DEFEND · OSSMITv0.1 · BLUEPRINT

RuneLM

A fail-closed data-sanitization proxy for outbound LLM calls. Every prompt is classified, pseudonymized, routed by sensitivity, and rehydrated only at the placeholders it created — cleartext fallback is architecturally impossible, not a flag you can flip.

Visit runelm.com GitHub

ᛟ

7-stage

classification

sensitivity tiers

AES-256

pseudonym map

cleartext paths

One enforced pipeline

Classify, route, rehydrate — in order, every time.

RuneLM sits between your app and any provider. Each outbound prompt runs the full pipeline; an error in any stage blocks the request. No path ships cleartext.

STAGE
Identity
Verify the caller from a signed session — not self-reported headers.
STAGE
Classify
Seven stages: NFKC → blocklist → regex → struct → NER → coreference → escalation.
STAGE
Pseudonymize
Deterministic, session-scoped, type-preserving placeholders backed by an AES-256-GCM map.
STAGE
Route
HIGH → local L1, MEDIUM → contracted L2, LOW → any — keyed to classification, no override flag.
STAGE
Rehydrate
Reverse only the runes the outbound map created. Unknown placeholders stay masked.
STAGE
Audit
HMAC-SHA-256 over every decision — never raw prompt text. Tamper-evident.

Your prompts leave your perimeter on every API call. RuneLM makes sure they leave clean. Let's talk.