wasmtime for hardware-isolated execution and a Capability-Based Security model to restrict access to system resources such as the network, secrets, and filesystem.
WASM Plugin Runtime (palyra-plugins-runtime)
The core runtime is implemented in palyra-plugins-runtime, which manages the wasmtime engine, memory limits, and fuel consumption.
Runtime Configuration and Limits
TheWasmRuntime is initialized with RuntimeLimits that enforce strict quotas on every execution crates/palyra-plugins/runtime/src/lib.rs#24-29.
- Fuel Budget: Controls the number of WASM instructions allowed crates/palyra-plugins/runtime/src/lib.rs#25.
- Memory Quota: Limits the maximum linear memory (default 64MB) crates/palyra-plugins/runtime/src/lib.rs#26.
- Instance Limits: Restricts the number of concurrent WASM instances crates/palyra-plugins/runtime/src/lib.rs#28.
Capability Host Interface
Plugins interact with the host via a WIT-style interface defined inHOST_CAPABILITIES_IMPORT_MODULE crates/palyra-plugins/runtime/src/lib.rs#4. Instead of direct access, plugins are provided with Capability Handles crates/palyra-plugins/runtime/src/lib.rs#63-68.
| Handle Type | Base Offset | Description |
|---|---|---|
HTTP | 10,000 | Allowed egress hosts crates/palyra-plugins/runtime/src/lib.rs#16 |
SECRET | 20,000 | Keys authorized for retrieval from Vault crates/palyra-plugins/runtime/src/lib.rs#17 |
STORAGE | 30,000 | Filesystem prefixes for persistence crates/palyra-plugins/runtime/src/lib.rs#18 |
CHANNEL | 40,000 | Authorized communication channels crates/palyra-plugins/runtime/src/lib.rs#19 |
Skills and Manifests (palyra-skills)
A “Skill” is a packaged unit containing WASM modules, metadata, and a security manifest.
Skill Manifest (skill.toml)
The SkillManifest defines the identity, entrypoints, and required capabilities of the plugin crates/palyra-skills/src/models.rs.
- Entrypoints: Defines
toolswith JSON schemas for input/output validation crates/palyra-skills/src/manifest.rs#86-97. - Capabilities: Declarative list of resources (e.g.,
http_egress_allowlist,read_roots) crates/palyra-skills/src/manifest.rs#99-137. - Trust & Review: Specifies if the skill requires manual audit before execution crates/palyra-skills/src/manifest.rs#146-148.
Security Lifecycle: Audit and Quarantine
Skills undergo a multi-stage lifecycle managed by thepalyrad daemon:
- Ingestion: The skill artifact is parsed and verified for signature integrity crates/palyra-skills/src/lib.rs#25.
- Audit:
audit_skill_artifact_securitychecks for dangerous WASM exports or excessive capability requests crates/palyra-skills/src/lib.rs#12. - Quarantine: New or updated skills are placed in
SkillExecutionStatus::Quarantinedcrates/palyra-daemon/src/transport/http/handlers/console/skills.rs#169 until approved by an operator. - Installation: Approved skills are indexed in the
InstalledSkillsIndexcrates/palyra-daemon/src/transport/http/handlers/console/skills.rs#16.
Data Flow: Plugin Execution
The following diagram illustrates the transition from a tool call request to WASM execution. WASM Execution Pipeline Sources: crates/palyra-daemon/src/wasm_plugin_runner.rs#124-154, crates/palyra-plugins/runtime/src/lib.rs#152-186, crates/palyra-daemon/src/transport/http/handlers/console/skills.rs#9-42InstalledSkillsIndex and Persistence
The daemon maintains an index of all active skills.Skill Status Management
Theconsole_skills_list_handler retrieves the list of installed skills and their current operational status crates/palyra-daemon/src/transport/http/handlers/console/skills.rs#9-16.
- Status Check: Calls
state.runtime.skill_statusto determine if a skill is enabled, quarantined, or failed crates/palyra-daemon/src/transport/http/handlers/console/skills.rs#26-30. - Upsert: The
upsert_skill_statusfunction updates the status and records an audit event in the journal crates/palyra-daemon/src/transport/http/handlers/console/skills.rs#166-184.
Skill Builder (Experimental)
Palyra includes a “Dynamic Tool Builder” that can generate WASM skill scaffolds from natural language prompts or learning candidates crates/palyra-daemon/src/transport/http/handlers/console/skills.rs#67-101.- Scaffolding:
write_skill_builder_scaffoldcreates the initial directory structure andskill.tomlcrates/palyra-daemon/src/transport/http/handlers/console/skills.rs#149-162. - Promotion: Builders are promoted to full skills after an operator review crates/palyra-daemon/src/transport/http/handlers/console/skills.rs#182.
Component Association
The following table bridges the conceptual “Skill” to the internal Rust structs.| Concept | Code Entity | File |
|---|---|---|
| Skill Identity | SkillManifest | crates/palyra-skills/src/models.rs |
| Execution Policy | WasmPluginRunnerPolicy | crates/palyra-daemon/src/wasm_plugin_runner.rs#18-30 |
| Resource Access | CapabilityGrantSet | crates/palyra-plugins/runtime/src/lib.rs#43-48 |
| Runtime Instance | WasmRuntime | crates/palyra-plugins/runtime/src/lib.rs#105-108 |
| Module Resolution | ResolvedInstalledSkillModule | crates/palyra-daemon/src/wasm_plugin_runner.rs#113-122 |