Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.brane.membranelabs.org/llms.txt

Use this file to discover all available pages before exploring further.

Brane controls what agents are allowed to do before they use capabilities, not only what the model outputs. Most agent safety focuses on the text a model produces. Brane focuses on what the agent does. An LLM response is text. An agent action is a tool call, a model call, a memory write, a database query, a secret read, or a handoff to another agent. Each of these has real-world consequences. Brane puts a programmable control layer around all of them. The core control loop: 
Capability + AgentAction + PolicyContext -> Policy -> Decision
A Capability is anything an agent can use. An AgentAction is one attempted use of that capability. A PolicyContext is the policy author’s view of the action. A Decision is what the runtime enforces.

What Brane Controls

Brane governs any action an agent can take, not just tool calls:
  • Tool calls
  • Model calls
  • Memory reads and writes
  • Retrieval and vector queries
  • Database queries
  • External API calls
  • MCP tool calls
  • File reads and writes
  • Secret access
  • Sandbox execution
  • Agent handoffs
The pattern is the same for all of them. Register the capability. Write a policy. The runtime intercepts, evaluates, and enforces.

What Brane Does Not Replace

Brane is a runtime control layer. It does not replace IAM, network security, secrets management, database permissions, or application authorization. It sits alongside them as the layer that governs agent-specific action patterns.

Package

The current package is brane-core: the local, framework-independent Python runtime. Integrations for LangGraph, CrewAI, OpenAI Agents SDK, MCP, and cloud services such as remote policy evaluation, audit, approvals, and dashboard are in progress. See Current Status for a full breakdown of what is implemented today and what is planned.