FastMCP + BlueRock MCP Server is now live on AWS Marketplace. View listing →
Not Just Containers — Model Context Control
Agent Sandbox 1.0
✓ Process isolation
✗ No MCP protocol visibility
✗ No action-level control
✗ No execution control
✗ No MCP awareness
Agent Sandbox 2.0
✓ Process isolation
✓ Full MCP visibility (tools, data, execution)
✓ Action-level tracing
✓ Context and execution control
✓ Full MCP protocol event visibility
Agents are non-deterministic.
They don't follow scripts—they adapt, retry, and find alternate paths.
BlueRock Agent Sandbox 2.0 keeps surprises from biting you.
Built for developers. Not retrofitted for them.
Move fast, experiment safely
Try new tools, prompts, and workflows without worrying about agents going off mission. When something unexpected happens, you see it immediately—before it touches production.
Full visibility into agent behavior
See which tools are called, with what parameters, and how flows evolve over time. Trace actions across tools → data → execution in one view.
Run it your way
Deploy in your own environment, or spin up Sandbox 2.0 in an isolated VPC with observability built in. No architectural changes required.
Start in minutes. Iterate with confidence.
Step 1
Install Sandbox
One command
Step 2
Run Your Agent
Zero changes
Step 3
See Actions.
Stay Protected.
Full visibility & control
Step 1: Install (one time)$ pip install bluerock-sandbox
Step 2: Run your agent (zero code changes)$ bluerock sandbox start --agent my_crewai_agent
✓ Sandbox active
✓ MCP visibility enabled
✓ Connected to 3 trusted servers
✓ Code Execution Shield active
→ Dashboard: http://localhost:8080
Safe to experiment. Full visibility enabled.
Three Boundaries covered:
Tools
Tool call tracing
MCP protocol visibility
Safe MCP server routing
Data
File/data access protection
Access isolation per agent
Unexpected access detection
Execution
Container-level isolation
Code Execution Shield
Subprocess containment
Additional capabilities:
Process and file system isolation • Transport protocol enforcement • Restricted server connections • Drift detection and hotspot identification • Full auditing of process and tool execution
In early testing, Sandbox 2.0 contained poisoned tools attempting code injection during MCP server initialization. When the initial exploit failed, the agent independently tried a variation—which the sandbox also prevented.
Why it matters: Agents adapt. Your sandbox should too.
Deploy your way. Graduate when you're ready.
Run in Your Environment
Deploy via daemon-set or container image
One-line CLI or baked into your image
No infrastructure changes required
Same runtime substrate as production
Best for: teams who want full control
Sandbox PaaS
Hosted sandbox in an isolated VPC
Spin up in minutes
Observability and event layer included
OTEL-native event export
Best for: rapid prototyping and early-stage projects
From sandbox to production—one platform.
Policies you develop in Sandbox 2.0 translate directly to production guardrails.
No re-architecture. No context switching.
BlueRock Agent Sandbox 2.0 FAQ
What is Agent Sandbox 2.0?
Agent Sandbox 2.0 is an isolated execution environment for building and testing AI agents safely. It provides process and file system isolation, full MCP protocol visibility, and pre-execution guardrails—all invoked with a single command. It protects your infrastructure while giving developers complete visibility into agent actions.
How is Sandbox 2.0 different from regular container isolation?
Traditional containers isolate processes but don't give you MCP-aware visibility or agent-specific controls. Sandbox 2.0 understands agentic workflows: it monitors tool calls, tracks MCP protocol events, enforces transport protocols, restricts server connections, and provides full auditing of tool and process execution.
What does Sandbox 2.0 protect against?
Sandbox 2.0 provides multi-layer protection: process isolation, file system restrictions, MCP protocol enforcement, Code Execution Shield (blocks RCE attempts), transport protocol controls, tool poisoning prevention, and prompt injection detection.
What does "zero-change or one-line CLI" mean?
You don't need to modify your agent code. Simply invoke: bluerock-sandbox run <your-agent-command>. Your agent runs inside the sandbox with full isolation and visibility—no code changes required. Works with CrewAI, LangChain, Google ADK, and other frameworks out of the box.
What agent frameworks does Sandbox 2.0 support?
Sandbox 2.0 supports CrewAI, LangChain, Google ADK, AWS AgentCore, and any custom agent framework. For MCP servers, we currently support Python and Java, with Node.js/TypeScript support coming in Q1 2026.
