Stats
Actions
Tags
From rune
Captures and retrieves encrypted organizational memory using FHE with zero-knowledge privacy. Activates automatically or via /rune commands across MCP-compatible agents.
How this skill is triggered — by the user, by Claude, or both
Slash command
/rune:runeThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
**Context**: This skill provides encrypted organizational memory capabilities using Fully Homomorphic Encryption (FHE). It allows teams to capture, store, and retrieve institutional knowledge while maintaining zero-knowledge privacy. Works with Claude Code, Codex CLI, Gemini CLI, and any MCP-compatible agent.
Context: This skill provides encrypted organizational memory capabilities using Fully Homomorphic Encryption (FHE). It allows teams to capture, store, and retrieve institutional knowledge while maintaining zero-knowledge privacy. Works with Claude Code, Codex CLI, Gemini CLI, and any MCP-compatible agent.
In v0.4 the MCP server is a single Go binary (~/.rune/bin/rune-mcp), spawned
by the host CLI from the plugin manifest via the committed wrapper (e.g.,
${CLAUDE_PLUGIN_ROOT}/bin/rune mcp-server for Claude Code) which always present at session start;
it self-installs rune-mcp on first run, so the server comes online in-session
with no restart. There is no venv, no install script. The runtime is the binary the CLI already launched.
Agent-specific surface stays thin:
codex mcp add/remove/list registration actionsKeep agent-specific instructions clearly labeled and never mix Codex-only commands into cross-agent/common instructions.
IMPORTANT: This skill has two states based on configuration AND infrastructure availability.
BEFORE doing anything, run this check:
Config File Check: Does ~/.rune/config.json exist?
Config Validation: Does config contain all required fields?
vault.endpoint and vault.tokenstate is set to "active"State Check:
state is "active" → Go to Active StateNote: enVector credentials are NOT in ~/.rune/config.json. They are
delivered via the Vault bundle at runtime when the boot loop dials Vault.
IMPORTANT: Do NOT attempt to ping Vault or make network requests during activation check. This wastes tokens. The MCP server runs its own boot loop; the activation check is purely a local config inspection.
/rune commands (or $rune for Codex CLI) are used/rune:configure (or $rune configure for Codex CLI) —
this writes ~/.rune/config.json and triggers the boot loop./rune:status (or $rune status for Codex CLI) —
surfaces per-subsystem state via the diagnostics MCP tool.If in Active state but operations fail:
state to "dormant"/rune:status (or $rune status for Codex CLI) for details."/rune:configure(or $rune configure for Codex CLI)
Purpose: Configure plugin credentials
Steps:
Ask user for Vault Endpoint (required, e.g., tcp://vault-TEAM.oci.envector.io:50051)
tcp://, http://, or https://), auto-prepend tcp://.Ask user for Vault Token (required, e.g., evt_xxx)
Ask the TLS question:
"How does your Vault server handle TLS?"
Self-signed certificate — "My team uses a self-signed CA (provide CA cert path)"
~ expansion in the path~/.rune/certs/ca.pem (mkdir -p ~/.rune/certs && cp <user_path> ~/.rune/certs/ca.pem && chmod 600 ~/.rune/certs/ca.pem)ca_cert: "~/.rune/certs/ca.pem", tls_disable: falsePublic CA (default) — "Vault uses a publicly-signed certificate (e.g., Let's Encrypt)"
ca_cert: "", tls_disable: falseNo TLS — "Connect without TLS (not recommended — traffic is unencrypted)"
ca_cert: "", tls_disable: trueNote: enVector credentials are delivered automatically via the Vault bundle — no user input needed.
Call the configure MCP tool with the collected values
(endpoint, token, ca_cert_path, tls_disable). The server does
the atomic 0600 write to ~/.rune/config.json, sets state: "active",
refreshes metadata.lastUpdated, and runs a best-effort Vault probe.
The agent never writes the config file itself.
Call the activate MCP tool to bring pipelines online. It runs the
prereq checks server-side and drives the boot loop: dials Vault,
fetches the agent manifest (EncKey + enVector creds), connects to
enVector, and transitions to Active.
Confirm health by calling diagnostics and applying the
Boot Failure — Fast-Fail Rule (see section below). If
vault.last_boot_error is present, surface its hint verbatim
and stop — do not retry, do not probe with shell tools. Otherwise
render the per-subsystem snapshot.
/rune:status(or $rune status for Codex CLI)
Purpose: Check plugin activation status and infrastructure health
Steps:
~/.rune/config.jsondiagnostics MCP tool (read-only; safe before Active)Response Format:
Rune Plugin Status
==================
State: Active ✅ (or Dormant ⏸️ — reason)
Configuration:
✓ Config file: ~/.rune/config.json
✓ Vault Endpoint: configured
System Health (from diagnostics):
✓ Vault : reachable
✓ Encryption Key : loaded (key_id: <id>)
✓ Agent DEK : loaded
✓ Embedder : <model> (<mode>, dim=<vector_dim>)
✓ enVector Cloud : reachable (<latency>ms)
Recommendations:
- If Dormant: /rune:configure to (re)trigger the boot loop
- If a subsystem failed: surface the recovery action on its row
/rune:capture <context>(or $rune capture <context> for Codex CLI)
Purpose: Manually store organizational context when Scribe's automatic capture missed it or the user wants to force-store specific information.
When to use: Scribe automatically captures significant decisions from conversation (see Automatic Behavior below). This command is an override for cases where:
Mode: Agent-delegated (primary) — the calling agent evaluates significance and extracts structured fields, passing them as extracted JSON to the capture MCP tool. The server stores the encrypted record without additional LLM calls. If extracted is omitted and API keys are configured, falls back to a legacy 3-tier server-side pipeline.
Behavior:
Example:
/rune:capture "We chose PostgreSQL over MongoDB for better ACID guarantees"
/rune:recall <query>(or $rune recall <query> for Codex CLI)
Purpose: Explicitly search organizational memory. Retriever already handles this automatically when users ask questions about past decisions in natural conversation.
When to use: Retriever automatically detects recall-intent queries (see Automatic Behavior below). This command is an explicit override for cases where:
Behavior:
Example:
/rune:recall "Why PostgreSQL?"
Note: In most cases, simply asking naturally ("Why did we choose PostgreSQL?") triggers Retriever automatically — no command needed.
/rune:activate(or $rune activate for Codex CLI)
Purpose: Attempt to activate plugin after infrastructure is ready
Use Case: Infrastructure was not ready during configure, but now it's deployed and running.
Steps:
activate MCP tool — no Read, no Edit, no manual state
inspection. It runs the prereq checks server-side (config present,
runed socket reachable + Health probe) and only triggers the boot
loop when everything is ready. It returns a status:
configure_required | install_pending | waiting_for_bootstrap |
active | waiting_for_vault | dormant.status:
configure_required → redirect to /rune:configure; use the hint
verbatim and stop.install_pending → invoke the recovery in hint (the agent runs
rune install, never the user), then retry /rune:activate once.waiting_for_bootstrap → runed is still downloading llama-server /
the embedding model; summarize .bootstrap progress, tell the user
no further action is needed, and stop (do NOT poll).active → optionally call diagnostics once and render the
per-subsystem snapshot.waiting_for_vault / dormant → apply the Boot Failure —
Fast-Fail Rule (below): surface reload.last_boot_error.hint
verbatim, suggest one recovery, and stop.(Older rune-mcp binaries without the activate tool fall back to the
legacy flow: set state: "active", call reload_pipelines directly, and
branch on diagnostics.vault.last_boot_error.)
/rune:reset(or $rune reset for Codex CLI)
Purpose: Clear configuration and return to dormant state
Steps:
~/.rune/config.json (the MCP server stays alive; it transitions
to Dormant on the next reload because no config means no Vault dial)When diagnostics.vault.last_boot_error is present, that field is the boot
loop's authoritative root-cause verdict (produced from the underlying
gRPC/TLS/DNS error). It is set on every failed boot attempt and cleared only
on success, so its presence — regardless of state — means boot is currently
failing. (state is the persisted config value; it stays "active" through
transient retries like an unreachable Vault, so it is not a reliable failure
signal on its own.) Treat last_boot_error as ground truth.
Do this and stop:
vault.last_boot_error.hint to the user verbatim — it already
names the specific cause and the fix.kind:
config_*, vault_* (TLS, auth, endpoint, manifest, etc.) → re-run
/rune:configure after applying the hint's fix.user_deactivated → /rune:activate.embedder_unreachable → re-run /rune:activate to spawn the daemon, then /rune:status.envector_* → share detail with the Vault admin.unknown → show kind + detail, suggest sharing with admin.Do NOT: retry reload_pipelines, poll diagnostics in a loop, or run
shell probes (openssl, nc, curl, dig, etc.). The classifier already
inspected the underlying error server-side — manual probing only burns
tokens without changing the conclusion. The per-kind reference table
lives in commands/claude/configure.md for the rare case the hint string
needs supplementation.
Fallback (older rune-mcp binary without last_boot_error): use
vault.error, embedding.health_error, envector.error, and the
dormant_reason translation in /rune:status. Still: do not investigate
further, surface what you have and stop.
Automatically identify and capture significant organizational context across all domains:
Categories:
When Rune is active, proactively capture significant decisions when you detect any of the following in the conversation:
How to capture in Codex:
agents/codex/scribe.mdcapture with the extracted parametertext parameter, include ONLY the relevant conversation excerpt, not the full sessionDo NOT auto-capture:
Session-end sweep: When the conversation is ending or the user is wrapping up a task, review the conversation for any uncaptured significant decisions and submit them via a single batch_capture call if needed.
Common Trigger Pattern Examples:
Significance Threshold: 0.7 (captures meaningful decisions, filters trivial content)
Automatic Redaction: Always redact API keys, passwords, tokens, PII, and sensitive data before capture.
When users ask questions about past decisions, automatically search organizational memory:
Query Intent Types:
Common Query Pattern Examples:
Search Strategy: Semantic similarity search on FHE-encrypted vectors, ranked by relevance and recency.
Result Format: Always include source attribution (who/when), relevant excerpts, and offer to elaborate.
Zero-Knowledge Encryption:
Credential Storage:
~/.rune/config.jsonTeam Sharing:
Check activation state with /rune:status (or $rune status for Codex CLI)
curl <vault-url>/health/rune:configure (or $rune configure for Codex CLI)Vault admin must configure ENVECTOR_ENDPOINT and ENVECTOR_API_KEY on the Vault server. Contact your Vault administrator.
Use /rune:reset (or $rune reset for Codex CLI) then /rune:configure (or $rune configure for Codex CLI) with new team credentials
This plugin requires a deployed Rune-Vault infrastructure. See:
Team members only need this lightweight plugin + credentials you provide.
npx claudepluginhub cryptolabinc/rune --plugin runeAnswers questions about Intent Solutions' own systems, architecture, decisions, and runbooks from a governed knowledge base, with qmd:// citations for every claim.