BlendOps: A Secure Blender Automation Toolset for AI Agents

BlendOps is a secure Blender automation toolset designed for AI agents, aiming to address the issue that traditional Blender Python APIs are flexible but lack type safety and access control. It provides typed, observable, and secure operation capabilities through a three-layer architecture bridging CLI, MCP server, and Blender plugin, supporting complete 3D workflows from scene inspection to resource export.

The 3D content creation field has not been fully penetrated by AI agents, with the core reason being that traditional automation interfaces (such as Python scripts) of tools like Blender are too flexible, lacking type safety and access control, making them difficult to use securely in AI agent scenarios. The BlendOps project was born to solve this problem, providing a constrained operation model that allows AI agents to interact with Blender safely and predictably.

BlendOps takes 'security-first' as its core design principle and does not expose any Python execution endpoints by default. Its security mechanisms include typed operation contracts (compatible with Zod/JSON Schema), operation manifest discovery, structured response envelopes, validation-prioritized request processing, and observable runtime behavior. Architecturally, it is divided into three layers: CLI layer (for humans/scripts), MCP layer (for AI agents, based on Anthropic's MCP protocol), and Blender plugin bridging layer (internal HTTP server that converts commands into secure API calls). The three layers share typed contracts to ensure consistency.

BlendOps supports complete operations covering bridging, scene, object, material, light, camera, rendering, validation, export, etc. (e.g., object.create, material.apply, render.preview). Both CLI and MCP layers support these operations with runtime evidence. A typical CLI workflow example: create a cube → create and apply material → set up lights → adjust camera → render preview → validate scene → export resources (refer to project documentation for specific commands).

BlendOps emphasizes runtime validation. The repository contains a large number of smoke tests (covering basic runtime, object transformation, material system, etc.) to ensure consistent behavior of CLI and MCP interfaces. Known limitations include window context constraints when exporting GLB/GLTF in Blender 4.2 background mode. Solutions include explicit documentation, providing GUI bridging mode as a validation path, and not considering background GLB export as successful unless explicitly validated.

BlendOps fills the gap of a secure bridge between AI agents and 3D content creation tools, suitable for scenarios such as procedural content generation, automated asset pipelines, intelligent 3D assistants, and teaching demonstrations. The project uses the MIT license, with clear documentation, facilitating community contributions and secondary development. As AI agents penetrate deeper into the creative field, such secure automation tools will become increasingly important.