USER GUIDE

RuneHub Documentation

Everything you need to install, run, build, and optimize AI pipelines with RuneHub.

v0.1.0-betaCLI requiredNode ≥ 18

TABLE OF CONTENTS

1. Overview 2. Installation 3. Core Concepts 4. Running Your First Rune 5. The Rune Registry 6. Building Custom Runes 7. Token Optimization 8. Security & Scopes 9. CLI Reference 10. FAQ

Overview

RuneHub is a composable AI workflow platform. It solves three persistent problems with LLM-based automation:

REPRODUCIBILITY

The same Rune produces the same behavior every time. The workflow graph is locked — the LLM fills in content, not structure.

TOKEN EFFICIENCY

Skip planning tokens, isolate context per step, cache repeated inputs, route to cheapest capable model. ~70% reduction per run.

AUDITABILITY

Every skill declares its permission scope upfront. Every run produces an immutable step-by-step audit log.

The core primitive is the Rune — a directed graph of Skills (packaged service capabilities) that runs deterministically, reports token usage, and carries a Trust Score.

Installation

Prerequisites

Node.js ≥ 18 (node --version)
npm ≥ 9 or pnpm ≥ 8
API keys for the services your Rune uses (added via rune auth add)

Install the CLI

bash

# npm
npm install -g @runehub/cli

# pnpm
pnpm add -g @runehub/cli

# verify
rune --version   # → @runehub/cli 0.1.0

Authenticate

bash

# Link your RuneHub account (creates ~/.runehub/config.json)
rune login

# Add credentials for a service
rune auth add gmail          # opens OAuth flow
rune auth add openai         # prompts for API key
rune auth add slack --token  # manual token entry

# List configured credentials
rune auth list

NOTE

Credentials are stored locally in ~/.runehub/secrets/ and encrypted at rest. They are injected at runtime — never sent to RuneHub servers or included in LLM prompts.

Core Concepts

3.1 Skills

A Skill is a packaged service capability — one atomic action for one service. Skills are categorized as:

INPUT

gmail-fetch, gcal-list-events

API

brave-search, openweather-fetch

LLM

claude-summarize, gpt4o-vision

OUTPUT

slack-post, notion-write

Skills are versioned, scoped, and independently auditable. The full registry contains 200+ skills across 40+ services — browse at runehub.ai/skills.

3.2 Runes

A Rune is a directed acyclic graph (DAG) of Skills — a full workflow definition. The graph specifies execution order, parallelism, and data flow between steps.

json

// example: morning-brief.rune.json
{
  "name": "Morning Brief",
  "version": "3.0.0",
  "category": "Productivity",
  "trustScore": 91,
  "nodes": [
    { "id": "gcal",    "skill": "gcal-list-events",   "category": "input" },
    { "id": "gmail",   "skill": "gmail-fetch",         "category": "input" },
    { "id": "github",  "skill": "github-list-issues",  "category": "input" },
    { "id": "triage",  "skill": "claude-triage",       "category": "llm"   },
    { "id": "news",    "skill": "brave-news",           "category": "api"   },
    { "id": "weather", "skill": "openweather-fetch",   "category": "api"   },
    { "id": "compose", "skill": "claude-compose",      "category": "llm"   },
    { "id": "slack",   "skill": "slack-post",           "category": "output"},
    { "id": "tg",      "skill": "telegram-send",       "category": "output"},
    { "id": "notion",  "skill": "notion-write",        "category": "output"}
  ],
  "edges": [
    { "from": "gcal",   "to": "triage" },
    { "from": "gmail",  "to": "triage" },
    { "from": "github", "to": "triage" },
    { "from": "triage", "to": "compose" },
    { "from": "news",   "to": "compose" },
    { "from": "weather","to": "compose" },
    { "from": "compose","to": "slack" },
    { "from": "compose","to": "tg" },
    { "from": "compose","to": "notion" }
  ]
}

3.3 Trust Score

Every Rune carries a Trust Score (0–100) computed from its permission surface, data sensitivity, and service reputation. The score is deterministic and reproducible.

SCORERISK LEVELWHAT IT MEANS

90–100LowRead-only scopes, no external data in LLM context. Safe for production use.

75–89ModerateWrite permissions present or third-party API calls. Review scopes before running.

55–74ElevatedSensitive services, broad scopes, or unverified dependencies. Sandbox recommended.

< 55HighUnverified or experimental. Audit manually. Do not run in production.

Running Your First Rune

The following walkthrough installs and runs the Morning Brief Rune — a good representative of a full input → LLM → output pipeline.

Step 1 — Browse and inspect

Before installing, inspect what the Rune will access:

bash

# List all available Runes
rune list

# Inspect a specific Rune — shows skills, scopes, Trust Score
rune info morning-brief

# → Output:
#   Name:        Morning Brief
#   Version:     3.0.0
#   Trust Score: 91 / 100
#   Skills:      11  (gcal, gmail, github, brave-news, openweather,
#                     market-pulse, claude-triage, claude-compose,
#                     slack, telegram, notion)
#   Scopes:      calendar.readonly, gmail.readonly, github.read
#                slack.write, notion.write, telegram.write

Step 2 — Install

bash

# Install skills (resolves deps like npm install)
rune install morning-brief

# → Resolving dependencies...
#   + gmail          ✓  (already authorized)
#   + calendar       ✓
#   + github         ✓
#   + brave-news     ✓  needs key → run: rune auth add brave-news
#   + openweather    ✓
#   + market-pulse   ✓
#   + llm-triage     ✓  uses ANTHROPIC_API_KEY
#   + llm-compose    ✓
#   + slack          ✓
#   + telegram       ✓
#   + notion         ✓
# ✓ 11 skills ready  |  Trust Score: 91  |  44 actions available

Step 3 — Run

bash

rune run morning-brief

# → Running morning-brief v3.0.0...
#   [1/10] fetch-calendar    ✓  0.2s
#   [2/10] fetch-emails      ✓  0.3s
#   [3/10] fetch-github      ✓  0.5s
#   [4/10] claude-triage     ✓  1.4s   (1,240 tokens)
#   [5/10] fetch-news        ✓  0.4s
#   [6/10] fetch-weather     ✓  0.3s
#   [7/10] fetch-market      ✓  0.4s
#   [8/10] claude-compose    ✓  1.8s   (3,560 tokens)
#   [9/10] broadcast-3ch     ✓  0.3s
#  [10/10] archive-notion    ✓  0.1s
# ✓ Done in 5.8s  ·  4,800 tokens  ·  saved 71%  ·  archived to Notion

Step 4 — Review logs

bash

# View last run
rune logs morning-brief --last

# View step-by-step detail
rune logs morning-brief --run <run-id> --verbose

# Export audit log as JSON
rune logs morning-brief --run <run-id> --format json > audit.json

TIP

Pass --dry-run to simulate execution without making any real API calls. Useful for testing pipelines before going live.

The Rune Registry

The registry hosts all verified Runes. Each Rune is reviewed for scope accuracy, dependency correctness, and Trust Score validity before publishing.

Filtering and searching

bash

# List by category
rune list --category productivity
rune list --category devops
rune list --category research

# Filter by minimum Trust Score
rune list --trust 85

# Search by keyword
rune search "github pr review"
rune search "slack notification"

# Sort by most-used
rune list --sort popular

Common Runes by use case

USE CASERUNETRUST

Daily AI briefing from email + calendarmorning-brief91

Summarize + triage GitHub PRspr-digest96

Multi-source research → Notiondeep-research96

Write SEO blog post and publishblog-forge87

Monitor crypto prices → alertsmarket-alert83

Auto-reply to support ticketssupport-sage79

Meeting transcript → action itemsmeeting-scribe94

Code review pipeline → PR commentcode-reviewer88

Building Custom Runes

6.1 Visual Builder (UI)

Open the Rune Builder and:

Start from a Quick Start template (Smart Alerts, Research Bot, Daily Brief) or a blank canvas.
Drag skills from the left panel onto the canvas. Skills are categorized by type.
Connect nodes by dragging from the right handle of one node to the left handle of another.
Click ✨ Auto-Fill Gaps — the engine detects missing LLM or output nodes, adds them, and wires all connections.
Review the Trust Score in the top bar. Export as JSON when satisfied.

TIP

Auto-Fill uses a fan-in/fan-out heuristic: multiple inputs converge to one LLM node; one LLM fan-out to all outputs. You can manually rewire anything after.

6.2 CLI authoring

Write Rune definitions directly in JSON or YAML and register them locally:

bash

# Scaffold a new Rune
rune init my-pipeline

# Edit the generated my-pipeline.rune.json
# (see Core Concepts §3.2 for the schema)

# Validate the graph before running
rune validate my-pipeline.rune.json

# Register it locally
rune register ./my-pipeline.rune.json

# Run it
rune run my-pipeline

6.3 Publishing to the registry

bash

# Lint and verify Trust Score
rune publish --check my-pipeline.rune.json

# Publish (requires RuneHub account + Trust Score ≥ 70)
rune publish my-pipeline.rune.json

# Update an existing Rune
rune publish my-pipeline.rune.json --bump patch

CAUTION

Published Runes undergo automated scope verification. Trust Scores below 70 are rejected from the public registry — they can still be shared as private Runes.

Token Optimization

A naive 8-skill LLM pipeline costs ~12,000 tokens per run. RuneHub reduces this to ~3,600 through four compounding techniques — all applied automatically.

7.1

saves

~2,000 tokens

Zero-token planning

Traditional agents burn 1,500–2,500 tokens per run just deciding what tools to call and in what order. In RuneHub, the Rune graph *is* the plan — there is no planning phase. Zero tokens spent on orchestration.

7.2

saves

~4,000–5,000 tokens

Context isolation

Each skill receives only its declared inputs — not the entire session history. A summarization step that takes one email as input does not receive the previous 5,000 tokens of context.

7.3

saves

variable (0–100% on cache hit)

Semantic caching

Inputs are embedded and compared to a local vector cache. If a semantically equivalent input was processed within the TTL window, the cached output is returned and the LLM is never called.

7.4

saves

30–50% per LLM step

Smart model routing

Each step is routed to the cheapest model capable of handling it. Classification and extraction → Groq (Llama/Mixtral, ~10× cheaper than GPT-4). Triage and scoring → Claude Haiku. Complex synthesis → Claude Sonnet. Opus is never used by default.

Combined result: ~12,000 tokens → ~3,600 tokens per run. At $0.003/1K tokens (Sonnet), that's $0.036 → $0.011 per run — roughly 70% cost reduction.

Security & Scopes

Least-privilege by default

Every skill declares exactly the OAuth scope or API permission it requires. RuneHub never requests broader access than declared. For example:

json

// gmail-fetch skill manifest
{
  "id": "gmail-fetch",
  "scopes": ["https://www.googleapis.com/auth/gmail.readonly"],
  // NOT gmail.modify, NOT gmail.send — read-only
  "dataAccess": ["email_body", "email_headers"],
  "externalCalls": false   // no data leaves to third parties
}

Secrets never reach the LLM

API keys and OAuth tokens are stored in ~/.runehub/secrets/ (AES-256 encrypted). At runtime, each skill receives its credentials via environment injection — the LLM prompt context never contains a secret, even accidentally.

Audit logs

Every execution writes an immutable log entry:

json

// ~/.runehub/logs/morning-brief/<run-id>.json
{
  "runId": "rb_01j9x...",
  "rune": "morning-brief",
  "startedAt": "2026-02-22T03:00:00Z",
  "steps": [
    {
      "skill": "gmail-fetch",
      "status": "ok",
      "durationMs": 320,
      "inputHash": "sha256:a3f9...",   // hash, not raw data
      "tokensUsed": 0
    },
    {
      "skill": "claude-triage",
      "status": "ok",
      "durationMs": 1420,
      "tokensUsed": 1240,
      "model": "claude-haiku-4"
    }
    // ... all 10 steps
  ],
  "totalTokens": 4800,
  "tokensSaved": 7200
}

NOTE

Logs are stored locally by default. Cloud log sync (with retention policy) is available on the Optimizer and Pro tiers.

CLI Reference

COMMANDDESCRIPTION

rune list [--category] [--trust]List Runes, filtered by category or minimum trust score

rune info <name>Show full skill manifest, scopes, Trust Score for a Rune

rune search <query>Search Runes by keyword, service, or category

rune install <name>Install all skills + deps for a Rune

rune run <name> [--dry-run]Execute a Rune. --dry-run simulates without real calls

rune run <name> --schedule "0 7 * * *"Schedule a Rune via cron expression

rune logs <name> [--last] [--run id]View execution logs. --verbose shows full step detail

rune auth add <service>Authorize a service (OAuth flow or API key prompt)

rune auth listList all configured credentials and their scope

rune auth revoke <service>Remove credentials for a service

rune init <name>Scaffold a new Rune definition (JSON + README)

rune validate <file>Validate Rune JSON schema and graph connectivity

rune register <file>Register a local Rune definition for use with run/logs

rune publish <file>Publish a Rune to the registry (Trust Score ≥ 70 required)

rune publish --check <file>Lint and compute Trust Score without publishing

rune --versionPrint CLI version

rune help [command]Show help for any command

FAQ

Do I need a RuneHub account to run Runes?

No. The CLI and all Runes work fully offline with your own API keys. A RuneHub account is required only to publish Runes to the registry or to use the Optimizer/Pro token-saving features.

Where are my API keys stored?

Locally in ~/.runehub/secrets/ — AES-256 encrypted using a key derived from your machine. Nothing is sent to RuneHub servers unless you explicitly enable cloud log sync (Optimizer/Pro).

Can I run Runes on a schedule?

Yes. Use rune run <name> --schedule "0 7 * * *" to register a cron-based schedule. The daemon runs locally via rune daemon start.

What if a skill I need is not in the registry?

You can author a custom skill using the skill SDK (npm package @runehub/skill-sdk), validate it locally, and register it for private use. Community skills can be submitted for registry review via rune publish.

What models does RuneHub support?

Claude (Haiku, Sonnet, Opus), GPT-4o / GPT-4o-mini, Groq-hosted open-source models (Llama 3, Mixtral), Gemini Pro, and local models via Ollama. Model routing is configurable per-skill.

What is the Trust Score based on?

Skill count, scope breadth (read vs. write), service sensitivity (financial APIs, social write access lower the score), and presence of LLM and output nodes. The formula is deterministic — the same Rune always produces the same score.

Is there a way to test a Rune without running it for real?

Yes — rune run <name> --dry-run simulates the full execution graph, shows which API calls would be made, and estimates token usage, without calling any external service.

$ rune install morning-brief --run

Ready to run your first pipeline?

Browse Runes ›Open Builder ›Skill Registry ›