Skip to main content
A policy is a named set of rules attached to an agent. When Veto receives an authorization request, it evaluates the agent’s policies to decide whether to allow or deny the action.

What a policy is

Each policy belongs to a single agent and contains one or more rules. Rules describe the conditions under which a tool call is permitted — which tools are allowed, what parameter values are valid, how many calls are allowed per time window, and when access is permitted.

Policy fields

FieldTypeDescription
idstringUnique identifier for the policy.
agentIdstringThe agent this policy applies to.
namestringHuman-readable name for the policy.
rulesPolicyRule[]The rules in this policy. Evaluated in order.
prioritynumberHigher values are evaluated first.
enabledbooleanDisabled policies are skipped entirely.

Evaluation order

Veto sorts an agent’s enabled policies by priority in descending order — the highest number is evaluated first. The first policy that produces a definitive decision wins; remaining policies are not evaluated. Default deny: if no policy explicitly allows the action, Veto denies it. You always opt in to access — never opt out.
You can disable a policy by setting enabled: false without deleting it. This is useful for temporarily suspending a policy during an incident or a deployment.

Rule types

Each rule in a policy has a type that determines how it is evaluated.
The agent can only call tools whose names match the list. Any tool not in the list is denied.Glob patterns are supported: "file.*" matches "file.read", "file.write", and any other tool starting with "file.". "*" matches all tools.
{ type: "tool_allowlist", tools: ["file.read", "web.search"] }
The agent can never call tools whose names match the list, regardless of other rules.
{ type: "tool_denylist", tools: ["db.delete", "admin.*"] }
Enforces constraints on specific parameter values when the agent calls a matching tool. Specify tools to limit the rule to certain tools, or omit tools to apply the constraint to all tools.Constraint options (all optional, combine as needed):
FieldTypeDescription
regexstringParameter value must match this regular expression.
enumstring[]Parameter value must be one of these strings.
minnumberParameter value must be at or above this number (inclusive).
maxnumberParameter value must be at or below this number (inclusive).
{
  type: "parameter_constraint",
  tools: ["file.read"],
  parameters: {
    path: { regex: "^/home/user/" }
  }
}
Limits how many times a tool can be called within a rolling time window. Specify tools to limit the rule to certain tools.
FieldTypeDescription
maxCallsnumberMaximum number of calls allowed in the window.
windowSecondsnumberLength of the rolling window in seconds.
{
  type: "rate_limit",
  tools: ["web.search"],
  rateLimit: { maxCalls: 100, windowSeconds: 3600 }
}
Restricts access to specific hours of the day and days of the week. All times are evaluated in the specified IANA timezone. If no timezone is provided, UTC is used.
FieldTypeDescription
allowedHoursnumber[]Hours of the day when access is permitted (0–23).
allowedDaysnumber[]Days of the week when access is permitted (0 = Sunday, 6 = Saturday).
timezonestringIANA timezone string, e.g. "America/New_York".
{
  type: "time_based",
  timeWindow: {
    allowedHours: [9, 10, 11, 12, 13, 14, 15, 16, 17],
    allowedDays: [1, 2, 3, 4, 5],
    timezone: "America/New_York"
  }
}

Creating a policy

The example below creates a production policy that combines multiple rule types: 
await veto.createPolicy({
  agentId: agent.id,
  name: "Production policy",
  priority: 10,
  rules: [
    { type: "tool_allowlist", tools: ["file.read", "web.search"] },
    {
      type: "parameter_constraint",
      tools: ["file.read"],
      parameters: { path: { regex: "^/home/user/" } },
    },
    {
      type: "rate_limit",
      tools: ["web.search"],
      rateLimit: { maxCalls: 100, windowSeconds: 3600 },
    },
    {
      type: "time_based",
      timeWindow: {
        allowedHours: [9, 10, 11, 12, 13, 14, 15, 16, 17],
        allowedDays: [1, 2, 3, 4, 5],
        timezone: "America/New_York",
      },
    },
  ],
});
This policy allows the agent to call file.read and web.search — but only during business hours on weekdays (Eastern Time), only when the path parameter starts with /home/user/, and only up to 100 web.search calls per hour.

Updating and disabling policies

You can update a policy’s name, rules, priority, or enabled state without deleting it: 
// Disable a policy temporarily
await veto.updatePolicy("policy-uuid", { enabled: false });

// Re-enable it later
await veto.updatePolicy("policy-uuid", { enabled: true });

// Update the priority
await veto.updatePolicy("policy-uuid", { priority: 20 });
Disable policies instead of deleting them when you need to temporarily restrict an agent. Disabling preserves the policy’s configuration and audit history.