Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.brane.membranelabs.org/llms.txt

Use this file to discover all available pages before exploring further.

Brane is policy-as-code for AI agents. Developers write normal Python functions that inspect an attempted agent action and return a structured decision such as allow or deny. The policy runs at runtime before the agent uses a capability, so the policy can block unsafe tool calls, database queries, model calls, MCP tools, memory writes, file access, and other actions.

What Policy-as-Code Means In Brane

A Brane policy is not a prompt. A Brane policy is application code: 
from brane import Decision

@runtime.before_capability("refund_customer")
def refund_limit(ctx):
    amount = ctx.arg("amount_usd", 0)
    if amount > 100:
        return Decision(type="deny", reason="Refund exceeds $100 limit")
    return Decision(type="allow")
Because policies are Python functions, they can use your application context, tenant settings, environment, risk metadata, scopes, and audit rules.

Why Policy-as-Code Is Better Than Prompt Rules

Prompt rules are advisory. Policy code is enforceable.
ApproachWhat it can doLimitation
Prompt instructionTell the model what behavior is expectedThe model may ignore or misunderstand it
Output filterInspect final textThe action may already have happened
Brane policyIntercept the attempted actionRequires registering capabilities
Brane policies run before the consequence occurs.

Policy Inputs

Every policy receives a PolicyContext. The context includes:
  • The capability being attempted
  • The input arguments
  • The agent identity
  • The principal identity
  • The tenant
  • The environment
  • The capability risk level
  • The output for after-capability policies

Policy Output

Every policy returns a Decision: 
Decision(type="allow")
Decision(type="deny", reason="Only SELECT queries are allowed")
Today, allow and deny are implemented. Additional decision types such as approval_required, redact, transform_input, and transform_output are planned.