Tendril – a self-extending agent that builds and registers its own tools
TL;DR Highlight
Tendril demonstrates a self-extending AI agent pattern by dynamically writing and registering tools when needed, creating a growing repository of capabilities with each session.
Who Should Read
Backend/full-stack developers building LLM-powered agents who face repetitive problem-solving or token waste across sessions. AI application developers designing how and when agents should utilize tools.
Core Mechanics
- Tendril serves as a reference implementation of the 'Agent Capability Pattern', where agents search existing tools, write and register new ones if missing, and execute them directly if available.
- A core design constraint is prohibiting direct code execution; agents must register tools before running them, automatically building a reusable toolset that accumulates across sessions.
- The agent loop relies on only three bootstrap tools—searchCapabilities, registerCapability, and execute—with the agent creating the rest. It's powered by AWS Strands TypeScript SDK and Bedrock (Claude Sonnet).
- Tool execution is sandboxed using Deno subprocesses, and the desktop shell is built with Tauri + React.
- Testing the self-extending loop with five local open-source models (Qwen3-8B, Gemma 4, Mistral Small 3.1, Devstral Small 2, Salesforce xLAM-2) resulted in complete failure, with each model exhibiting unique failure patterns detailed in a separate post.
- Tendril addresses the 'WHEN problem'—most agent frameworks define WHAT tools do and HOW to call them, but lack a structured approach to determine WHEN to use them. Tendril encodes this decision logic as rules within the system prompt.
- The registry structure is simple CRUD-based on index.json, and the source code is organized into agent.ts, loop/(tools, prompt, registry, sandbox), and transport/(protocol, stream, errors).
Evidence
- "Concerns were raised about the registry becoming noisy with accumulated sessions, leading to overspecialized tools, duplication, and API inconsistencies. One developer shared experience building a similar system called 'Saved Programs' to avoid token waste from repetitive problem-solving. Another developer highlighted the need for a network-based reflection and type system for effective tool registries, having built a custom distributed type system (gluon) after struggling with MCP/Skills. Criticism arose regarding the rule-based (if X then Y) approach to the 'WHEN' problem, with some finding success by describing the current state instead of prescribing rules. The importance of complexity management as the registry grows was emphasized, specifically addressing context understanding, knowledge retention, and performance monitoring."
How to Apply
- "If your agent repeatedly generates the same API calls or data processing code, introducing Tendril’s searchCapabilities → registerCapability → execute pattern can enable reuse without rebuilding. If you already use AWS Strands TypeScript SDK and Bedrock (Claude Sonnet), you can adapt Tendril’s tendril-agent/src/ structure, including the capability registry (index.json CRUD) and Deno sandbox execution layer. When building self-extending agents with local open-source models (Qwen3-8B, Gemma 4, etc.), consider that Tendril’s tests failed with all five models, suggesting a more powerful model like Claude Sonnet is currently necessary. To carry learnings across sessions, implement a routine to explicitly document what the agent learned and how it improved, similar to the '/learn command' mentioned in the comments."
Code Example
// Tendril agent loop example (based on README)
// First request: No tools → Create tool and execute
You: "fetch the top stories from Hacker News"
Tendril:
→ searchCapabilities("fetch url hacker news") // Search registry → Not found
→ registerCapability(fetch_url, code) // Write and register tool code
→ execute("fetch_url", {url: "https://..."}) // Execute registered tool
→ "Here are the top stories: ..."
// Second request: Reuse tool
You: "now fetch Lobsters and compare"
Tendril:
→ listCapabilities() // Search registry → Found fetch_url!
→ execute("fetch_url", {url: "https://lobste.rs"}) // Execute directly without rebuilding
// Directory structure
// tendril-agent/src/
// ├── agent.ts ← Strands agent + Bedrock model configuration
// ├── index.ts ← Orchestrator
// ├── loop/
// │ ├── tools.ts ← 3 bootstrap tools
// │ ├── prompt.ts ← System prompt (rules for autonomous behavior)
// │ ├── registry.ts ← Capability registry (index.json CRUD)
// │ └── sandbox.ts ← Deno subprocess sandbox execution
// └── transport/
// ├── protocol.ts ← ACP JSON-RPC over stdio
// ├── stream.ts ← SDK events → loop stage transformation
// └── errors.ts ← Provider error classificationTerminology
Related Papers
Ask HN: How do you get into a flow state when using AI to code?
Claude 같은 에이전트 기반 AI 코딩 도구가 보편화되면서 개발자들이 기존의 몰입 상태(flow state)를 잃어버리고 있다는 문제를 공유하고, 커뮤니티에서 각자의 대처 방법을 논의한 스레드.
Claude Desktop spawns 1.8 GB Hyper-V VM on every launch, even for chat-only use
Claude Desktop Windows 앱이 사용자가 AI 코드 실행 기능(Cowork)을 쓰지 않아도 실행 시마다 자동으로 1.8GB짜리 Hyper-V 가상머신을 생성해 메모리를 잡아먹는 버그가 보고됐다.
Apache Burr: Build reliable AI agents and applications
LangChain 같은 복잡한 프레임워크에 지친 개발자들을 위해 순수 Python으로 AI 에이전트와 상태 머신을 만들 수 있는 Apache 인큐베이팅 프레임워크다. 상태 관리, 관측성, Human-in-the-Loop 등을 DSL 없이 제공한다는 점이 특징이다.
A €0.01 bank transfer could compromise a banking AI agent
유럽 2위 디지털 뱅크 Bunq의 AI 어시스턴트에서 발견된 간접 프롬프트 인젝션 취약점으로, 단돈 €0.02 송금만으로 사용자에게 피싱 공격을 자동 실행할 수 있었다.
Grit: Rewriting Git in Rust with agents
GitButler 팀이 AI 에이전트 스웜을 활용해 Git을 Rust로 처음부터 재작성한 Grit 프로젝트를 공개했는데, GPL 라이선스 문제와 실용성 논란이 커뮤니티에서 크게 일고 있다.
Show HN: Claw Patrol, a security firewall for agents
AI 에이전트가 실행하는 SQL, kubectl, HTTP 요청을 프록시에서 가로채 HCL 규칙으로 허용/차단/사람 승인 요청을 할 수 있는 오픈소스 보안 게이트웨이. 에이전트가 프로덕션 환경에서 위험한 작업을 실행하기 전에 제어할 수 있어 중요하다.