AI agent safety is not only a prompt problem. Production agents create risk when they take actions: call tools, query databases, write memory, invoke MCP tools, access files, use secrets, call models, or hand work to another agent. Brane improves AI agent safety by enforcing policy at that action boundary.Documentation Index
Fetch the complete documentation index at: https://docs.brane.membranelabs.org/llms.txt
Use this file to discover all available pages before exploring further.
The Safety Boundary
Traditional model safety asks whether a model produced unsafe text. Agent safety also has to ask whether the agent attempted an unsafe action.What Brane Adds
Brane adds a policy decision before capability execution:- Do not issue refunds above a tenant limit.
- Do not run write SQL in production.
- Do not call high-risk tools without approval metadata.
- Do not access another tenant’s data.
- Do not invoke high-risk MCP tools in production.
- Do not return outputs that contain secrets or PII.
Agent Safety Categories Brane Covers
| Category | Brane control point |
|---|---|
| Tool safety | Register tools as capabilities and evaluate policies before calls |
| Data safety | Inspect queries, namespaces, tenants, and output |
| MCP safety | Treat MCP tools and resources as capabilities |
| Memory safety | Govern memory reads and writes as capabilities |
| Model safety | Govern model calls, routing, and cost policies |
| Workflow safety | Govern agent handoffs and delegated actions |
| Auditability | Record decisions and action outcomes |