Process Supervisor & Sidecar Lifecycle

The Palyra Desktop application utilizes a robust process supervisor architecture to manage the lifecycle of its core background services. The ControlCenter acts as the primary orchestrator, ensuring that the daemon (palyrad), browser automation service (palyra-browserd), and node host are correctly configured, executed, and monitored for health.

ControlCenter Orchestration

The ControlCenter struct is the central entity responsible for process supervision, state persistence, and log aggregation within the desktop environment apps/desktop/src-tauri/src/supervisor.rs#212-234. It manages three primary ManagedService instances:

Gateway (palyrad): The central execution engine and gRPC gateway apps/desktop/src-tauri/src/supervisor.rs#38-38.
Browserd (palyra-browserd): Manages headless Chrome for browser automation apps/desktop/src-tauri/src/supervisor.rs#39-39.
Node Host: Handles node-to-node communication and local resource execution apps/desktop/src-tauri/src/supervisor.rs#40-40.

Supervisor Loop and Tick

The supervisor operates on a fixed interval defined by SUPERVISOR_TICK_MS (500ms) apps/desktop/src-tauri/src/lib.rs#1-1. During each tick, the supervisor evaluates the desired_running state of each service against its actual process status apps/desktop/src-tauri/src/supervisor.rs#109-111.

Service Lifecycle Flow

The following diagram illustrates the transition from high-level service definitions to the underlying tokio::process::Command execution. Service Execution Architecture Sources: apps/desktop/src-tauri/src/supervisor.rs#108-118, apps/desktop/src-tauri/src/supervisor.rs#212-234, apps/desktop/src-tauri/src/lib.rs#14-14.

Restart Strategy & Backoff

To prevent resource exhaustion during crash loops, Palyra implements an exponential backoff strategy for service restarts.

Restart Logic: When a process exits unexpectedly, the supervisor increments the restart_attempt counter apps/desktop/src-tauri/src/supervisor.rs#113-113.
Backoff Calculation: The delay before the next attempt is calculated using compute_backoff_ms, which scales based on the number of attempts, capped at a reasonable maximum to ensure eventual recovery without hammering the CPU apps/desktop/src-tauri/src/lib.rs#57-60.
Desired State: Services only attempt restarts if desired_running is true apps/desktop/src-tauri/src/supervisor.rs#109-109.

Sources: apps/desktop/src-tauri/src/supervisor.rs#108-148, apps/desktop/src-tauri/src/lib.rs#57-60.

Log Aggregation and Redaction

The supervisor captures stdout and stderr from all sidecar processes, centralizing them for the Desktop UI while ensuring sensitive data (like API keys or tokens) is never leaked.

MPSC Channel Pipeline

Logs are streamed from child processes via tokio::io::BufReader into an asynchronous mpsc channel with a capacity of 2,048 events apps/desktop/src-tauri/src/lib.rs#3-3.

Capture: ManagedService captures process output apps/desktop/src-tauri/src/supervisor.rs#116-116.
Redaction: Every line passes through sanitize_log_line before being stored or transmitted apps/desktop/src-tauri/src/lib.rs#34-34.
Storage: Logs are held in a VecDeque<LogLine> per service, limited to MAX_LOG_LINES_PER_SERVICE (400 lines) to manage memory apps/desktop/src-tauri/src/lib.rs#2-2.

Redaction Routines

The sanitize_log_line function utilizes utilities from palyra_common::redaction to strip:

Authentication errors containing secrets apps/desktop/src-tauri/src/snapshot.rs#15-15.
Sensitive URL parameters apps/desktop/src-tauri/src/snapshot.rs#15-15.
Profile-specific identifiers apps/desktop/src-tauri/src/snapshot.rs#11-16.

Sources: apps/desktop/src-tauri/src/supervisor.rs#92-105, apps/desktop/src-tauri/src/lib.rs#1-4, apps/desktop/src-tauri/src/snapshot.rs#11-16.

Health Probes and Diagnostics

The supervisor maintains a ServiceProcessSnapshot for each managed service, which is exposed to the frontend via the get_snapshot Tauri command apps/desktop/src-tauri/src/commands.rs#65-74.

Probing Mechanism

The system uses reqwest::Client to perform health checks against service-specific ports:

Gateway Admin Port: 7142 apps/desktop/src-tauri/src/lib.rs#16-16.
Browser Health Port: 7143 apps/desktop/src-tauri/src/lib.rs#19-19.

The HealthEndpointPayload captures the status, version, and uptime of the underlying service apps/desktop/src-tauri/src/supervisor.rs#204-209.

Diagnostic State Flow

The diagram below maps the internal code entities to the diagnostic data flow. Diagnostic Data Flow Sources: apps/desktop/src-tauri/src/supervisor.rs#184-187, apps/desktop/src-tauri/src/commands.rs#65-74, apps/desktop/ui/src/App.tsx#8-8, apps/desktop/ui/src/lib/desktopApi.ts#1-1.

Managed Ports and Networking

Each service is assigned specific ports for administration and communication, managed by the RuntimeConfig apps/desktop/src-tauri/src/supervisor.rs#151-157.

Service	Port Type	Default Value	Code Reference
Gateway	Admin HTTP	7142	apps/desktop/src-tauri/src/lib.rs#16-16
Gateway	gRPC	7443	apps/desktop/src-tauri/src/lib.rs#17-17
Gateway	QUIC	7444	apps/desktop/src-tauri/src/lib.rs#18-18
Browserd	Health HTTP	7143	apps/desktop/src-tauri/src/lib.rs#19-19
Browserd	gRPC	7543	apps/desktop/src-tauri/src/lib.rs#20-20

Sources: apps/desktop/src-tauri/src/lib.rs#16-20, apps/desktop/src-tauri/src/supervisor.rs#151-169.

​ControlCenter Orchestration

​Supervisor Loop and Tick

​Service Lifecycle Flow

​Restart Strategy & Backoff

​Log Aggregation and Redaction

​MPSC Channel Pipeline

​Redaction Routines

​Health Probes and Diagnostics

​Probing Mechanism

​Diagnostic State Flow

​Managed Ports and Networking