Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.brane.membranelabs.org/llms.txt

Use this file to discover all available pages before exploring further.

Brane is a runtime guardrail system for AI agents. Instead of only checking prompts or model output, Brane intercepts the actions an agent attempts to take and evaluates Python policy functions before those actions execute. This makes Brane useful when an agent can call tools, query databases, write memory, use MCP tools, access files, call models, trigger workflows, or hand work to another agent.

Why Agent Guardrails Need Runtime Control

Prompt instructions can ask an agent to behave safely, but prompt instructions do not enforce what the agent can do. Output filters can catch unsafe text, but output filters often run after the agent has already used a tool or changed external state. Runtime guardrails sit at the action boundary: 
agent attempts action -> Brane policy evaluates -> allow or deny -> action runs or is blocked
That boundary is where production risk happens.

What Brane Can Govern

Brane models every governed surface as a Capability. A capability can be:
  • A tool call
  • A model call
  • A database query
  • A memory read or write
  • A retrieval request
  • An MCP tool call
  • A file read or write
  • A secret access
  • A sandbox execution
  • Another agent or workflow
The same policy runtime governs all of these surfaces.

Example: Block High-Risk Actions In Production

from brane import Decision, Runtime

runtime = Runtime(agent_id="support-agent", environment="prod")

@runtime.before_capability("*")
def block_high_risk_in_prod(ctx):
    if ctx.is_prod and ctx.is_high_risk:
        return Decision(
            type="deny",
            reason="High-risk capability use is blocked in production",
        )
    return Decision(type="allow")
This policy applies to every registered capability. It does not depend on a specific framework, tool name, or prompt.

When To Use Brane

Use Brane when an AI agent has access to capabilities that can create real consequences:
  • Customer support agents that issue refunds or update accounts
  • Data agents that query production databases
  • Research agents that browse, retrieve, or call external APIs
  • Coding agents that read files, write files, or run shell commands
  • MCP-connected agents with access to many tools
  • Multi-agent systems that delegate work across agents