Docs
Connect Veto to your agent
Veto is an MCP server. Point your AI coding agent at the endpoint, and it can ask for a deterministic verdict before it runs any SQL. No SDK, no database connection, no API key required for the free tier.
1. Add the MCP server
Veto speaks the Model Context Protocol over Streamable HTTP. Add it to any MCP-capable client (Claude Code, Cursor, Cline, …) with a single entry:
{
"mcpServers": {
"veto": { "url": "https://vetosql.com/mcp" }
}
}In Claude Code you can also run claude mcp add --transport http veto https://vetosql.com/mcp. In Cursor, add the same JSON under Settings → MCP. That's the whole setup for the free tier.
2. The analyze_sql tool
Your agent calls analyze_sql before executing a statement. Inputs:
| Field | Required | Description |
|---|---|---|
sql | yes | The Postgres SQL or migration to vet. |
schema | no | DDL for the relevant tables. Supplying it enables EXPLAIN-based cost analysis on a disposable scratch database. |
rowCountHints | no | Approximate row counts per table, to sharpen cost estimates. |
It returns a structured result: an overall verdict plus a list of findings, each with a stable dotted id (e.g. destructive.delete_without_where) your pipeline can branch on. The same SQL always yields the same verdict — there is no LLM in the loop.
3. Verdicts
| Verdict | Meaning |
|---|---|
ok | No rule fired. (Not a guarantee of safety — see the terms.) |
warn | Something worth a human glance: SELECT *, a lock-heavy ALTER, a correctness trap, a large sequential scan. |
block | Genuine data-loss risk: unscoped DELETE/UPDATE, DROP TABLE, TRUNCATE — including ones hidden inside CTEs. |
4. Pro: authentication
Pro raises your rate limit and unlocks custom org policies. Authenticate by sending your key as a bearer token on the MCP endpoint:
{
"mcpServers": {
"veto": {
"url": "https://vetosql.com/mcp",
"headers": { "Authorization": "Bearer YOUR_PRO_KEY" }
}
}
}5. Pro: custom org policies
The built-in rules don't know that payments is sacred in your database. Custom org policies let your team add per-table rules that Veto enforces on top of the built-ins. Your agent can author the JSON from a plain-language instruction and call the set_policies tool with your Pro key:
[
{ "table": "payments", "operations": ["delete", "truncate"], "action": "block",
"message": "Never delete from payments." },
{ "table": "audit_*", "operations": ["truncate"], "action": "block" }
]Policies are stored on your key, so every later analyze_sql call made with it enforces them automatically — no per-call config. They are declarative data: validated, matched by glob (not regex), and never executed.
6. Good to know
- Never connects to your database. Cost analysis runs on a throwaway scratch Postgres inside a transaction that's always rolled back.
- Deterministic. Same input, same verdict — testable and auditable, with no model drift.
- Postgres-native. Works with Supabase, Neon, RDS, or self-hosted, and any migration tool.
More background in the FAQ and the blog.
That's it — point your agent at https://vetosql.com/mcp and it can ask for a verdict before every query.