palyrad (the Gateway) and palyra-browserd (the Browser Service), ensuring they are configured correctly, restarted upon failure with exponential backoff, and monitored via health checks.
ControlCenter Orchestration
TheControlCenter struct is the central orchestrator within the Tauri application. It maintains the runtime state of all managed services, handles configuration persistence, and provides the data source for UI snapshots.
Key Components
| Component | Responsibility |
|---|---|
ManagedService | Tracks a single process (PID, child handle, restart attempts, and log buffer). |
RuntimeConfig | Defines the static port assignments used by sidecars. |
DesktopStateFile | Persisted JSON state (state.json) tracking onboarding progress and preferences. |
DesktopSecretStore | Secure storage for sensitive tokens (Admin and Browser Auth). |
Process Lifecycle and ManagedService
Each sidecar is wrapped in aManagedService struct. The supervisor ensures that if a service is marked as desired_running, it is kept alive.
Exponential Backoff
When a process exits unexpectedly, the supervisor calculates a backoff delay before the next restart attempt usingcompute_backoff_ms. This prevents tight-loop crashing from consuming system resources.
- Initial Delay: 1,000ms.
- Multiplier: 2x per attempt.
- Maximum Delay: 30,000ms.
Port Assignments
The supervisor enforces specific port assignments for local inter-process communication:- Gateway Admin (HTTP): 7142 apps/desktop/src-tauri/src/lib.rs#16
- Gateway gRPC: 7443 apps/desktop/src-tauri/src/lib.rs#17
- Gateway QUIC: 7444 apps/desktop/src-tauri/src/lib.rs#18
- Browser Health (HTTP): 7143 apps/desktop/src-tauri/src/lib.rs#19
- Browser gRPC: 7543 apps/desktop/src-tauri/src/lib.rs#20
Supervisor Loop Logic
Thesupervisor_loop runs as a background task, ticking every 500ms (SUPERVISOR_TICK_MS).
Diagram: Supervisor Tick Flow
Log Redaction and Aggregation
Logs fromstdout and stderr are piped into the supervisor. The function sanitize_log_line is applied to all incoming lines to redact sensitive information (like Auth tokens or specific URLs) before they are stored in the ManagedService.logs buffer, which is capped at 400 lines (MAX_LOG_LINES_PER_SERVICE).
Sources: apps/desktop/src-tauri/src/lib.rs#1-3, apps/desktop/src-tauri/src/supervisor.rs#352-400, apps/desktop/src-tauri/src/snapshot.rs#33-33
Persistence and State Management
state.json
TheDesktopStateFile manages the high-level application state. It includes:
- Onboarding Progress: Tracks steps from
WelcomethroughCompletion. - Companion State: Stores notifications, offline drafts, and UI preferences.
- Migration: The
DESKTOP_STATE_SCHEMA_VERSION(currently 4) ensures that as the state structure evolves, old files are migrated or re-initialized.
DesktopSecretStore
Sensitive tokens are never stored in the plain-textstate.json. Instead, the DesktopSecretStore utilizes palyra-vault to interact with platform-specific secure storage (e.g., macOS Keychain, Windows DPAPI).
desktop_admin_token: Used for the Desktop Control Center to authenticate againstpalyrad.desktop_browser_auth_token: Used for the Browser Service authentication.
Snapshot Aggregation
The UI retrieves the current system status via theget_snapshot Tauri command. This function calls build_snapshot_from_inputs, which aggregates data from multiple sources:
- Process Stats: PID, uptime, and liveness from
ManagedService. - Health Probes: Active HTTP requests to the sidecars’ health endpoints (e.g.,
HealthEndpointPayload). - Diagnostic Errors: A collection of recent system errors, limited to 25 entries (
MAX_DIAGNOSTIC_ERRORS). - Quick Facts: Summary of versions, git hashes, and dashboard access modes (
LocalvsRemote).