Veto SDK Agent Guardrails

Integrate Veto, a guardrail system that intercepts and validates AI agent tool calls before execution. Enforce security policies through rule-based validation without modifying tool schemas.

What This Skill Does

This skill helps you set up and configure Veto SDK to:

Intercept AI agent tool calls before execution

Validate calls against YAML-defined security rules

Block or allow tool calls based on validation API decisions

Track and log security events

Support multiple AI providers (OpenAI, Anthropic, etc.)

Veto operates transparently - the AI model sees unchanged tool definitions while validation happens behind the scenes.

When to Use This Skill

Use this skill when you need to:

Add security guardrails to AI agent tool calls

Enforce access control policies (e.g., block system file access)

Validate tool arguments before execution

Audit and log sensitive tool usage

Implement custom validation logic via API

Protect production systems from unintended AI actions

Setup Instructions

Step 1: Install Veto SDK

Install the package in the project:

```bash

npm install veto

```

Step 2: Initialize Veto Configuration

Run the init command to create configuration structure:

```bash

npx veto init

```

This creates:

`veto/` directory

`veto/veto.config.yaml` - main configuration

`veto/rules/` - directory for rule files

`veto/rules/defaults.yaml` - example rules

Step 3: Configure Operating Mode

Edit `veto/veto.config.yaml` to set operating mode and validation API:

```yaml

version: "1.0"

Operating mode

mode: "strict" # "strict" blocks calls, "log" only logs them

Validation API endpoint

api:

baseUrl: "http://localhost:8080"

endpoint: "/tool/call/check"

timeout: 10000

retries: 2

Logging

logging:

level: "info" # debug, info, warn, error, silent

Rules

rules:

directory: "./rules"

recursive: true

```

**Operating Modes:**

`strict`: Blocks tool calls when validation API returns block decision

`log`: Logs block decisions but allows all calls (useful for testing)

Step 4: Define Security Rules

Create rule files in `veto/rules/` directory. Each rule file uses YAML format:

```yaml

rules:

- id: block-system-paths

description: Prevent access to sensitive system directories

enabled: true

severity: critical # critical, high, medium, low, info

action: block # block, warn, log, allow

tools: # empty list = applies to all tools

- read_file

- write_file

conditions: # all conditions must match

- field: arguments.path

operator: starts_with

value: /etc

- field: arguments.path

operator: not_contains

value: /etc/myapp

- id: block-credential-files

enabled: true

severity: critical

action: block

tools:

- read_file

conditions:

- field: arguments.path

operator: matches

value: ".*(credentials|secrets|\.env).*"

```

**Available Condition Operators:**

`equals`, `not_equals` - exact match

`contains`, `not_contains` - substring match

`starts_with`, `ends_with` - prefix/suffix match

`matches` - regex pattern

`greater_than`, `less_than` - numeric comparison

`in`, `not_in` - list membership

Step 5: Implement Validation API

Create a validation API endpoint that Veto will call. The API receives tool call context and applicable rules, then returns pass/block decision.

**Request Format (POST /tool/call/check):**

```json

{

"context": {

"call_id": "call_abc123",

"tool_name": "read_file",

"arguments": { "path": "/etc/passwd" },

"timestamp": "2024-01-15T10:30:00Z",

"call_history": []

"rules": [

{

"id": "block-system-paths",

"name": "Block system path access",

"severity": "critical",

"conditions": [

{

"field": "arguments.path",

"operator": "starts_with",

"value": "/etc"

}

]

}

]

}

```

**Response Format:**

```json

{

"should_pass_weight": 0.1,

"should_block_weight": 0.9,

"decision": "block",

"reasoning": "Access to /etc is blocked by security policy"

}

```

The `decision` field must be `"pass"` or `"block"`.

Step 6: Wrap Tools with Veto

Modify your tool execution code to wrap tools with Veto:

**For Anthropic Claude:**

```typescript

import { Veto, ToolCallDeniedError } from 'veto';

import Anthropic from '@anthropic-ai/sdk';

// Define tools with handlers

const tools = [

{

description: 'Read a file from the filesystem',

inputSchema: {

type: 'object',

properties: {

path: { type: 'string', description: 'File path to read' }

required: ['path']

handler: async (args) => {

return fs.readFileSync(args.path, 'utf-8');

}

{

description: 'Write content to a file',

inputSchema: {

type: 'object',

properties: {

path: { type: 'string' },

content: { type: 'string' }

required: ['path', 'content']

handler: async (args) => {

fs.writeFileSync(args.path, args.content);

return 'OK';

}

];

// Initialize Veto and wrap tools

const veto = await Veto.init();

const { definitions, implementations } = veto.wrapTools(tools);

// Use definitions with Anthropic (no handlers, just schemas)

const anthropic = new Anthropic();

const response = await anthropic.messages.create({

model: 'claude-3-opus-20240229',

tools: definitions, // Tool schemas without handlers

messages: [{ role: 'user', content: 'Read /home/user/file.txt' }]

});

// Execute tool calls using wrapped implementations

for (const block of response.content) {

if (block.type === 'tool_use') {

try {

// Validation happens automatically here

const result = await implementations[block.name](block.input);

console.log('Result:', result);

} catch (error) {

if (error instanceof ToolCallDeniedError) {

console.log('Blocked:', error.reason);

console.log('Rule violated:', error.ruleId);

} else {

throw error;

}

```

**For OpenAI:**

```typescript

import { Veto, toOpenAITools, ToolCallDeniedError } from 'veto';

import OpenAI from 'openai';

const veto = await Veto.init();

const { definitions, implementations } = veto.wrapTools(tools);

const openai = new OpenAI();

const response = await openai.chat.completions.create({

model: 'gpt-4',

tools: toOpenAITools(definitions),

messages: [{ role: 'user', content: 'Read the file' }]

});

for (const call of response.choices[0].message.tool_calls ?? []) {

const args = JSON.parse(call.function.arguments);

try {

const result = await implementations[call.function.name](args);

console.log('Result:', result);

} catch (error) {

if (error instanceof ToolCallDeniedError) {

console.log('Blocked:', error.reason);

}

```

Step 7: Test and Monitor

Start in `log` mode to test rules without blocking:

```typescript

const veto = await Veto.init({ mode: 'log' });

```

Monitor logs to verify rules are triggering correctly, then switch to `strict` mode for enforcement.

Advanced Configuration

Environment Variables

Override configuration via environment variables:

`VETO_LOG_LEVEL` - Override log level (debug, info, warn, error, silent)

`VETO_SESSION_ID` - Session ID for tracking

`VETO_AGENT_ID` - Agent ID for tracking

Manual Validation

Validate tool calls manually for custom execution flows:

```typescript

const result = await veto.validateToolCall({

id: 'call_123',

arguments: { path: '/some/path' }

});

if (result.allowed) {

// Execute the tool

} else {

console.log('Blocked:', result.reason);

}

```

Inspect Loaded Rules

View all loaded rules programmatically:

```typescript

const rules = veto.getLoadedRules();

console.log('Loaded rules:', rules.length);

```

Check Current Mode

```typescript

const mode = veto.getMode(); // 'strict' or 'log'

console.log('Operating mode:', mode);

```

Example Use Cases

1. Restrict File System Access

```yaml

rules:

- id: allow-workspace-only

enabled: true

severity: high

action: block

tools:

- read_file

- write_file

- delete_file

conditions:

- field: arguments.path

operator: not_starts_with

value: /workspace

```

2. Block Dangerous Shell Commands

```yaml

rules:

- id: block-dangerous-commands

enabled: true

severity: critical

action: block

tools:

- execute_command

conditions:

- field: arguments.command

operator: matches

```

3. Rate Limit API Calls

Implement rate limiting in your validation API by tracking call history and returning block decisions when limits are exceeded.

Important Notes

Veto validation happens synchronously during tool execution - ensure your validation API is fast (configure timeout appropriately)

Rules are loaded once at initialization - restart to reload rule changes

Tool schemas remain unchanged - AI models are unaware of validation layer

Always test rules in `log` mode before enabling `strict` mode

Validation API failures in `strict` mode will block tool calls by default

Use severity levels to prioritize rule violations in monitoring

Troubleshooting

**Tools not being validated:**

Check that rules target correct tool names

Verify `enabled: true` on rules

Ensure validation API is reachable (check `baseUrl` and `endpoint`)

**Validation API timeout:**

Increase `api.timeout` in config

Optimize validation logic

Check network connectivity

**Rules not loading:**

Verify YAML syntax

Check `rules.directory` path in config

Set `logging.level: debug` to see rule loading logs

Veto SDK Agent Guardrails

Veto SDK Agent Guardrails

What This Skill Does

When to Use This Skill

Setup Instructions

Step 1: Install Veto SDK

Step 2: Initialize Veto Configuration

Step 3: Configure Operating Mode

Operating mode

Validation API endpoint

Logging

Rules

Step 4: Define Security Rules

Step 5: Implement Validation API

Step 6: Wrap Tools with Veto

Step 7: Test and Monitor

Advanced Configuration

Environment Variables

Manual Validation

Inspect Loaded Rules

Check Current Mode

Example Use Cases

1. Restrict File System Access

2. Block Dangerous Shell Commands

3. Rate Limit API Calls

Important Notes

Troubleshooting

Reviews (0)