Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.veto.tools/llms.txt

Use this file to discover all available pages before exploring further.

Veto sits between your AI agent and the actions it takes. Every tool call is checked against the policies you define before it executes. If no policy allows it, it’s blocked — by default.

Quick Start

Make your first authorization check in minutes.

Authentication

Get your API key and start making authenticated requests.

Policies

Learn how to define what your agents are allowed to do.

API Reference

Explore every endpoint in the Veto REST API.

How it works

1

Register an agent

Create an agent in the Veto dashboard or via the API. Each agent represents an AI actor — a bot, workflow, or model — that you want to control.
2

Define policies

Attach policies to your agent that specify which tools it can call, under what conditions, and how often. Policies use an explicit allow model: if nothing allows an action, it’s denied.
3

Authorize at runtime

Call POST /v1/authorize (or use the SDK) before each tool execution. Veto evaluates your policies and returns allowed: true or allowed: false with a reason.
4

Audit every decision

Every authorization check is logged. Query the audit log from the dashboard or API to see what was allowed, denied, and why.

Key features

  • Default deny — no matching policy means blocked. Safe by default.
  • 5 rule types — allowlists, denylists, parameter constraints, rate limits, and time-based windows.
  • Sub-10ms at the edge — powered by Cloudflare Workers with global distribution.
  • MCP-native — drop-in middleware for Model Context Protocol servers.
  • Full audit trail — every decision is logged and queryable.
  • Node.js and Python SDKs — typed clients for both languages.

Node.js SDK

Typed client for Node.js and edge runtimes.

Python SDK

Sync and async clients for Python.

MCP Integration

Drop-in middleware for MCP servers.