Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.veto.tools/llms.txt

Use this file to discover all available pages before exploring further.

Veto is a runtime authorization service for AI agents. It sits between your agent and the tools it calls, evaluates every action against the policies you define, and decides: allow or deny — in under 10ms, at the edge.

The problem

Identity protocols like MCP and OAuth answer one question: who is this agent? They don’t answer the harder question: what should this agent be allowed to do? An authenticated agent can still send emails it shouldn’t send, delete records it shouldn’t delete, or call external APIs at unbounded rates. Authentication is a prerequisite — it’s not authorization. Veto fills that gap.

How it fits

Every tool call your agent makes passes through Veto before it executes: 
Agent → Veto (authorized?) → Tool execution
If a matching policy allows the action, it proceeds. If nothing allows it, it’s blocked. There is no implicit trust — the default posture is deny.

Key concepts

Agents are the AI actors you register with Veto — bots, workflows, or models that call tools on behalf of users or systems. Each agent has a stable ID used in authorization checks. Policies are the rules that govern what an agent can do. A policy is a named set of rules attached to an agent. Rules can express allowlists, denylists, parameter constraints, rate limits, and time-based windows. Authorization checks are the calls your code makes to Veto at runtime — one per tool invocation. Veto evaluates the matching policies and returns a decision with a reason. Audit log is the complete record of every decision Veto has made. Every authorization check — allowed or denied — is logged and queryable, giving you a full trail of agent behavior.

What you get

Sub-10ms decisions

Powered by Cloudflare Workers with global distribution. Authorization adds no meaningful latency to your tool calls.

Default-deny posture

No matching policy means blocked. You opt in to what’s allowed — not what’s denied.

Full audit trail

Every check is logged with the outcome, matched policy, reason, and latency. Query it from the dashboard or API.

Node.js and Python SDKs

Typed clients for both languages. One method call to authorize a tool call.

MCP-native middleware

Drop-in guard and middleware helpers for Model Context Protocol servers.

Five rule types

Tool allowlists, denylists, parameter constraints, rate limits, and time-based windows.

Next step

Quick Start

Make your first authorization check in under 5 minutes.