Zero-Config Setup
Start protecting tools in one line with protect().
protect() is the fastest way to integrate Veto.
Instead of a multi-step Veto.init() + veto.wrap(...) flow, use one call:
import { protect } from 'veto-sdk';
const safeTools = await protect(tools);from veto import protect
safe_tools = await protect(tools)Progression
1. Zero-config mode
If you don't specify a pack or config, Veto automatically applies sensible defaults based on your tool names.
Precedence is:
- Local
./vetorules (if present) - Auto-applied built-in packs from tool-name heuristics
- Allow-all fallback when nothing matches
const safeTools = await protect(tools);2. Explicit policy pack
Apply a built-in pack quickly:
const safeTools = await protect(tools, { pack: 'financial' });3. Cloud mode
Use an API key to enable dashboard, approvals, and cloud policies:
const safeTools = await protect(tools, { apiKey: 'veto_...' });4. Shadow mode rollout
Run live traffic with full policy evaluation but no blocking:
const safeTools = await protect(tools, { mode: 'shadow' });5. Advanced control with Veto.init()
Use Veto.init() directly when you need explicit lifecycle/config control:
import { Veto } from 'veto-sdk';
const veto = await Veto.init({
configDir: './veto',
mode: 'strict',
apiKey: process.env.VETO_API_KEY,
});
const safeTools = veto.wrap(tools);Initialization error handling
By default, if Veto fails to initialize (network error, bad config, unreachable cloud API), protect() logs a warning and falls back to allow-all mode — your tools still run, just unguarded.
Use onInitError to be notified when this happens:
const safeTools = await protect(tools, {
apiKey: process.env.VETO_API_KEY,
onInitError: (error) => {
console.error('Veto failed to initialize:', error.message);
// alert your observability system, fail the request, etc.
},
});The callback receives the original Error. Whether to let the fallback proceed or throw from the callback is up to you.
Behavior notes
protect()accepts a single tool or a list; return type matches input.protect()caches initialized Veto instances and reuses them for identical options.- In zero-config mode, multiple matching tool categories are merged into one active rule set.
mode: 'shadow'preserves real decisions for wrapped calls but never blocks execution.onInitErroris optional. Without it, initialization failures are silent except for a logged warning.