> ## Documentation Index
> Fetch the complete documentation index at: https://docs-code.palyra.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Glossary

<details>
  <summary>Relevant source files</summary>

  The following files were used as context for generating this wiki page:

  * crates/palyra-browserd/src/app/config.rs
  * crates/palyra-browserd/src/domain/downloads.rs
  * crates/palyra-browserd/src/engine/chromium.rs
  * crates/palyra-browserd/src/engine/mod.rs
  * crates/palyra-browserd/src/security/target\_validation.rs
  * crates/palyra-browserd/src/support/tests.rs
  * crates/palyra-browserd/src/transport/grpc/service.rs
  * crates/palyra-cli/examples/run\_release\_eval\_gate.rs
  * crates/palyra-cli/src/args/mod.rs
  * crates/palyra-cli/src/args/tests.rs
  * crates/palyra-cli/src/commands/mod.rs
  * crates/palyra-cli/src/lib.rs
  * crates/palyra-cli/tests/cli\_parity\_matrix.toml
  * crates/palyra-cli/tests/cli\_parity\_report.md
  * crates/palyra-cli/tests/help\_snapshots.rs
  * crates/palyra-cli/tests/help\_snapshots/root-help-unix.txt
  * crates/palyra-cli/tests/help\_snapshots/root-help-windows.txt
  * crates/palyra-common/src/daemon\_config\_schema.rs
  * crates/palyra-common/src/feature\_rollouts.rs
  * crates/palyra-common/src/process\_runner\_input.rs
  * crates/palyra-common/src/redaction.rs
  * crates/palyra-common/src/release\_evals/catalog.rs
  * crates/palyra-common/src/release\_evals/evaluator.rs
  * crates/palyra-common/src/release\_evals/mod.rs
  * crates/palyra-common/src/release\_evals/projections.rs
  * crates/palyra-common/src/release\_evals/schema.rs
  * crates/palyra-common/src/tool\_catalog.rs
  * crates/palyra-common/src/workspace\_patch.rs
  * crates/palyra-common/tests/release\_eval\_contract.rs
  * crates/palyra-daemon/src/application/channel\_turn/mod.rs
  * crates/palyra-daemon/src/application/context\_engine.rs
  * crates/palyra-daemon/src/application/context\_references.rs
  * crates/palyra-daemon/src/application/instruction\_compiler.rs
  * crates/palyra-daemon/src/application/memory.rs
  * crates/palyra-daemon/src/application/mod.rs
  * crates/palyra-daemon/src/application/recall.rs
  * crates/palyra-daemon/src/application/route\_message/orchestration.rs
  * crates/palyra-daemon/src/application/route\_message/response.rs
  * crates/palyra-daemon/src/application/run\_stream/agent\_loop.rs
  * crates/palyra-daemon/src/application/run\_stream/orchestration.rs
  * crates/palyra-daemon/src/application/run\_stream/tool\_flow\.rs
  * crates/palyra-daemon/src/application/service\_authorization.rs
  * crates/palyra-daemon/src/application/tool\_registry/builtin.rs
  * crates/palyra-daemon/src/application/tool\_registry/tests.rs
  * crates/palyra-daemon/src/application/tool\_runtime/browser.rs
  * crates/palyra-daemon/src/application/tool\_runtime/memory.rs
  * crates/palyra-daemon/src/application/tool\_runtime/mod.rs
  * crates/palyra-daemon/src/application/tool\_runtime/os\_file.rs
  * crates/palyra-daemon/src/application/tool\_runtime/routines.rs
  * crates/palyra-daemon/src/application/tool\_runtime/workspace\_file.rs
  * crates/palyra-daemon/src/application/tool\_runtime/workspace\_patch.rs
  * crates/palyra-daemon/src/application/tool\_runtime/workspace\_scope.rs
  * crates/palyra-daemon/src/config/load.rs
  * crates/palyra-daemon/src/config/schema.rs
  * crates/palyra-daemon/src/cron.rs
  * crates/palyra-daemon/src/domain/workspace.rs
  * crates/palyra-daemon/src/gateway.rs
  * crates/palyra-daemon/src/gateway/runtime.rs
  * crates/palyra-daemon/src/gateway/tests.rs
  * crates/palyra-daemon/src/journal.rs
  * crates/palyra-daemon/src/lib.rs
  * crates/palyra-daemon/src/model\_provider.rs
  * crates/palyra-daemon/src/model\_provider/adapters.rs
  * crates/palyra-daemon/src/plugins.rs
  * crates/palyra-daemon/src/routines.rs
  * crates/palyra-daemon/src/sandbox\_runner.rs
  * crates/palyra-daemon/src/tool\_posture.rs
  * crates/palyra-daemon/src/tool\_protocol.rs
  * crates/palyra-daemon/src/transport/grpc/services/gateway/service.rs
  * crates/palyra-daemon/src/transport/grpc/services/memory/service.rs
  * crates/palyra-daemon/src/transport/http/handlers/console/browser.rs
  * crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs
  * crates/palyra-daemon/src/transport/http/handlers/console/plugins.rs
  * crates/palyra-daemon/src/transport/http/handlers/console/routines.rs
  * crates/palyra-daemon/src/transport/http/handlers/console/skills.rs
  * crates/palyra-daemon/src/transport/http/router.rs
  * crates/palyra-daemon/src/wasm\_plugin\_runner.rs
  * crates/palyra-daemon/tests/admin\_surface.rs
  * crates/palyra-daemon/tests/current\_state\_inventory.rs
  * crates/palyra-daemon/tests/gateway\_grpc.rs
  * crates/palyra-daemon/tests/golden/current\_state\_inventory.json
  * crates/palyra-daemon/tests/support/mod.rs
  * crates/palyra-egress-proxy/src/lib.rs
  * crates/palyra-egress-proxy/tests/critical\_attack\_scenarios.rs
  * crates/palyra-policy/src/lib.rs
  * crates/palyra-safety/src/lib.rs
  * crates/palyra-safety/tests/critical\_attack\_scenarios.rs
  * crates/palyra-skills/examples/echo-http/skill.toml
  * crates/palyra-skills/src/lib.rs
  * crates/palyra-skills/src/manifest.rs
  * crates/palyra-skills/src/models.rs
  * crates/palyra-skills/src/tests.rs
  * crates/palyra-workerd/src/lib.rs
  * crates/palyra-workerd/tests/critical\_attack\_scenarios.rs
  * fixtures/golden/release\_eval\_inventory.json
  * schemas/proto/palyra/v1/memory.proto
</details>

This page provides definitions for codebase-specific terms, jargon, and domain concepts within the Palyra ecosystem. It serves as a technical reference for engineers to map conceptual requirements to specific implementation details and data structures.

## Core Concepts & Actors

### Gateway Runtime (`palyrad`)

The central daemon process that coordinates all agent activities, tool executions, and storage operations. It acts as the hub between frontend applications (Web Console, CLI) and backend execution environments.

* **Implementation**: `GatewayRuntimeState` serves as the shared state container [crates/palyra-daemon/src/gateway/runtime.rs#1-25](http://crates/palyra-daemon/src/gateway/runtime.rs#1-25).
* **Transport**: Supports gRPC (for high-performance tool/memory access) and HTTP (for the Web Console and OpenAI-compatible endpoints) [crates/palyra-daemon/src/gateway.rs#4-11](http://crates/palyra-daemon/src/gateway.rs#4-11).

### Agent Run Loop

The iterative process where the system alternates between LLM provider turns and tool execution batches.

* **Logic**: Managed in `process_run_stream_message` [crates/palyra-daemon/src/application/run\_stream/orchestration.rs#3-15](http://crates/palyra-daemon/src/application/run_stream/orchestration.rs#3-15).
* **State Machine**: Tracks transitions through `RunLifecycleState` (e.g., `Queued`, `Running`, `Waiting`, `Terminal`) [crates/palyra-daemon/src/orchestrator.rs#136-137](http://crates/palyra-daemon/src/orchestrator.rs#136-137).

### The Tape

An append-only journal specific to an agent run. It records every event (user messages, tool calls, tool results, and model responses) to ensure deterministic replay and auditability.

* **Implementation**: Managed via `OrchestratorTapeAppendRequest` [crates/palyra-daemon/src/journal.rs#47-50](http://crates/palyra-daemon/src/journal.rs#47-50).
* **Replay**: Replay continuity is projected using `project_replay_continuity_policy` [crates/palyra-daemon/src/journal.rs#50-54](http://crates/palyra-daemon/src/journal.rs#50-54).

### Natural Language to Code Entity Mapping (Run Lifecycle)

This diagram illustrates how a natural language request from a user flows into specific code entities and state transitions within the daemon.

```mermaid theme={null}
graph TD
    User["'User Message (Natural Language)'"] -- "RouteMessage" --> Router["ChannelRouter"]
    Router -- "Admission Decision" --> Coalescer["InboundCoalescer"]
    Coalescer -- "Spawn Run" --> Orchestrator["Orchestrator (RunStateMachine)"]

    subgraph "Code Entity Space"
        Orchestrator -- "Update State" --> Lifecycle["RunLifecycleState::Running"]
        Orchestrator -- "Append Event" --> Tape["JournalStore (Tape Events)"]
        Orchestrator -- "Request Turn" --> Provider["ModelProvider"]
    end

    Provider -- "Tool Call Proposal" --> ToolRegistry["ToolRegistry (palyra.echo, etc.)"]
    ToolRegistry -- "Security Check" --> Policy["Cedar Policy Engine"]
```

**Sources**: [crates/palyra-daemon/src/application/run\_stream/orchestration.rs#1-15](http://crates/palyra-daemon/src/application/run_stream/orchestration.rs#1-15), [crates/palyra-daemon/src/gateway.rs#72-85](http://crates/palyra-daemon/src/gateway.rs#72-85), [crates/palyra-daemon/src/orchestrator.rs#136-137](http://crates/palyra-daemon/src/orchestrator.rs#136-137)

***

## Tooling & Execution

### Sandbox Tiers

Palyra uses a tiered security model for executing code and processes to balance performance with isolation.

* **Tier B**: Direct process spawn with environment scrubbing and Unix `rlimit` quotas [crates/palyra-daemon/src/sandbox\_runner.rs#6-7](http://crates/palyra-daemon/src/sandbox_runner.rs#6-7).
* **Tier C**: Heavy isolation using backends like Docker, Bubblewrap, or `sandbox_exec`. Isolation planning is handled by `build_tier_c_command_plan` [crates/palyra-daemon/src/sandbox\_runner.rs#8-10](http://crates/palyra-daemon/src/sandbox_runner.rs#8-10).

### Workspace Scoping

A security constraint that limits tool access (filesystem, search) to specific directory roots, preventing path traversal attacks.

* **Code Pointer**: `ActiveWorkspaceRoot` and `session_active_workspace_root` [crates/palyra-daemon/src/application/tool\_runtime/workspace\_scope.rs#73-77](http://crates/palyra-daemon/src/application/tool_runtime/workspace_scope.rs#73-77).

### Tool Approval Posture

Determines if a tool requires explicit operator consent before execution.

* **AlwaysAllow**: Tool executes without prompting.
* **AskEachTime**: Generates an `ApprovalPromptRecord` in the journal [crates/palyra-daemon/src/journal.rs#87-89](http://crates/palyra-daemon/src/journal.rs#87-89).
* **Implementation**: Defined in `ToolApprovalPosture` [crates/palyra-daemon/src/application/tool\_registry/types.rs#13-16](http://crates/palyra-daemon/src/application/tool_registry/types.rs#13-16).

***

## Memory & Retrieval

### Hybrid Retrieval

A search strategy combining lexical (FTS5) and semantic (Vector) search to find relevant context for the agent.

* **Lexical**: Uses SQLite FTS5 for keyword matching [crates/palyra-daemon/src/journal.rs#138-140](http://crates/palyra-daemon/src/journal.rs#138-140).
* **Semantic**: Uses cosine similarity on embeddings [crates/palyra-daemon/src/journal.rs#143-145](http://crates/palyra-daemon/src/journal.rs#143-145).
* **Scoring**: Handled by `score_memory_candidates` and `score_workspace_candidates` [crates/palyra-daemon/src/gateway/runtime.rs#106-107](http://crates/palyra-daemon/src/gateway/runtime.rs#106-107).

### Instruction Compiler

A deterministic component that assembles the "System Prompt" for the LLM by layering runtime facts, tool schemas, and trust summaries.

* **Implementation**: `InstructionCompiler::compile` [crates/palyra-daemon/src/application/instruction\_compiler.rs#111-116](http://crates/palyra-daemon/src/application/instruction_compiler.rs#111-116).
* **Versioning**: Tracked by `INSTRUCTION_COMPILER_VERSION` to ensure cache consistency [crates/palyra-daemon/src/application/instruction\_compiler.rs#26-26](http://crates/palyra-daemon/src/application/instruction_compiler.rs#26-26).

### Memory Scopes

Memory is segmented to prevent cross-contamination between users or sessions.

* **Principal**: Durable memory tied to a specific user identity.
* **Session**: Volatile memory tied to the current conversation [crates/palyra-daemon/src/application/tool\_registry/builtin.rs#112-114](http://crates/palyra-daemon/src/application/tool_registry/builtin.rs#112-114).

***

## Security & Privacy

### Redaction Pipeline

A multi-stage system that scrubs sensitive information (API keys, passwords, PII) before it is persisted to the journal or sent to the frontend.

* **Journal Redaction**: `sanitize_payload` [crates/palyra-daemon/src/journal.rs#11-15](http://crates/palyra-daemon/src/journal.rs#11-15).
* **Console Redaction**: `redact_console_diagnostics_value` [crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#10-15](http://crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#10-15).
* **Sensitive Markers**: Defined in `SENSITIVE_URL_PATH_MARKERS` [crates/palyra-daemon/src/sandbox\_runner.rs#132-133](http://crates/palyra-daemon/src/sandbox_runner.rs#132-133) and `SENSITIVE_KEY_FRAGMENTS` [crates/palyra-daemon/src/journal.rs#81-94](http://crates/palyra-daemon/src/journal.rs#81-94).

### Hash-Chaining

A tamper-evident mechanism where each journal event contains a SHA-256 hash of itself and the previous event's hash.

* **Logic**: `compute_hash` [crates/palyra-daemon/src/journal.rs#12-15](http://crates/palyra-daemon/src/journal.rs#12-15).

### Security Entity Mapping (Tool Execution)

This diagram maps the high-level concept of "Secure Tool Execution" to the specific code modules responsible for enforcement.

```mermaid theme={null}
graph LR
    Proposal["Tool Proposal (JSON)"] --> Registry["ToolRegistryEntry"]
    Registry -- "Approval Mode" --> Gate["apply_tool_approval_outcome"]
    Gate -- "If Approved" --> Executor["SandboxProcessRunner"]

    subgraph "Enforcement Entities"
        Executor -- "Path Guard" --> Scoping["ActiveWorkspaceRoot"]
        Executor -- "Resource Limits" --> Rlimits["Unix rlimit / Windows Job Objects"]
        Executor -- "Environment Scrub" --> EnvScrub["HOST_ACCESS_SAFE_ENV_KEYS"]
    end

    Executor -- "Output Capture" --> Redactor["redact_text_for_export"]
```

**Sources**: [crates/palyra-daemon/src/sandbox\_runner.rs#1-15](http://crates/palyra-daemon/src/sandbox_runner.rs#1-15), [crates/palyra-daemon/src/application/approvals.rs#84-85](http://crates/palyra-daemon/src/application/approvals.rs#84-85), [crates/palyra-daemon/src/sandbox\_runner.rs#121-122](http://crates/palyra-daemon/src/sandbox_runner.rs#121-122), [crates/palyra-daemon/src/journal.rs#40-40](http://crates/palyra-daemon/src/journal.rs#40-40)

***

## Technical Terms Reference

| Term              | Definition                                                                 | Code Pointer                                                                                                            |
| :---------------- | :------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------- |
| **ACP**           | Agent Control Protocol; bridge for CLI/TUI interaction.                    | [crates/palyra-cli/src/acp\_bridge.rs#27-27](http://crates/palyra-cli/src/acp_bridge.rs#27-27)                          |
| **A2UI**          | Agent-to-UI; the protocol for rendering rich UI components in the console. | [crates/palyra-daemon/src/gateway.rs#29-31](http://crates/palyra-daemon/src/gateway.rs#29-31)                           |
| **CronJob**       | A scheduled agent run defined by a Recurrence rule.                        | [crates/palyra-daemon/src/journal.rs#91-92](http://crates/palyra-daemon/src/journal.rs#91-92)                           |
| **Flow**          | A multi-step agent procedure or lineage.                                   | [crates/palyra-daemon/src/journal.rs#57-59](http://crates/palyra-daemon/src/journal.rs#57-59)                           |
| **JournalStore**  | The SQLite persistence layer for all daemon state.                         | [crates/palyra-daemon/src/journal.rs#7-9](http://crates/palyra-daemon/src/journal.rs#7-9)                               |
| **ModelProvider** | An adapter for external LLMs (OpenAI, Anthropic, etc.).                    | [crates/palyra-daemon/src/model\_provider.rs#103-106](http://crates/palyra-daemon/src/model_provider.rs#103-106)        |
| **Recall**        | The process of retrieving relevant memories for a prompt.                  | [crates/palyra-daemon/src/application/recall.rs#101-101](http://crates/palyra-daemon/src/application/recall.rs#101-101) |
| **Vault**         | Secure storage for secrets (API keys) with envelope encryption.            | [crates/palyra-daemon/src/gateway.rs#47-47](http://crates/palyra-daemon/src/gateway.rs#47-47)                           |

**Sources**: [crates/palyra-daemon/src/gateway.rs#1-114](http://crates/palyra-daemon/src/gateway.rs#1-114), [crates/palyra-daemon/src/journal.rs#1-165](http://crates/palyra-daemon/src/journal.rs#1-165), [crates/palyra-daemon/src/sandbox\_runner.rs#1-153](http://crates/palyra-daemon/src/sandbox_runner.rs#1-153)
