ControlCenter Supervisor & Service Lifecycle

The ControlCenter is the central orchestration engine of the Palyra Desktop application. It acts as a supervisor for background sidecar processes—specifically palyrad (the core daemon) and palyra-browserd (the headless browser service). It manages their full lifecycle, including automated startup, health monitoring, crash recovery with exponential backoff, and log aggregation.

The ControlCenter Struct

The ControlCenter struct maintains the runtime state of the desktop environment. It holds references to managed services, persistence layers, and communication clients required to interface with the supervised processes.

Field	Type	Description
`gateway`	`ManagedService`	Supervisor state for the `palyrad` process.
`browserd`	`ManagedService`	Supervisor state for the `palyra-browserd` process.
`persisted`	`DesktopStateFile`	Disk-backed configuration and onboarding state.
`runtime`	`RuntimeConfig`	Port assignments and networking configuration.
`log_rx`	`mpsc::Receiver<LogEvent>`	Channel for receiving aggregated logs from children.

Code Entity Mapping: ControlCenter

The following diagram shows how the ControlCenter struct integrates various system components into a single supervised unit. Sources: apps/desktop/src-tauri/src/supervisor.rs#205-226, apps/desktop/src-tauri/src/supervisor.rs#101-111

ManagedService Tracking

Each sidecar process is wrapped in a ManagedService struct. This entity tracks whether a service should be running (desired_running) versus its actual OS state.

Liveness States: A service is reported as running, restarting, or stopped apps/desktop/src-tauri/src/supervisor.rs#132-141.
Port Tracking: It maintains a list of bound_ports (e.g., 7142 for Admin, 7443 for gRPC) used for health probing apps/desktop/src-tauri/src/supervisor.rs#110-111.
Restart Logic: If a process exits unexpectedly while desired_running is true, the supervisor increments restart_attempt and calculates a delay using compute_backoff_ms apps/desktop/src-tauri/src/supervisor.rs#106-107.

Sources: apps/desktop/src-tauri/src/supervisor.rs#101-126, apps/desktop/src-tauri/src/lib.rs#16-20

Supervisor Loop & Exponential Backoff

The supervisor operates on a fixed-interval “tick” (defined by SUPERVISOR_TICK_MS, typically 500ms) apps/desktop/src-tauri/src/lib.rs#1. During each tick, the ControlCenter performs the following:

Zombie Reaping: Checks if child processes have exited using non-blocking try_wait().
Backoff Enforcement: If a service is scheduled for restart, it compares the current timestamp against next_restart_unix_ms.
Process Spawning: If a service is desired but not running (and backoff has expired), it invokes Command::spawn() with the appropriate environment variables and flags (e.g., CREATE_NO_WINDOW on Windows) apps/desktop/src-tauri/src/lib.rs#62-72.

Backoff Strategy

The system uses a jittered exponential backoff to prevent “thundering herd” issues when services fail repeatedly.

Initial Delay: 1,000ms.
Multiplier: 2x per failure.
Maximum Delay: 30,000ms.

Sources: apps/desktop/src-tauri/src/lib.rs#1, apps/desktop/src-tauri/src/supervisor.rs#106-107, apps/desktop/src-tauri/src/lib.rs#62-72

Log Management & Aggregation

The ControlCenter captures stdout and stderr from all managed services using asynchronous readers apps/desktop/src-tauri/src/supervisor.rs#17-18.

Log Streams: Logs are categorized into Stdout, Stderr, or Supervisor (internal events) apps/desktop/src-tauri/src/supervisor.rs#68-72.
Ring Buffer: Each ManagedService maintains a VecDeque<LogLine> limited to MAX_LOG_LINES_PER_SERVICE (400 lines) to prevent memory exhaustion apps/desktop/src-tauri/src/lib.rs#2.
Sanitization: Lines are passed through sanitize_log_line to redact sensitive information before being stored or sent to the UI apps/desktop/src-tauri/src/snapshot.rs#25-26.
Flow:
1. Process outputs a line.
2. ControlCenter reads it and wraps it in a LogEvent.
3. Event is sent via log_tx to the main aggregation loop.
4. UI requests a snapshot, and the logs are serialized into the ControlCenterSnapshot.

Sources: apps/desktop/src-tauri/src/supervisor.rs#85-111, apps/desktop/src-tauri/src/lib.rs#2-3, apps/desktop/src-tauri/src/snapshot.rs#183

Snapshot Pipeline & Health Probing

The Desktop UI retrieves the system state via the get_snapshot Tauri command apps/desktop/src-tauri/src/commands.rs#55-63. This triggers a multi-stage pipeline to assemble the ControlCenterSnapshot.

Data Flow: Snapshot Assembly

Health Probing

The supervisor performs active probing of the palyrad admin port (7142) and browserd health port (7143) apps/desktop/src-tauri/src/lib.rs#16-19. It parses the HealthEndpointPayload to determine:

status: (e.g., “healthy”)
version: The binary version string.
uptime_seconds: Process longevity.

If a probe fails or returns a non-200 status, the service status is marked as Degraded or Down in the OverallStatus enum apps/desktop/src-tauri/src/snapshot.rs#169-173. Sources: apps/desktop/src-tauri/src/snapshot.rs#176-185, apps/desktop/src-tauri/src/snapshot.rs#197-202, apps/desktop/src-tauri/src/commands.rs#55-63

Service Lifecycle Actions

The ControlCenter exposes async methods to transition service states, typically triggered by the LifecycleActionBar in the UI apps/desktop/ui/src/components/LifecycleActionBar.tsx.

start_palyra: Sets desired_running to true for both gateway and browserd (if enabled) apps/desktop/src-tauri/src/commands.rs#33.
stop_palyra: Sets desired_running to false and sends termination signals to child processes apps/desktop/src-tauri/src/commands.rs#34.
restart_palyra: A convenience sequence that stops and then immediately flags services for restart apps/desktop/src-tauri/src/commands.rs#30.

Sources: apps/desktop/src-tauri/src/commands.rs#30-34, apps/desktop/ui/src/App.tsx#30-34

​The ControlCenter Struct

​Code Entity Mapping: ControlCenter

​ManagedService Tracking

​Supervisor Loop & Exponential Backoff

​Backoff Strategy

​Log Management & Aggregation

​Snapshot Pipeline & Health Probing

​Data Flow: Snapshot Assembly

​Health Probing

​Service Lifecycle Actions