> ## Documentation Index
> Fetch the complete documentation index at: https://docs-code.palyra.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Additional Tool Executors

<details>
  <summary>Relevant source files</summary>

  The following files were used as context for generating this wiki page:

  * apps/web/src/console/sections/AgentsSection.tsx
  * crates/palyra-cli/examples/run\_release\_eval\_gate.rs
  * crates/palyra-common/src/release\_evals/catalog.rs
  * crates/palyra-common/src/release\_evals/evaluator.rs
  * crates/palyra-common/src/release\_evals/mod.rs
  * crates/palyra-common/src/release\_evals/projections.rs
  * crates/palyra-common/src/release\_evals/schema.rs
  * crates/palyra-common/tests/release\_eval\_contract.rs
  * crates/palyra-daemon/src/application/tool\_runtime/artifacts.rs
  * crates/palyra-daemon/src/application/tool\_runtime/delegation.rs
  * crates/palyra-daemon/src/application/tool\_runtime/http\_fetch.rs
  * crates/palyra-daemon/src/application/tool\_runtime/networked\_worker.rs
  * crates/palyra-daemon/src/application/tool\_runtime/process\_registry.rs
  * crates/palyra-daemon/src/application/tool\_runtime/tool\_program.rs
  * crates/palyra-daemon/src/application/tool\_runtime/tool\_rpc.rs
  * crates/palyra-daemon/src/application/workspace\_observability.rs
  * crates/palyra-egress-proxy/src/lib.rs
  * crates/palyra-egress-proxy/tests/critical\_attack\_scenarios.rs
  * crates/palyra-safety/tests/critical\_attack\_scenarios.rs
  * crates/palyra-workerd/src/lib.rs
  * crates/palyra-workerd/tests/critical\_attack\_scenarios.rs
  * fixtures/golden/release\_eval\_inventory.json
</details>

This page covers the specialized tool executors within the Palyra daemon that handle networked operations, long-running programs, delegation, and workspace observability. These executors complement the core process and filesystem tools by providing higher-level abstractions for complex agent tasks.

## HTTP Fetch Tool (`palyra.http.fetch`)

The `palyra.http.fetch` tool provides policy-gated outbound HTTP access. It is designed to prevent SSRF (Server-Side Request Forgery) and DNS rebinding attacks by integrating directly with the `palyra-egress-proxy` crate [crates/palyra-daemon/src/application/tool\_runtime/http\_fetch.rs#1-9](http://crates/palyra-daemon/src/application/tool_runtime/http_fetch.rs#1-9).

### Security and Data Flow

1. **Policy Evaluation**: Every request and every subsequent redirect is re-evaluated by the `EgressProxyPolicyService` [crates/palyra-daemon/src/application/tool\_runtime/http\_fetch.rs#3-9](http://crates/palyra-daemon/src/application/tool_runtime/http_fetch.rs#3-9).
2. **Connection Pinning**: Resolved IP addresses are pinned into the HTTP client to prevent DNS rebinding between the time of check and time of connect [crates/palyra-daemon/src/application/tool\_runtime/http\_fetch.rs#6-8](http://crates/palyra-daemon/src/application/tool_runtime/http_fetch.rs#6-8).
3. **Credential Injection**: The tool can inject secrets from the Palyra Vault into headers, ensuring agents never handle raw API keys [crates/palyra-egress-proxy/src/lib.rs#3-6](http://crates/palyra-egress-proxy/src/lib.rs#3-6).
4. **Content Processing**: HTML responses are stripped of non-visible tags (e.g., `<script>`, `<style>`) and passed through a safety redaction scan before being returned to the agent [crates/palyra-daemon/src/application/tool\_runtime/http\_fetch.rs#11-13](http://crates/palyra-daemon/src/application/tool_runtime/http_fetch.rs#11-13).

### HTTP Fetch Architecture

The diagram below illustrates how a fetch request is gated by the egress proxy before hitting the network.

**Diagram: Egress Gated Fetch Flow**

```mermaid theme={null}
graph TD
    subgraph "Natural Language Space"
        NL["'Fetch the latest news from example.com'"]
    end

    subgraph "Code Entity Space"
        Executor["execute_http_fetch_tool (http_fetch.rs)"]
        Proxy["EgressProxyPolicyService (palyra-egress-proxy)"]
        Vault["VaultRef (palyra-vault)"]
        Client["reqwest::Client (pinned IP)"]
        Redactor["redact_text_for_export (palyra-safety)"]
    end

    NL --> Executor
    Executor --> Proxy
    Proxy -- "Lookup Secrets" --> Vault
    Proxy -- "Verdict & Pinned IPs" --> Executor
    Executor --> Client
    Client -- "Raw Response" --> Redactor
    Redactor -- "Clean Text" --> Executor
```

**Sources:** [crates/palyra-daemon/src/application/tool\_runtime/http\_fetch.rs#57-105](http://crates/palyra-daemon/src/application/tool_runtime/http_fetch.rs#57-105), [crates/palyra-egress-proxy/src/lib.rs#1-7](http://crates/palyra-egress-proxy/src/lib.rs#1-7), [crates/palyra-daemon/src/application/tool\_runtime/http\_fetch.rs#11-15](http://crates/palyra-daemon/src/application/tool_runtime/http_fetch.rs#11-15)

***

## Tool Programs and RPC Delegation

The `palyra.tool_program.run` tool allows agents to execute declarative, multi-step programs. This enables complex workflows that require explicit tool grants and DAG-based dependencies [crates/palyra-daemon/src/application/tool\_runtime/tool\_program.rs#1-9](http://crates/palyra-daemon/src/application/tool_runtime/tool_program.rs#1-9).

### Execution Model

* **Step Isolation**: Each step in a program is executed as a grant-checked tool RPC call [crates/palyra-daemon/src/application/tool\_runtime/tool\_program.rs#3-6](http://crates/palyra-daemon/src/application/tool_runtime/tool_program.rs#3-6).
* **Budgeting**: Programs operate under shared budgets for steps, runtime, child runs, and output bytes [crates/palyra-daemon/src/application/tool\_runtime/tool\_program.rs#5-7](http://crates/palyra-daemon/src/application/tool_runtime/tool_program.rs#5-7).
* **Python Bridge**: Programs can execute sandboxed Python code that communicates with the daemon via a JSONL-based RPC bridge [crates/palyra-daemon/src/application/tool\_runtime/tool\_rpc.rs#1-7](http://crates/palyra-daemon/src/application/tool_runtime/tool_rpc.rs#1-7).

### Tool RPC (`tool_rpc.rs`)

Nested tool calls are managed by the RPC bridge. It re-evaluates security for every child call, ensuring a program cannot escalate privileges beyond its parent proposal [crates/palyra-daemon/src/application/tool\_rpc.rs#3-5](http://crates/palyra-daemon/src/application/tool_rpc.rs#3-5).

| Feature               | Description                                                                                                                                                                                                         |
| :-------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Call ID**           | Correlates child calls to the parent proposal in the journal [crates/palyra-daemon/src/application/tool\_rpc.rs#178-180](http://crates/palyra-daemon/src/application/tool_rpc.rs#178-180).                          |
| **Result Projection** | Allows callers to choose between `ModelVisible`, `SummaryOnly`, or `ArtifactOnly` outputs [crates/palyra-daemon/src/application/tool\_rpc.rs#63-70](http://crates/palyra-daemon/src/application/tool_rpc.rs#63-70). |
| **Attestation**       | Every child call generates a `ToolRpcAttestation` for auditability [crates/palyra-daemon/src/application/tool\_rpc.rs#101-108](http://crates/palyra-daemon/src/application/tool_rpc.rs#101-108).                    |

**Sources:** [crates/palyra-daemon/src/application/tool\_runtime/tool\_program.rs#1-9](http://crates/palyra-daemon/src/application/tool_runtime/tool_program.rs#1-9), [crates/palyra-daemon/src/application/tool\_runtime/tool\_rpc.rs#142-162](http://crates/palyra-daemon/src/application/tool_runtime/tool_rpc.rs#142-162)

***

## Networked Worker Dispatch

Palyra supports distributed execution via a fleet of networked workers. The `WorkerFleetManager` maintains an in-memory ledger of available workers and their health [crates/palyra-workerd/src/lib.rs#3-6](http://crates/palyra-workerd/src/lib.rs#3-6).

### Attestation and Security

To join the fleet, a worker must present a `WorkerAttestation` containing:

* **Image/Build Digests**: SHA-256 hashes of the worker's software stack [crates/palyra-workerd/src/lib.rs#38-40](http://crates/palyra-workerd/src/lib.rs#38-40).
* **Egress Proxy Binding**: Verification that the worker booted behind an attested egress proxy [crates/palyra-workerd/src/lib.rs#41-42](http://crates/palyra-workerd/src/lib.rs#41-42).
* **Validity Window**: `issued_at` and `expires_at` timestamps to prevent replay of old attestations [crates/palyra-workerd/src/lib.rs#58-61](http://crates/palyra-workerd/src/lib.rs#58-61).

**Diagram: Worker Registration and Attestation**

```mermaid theme={null}
sequenceDiagram
    participant W as Networked Worker
    participant M as WorkerFleetManager (palyra-workerd)
    participant P as WorkerFleetPolicy

    W->>M: register_worker(WorkerAttestation)
    M->>P: Check Policy (Digests, Egress Binding)
    P-->>M: Validation Result
    alt Valid
        M->>M: Update Ledger (WorkerLifecycleState::Available)
        M-->>W: Registration Success
    else Invalid
        M-->>W: WorkerAttestationError
    end
```

**Sources:** [crates/palyra-workerd/src/lib.rs#35-62](http://crates/palyra-workerd/src/lib.rs#35-62), [crates/palyra-workerd/src/lib.rs#113-152](http://crates/palyra-workerd/src/lib.rs#113-152), [crates/palyra-workerd/tests/critical\_attack\_scenarios.rs#73-92](http://crates/palyra-workerd/tests/critical_attack_scenarios.rs#73-92)

***

## Workspace Observability and Artifacts

Workspace-mutating tools record journal-backed checkpoints. The `workspace_observability` module manages these snapshots for auditing and recovery [crates/palyra-daemon/src/application/workspace\_observability.rs#3-7](http://crates/palyra-daemon/src/application/workspace_observability.rs#3-7).

### Key Components

* **Checkpoints**: Pre-flight and post-change snapshots of every touched file [crates/palyra-daemon/src/application/workspace\_observability.rs#3-5](http://crates/palyra-daemon/src/application/workspace_observability.rs#3-5).
* **Artifact History**: Per-path versions allowing the console to diff changes across runs [crates/palyra-daemon/src/application/workspace\_observability.rs#126-158](http://crates/palyra-daemon/src/application/workspace_observability.rs#126-158).
* **Path Guards**: All mutations are validated against path-containment guards to prevent directory traversal or symlink attacks [crates/palyra-daemon/src/application/workspace\_observability.rs#9-12](http://crates/palyra-daemon/src/application/workspace_observability.rs#9-12).

### Artifact Read Tool (`palyra.artifact.read`)

This tool allows agents to read specific artifact versions from the journal. If a full read is denied due to sensitivity, the system automatically attempts a redacted text preview to keep the content model-visible [crates/palyra-daemon/src/application/tool\_runtime/artifacts.rs#1-8](http://crates/palyra-daemon/src/application/tool_runtime/artifacts.rs#1-8).

**Sources:** [crates/palyra-daemon/src/application/workspace\_observability.rs#1-15](http://crates/palyra-daemon/src/application/workspace_observability.rs#1-15), [crates/palyra-daemon/src/application/tool\_runtime/artifacts.rs#129-137](http://crates/palyra-daemon/src/application/tool_runtime/artifacts.rs#129-137)

***

## Delegation Control (`palyra.delegation`)

The delegation tools (`palyra.delegation.query` and `palyra.delegation.control`) allow agents to spawn sub-tasks (objectives) and monitor their progress [crates/palyra-daemon/src/application/tool\_runtime/delegation.rs#1-7](http://crates/palyra-daemon/src/application/tool_runtime/delegation.rs#1-7).

* **`delegate`**: Spawns a new background task with a specific objective, agent profile, and budget [crates/palyra-daemon/src/application/tool\_runtime/delegation.rs#159-174](http://crates/palyra-daemon/src/application/tool_runtime/delegation.rs#159-174).
* **`interrupt`**: Cancels an active delegation [crates/palyra-daemon/src/application/tool\_runtime/delegation.rs#150](http://crates/palyra-daemon/src/application/tool_runtime/delegation.rs#150).
* **`status`**: Retrieves the current `AuxiliaryTaskState` (e.g., Pending, Running, Completed) [crates/palyra-daemon/src/application/tool\_runtime/delegation.rs#142](http://crates/palyra-daemon/src/application/tool_runtime/delegation.rs#142).

**Sources:** [crates/palyra-daemon/src/application/tool\_runtime/delegation.rs#1-7](http://crates/palyra-daemon/src/application/tool_runtime/delegation.rs#1-7), [crates/palyra-daemon/src/application/tool\_runtime/delegation.rs#139-157](http://crates/palyra-daemon/src/application/tool_runtime/delegation.rs#139-157)
