BrowserService gRPC Interface and Chromium Engine

This page documents the palyra-browserd service, which provides a high-level gRPC interface for browser automation. It encapsulates the Chromium engine via the headless_chrome crate, managing session lifecycles, security constraints, and state persistence.

BrowserService gRPC Definition

The BrowserService is the primary interface for all browser-related operations. It is defined in browser.proto and implemented by BrowserServiceImpl in the palyra-browserd crate.

Key RPC Methods

Method	Description	Implementation
`CreateSession`	Initializes a new browser instance or attaches to an existing profile.	crates/palyra-browserd/src/transport/grpc/service.rs#29-161
`Navigate`	Directs the browser to a specific URL with safety guards.	crates/palyra-browserd/src/transport/grpc/service.rs#260-316
`Click`	Simulates a mouse click on a DOM element identified by a selector.	crates/palyra-browserd/src/transport/grpc/service.rs#318-372
`Type`	Inputs text into a form field or element.	crates/palyra-browserd/src/transport/grpc/service.rs#374-434
`Scroll`	Adjusts the viewport position.	crates/palyra-browserd/src/transport/grpc/service.rs#436-476
`Observe`	Captures the current page state (DOM, Title, URL).	crates/palyra-browserd/src/transport/grpc/service.rs#524-555
`RelayAction`	Handles communication with the browser extension companion.	crates/palyra-browserd/src/transport/grpc/service.rs#710-754
`DownloadArtifact`	Retrieves files downloaded during a session from the quarantine.	crates/palyra-browserd/src/transport/grpc/service.rs#756-788

Sources: crates/palyra-browserd/src/transport/grpc/service.rs#14-1188, schemas/generated/rust/protocol_stubs.rs#61-260

Chromium Engine Integration

Palyra uses the headless_chrome crate to control Chromium. The integration supports both a “Real” engine and a “Simulated” mode for testing.

Execution Flow

When a session is created, palyra-browserd launches a Chromium process (if not using an existing profile) and establishes a DevTools Protocol connection. System Entity Mapping: Natural Language to Code Title: Browser Action Execution Pipeline Sources: crates/palyra-browserd/src/transport/grpc/service.rs#318-372, crates/palyra-browserd/src/engine/chromium.rs#60-68, crates/palyra-browserd/src/lib.rs#36-40

SessionBudget Constraints

Every session is governed by a SessionBudget, which enforces resource limits to prevent runaway automation or memory exhaustion.

Navigation Timeout: max_navigation_timeout_ms (Default: 15s) crates/palyra-browserd/src/lib.rs#85
Payload Size: max_response_bytes (Default: 512KB) crates/palyra-browserd/src/lib.rs#88
Action Rate: max_actions_per_window (Default: 20 per second) crates/palyra-browserd/src/lib.rs#93-94
Data Limits: max_screenshot_bytes, max_type_input_bytes crates/palyra-browserd/src/lib.rs#87-91

Sources: crates/palyra-browserd/src/transport/grpc/service.rs#107-161, crates/palyra-browserd/src/lib.rs#82-104

Security and Validation

Target URL Validation

Before any navigation, the service validates the target URL to prevent SSRF or access to restricted internal networks. This is handled by navigate_with_guards.

Private Targets: Blocked by default unless allow_private_targets is true.
Protocol Enforcement: Only http and https are allowed.
DNS Rebinding Protection: The service maintains a DnsValidationCache to track resolved IPs.

Sources: crates/palyra-browserd/src/support/tests.rs#1-17, crates/palyra-browserd/src/engine/chromium.rs#108-112

SOCKS5 Proxy Integration

To enforce network policies at the engine level, palyra-browserd spawns a local SOCKS5 proxy for each session via ChromiumSessionProxy. This proxy intercepts all Chromium traffic to apply allow_private_targets logic. System Entity Mapping: Proxy Lifecycle Title: Chromium Network Guarding Sources: crates/palyra-browserd/src/engine/chromium.rs#71-97, crates/palyra-browserd/src/engine/chromium.rs#198-210

BrowserProfile and Persistence

The service supports persistent browser profiles, allowing sessions to share cookies, local storage, and history.

BrowserProfileRegistry: Manages a collection of profiles per principal. crates/palyra-browserd/src/lib.rs#138-140
Encryption: Profile metadata and state snapshots are encrypted using CHACHA20_POLY1305 with keys derived from PALYRA_BROWSERD_STATE_ENCRYPTION_KEY. crates/palyra-browserd/src/lib.rs#123, crates/palyra-browserd/src/lib.rs#132-135
Persistence IDs: Sessions can be resumed using a persistence_id which links to a PersistedSessionSnapshot. crates/palyra-browserd/src/transport/grpc/service.rs#52-73

Sources: crates/palyra-browserd/src/transport/grpc/service.rs#42-73, crates/palyra-browserd/src/lib.rs#131-146

Download Artifact Management

Downloads are intercepted and stored in a sandboxed directory structure.

Quarantine: Files are initially placed in a quarantine directory. crates/palyra-browserd/src/domain/downloads.rs#35-36
Validation: Files are checked against DOWNLOAD_ALLOWED_EXTENSIONS (e.g., pdf, csv, json) and DOWNLOAD_ALLOWED_MIME_TYPES. crates/palyra-browserd/src/lib.rs#153-162
Limits: Enforced via DOWNLOAD_MAX_FILE_BYTES (8MB) and DOWNLOAD_MAX_TOTAL_BYTES_PER_SESSION (32MB). crates/palyra-browserd/src/lib.rs#147-148

Sources: crates/palyra-browserd/src/domain/downloads.rs#20-44, crates/palyra-browserd/src/domain/downloads.rs#96-173

Browser Extension Relay

The RelayAction RPC facilitates communication with the Palyra Browser Extension. This allows the daemon to:

Capture DOM snapshots from the perspective of the user’s active browser.
Relay user-initiated selections back to the daemon.
Inject content scripts for enhanced observation.

Sources: crates/palyra-browserd/src/transport/grpc/service.rs#710-754, apps/browser-extension/content_script.js#1-10

​BrowserService gRPC Definition

​Key RPC Methods

​Chromium Engine Integration

​Execution Flow

​SessionBudget Constraints

​Security and Validation

​Target URL Validation

​SOCKS5 Proxy Integration

​BrowserProfile and Persistence

​Download Artifact Management

​Browser Extension Relay