.palyra-skill ZIP archive to a verified installation, and finally to a constrained execution environment where capabilities (like HTTP egress or secret access) are strictly enforced by the host.
System Architecture Overview
The following diagram illustrates the relationship between the skill management subsystem in the daemon and the plugin runtime. Skill Execution Flow Sources: crates/palyra-daemon/src/transport/http/handlers/console/skills.rs#9-42, crates/palyra-daemon/src/wasm_plugin_runner.rs#124-154, crates/palyra-skills/src/lib.rs#11-25, crates/palyra-daemon/src/plugins.rs#15-52Skill Packaging and Trust
Skills are packaged as ZIP archives containing amanifest.toml, the WASM modules, and security metadata including an Ed25519 signature crates/palyra-skills/src/lib.rs#13-17. The daemon maintains an index of installed skills and their trust states (e.g., Quarantined, Verified) apps/web/src/console/sections/SkillsSection.tsx#113-117.
Key concepts in the packaging system include:
- Manifests: Define the skill identity, entry points, and requested capabilities crates/palyra-daemon/src/wasm_plugin_runner.rs#84-110.
- Trust Decisions: The system supports “Trust On First Use” (TOFU) and strict signature verification apps/web/src/console/sections/SkillsSection.tsx#119-129.
- Quarantine: New or unverified skills are placed in a quarantine state, preventing execution until an operator promotes them crates/palyra-daemon/src/transport/http/handlers/console/skills.rs#166-179.
WASM Plugin Runtime
The execution of skill tools is handled by thepalyra-plugins-runtime crate, which leverages wasmtime to provide a high-performance, sandboxed environment crates/palyra-daemon/src/wasm_plugin_runner.rs#8-13.
The runtime enforces multi-dimensional limits and capability grants:
- Resource Limits: Managed via
RuntimeLimits, covering fuel (instruction count), memory usage, and table elements crates/palyra-daemon/src/wasm_plugin_runner.rs#18-30. - Capability Grants: Plugins do not have ambient access to the host. Access to HTTP hosts, specific secrets, or filesystem prefixes must be explicitly granted in the
CapabilityGrantSetcrates/palyra-daemon/src/wasm_plugin_runner.rs#71-82. - Host Functions: The runtime provides a set of imported functions that allow the plugin to communicate with the Palyra daemon securely crates/palyra-daemon/src/wasm_plugin_runner.rs#142-154.
Integration and Lifecycle
The daemon bridges the gap between the static skill artifacts and the active runtime. It resolves skill modules from the filesystem, validates them against theWasmPluginRunnerPolicy, and dispatches execution requests crates/palyra-daemon/src/wasm_plugin_runner.rs#113-122.
Skill Registry and Execution Map
| Component | Code Entity | Responsibility |
|---|---|---|
| Registry | PluginBindingsIndex | Tracks which skills are bound to specific plugin IDs crates/palyra-daemon/src/plugins.rs#15-20 |
| Runner | run_wasm_plugin | Entry point for executing a plugin with a given policy crates/palyra-daemon/src/wasm_plugin_runner.rs#124 |
| Policy | WasmPluginRunnerPolicy | Defines global constraints like fuel_budget and max_memory_bytes crates/palyra-daemon/src/wasm_plugin_runner.rs#18-25 |
| State | SkillExecutionStatus | Tracks if a skill is Quarantined, Enabled, or Disabled crates/palyra-daemon/src/transport/http/handlers/console/skills.rs#169 |