System Architecture
The following diagram illustrates the relationship between a Skill’s definition in the “Natural Language Space” (manifests and tool descriptions) and its execution in the “Code Entity Space” (WASM runtimes and host bindings).Skill Execution Flow
Sources: crates/palyra-daemon/src/wasm_plugin_runner.rs#96-126, crates/palyra-plugins/runtime/src/lib.rs#105-110, crates/palyra-skills/src/models.rs#1-50Skills: Packaging and Trust
A Skill is the unit of distribution in Palyra. It is a signed artifact (.palyra-skill) containing a skill.toml manifest and one or more WASM modules.
The Skill Manifest
Theskill.toml file defines the identity of the skill, the tools it exposes to the LLM, and the specific capabilities (like network access or secret retrieval) it requires.
| Component | Description | Code Reference |
|---|---|---|
| Identity | skill_id, version, and publisher. | crates/palyra-skills/examples/echo-http/skill.toml#2-5 |
| Tools | JSON Schema definitions for tool inputs and outputs. | crates/palyra-skills/examples/echo-http/skill.toml#8-22 |
| Capabilities | Explicit allowlists for HTTP hosts, secrets, and filesystem paths. | crates/palyra-skills/examples/echo-http/skill.toml#24-36 |
| Quotas | Resource limits like fuel_budget and max_memory_bytes. | crates/palyra-skills/examples/echo-http/skill.toml#37-41 |
Trust and Verification
Palyra uses a Trust-on-First-Use (TOFU) model combined with cryptographic signing. Artifacts are verified using Ed25519 signatures before installation. TheSkillTrustStore manages known publishers and their public keys.
For details on signing, verification, and the lifecycle states (e.g., Quarantine), see Skills Lifecycle and Trust.
Sources: crates/palyra-skills/src/lib.rs#11-24, crates/palyra-skills/examples/echo-http/skill.toml#1-45
Plugins: WASM Runtime
The execution of skill logic happens within thepalyra-plugins-runtime. This crate utilizes wasmtime to provide a high-performance, memory-safe sandbox.
Resource Constraints
To prevent “noisy neighbor” issues or malicious resource exhaustion, every plugin run is governed byRuntimeLimits:
- Fuel Budget: Instruction-level accounting to prevent infinite loops. crates/palyra-plugins/runtime/src/lib.rs#25
- Memory Limits: Hard caps on linear memory allocation (default 64MB). crates/palyra-plugins/runtime/src/lib.rs#35
- Table/Instance Limits: Constraints on WASM table elements and concurrent instances. crates/palyra-plugins/runtime/src/lib.rs#27-28
Host Capability Bindings
Plugins cannot access the host system directly. They must use thepalyra-plugins-sdk to interact with the host via a handle-based system. The runtime injects CapabilityHandles which represent specific granted permissions (e.g., a handle for a specific allowlisted HTTP host).
For details on the SDK and runtime internals, see WASM Plugin Runtime.
Sources: crates/palyra-plugins/runtime/src/lib.rs#24-40, crates/palyra-plugins/runtime/src/lib.rs#160-186, crates/palyra-daemon/src/wasm_plugin_runner.rs#18-30
Child Pages
- Skills Lifecycle and Trust: Deep dive into
palyra-skills,skill.tomlschemas, artifact signing, theSkillTrustStore, and periodic re-auditing. - WASM Plugin Runtime: Technical details of
palyra-plugins-runtime,wasmtimeconfiguration, fuel instrumentation, and the guest-host communication protocol.