> ## Documentation Index
> Fetch the complete documentation index at: https://docs-code.palyra.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Transport Layer: HTTP, gRPC, and QUIC

<details>
  <summary>Relevant source files</summary>

  The following files were used as context for generating this wiki page:

  * crates/palyra-daemon/src/application/mod.rs
  * crates/palyra-daemon/src/gateway/runtime.rs
  * crates/palyra-daemon/src/journal.rs
  * crates/palyra-daemon/src/lib.rs
  * crates/palyra-daemon/src/openai\_auth.rs
  * crates/palyra-daemon/src/openai\_model\_discovery.rs
  * crates/palyra-daemon/src/openai\_surface.rs
  * crates/palyra-daemon/src/quic\_runtime.rs
  * crates/palyra-daemon/src/transport/http/contracts/channels/mod.rs
  * crates/palyra-daemon/src/transport/http/contracts/mod.rs
  * crates/palyra-daemon/src/transport/http/handlers/admin/channels/connectors/mod.rs
  * crates/palyra-daemon/src/transport/http/handlers/admin/mod.rs
  * crates/palyra-daemon/src/transport/http/handlers/canvas.rs
  * crates/palyra-daemon/src/transport/http/handlers/console/auth.rs
  * crates/palyra-daemon/src/transport/http/handlers/console/channels/connectors/mod.rs
  * crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs
  * crates/palyra-daemon/src/transport/http/handlers/console/models.rs
  * crates/palyra-daemon/src/transport/http/handlers/health.rs
  * crates/palyra-daemon/src/transport/http/handlers/mod.rs
  * crates/palyra-daemon/src/transport/http/handlers/realtime.rs
  * crates/palyra-daemon/src/transport/http/handlers/web\_ui.rs
  * crates/palyra-daemon/src/transport/http/middleware.rs
  * crates/palyra-daemon/src/transport/http/router.rs
  * crates/palyra-daemon/tests/golden/current\_state\_inventory.json
  * crates/palyra-daemon/tests/openai\_auth\_surface.rs
  * crates/palyra-model-providers/src/discovery.rs
  * crates/palyra-transport-quic/src/lib.rs
  * crates/palyra-transport-quic/tests/transport.rs
  * schemas/generated/kotlin/ProtocolStubs.kt
  * schemas/generated/rust/protocol\_stubs.rs
  * schemas/generated/swift/ProtocolStubs.swift
  * schemas/proto/palyra/v1/browser.proto
  * schemas/proto/palyra/v1/gateway.proto
</details>

The Palyra transport layer provides the multi-protocol communication backbone for the daemon, exposing management interfaces, agentic APIs, and high-performance data streams. It integrates an Axum-based HTTP stack for web and CLI interaction, Tonic for gRPC-based service-to-service communication, and an optional QUIC transport for low-latency, encrypted binary streams [crates/palyra-daemon/src/lib.rs#1-10](http://crates/palyra-daemon/src/lib.rs#1-10).

### Multi-Transport Architecture

The `palyrad` daemon acts as a unified gateway hub, multiplexing multiple protocols over configured network interfaces [crates/palyra-daemon/src/lib.rs#1-10](http://crates/palyra-daemon/src/lib.rs#1-10). The architecture is centered around a shared `GatewayRuntimeState`, which acts as the source of truth for all transport handlers [crates/palyra-daemon/src/gateway/runtime.rs#1-12](http://crates/palyra-daemon/src/gateway/runtime.rs#1-12).

#### Transport Topology

The following diagram illustrates how external clients interact with the daemon's internal subsystems through various transport protocols.

**Transport to Code Entity Mapping**

```mermaid theme={null}
graph TD
    subgraph "External Clients"
        WEB["Web Console (apps/web)"]
        CLI["palyra-cli"]
        BROWSER["palyra-browserd"]
        NODE["Remote Worker Node"]
    end

    subgraph "Transport Layer (crates/palyra-daemon/src/transport)"
        HTTP["Axum Router (router.rs)"]
        GRPC["Tonic gRPC Server"]
        QUIC["QUIC Runtime (quic_runtime.rs)"]
    end

    subgraph "Daemon Core"
        GSTATE["GatewayRuntimeState (gateway/runtime.rs)"]
        ASTATE["AppState (app/state.rs)"]
        ORCH["Orchestrator (orchestrator/mod.rs)"]
    end

    WEB -->|REST/JSON| HTTP
    CLI -->|REST/gRPC| HTTP
    CLI -->|gRPC| GRPC
    BROWSER -->|gRPC| GRPC
    NODE -->|QUIC/mTLS| QUIC

    HTTP --> ASTATE
    GRPC --> GSTATE
    QUIC --> GSTATE
    ASTATE --> GSTATE
    GSTATE --> ORCH
```

Sources: [crates/palyra-daemon/src/lib.rs#1-33](http://crates/palyra-daemon/src/lib.rs#1-33), [crates/palyra-daemon/src/transport/http/router.rs#1-25](http://crates/palyra-daemon/src/transport/http/router.rs#1-25), [crates/palyra-daemon/src/gateway/runtime.rs#1-12](http://crates/palyra-daemon/src/gateway/runtime.rs#1-12).

***

### HTTP Surface (Axum)

The HTTP surface is implemented using the `axum` framework and is partitioned into several functional namespaces [crates/palyra-daemon/src/transport/http/router.rs#24-25](http://crates/palyra-daemon/src/transport/http/router.rs#24-25).

#### API Routing Table

| Namespace       | Path Prefix    | Primary Purpose                                     | Key Handlers                                                     |
| :-------------- | :------------- | :-------------------------------------------------- | :--------------------------------------------------------------- |
| **Console API** | `/console/v1`  | Powers the React web dashboard.                     | `console_diagnostics_handler`, `console_models_discover_handler` |
| **Admin API**   | `/admin/v1`    | Low-level daemon management and state repair.       | `admin_status_handler`, `admin_state_repair_handler`             |
| **Compat API**  | `/v1`          | OpenAI-compatible completions and models endpoints. | `compat::completions_handler`                                    |
| **Realtime**    | `/realtime/v1` | WebSocket/SSE streams for live agent updates.       | `realtime::stream_handler`                                       |
| **Canvas**      | `/canvas/v1`   | State management for the interactive A2UI canvas.   | `canvas::patch_handler`                                          |

Sources: [crates/palyra-daemon/src/transport/http/router.rs#26-170](http://crates/palyra-daemon/src/transport/http/router.rs#26-170), [crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#70-74](http://crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#70-74), [crates/palyra-daemon/src/transport/http/handlers/console/models.rs#125-137](http://crates/palyra-daemon/src/transport/http/handlers/console/models.rs#125-137).

#### HTTP Middleware

Palyra employs a layered middleware stack to enforce security and observability invariants [crates/palyra-daemon/src/transport/http/router.rs#19-21](http://crates/palyra-daemon/src/transport/http/router.rs#19-21):

* **Authentication**: Validates session cookies or bearer tokens against the `AuthProfileRegistry` [crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#74](http://crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#74).
* **CSRF Protection**: Enforces Double-Submit Cookie patterns for state-changing operations [crates/palyra-daemon/src/transport/http/handlers/console/models.rs#121](http://crates/palyra-daemon/src/transport/http/handlers/console/models.rs#121).
* **Rate Limiting**: Protects sensitive endpoints (e.g., auth connect) from brute-force attempts.
* **Redaction**: Automatically redacts secrets from JSON responses using `redact_console_diagnostics_value` before they leave the transport layer [crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#86-92](http://crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#86-92).

***

### gRPC Services

The daemon exposes structured services via Protobuf definitions located in `schemas/proto/palyra/v1/`. These are served using the `tonic` library [crates/palyra-daemon/src/lib.rs#1-4](http://crates/palyra-daemon/src/lib.rs#1-4).

#### Key gRPC Service Definitions

1. **Gateway Service (`gateway.v1`)**: The primary interface for session management, run execution, and agent interaction.
2. **Memory Service (`memory.v1`)**: Provides high-performance access to the RAG (Retrieval-Augmented Generation) index and memory lifecycle operations [crates/palyra-daemon/src/gateway/runtime.rs#105-110](http://crates/palyra-daemon/src/gateway/runtime.rs#105-110).
3. **Browser Service (`browser.v1`)**: Used by the `palyra-browserd` sidecar to report page snapshots, logs, and element captures back to the daemon [schemas/generated/rust/protocol\_stubs.rs#61-88](http://schemas/generated/rust/protocol_stubs.rs#61-88).
4. **Auth Service (`auth.v1`)**: Manages the `AuthProfile` lifecycle, including credential rotation and health checks [schemas/generated/rust/protocol\_stubs.rs#7-26](http://schemas/generated/rust/protocol_stubs.rs#7-26).

Sources: [schemas/generated/rust/protocol\_stubs.rs#5-60](http://schemas/generated/rust/protocol_stubs.rs#5-60), [crates/palyra-daemon/src/gateway/runtime.rs#1-12](http://crates/palyra-daemon/src/gateway/runtime.rs#1-12).

***

### QUIC Transport

The QUIC transport is used primarily for node-to-node communication and high-throughput worker telemetry [crates/palyra-daemon/src/lib.rs#25-27](http://crates/palyra-daemon/src/lib.rs#25-27). It is implemented in `crates/palyra-transport-quic` and integrated via the `quic_runtime.rs` in the daemon [crates/palyra-daemon/src/quic\_runtime.rs]().

* **Identity & Security**: QUIC connections require mTLS using certificates managed by the `palyra-identity` crate.
* **Multiplexing**: Leverages QUIC streams to prevent head-of-line blocking between concurrent tool execution logs and agent state updates.

***

### Data Flow: Inbound Request Lifecycle

The following diagram traces a request from the Web Console to the underlying Journal store.

**Request Execution Flow**

```mermaid theme={null}
sequenceDiagram
    participant W as Web Console
    participant R as Axum Router
    participant H as console_diagnostics_handler
    participant G as GatewayRuntimeState
    participant J as JournalStore (SQLite)

    W->>R: GET /console/v1/diagnostics
    Note over R: Middleware: Auth, CSRF, Redaction
    R->>H: Invoke Handler
    H->>G: status_snapshot_async()
    G->>J: Query Health/Metrics (blocking)
    J-->>G: JournalHealthReport
    G-->>H: StatusSnapshot
    Note over H: redact_console_diagnostics_value()
    H-->>W: JSON Response (200 OK)
```

Sources: [crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#70-92](http://crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#70-92), [crates/palyra-daemon/src/gateway/runtime.rs#15-19](http://crates/palyra-daemon/src/gateway/runtime.rs#15-19), [crates/palyra-daemon/src/journal.rs#1-20](http://crates/palyra-daemon/src/journal.rs#1-20).
