Home/Veto Auth

Branded glossary

Veto Auth is runtime authorization for AI agents.

Veto Auth checks every proposed AI agent action before it touches a real system. It is not user login, SSO, or OAuth. It is the policy enforcement layer that decides whether an authenticated agent may run this specific tool call with these specific arguments.

Start buildingQuick start docs

Authentication says who

Better Auth, WorkOS, Auth0, Clerk, OAuth, API keys, and SSO verify a user, service, or agent identity.

Veto Auth says may

Veto evaluates the action itself: tool name, arguments, tenant, session history, environment, risk, and policy.

Execution waits for policy

The underlying tool runs only after Veto returns allow. Blocked and approval-gated calls never silently execute.

How Veto Auth differs from login and identity platforms

Identity platforms are necessary, but they stop at credentials, roles, sessions, and token scopes. AI agents need a second layer because a valid credential can still perform a dangerous action. A support agent may be allowed to access Stripe, but it should not refund $50,000 without review. A deployment agent may have GitHub access, but it should not delete production branches because a prompt injection said so.

LayerExamplesQuestion answered
AuthenticationBetter Auth, WorkOS, Auth0, SSO, OAuth, API keysWho is this user, service, or agent?
Token scopeRead/write scopes, delegated OAuth, service account permissionsCan this identity reach the resource?
Veto AuthYAML policy, runtime context, approval gates, decision logsMay this exact tool call execute right now?

What Veto checks before a tool call runs

Veto sits between the model's proposed action and the underlying tool implementation. It receives the tool name, arguments, agent/session context, and relevant policy, then evaluates deterministic rules or approval requirements before forwarding execution.

OpenAI function and tool calls
Claude / Anthropic tool_use blocks
Vercel AI SDK generateText and streamText
MCP tool calls through gateway or sidecar
LangChain and LangGraph tools
Browser, Playwright, and Browser Use actions
import { Veto } from "veto-sdk";

const veto = await Veto.init();
const guardedTools = veto.wrap(tools);

const agent = createAgent({ tools: guardedTools });

The three Veto Auth outcomes

Veto is deliberately small at the enforcement point. Every decision collapses to one of three outcomes so agents, developers, approvers, and auditors can understand exactly why execution did or did not happen.

Allow

The policy matches a permitted action, so the underlying tool executes normally.

Block

The call violates policy, so execution stops and the agent receives a safe denial response.

Require approval

The action pauses until a human reviews the tool, arguments, policy, and context.

Where to go next

Install Veto

Start local with the SDK, wrap tools, and add your first YAML rule.

Read the authorization model

Understand authentication vs authorization and capability vs authority.

Design agent permissions

Map tools, arguments, contexts, and approval gates into policy.

Add Vercel AI SDK guardrails

Authorize generateText and streamText tool calls before they execute.

Veto Auth FAQ

Is Veto Auth the same as authentication?

No. Authentication verifies identity: user login, SSO, API keys, OAuth tokens, and service credentials. Veto Auth is authorization for AI agent actions. It decides whether a specific tool call with specific arguments may execute after the agent is already authenticated.

What does Veto Auth return when an agent calls a tool?

Veto returns one of three outcomes: allow the tool call, block the tool call, or require human approval before execution. Each decision is logged with the tool name, arguments, matched policy, timestamp, and approval context when applicable.

How does Veto work with OpenAI, Claude, Vercel AI SDK, MCP, and LangChain?

Veto wraps the tools those frameworks expose to the model. When the model proposes a tool call, Veto evaluates the call against YAML policy and runtime context before forwarding it to the underlying function, MCP server, browser action, deployment API, or financial operation.

Can I use Veto with Better Auth, WorkOS, Auth0, or Clerk?

Yes. Use Better Auth, WorkOS, Auth0, Clerk, or your IdP for human and service identity. Use Veto for action authorization after identity is established. They are complementary layers: identity says who is acting; Veto says what the agent may do right now.