OpenAI Agent Guardrails with Veto
Runtime authorization for GPT-4, GPT-4o, and GPT-5 agents. Block dangerous function calls, enforce policies, and maintain control without modifying your agent logic.
OpenAI agent guardrails for function calling
OpenAI agent guardrails intercept function calls from GPT models before execution, evaluating each action against authorization policies. Unlike prompt-based instructions, guardrails operate independently of the model's reasoning and cannot be bypassed through prompt injection or model confusion.
Why OpenAI agents need authorization
OpenAI's function calling feature lets GPT models trigger real actions in your system. An agent that can call functions without authorization is an agent that can delete data, send emails, process payments, or modify production systems based on model output. The model decides what to do, and your code executes it without question.
This architecture is convenient but dangerous. Prompt injection attacks can trick models into calling unintended functions. Misunderstood instructions lead to wrong actions. Edge cases the model wasn't trained on produce unexpected behavior. Without authorization, every function call is a potential incident waiting to happen.
GPT authorization solves this by inserting a policy layer between the model's decision and your code's execution. The model proposes an action, Veto evaluates it against your rules, and only authorized calls reach your implementation. This works regardless of what the model thinks it should do or what prompts it receives.
Attackers craft inputs that trick the model into calling dangerous functions. Authorization blocks unauthorized calls regardless of input.
Agents expand beyond their intended purpose. Authorization keeps them within defined boundaries you control.
Every function call is logged with context. Know exactly what your agents did and why.
Quick integration
Wrap your OpenAI tools with Veto's protect() function. The agent code stays the same. Authorization happens automatically.
import OpenAI from 'openai'
import { protect } from 'veto-sdk'
const openai = new OpenAI()
// Define your tools
const tools = [
{
type: 'function',
function: {
name: 'send_email',
description: 'Send an email to a customer',
parameters: {
type: 'object',
properties: {
to: { type: 'string' },
subject: { type: 'string' },
body: { type: 'string' },
},
required: ['to', 'subject', 'body'],
},
},
},
{
type: 'function',
function: {
name: 'process_payment',
description: 'Process a payment',
parameters: {
type: 'object',
properties: {
amount: { type: 'number' },
currency: { type: 'string' },
},
required: ['amount'],
},
},
},
]
// Wrap with Veto for authorization
const protectedTools = await protect(tools, {
apiKey: process.env.VETO_API_KEY,
policyPath: './veto/rules',
})
// Use normally with GPT-4, GPT-4o, or GPT-5
const response = await openai.chat.completions.create({
model: 'gpt-4o',
messages: [{ role: 'user', content: 'Send a welcome email' }],
tools: protectedTools,
})
// Tool calls are now authorized before execution
const toolCall = response.choices[0].message.tool_calls?.[0]
if (toolCall) {
// Veto already validated this action against your policies
console.log('Authorized tool call:', toolCall.function.name)
}Common OpenAI guardrails
Define policies for the actions your OpenAI agent can take. Block dangerous operations, require approvals for sensitive actions, and log everything for compliance.
Whitelist which functions the agent can call. Block everything else by default.
Restrict function arguments based on type, range, or pattern matching.
Limit how often functions can be called. Prevent runaway agents.
Route sensitive function calls to humans for review before execution.
Different rules based on user, time, environment, or session context.
Every function call logged with arguments, decision, and timestamp.
Policy example
Define authorization rules in declarative YAML. Version control alongside your code. Rollback, review, and audit just like any other change.
# veto/rules/openai-policies.yaml
version: "1.0"
name: OpenAI agent guardrails
rules:
# Block emails to competitors
- id: block-competitor-emails
name: Block competitor email domains
action: block
tools: [send_email]
conditions:
- field: arguments.to
operator: matches
value: "@competitor\\.com$"
message: "Cannot send emails to competitor domains"
# Require approval for large payments
- id: review-large-payments
name: Review payments over $500
action: require_approval
tools: [process_payment]
conditions:
- field: arguments.amount
operator: greater_than
value: 500
approvers: [finance-team]
# Block payments outside business hours
- id: block-after-hours-payments
name: No payments outside 9-5
action: block
tools: [process_payment]
conditions:
- field: context.time.hour
operator: less_than
value: 9
- field: context.time.hour
operator: greater_than
value: 17
message: "Payments require business hours approval"Getting started
Install the SDK
npm install veto-sdkCreate a policy file
Add veto/rules.yaml to your project. Define which function calls are allowed, blocked, or need approval.
Wrap your tools
Pass your OpenAI tools array through protect(). Everything else stays the same.
Deploy with confidence
Your OpenAI agent is now governed. Every function call is authorized, logged, and auditable. No more hoping the model behaves.
Supported OpenAI models
Veto works with all OpenAI models that support function calling.
Related integrations
Frequently asked questions
How does Veto integrate with OpenAI function calling?
Does this add latency to OpenAI agent responses?
Can I use Veto with OpenAI Assistants API?
What happens when a function call is blocked?
Learn more
Secure your OpenAI agents in minutes.