
Can I use different policies for different graph nodes?
How do approval workflows work with LangGraph's execution model?
Does Veto work with LangGraph's persistence and checkpointing?
Add guardrails to your LangGraph agents in minutes.