Runtime security sensor for Python — monitors imports, process execution, dynamic code, network calls, and AI frameworks
Project description
BlueRock
Runtime security sensor for Python applications. Monitors MCP protocol interactions and module imports — emitting structured NDJSON events for every operation, with zero code changes.
Install
python3 -m venv venv && source venv/bin/activate
pip install bluerock[oss]
This installs:
- bluerock — Python sensor (hooks, instrumentation, CLI)
- bluerock-oss — Rust DSO backend that handles event writing
Quick Start
Create a sensor config and run any Python script under BlueRock:
mkdir -p ~/.bluerock
echo '{"enable": true, "mcp": true, "imports": true}' > ~/.bluerock/bluerock-oss.json
python -m bluepython --oss --cfg-dir ~/.bluerock your_script.py
Events are written to ~/.bluerock/event-spool/python-{pid}-{tid}.{generation}.ndjson:
cat ~/.bluerock/event-spool/python-*.ndjson | jq .event
What Gets Monitored
Core hooks (always active)
| Category | Events |
|---|---|
| Imports | python_import — name, path, version, SHA256 |
Framework hooks (zero overhead if not imported)
| Framework | Events |
|---|---|
| MCP | python_mcp_event, python_mcp_server_init, python_mcp_server_add, python_mcp_session_created, python_mcp_session_terminated, python_mcp_client_connect |
MCP hooks use @wrapt.when_imported() — loaded only when your application imports mcp or fastmcp.
Want more? The full version supports 30+ hook categories covering process spawns, dynamic code execution, serialization, HTTP frameworks, LLM APIs, and more.
Event Format
Every line in the NDJSON log is a timestamped envelope wrapping an event. Use jq .event to unwrap:
{
"ts": "2026-04-02T10:00:00.123456Z",
"event": {
"meta": {
"name": "python_mcp_server_add",
"type": "event",
"origin": "bluepython",
"sensor_id": 1,
"source_event_id": 5,
"uuid": "component-uuid-v4"
},
"context": {
"process": { "pid": 12345 }
},
"element": {
"type": "tool",
"name": "add",
"description": "Add two numbers."
},
"entity_id": "550e8400-e29b-41d4-a716-446655440000"
}
}
CLI Reference
python3 -m bluepython --oss [OPTIONS] [script.py | -m module] [args...]
Options:
--oss Use OSS backend (also auto-detected when bluerock-oss is installed)
--cfg-dir DIR Load sensor config from DIR/bluerock-oss.json (see CONFIG.md)
-m MODULE Run a Python module instead of a script
--debug Print debug logs to stderr
--install Install bluerock autostart (sitecustomize)
--uninstall Remove bluerock autostart
Links
Requirements
- Python >= 3.10 (tested up to 3.13)
- Linux (x86_64, aarch64) or macOS (Intel, Apple Silicon)
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bluerock-0.1.0-py3-none-any.whl.
File metadata
- Download URL: bluerock-0.1.0-py3-none-any.whl
- Upload date:
- Size: 24.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3079b59a1d5f7a6fdecf09c6048ba69548506ae52ddcebef1ff129871164a0d3
|
|
| MD5 |
19c7d6f63e6ce7d3426b94b628857cec
|
|
| BLAKE2b-256 |
97fa301fa3532345e5e480c9272fbfb4a68a5b0845282e33ae10a02d6b760d84
|
