Runtime security sensor for Python — monitors imports, process execution, dynamic code, network calls, and AI frameworks

These details have not been verified by PyPI

Project description

BlueRock MCP Python Hooks

Lightweight runtime security sensor for Python MCP servers. Monitors MCP protocol interactions and module imports — emitting structured NDJSON events for every operation, with zero code changes.

Install

python3 -m venv venv && source venv/bin/activate
pip install bluerock[oss]

This installs:

bluerock — Python sensor (hooks, instrumentation, CLI)
bluerock-oss — Rust DSO backend that handles event writing

Quick Start

Create a sensor config and run any Python script under BlueRock:

mkdir -p ~/.bluerock
echo '{"enable": true, "mcp": true, "imports": true}' > ~/.bluerock/bluerock-oss.json
python -m bluerock --oss --cfg-dir ~/.bluerock your_script.py

Events are written to ~/.bluerock/event-spool/python-{pid}-{tid}.{generation}.ndjson:

cat ~/.bluerock/event-spool/python-*.ndjson | jq .event

What Gets Monitored

Core hooks (always active)

Category	Events
Imports	`python_import` — name, path, file, package, version, SHA256, change detection

Framework hooks (zero overhead if not imported)

Framework	Events
MCP	`python_mcp_event`, `python_mcp_server_init`, `python_mcp_server_add`, `python_mcp_session_created`, `python_mcp_session_terminated`, `python_mcp_client_connect`

MCP hooks use @wrapt.when_imported() — loaded only when your application imports mcp or fastmcp.

Want more? The full version supports 30+ hook categories covering process spawns, dynamic code execution, serialization, HTTP frameworks, LLM APIs, and more.

Event Format

Every line in the NDJSON log is a timestamped envelope wrapping an event. Use jq .event to unwrap:

{
  "ts": "2026-04-02T10:00:00.123456Z",
  "event": {
    "meta": {
      "name": "python_mcp_server_add",
      "type": "event",
      "origin": "bluepython",
      "sensor_id": 1,
      "source_event_id": 5,
      "uuid": "component-uuid-v4"
    },
    "context": {
      "process": { "pid": 12345 }
    },
    "element": {
      "type": "tool",
      "name": "add",
      "description": "Add two numbers."
    }
  }
}

CLI Reference

python3 -m bluerock --oss [OPTIONS] [script.py | -m module] [args...]

Options:
  --oss                Use OSS backend (also auto-detected when bluerock-oss is installed)
  --cfg-dir DIR        Load sensor config from DIR/bluerock-oss.json (see CONFIG.md)
  -m MODULE            Run a Python module instead of a script
  --debug              Print debug logs to stderr
  --install            Install bluerock autostart (sitecustomize)
  --uninstall          Remove bluerock autostart

Uninstall

For the standard venv install, uninstall is a single pip call:

pip uninstall -y bluerock-oss bluerock

If you also ran python -m bluepython.installer install --oss to wire the sensor into interpreter startup, remove that first, then pip uninstall:

python -m bluepython.installer uninstall
pip uninstall -y bluerock-oss bluerock

User data under ~/.bluerock/ (config, event spool) is left in place. Remove it for a full wipe:

rm -rf ~/.bluerock

Requirements

Python >= 3.10 (tested up to 3.13)
Linux (x86_64, aarch64) or macOS (Intel, Apple Silicon)

License

Apache 2.0

Project details

These details have not been verified by PyPI

Release history Release notifications | RSS feed

This version

0.2.0

Jun 8, 2026

0.1.0

Apr 17, 2026

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

bluerock-0.2.0-py3-none-any.whl (25.6 kB view details)

Uploaded Jun 8, 2026 Python 3

File details

Details for the file bluerock-0.2.0-py3-none-any.whl.

File metadata

Download URL: bluerock-0.2.0-py3-none-any.whl
Upload date: Jun 8, 2026
Size: 25.6 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for bluerock-0.2.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`44f0770b65612e63403076b69ebbeea8258a8e9d3f170e9c8e84f3574ac6358e`
MD5	`ec38b5646459ccbe8af4c503fc663757`
BLAKE2b-256	`3f771a081e58ac54ee81392794d452b4072294a9f13e44791079b7bab188970e`

See more details on using hashes here.

Provenance

The following attestation bundles were made for bluerock-0.2.0-py3-none-any.whl:

Publisher: release.yml on bluerock-io/bluerock

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: bluerock-0.2.0-py3-none-any.whl
- Subject digest: 44f0770b65612e63403076b69ebbeea8258a8e9d3f170e9c8e84f3574ac6358e
- Sigstore transparency entry: 1756077890
- Sigstore integration time: Jun 8, 2026
Source repository:
- Permalink: bluerock-io/bluerock@86b56e23823eaf9694224baf44ad535ae8298f75
- Branch / Tag: refs/tags/v0.2.0
- Owner: https://github.com/bluerock-io
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: release.yml@86b56e23823eaf9694224baf44ad535ae8298f75
- Trigger Event: push

bluerock 0.2.0

Navigation

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Classifiers