npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@veto-protocol/cli

v0.6.16

Published

The Veto CLI. Tell an AI agent what to buy. Veto decides if it's safe.

Downloads

227

Readme

@veto-protocol/cli

The governance layer between an AI agent and the money it's about to spend.

npx -y @veto-protocol/cli@latest claude "buy weather data for New York"

One command installs the Veto skill, wires the Veto MCP server into Claude Code, signs the operator in (magic-link email), and launches Claude with the prompt. From that point on, every spend the agent plans is gated through Veto's policy engine first — allow, deny, or escalate. Every verdict ships with an Ed25519-signed receipt, viewable at a public URL, verifiable offline. An optional smart wallet refuses unauthorized spends at the chain level.

Veto isn't a payment rail. Veto governs the agent that uses the payment rail. Composes with pay.sh, x402, Stripe, raw wallets — any rail that moves money.


A real session

Verbatim from a Claude Code session with Veto and pay.sh installed:

USER: buy weather data for New York

AGENT: I'll find a weather provider first, then gate the spend through Veto.
   → pay.sh searches its x402 catalog
   ← best fit: bigquery.google.gateway-402.com at $0.001/query

AGENT: Gating through Veto now.
   → veto_authorize
   ← deny · MERCHANT_NOT_ALLOWLISTED · https://veto-ai.com/r/b237773a-...

AGENT: Veto verdict: DENY
   - Rule that fired: MERCHANT_NOT_ALLOWLISTED — bigquery.google.gateway-402.com
     isn't on your allowlist. Caps weren't the issue.
   - Option A — retry against api.weather.x402.io (already allowlisted).
   - Option B — add bigquery.google.gateway-402.com via veto_policy_allowlist_add.
   I won't touch the policy or settle anything without your go-ahead.

The agent shows the receipt URL, translates the reason code, offers the operator concrete next moves with the exact MCP tool that performs each, and waits for go-ahead. The owner stays in control of the policy. No silent mutations.


What the CLI installs

| Item | Where it lands | Why | |---|---|---| | Veto skill | ~/.agents/skills/veto/ | Universal location any MCP-aware agent reads | | MCP server | claude mcp add veto --scope user | Exposes 13 tools (veto_authorize, veto_policy_show, 7 policy mutators, etc.) | | Persistent directive | ~/.claude/CLAUDE.md | "Gate every spend through Veto first" applies in every future Claude session | | Credentials | macOS Keychain or ~/.veto/secrets.json (mode 0600) | API key, agent ID, base URL |

After the install, every Claude Code session is Veto-aware. The first prompt that touches money triggers the deny-as-teach flow.


MCP tools

| Tool | Purpose | |---|---| | veto_authorize | Required before any spend. Returns allow / deny / escalate + receipt URL. | | veto_policy_check | Dry-run a planned spend without recording a transaction. | | veto_policy_show | Read the active policy. Used after a deny to explain what's editable. | | veto_check_status | Poll an escalated transaction. | | veto_verify_receipt | Verify a Veto receipt JWT against the public JWKS, offline. | | veto_search_x402 | Search Veto's curated catalog of x402 endpoints. | | veto_policy_allowlist_add | Add a merchant to the allowlist (creates new policy version). | | veto_policy_set_caps | Update dollar caps (per-tx, daily, monthly, human-approval-above). | | veto_policy_set_time_windows | Set when the agent is allowed to spend. | | veto_policy_set_rate_limits | Count-based rate caps (txs/hour, txs/day). | | veto_policy_categories_set | Allow/block whole categories (weather, search, gambling, …). | | veto_policy_per_merchant_cap_set | Per-merchant dollar caps. | | veto_policy_intent_keywords_set | Required / forbidden words in intent text. |

Every mutation tool creates an immutable new policy version. The old version stays in the audit history.


Other CLI commands

npx @veto-protocol/cli verify <jwt>      # offline receipt verification
npx @veto-protocol/cli demo              # canned allow/deny walkthrough
npx @veto-protocol/cli login             # re-auth (magic-link email)
npx @veto-protocol/cli logout            # remove credentials + skill
npx @veto-protocol/cli whoami            # show signed-in account
npx @veto-protocol/cli mcp               # run the MCP server (used by Claude Code)

Compose with your existing rail

Veto is the comma between agent decides what to buy and rail settles. It doesn't replace any rail.

pay.sh (already installed)

No code change. Claude sees both skills, calls veto_authorize first, pay.sh settles only on allow. The trace above is exactly that.

x402 direct

npm i @veto-protocol/pay
import { pay } from "@veto-protocol/pay";

const result = await pay("https://api.weather.x402.io/forecast?city=NYC", {
  maxAmount: "0.05",
  gate: "veto",     // pre-flight every call through veto_authorize
});

console.log(result.tx_hash);       // on-chain settlement
console.log(result.receipt_url);   // signed Veto receipt

Stripe

Wrap the existing intent creation with a Veto pre-check.

import { vetoAuthorize } from "@veto-protocol/cli";

const verdict = await vetoAuthorize({ amount, merchant, action: "payment", description });
if (verdict.decision !== "allow") return res.status(403).json({
  denied: verdict.reason_codes,
  receipt: verdict.receipt_url,
});
const intent = await stripe.paymentIntents.create({ /* … */ });

Raw wallet (viem / ethers)

const verdict = await vetoAuthorize({ amount, to_address, chain, action: "crypto_transfer" });
if (verdict.decision !== "allow") throw new Error("blocked by Veto policy");
await wallet.sendTransaction({ to: recipient, value: amountWei });

For chain-level enforcement that can't be bypassed off-chain, deploy VetoGuardedAccount and route spends through it.


What every receipt contains

  • Decision (allow / deny / escalate) + risk score 0–1
  • Reason codes (MERCHANT_NOT_ALLOWLISTED, OVER_PER_MERCHANT_CAP, TIME_WINDOW_VIOLATION, etc.)
  • The exact policy version + content hash that produced the verdict
  • engine_trace — which of the 8 stages caught what
  • Public URL at https://veto-ai.com/r/<uuid>
  • Ed25519 signature, verifiable offline against /.well-known/jwks.json

The signed receipt is the audit trail. Same shape for allow, deny, escalate — denials are evidence too.


Links

MIT-licensed. Built by Investech Global LLC.