Veto by Ona uses Linux Security Module (LSM) hooks with binary content hash verification to block unauthorized binary execution. It's immune to path manipulation attacks because it verifies the actual binary content, not just the path. However, Veto is narrowly focused on execution blocking — it doesn't monitor file access, provide interactive approval workflows, or offer per-agent network visibility. Guardian Shell provides a broader security surface.
Feature Comparison
| Feature | Guardian Shell | Veto |
|---|---|---|
| Cgroup-based agent isolation | Guardian Launcher (default) | ✕ |
| Binary execution blocking | ✓ | ✓ |
| Binary content hash verification | ✕ | ✓ |
| File access monitoring/enforcement | ✓ | ✕ |
| Network connection monitoring | ✓ | ✕ |
| Per-agent policies | ✓ | System-wide only |
| Interactive approval workflow | ✓ | ✕ |
| Path manipulation immune | Normalized | Hash-based |
| Web dashboard | ✓ | ✕ |
| Alerting integration | Slack, email, webhooks | ✕ |
| Audit logging | SQLite + JSONL | Basic |
| Approach | eBPF + LSM | LSM only |
| Deployment | Single binary | Single binary |
Why Choose Guardian Shell
- ✓Cgroup-based agent isolation — each agent runs in a dedicated cgroup with unspoofable identity, resource limits, and per-agent policies via Guardian Launcher
- ✓Monitors file access, not just binary execution — protects SSH keys, credentials, configs
- ✓Interactive approval workflows — humans approve sensitive access in real time
- ✓Network connection monitoring — visibility into agent outbound connections
- ✓Per-agent policies — different rules for different AI agents
- ✓Web dashboard and alerting (Slack, email, webhooks, Prometheus)
- ✓Comprehensive audit trail with SIEM-compatible JSON logging
The Verdict
Veto excels at one thing: preventing unauthorized binary execution using content hash verification that's immune to path manipulation. This makes it superior for exec blocking specifically. But Veto doesn't monitor file reads, doesn't provide network visibility, and doesn't offer interactive approval workflows. Guardian Shell covers a much broader security surface — file access, command execution, network connections, per-agent policies, and human-in-the-loop approvals. The two tools are highly complementary: use Veto for bulletproof exec blocking and Guardian Shell for everything else.