Protobuf gRPC Services

This page documents the gRPC service definitions and the protocol-first code generation pipeline used in Palyra. The system relies on Protocol Buffers (v3) to define the contract between the core daemon (palyrad), the browser daemon (palyra-browserd), and various clients (CLI, Web Console, and Desktop Companion).

Overview and Pipeline

Palyra uses a contract-first design where all cross-process communication is defined in .proto files located in schemas/proto/palyra/v1/. These definitions are used to generate type-safe stubs for Rust, Kotlin, and Swift to ensure synchronization across the multi-language workspace.

Build and Validation Pipeline

The generation and validation of these stubs are managed by a suite of scripts that ensure the generated code is always in sync with the schema definitions.

Schema Validation: protoc is used to verify the structural integrity of all .proto files scripts/protocol/validate-proto.ps1#43-66.
Stub Generation: The generate-stubs.ps1 script parses the proto files to create simplified language-specific stubs in schemas/generated/ scripts/protocol/generate-stubs.ps1#82-91.
Compilation Check: Each generated stub is compiled using its respective compiler (rustc, kotlinc, swiftc) to ensure the generated code is valid scripts/protocol/validate-rust-stubs.ps1#25-29, scripts/protocol/validate-kotlin-stubs.ps1#25-29, scripts/protocol/validate-swift-stubs.ps1#22-26.

Data Flow: Schema to Implementation

The following diagram illustrates how a service definition in gateway.proto transitions from a schema to a functional entity in the codebase. Protocol Entity Mapping Sources: schemas/proto/palyra/v1/gateway.proto#7-29, schemas/proto/palyra/v1/browser.proto#7-42, schemas/generated/rust/protocol_stubs.rs#154-179

Service Definitions

GatewayService

The primary interface for palyrad. It handles session lifecycles, agent management, and the core execution stream.

RPC Method	Input	Output	Description
`RunStream`	`stream RunStreamRequest`	`stream RunStreamEvent`	The bidirectional heart of orchestration schemas/proto/palyra/v1/gateway.proto#9-10.
`RouteMessage`	`RouteMessageRequest`	`RouteMessageResponse`	Entry point for external channel messages schemas/proto/palyra/v1/gateway.proto#16.
`ListSessions`	`ListSessionsRequest`	`ListSessionsResponse`	Queries active and historical orchestrator sessions schemas/proto/palyra/v1/gateway.proto#13.
`CreateAgent`	`CreateAgentRequest`	`CreateAgentResponse`	Persists a new agent configuration schemas/proto/palyra/v1/gateway.proto#19.

Sources: schemas/proto/palyra/v1/gateway.proto#7-29

ApprovalsService & VaultService

These services manage sensitive human-in-the-loop (HITL) flows and encrypted secret storage.

ApprovalsService: Provides methods to ListApprovals and GetApproval records schemas/proto/palyra/v1/gateway.proto#31-35. It uses ApprovalRecord to track decisions made by users regarding tool calls or sensitive actions schemas/proto/palyra/v1/gateway.proto#85-106.
VaultService: Manages secrets with scoped keys (e.g., Global or Workspace). Methods include PutSecret, GetSecret, and DeleteSecret schemas/proto/palyra/v1/gateway.proto#37-42.

Sources: schemas/proto/palyra/v1/gateway.proto#31-106

BrowserService

Implemented by palyra-browserd, this service provides high-level browser automation primitives. Browser Action Interaction Sources: schemas/proto/palyra/v1/browser.proto#7-33, schemas/proto/palyra/v1/browser.proto#76-107 Key functionalities include:

Session Management: CreateSession with SessionBudget constraints (timeouts, max actions) schemas/proto/palyra/v1/browser.proto#57-91.
DOM Interaction: Click, Type, Select, and Highlight schemas/proto/palyra/v1/browser.proto#20-24.
Observation: Screenshot, Observe (DOM snapshots), and NetworkLog schemas/proto/palyra/v1/browser.proto#28-30.

AuthService

Manages authentication profiles and credentials used by agents to interact with external platforms.

Profiles: ListAuthProfiles and SetAuthProfile manage stored credentials like OAuth tokens or API keys schemas/proto/palyra/v1/protocol_stubs.rs#52-58.
Health: GetHealth returns AuthHealthSummary to indicate if credentials have expired or require re-authentication schemas/proto/palyra/v1/protocol_stubs.rs#31-33.

Sources: schemas/generated/rust/protocol_stubs.rs#7-59

Common Message Types

The palyra.common.v1 package defines shared types used across all services to maintain consistency.

CanonicalId: A ULID-based identifier encoded in Crockford Base32, used for all primary keys (sessions, runs, events) schemas/proto/palyra/v1/common.proto#6-11.
MessageEnvelope: The standard container for communication, including EnvelopeOrigin (who sent it) and SecurityContext (trust levels) schemas/proto/palyra/v1/common.proto#98-108.
JournalEvent: The structure for the append-only audit log, containing payload_json and hash-chaining fields (hash, prev_hash) schemas/proto/palyra/v1/common.proto#110-142.

Tool Call Lifecycle Messages

The gRPC layer facilitates the tool execution protocol through specific messages:

ToolProposal: Sent by an agent to request execution schemas/proto/palyra/v1/common.proto#144-151.
ToolApprovalRequest: Generated if a policy or risk level requires human intervention schemas/proto/palyra/v1/common.proto#208-218.
ToolResult: The final output or error from the tool execution schemas/proto/palyra/v1/common.proto#231-238.

Sources: schemas/proto/palyra/v1/common.proto#1-250

​Overview and Pipeline

​Build and Validation Pipeline

​Data Flow: Schema to Implementation

​Service Definitions

​GatewayService

​ApprovalsService & VaultService

​BrowserService

​AuthService

​Common Message Types

​Tool Call Lifecycle Messages