Skip to main content
Brane is policy-as-code for AI agents. Developers write normal Python functions that inspect an attempted agent action and return a structured decision such as allow or deny. The policy runs at runtime before the agent uses a capability, so the policy can block unsafe tool calls, database queries, model calls, MCP tools, memory writes, file access, and other actions.

What Policy-as-Code Means In Brane

A Brane policy is not a prompt. A Brane policy is application code:
Because policies are Python functions, they can use your application context, tenant settings, environment, risk metadata, scopes, and audit rules.

Why Policy-as-Code Is Better Than Prompt Rules

Prompt rules are advisory. Policy code is enforceable. Brane policies run before the consequence occurs.

Policy Inputs

Every policy receives a PolicyContext. The context includes:
  • The capability being attempted
  • The input arguments
  • The agent identity
  • The principal identity
  • The tenant
  • The environment
  • The capability risk level
  • The output for after-capability policies

Policy Output

Every policy returns a Decision:
Today, allow and deny are implemented. Additional decision types such as approval_required, redact, transform_input, and transform_output are planned.