Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.brane.membranelabs.org/llms.txt

Use this file to discover all available pages before exploring further.

What is built, what is coming next, and where Brane is going.

Now: brane-core

Available today:
  • Runtime coordinator
  • Capability dataclass with full metadata
  • Effect and SideEffect dataclasses
  • Scope dataclass
  • AgentAction dataclass
  • Decision with allow and deny
  • PolicyContext with convenience properties and methods
  • Policy dataclass with metadata and priority
  • CapabilityRegistry
  • PolicyRegistry
  • PolicyEngine with exact match, wildcard, priority, and deny-wins behavior
  • InterceptRequest and InterceptResult
  • CapabilityInterceptor
  • CallableCapabilityInterceptor for synchronous functions
  • @runtime.capability decorator
  • @runtime.before_capability decorator
  • @runtime.after_capability decorator
  • runtime.wrap_capability
  • runtime.create_action and runtime.evaluate_action
  • CapabilityDeniedError and CapabilityNotFoundError

Next: Runtime Completeness

  • Async function wrappers
  • AuditEvent schema and AuditSink interface
  • MemoryAuditSink and JsonlAuditSink
  • approval_required Decision type
  • ApprovalProvider interface and CLI provider
  • on_error policy stage interception
  • transform_input Decision type
  • transform_output Decision type
  • redact Decision type
  • Capability grants with GrantRegistry and agent grant model
  • Error stage interception
  • Input mutation support

After: Integrations

  • brane-integrations-langgraph: LangGraph tool and model call interception
  • brane-integrations-crewai: CrewAI tool wrapping and delegation governance
  • brane-integrations-openai-agents: OpenAI Agents SDK function tool wrapping
  • brane-mcp: MCP server, tool, and resource governance
  • Framework adapter base contract and testing harness
  • Streaming interception

Platform: Brane Cloud

  • Remote policy evaluation API
  • Policy bundles: versioned, environment-pinned policy packages
  • Audit ingestion API
  • CloudAuditSink
  • Approval workflow API and dashboard approval queue
  • Capability catalog with search and risk review
  • Policy bundle promotion between environments
  • Fail-open and fail-closed modes for remote decision calls

Platform: Dashboard and CLI

  • Brane Dashboard: agents, capabilities, policies, audit logs, approvals, traces
  • Brane CLI: policy test/push/pull, capability listing, audit tail
  • Policy simulator for synthetic actions
  • Team management and roles
  • Webhooks for approval events and high-risk denials

Governance: Specialized Surfaces

  • Model governance: cost budget policies, provider routing, output policies
  • Memory governance: namespace enforcement, PII policies, memory poisoning controls
  • Retrieval governance: tenant filter enforcement, document classification, result redaction
  • Filesystem governance: path allowlists, extension policies, data export controls
  • Secret governance: invocation-bound credentials, audit-safe secret handling
  • Sandbox governance: network, filesystem, CPU/memory, and time restrictions
  • Browser and computer-use governance: domain allowlists, form submission controls
  • Multi-agent governance: delegation policies, subagent spawn controls, identity delegation

Design Direction

The full Brane platform gives every agent action a complete governance record: who attempted it, what capability it used, what policy evaluated it, what decision was returned, and what effect it had. That record enables compliance workflows, approval queues, trace timelines, cost attribution, and security review without changes to the agent code. The mental model stays the same through all platform layers: 
Capability + AgentAction + PolicyContext -> Policy -> Decision
Local runtime, cloud runtime, dashboard, CLI, and every integration reduce to this formula. Framework adapters translate native tool calls into AgentActions. Policy bundles bring policies down from the cloud. The dashboard makes the control surface visible. Audit makes it auditable. The local runtime works today without any cloud dependency. Connect to Brane Cloud when you need central policy management, cross-service audit, or dashboard approval workflows.