Skip to main content
The WebAssembly (Wasm) Plugin Runtime provides a secure, sandboxed execution environment for Palyra Skills and Tools. It leverages wasmtime with the Cranelift JIT compiler to execute untrusted code at near-native speeds while maintaining strict resource isolation through fuel-based computation budgets and memory virtualization.

Architecture and Integration

The runtime is divided into the core engine (palyra-plugins-runtime) and the daemon-side orchestrator (wasm_plugin_runner.rs). The daemon translates high-level skill requests into constrained Wasm instances, injecting host functions that allow the plugin to interact with Palyra services (Storage, Secrets, Network) only when explicitly permitted by policy.

Plugin Execution Data Flow

The following diagram illustrates how a tool call is dispatched from the daemon to the Wasm runtime. Diagram: Tool Execution Flow Sources: [crates/palyra-daemon/src/tool_protocol.rs#17-26](http://crates/palyra-daemon/src/tool_protocol.rs#17-26), [crates/palyra-daemon/src/wasm_plugin_runner.rs#124-154](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#124-154), [crates/palyra-plugins/runtime/src/lib.rs#1-50](http://crates/palyra-plugins/runtime/src/lib.rs#1-50)

Resource Constraints and Safety

Security in the plugin runtime is enforced through RuntimeLimits and WasmPluginRunnerPolicy. These configurations ensure that a malicious or buggy plugin cannot exhaust host resources.

Computation and Memory Quotas

The runtime utilizes wasmtime fuel consumption to provide deterministic execution budgets.
  • Fuel Budget: Limits the number of instructions executed. Once exhausted, the instance traps immediately [crates/palyra-daemon/src/wasm_plugin_runner.rs#22-25](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#22-25).
  • Memory Limits: Defines the maximum linear memory available to the Wasm guest (defaulting to a strict byte limit) [crates/palyra-daemon/src/wasm_plugin_runner.rs#23-23](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#23-23).
  • Instance Limits: Controls the number of concurrent instances and table elements to prevent memory fragmentation attacks [crates/palyra-daemon/src/wasm_plugin_runner.rs#24-25](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#24-25).

Sandbox Policy Configuration

The WasmPluginRunnerPolicy struct defines the global constraints for the runtime:
FieldTypeDescription
enabledboolMaster toggle for Wasm execution [crates/palyra-daemon/src/wasm_plugin_runner.rs#19-19](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#19-19).
allow_inline_modulesboolWhether to allow execution of raw WAT/Base64 modules from tool inputs [crates/palyra-daemon/src/wasm_plugin_runner.rs#20-20](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#20-20).
fuel_budgetu64Total units of computation allowed per call [crates/palyra-daemon/src/wasm_plugin_runner.rs#22-22](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#22-22).
max_memory_bytesu64Hard limit on guest linear memory allocation [crates/palyra-daemon/src/wasm_plugin_runner.rs#23-23](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#23-23).
Sources: [crates/palyra-daemon/src/wasm_plugin_runner.rs#18-30](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#18-30), [crates/palyra-daemon/src/tool_protocol.rs#115-127](http://crates/palyra-daemon/src/tool_protocol.rs#115-127)

Capability Grants and WIT Interface

Plugins interact with the outside world via a WIT (WebAssembly Interface Type) definition. Access to sensitive operations is governed by CapabilityGrantSet.

Grant Enforcement

Before a plugin is executed, the daemon resolves the required capabilities from the SkillManifest and validates them against the WasmPluginRunnerPolicy [crates/palyra-daemon/src/wasm_plugin_runner.rs#141-154](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#141-154).
  • HTTP Egress: Restricted to a specific list of allowed_http_hosts [crates/palyra-daemon/src/wasm_plugin_runner.rs#26-26](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#26-26).
  • Secret Access: Plugins can only read keys explicitly granted in the manifest and allowlisted in the runtime policy [crates/palyra-daemon/src/wasm_plugin_runner.rs#27-27](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#27-27).
  • Storage: Write access is restricted to specific directory prefixes [crates/palyra-daemon/src/wasm_plugin_runner.rs#28-28](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#28-28).
Diagram: Capability Resolution Sources: [crates/palyra-daemon/src/wasm_plugin_runner.rs#18-30](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#18-30), [crates/palyra-daemon/src/wasm_plugin_runner.rs#73-82](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#73-82)

Plugin Loading and Execution

The execution lifecycle is managed by run_wasm_plugin, which handles input parsing, module resolution, and error mapping.

Execution Lifecycle

  1. Parse Input: Validates the WasmPluginRunInput JSON, which includes the target skill, tool ID, and requested capabilities [crates/palyra-daemon/src/wasm_plugin_runner.rs#178-183](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#178-183).
  2. Resolve Module: Locates the .wasm artifact on disk using the InstalledSkillsIndex [crates/palyra-daemon/src/wasm_plugin_runner.rs#207-210](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#207-210).
  3. Instantiate: Creates a new wasmtime::Store with the configured fuel and memory limits.
  4. Execute: Calls the entrypoint function (defaulting to palyra_plugin_main) [crates/palyra-daemon/src/wasm_plugin_runner.rs#9-9](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#9-9).
  5. Collect Output: Captures the guest’s returned JSON payload or maps traps to WasmPluginRunError [crates/palyra-daemon/src/wasm_plugin_runner.rs#32-41](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#32-41).

Error Handling

Runtime failures are categorized into specific kinds to provide actionable feedback to the orchestrator:
  • QuotaExceeded: Fuel or memory limits reached [crates/palyra-daemon/src/wasm_plugin_runner.rs#49-49](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#49-49).
  • CapabilityDenied: Attempted access to an unauthorized host or secret [crates/palyra-daemon/src/wasm_plugin_runner.rs#47-47](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#47-47).
  • RuntimeFailure: Internal JIT or trap errors [crates/palyra-daemon/src/wasm_plugin_runner.rs#50-50](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#50-50).
Sources: [crates/palyra-daemon/src/wasm_plugin_runner.rs#124-154](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#124-154), [crates/palyra-daemon/src/wasm_plugin_runner.rs#43-51](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#43-51)

Technical Specifications Summary

ComponentImplementation Detail
Enginewasmtime v16+ with Cranelift
InterfaceWIT-based ABI for host calls
BudgetingFuel consumption (deterministic)
MemoryVirtualized linear memory with hard ceiling
IsolationShared-nothing architecture per call
Sources: [crates/palyra-plugins/runtime/src/lib.rs#1-20](http://crates/palyra-plugins/runtime/src/lib.rs#1-20), [crates/palyra-daemon/src/wasm_plugin_runner.rs#18-30](http://crates/palyra-daemon/src/wasm_plugin_runner.rs#18-30)