Policy runtime for AI agent tool calls

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for yazcal from gravatar.com yazcal

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Tags agent , ai , anthropic , gemini , llm , openai , policy-runtime , runtime-governance , tool-calls
  • Requires: Python >=3.10
  • Provides-Extra: all , anthropic , capsule , dev , gemini , openai , otel , redis
Report project as malware

Project description

veto

PyPI License

Python policy runtime for AI agent tool calls. Veto wraps your tools, evaluates deterministic policy before each handler runs, and preserves the original tool interface.

Install

pip install veto

With provider extras:

pip install veto[openai]
pip install veto[anthropic]
pip install veto[gemini]
pip install veto[all]

Quick start

from veto import protect

safe = await protect(tools)
agent = create_agent(tools=safe)

protect(tools) is the public entrypoint. It loads ./veto/veto.config.yaml and ./veto/rules/*.yaml when present. Without local policy or explicit options, it uses the built-in @veto/safe-defaults pack in observe mode: suspicious destructive shell, file, database, or money-movement network patterns are warned/logged, not blocked.

TypeScript parity

import { protect } from "veto-sdk";

const safeTools = await protect(tools);
const agent = createAgent({ tools: safeTools });

Local policy

veto init

rules:
  - id: limit-transfers
    name: Limit large transfers
    enabled: true
    severity: high
    action: block
    tools: [transfer_funds]
    conditions:
      - field: arguments.amount
        operator: greater_than
        value: 1000

Actions are block, allow, warn, log, and require_approval.

API

protect(tools, **kwargs)

from veto import protect

safe = await protect(tools)

Explicit policy source example:

safe = await protect(
    tools,
    rules=[
        {
            "id": "no-prod-deploy",
            "name": "Block direct production deploys",
            "enabled": True,
            "severity": "critical",
            "action": "block",
            "tools": ["deploy"],
            "conditions": [
                {"field": "arguments.environment", "operator": "equals", "value": "production"}
            ],
        }
    ],
    mode="strict",
)

Advanced: Veto.init() + .wrap()

Veto.init() remains supported for advanced/internal-facing integrations that need a reusable instance, direct guard() calls, event hooks, audit export, or explicit self-host/cloud configuration.

from veto import Veto, VetoOptions

veto = await Veto.init(VetoOptions(config_dir="./veto", mode="strict"))
safe = veto.wrap(tools)
result = await veto.guard("transfer_funds", {"amount": 1500})

Decision history

stats = veto.get_history_stats()
json_audit = veto.export_decisions("json")
csv_audit = veto.export_decisions("csv")

Decision export is local to your process unless you explicitly configure a remote endpoint.

Policy packs

Built-in packs include @veto/safe-defaults, @veto/coding-agent, @veto/financial, @veto/browser-automation, @veto/data-access, @veto/communication, and @veto/deployment.

Self-host / BYOC boundary

The SDK can point at a self-hosted PDP with endpoint, but customer-plane data stays in the customer environment unless you explicitly configure outbound integrations. Customer policy, decision rows, tool args, agent IDs, user IDs, Slack content, prompts, environment variables, and secrets do not cross to Plaw.

License

Apache-2.0

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for yazcal from gravatar.com yazcal

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Tags agent , ai , anthropic , gemini , llm , openai , policy-runtime , runtime-governance , tool-calls
  • Requires: Python >=3.10
  • Provides-Extra: all , anthropic , capsule , dev , gemini , openai , otel , redis

Release history Release notifications | RSS feed

This version

0.15.2

0.15.1

0.15.0

0.14.1

0.14.0

0.13.0

0.12.1

0.12.0

0.11.0

0.10.0

0.9.0

0.8.0

0.7.0

0.6.0

0.5.0

0.4.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

veto-0.15.2.tar.gz (188.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

veto-0.15.2-py3-none-any.whl (144.4 kB view details)

Uploaded Python 3

File details

Details for the file veto-0.15.2.tar.gz.

File metadata

  • Download URL: veto-0.15.2.tar.gz
  • Upload date:
  • Size: 188.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.14

File hashes

Hashes for veto-0.15.2.tar.gz
Algorithm Hash digest
SHA256 a8009fc6233cecc70febda9dcc980199bb3fc579ac660e0dbb6e6f4d72032fb9
MD5 8b814e83b92e67444fa5fd2a4aba2322
BLAKE2b-256 68082bc0699e6eb6c20e7ec9490418d963bf6cb05590e84aecb9ccecdc1a45e6

See more details on using hashes here.

File details

Details for the file veto-0.15.2-py3-none-any.whl.

File metadata

  • Download URL: veto-0.15.2-py3-none-any.whl
  • Upload date:
  • Size: 144.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.14

File hashes

Hashes for veto-0.15.2-py3-none-any.whl
Algorithm Hash digest
SHA256 6e6f119ec87c04ac6581545a4562067c1fb4b84647f5f3674ca8e8cad825b2ec
MD5 94c18fc001a2d251dd6f043b959ed6a5
BLAKE2b-256 6d6e2a14932b10c37d98c567650a602facd165738cc9164371a84303afc34139

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page