Configuring a BlueRock Agent Sandbox for Observability

The BRACE binary is present in all instances at /opt/bluerock/bin/brace

1. Login to the EC2 instance using the username ec2-user and the SSH key provided for a PaaS environment or the key specified during your launch via the Amazon Marketplace.

2. By default, the BlueRock Sandbox is configured to run in observability mode without guardrails enforced. NOTE: Observe mode is free. Guardrails can only be enforced with the PaaS deployment or a paid license for BlueRock.

3. To view a list of available command arguments, type: /opt/bluerock/bin/brace -h The following output will appear:

BlueRock Sandbox - A sandbox for applications. 

Usage: brace [OPTIONS] [-- <TARGET>...] 

Arguments: [TARGET]... Program (with arguments) to run in the sandbox. 

Options: 
--socket <SOCKET> [default: /run/bluerock/sensor] 
--name <NAME> [default: sandbox] 
--network-config <NETWORK_CONFIG> Required network config for network isolation 
--list-network-configs List available network firewall configurations and exit 
-l, --logfile <LOGFILE> The path to the log file. [default: ./BRace.log] 
-K, --clear-env Clear all environment variables. 
-e, --env <ENV> Set environment variable. 
-h, --help Print help 
-V, --version Print version

1. The sandbox is invoked via a command-line argument. To launch the sandbox, invoke the following command:

This will invoke the sandbox and a target command or agent executable. The -l flag creates a local file BRace_rCURRENT.log in the specified path. Example of command-line agent invocation:

In the above example, the stdout will log messages to console.

Example of shell invocation of an agent:

Example of CrewAI running inside sandbox:

NOTE: when using the -l flag, a filename must be specified. However, the local log file will be created in the path specified with the name brace_rCURRENT.log . This is a known issue and will be fixed in an upcoming release