Every constraint type supported by Veto — policy constraints, YAML rule operators, and presence checks.

Veto supports two constraint systems: policy constraints (configured in the dashboard or policy API) and YAML rule conditions (configured in veto/rules/*.yaml). Both work in local, cloud, and self-hosted modes.

Policy constraints

Policy constraints are configured per-tool in the Veto dashboard or via the policy API. They apply to both client-side and server-side deterministic validation.

Number constraints

Constraint	Description	Example
`minimum`	Value must be ≥ threshold	`minimum: 0` — no negative amounts
`maximum`	Value must be ≤ threshold	`maximum: 10000` — cap at $10,000
`greaterThan`	Value must be > threshold	`greaterThan: 0` — must be positive
`lessThan`	Value must be < threshold	`lessThan: 100` — below 100
`greaterThanOrEqual`	Alias for `minimum`	Same as `minimum`
`lessThanOrEqual`	Alias for `maximum`	Same as `maximum`

NaN and Infinity values always fail number constraints.

Example policy: Block transfers over $5,000

argument: amount
maximum: 5000

If the agent calls transfer_funds({ amount: 7500 }), it's denied with:

{
  "decision": "deny",
  "failedArgument": "amount",
  "reason": "amount 7500 exceeds maximum of 5000"
}

String constraints

Constraint	Description	Example
`enum`	Value must exactly match one of the allowed strings	`enum: ["USD", "EUR", "GBP"]`
`regex`	Value must match the regular expression	`regex: "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+$"`
`minLength`	String must be at least N characters	`minLength: 1` — no empty strings
`maxLength`	String must be at most N characters	`maxLength: 500` — limit message length

Regex patterns are capped at 256 characters and checked for ReDoS safety before execution.

Array constraints

Constraint	Description	Example
`minItems`	Array must have at least N elements	`minItems: 1` — no empty lists
`maxItems`	Array must have at most N elements	`maxItems: 10` — limit batch size

Presence constraints

Constraint	Description	Example
`required`	Argument must be present in the call	`required: true` — can't omit this field
`notNull`	Argument cannot be null/None	`notNull: true` — must have a value

required checks that the key exists in the arguments object. notNull additionally checks that the value is not null.

YAML rule condition operators

YAML rules in veto/rules/*.yaml use a conditions array with field, operator, and value fields. These operators are evaluated locally in all modes.

Operator	Type	Description
`equals`	any	Exact match
`not_equals`	any	Must not equal
`contains`	string	Must contain substring
`not_contains`	string	Must NOT contain substring
`starts_with`	string	Must start with prefix
`ends_with`	string	Must end with suffix
`matches`	string	Regex pattern match (max 256 chars, ReDoS-safe)
`in`	string/number	Value in allowlist (array)
`not_in`	string/number	Value NOT in denylist (array)
`greater_than`	number	Value must be > threshold
`less_than`	number	Value must be < threshold

YAML examples

Block emails outside company domain:

rules:
  - id: company-email-only
    name: Restrict to company domain
    action: block
    tools:
      - send_email
    conditions:
      - field: arguments.to
        operator: matches
        value: "^[^@]+@company\\.com$"

Restrict currencies to allowlist:

rules:
  - id: allowed-currencies
    name: Only allow approved currencies
    action: block
    tools:
      - transfer_funds
    conditions:
      - field: arguments.currency
        operator: not_in
        value: ["USD", "EUR", "GBP"]

Block file writes outside project directory:

rules:
  - id: restrict-file-writes
    name: Block writes outside project
    action: block
    tools:
      - write_file
    conditions:
      - field: arguments.path
        operator: starts_with
        value: "/etc"

Block specific values:

rules:
  - id: no-admin-role
    name: Prevent assigning admin role
    action: block
    tools:
      - assign_role
    conditions:
      - field: arguments.role
        operator: equals
        value: "admin"

Block messages containing sensitive keywords:

rules:
  - id: no-secrets-in-messages
    name: Block messages with secret content
    action: block
    tools:
      - send_message
    conditions:
      - field: arguments.body
        operator: contains
        value: "password"

Combining constraints

Multiple constraints on the same argument are AND-ed together. A tool call is denied if any single constraint fails.

Example: Amount must be between 1 and 10,000 and is required

argument: amount
required: true
minimum: 1
maximum: 10000

Example: Email must be present and match a pattern

argument: email
required: true
regex: "^[^@]+@[^@]+\\.[^@]+$"
maxLength: 254

Disabling constraints

Set enabled: false on any constraint to skip it without deleting the configuration. Useful for temporarily relaxing a policy.

Python naming

The Python SDK uses snake_case equivalents:

TypeScript	Python
`notNull`	`not_null`
`greaterThan`	`greater_than`
`lessThan`	`less_than`
`greaterThanOrEqual`	`greater_than_or_equal`
`lessThanOrEqual`	`less_than_or_equal`
`minLength`	`min_length`
`maxLength`	`max_length`
`minItems`	`min_items`
`maxItems`	`max_items`

Constraints Reference