Introducing BlueRock Open Source MCP Python Hooks

Why we built this

Teams building with MCP are moving quickly from experimentation into real execution. Agents are invoking tools, triggering downstream behavior, and interacting across systems. As that shift happens, one gap becomes clear: it is difficult to see what actually ran once execution begins.

Most approaches capture requests, traces, or logs, but not real behavior. In MCP systems, execution is dynamic:  tools call other tools, dependencies execute code indirectly, and subprocesses are spawned as part of normal operation. Without visibility at that layer, teams are left reconstructing behavior after the fact.

We built BlueRock MCP Python Hooks as an open source project to address that gap. This release is the first step in a broader effort to make runtime visibility more accessible. We are sharing it early with the open source community because this is a problem that benefits from real-world usage, iteration, and contribution.

What the hooks capture

BlueRock MCP Python Hooks provide a lightweight way to capture runtime activity directly from within a Python application. The hooks attach at interpreter startup, before application code runs, which allows them to observe behavior across the full execution path without requiring code changes or SDKs.

They capture the operations that matter during execution:

• MCP protocol activity (tool calls, session lifecycle, client/server connections)

• Resource access triggered by tools

• Module imports across the dependency chain, including version and SHA-256 verification

• Process-level activity such as subprocess execution

All events are emitted as structured NDJSON and written locally, where they can be inspected directly or forwarded into existing pipelines. In addition, a self-contained Grafana + Loki stack for visualizing BlueRock security events is available. It reads NDJSON spool files produced by the OSS sensors and forwards them to Loki for querying and dashboarding in Grafana.

How it works in practice

The implementation uses native Python mechanisms rather than external instrumentation:

• Audit hooks capture security-sensitive operations such as subprocess spawning and low-level system activity

• Import hooks track every module loaded, including dependencies and their versions

• Framework-level hooks capture MCP-specific protocol interactions

Because instrumentation initializes at runtime startup, it covers:

• Your application code

• Your dependencies

• Their transitive dependencies

The goal is to make this immediately usable in real workflows:

• Run any Python script with a single command

• Capture execution activity within minutes

• Inspect locally or integrate into existing observability or security pipelines

This initial release is intentionally focused on capturing execution signals cleanly and reliably. It is designed to be simple, extensible, and useful out of the box.

As agent-driven systems continue to evolve, understanding execution will become a baseline requirement. We see this as an area where open source can play an important role in shaping how developers approach runtime visibility.

The repository and quickstart are available here:
GitHub: https://github.com/bluerock-io/bluerock 

More details: http://bluerock.io/developer-hub/mcp-python-hooks 

We are looking forward to feedback from the community and to building on this foundation.