veto-agents 0.0.4__tar.gz

veto_agents-0.0.4/.gitignore

@@ -0,0 +1,20 @@
+node_modules/
+dist/
+/build/
+*.log
+.env
+.env.local
+.env.*.local
+.DS_Store
+__pycache__/
+*.py[cod]
+.venv/
+.venv-*/
+venv/
+.pytest_cache/
+.mypy_cache/
+.idea/
+.vscode/
+*.swp
+*.tmp
+~.veto-agents/

veto_agents-0.0.4/ARCHITECTURE.md

@@ -0,0 +1,146 @@
+# Veto Agents — Architecture
+
+How the layers compose, and the tooling decisions behind each.
+
+## The stack, top to bottom
+
+```
+┌─────────────────────────────────────────────────────────────┐
+│  app.veto-ai.com  (PWA — React + Tailwind, mobile-first)    │
+│  • chat UI per agent                                        │
+│  • receipts feed                                            │
+│  • plain-English policy editor                              │
+│  • wallet view + funding                                    │
+└─────────────────────────────────────────────────────────────┘
+                            │
+┌─────────────────────────────────────────────────────────────┐
+│  Veto Agents API  (FastAPI — agent runner service)          │
+│  • spins up + supervises Hermes Agent per user              │
+│  • mediates every tool call through Veto                    │
+│  • streams chat + tool events via WebSocket                 │
+└─────────────────────────────────────────────────────────────┘
+                            │
+        ┌───────────────────┼──────────────────────┐
+        │                   │                      │
+┌──────────────┐  ┌──────────────────┐  ┌──────────────────┐
+│ Hermes Agent │  │  Veto authorize  │  │  Privy embedded  │
+│  (per user)  │  │  (every tool     │  │  wallet (per     │
+│              │  │   call gated)    │  │   user, on Base) │
+│ • LLM brain  │  │                  │  │                  │
+│ • toolset    │  │ • policy check   │  │ • USDC balance   │
+│ • skills DB  │  │ • risk score     │  │ • sign tx        │
+│ • cron       │  │ • signed receipt │  │ • no seed phrase │
+└──────────────┘  └──────────────────┘  └──────────────────┘
+        │                   │                      │
+        ▼                   ▼                      ▼
+   Tool APIs           Veto Engine            Base + USDC
+   (Replicate,         (Django, prod)         (x402 facilitator
+   Vercel, Exa,                                via Coinbase CDP)
+   Gmail, etc.)
+```
+
+## Tooling decisions
+
+### Agent core: Hermes Agent (Nous Research)
+
+**Why Hermes:** Open-weights, MIT, fastest-growing agent runtime of 2026 (140K+ GitHub stars, most-used agent on OpenRouter). Multi-provider LLM support (Nous Portal, OpenRouter, Anthropic, OpenAI, NVIDIA NIM, Hugging Face) means no vendor lock — users pick the brain. Skills system (procedural memory) means agents get better with use. All data stays local in SQLite.
+
+**Why not OpenClaw:** OpenClaw is brilliant for messaging-first agents (WhatsApp, Telegram, Slack), but its UX assumes a chat-app gateway. Veto Agents is a web-app surface; Hermes fits the model. We will ship an **OpenClaw + Veto plugin** as a v0.2 distribution wedge, not as a v0 dependency.
+
+**How we integrate:**
+- Each user gets a dedicated Hermes Agent instance, sandboxed.
+- We use Hermes's tool registration API to add Veto-gated wrappers around every tool that spends money or sends external requests.
+- The pre-execution hook on each tool call dispatches to Veto's `authorize` endpoint. If denied, the tool refuses; if allowed, it proceeds and the verdict's receipt URL is attached to the chat message.
+- The agent's LLM provider is hosted by Veto on a free tier (Hermes 3 via Nous Portal, eaten cost) with an OpenRouter fallback users can configure.
+- Persistence: Hermes's SQLite + our own Postgres for the per-user receipts feed, policy versions, and audit log (the same backend as veto-ai.com).
+
+### Wallet: Privy
+
+**Why Privy:** Production-grade embedded wallets with a dedicated `create-privy-pwa` template, Base (chain ID 8453) supported natively, USDC sending built in, login via email / Google / passkey, *users never see a seed phrase*. The whole point of "agents for everyone" is that wallet provisioning is invisible.
+
+**How we use it:**
+- On user signup (magic link), Privy provisions an embedded wallet automatically.
+- We fund $5 USDC on first run as a free-tier promo (sponsored by Veto, paid out of marketing budget). Users add more via Coinbase onramp or direct USDC deposit.
+- Every agent action that costs money signs through the user's Privy wallet — agent has *no key* of its own; it asks Privy (via the user's session) to sign each transaction, which then runs through Veto's policy gate before being broadcast.
+
+### Payment rails
+
+| Rail               | Used for                                | Live in v0? |
+|--------------------|-----------------------------------------|-------------|
+| x402 (Coinbase)    | Paid APIs that accept HTTP 402          | Yes         |
+| Direct USDC on Base| Crypto-native merchants, on-chain swaps | Yes         |
+| Anthropic / OpenAI keys | LLM inference billed to operator   | Yes (BYOK or hosted) |
+| Stripe Issuing virtual cards | Card-only merchants            | v0.3        |
+
+### Veto governance layer
+
+**Reuses what's already shipped:**
+- `gateway/views.py` `authorize` endpoint — every tool call dispatches here.
+- `safety/services/engine.py` — 8-stage evaluation.
+- Signed receipt at `veto-ai.com/r/<uuid>` — every verdict.
+- `policies/models.py` `SecurityPolicy` — per-agent policy lookup.
+
+**New plumbing for agents specifically:**
+- Per-agent default policy templates (Media has different defaults than Build).
+- Agent-context fields in the authorize request (`agent_type=media`, `tool_name=replicate.video_gen`, `cost_usd`).
+- Receipts feed grouped by agent (so the user sees "Media agent's activity" vs "Build agent's activity").
+
+### Frontend
+
+**PWA, not native.** `app.veto-ai.com` as a Progressive Web App built with React + Tailwind (same stack as the landing). Installable to home screen on iOS + Android. Skips App Store gatekeeping for v0, which matters because crypto + payment apps get savaged in Apple review. Native wrappers via Capacitor or Expo come in v0.4 once we have signal.
+
+## Repository shape
+
+```
+veto-agents/
+├── README.md               (manifesto)
+├── ARCHITECTURE.md         (this file)
+├── agents/
+│   ├── media/SPEC.md       (lead agent)
+│   ├── build/SPEC.md
+│   ├── research/SPEC.md
+│   └── inbox/SPEC.md
+└── (future) api/ + app/    (runner service + PWA)
+```
+
+Each agent directory will eventually contain:
+- `SPEC.md` — what it does, scope, demo
+- `agent.py` — Hermes-compatible agent module
+- `policy.yaml` — APPS-format default Veto policy
+- `tools/` — tool implementations + Veto-gated wrappers
+- `README.md` — install + use instructions
+
+## Authorize flow, end to end
+
+For any agent action that spends money or touches external systems:
+
+1. Agent's LLM decides to call a tool (e.g., `replicate.generate_video(prompt="…")`).
+2. Hermes tool dispatcher hits our pre-execution hook.
+3. Hook builds a Veto authorize request:
+   ```json
+   {
+     "agent_id": "media-user-abc",
+     "action_type": "api_call",
+     "merchant": "replicate.com",
+     "amount": 0.40,
+     "currency": "USD",
+     "description": "Generate 6s video, model=runway-gen3",
+     "context": { "agent_type": "media", "tool_name": "replicate.video_gen" }
+   }
+   ```
+4. POST to `https://veto-ai.com/api/v1/authorize/`.
+5. Engine runs 8 stages, returns `{ verdict, reason_codes, receipt_jwt, receipt_url }`.
+6. If `allow`: tool proceeds. Receipt URL attached to the chat message.
+7. If `deny`: tool refuses. User sees "Veto stopped this — reason: monthly cap exceeded. Adjust policy?"
+8. If `escalate`: tool waits. User gets a phone notification with approve/deny.
+
+This is the same authorize flow Veto already serves — we're just adding agent-specific context and the per-agent default policies.
+
+## What we are NOT building
+
+- A new agent framework (Hermes is the core).
+- A new LLM (we route to existing providers).
+- A custodial wallet (Privy holds keys; we never see them).
+- A new payment processor (we ride x402 facilitators + existing card networks).
+
+Veto Agents is a *packaging + governance* layer on proven primitives. The work is in the integration glue, the UX, and making it *feel* trustworthy enough for someone's mom to use.

veto_agents-0.0.4/CLI.md

@@ -0,0 +1,163 @@
+# Veto Agents — CLI
+
+> The primary install + runtime surface. Local-first. Self-host anywhere. Pay-per-use via embedded wallet.
+
+Modeled after Franklin (BlockRun) and Hermes Agent — both proved that a CLI with a one-line install and optional wallet setup is the right shape for *agents that spend money*.
+
+`veto-agents` is a separate package from the core `veto` governance CLI. The two compose — `veto-agents` calls the Veto authorize endpoint for every paid action — but they're shipped, versioned, and installed independently. Same logic as Stripe shipping `stripe` and `stripe-cli` as different surfaces under the same brand.
+
+## Install
+
+```bash
+npm install -g @veto-protocol/agents
+# or for the curl crowd:
+curl -fsSL https://veto-ai.com/install-agents.sh | bash
+```
+
+Installs a single binary, `veto-agents`. Works on macOS, Linux, WSL2, Windows (PowerShell installer for native), Termux (Android).
+
+Zero signup. Zero credit card. Zero phone verification.
+
+## First run
+
+```bash
+veto-agents setup
+```
+
+Walks the user through:
+
+1. **Pick an LLM provider.** `hermes` (default, hosted by Nous), `claude`, `gpt`, `openrouter`, or `custom` (bring your own endpoint). User can switch anytime via `veto-agents model <provider>`.
+2. **Provision a wallet.** *(Optional but recommended.)* Privy embedded wallet, on Base. $5 USDC funded by Veto as free credit. User never sees a seed phrase.
+3. **Or bring your own wallet.** `veto-agents wallet import <address>` and connect via WalletConnect signature flow.
+4. **Confirm default policy posture.** Strict / Balanced / Permissive — affects every agent's default caps and approval thresholds. User can edit later.
+
+Everything is stored in `~/.veto-agents/` (config in YAML, history + receipts in SQLite, secrets in OS keychain).
+
+## Browse + install agents
+
+```bash
+veto-agents list
+# media     Generate images, video, audio.   Replicate, Runway, ElevenLabs.
+# build     Deploy code to cheapest infra.   Vercel, Modal, Fly, Runpod.
+# research  Deep research with paid sources. Exa, Tavily, x402-gated content.
+# inbox     Email triage + scheduling.       Gmail/Outlook + AssemblyAI + Cal.com.
+
+veto-agents install media
+# ✓ Pulled @veto-protocol/agents-media v0.1.0
+# ✓ Default policy installed: 'media-agent-default' (per-tx $2, per-month $25)
+# ✓ Tool credentials needed: REPLICATE_API_TOKEN (or use Veto's hosted gateway)
+# Ready. Try: veto-agents media "make a 6s video of a cat on a slice of bread"
+```
+
+Each agent is a published npm package under `@veto-protocol/agents-<name>`, so users can pin versions, audit code, fork freely.
+
+## Use an agent (the plan-then-execute flow)
+
+Per [PRINCIPLES.md](PRINCIPLES.md), every agent surfaces a plan + cost estimate and waits for consent before spending. This is the universal interaction pattern:
+
+```bash
+veto-agents media "make a 6-second video of a neon jellyfish in cyberpunk rain"
+
+# Plan:
+#   1. Generate 6s video — Runway Gen-3        ~$0.42
+#   2. (optional) Generate voiceover            ~$0.05
+#                                               ─────
+#                                   Estimate:  $0.42
+#
+# Alternative: use Hailuo for the video → $0.18 total (lower quality)
+#
+# Proceed?  [y/N/alt]  y
+#
+# ✓ Veto authorize → allow (receipt: veto-ai.com/r/8b3c-7f29-…)
+# ✓ Generating… [████████████] 100%
+# ✓ Done in 38s. Actual cost: $0.40 (estimate was $0.42).
+#   Output: ~/Downloads/veto-media-2026-05-24-1432.mp4
+#   Full breakdown: veto-agents receipt 8b3c-7f29-…
+```
+
+For long-running or interactive agents:
+
+```bash
+veto-agents inbox
+# Welcome back. Last seen: 2h ago. 17 new messages since.
+# > triage everything from this week
+```
+
+## Manage policies in your editor
+
+```bash
+veto-agents policy edit media
+# Opens ~/.veto-agents/policies/media.yaml in $EDITOR
+# Save & exit → policy is validated, version incremented, content-hashed
+# Future receipts will cite the new policy version
+```
+
+Plain-English to YAML translation also available via `veto-agents policy describe media` (LLM-assisted).
+
+## Wallet
+
+```bash
+veto-agents wallet balance          # USDC balance on Base
+veto-agents wallet topup            # Coinbase onramp link
+veto-agents wallet receive          # show address for direct deposit
+veto-agents wallet export           # encrypted JSON, user-controlled
+```
+
+## Receipts
+
+```bash
+veto-agents receipts                # last 20, scrollable
+veto-agents receipts --agent media  # filter by agent
+veto-agents receipts --denied       # see what Veto blocked + why
+veto-agents receipt <uuid>          # full JWT + verify link
+```
+
+Offline verification is done via the core Veto CLI's mandate-verifier (different package):
+
+```bash
+npx @veto-protocol/cli verify <jwt>
+```
+
+That way the verifier stays independent of the agents runtime — anyone can verify any Veto receipt without installing the agents package.
+
+## Run modes
+
+The same CLI supports three runtime modes per agent:
+
+1. **Local (default).** Agent runs on your machine, Hermes locally, your data in `~/.veto-agents/`. Wallet is yours. Network calls go directly from your machine to the tool APIs and to Veto's authorize endpoint.
+2. **Hosted.** `veto-agents run media --hosted`. Same agent code runs in Veto's cloud. Useful when your laptop sleeps and you want your inbox agent always on. Costs nothing extra; you still pay tool costs.
+3. **Bring-your-own infra.** `veto-agents run media --runtime ssh://my-server`. Connect your own VPS / homelab. Veto governs from the cloud; your machine executes.
+
+The choice is per-agent. Inbox agent might run hosted (always on). Media agent might run local (creative work, want files on your disk). Build agent might run on your homelab.
+
+## Open + forkable by design
+
+Every agent is open source MIT under `github.com/veto-protocol/veto-agents`. The CLI is also MIT. Fork an agent, modify it, publish your own variant — `veto-agents install @yourorg/agents-custom`. The Veto governance layer is the only required dependency; everything else is yours.
+
+## Distribution shape
+
+- `npm` and `pip` registries for the runtime
+- `brew` formula for macOS
+- `winget` for Windows
+- `apt` repo for Debian/Ubuntu
+- Docker image for self-hosted server installs
+- A single `curl | bash` script as the universal fallback
+
+The first three matter on day one. The rest follow.
+
+## Why CLI-first, not PWA-first
+
+- **Self-hostable from the start.** Aligns with crypto-native + open-source values; the kind of user who funds $5 USDC into their agent is also the kind who wants the code on their machine.
+- **Faster ship.** A CLI v0 is ~4 weeks; a polished PWA v0 is 8–12 weeks.
+- **Pairs naturally with Franklin / Hermes-style adoption patterns.** The audience that installs Franklin will install Veto Agents the same way.
+- **PWA comes later, easily.** Once the agent code, runner, and wallet/policy/receipts flow are working in the CLI, wrapping that as a hosted web UI is mostly a frontend job — ~4 weeks on top of the CLI base.
+
+## Build sequence
+
+1. **Weeks 1–4:** CLI v0 + Media agent. `veto-agents setup`, `veto-agents install media`, `veto-agents media "prompt"`, receipts, policy editing.
+2. **Weeks 5–8:** Build agent. Same CLI, add `veto-agents install build`.
+3. **Weeks 9–10:** Research agent.
+4. **Weeks 11–12:** Inbox agent.
+5. **Weeks 13–16:** PWA at `app.veto-ai.com` as the hosted convenience layer for non-devs, sharing the same agent backends.
+
+Native iOS/Android wrappers via Capacitor in v0.4, only if the PWA hits a ceiling.

veto_agents-0.0.4/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Investech Global LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

veto_agents-0.0.4/PKG-INFO

@@ -0,0 +1,119 @@
+Metadata-Version: 2.4
+Name: veto-agents
+Version: 0.0.4
+Summary: AI agents that pay for things on your behalf, with the safety built in. Hermes-core, governed by Veto.
+Project-URL: Homepage, https://veto-ai.com
+Project-URL: Repository, https://github.com/veto-protocol/veto-agents
+Project-URL: Documentation, https://github.com/veto-protocol/veto-agents#readme
+Author-email: Investech Global LLC <tomer@veto-ai.com>
+License: MIT License
+        
+        Copyright (c) 2026 Investech Global LLC
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+License-File: LICENSE
+Keywords: agent-payments,agents,ai,hermes,policy,veto,x402
+Classifier: Development Status :: 2 - Pre-Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Requires-Dist: httpx>=0.27
+Requires-Dist: platformdirs>=4.0
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: qrcode>=7.4
+Requires-Dist: rich>=13.7
+Requires-Dist: typer>=0.12
+Provides-Extra: dev
+Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.6; extra == 'dev'
+Provides-Extra: hermes
+Requires-Dist: hermes-agent>=0.2.0; extra == 'hermes'
+Description-Content-Type: text/markdown
+
+# Veto Agents
+
+**AI agents that pay for things, on your behalf, with the safety built in.**
+
+A curated set of consumer AI agents — each one designed from day zero to spend money to do real work for you, every action governed by [Veto](https://veto-ai.com), every spend signed, every verdict verifiable.
+
+## The bet
+
+Agents are about to spend a lot of money. Today's general agent frameworks (Hermes, OpenClaw, n8n) treat payments as an afterthought — a tool the agent *might* call if you wire it up. Veto Agents inverts that: every agent in this catalog is built around the assumption that **it has money and will spend it.** Veto governance is not a feature — it's the only way the agent works at all.
+
+## How every agent behaves
+
+Five non-negotiable principles every Veto Agent inherits — see [PRINCIPLES.md](PRINCIPLES.md) for the full version.
+
+1. **Plan-then-execute.** Show the plan + cost estimate first. Wait for explicit consent. Never auto-spend.
+2. **Cost transparency at every step.** Show actuals as they happen, with the receipt URL inline.
+3. **Receipts for everything spendable.** Every paid action produces a Veto-signed verdict at `veto-ai.com/r/<uuid>`.
+4. **Veto is the only spend gate.** Every paid call authorizes through Veto, every time, no caching.
+5. **Always offer cheaper alternatives when they exist.** Cost-conscious by default.
+
+That predictability is the product. Every other consumer agent in 2026 is "agent just goes." Veto Agents is *the agent that asks first*.
+
+## What's in the box
+
+Four agents, each Hermes-core with Veto governance preconfigured:
+
+- **[Media](agents/media/SPEC.md)** — generates images, video, and audio for you. Pays Replicate / Runway / ElevenLabs per call. *Headline agent.*
+- **[Build](agents/build/SPEC.md)** — deploys your code on the cheapest infra it can find. Pays Vercel / Modal / Replicate for compute. *Dev headline.*
+- **[Research](agents/research/SPEC.md)** — does deep research using paid search and content. Pays Exa / Tavily / x402-gated sources.
+- **[Inbox](agents/inbox/SPEC.md)** — handles email, calendar, and scheduling using paid AI and scheduling tools.
+
+Each agent ships with a default Veto policy (caps, allowlists, intent rules), a wallet provisioned via Privy on first run, and a receipts feed showing every action it took and why.
+
+## How this connects to Veto
+
+Veto already ships the trust substrate:
+- **Engine** — 8-stage policy + risk evaluation
+- **Receipts** — Ed25519-signed verdicts at `veto-ai.com/r/<uuid>`
+- **APPS** — open policy schema
+- **VetoGuardedAccount** — on-chain hard-stop contract
+
+Veto Agents is the **consumer surface** that surfaces all of that. The agents are the front door; Veto is the load-bearing wall behind them. Same primitives, packaged for a non-developer to install and use.
+
+See [ARCHITECTURE.md](ARCHITECTURE.md) for how the layers compose.
+
+## Status
+
+v0 in design. Build sequence:
+1. **Media** — weeks 1–6, ship first
+2. **Build** — weeks 7–10
+3. **Research + Inbox** — weeks 11–14
+
+## License
+
+MIT. Each agent is a forkable template. Self-host on your own machine using vanilla Hermes, or run via the hosted Veto Agents PWA at `app.veto-ai.com`.
+
+## Where the credit goes
+
+- **Hermes Agent** — Nous Research. The core runtime every agent runs on.
+- **Privy** — embedded wallet provisioning so users never see a seed phrase.
+- **Veto Protocol** — the governance, receipts, and on-chain enforcement layer.
+
+---
+
+*Veto governs. The rail executes. The agent works.*

veto_agents-0.0.4/PRINCIPLES.md

@@ -0,0 +1,125 @@
+# Veto Agents — Principles
+
+Five non-negotiable behaviors every agent in this catalog must implement. These are the things that make a Veto Agent a Veto Agent. If a contributed agent violates any of these, it doesn't ship.
+
+---
+
+## 1. Plan-then-execute
+
+**Every agent must show its plan + cost estimate before spending a single cent.**
+
+When a user gives the agent a task that will cost money to complete, the agent must:
+
+1. **Decompose the task into steps.** "To make this 6-second video I'll: (a) generate the video via Runway Gen-3, (b) generate a voiceover via ElevenLabs, (c) combine them via ffmpeg locally."
+2. **Estimate the cost of each step.** "Step a: ~$0.42. Step b: ~$0.05. Step c: free." Show the line items, not just the total.
+3. **Surface alternatives when relevant.** "Alternative: use Hailuo for the video at ~$0.18, slightly lower quality. Reply 'use hailuo' to swap."
+4. **Wait for explicit consent.** Don't auto-proceed. The user sees the plan, types `y` or taps Approve.
+
+The shape in the CLI:
+
+```
+$ veto-agents media "make a 6s video of a neon jellyfish with voiceover"
+
+Plan:
+  1. Generate 6s video — Runway Gen-3        ~$0.42
+  2. Generate voiceover — ElevenLabs (45c)   ~$0.05
+  3. Combine locally with ffmpeg              free
+                                              ─────
+                                  Estimate:  $0.47
+
+Alternative: Hailuo video instead of Runway → $0.20 total (lower quality)
+
+Proceed?  [y/N/alt]  
+```
+
+The shape in the PWA: a plan card with line items + an Approve button.
+
+**Why this is non-negotiable:** Most users have never given an AI agent money. The first time they do, the agent should over-communicate, not under-communicate. Trust compounds across interactions; one auto-spent surprise nukes it forever.
+
+## 2. Cost transparency at every step
+
+Even after the plan is approved, every individual paid call shows its actual cost as it happens.
+
+```
+✓ Step 1 done. Runway Gen-3 video, 6.1s, $0.43 actual (~$0.42 est).
+  Receipt: veto-ai.com/r/8b3c-7f29-…
+✓ Step 2 done. ElevenLabs voiceover, 43 chars, $0.012 actual.
+  Receipt: veto-ai.com/r/4a1f-9d02-…
+Total spent: $0.44 (estimate was $0.47). Output saved to ~/Downloads/jellyfish.mp4
+```
+
+Three rules:
+- Show actuals, not estimates, after execution.
+- Cite the receipt URL inline.
+- Show a running total per task.
+
+## 3. Receipts for everything spendable
+
+Every API call that costs money produces a Veto-signed receipt. No exceptions. No "free this time." The receipt records:
+- The action (tool name, parameters, merchant)
+- The cost
+- The verdict (allow / deny / escalate)
+- The reason codes
+- The policy version that produced the verdict
+- A cryptographic signature anyone can verify offline against the JWKS
+
+The agent always surfaces the receipt URL to the user when reporting back on a step. Anyone with the URL can re-verify the action happened, in the way recorded, against the policy in effect.
+
+## 4. Veto is the only spend gate
+
+Agents don't have their own "should I do this" logic for spending. They ask Veto, every time, before any external paid call. The Veto authorize endpoint is the **single source of truth** for whether an action proceeds.
+
+- Don't bypass Veto with "free tier" calls (they may not stay free).
+- Don't pre-aggregate "I'll batch 10 calls into one authorize" (each call is its own verdict).
+- Don't cache "Veto said yes once, so this is fine for the next hour" (every call re-authorizes).
+
+This rule is what makes the receipts trustworthy. If an agent ever spent money without authorizing, the receipt graph would have holes and the system would be uninspectable. So: every paid action, every time, authorize first.
+
+## 5. Always offer cheaper alternatives when they exist
+
+Agents must be cost-conscious by default. If a cheaper provider can produce ≥80% of the quality at <50% of the price, the agent surfaces it as an alternative *before* executing the more expensive option.
+
+- Media agent: "Use Hailuo for $0.18 instead of Runway for $0.42? Slightly lower quality."
+- Build agent: "Deploy to Cloudflare Pages (free) instead of Vercel ($0.20/mo)? Same Lighthouse score for your stack."
+- Research agent: "Use Tavily ($0.20) instead of Exa ($0.30) for this query? Similar source quality."
+
+The user might still pick the expensive option — that's fine. The point is they *chose*, with information. The agent's job is to present the choice.
+
+---
+
+## How these become enforceable
+
+Three layers:
+
+### Layer 1: Agent system prompts
+
+Every agent's `prompts/system.md` includes a non-negotiable block that instructs the LLM to plan, estimate, and seek consent before any external action. The prompt cannot be overridden by user input ("just do it without asking" is ignored — the prompt explicitly says to ignore such overrides).
+
+### Layer 2: Veto policy enforcement
+
+The default `policy.yaml` for every agent includes:
+
+```yaml
+caps:
+  human_approval_above_usd: <agent-specific threshold>
+behavior:
+  require_plan_preview: true
+  require_per_step_estimate: true
+  require_post_action_receipt_link: true
+```
+
+These are read by the agent runner and enforce the principles structurally, not just in the prompt. If the LLM tries to skip the plan-preview step, the runner intercepts and returns the missing step to the user.
+
+### Layer 3: CLI / PWA UX
+
+The CLI and PWA both render plan previews as a structured block (not just LLM text), and require an explicit user input (`y`, tap Approve) before the runner proceeds. There is no auto-proceed path in v0. v0.2 may add a "small expenses" auto-approve (e.g., under $0.10) but only with explicit per-agent opt-in.
+
+---
+
+## What this gives the user
+
+A predictable interaction shape across every Veto Agent:
+
+> ask → plan + estimate shown → confirm → execute step-by-step with live cost + receipts → final summary with all receipts
+
+That predictability is what makes "trust an AI agent with money" feel safe enough to actually do. Every other consumer agent product in 2026 (Google Spark, Lindy, ChatGPT) is some flavor of "agent just goes." Veto Agents' brand is **the agent that asks first**. That's the whole product, and these five principles are how we deliver it.

veto_agents-0.0.4/README.md

@@ -0,0 +1,65 @@
+# Veto Agents
+
+**AI agents that pay for things, on your behalf, with the safety built in.**
+
+A curated set of consumer AI agents — each one designed from day zero to spend money to do real work for you, every action governed by [Veto](https://veto-ai.com), every spend signed, every verdict verifiable.
+
+## The bet
+
+Agents are about to spend a lot of money. Today's general agent frameworks (Hermes, OpenClaw, n8n) treat payments as an afterthought — a tool the agent *might* call if you wire it up. Veto Agents inverts that: every agent in this catalog is built around the assumption that **it has money and will spend it.** Veto governance is not a feature — it's the only way the agent works at all.
+
+## How every agent behaves
+
+Five non-negotiable principles every Veto Agent inherits — see [PRINCIPLES.md](PRINCIPLES.md) for the full version.
+
+1. **Plan-then-execute.** Show the plan + cost estimate first. Wait for explicit consent. Never auto-spend.
+2. **Cost transparency at every step.** Show actuals as they happen, with the receipt URL inline.
+3. **Receipts for everything spendable.** Every paid action produces a Veto-signed verdict at `veto-ai.com/r/<uuid>`.
+4. **Veto is the only spend gate.** Every paid call authorizes through Veto, every time, no caching.
+5. **Always offer cheaper alternatives when they exist.** Cost-conscious by default.
+
+That predictability is the product. Every other consumer agent in 2026 is "agent just goes." Veto Agents is *the agent that asks first*.
+
+## What's in the box
+
+Four agents, each Hermes-core with Veto governance preconfigured:
+
+- **[Media](agents/media/SPEC.md)** — generates images, video, and audio for you. Pays Replicate / Runway / ElevenLabs per call. *Headline agent.*
+- **[Build](agents/build/SPEC.md)** — deploys your code on the cheapest infra it can find. Pays Vercel / Modal / Replicate for compute. *Dev headline.*
+- **[Research](agents/research/SPEC.md)** — does deep research using paid search and content. Pays Exa / Tavily / x402-gated sources.
+- **[Inbox](agents/inbox/SPEC.md)** — handles email, calendar, and scheduling using paid AI and scheduling tools.
+
+Each agent ships with a default Veto policy (caps, allowlists, intent rules), a wallet provisioned via Privy on first run, and a receipts feed showing every action it took and why.
+
+## How this connects to Veto
+
+Veto already ships the trust substrate:
+- **Engine** — 8-stage policy + risk evaluation
+- **Receipts** — Ed25519-signed verdicts at `veto-ai.com/r/<uuid>`
+- **APPS** — open policy schema
+- **VetoGuardedAccount** — on-chain hard-stop contract
+
+Veto Agents is the **consumer surface** that surfaces all of that. The agents are the front door; Veto is the load-bearing wall behind them. Same primitives, packaged for a non-developer to install and use.
+
+See [ARCHITECTURE.md](ARCHITECTURE.md) for how the layers compose.
+
+## Status
+
+v0 in design. Build sequence:
+1. **Media** — weeks 1–6, ship first
+2. **Build** — weeks 7–10
+3. **Research + Inbox** — weeks 11–14
+
+## License
+
+MIT. Each agent is a forkable template. Self-host on your own machine using vanilla Hermes, or run via the hosted Veto Agents PWA at `app.veto-ai.com`.
+
+## Where the credit goes
+
+- **Hermes Agent** — Nous Research. The core runtime every agent runs on.
+- **Privy** — embedded wallet provisioning so users never see a seed phrase.
+- **Veto Protocol** — the governance, receipts, and on-chain enforcement layer.
+
+---
+
+*Veto governs. The rail executes. The agent works.*