> For the complete documentation index, see [llms.txt](https://docs.bluerock.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.bluerock.io/bluerock-secure-mcp/bluerock-secure-mcp.md).
# BlueRock Secure MCP
## Overview
BlueRock provides runtime observability and policy evaluation for applications built using the Model Context Protocol (MCP).
Instead of acting as an MCP server, BlueRock integrates with MCP applications through embedded sensors that operate within the application runtime.
When enabled, these sensors capture MCP interactions between clients and servers, providing visibility into how tools, resources, and prompts are used during execution.
This enables:
* visibility into MCP interactions (tools, resources, prompts)
* runtime policy evaluation
* detection of sensitive data patterns
* control over tool execution and resource access
* generation of telemetry events
These capabilities apply to MCP applications implemented in:
* **Python**
* **JavaScript / TypeScript**
Policies are evaluated at runtime by the sensors, and resulting events are exported using OpenTelemetry (OTLP) to external observability systems such as CloudWatch.
***
## MCP Architecture
#### Architecture Overview
BlueRock integrates with MCP applications at runtime using sensors.
MCP applications run inside a BlueRock instance along with the BlueRock kernel and sensors. These sensors capture interactions such as tool calls, resource access, and prompt invocation.
Policies are distributed from the control plane and evaluated during execution, and resulting events are exported using OpenTelemetry (OTLP) to external systems such as CloudWatch.
The diagram below illustrates how MCP applications, BlueRock sensors, and the control plane interact to enable runtime observability:
***
## Policy Configuration
BlueRock policies define how MCP interactions are evaluated during application runtime.
Policies are evaluated by the BlueRock sensors embedded within MCP applications. As the application executes, sensors evaluate interactions such as tool calls, resource access, and prompt usage against the configured policies.
Based on the evaluation, policies can:
* allow the interaction
* generate a violation event
* restrict or block specific behavior
Policy evaluation happens in real time, and all resulting events are exported using OpenTelemetry (OTLP) for monitoring.
Policies can be configured using JSON-based templates or CLI tools.
Example:
```json
{
"python_sensor": {
"mcp": {
"enable": true,
"remediate": false
}
},
"js_sensor": {
"mcp": {
"enable": true,
"remediate": false
}
}
}
```
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.bluerock.io/bluerock-secure-mcp/bluerock-secure-mcp.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.