kitlangton / rune

What is rune?

Rune is a confined interpreter that lets AI agents write TypeScript-shaped code to orchestrate your tools. Instead of exposing a sprawling tool catalog to a model, you give it one "code" tool -- the agent writes familiar code with `await`, array transforms, and conditionals, and Rune executes it against your explicitly registered capabilities. It runs on Effect, so your tool implementations stay typed, testable, and composable with that ecosystem's service model.

Why is it gaining traction?

The core insight is that agents write better code when they have a familiar language surface instead of a flat list of tool names. Rune composes multiple tool calls into one logical operation, preserves an audit trail, and returns only the data the agent actually needs. The security model is the other hook: no ambient globals, no prototype access, no filesystem unless you explicitly mount it. Every capability call is gated, logged, and bounded. If you have ever worried about what an agent might do with unrestricted tool access, Rune's confinement makes that concern concrete and configurable.

Who should use this?

TypeScript developers building AI agents who are already using Effect will find the tight integration natural. If you are exposing tool catalogs to models and finding that agents make too many round-trips, miss error recovery, or need hand-holding with tool selection, Rune addresses that directly. Teams that need audit trails for compliance or want per-capability approval flows will also find the policy system useful out of the box.

Verdict

Rune solves a real problem with a thoughtful design, but the 1.0% credibility score and 12 stars reflect a very early-stage project. The test coverage is extensive and the security model shows careful adversarial thinking, but documentation and community examples are thin. Worth evaluating if you are deep in Effect and need confined agent code execution; too early to bet on for production without a larger ecosystem around it.