-
Notifications
You must be signed in to change notification settings - Fork 1
Developer Appendix
title: "Developer Appendix" tier: "dev" status: "verified" version: "1.2.0" last-verified: "2026-06-17" commit: "b1c347b1" network-badge: "none" risk-tags: ["RISK: MEDIUM"]
This appendix is for core developers and contributors working on the Tadpole OS codebase. It provides an overview of the architecture, extension points, and testing infrastructure.
Note
This page is a summary reference. For the full architectural specification, see ARCHITECTURE.md in the main repository.
Tadpole OS follows a 4-Pillar architecture:
| Pillar | Responsibility | Key Components |
|---|---|---|
| Gateway | HTTP/WebSocket API surface |
server-rs/src/router.rs, Axum framework |
| Registry | Agent, provider, and skill management |
RegistryHub, GovernanceHub, ResourceHub
|
| Engine | Autonomous mission execution |
AgentRunner, RunContext, ToolOrchestrator
|
| Security Root | Audit, budget, and access control |
SecurityHub, MerkleAuditTrail, BudgetGuard
|
The Glossary#appstate struct is the central coordination hub, containing five sub-hubs:
AppState
├── comms: CommunicationHub (real-time events, oversight, WebSocket)
├── governance: GovernanceHub (limits, policies, privacy mode)
├── registry: RegistryHub (agents, providers, skills, MCP)
├── security: SecurityHub (audit, budget, shell scanner)
├── resources: ResourceHub (DB pool, HTTP client, audio, graphs)
└── base_dir: PathBuf (root data directory)
server-rs/
├── src/
│ ├── router.rs # Axum route definitions (Gateway Pillar)
│ ├── state/ # AppState and Hub definitions
│ │ └── hubs/ # comms.rs, gov.rs, reg.rs, res.rs
│ ├── routes/ # HTTP handler implementations
│ ├── agent/ # AgentRunner, provider integrations
│ │ ├── runner/ # Core execution loop & swarm orchestration
│ │ │ ├── a2a_ledger.rs # Agent payment ledger
│ │ │ ├── a2a_mailbox.rs # Agent communication mailboxes
│ │ │ ├── a2a_router.rs # Financial router for agent requests
│ │ │ ├── conductor.rs # DAG plan generator & topological scheduler
│ │ │ └── mod.rs
│ │ ├── anthropic.rs # Anthropic provider
│ │ ├── gemini.rs # Google Gemini provider
│ │ └── groq.rs # Groq provider
│ ├── security/ # Audit trails, budget guards
│ └── telemetry/ # OTel tracing, pulse types
├── data/ # Runtime data (skills, workflows, DB)
└── migrations/ # SQL migration files
All routes are nested under /v1 in create_router(). The Parity Guard validates that every /v1 route has a corresponding entry in docs/openapi.yaml.
The engine uses RFC 9457 compliant Glossary#problemdetails for all API error responses, with unified error types via Glossary#apperror.
| Hook/Store | Purpose |
|---|---|
useEngineStatus |
Real-time engine connection status |
use_vault_store |
Client-side credential vault management |
useLayoutNavigation |
Tab navigation and keyboard shortcuts |
- Framework: Vite + React
-
Config:
vite.config.tsin project root -
Dev Server:
npm run dev→http://localhost:5173
Create a JSON manifest in data/skills/ with the following structure:
{
"name": "my-custom-skill",
"description": "Description of the skill",
"execution_command": "python execution/my_script.py"
}The Parity-Guard validates that the referenced execution script exists.
The engine hosts a Model Context Protocol (MCP) server for external tool aggregation via RegistryHub::mcp_host.
Pre/post tool execution hooks are managed by RegistryHub::hooks (HooksManager).
Developers can implement the LlmProvider trait defined in provider_trait.rs to integrate new LLM backends (e.g. Anthropic, Gemini, OpenAI). The new provider must be registered in provider.rs.
Custom tools run through the central dispatch system in dispatcher.rs. New static or dynamic tools can be mapped here.
The long-running workflow scheduling engine, Continuity, executes asynchronous tasks. Extensions to scheduling logic can be made in the Continuity scheduler scheduler.rs and the executor executor.rs.
Future extensions for multi-tenant and OAuth-based authentication will hook into the Axum request lifecycle. Currently restricted to local single-tenant vault authentication.
Client-side cryptography (key derivation and encryption) is offloaded to a Web Worker in crypto.worker.ts. Custom encryption formats or key-stretching parameters can be configured there.
Tadpole OS enables agents to pay peer agents for invoking sub-tasks. Developers can extend payment behaviors by working with:
-
A2aLedger: Interacts with the local SQLiteagent_transactionsdatabase to create, commit, or roll back pending allocations. -
A2aMailbox: Standardized buffer for inter-agent messages and payment challenges. -
A2aRouter: Coordinates the routing of requests to target agent providers and handles payment gateway mappings.
For transaction safety, developers should wrap payments in the Two-Phase Commit (2PC) pattern (Prepare Commit / Rollback) to ensure zero balance leakage on failure.
# Frontend tests
npm test
# Backend tests
cd server-rs
cargo test
# Parity Guard (drift detection)
python execution/parity_guard.py .
# End-to-end (Playwright)
npx playwright testFor CI/testing without real LLM calls:
TADPOLE_NULL_PROVIDERS=true
This routes all LLM calls through a NullProvider that returns mock responses.
- See
CONTRIBUTING.mdfor contribution guidelines. - See
DEVELOPMENT.mdfor development setup details. - See
CODE_OF_CONDUCT.mdfor community standards.
For non-trivial code changes, use the scriptable symbol graph to inspect blast radius:
npm run graph:lookup -- --name SymbolName
npm run graph:file -- --path src/pages/Neural_Map.tsx
npm run graph:blast -- --path server-rs/src/routes/intelligence.rs --name get_blast_radius
npm run graph:exportComplete Lexicon: For the authoritative technical breakdown, see the main repository GLOSSARY.md. Every [[Glossary#term|term]] link on this page resolves to an entry there.