Tools API Register, list, retrieve, and delete tool definitions — the schema Veto uses to generate and enforce policies.
Tools are the building blocks of Veto policies. Each tool describes a callable action with typed arguments. When a tool is registered, Veto auto-generates a starter policy if none exists.
All endpoints require authentication via API key (X-Veto-API-Key) or Bearer JWT with X-Organization-Id header.
Register tools from the SDK. Accepts the SDK's parameters format (snake_case fields, nullable optionals). If a tool is new and has no policy, Veto generates a starter policy automatically.
Header Required Description X-Veto-API-Key or AuthorizationYes API key or Bearer JWT Content-TypeYes application/json
{ "tools" : [ { "name" : "send_email" , "description" : "Send an email to a recipient" , "parameters" : [ { "name" : "to" , "type" : "string" , "description" : "Recipient email address" , "required" : true }, { "name" : "subject" , "type" : "string" , "description" : "Email subject line" , "required" : true }, { "name" : "body" , "type" : "string" , "description" : "Email body content" , "required" : false } ] } ] } Field Type Required Description toolsarrayYes One or more tool definitions (min 1) tools[].namestringYes Tool name (min 1 char) tools[].descriptionstring?No Human-readable description tools[].parametersarrayYes Parameter definitions tools[].parameters[].namestringYes Parameter name tools[].parameters[].type"string" | "number" | "boolean" | "array" | "object"Yes Parameter type tools[].parameters[].descriptionstring?No Parameter description tools[].parameters[].requiredboolean?No Whether the parameter is required tools[].parameters[].enumstring[]?No Allowed values tools[].parameters[].minimumnumber?No Minimum numeric value tools[].parameters[].maximumnumber?No Maximum numeric value tools[].parameters[].patternstring?No Regex pattern for validation
{ "success" : true , "registered_tools" : [ "send_email" ], "message" : "Registered 1 tool(s)" } Field Type Description successbooleanAlways true on success registered_toolsstring[]Names of registered tools messagestringHuman-readable summary
curl -X POST https://api.veto.so/v1/tools/register \ -H "X-Veto-API-Key: veto_abc123..." \ -H "Content-Type: application/json" \ -d '{ "tools": [ { "name": "transfer_funds", "description": "Transfer money between accounts", "parameters": [ { "name": "amount", "type": "number", "required": true }, { "name": "to", "type": "string", "required": true }, { "name": "currency", "type": "string", "required": false } ] } ] }' Sync tools from the dashboard or external integrations. Uses the server-native arguments format. Like register, auto-generates starter policies for new tools.
Header Required Description X-Veto-API-Key or AuthorizationYes API key or Bearer JWT Content-TypeYes application/json
{ "tools" : [ { "name" : "send_email" , "description" : "Send an email to a recipient" , "arguments" : [ { "name" : "to" , "type" : "string" , "description" : "Recipient email address" , "required" : true }, { "name" : "subject" , "type" : "string" } ] } ] } Field Type Required Description toolsarrayYes One or more tool definitions (min 1) tools[].namestringYes Tool name (min 1 char) tools[].descriptionstring?No Human-readable description tools[].argumentsarrayYes Argument definitions tools[].arguments[].namestringYes Argument name tools[].arguments[].type"string" | "number" | "boolean" | "array" | "object"Yes Argument type tools[].arguments[].descriptionstring?No Argument description tools[].arguments[].requiredboolean?No Whether the argument is required
{ "synced" : 2 , "tools" : [ { "name" : "send_email" , "status" : "created" }, { "name" : "transfer_funds" , "status" : "updated" } ], "policiesGenerated" : 1 } Field Type Description syncednumberNumber of tools processed toolsarrayPer-tool sync results tools[].namestringTool name tools[].status"created" | "updated"Whether the tool was new or already existed policiesGeneratednumberNumber of starter policies auto-generated
curl -X POST https://api.veto.so/v1/tools/sync \ -H "X-Veto-API-Key: veto_abc123..." \ -H "Content-Type: application/json" \ -d '{ "tools": [ { "name": "delete_record", "description": "Delete a database record", "arguments": [ { "name": "id", "type": "string", "required": true }, { "name": "table", "type": "string", "required": true } ] } ] }' Validate a tool call against policies. This is the core validation endpoint used by the SDK. See POST /v1/validate for full documentation.
List all registered tools for the authenticated organization.
Header Required Description X-Veto-API-Key or AuthorizationYes API key or Bearer JWT
{ "data" : [ { "name" : "send_email" , "description" : "Send an email to a recipient" , "arguments" : [ { "name" : "to" , "type" : "string" , "description" : "Recipient email address" , "required" : true }, { "name" : "subject" , "type" : "string" , "required" : true } ], "createdAt" : "2025-01-15T10:00:00Z" , "updatedAt" : "2025-01-20T14:30:00Z" } ] } curl https://api.veto.so/v1/tools \ -H "X-Veto-API-Key: veto_abc123..." Get a single tool by name.
Header Required Description X-Veto-API-Key or AuthorizationYes API key or Bearer JWT
Parameter Type Description namestringThe tool name
{ "name" : "send_email" , "description" : "Send an email to a recipient" , "arguments" : [ { "name" : "to" , "type" : "string" , "description" : "Recipient email address" , "required" : true } ], "createdAt" : "2025-01-15T10:00:00Z" , "updatedAt" : "2025-01-20T14:30:00Z" } Status Code Description 404 not_foundTool does not exist
curl https://api.veto.so/v1/tools/send_email \ -H "X-Veto-API-Key: veto_abc123..." Delete a tool and its associated policy. This removes both the tool definition and any policy that targets it.
Header Required Description X-Veto-API-Key or AuthorizationYes API key or Bearer JWT
Parameter Type Description namestringThe tool name
Status Code Description 404 not_foundTool does not exist
curl -X DELETE https://api.veto.so/v1/tools/send_email \ -H "X-Veto-API-Key: veto_abc123..." Field Type Description namestringArgument name type"string" | "number" | "boolean" | "array" | "object"Argument type descriptionstring?Human-readable description requiredboolean?Whether the argument must be provided
The TypeScript and Python SDKs call POST /v1/tools/register automatically on initialization when autoRegister is enabled. This registers all tools the agent has access to and ensures policies exist for each one.
const veto = new Veto ({ apiKey: 'veto_abc123...' , autoRegister: true , tools: [ { name: 'send_email' , parameters: [ { name: 'to' , type: 'string' , required: true }, { name: 'body' , type: 'string' }, ], }, ], });
