Skip to main content
Brane can govern MCP tool access by modeling each MCP server, tool, resource, or prompt as a capability. Policies can then allow or deny MCP actions based on agent identity, tenant, environment, tool risk, input arguments, and runtime metadata. MCP expands the action surface of an AI agent. Brane gives that expanded surface a policy layer.

Why MCP Needs Policy

An MCP server can expose many tools and resources behind one connection. Without runtime policy, the agent may be able to call tools that were not intended for the current user, tenant, environment, or workflow. Brane’s control model is:

Capability Naming For MCP

Use namespaced capability names for MCP tools:
Namespaced names make it easier to write exact-match and wildcard policies.

Example: Block MCP Writes In Production

Example: Allow Read-Only MCP Database Queries

Current Status

The core runtime supports the capability and policy model today. Dedicated MCP adapters are planned. Until a dedicated adapter ships, use Brane’s core runtime to wrap MCP-facing functions or adapter boundaries in your own application code.