BlueRock Agent Sandbox

Overview

The BlueRock Agent Sandbox – BRACE (BlueRock Agent Control Environment) – is an isolated execution runtime designed to contain autonomous AI agents. Unlike traditional containers, BRACE provides process and filesystem level isolation with deep Model Context Protocol (MCP) visibility.

The BRACE sandbox is designed to provide visibility of all agent process executions, filesystem accesses and pythonic MCP events to give developers observability into their agent execution. Any agent can run inside the sandbox, but MCP events are currently supported for Python only (support for Typescript and JavaScript is coming soon). BRACE is offered as a free product for observability of agent events and tool calls and process isolation. The product also offers guardrail control capabilities for the MCP tool calls and filesystem access via a paid license.

Key Capabilities:

• Observability: Provides event tracing for agent and associated process activity

• Process Isolation: Runs agents in separate process ID (PID) namespaces.

• Filesystem Isolation: Restricts host directory access via granular bind mounts.

• Network Isolation: Blocks or limits outgoing connections to trusted CIDRs using nftables.

• Zero-Change Deployment: Works with most agent frameworks with a single CLI command.

This documentation guide provides details on steps to deploy and configure the sandbox for agentic building and deployment.