Start Here

Core Concepts

Mental Model
Capability
AgentAction
Decision
PolicyContext
Effects & Side Effectssoon
Identity & Principalssoon

Python SDK

Runtime
Capability Decorator
Wrapping Functions
Manual Evaluation
Error Handling
Testingsoon

Policy Runtime

Writing Policies
Before Capability
After Capability
On Error Policiessoon
Policy Matching
Decision Compositionpartial
Policy Testingsoon

Interception

Overview
InterceptRequest
InterceptResult
Callable Interceptor
Async Interceptionsoon
Streamingsoon

Capabilities

Registry
Grantssoon
Catalogsoon
Schemaspartial

Integrations

Overviewsoon
LangGraphsoon
CrewAIsoon
OpenAI Agents SDKsoon
MCPsoon
Custom Adaptersoon

Cloud

Overviewsoon
Remote Decisionssoon
Audit Ingestionsoon
Policy Bundlessoon
Dashboardsoon

Recipes

SQL Read-Only
Refund Limit
Block High-Risk Tool
Sensitive Output
Tenant Isolation
Human Approvalsoon
PII Redactionsoon

Reference

Roadmap

brane-core · early release

Brane Documentation

Govern every action your AI agents attempt.

One idea to hold. Brane controls what agents are allowed to do before they use capabilities — not only what the model outputs.

Most agent safety focuses on the text a model produces. Brane focuses on what the agent does.

An LLM response is text. An agent action is a tool call, a model call, a memory write, a database query, a secret read, or a handoff to another agent. Each of these has real-world consequences. Brane puts a programmable control layer around all of them.

The core control loop:

Capability + AgentAction + PolicyContext → Policy → Decision

A Capability is anything an agent can use.
An AgentAction is one attempted use of that capability.
A PolicyContext is the policy author's view of the action.
A Decision is what the runtime enforces.

Quickstart

Install brane-core and write your first capability policy in five minutes.

Mental Model

Capability + AgentAction + PolicyContext → Decision. The control loop in one formula.

Writing Policies

Write before and after capability policies. Real application logic, not prompt instructions.

Current Status

What is implemented today and what is planned. Every component labeled honestly.

What Brane Controls

Brane governs any action an agent can take, not just tool calls:

Tool calls
Model calls
Memory reads and writes
Retrieval and vector queries
Database queries
External API calls
MCP tool calls
File reads and writes
Secret access
Sandbox execution
Agent handoffs

The pattern is the same for all of them. Register the capability. Write a policy. The runtime intercepts, evaluates, and enforces.

What Brane Does Not Replace

Brane is a runtime control layer. It does not replace IAM, network security, secrets management, database permissions, or application authorization. It sits alongside them as the layer that governs agent-specific action patterns.

Package

The current package is brane-core: the local, framework-independent Python runtime. Integrations (LangGraph, CrewAI, OpenAI Agents SDK, MCP) and cloud services (remote policy evaluation, audit, approvals, dashboard) are in progress.

See Current Status for a full breakdown of what is implemented today and what is planned.