Veto — the boundary between AI agents and money.
Any agent. Any payment rail. Safe transactions.
Veto is a policy and risk engine for AI agent payments, with an on-chain enforcement contract. Every spend an agent makes runs through an 8-stage engine and emerges as a signed verdict — allow, deny, or escalate.
What's in the engine
- Precheck — payload validation
- Policy — per-agent allowlist, caps, schedule
- Prompt-injection — 17 regex patterns + obfuscation detection
- Merchant fraud — Levenshtein typosquat detection vs canonical brand registry
- Crypto safety — live OFAC SDN feed, drainer index, address poisoning
- Intent verification — Claude Sonnet 4 as final judge on whether the spend matches intent
- Anomaly — statistical drift detection (still maturing)
- Behavioral baseline — per-agent fingerprint (still maturing)
Cryptographic receipts, verifiable offline
Every decision is signed Ed25519. Public key at /.well-known/jwks.json. Anyone can verify a Veto decision happened — without Veto being online.
On-chain hard-stop
The smart contract VetoGuardedAccount at 0xCBbbC4b924AF40D29f135c3a88b6F650d55d92c5 on Base Sepolia (and 4 other EVM chains) refuses to release funds without a fresh, scope-locked, Veto-signed mandate. The contract is unaudited; mainnet deploys gate behind a typed-phrase acknowledgment. Solana support ships in v1.1.
How to install
- npx demo:
npx @veto-protocol/pay
- Python CLI:
pip install veto-cli
- Python SDK:
pip install veto-pay
- TypeScript SDK:
npm install @veto-protocol/pay
- Claude Code plugin:
/plugin marketplace add veto-protocol/claude-plugin
More
This page requires JavaScript for the full experience. The plain-HTML summary above describes Veto's purpose and architecture — sufficient for indexing.