Pythonic Model Context Protocol servers handle tool calls, session events, module imports, and subprocess activity. BlueRock has released MCP Python Hooks, an open source runtime sensor that gives developers a way to capture those signals without modifying application code.
What the sensor captures
The tool wraps a Python process at startup so its hooks initialize before application code executes. According to BlueRock CEO Harold Byun, this is achieved through Python-native mechanisms: audit hooks for security-sensitive operations, sys.meta_path import hooks for module visibility, and framework-specific hooks built on the wrapt library for MCP protocol activity. The wrapper avoids any SDK integration or code edits.
Once active, the sensor emits structured NDJSON events to a local spool directory at ~/.bluerock/event-spool/. Six MCP event types are supported in this release, covering server initialization, tool and resource registration, session creation and termination, client connections across stdio, HTTP, and SSE transports, and individual protocol messages. Each emitted event includes process ID, timestamps, and a per-process source event counter.
Import monitoring runs alongside the MCP hooks. Every loaded module produces a python_import event recording the module name, file path, package version where available, and a SHA-256 hash of the module file on disk. Coverage extends to direct dependencies and their transitive dependencies, which the project documents as a supply-chain visibility feature.
Mechanism and overhead
Byun said overhead depends on event volume and export configuration, and the capture layer is designed to be lightweight. Framework hooks load lazily through @wrapt.when_imported(), so libraries the application never imports incur no cost. A per-feature configuration gate adds a second layer of control, letting operators disable categories they do not need.
The sensor runs on Python 3.10 and later. Pre-built wheels target Linux on x86_64 and aarch64 and macOS on both Apple Silicon and Intel. The Rust-based event-writing backend ships as a separate package called bluerock-oss.
Boundaries of the open source release
“The OSS release is primarily focused on visibility: capturing structured MCP and Python runtime events so teams can understand what executed,” Byun said. “Operators can control which hook categories are enabled, which limits what is captured at the source. More granular redaction and filtering, such as per-tool or per-field handling, are not part of the initial OSS scope.”
He added that the same execution data forms the basis for real-time policy enforcement and guardrails in the paid platform.
Integration paths
Because events are written as NDJSON, downstream routing is left to the operator. The repository ships with a Grafana and Loki dashboard that runs locally through Docker Compose, and BlueRock points to OTLP forwarding for users feeding events into Datadog, Splunk, or other SIEM systems.
Jeremiah Lowin, CEO of Prefect and creator of FastMCP, said in a statement provided by BlueRock that teams have moved quickly to adopt MCP and agent-driven architectures, and that visibility into tool executions and runtime behavior has lagged that adoption. Byun said tool execution visibility for governing the agentic execution layer is becoming a requirement for teams operating MCP infrastructure in production.
BlueRock MCP Python Hooks is available for free on GitHub.
Must read:
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!
