Skip to main content
The Journal Store is the central persistence layer of the Palyra daemon, providing a durable, tamper-evident record of all system activity. It manages the lifecycle of agent runs, tool executions, memory items, and security approvals using a SQLite backend configured for high concurrency and auditability.

System Architecture and Storage Model

The JournalStore crates/palyra-daemon/src/journal.rs#7-12 encapsulates a single SQLite database connection. It operates in Write-Ahead Logging (WAL) mode with foreign key constraints enabled to ensure data integrity and performance under concurrent access crates/palyra-daemon/src/journal.rs#6-9.

Data Flow: Natural Language to Code Entities

The following diagram illustrates how high-level system concepts (Natural Language Space) map to specific implementation entities (Code Entity Space) within the Journal subsystem. Concept to Code Mapping Sources: crates/palyra-daemon/src/journal.rs#1-20, crates/palyra-daemon/src/gateway/runtime.rs#49-53

Tamper-Evidence and Hash Chaining

Palyra implements a cryptographic hash chain to make the audit log tamper-evident. When hash_chain_enabled is active, every event is linked to its predecessor crates/palyra-daemon/src/journal.rs#11-15.
  1. Identity Fields: Includes event sequence, type, and actor metadata.
  2. Payload: The sanitized JSON data of the event.
  3. Hash Calculation: hash = SHA-256(prev_hash | identity_fields | payload) crates/palyra-daemon/src/journal.rs#12-14.
Verification is surfaced via the JournalHealthReport, which includes a JournalHashChainVerificationReport to detect if any historical records have been modified or deleted crates/palyra-daemon/src/gateway/runtime.rs#49-53.

Event Sanitization and Redaction

To prevent sensitive information (secrets, credentials, PII) from being persisted in the clear, the Journal uses a multi-stage redaction pipeline crates/palyra-daemon/src/journal.rs#11-12.

Redaction Logic

Redaction Flow Sources: crates/palyra-daemon/src/journal.rs#75-130, crates/palyra-daemon/src/journal.rs#11-15

Key Subsystems Managed by JournalStore

The Journal serves as the durable backend for several critical daemon components:
SubsystemPrimary Record TypeRole
OrchestratorOrchestratorSessionRecordTracks run lifecycle (Pending, InProgress, Done) crates/palyra-daemon/src/orchestrator.rs#22-29.
TapeOrchestratorSessionTranscriptRecordAppend-only log of every interaction in a session crates/palyra-daemon/src/gateway/runtime.rs#76-76.
MemoryMemoryItemRecordStores facts and vectors for RAG crates/palyra-daemon/src/gateway/runtime.rs#64-65.
ApprovalsApprovalDecisionPersists operator decisions for tool execution crates/palyra-daemon/src/lib.rs#148-151.
Tool JobsToolJobRecordTracks background tool execution and output tails crates/palyra-daemon/src/gateway/runtime.rs#83-85.
Sources: crates/palyra-daemon/src/gateway/runtime.rs#54-99, crates/palyra-daemon/src/orchestrator.rs#20-29

Maintenance and Health

The system includes automated maintenance routines to ensure the database remains healthy and performant.

JournalHealthReport

The health report, accessible via the GatewayRuntimeState, monitors:

Retention and Cleanup

The Journal implements retention policies for artifacts and memory items. For example, MEMORY_RETENTION_DAY_MS defines the base unit for memory aging crates/palyra-daemon/src/journal.rs#150-150. The MemoryPurgeRequest is used to clear expired or explicitly deleted memory segments crates/palyra-daemon/src/lib.rs#150-150. Sources: crates/palyra-daemon/src/journal.rs#140-160, crates/palyra-daemon/src/gateway/runtime.rs#49-53, crates/palyra-daemon/src/lib.rs#148-153