Skip to main content
The Node Runtime facilitates the extension of Palyra’s capabilities to external devices and hosts. It provides a secure, mTLS-encrypted communication channel over QUIC or gRPC, allowing remote “Nodes” to register capabilities (such as system health checks or desktop automation) and execute them on behalf of the Palyra daemon.

Node Runtime Architecture

The NodeRuntimeState acts as the central orchestrator within the daemon for managing remote device lifecycles, pairing requests, and capability dispatching crates/palyra-daemon/src/node_runtime.rs#208-213. It maintains a registry of RegisteredNodeRecord entities representing active and historical node connections crates/palyra-daemon/src/node_runtime.rs#131-139.

Data Flow: Capability Invocation

When a tool or skill requires a node-hosted capability, the following flow occurs:
  1. Queueing: A CapabilityDispatchRecord is created and added to the queued_by_device map crates/palyra-daemon/src/node_runtime.rs#198-199.
  2. Polling/Streaming: The remote node, connected via NodeServiceClient, receives the request through the RegisterNode stream or a poll mechanism crates/palyra-cli/src/commands/node.rs#207-215.
  3. Execution: The node executes the local logic (e.g., desktop.open_url) and returns a LocalCapabilityResult crates/palyra-cli/src/commands/node.rs#107-111.
  4. Completion: The daemon receives the result, resolves the waiting oneshot::Sender, and updates the CapabilityRequestRecord state to Succeeded or Failed crates/palyra-daemon/src/node_runtime.rs#181-194.

Node Host Process

The palyra node CLI command manages a background host process that handles the connection to the daemon. It stores configuration in node-host.json and tracks process metadata in node-host-process.json crates/palyra-cli/src/commands/node.rs#31-37. Sources: crates/palyra-daemon/src/node_runtime.rs#1-213, crates/palyra-cli/src/commands/node.rs#1-215

QUIC Transport Layer

Palyra utilizes a custom QUIC transport implementation for high-performance, multiplexed communication between nodes and the daemon. This layer is built on top of the quinn library and enforces rustls-based security.

Protocol Specification

QUIC Runtime Server

The QuicRuntime in the daemon manages the lifecycle of QUIC connections. It implements a connection semaphore to limit global concurrency to 256 simultaneous connections crates/palyra-daemon/src/quic_runtime.rs#16-91.
MethodDescription
node.healthReturns the health status of the node and whether mTLS is required crates/palyra-daemon/src/quic_runtime.rs#166-179.
node.stream_eventsInitiates a unidirectional stream of events from the daemon to the node crates/palyra-daemon/src/quic_runtime.rs#180-197.

Transport Configuration

The QuicTransportLimits struct defines the operational parameters for the QUIC stack, including a 10-second handshake timeout and a 30-second idle timeout crates/palyra-transport-quic/src/lib.rs#17-35. Sources: crates/palyra-transport-quic/src/lib.rs#1-118, crates/palyra-daemon/src/quic_runtime.rs#1-122

Node Enrollment and Pairing

Nodes must undergo a secure pairing handshake before they can invoke capabilities. This process establishes the mTLS identity used for subsequent RPC calls.

Pairing Flow

  1. Initiation: A PairingSession is started via the IdentityManager crates/palyra-identity/src/pairing.rs#121-132.
  2. Challenge/Response: The node provides a PIN or QR token. The daemon validates this against active_pairing_codes crates/palyra-daemon/src/node_runtime.rs#144-151.
  3. Material Issuance: Upon successful verification, the daemon issues an IssuedCertificate containing a client certificate signed by the Gateway CA crates/palyra-identity/src/ca.rs#64-78.
  4. Storage: The node stores this certificate and its private key locally (e.g., node-mtls-client.json) to authenticate future requests crates/palyra-cli/src/commands/node.rs#38-72.

Security Enforcement: mTLS

The NodeRpcServiceImpl enforces certificate-bound device identity. Every gRPC request is inspected for a peer certificate; the SHA256 fingerprint of this certificate must map to a valid device_id in the IdentityManager crates/palyra-daemon/src/node_rpc.rs#56-129.

Node Identity Components

ComponentResponsibility
IdentityManagerManages CA operations, pairing sessions, and revocation crates/palyra-identity/src/pairing.rs#18-22.
RevocationIndexTracks revoked certificate fingerprints to block compromised nodes crates/palyra-identity/src/mtls.rs#23-25.
DeviceIdentityRepresents the Ed25519 keypair and metadata of the remote node crates/palyra-identity/src/device.rs#11-20.
Sources: crates/palyra-daemon/src/node_rpc.rs#1-186, crates/palyra-identity/src/lib.rs#1-42, crates/palyra-identity/src/mtls.rs#1-182

Implementation Mapping

Node RPC and Runtime Logic

This diagram bridges the RPC service definitions to the internal runtime state management. Sources: crates/palyra-daemon/src/node_rpc.rs#38-129, crates/palyra-daemon/src/node_runtime.rs#196-213

QUIC Transport Stack

This diagram illustrates the relationship between the low-level transport crate and the daemon’s runtime. Sources: crates/palyra-transport-quic/src/lib.rs#120-176, crates/palyra-daemon/src/quic_runtime.rs#62-142

Capability Registry

Nodes advertise specific capabilities during the register_node call. The following capabilities are standard in the Palyra CLI node host:
Capability NameDescriptionLocal Mediation Required
echoConnectivity testNo
system.healthResource usage and statusNo
system.identityDevice metadataNo
desktop.open_urlOpens a URL in the default browserYes
desktop.open_pathOpens a file or directoryYes
Note: Local Mediation indicates that the node may require user interaction or specific OS permissions to fulfill the request crates/palyra-cli/src/commands/node.rs#119-126. Sources: crates/palyra-cli/src/commands/node.rs#113-126