create-veto-app
Scaffold a new TypeScript agent app with Veto guardrails in one command.
create-veto-app is the canonical fast path for a new TypeScript app. It creates a tiny Node + TypeScript project, initializes local Veto config and rules, and prints next steps. It does not install dependencies by default.
Use install + veto init when you are adding Veto to an existing app.
Quick create commands
npm create veto-app -- my-agent --template node-ts --pack soc2-lite --yesnpx create-veto-app my-agent --template node-ts --pack soc2-lite --yespnpm create veto-app my-agent --template node-ts --pack soc2-lite --yesIf your Bun version supports standard npm create-* package resolution:
bun create veto-app my-agent --template node-ts --pack soc2-lite --yesThen run the printed next steps:
cd my-agent
npm install
npm run devWhat it creates
my-agent/
├── package.json
├── README.md
├── .gitignore
├── .env.example
├── tsconfig.json
├── src/
│ └── index.ts
└── veto/
├── veto.config.yaml
├── .env.example
└── rules/
└── defaults.yamlThe generated TypeScript app imports veto-sdk, initializes Veto, wraps a sample tool, and runs a standalone guard() check. veto/rules/defaults.yaml either contains default local rules or extends the pack you selected.
The scaffold does not create node_modules or lockfiles. Run your package manager install step explicitly after reviewing the generated files.
Flags
| Flag | Required | Description |
|---|---|---|
<project-dir> | Required with --yes; prompted in TTY | Target directory to create. Existing non-empty directories are rejected. |
--template node-ts | No | Template to scaffold. node-ts is the only supported template. |
--pack <name> | No | Built-in policy pack to extend, or none / default. Short names and scoped names both work. |
--cloud | No | Generate Veto config for Veto Cloud API mode instead of local-only defaults. |
--api-key <key> | No | Write a Veto Cloud API key into veto/veto.config.yaml. Prefer environment variables for shared projects. |
--yes, -y | No | Non-interactive mode. Requires <project-dir>. |
--no-install | No | Accepted for compatibility. Installs are never run by default. |
Interactive mode
In an interactive TTY, omit flags and answer prompts:
npx create-veto-appThe CLI prompts for project directory, template, policy pack, cloud mode, and an optional Veto Cloud API key. The API key prompt is hidden and is not echoed to the terminal.
Policy pack examples
Short names are normalized to scoped names, so these are equivalent:
npm create veto-app -- my-agent --template node-ts --pack soc2-lite --yes
npm create veto-app -- my-agent-scoped --template node-ts --pack @veto/soc2-lite --yesUseful starters:
npm create veto-app -- coding-agent --template node-ts --pack coding-agent --yes
npm create veto-app -- finance-agent --template node-ts --pack financial --yes
npm create veto-app -- healthcare-agent --template node-ts --pack hipaa-lite --yes
npm create veto-app -- ai-act-review --template node-ts --pack eu-ai-act-starter --yesStarter compliance packs such as soc2-lite, hipaa-lite, and eu-ai-act-starter are guardrails to review and tune. They do not certify or make an app compliant.
See Policy Packs for all built-in packs.
Cloud and API key safety
For cloud-ready config without putting secrets in generated files:
npm create veto-app -- my-agent --template node-ts --pack soc2-lite --cloud --yes
cd my-agent
cp .env.example .env
npm installAdd your real VETO_API_KEY to .env or your deployment environment before running in cloud mode.
If you pass --api-key, the key is written to veto/veto.config.yaml and .gitignore is updated to ignore that file. Do not commit generated config files that contain literal secrets. The root .env.example contains placeholders only.
Existing apps
For an existing TypeScript or Python app, do not scaffold a new project. Install the SDK, run veto init, then wrap your tools with protect():
npm install veto-sdk
npx veto init --pack coding-agentContinue with the Quick Start or Installation guide.