> ## Documentation Index
> Fetch the complete documentation index at: https://docs-code.palyra.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Codebase Documentation

<details>
  <summary>Relevant source files</summary>

  The following files were used as context for generating this wiki page:

  * .github/dependabot.yml
  * .gitignore
  * .npmrc
  * Cargo.lock
  * Cargo.toml
  * LICENSE
  * README.md
  * SECURITY.md
  * apps/browser-extension/package.json
  * apps/desktop/ui/package.json
  * apps/web/package.json
  * apps/web/vite.config.ts
  * crates/palyra-browserd/Cargo.toml
  * crates/palyra-browserd/build.rs
  * crates/palyra-cli/Cargo.toml
  * crates/palyra-cli/build.rs
  * crates/palyra-cli/src/cli.rs
  * crates/palyra-cli/tests/version\_cli.rs
  * crates/palyra-common/build.rs
  * crates/palyra-common/src/build.rs
  * crates/palyra-common/src/config.rs
  * crates/palyra-common/src/deployment\_profiles.rs
  * crates/palyra-common/src/health.rs
  * crates/palyra-common/src/ids.rs
  * crates/palyra-connectors/Cargo.toml
  * crates/palyra-daemon/Cargo.toml
  * crates/palyra-daemon/build.rs
  * crates/palyra-daemon/src/journal/state\_health.rs
  * deny.toml
  * osv-scanner.toml
  * package-lock.json
  * package.json
  * scripts/check-no-vendored-artifacts.sh
  * scripts/dev/bootstrap.ps1
  * scripts/dev/bootstrap.sh
</details>

Palyra is a high-performance, secure agentic framework designed for executing complex tasks across local and remote environments. It provides a robust daemon-based architecture that orchestrates LLM interactions, tool execution, and long-term memory while maintaining a strict security posture.

The system is designed to bridge the gap between "Natural Language Space" (agent goals and user intent) and "Code Entity Space" (sandboxed processes, filesystem operations, and browser automation).

## System Architecture

Palyra is structured as a hub-and-spoke model centered around the `palyrad` daemon. The daemon acts as the central gateway, managing sessions, enforcing security policies via the Cedar engine, and dispatching tasks to various executors.

### Core Architecture Components

The following diagram illustrates the relationship between the primary code entities and their functional roles in the system:

**Diagram: Palyra System Topology**

```mermaid theme={null}
graph TD
    subgraph "Natural Language Space"
        User["User Intent / Prompt"]
        Agent["Agent Run Loop"]
    end

    subgraph "Gateway (Code Entity Space)"
        Daemon["palyrad (palyra-daemon)"]
        Router["Axum Router (palyra-daemon)"]
        Store["SQLite JournalStore"]
    end

    subgraph "Execution Layer"
        Sandbox["palyra-sandbox (Tier B/C)"]
        Browser["palyra-browserd (gRPC)"]
        Workers["palyra-workerd (Networked)"]
    end

    User --> Router
    Router --> Daemon
    Daemon --> Agent
    Agent --> Store
    Agent --> Sandbox
    Agent --> Browser
    Agent --> Workers
```

Sources: [crates/palyra-daemon/Cargo.toml#1-67](http://crates/palyra-daemon/Cargo.toml#1-67), [crates/palyra-daemon/src/bin/palyrad.rs#11-13](http://crates/palyra-daemon/src/bin/palyrad.rs#11-13)

## Key Subsystems

### 1. The Gateway Daemon (`palyrad`)

The central process responsible for session lifecycle, transport handling (HTTP/gRPC/QUIC), and the core agent orchestration loop. It coordinates with the `palyra-policy` crate to ensure every tool invocation is authorized.

* **Crate:** `palyra-daemon` [crates/palyra-daemon/Cargo.toml#2-2](http://crates/palyra-daemon/Cargo.toml#2-2)
* **Entry Point:** `src/bin/palyrad.rs` [crates/palyra-daemon/Cargo.toml#11-13](http://crates/palyra-daemon/Cargo.toml#11-13)

### 2. Tool Runtime & Sandboxing

Tools are executed in isolated environments to prevent unauthorized system access. This includes filesystem scoping, process limits, and browser automation via a dedicated gRPC service.

* **Crates:** `palyra-sandbox`, `palyra-browserd`, `palyra-skills` [Cargo.toml#10-22](http://Cargo.toml#10-22)

### 3. Security & Safety

Palyra employs a "deny-by-default" posture. The safety boundary scans for prompt injections and secret leaks, while the identity system manages mTLS and device pairing.

* **Crates:** `palyra-policy`, `palyra-safety`, `palyra-identity`, `palyra-vault` [Cargo.toml#14-20](http://Cargo.toml#14-20)

### 4. Client Interfaces

Users interact with Palyra through a CLI, a web-based console, or a desktop application (Tauri).

* **CLI:** `palyra-cli` (binary: `palyra`) [crates/palyra-cli/Cargo.toml#2-13](http://crates/palyra-cli/Cargo.toml#2-13)
* **Web/Desktop:** React-based frontends located in the `apps/` directory. [package.json#11-15](http://package.json#11-15)

## Code Entity Mapping

The following table maps conceptual system components to their specific implementations in the codebase:

| Concept                 | Code Entity / Crate         | Purpose                                       |
| :---------------------- | :-------------------------- | :-------------------------------------------- |
| **Central Hub**         | `palyrad` / `palyra-daemon` | Manages the agent loop and API gateway.       |
| **Command Line**        | `palyra` / `palyra-cli`     | Primary developer and operator interface.     |
| **Policy Engine**       | `palyra-policy`             | Cedar-based authorization for tool calls.     |
| **Secret Storage**      | `palyra-vault`              | Envelope encryption for provider keys.        |
| **Browser Control**     | `palyra-browserd`           | Headless Chromium management via gRPC.        |
| **Networked Execution** | `palyra-workerd`            | Remote execution nodes for distributed tasks. |

Sources: [Cargo.toml#1-23](http://Cargo.toml#1-23), [crates/palyra-daemon/Cargo.toml#25-41](http://crates/palyra-daemon/Cargo.toml#25-41)

## Deployment Profiles

Palyra supports multiple deployment modes defined in `palyra-common`. These profiles determine the default security posture and connectivity options:

* `local` (or `local_desktop`): Optimized for single-user workstation use.
* `single-vm` (or `remote_vps`): Designed for deployment on a single remote server.
* `worker-enabled`: Supports a fleet of networked workers for horizontal scaling.

Sources: [crates/palyra-common/src/deployment\_profiles.rs#25-50](http://crates/palyra-common/src/deployment_profiles.rs#25-50)

## Child Pages

For detailed technical documentation on specific subsystems, refer to the following pages:

* **[Repository Structure and Crate Map](/palyra_overview/repository_structure_and_crate_map)**: A deep dive into the monorepo layout, crate dependencies, and the purpose of each directory (apps, crates, schemas, etc.).
* **[Getting Started: Setup and Configuration](/palyra_overview/getting_started_setup_and_configuration)**: Instructions for developer bootstrapping, using the onboarding wizard, and configuring `palyra.toml` for different deployment profiles.

## Child Pages

* [Repository Structure and Crate Map](/palyra_overview/repository_structure_and_crate_map)
* [Getting Started: Setup and Configuration](/palyra_overview/getting_started_setup_and_configuration)
