Veto/docs
Meow Gateway

Meow Gateway

Delegated-authority control plane for agentic money movement. Signed spend capsules, drift checks, decision receipts, HITL approvals — in front of Meow's write-MCP.

The Meow Gateway sits between an AI agent and Meow's write MCP. Every payment goes through a signed Spend Capsule that binds the agent's intent to an exact beneficiary, amount, rail, and policy. At consume time the gateway drift-checks the capsule against the request, forwards to Meow on allow, and writes a Decision Receipt to a per-entity hash chain. Auditors verify the chain locally — no Veto-hosted service required.

For agents: one prompt, one URL

Tell your AI agent this and it's done:

I want to get started with Meow for my AI agent with safety.
Read the docs at https://veto.so/meow-skills.md and then set it up.

veto.so/meow-skills.md is an openclaw-compatible skill file that drops in where meow.com/skills.md used to sit. Same tool surface, same CLI ergonomics, plus policy-as-code, real HITL (not a "please confirm" string), and a hash-chained audit trail. The agent gets through setup with a free Veto API key.

Why not build this myself?

An honest answer: you'd need to maintain ~200 lines of Ed25519 + JCS + Merkle + JWKS rotation, a YAML policy compiler, a HITL approval surface, a drift-check pipeline, a receipt chain with verifiable genesis, and roughly 11 months of eng time keeping the thing working. That's the floor — before the SOC 2 evidence trail and the cross-language SDK.

The gateway is Apache-2.0. Fork it, run it offline, never talk to us if you don't want to. The offline demo works without a Meow sandbox token AND without a veto.so account.

30-second demo

npx @veto/meow-gateway demo

Mints an Ed25519-signed capsule, consumes it through a mock Meow upstream, chains a decision receipt, and prints verifyReceiptChain() → ok: true. Exits 0. No network calls, no accounts.

What's in the box

What lives where

  • @veto/meow-gateway — the self-host binary + Docker image
  • @veto/spend-capsule-protocol — Apache-2.0 protocol package (sign, verify, hash, merkle)
  • @veto/meow — typed TypeScript MCP client
  • veto-platform/apps/meow-gateway — the source (in this monorepo)

Where to go next

  1. Quickstart — 3 minutes from brew install to a signed capsule
  2. Self-host runbook — signing keys, storage backup, key rotation
  3. Protocol reference — canonical JSON, schemas, golden vectors
  4. API reference — every REST endpoint + error code