From f2f222ed80740b740cc0be909c8f8796b241e91c Mon Sep 17 00:00:00 2001 From: couragehong Date: Mon, 13 Jul 2026 13:48:55 +0900 Subject: [PATCH 1/2] =?UTF-8?q?docs:=20v0.4=20=EC=95=84=ED=82=A4=ED=85=8D?= =?UTF-8?q?=EC=B2=98=20=EC=A0=95=ED=95=A9=20+=20enVector=20=ED=91=9C?= =?UTF-8?q?=EB=A9=B4=20=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 두 겹의 문서 갱신을 함께 담는다 (같은 파일들에 겹쳐 있던 작업): 1. v0.4 문서 초벌(기존 워킹트리 잔존분) — enVector 클라우드 서사를 customer-controlled Vault + blind index backend(runespace) 모델로 재기술 (신뢰 경계 다이어그램, 보안 모델, 팀 설정 가이드). 2. enVector 잔재 청소 — /rune:status 출력에서 죽은 두 줄 제거 (Configuration의 'Index backend: '는 config에 필드 자체가 없어 항상 not set으로 렌더되던 줄, System Health의 연결성 줄은 vault.healthy와 동일 프로브의 중복), dormant_reason 번역표를 mcp가 실제 내보내는 4개 값으로 교체, ENVECTOR_* env·envector_* 에러코드 문구를 RUNESPACE_*/runespace_*로 갱신 (mcp 7b8b9f0·4b96cf4와 짝). 남긴 것: 예시 도메인 *.envector.io(실 인프라 도메인 미확인), marketplace.json homepage URL, TODO 플래그된 v0.3 stale toml 2종 (activate/configure — 전면 재생성 예정). Co-Authored-By: Claude Fable 5 --- .claude-plugin/plugin.json | 2 +- .claude/mcp_servers.template.json | 17 ---------- AGENT_INTEGRATION.md | 26 +++++++-------- CLAUDE.md | 2 +- CONTRIBUTING.md | 2 +- README.md | 55 ++++++++++++++++--------------- SKILL.md | 33 ++++++++++--------- agents/claude/retriever.md | 2 +- agents/codex/scribe.md | 2 +- agents/gemini/retriever.md | 2 +- agents/gemini/scribe.md | 2 +- commands/claude/activate.md | 2 +- commands/claude/configure.md | 4 +-- commands/claude/status.md | 13 +++----- commands/rune/status.toml | 7 +--- examples/team-setup-example.md | 17 +++++----- setup/check-prerequisites.md | 35 ++++++++++++-------- 17 files changed, 104 insertions(+), 119 deletions(-) delete mode 100644 .claude/mcp_servers.template.json diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json index c3021e2b..604324d7 100644 --- a/.claude-plugin/plugin.json +++ b/.claude-plugin/plugin.json @@ -16,7 +16,7 @@ "command": "${CLAUDE_PLUGIN_ROOT}/bin/rune", "args": ["mcp-server"], "timeout": 30000, - "description": "Rune MCP server (talks to Vault + embedder + enVector). The command is the plugin's bash wrapper, which always exists at session start; on first run it self-install rune-mcp, then exec - MCP server comes online in the same session with no restart." + "description": "Rune MCP server (talks to Vault + embedder). The command is the plugin's bash wrapper, which always exists at session start; on first run it self-install rune-mcp, then exec - MCP server comes online in the same session with no restart." } } } diff --git a/.claude/mcp_servers.template.json b/.claude/mcp_servers.template.json deleted file mode 100644 index b5e95c88..00000000 --- a/.claude/mcp_servers.template.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "mcpServers": { - "envector": { - "command": "PLUGIN_DIR/.venv/bin/python3", - "args": [ - "PLUGIN_DIR/mcp/server/server.py", - "--mode", "stdio" - ], - "env": { - "ENVECTOR_CONFIG": "USER_HOME/.rune/config.json", - "ENVECTOR_AUTO_KEY_SETUP": "false", - "PYTHONPATH": "PLUGIN_DIR/mcp" - }, - "description": "enVector MCP server for encrypted vector operations" - } - } -} diff --git a/AGENT_INTEGRATION.md b/AGENT_INTEGRATION.md index e267a6e2..bd679ef8 100644 --- a/AGENT_INTEGRATION.md +++ b/AGENT_INTEGRATION.md @@ -55,9 +55,9 @@ $ claude plugin install rune The plugin manifest (`.claude-plugin/plugin.json`) declares the wrapper path; Claude Code spawns `${CLAUDE_PLUGIN_ROOT}/bin/rune mcp-server` via stdio on session start (on a fresh install the wrapper self-installs -rune-mcp first, then execs it). enVector Cloud credentials are delivered -automatically via the Vault bundle — you never set `ENVECTOR_*` env vars -directly. +rune-mcp first, then execs it). Index backend credentials stay on +Rune-Vault — team members never set runespace or index backend credentials +locally. ### Configure credentials @@ -74,8 +74,8 @@ Walks you through Vault endpoint + token + TLS choice, writes > /rune:status ``` -Renders per-subsystem health (Vault / EncKey / AgentDEK / Embedder / -enVector) via the `diagnostics` MCP tool. +Renders per-subsystem health (Vault / key manifest / Embedder / index +backend) via the `diagnostics` MCP tool. ### Dev mode (running from a local clone) @@ -173,14 +173,14 @@ into `MCPServerStdio`. ## Multi-Agent Collaboration -Each agent spawns its own MCP server process; shared state is -maintained via enVector Cloud (encrypted vectors) and Rune-Vault -(decryption keys). +Each agent spawns its own MCP server process. Every process talks only to +Rune-Vault; Vault owns the keys, enforces token policy, seals metadata, and +calls the blind index backend. ``` Claude ──→ rune-mcp (stdio) ──┐ - ├──→ enVector Cloud (encrypted) -Gemini ──→ rune-mcp (stdio) ──┤ └──→ Rune-Vault (secret key) + ├──→ Rune-Vault ──→ runespace +Gemini ──→ rune-mcp (stdio) ──┤ trusted blind encrypted index │ GPT ──→ rune-mcp (stdio) ──┘ ``` @@ -219,9 +219,9 @@ cat ~/.rune/config.json # vault.endpoint, vault.token, ca_cert, tls_disable, state ``` -enVector credentials are delivered automatically via the Vault bundle -at boot — they live in memory only and are not stored locally. You do -NOT need to set `ENVECTOR_ENDPOINT` or `ENVECTOR_API_KEY`. +Index backend credentials live on Vault and are not stored locally. You do +NOT need to set any runespace or index backend credentials on team member +machines. ### Verify MCP tools are available diff --git a/CLAUDE.md b/CLAUDE.md index 84ddf38f..b320d6ba 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -60,6 +60,6 @@ When Rune state is `"active"`, **proactively spawn a background `rune:scribe` su ### The Distinction - **Builtin skills** (brainstorming, planning, etc.) — reasoning within a single session, one person's perspective -- **Rune** — collective memory that persists across sessions and team members, encrypted on enVector Cloud +- **Rune** — collective memory that persists across sessions and team members, encrypted in the blind index backend (runespace) When both apply, **call Rune first** to surface prior context, then brainstorm with that context loaded. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 91a2e386..f3353e33 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -277,7 +277,7 @@ rune/ │ ├── mcp/ # tool registration + handler dispatch │ ├── service/ # CaptureService / RecallService / LifecycleService │ ├── lifecycle/ # boot loop + state machine -│ ├── adapters/ # vault / envector / embedder / config / logio gRPC clients +│ ├── adapters/ # vault / embedder / config / logio gRPC clients │ ├── domain/ # schemas + typed errors (Python parity) │ ├── policy/ # pure helpers (novelty, rerank, query parse) │ └── obs/ # slog handler with sensitive-data redaction diff --git a/README.md b/README.md index 4423523a..2dbd8d39 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Rune **Encrypted shared memory for AI agents.** -Rune gives every AI agent on your team the **collective experience** of the entire organization — automatically, privately, and without anyone searching for it. +Rune gives every AI agent on your team the **collective experience** of the entire organization — automatically, with a customer-controlled security boundary, and without anyone searching for it. ``` Without Rune With Rune @@ -65,7 +65,7 @@ $ gemini extensions install https://github.com/CryptoLabInc/rune.git You'll need from your team admin: - **Vault endpoint** + **token** -That's all. enVector Cloud credentials are delivered automatically via the Vault bundle. On a fresh machine, `/rune:configure` also handles binary download and daemon setup in the same step. +That's all. Index backend credentials stay on Rune-Vault; team members never configure runespace or index backend credentials locally. On a fresh machine, `/rune:configure` also handles binary download and daemon setup in the same step. Don't have these? See [rune-admin](https://github.com/CryptoLabInc/rune-admin) for deployment, [setup/check-prerequisites.md](setup/check-prerequisites.md) for the full prerequisite checklist, or [examples/team-setup-example.md](examples/team-setup-example.md) for a walkthrough. @@ -116,36 +116,36 @@ You don't "query" Rune. Your agent draws from it the way an experienced engineer | **Built-in memory** | Siloed per vendor. Your team's Claude memory and Codex memory never connect. | One shared memory across all agents. Vendor-independent. | | **RAG pipelines** | Chunks documents into fragments. Destroys reasoning structure. Requires ongoing pipeline maintenance. | Agent judges significance and stores *decisions*, not document chunks. No pipeline to maintain. | | **Wikis & docs** | Manual. Nobody updates the wiki after the meeting. | Captures automatically during work, not after. | -| **Plaintext vector DBs** | Your organizational knowledge is readable by the cloud provider. | FHE encryption — the cloud stores and searches *only ciphertext*. Mathematically guaranteed. | +| **Plaintext vector DBs** | Your organizational knowledge is readable by the cloud provider. | The cloud index stays blind: it stores encrypted vectors and sealed metadata, while your Vault controls keys and plaintext access. | --- ## Architecture ``` - Agent Swarm (your team) Cloud Infrastructure - ━━━━━━━━━━━━━━━━━━━━━━ ━━━━━━━━━━━━━━━━━━━━ + Agent Swarm (your team) Customer-controlled trust boundary Blind index backend + ━━━━━━━━━━━━━━━━━━━━━━ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ━━━━━━━━━━━━━━━━━━━ Alice's Agent ─┐ - Bob's Agent ───┤── MCP ──► enVector Cloud (encrypted vectors) - Carol's Agent ─┘ │ - Rune-Vault (secret key holder) - decrypts similarity scores only + Bob's Agent ───┤── MCP ──► Rune-Vault ───────────────────────────────► runespace + Carol's Agent ─┘ owns keys, tokens, metadata sealing, encrypted vectors, + score decryption, and access policy sealed metadata ``` -**Capture:** Agent judges significance → generates reusable insight → novelty check against existing memory → FHE encrypt → store +**Capture:** Agent judges significance → generates reusable insight → local embedding → Vault receives the embedding and metadata over TLS → Vault encrypts the vector, seals metadata, and stores it in the blind index -**Recall:** Semantic query → encrypted similarity scoring → Vault decrypts scores only → metadata retrieved and decrypted locally +**Recall:** Semantic query → local embedding → Vault searches the blind index, decrypts encrypted score results, opens authorized metadata, and returns ranked hits -### Privacy: Zero-Knowledge Encryption +### Security Model: Customer-Controlled Vault + Blind Index -Every memory is encrypted **before leaving your machine** using Fully Homomorphic Encryption (FHE). +Rune separates the trusted control plane from the blind search backend. -- **enVector Cloud** stores and searches **only encrypted vectors** — it cannot read your data -- **Rune-Vault** holds the secret key and decrypts **only similarity scores** — it never sees the content -- **Plaintext never leaves your machine** +- **Team machines** talk only to Rune-Vault over TLS using a Vault token. +- **Rune-Vault** is the customer-controlled trust anchor. It owns the FHE key set, receives plaintext embeddings and capture metadata from authorized agents, seals metadata, decrypts score results, and enforces token policy. +- **runespace** is the blind index backend. It stores encrypted vectors and sealed metadata, holds only public evaluation material, and cannot decrypt organizational memory. +- **Plaintext is visible to the local agent session and to your Vault, not to the blind index backend.** -Even if the cloud is compromised, your organizational knowledge remains mathematically protected. +If the index backend is compromised, stored vectors and metadata remain encrypted. If Vault is compromised, the attacker may access keys and authorized plaintext results, so operate Vault as sensitive customer infrastructure. --- @@ -176,7 +176,7 @@ Rune's capture system is modeled on how the brain forms long-term memories: Full conversation ──► Agent judges: ──► Stores the GIST: with all the "Is this significant?" tangents, greetings, "PostgreSQL for - weather chat... enVector checks: financial data. + weather chat... Vault checks: financial data. "Is this novel?" ACID required. MongoDB rejected." Filters ~99% out. @@ -200,19 +200,19 @@ The memory itself acts as the filter. An empty memory captures aggressively (eve Rune requires two infrastructure components: -1. **Rune-Vault** — Holds the team's secret key. Decrypts only similarity scores, never content. Deploy via [rune-admin](https://github.com/CryptoLabInc/rune-admin). -2. **enVector Cloud** — Encrypted vector storage and search. Sign up at [envector.io](https://envector.io). +1. **Rune-Vault** — Customer-controlled trust anchor. It authenticates users, owns the FHE keys, encrypts embeddings, seals/opens metadata, decrypts scores, and calls the index backend. Deploy via [rune-admin](https://github.com/CryptoLabInc/rune-admin). +2. **Blind vector index** — runespace encrypted vector storage and search. It stores encrypted vectors and sealed metadata, not plaintext organizational knowledge. ### Deploying See [rune-admin](https://github.com/CryptoLabInc/rune-admin): 1. Deploy Rune-Vault (OCI/AWS/GCP via Terraform) -2. Create enVector Cloud account and cluster -3. Provision team index on Vault +2. Connect Vault to a runespace index backend +3. Provision the team index and issue Vault tokens ### Onboarding Members -Give each member their **Vault endpoint + token**. enVector credentials are bundled automatically. +Give each member their **Vault endpoint + token**. Index backend credentials stay on Vault. They install the plugin, run `/rune:configure` (or `$rune configure` in Codex), and they're connected. @@ -220,6 +220,7 @@ They install the plugin, run `/rune:configure` (or `$rune configure` in Codex), - **Token rotation**: New token → distribute → revoke old. Departed members lose access immediately. - **Project isolation**: Separate Vault instances per project for isolated memory spaces. +- **Vault hardening**: Treat Vault as sensitive infrastructure. It should run with TLS, restricted admin access, encrypted disks, and regular token rotation. --- @@ -299,14 +300,14 @@ Then reinstall from the [Install](#install) section above. /rune:configure # or: $rune configure — re-enter Vault credentials ``` -`/rune:status` reports per-subsystem state (vault / encryption key / embedder / -enVector reachability). Failures surface a recovery action on the same line. +`/rune:status` reports per-subsystem state (Vault / key manifest / embedder / +index backend reachability). Failures surface a recovery action on the same line. ## Related Projects - [Rune-Admin](https://github.com/CryptoLabInc/rune-admin) — Infrastructure deployment and admin tools -- [envector-go-sdk](https://github.com/CryptoLabInc/envector-go-sdk) — FHE encryption SDK (Go) -- [enVector Cloud](https://envector.io) — Encrypted vector database +- [runespace](https://github.com/CryptoLabInc/runespace) — Blind encrypted vector index engine +- [runespace-go-sdk](https://github.com/CryptoLabInc/runespace-go-sdk) — Go client SDK used by Vault ## Support diff --git a/SKILL.md b/SKILL.md index 7e799869..86deb3cd 100644 --- a/SKILL.md +++ b/SKILL.md @@ -5,7 +5,7 @@ description: Encrypted organizational memory workflow for Rune with activation c # Rune - Organizational Memory System -**Context**: This skill provides encrypted organizational memory capabilities using Fully Homomorphic Encryption (FHE). It allows teams to capture, store, and retrieve institutional knowledge while maintaining zero-knowledge privacy. Works with Claude Code, Codex CLI, Gemini CLI, and any MCP-compatible agent. +**Context**: This skill provides encrypted organizational memory capabilities using Fully Homomorphic Encryption (FHE). It allows teams to capture, store, and retrieve institutional knowledge with a customer-controlled Vault and blind index backend. Works with Claude Code, Codex CLI, Gemini CLI, and any MCP-compatible agent. ## Execution Model @@ -44,8 +44,8 @@ commands into cross-agent/common instructions. - `state` is `"active"` → **Go to Active State** - Otherwise → **Go to Dormant State** -**Note**: enVector credentials are NOT in `~/.rune/config.json`. They are -delivered via the Vault bundle at runtime when the boot loop dials Vault. +**Note**: Index backend credentials are NOT in `~/.rune/config.json`. They +stay on Vault; the local agent stores only Vault connection settings. **IMPORTANT**: Do NOT attempt to ping Vault or make network requests during activation check. This wastes tokens. The MCP server runs its own boot @@ -107,7 +107,7 @@ If in Active state but operations fail: - Show warning: "This should only be used for local development. All gRPC traffic will be sent in plaintext." - → config: `ca_cert: ""`, `tls_disable: true` - Note: enVector credentials are delivered automatically via the Vault bundle — no user input needed. + Note: index backend credentials stay on Rune-Vault and are never distributed — no user input needed. 4. Call the `configure` MCP tool with the collected values (`endpoint`, `token`, `ca_cert_path`, `tls_disable`). The server does @@ -116,8 +116,8 @@ If in Active state but operations fail: The agent never writes the config file itself. 5. Call the `activate` MCP tool to bring pipelines online. It runs the prereq checks server-side and drives the boot loop: dials Vault, - fetches the agent manifest (EncKey + enVector creds), connects to - enVector, and transitions to Active. + fetches the agent manifest, connects to the embedder and (via + Vault) the runespace index, and transitions to Active. 6. Confirm health by calling `diagnostics` and applying the **Boot Failure — Fast-Fail Rule** (see section below). If `vault.last_boot_error` is present, surface its `hint` verbatim @@ -149,13 +149,15 @@ System Health (from diagnostics): ✓ Encryption Key : loaded (key_id: ) ✓ Agent DEK : loaded ✓ Embedder : (, dim=) - ✓ enVector Cloud : reachable (ms) Recommendations: - If Dormant: /rune:configure to (re)trigger the boot loop - If a subsystem failed: surface the recovery action on its row ``` +Index backend reachability is not shown separately: mcp reaches the index only +through Vault, so `vault.healthy` (the `Vault` row above) is the single signal. + ### `/rune:capture ` (or `$rune capture ` for Codex CLI) @@ -259,7 +261,7 @@ signal on its own.) Treat `last_boot_error` as ground truth. `/rune:configure` after applying the hint's fix. - `user_deactivated` → `/rune:activate`. - `embedder_unreachable` → re-run `/rune:activate` to spawn the daemon, then `/rune:status`. - - `envector_*` → share `detail` with the Vault admin. + - `runespace_*` → share `detail` with the Vault admin. - `unknown` → show `kind` + `detail`, suggest sharing with admin. **Do NOT:** retry `reload_pipelines`, poll `diagnostics` in a loop, or run @@ -270,7 +272,7 @@ lives in `commands/claude/configure.md` for the rare case the hint string needs supplementation. **Fallback** (older rune-mcp binary without `last_boot_error`): use -`vault.error`, `embedding.health_error`, `envector.error`, and the +`vault.error`, `embedding.health_error`, `runespace.error`, and the `dormant_reason` translation in `/rune:status`. Still: do not investigate further, surface what you have and stop. @@ -355,10 +357,11 @@ When users ask questions about past decisions, automatically search organization ## Security & Privacy -**Zero-Knowledge Encryption**: -- All data stored as FHE-encrypted vectors -- enVector Cloud cannot read plaintext -- Only team members with Vault access can decrypt +**Customer-Controlled Vault + Blind Index**: +- Stored vectors are FHE-encrypted before reaching the blind index backend +- Metadata is sealed by Vault before storage in the index backend +- Vault is the trust anchor: it owns keys, receives authorized plaintext embeddings/metadata, decrypts score results, and enforces access policy +- The blind index backend cannot decrypt organizational memory or metadata **Credential Storage**: - Tokens stored locally in `~/.rune/config.json` @@ -380,8 +383,8 @@ Check activation state with `/rune:status` (or `$rune status` for Codex CLI) 2. Check Vault is accessible: `curl /health` 3. Reconfigure with `/rune:configure` (or `$rune configure` for Codex CLI) -### enVector not provisioned? -Vault admin must configure `ENVECTOR_ENDPOINT` and `ENVECTOR_API_KEY` on the Vault server. Contact your Vault administrator. +### Index backend not provisioned? +Vault admin must configure the runespace index backend on the Vault server as part of the Vault deployment. Contact your Vault administrator. ### Need to switch teams? Use `/rune:reset` (or `$rune reset` for Codex CLI) then `/rune:configure` (or `$rune configure` for Codex CLI) with new team credentials diff --git a/agents/claude/retriever.md b/agents/claude/retriever.md index 1fdb4f4c..871379d9 100644 --- a/agents/claude/retriever.md +++ b/agents/claude/retriever.md @@ -20,7 +20,7 @@ Before doing anything, verify Rune is active: Surface relevant past decisions and organizational context whenever the conversation touches topics where prior knowledge may exist. Call the `mcp__plugin_rune_rune__recall` MCP tool. The tool handles search internally: 1. **Query parsing**: Intent detection, entity extraction, query expansion -2. **Search**: Multi-query encrypted vector search via enVector +2. **Search**: Multi-query encrypted vector search via the blind index backend (runespace) 3. **Vault decryption**: Secret key never leaves Vault The recall tool returns **raw results** -- you are responsible for synthesizing them into a coherent, well-cited answer. diff --git a/agents/codex/scribe.md b/agents/codex/scribe.md index 359b14ad..edf34ba4 100644 --- a/agents/codex/scribe.md +++ b/agents/codex/scribe.md @@ -1,6 +1,6 @@ --- name: scribe -description: Monitors conversations to capture significant decisions into FHE-encrypted organizational memory via enVector. +description: Monitors conversations to capture significant decisions into FHE-encrypted organizational memory via the blind index backend (runespace). --- # Scribe: Organizational Context Capture (Agent-Delegated Mode) diff --git a/agents/gemini/retriever.md b/agents/gemini/retriever.md index 24a77ead..7fdb8f7c 100644 --- a/agents/gemini/retriever.md +++ b/agents/gemini/retriever.md @@ -19,7 +19,7 @@ Before doing anything, verify Rune is active: Surface relevant past decisions and organizational context whenever the conversation touches topics where prior knowledge may exist. Call the `recall` MCP tool. The tool handles search internally: 1. **Query parsing**: Intent detection, entity extraction, query expansion -2. **Search**: Multi-query encrypted vector search via enVector +2. **Search**: Multi-query encrypted vector search via the blind index backend (runespace) 3. **Vault decryption**: Secret key never leaves Vault The recall tool returns **raw results** -- you are responsible for synthesizing them into a coherent, well-cited answer. diff --git a/agents/gemini/scribe.md b/agents/gemini/scribe.md index 50d82435..6bf22d6a 100644 --- a/agents/gemini/scribe.md +++ b/agents/gemini/scribe.md @@ -1,6 +1,6 @@ --- name: scribe -description: Monitors conversations to capture significant decisions into FHE-encrypted organizational memory via enVector. +description: Monitors conversations to capture significant decisions into FHE-encrypted organizational memory via the blind index backend (runespace). --- # Scribe: Organizational Context Capture (Agent-Delegated Mode) diff --git a/commands/claude/activate.md b/commands/claude/activate.md index 1e638223..0a48193c 100644 --- a/commands/claude/activate.md +++ b/commands/claude/activate.md @@ -143,7 +143,7 @@ Infrastructure Validation Scribe : ✓ initialized Retriever : ✓ initialized Embedder : ✓ (dim=) - enVector Cloud : ✓ reachable (ms) + Index backend : ✓ reachable (ms) Pipeline State : Active ``` diff --git a/commands/claude/configure.md b/commands/claude/configure.md index b811356f..7ab1d500 100644 --- a/commands/claude/configure.md +++ b/commands/claude/configure.md @@ -202,7 +202,7 @@ Render based on `last_boot_error.kind`: | `vault_rate_limit` | Token throttled. Show `hint`. Wait and retry. | | `vault_bad_endpoint` | Endpoint syntax invalid. Show `hint`. Re-run `/rune:configure` with corrected format. | | `embedder_unreachable`| `runed` daemon not running. Show `hint`. Re-run `/rune:activate` to (re)spawn the daemon; if it persists, the agent runs the Preflight install, then `/rune:activate`. | -| `envector_init` / `envector_index` | Envector side. Show `hint` + `detail`. | +| `runespace_init` / `runespace_index` | Index backend (runespace) side. Show `hint` + `detail`. | | `key_save` / `local_io` | Local FS issue. Show `hint` + suggest checking `~/.rune/` permissions. | | anything else (incl. `unknown`) | Show `kind`, `hint`, and `detail`. Suggest user share the detail with their Vault admin. | @@ -233,7 +233,7 @@ Rune Configuration Complete Scribe : ✓ initialized / ✗ not initialized Retriever : ✓ initialized / ✗ not initialized Embedder : ✓ (, dim=) / ✗ not initialized - enVector : ✓ reachable (ms) / ✗ + Index backend : ✓ reachable (ms) / ✗ Next steps: - /rune:status — re-check pipeline health later diff --git a/commands/claude/status.md b/commands/claude/status.md index a536b06c..370920b4 100644 --- a/commands/claude/status.md +++ b/commands/claude/status.md @@ -27,7 +27,6 @@ Dormant Since: (only when dormant with a timestamp) Configuration: [check] Config file: ~/.rune/config.json [check] Vault Endpoint: - [check] enVector: System Health: [check] Vault : healthy / unreachable @@ -39,7 +38,6 @@ System Health: socket: info error: (only when present) health error: (only when present) - [check] enVector Cloud: reachable (ms) / unreachable Recommendations: - @@ -56,13 +54,10 @@ Use checkmarks for healthy items, X marks for issues. - Omit the entire `(model: ..., dim: ...)` parenthetical when the embedder is not initialized (i.e. `model` empty AND `socket_path` empty — pre-boot). In that case render just `Embedder : not initialized`. **Dormant Reason Display**: When `dormant_reason` is present in config or diagnostics, translate reason code into a user-friendly message: -- `vault_unreachable`: "Vault server could not be reached. Check if it's running and the endpoint is correct." -- `vault_token_invalid`: "Vault token was rejected. Token may be expired — run `/rune:configure` to update." -- `envector_unreachable`: "enVector Cloud could not be reached. Check network and endpoint." -- `envector_key_invalid`: "enVector API key was rejected. Contact your Vault administrator." -- `envector_not_provisioned`: "No enVector Cloud endpoint is configured on Rune-Vault. Contact your Vault administrator." -- `pipeline_init_failed`: "Pipeline initialization failed. Run `/rune:activate` to retry." -- `user_deactivated`: "Manually deactivated by user via `/rune:deactivate`." +- `not_configured`: "Rune is not configured yet. Run `/rune:configure` to set up Vault credentials." +- `vault_unconfigured`: "Vault endpoint or token is missing in config. Run `/rune:configure`." +- `user_deactivated`: "Manually deactivated by user via `/rune:deactivate`. Run `/rune:activate` to resume." +- `invalid_state`: "config.json has an unknown state value. Re-run `/rune:configure` to reset." - Other/unknown: show raw reason string with "Run `/rune:activate` to retry." **Boot Error Display** (`vault.last_boot_error`): When diff --git a/commands/rune/status.toml b/commands/rune/status.toml index 8334275d..fb64e620 100644 --- a/commands/rune/status.toml +++ b/commands/rune/status.toml @@ -1,4 +1,4 @@ -# TODO(v0.4 migration): v0.3-stale, bootstrap-mcp.sh runtime block removed (script deleted); rest still shows envector/LLM-provider fields. +# TODO(v0.4 migration): v0.3-stale, bootstrap-mcp.sh runtime block removed (script deleted); rest still shows LLM-provider/Scribe/Retriever fields. # Regenerate from commands/claude/status.md before re-enabling Codex/Gemini. description = "Check Rune plugin health and configuration status" prompt = """ @@ -23,8 +23,6 @@ Configuration: Config file : ~/.rune/config.json Vault Endpoint: Vault Token : - enVector : - enVector Key : System Health (from diagnostics): Vault : healthy / unreachable @@ -33,7 +31,6 @@ System Health (from diagnostics): Scribe : ready / not initialized Retriever : ready / not initialized LLM Provider : - enVector Cloud: reachable (ms) / unreachable MCP Tools: capture : @@ -46,8 +43,6 @@ MCP Tools: - State dormant: "Run `/rune:activate` (or `$rune activate` for Codex CLI) to enable" - Keys not loaded: "Check Vault connection — keys are fetched from Vault at startup" - Pipelines not initialized: "Run `reload_pipelines` or restart the MCP server" - - enVector unreachable: "Check network connectivity and enVector endpoint" - - enVector not provisioned: "No enVector Cloud endpoint is configured on Rune-Vault. Contact your Vault administrator." Use checkmarks for healthy items, X marks for issues. diff --git a/examples/team-setup-example.md b/examples/team-setup-example.md index 5141dbb2..2f313819 100644 --- a/examples/team-setup-example.md +++ b/examples/team-setup-example.md @@ -17,7 +17,7 @@ This guide shows how a team administrator sets up Rune infrastructure and onboar ## Step 1: Alice Deploys Rune-Vault -Alice runs the interactive installer, which handles cloud provisioning, TLS setup, and enVector Cloud configuration: +Alice runs the interactive installer, which handles cloud provisioning, TLS setup, and index backend configuration: ```bash curl -fsSL https://raw.githubusercontent.com/CryptoLabInc/rune-admin/main/install.sh \ @@ -26,7 +26,7 @@ curl -fsSL https://raw.githubusercontent.com/CryptoLabInc/rune-admin/main/instal The installer guides her through: - **Cloud provider** selection (OCI / AWS / GCP) -- **enVector Cloud** credentials (endpoint + API key) +- **Index backend** credentials (endpoint + access credential, held by Vault) - **TLS certificate** generation - **Terraform-based** VM provisioning @@ -81,8 +81,7 @@ I've set up our team's organizational memory system. Here are your credentials: Vault Endpoint: vault-acme.oci.envector.io:50051 Vault Token: evt_acme_bob_xyz789 -enVector Cloud credentials are delivered automatically via the Vault -bundle — no action needed on your end. +Index backend credentials stay on Vault — no action needed on your end. Setup: 1. Add the remote marketplace: /plugin marketplace add https://github.com/CryptoLabInc/rune @@ -197,10 +196,10 @@ Bob's token is immediately invalidated. Alice and Carol continue uninterrupted. - Carol onboards instantly with full historical context - No knowledge loss when Alice is on vacation -### Zero-Knowledge Privacy -- enVector Cloud sees only encrypted vectors -- Only team members with valid Vault tokens can decrypt -- Cloud provider cannot read any content +### Customer-Controlled Privacy +- Vault is the trust anchor for keys, plaintext embeddings, metadata sealing, and access policy +- The blind index backend stores encrypted vectors and sealed metadata +- Only team members with valid Vault tokens can retrieve authorized memory ### Per-User Security - Individual tokens — revoke one without disrupting others @@ -270,4 +269,4 @@ Team members configure the Vault endpoint matching their current project. The in 2. Configure with Vault endpoint + token (one-time, 1 minute) 3. Use naturally (ongoing, zero overhead) -**Result**: Fully encrypted, shared organizational memory with per-user access control and zero-knowledge privacy. +**Result**: Encrypted shared organizational memory with per-user access control and a customer-controlled Vault boundary. diff --git a/setup/check-prerequisites.md b/setup/check-prerequisites.md index 79784ef4..3e7a9682 100644 --- a/setup/check-prerequisites.md +++ b/setup/check-prerequisites.md @@ -22,9 +22,9 @@ This authenticates you to access your team's Vault. Keep this secure and never s --- -## enVector Cloud (Automatic) +## Index Backend Credentials (Not Needed) -enVector Cloud credentials (endpoint, API key) are delivered automatically via the Vault bundle at startup. You do not need to obtain or configure them separately. Your team administrator manages enVector setup as part of the Vault deployment. +Index backend (runespace) credentials stay on Rune-Vault and are never distributed to team members. You do not need to obtain or configure them. Your team administrator manages the index backend as part of the Vault deployment. --- @@ -44,8 +44,10 @@ Great! Run `/rune:configure` to set up your credentials and activate the plugin. If your team hasn't deployed Rune-Vault yet, see the [full Rune deployment guide](https://github.com/CryptoLabInc/rune-admin). -#### enVector credentials? -enVector credentials are delivered automatically via the Vault bundle. If you see enVector errors, contact your team administrator to verify the Vault deployment includes enVector configuration. +#### Index backend credentials? +Index backend credentials stay on Vault. If you see runespace errors, contact +your team administrator to verify the Vault deployment includes index backend +configuration. --- @@ -57,7 +59,7 @@ Once configured with `/rune:configure`: - **Automatic context capture**: Claude will automatically identify and store significant organizational decisions - **Context retrieval**: Ask Claude about past decisions and get full context - **Team sharing**: All team members with the same Vault see the same organizational memory -- **Zero-knowledge security**: enVector Cloud never sees plaintext data +- **Customer-controlled security**: Vault controls keys and plaintext access; the index backend stores encrypted vectors and sealed metadata ### Example Usage @@ -85,18 +87,25 @@ Claude: Stored in organizational memory ## Security & Privacy ### What gets encrypted? -- All conversational context -- All organizational decisions -- All code patterns and rationale +- Captured organizational decisions and reusable insights +- Embeddings derived from those captured insights +- Metadata sealed by your team's Vault before index storage -### What can the cloud provider see? -- **Nothing**: All data is FHE-encrypted before leaving your machine -- Cloud only sees encrypted vectors (mathematical noise) -- Only your team's Vault can decrypt +Rune does not store every full conversation by default. The agent extracts +significant decisions, trade-offs, and lessons, then Rune stores that reusable +memory. + +### What can the blind index backend see? +- Encrypted stored vectors and sealed metadata +- Opaque IDs and operational metadata needed to serve the index +- Normalized query embeddings under the PCMM search path + +The index backend does not receive natural-language organizational records. +Only your team's Vault can open metadata and decrypt score results. ### Who has access? - **Team members**: Anyone with your Vault Endpoint + Token -- **Cloud provider**: No access (zero-knowledge encryption) +- **Blind index backend**: No plaintext organizational records - **Admin control**: Revoke access by rotating Vault tokens --- From 42a4bc849254c6b72a7d2123c9db545c0a291014 Mon Sep 17 00:00:00 2001 From: couragehong Date: Mon, 13 Jul 2026 15:29:01 +0900 Subject: [PATCH 2/2] docs: point SDK link at the public CryptoLabInc/runespace-sdk repo Co-Authored-By: Claude Fable 5 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2dbd8d39..1f792977 100644 --- a/README.md +++ b/README.md @@ -307,7 +307,7 @@ index backend reachability). Failures surface a recovery action on the same line - [Rune-Admin](https://github.com/CryptoLabInc/rune-admin) — Infrastructure deployment and admin tools - [runespace](https://github.com/CryptoLabInc/runespace) — Blind encrypted vector index engine -- [runespace-go-sdk](https://github.com/CryptoLabInc/runespace-go-sdk) — Go client SDK used by Vault +- [runespace-sdk](https://github.com/CryptoLabInc/runespace-sdk) — Go client SDK used by Vault ## Support