ᛟ ᚺ ᛊ ᛏ ᛒ ᛖ ᚹ ᛗ ᛚ ᛝ ᛟ

ᚱ ᚢ ᚾ ᛖ

Zero-Trust AI Agent

High-performance. Single binary. Sandboxed by default.

⚡ View on GitHub Get Started
ᛟ ᚺ ᛊ ᛏ ᛒ ᛖ ᚹ ᛗ ᛚ ᛝ ᛟ

⚔️ Features

🛡️

5-Layer Sandbox

cgroups v2, Network namespace (or net-guard), Seccomp BPF, Landlock, DNS allowlist. Every tool call is isolated.

🔧

6 Built-in Tools

read_file, write_file, list_dir, execute_cmd, fetch_url, inspect_process — all sandboxed.

📚

Skills System

Load contextual abilities via @skill_name. Frontmatter-driven, multi-path search.

🤖

Multi-Provider

GitHub Copilot (auto refresh), OpenRouter, Google Gemini, any OpenAI-compatible endpoint.

🔌

MCP Client

Stdio JSON-RPC client for Model Context Protocol servers. Extend without recompiling.

🚀

Concourse CI

Same binary doubles as a Concourse CI resource type via symlink routing. Zero extra deps.

✨ Demo

rune
ᚱ› Get weather for Taoyuan from wttr.in
⚙ fetch_url({"url":"https://wttr.in/Taoyuan"})
Execute? [Y/n/A(lways)] A
permanently allowed → saved to ~/.rune/rune.toml
+ domain 'wttr.in' → allowed_domains
fetch_url...ok
────────────────────────────────────────
Taoyuan: ☁️ 27°C, Humidity 79%, Wind WNW 8km/h
────────────────────────────────────────
⚡ [2 steps | 1049 tokens | 1 tool calls]

🔐 Security Model

Rune Security Model — layered protection wards Five concentric protection circles forming a runic ward: cgroups, net-guard, seccomp, landlock, and the protected core. ᚠ ᚢ ᚦ ᚨ ᚱ ᚲ ᚷ ᚹ ᚺ ᚾ ᛁ ᛃ ᛇ ᛈ ᛉ ᛊ ᛏ ᛒ ᛖ ᛗ ᛚ ᛝ ᛞ ᛟ ᚠ ᚢ ᚦ ᚨ ᚱ ᚲ ᚷ ᚹ ᚺ ᚾ ᛁ ᛃ ᛊ ᛏ ᛒ ᛖ ᛗ ᛚ ᛝ ᛞ ᛟ ᚠ ᚢ ᚦ ᚨ ᚱ ᚲ ᚷ ᚹ ᚺ ᚾ ᛁ ᛃ ᛇ ᛈ ᛉ ᚱ ᚢ ᚾ ᛖ · ᛊ ᛖ ᚲ ᚲ ᛟ ᛗ ᛈ · ᚠ ᛁ ᛚ ᛏ ᛖ ᚱ ᛚ ᚨ ᚾ ᛞ ᛚ ᛟ ᚲ ᚲ · ᚠ ᛊ CORE cgroups v2 — Resource Ward net-guard Network isolation Seccomp BPF Syscall filter Landlock Filesystem seal Protected Core Zero-trust agent runtime
1. cgroups v2 Memory 512MB · max 64 processes
2. net-guard / netns Seccomp user-notif network filter · domain allowlist
3. Seccomp BPF Blocks ptrace, mount, kexec_load, bpf, setns
4. Landlock Filesystem restriction · only allowed paths
Core Protected zero-trust agent runtime

🚀 Concourse CI — Quick Start

Use Rune as a Concourse CI resource type. Minimal weather pipeline:

Resource type definition
resource_types:
  - name: rune-agent
    type: registry-image
    source:
      repository: ghcr.io/fourdollars/rune
      tag: latest
Resource — weather check with sandbox policy
resources:
  - name: weather
    type: rune-agent
    check_every: 1h
    source:
      api_key: ((copilot-pat))
      model: gpt-4o-mini
      prompt: "Fetch the weather for Taoyuan from wttr.in using curl."
      policy:
        allowed_commands: ["curl"]
        allowed_domains: ["wttr.in"]
Job — trigger on new versions
jobs:
  - name: weather-check
    plan:
      - get: weather
        trigger: true

📦 Installation

Build from source
git clone https://github.com/fourdollars/rune.git
cd rune
cargo build --release
cp target/release/rune ~/.local/bin/
First-time setup
rune init
Pipe mode (scripting)
echo "Get weather for Tokyo" | rune --json --yes