An agent is the identity Veto uses to look up policies and make authorization decisions. Before Veto can authorize any tool call, the system making that call must be registered as an agent.
What an agent is
An agent represents a single AI system, bot, or automated process — for example, a customer support bot, a code review assistant, or a data pipeline worker. When you register an agent, Veto assigns it a unique ID. You pass that ID to every authorize() call so Veto knows which policies apply.
Agent fields
| Field | Type | Description |
|---|
id | string (UUID) | Unique identifier for the agent. Pass this to authorize(). |
name | string | Human-readable name for the agent. |
description | string | null | Optional description of the agent’s purpose. |
status | AgentStatus | Current status of the agent. See below. |
createdAt | string | ISO 8601 timestamp of when the agent was created. |
updatedAt | string | ISO 8601 timestamp of the last update. |
Agent status
The status field controls whether Veto processes authorization requests for an agent.
| Status | Behavior |
|---|
active | The agent is operational. Authorization requests are evaluated against its policies. |
suspended | The agent is temporarily blocked. All authorization requests are denied. |
revoked | The agent is permanently blocked. All authorization requests are denied. |
Use suspended for temporary holds — for example, when investigating unusual activity. Use revoked when an agent should never be authorized again.
Managing agents with the SDK
Create an agent
const agent = await veto.createAgent({
name: "support-bot",
description: "Customer support agent",
});
console.log(agent.id); // "a1b2c3d4-..."
List all agents
const agents = await veto.listAgents();
Get a specific agent
const agent = await veto.getAgent("agent-uuid");
Delete an agent
await veto.deleteAgent("agent-uuid");
Deleting an agent is permanent. It cascades and removes all policies and audit log entries associated with that agent.
Using the agent ID in authorization
The id returned when you create an agent is the value you pass to veto.authorize():
const result = await veto.authorize(agent.id, "file.read", { path: "/home/user/doc.txt" });