seonghobae · seonghobae · Mar 12, 2026 · Mar 12, 2026 · Mar 12, 2026 · Mar 12, 2026
@@ -38,12 +38,14 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
+      - name: Install Syft
+        run: |
+          curl -sSfL -o "$RUNNER_TEMP/syft.tar.gz" "https://github.com/anchore/syft/releases/download/v1.20.0/syft_1.20.0_linux_amd64.tar.gz"
+          tar -xzf "$RUNNER_TEMP/syft.tar.gz" -C "$RUNNER_TEMP" syft
+
       - name: Generate CycloneDX SBOM
-        uses: anchore/sbom-action@57aae528053a48a3f6235f2d9461b05fbcb7366d # v0.23.1
-        with:
-          path: .
-          format: cyclonedx-json
-          output-file: bandscope-sbom.cdx.json
+        run: |
+          "$RUNNER_TEMP/syft" dir:. -o cyclonedx-json=bandscope-sbom.cdx.json
 
       - name: Upload SBOM artifact
         uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0

@@ -95,6 +95,7 @@ Last updated: 2026-03-11
 - Shared contracts live in `packages/shared-types` so the UI can evolve without importing Python internals.
 - Shared contracts should ultimately model section, role, cue, confidence, and export artifacts explicitly enough that desktop UI and analysis outputs do not invent their own parallel schemas.
 - The current shared-types baseline includes a rehearsal-domain fixture that exercises section, role, cue, confidence, provenance, and export-summary fields in the desktop shell before the full analysis pipeline lands.
+- Local analysis orchestration uses typed Tauri IPC commands and a Python subprocess over stdin/stdout rather than a loopback HTTP listener.
 - Product and UX decisions should prefer rehearsal-first simplicity while still maintaining high analytical accuracy.
 - Security decisions should prefer allowlisted narrow capabilities over generic convenience APIs.
 

@@ -11,6 +11,7 @@
     "test": "node -e \"require('node:fs').mkdirSync('coverage/.tmp', { recursive: true })\" && vitest run --coverage"
   },
   "dependencies": {
+    "@tauri-apps/api": "^2.8.0",
     "@bandscope/shared-types": "0.1.0",
     "react": "^19.2.4",
     "react-dom": "^19.2.4"

@@ -7,7 +7,10 @@ edition = "2021"
 tauri-build = { version = "2" }
 
 [dependencies]
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
 tauri = { version = "2.3.1" }
+time = { version = "0.3", features = ["formatting", "macros"] }
 
 [features]
 default = []
@@ -1,3 +1,9 @@
 fn main() {
-    tauri_build::build()
+    tauri_build::try_build(
+        tauri_build::Attributes::new().app_manifest(
+            tauri_build::AppManifest::new()
+                .commands(&["start_analysis_job", "get_analysis_job_status"]),
+        ),
+    )
+    .expect("failed to build tauri application manifest");
 }
@@ -0,0 +1,11 @@
+{
+  "$schema": "../gen/schemas/desktop-schema.json",
+  "identifier": "main-capability",
+  "description": "Capability for the main BandScope window to use the analysis orchestration commands.",
+  "windows": ["main"],
+  "permissions": [
+    "core:default",
+    "allow-start-analysis-job",
+    "allow-get-analysis-job-status"
+  ]
+}
@@ -0,0 +1 @@
+{"main-capability":{"identifier":"main-capability","description":"Capability for the main BandScope window to use the analysis orchestration commands.","local":true,"windows":["main"],"permissions":["core:default","allow-start-analysis-job","allow-get-analysis-job-status"]}}
@@ -0,0 +1,11 @@
+# Automatically generated - DO NOT EDIT!
+
+[[permission]]
+identifier = "allow-get-analysis-job-status"
+description = "Enables the get_analysis_job_status command without any pre-configured scope."
+commands.allow = ["get_analysis_job_status"]
+
+[[permission]]
+identifier = "deny-get-analysis-job-status"
+description = "Denies the get_analysis_job_status command without any pre-configured scope."
+commands.deny = ["get_analysis_job_status"]
@@ -0,0 +1,11 @@
+# Automatically generated - DO NOT EDIT!
+
+[[permission]]
+identifier = "allow-start-analysis-job"
+description = "Enables the start_analysis_job command without any pre-configured scope."
+commands.allow = ["start_analysis_job"]
+
+[[permission]]
+identifier = "deny-start-analysis-job"
+description = "Denies the start_analysis_job command without any pre-configured scope."
+commands.deny = ["start_analysis_job"]
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"main-capability":{"identifier":"main-capability","description":"Capability for the main BandScope window to use the analysis orchestration commands.","local":true,"windows":["main"],"permissions":["core:default","allow-start-analysis-job","allow-get-analysis-job-status"]}}