A self-extending agentic sandbox that demonstrates the Agent Capability pattern — where the model discovers, builds, and reuses tools autonomously across sessions.
Built with AWS Strands Agents SDK and Tauri.
You ask Tendril to do something. It checks its capability registry. If a tool exists, it uses it. If not, it writes one, registers it, and executes it — all without asking. Next time you need the same thing, the tool is already there.
You: "fetch the top stories from Hacker News"
Tendril:
→ searchCapabilities("fetch url hacker news") # nothing found
→ registerCapability(fetch_url, code) # builds a tool
→ execute("fetch_url", {url: "https://..."}) # runs it by name
→ "Here are the top stories: ..."
You: "now fetch Lobsters and compare"
Tendril:
→ listCapabilities() # found: fetch_url ✓
→ execute("fetch_url", {url: "https://lobste.rs"})# runs it — no rebuild
The registry grows with use. Every session is smarter than the last.
The core of Tendril is a Strands agent with three bootstrap tools. That's it — three tools to rule them all.
tendril-agent/src/
├── agent.ts ← Agent configuration (Strands model + tools)
├── index.ts ← Orchestrator — wires loop to transport
├── loop/ ← The agentic loop
│ ├── tools.ts ← 4 bootstrap tools in cycle order
│ ├── prompt.ts ← System prompt (autonomous behaviour rules)
│ ├── registry.ts ← Capability registry (index.json CRUD)
│ └── sandbox.ts ← Deno subprocess execution with sandboxing
└── transport/ ← Conversation framing + stream observation
├── protocol.ts ← ACP JSON-RPC over stdio
├── stream.ts ← SDK events → loop phases (think/act/observe)
└── errors.ts ← Provider error classification
agent.ts — Creates the Strands agent with a Bedrock model and three tools:
import { Agent } from '@strands-agents/sdk';
import { BedrockModel } from '@strands-agents/sdk/models/bedrock';
const agent = new Agent({
model: new BedrockModel({ modelId: '...', region: '...' }),
systemPrompt: TENDRIL_SYSTEM_PROMPT(workspacePath),
printer: nullPrinter, // suppress SDK stdout — we own the protocol
tools: [
listCapabilities(registry),
registerCapability(registry),
executeCode(registry, workspacePath, config),
],
});index.ts — Observes the agentic loop and bridges it to the ACP protocol:
// The agentic loop runs inside agent.stream().
// We observe each phase and forward to the UI.
for await (const event of agent.stream(userText)) {
const { phase, event: e } = classifyEvent(event);
switch (phase) {
case 'think': emitUpdate(handleThink(e)); break; // text delta
case 'act': emitUpdate(handleAct(e)); break; // tool call
case 'observe': emitUpdate(handleObserve(e)); break; // tool result
}
}loop/prompt.ts — The system prompt that makes the agent autonomous:
BEFORE acting on any request:
1. Call searchCapabilities(query) to check if a relevant tool exists
2. If found: call loadTool(name) then execute(code, args)
3. If NOT found: you MUST build the tool yourself.
RULES:
- NEVER ask "would you like me to create a tool?" — just build it.
- If a tool fails, read the error, fix the code, and retry.
- NEVER answer from training data when a tool could get live information.
Most agent frameworks give the model a big bag of tools and hope it picks the right one. Tendril inverts this — the model always sees exactly three tools. It searches a registry, builds what it needs, and the registry grows over time. The tool surface never changes; the capabilities do.
┌─────────────────────────────────────────┐
│ Tauri Shell (Rust) │
│ │
│ ACP Host ──stdin/stdout──► Agent │
│ (acp.rs) NDJSON (Node.js SEA)│
│ │ │ │
│ Events ◄── session/update ──┘ │
│ (events.rs) │
│ │ │
│ Tauri Events ──► React Frontend │
│ (TailwindCSS v4) │
└─────────────────────────────────────────┘
Agent internals:
Strands SDK ── BedrockModel ── Claude
│
4 bootstrap tools
│
┌────┴────┐
│ Registry │ ←→ index.json + tools/*.ts
└─────────┘
│
┌────┴────┐
│ Sandbox │ ←→ Deno subprocess (scoped permissions)
└─────────┘
Communication: JSON-RPC 2.0 over NDJSON (newline-delimited JSON) on stdin/stdout. The agent is a standalone process — the Tauri host spawns it as a sidecar.
Protocol: Implements the Agent Integrator Specification (ACP) — the same protocol used by Claude Code and similar agent hosts.
| Component | Technology |
|---|---|
| Desktop shell | Tauri 2.x (Rust) |
| Frontend | React 18 + TailwindCSS v4 |
| Agent | TypeScript (Node.js SEA binary) |
| Agent framework | @strands-agents/sdk |
| Inference | AWS Bedrock (Claude via Strands BedrockModel) |
| Code sandbox | Deno (bundled, subprocess with permission flags) |
| Protocol | JSON-RPC 2.0 / NDJSON over stdio |
- Node.js 22+ (for building the agent)
- Rust toolchain (for Tauri)
- AWS credentials configured for Bedrock access (
~/.aws/credentials)
git clone https://github.com/serverless-dna/tendril.git
cd tendril
make devThis will:
- Install dependencies (
npm installfor agent and UI) - Build the agent (
esbuildbundle) - Download Deno (bundled as sidecar)
- Create sidecar shims with platform triple
- Launch Tauri dev mode
On first launch, pick a workspace folder. Configure your AWS profile and model in Settings.
All settings live at ~/.tendril/config.json:
{
"workspace": "/Users/you/tendril-workspace",
"model": {
"provider": "bedrock",
"modelId": "us.anthropic.claude-sonnet-4-5-20250514",
"region": "us-east-1",
"profile": "your-aws-profile"
},
"sandbox": {
"denoPath": "deno",
"timeoutMs": 45000,
"allowedDomains": []
},
"agent": {
"maxTurns": 100
}
}allowedDomains: empty = unrestricted network. Set ["api.example.com"] to restrict.
Capabilities are stored in the workspace as plain files:
~/tendril-workspace/
index.json ← registry (name, triggers, suppression rules)
tools/
fetch_url.ts ← tool implementation (TypeScript, runs in Deno)
summarize_text.ts
parse_json.ts
Each capability has:
- name:
snake_caseidentifier - capability: one-sentence description
- triggers: conversational signals that should invoke it
- suppression: conditions that prevent invocation
The model writes these definitions. You can inspect, edit, or delete them — they're just files.
make dev Build agent + sidecars, launch Tauri dev
make build Build agent (esbuild bundle)
make test Run agent tests (vitest)
make lint tsc --noEmit + cargo clippy
make fmt cargo fmt --check
make check Full quality gate (fmt + lint + test)
make release Quality gate + cargo tauri build
make clean Remove all build artifacts
tendril/
tendril-agent/ TypeScript Strands sidecar
src/ Agent source (see "The Agent Loop" above)
tests/ vitest tests
package.json
sea-config.json Node.js SEA build config
tendril-ui/ Tauri + React desktop app
src/ React components + hooks
src-tauri/ Rust backend (ACP host, event forwarding)
package.json
docs/ Specs and reference implementations
specs/ Feature specifications and plans
Makefile
MIT