VET is a small command-line program that sits beside coding agents like Claude Code, Codex, and Gemini CLI. It keeps a durable project memory that agents can replay, correct, and hand off to the next session.
Most agents rely on a rolling chat summary. Summaries are easy to use, but they can quietly drop old facts or keep facts that are no longer true. VET adds an append-only event log (a file that only grows; nothing is erased) plus tools to record corrections and verify handoffs before you trust them.
Use VET when an agent must remember things like:
- release rules or benchmark decisions
- user corrections ("that old fact was wrong")
- tool results that should survive a session restart or agent swap
Download a release for your platform from GitHub Releases:
- macOS (Apple Silicon):
VET-macos-arm64 - Windows (64-bit):
VET-windows-x86_64.exe
Put it on your path as vet:
chmod +x VET-macos-arm64
sudo mv VET-macos-arm64 /usr/local/bin/vetWindows PowerShell:
New-Item -ItemType Directory -Force "$env:USERPROFILE\bin" | Out-Null
Move-Item .\VET-windows-x86_64.exe "$env:USERPROFILE\bin\vet.exe"vet initThis creates a local folder .vet/ (ignored by git) with:
events.dpmlog— the append-only memory logaid.json— an Agent Identity Document (AID) that describes this session
vet record --type user --payload "Release builds must ship macOS and Windows binaries."
vet record --type model --payload "CI uploaded vet-v0.1.0 with checksum files."
vet correction \
--text "The escape metric definition changed." \
--invalidated-fact "escape counts any stale text in memory" \
--replacement-fact "escape counts only when stale text reaches the final answer"A correction does not delete old log entries. It adds a new entry that tells the agent which facts to stop using.
Plain-text handoff (easy to paste into a chat):
vet handoff --task "Continue the release notes"JSON handoff (for verification):
vet handoff --task "Continue the release notes" --format json --out handoff.json
vet verify --bundle handoff.json --jsonIf verification passes, you see "verified": true. If someone tampered with the log or bundle, verification fails with a named reason in failure_details.
VET does not replace your coding agent.
The agent still uses its normal chat history for flow. VET adds a replayable memory layer for facts that must survive handoffs and corrections:
vet record— append important events to the logvet correction— mark old facts as invalid and add replacementsvet handoff— produce task memory that respects correctionsvet prompt— build a compact, cited memory view from the logvet verify— check that a JSON handoff still matches the live log
Forgetting happens by correction, not by erasing history. The log stays complete for audit; handoffs tell the agent what is active vs suppressed.
VeriHandoff is the end-to-end demo that shows verification working. It includes:
| Piece | What it does |
|---|---|
run_demo.sh |
Runs a full session, verifies, then shows tampering fails |
verify.html |
Browser page to read verify results without parsing JSON |
| Golden fixtures + CI | Automated check that verification still passes |
bazelisk build --config=vet_release_no_android //tools/vet:vet
tools/vet/examples/verihandoff/run_demo.sh
open tools/vet/examples/verihandoff/verify.htmlDetails: tools/vet/examples/verihandoff/README.md
- session identity matches
- Agent Identity Document (AID) unchanged
- log digest matches (BLAKE3 hash over the log file)
- event counts and correction counts match
- log structure is valid (order, identities)
- whether the host agent ran the right tools
- whether a language model (LLM) API call really happened
- raw HTTP transcripts from tools
Those limits are listed in aid.json under claims.does_not_verify.
Ready-to-copy skill files live in tools/vet/agent_assets:
tools/vet/install_agent_asset.sh codex --scope project
tools/vet/install_agent_asset.sh claude --scope project
tools/vet/install_agent_asset.sh geminiEach skill tells the agent to call vet handoff before relying on old memory and vet correction when the user fixes a stale fact.
If vet is not on your path:
export VET_BIN=/absolute/path/to/vetvet status --json
vet events --max-events 20
vet record --type tool --payload "bazel build //tools/vet:vet succeeded"
vet handoff --task "Review the release workflow"
vet prompt --task "Summarize decisions for the next agent"Event types
| Type | Use for |
|---|---|
user |
durable user constraints or decisions |
model |
accepted agent decisions or outcomes |
tool |
important command results |
internal |
local notes that should be replayable |
correction |
invalidations and replacement facts |
Default location: .vet/<tenant>/<session>/
Custom location:
vet init --root /secure/vet/logs --tenant acme --session release
vet handoff --root /secure/vet/logs --tenant acme --session release --task "Ship release"bazelisk build --config=vet_release_no_android //tools/vet:vetThe vet_release_no_android build flag avoids pulling Android build rules on machines that happen to have Android tools installed.
- Architecture (Deterministic Projection Memory runtime):
docs/architecture-overview.md - VET tool reference:
tools/vet/README.md - Agent gate hooks demo:
tools/agent_hooks/README.md - Benchmarks:
tools/benchmarks/ - Public explainer site: https://maceip.github.io/vet/
This project shares a name with the academic paper VET Your Agent: Towards Host-Independent Autonomy via Verifiable Execution Traces (Oxford, December 2025):
https://arxiv.org/abs/2512.15892
That paper focuses on cryptographic proof that an autonomous agent's outputs match a declared configuration, even when the host machine is untrusted. This repository's VET sidecar applies a related idea to coding agents: bind handoffs to an append-only log and an Agent Identity Document (AID) so others can run vet verify and see whether memory was tampered with. We do not implement the paper's web proofs or trading-agent demo; see tools/vet/examples/verihandoff/ for our worked example.