Protocol Matrix
This matrix summarizes the engine-backed contracts between Desktop/TUI clients and the engine runtime.
Frontend <-> Tauri Commands
| Command | Contract |
|---|---|
get_storage_migration_status / run_storage_migration | Controls startup + settings-triggered migration flow. |
list_plans | Reads .tandem/plans with legacy .opencode/plans fallback. |
read_plan_content | Reads a plan markdown file by path. |
build_permission_rules | Returns rule names aligned with runtime tool names. |
| Session scope | Session list is scoped to the active workspace. |
agent_team_* commands | Desktop Agent Automation bridge for templates, instances, missions, approvals, spawn, and cancel/decision actions. |
Tauri <-> Engine HTTP
| Endpoint | Contract |
|---|---|
GET /session?scope=workspace&workspace=<abs> | Workspace-scoped session list (engine-enforced). |
GET /session?scope=global | Explicit cross-workspace list for advanced/debug flows. |
POST /session/{id}/attach | Explicit attach across workspaces with audit fields. |
POST /session/{id}/workspace/override | Temporary sandbox override with TTL. |
GET /provider | Provider catalog with default/connected metadata. |
POST /mission / POST /automations / POST /routines | Mission + automation lifecycle endpoints (routines/* remains compatible). |
POST /mission/{id}/event | Mission reducer endpoint; mission_started can trigger orchestrator-runtime Agent Team spawns. |
GET /agent-team/templates | Lists loaded Agent Team templates from workspace config. |
GET /agent-team/instances | Lists agent instances with mission/parent/status filters. |
GET /agent-team/missions | Lists mission-level Agent Team status rollups and usage totals. |
GET /agent-team/approvals | Lists pending spawn approvals + pending tool approvals for agent-team sessions. |
POST /agent-team/spawn | Server-gated spawn with policy, edge, and skill checks. |
POST /agent-team/approvals/spawn/{id}/approve | Approves a queued spawn request and executes gated spawn path. |
POST /agent-team/approvals/spawn/{id}/deny | Denies a queued spawn request with auditable reason. |
POST /agent-team/instance/{id}/cancel | Cancels a single agent instance and child session execution. |
POST /agent-team/mission/{id}/cancel | Cancels all tracked agent instances for a mission. |
Engine SSE -> Client Events
| Event | Contract |
|---|---|
message.part.updated | Text and tool part streaming for chat timeline + console. |
todo.updated | Normalized todo state (pending, in_progress, completed, cancelled). |
question.asked | Questions with tool.callID for correlation. |
agent_team.spawn.* | Spawn requested/denied/approved lifecycle with policy reason codes. |
agent_team.instance.started | New instance lifecycle entry (mission/instance/session lineage). |
agent_team.budget.usage | Live budget counters (tokensUsed, stepsUsed, toolCallsUsed, costUsedUsd, elapsedMs). |
agent_team.budget.exhausted | Budget limit reached; runtime emits reason and usage snapshot. |
agent_team.mission.budget.exhausted | Mission total budget exhaustion; runtime emits mission-level usage snapshot. |
agent_team.instance.cancelled | Instance cancellation (manual or budget exhaustion) with reason. |
agent_team.instance.completed | Instance reached completed terminal state. |
agent_team.instance.failed | Instance reached failed terminal state. |
agent_team.capability.denied | Runtime capability guard blocked a disallowed tool/capability access. |
provider.usage | Provider-reported token usage (promptTokens, completionTokens, totalTokens) when available. |
storage-migration-progress | Migration phase/progress/counters. |
storage-migration-complete | Migration completion status and summary. |
Canonical Event Examples
message.part.updated (text)
{ "type": "message.part.updated", "properties": { "part": { "id": "part_123", "sessionID": "ses_123", "messageID": "msg_123", "type": "text", "text": "Hello" }, "delta": "Hello" }}todo.updated
{ "type": "todo.updated", "properties": { "sessionID": "ses_123", "todos": [{ "id": "t1", "content": "Audit contracts", "status": "pending" }] }}question.asked
{ "type": "question.asked", "properties": { "id": "q_123", "sessionID": "ses_123", "messageID": "msg_123", "questions": [ { "header": "Scope", "question": "Pick one", "options": [{ "label": "A", "description": "..." }] } ], "tool": { "callID": "call_2", "messageID": "msg_123" } }}JSON-First Orchestrator Contract
Tandem validates planner + validator responses as strict JSON first. The strict mode can be enabled with:
TANDEM_ORCH_STRICT_CONTRACT=1Strict mode emits contract_warning or contract_error events when the JSON contract is degraded.
Protocol Flow Diagram
flowchart LR FE[Frontend] -->|invoke| TAURI[Tauri Commands] TAURI -->|HTTP| ENGINE[tandem-engine] ENGINE -->|SSE| TAURI TAURI -->|events| FE ENGINE --> MISSIONS[Mission APIs] ENGINE --> ROUTINES[Routine APIs] ENGINE --> SESSION[Session/Run APIs] ENGINE --> EVENTS[message.part.updated / todo.updated / question.asked]