BlueRock Secure MCP

Overview

BlueRock provides runtime observability and policy evaluation for applications built using the Model Context Protocol (MCP).

Instead of acting as an MCP server, BlueRock integrates with MCP applications through embedded sensors that operate within the application runtime.

When enabled, these sensors capture MCP interactions between clients and servers, providing visibility into how tools, resources, and prompts are used during execution.

This enables:

visibility into MCP interactions (tools, resources, prompts)
runtime policy evaluation
detection of sensitive data patterns
control over tool execution and resource access
generation of telemetry events

These capabilities apply to MCP applications implemented in:

Python
JavaScript / TypeScript

Policies are evaluated at runtime by the sensors, and resulting events are exported using OpenTelemetry (OTLP) to external observability systems such as CloudWatch.

MCP Architecture

Architecture Overview

BlueRock integrates with MCP applications at runtime using sensors.

MCP applications run inside a BlueRock instance along with the BlueRock kernel and sensors. These sensors capture interactions such as tool calls, resource access, and prompt invocation.

Policies are distributed from the control plane and evaluated during execution, and resulting events are exported using OpenTelemetry (OTLP) to external systems such as CloudWatch.

The diagram below illustrates how MCP applications, BlueRock sensors, and the control plane interact to enable runtime observability:

Policy Configuration

BlueRock policies define how MCP interactions are evaluated during application runtime.

Policies are evaluated by the BlueRock sensors embedded within MCP applications. As the application executes, sensors evaluate interactions such as tool calls, resource access, and prompt usage against the configured policies.

Based on the evaluation, policies can:

allow the interaction
generate a violation event
restrict or block specific behavior

Policy evaluation happens in real time, and all resulting events are exported using OpenTelemetry (OTLP) for monitoring.

Policies can be configured using JSON-based templates or CLI tools.

Example:

{
  "python_sensor": {
    "mcp": {
      "enable": true,
      "remediate": false
    }
  },
  "js_sensor": {
    "mcp": {
      "enable": true,
      "remediate": false
    }
  }
}

PreviousQuick Start NextMCP Sensor Observability

Last updated 1 month ago