Multi-tenant shape

When the agent is the product.

Authorization infrastructure for AI products whose customers each ship agents to their own end users. Per-tenant policy, per-tenant audit, per-tenant approvals. Same SDK, same meter, same pricing ladder as every other Veto deployment.

Scale tier·$999/mo, 1M decisions included, $0.50 per 1k over

Book a design-partner callteam@plaw.io
import { Veto } from 'veto-sdk'

const veto = await Veto.init({ apiKey: process.env.VETO_KEY })

// Per-tenant scoping at the call site.
const safeTools = await veto.wrap(tools, {
  tenant: session.customerId,
  actor:  session.userId,
  policy: `tenant/${session.customerId}`,
})

await agent.run({ tools: safeTools })

Same SDK as Veto Direct. Scoping is a call-site argument, not a new API.

Two shapes, one ladder

Internal agents and embedded platforms run on the same pricing.

Internal agents is the default shape: your team runs a handful of named production agents against your own systems. Most teams land on Free or Pro.

Multi-tenant platforms is the other shape. Your end users are provisioning agents through your product. Same SDK, same meter, just with per-tenant scoping switched on at the call site.

The pricing ladder does not split. Multi-tenant shape lands on the Scale tier because that is where BYOC, per-tenant policy scoping, white-label HITL, and multi-region deployment unlock. Past 1M decisions/mo, overage is $0.50 per 1,000.

Internal agents
Multi-tenant product
Buyer
Security lead, platform eng
Founder, CTO, product eng
Who runs agents
Your team, a few named deployments
Every end user session in your product
Policy scope
One org
Per-tenant, unlimited tenants
Meter
Decisions
Decisions
HITL surface
Your Slack, your email
Embedded in your product, co-branded
Deployment
Shared cloud
Multi-region, tenant-pinned, BYOC
Tier
Free, Pro, or Scale
Scale (or Enterprise at volume)

Primitives

Four primitives that unlock on the Scale tier.

Every tier meters on decisions. Scale is where the multi-tenant pieces turn on: per-tenant policy scoping, white-label HITL, BYOC, multi-region residency. Five design-partner slots are open before we lock the rollout.

Meter

Decisions, not agents.

Every allow, deny, and escalate is a decision. You are metered on the work Veto actually does, not on how your customers grow. A tenant with one power user and a tenant with 10,000 active users both scale cleanly.

Isolation

Per-tenant policy plane.

Each of your customers is a scoped namespace. Policies, approvals, audit chain, API keys, rate limits — walled off per tenant. Blast radius of one misconfiguration is one tenant, not your whole product.

Approvals

HITL on your domain.

Approval links live inside your product surface. Your theme, your auth, your domain. The approver never sees Veto. Cryptographic receipt chain runs underneath, compliance evidence intact.

Topology

Multi-region, pinned per tenant.

EU customer, EU data. US customer, US data. On-prem when the contract requires it. Tenant pinning is declarative, not a separate deployment.

Built for the shape of

Multi-tenant AI products shipping to real end users.

The shape of Cursor, Replit Agent, Lovable, v0. Where the agent is the seat your customer buys and the real user is your customer's user. We are not claiming them as customers. We are saying the shape fits.

  • IDE and coding-agent platforms running your customers' tool calls
  • No-code AI builders whose output is agents that ship to end users
  • Vertical AI products where each tenant runs workflows on their own data
  • Voice, browser, and task agents sold B2B2C
  • API products whose output is itself tool-calling behavior at tenant edge

If your end users never meet Veto, that is the point. Approval flows live in your product. Policies are scoped to your tenants. Receipts chain under your compliance boundary. Veto is plumbing. Your brand is the surface.

Pricing

Same ladder. Multi-tenant lands on Scale.

One structure covers internal agents, embedded platforms, and enterprise. No separate bills, no per-product charges. Meter on decisions. Everything else is unlimited.

Scale tier

$999/mo·1M decisions included·$0.50 per 1,000 over
  • Per-tenant policy scoping, unlimited tenants
  • White-label HITL on your domain
  • Bring your own cloud (BYOC)
  • Multi-region data residency
  • SSO (SAML/OIDC) and SCIM provisioning
  • Signed receipt chain per tenant
See the full ladderTalk to us

Past 10M decisions/mo or procurement-led: Enterprise adds volume tiers, revenue-share on pass-through billing, and named CSM.

Design partners

Five calls, then we freeze the commercial shape.

We are booking five design-partner conversations before locking pricing past the public meter. If you ship a multi-tenant AI product and you care about governable agents, you are who we want in the room.

Book a design-partner callteam@plaw.io

Prefer async? Send a one-paragraph shape note and the nearest reference product.