Process Supervisor and ControlCenter

The ControlCenter is the central orchestration engine for the Palyra Desktop application. It manages the lifecycle of background service processes, handles state persistence, and provides a unified snapshot of the system’s health to the Tauri-based frontend.

ControlCenter Orchestration

The ControlCenter struct acts as the primary state container and supervisor for the desktop environment. It manages three core services: the Gateway (palyrad), the Browser Daemon (palyra-browserd), and the Node Host.

Key Components

Component	Responsibility
`ManagedService`	Tracks process state (PID, child handle), restart logic, and log buffers.
`RuntimeConfig`	Defines port assignments for gRPC, QUIC, and Admin APIs.
`ConsoleSessionCache`	Stores CSRF tokens and session metadata for secure communication with the daemon.
`DesktopSecretStore`	Provides encrypted storage for sensitive tokens like `desktop_admin_token`.

Data Flow: System Initialization

State Resolution: The system resolves the runtime_root and desktop_state_root apps/desktop/src-tauri/src/lib.rs#36-41.
Instance Locking: A DesktopInstanceLock is acquired to prevent multiple desktop instances from conflicting over the same state directory apps/desktop/src-tauri/src/supervisor.rs#173-175.
Secret Loading: The DesktopSecretStore initializes and loads the admin_token used to authenticate against the local gateway apps/desktop/src-tauri/src/supervisor.rs#224-225.
Service Spawning: The supervisor_loop begins managing the ManagedService instances apps/desktop/src-tauri/src/supervisor.rs#32.

Sources: apps/desktop/src-tauri/src/supervisor.rs#109-235, apps/desktop/src-tauri/src/lib.rs#1-47, apps/desktop/src-tauri/src/desktop_state.rs#1-41

ManagedService State Machine

Each background process is wrapped in a ManagedService struct. This layer implements a state machine that handles process execution, health monitoring, and automated recovery.

Implementation Details

Binary Resolution: Service binaries are located via resolve_binary_path, which checks environment overrides (e.g., PALYRA_DESKTOP_PALYRAD_BIN) before falling back to the bundled assets apps/desktop/src-tauri/src/supervisor.rs#65-71.
Exponential Backoff: If a service fails, the supervisor calculates a delay using compute_backoff_ms based on the restart_attempt count apps/desktop/src-tauri/src/supervisor.rs#114-115.
Log Draining: Stdout and Stderr are captured via tokio::process::Child pipes. Lines are sanitized via sanitize_log_line and stored in a VecDeque<LogLine> limited to MAX_LOG_LINES_PER_SERVICE (400 lines) apps/desktop/src-tauri/src/lib.rs#2, apps/desktop/src-tauri/src/supervisor.rs#117.

Service Lifecycle Diagram

This diagram maps the ManagedService states to the internal logic within supervisor.rs. Sources: apps/desktop/src-tauri/src/supervisor.rs#109-149, apps/desktop/src-tauri/src/lib.rs#1-4

Snapshot Generation Pipeline

The Desktop UI (React) does not poll individual services. Instead, it requests a unified ControlCenterSnapshot via the get_snapshot Tauri command apps/desktop/src-tauri/src/commands.rs#68-76.

Pipeline Stages

Capture Inputs: capture_snapshot_inputs gathers the current state of all ManagedService instances, bound ports, and the persisted state file apps/desktop/src-tauri/src/onboarding.rs#141-159.
Health Probing: The supervisor performs async health checks on the Gateway (GATEWAY_ADMIN_PORT) and Browser (BROWSER_HEALTH_PORT) apps/desktop/src-tauri/src/lib.rs#16-19.
Redaction & Sanitization: Error messages and URLs are processed through redact_url and sanitize_log_line to ensure no sensitive tokens appear in the UI apps/desktop/src-tauri/src/snapshot.rs#15-16.
QuickFacts Assembly: High-level metadata (Git hash, version, uptime) is aggregated into the QuickFactsSnapshot apps/desktop/src-tauri/src/snapshot.rs#100-111.

Snapshot Entity Mapping

This diagram bridges the UI representation to the Rust data structures. Sources: apps/desktop/src-tauri/src/snapshot.rs#1-120, apps/desktop/ui/src/App.tsx#96-118, apps/desktop/ui/src/components/HealthStrip.tsx#29-45

ConsoleSessionCache and DesktopSecretStore

The Desktop app functions as a privileged client to the Palyra Daemon. It manages credentials and session state to allow the “Handoff” to the web dashboard.

DesktopSecretStore

The DesktopSecretStore manages a small encrypted vault for the desktop runtime.

Admin Token: desktop_admin_token is generated on first boot and used for all /admin/v1 gRPC/HTTP calls apps/desktop/src-tauri/src/lib.rs#11.
Browser Token: desktop_browser_auth_token facilitates communication between the browser extension and the desktop sidecar apps/desktop/src-tauri/src/lib.rs#12.

ConsoleSessionCache

To avoid frequent re-authentication, the ControlCenter maintains an Arc<Mutex<Option<ConsoleSessionCache>>> apps/desktop/src-tauri/src/supervisor.rs#231.

CSRF Protection: It stores the csrf_token required for dashboard mutations apps/desktop/src-tauri/src/supervisor.rs#173-176.
Expiry Management: Sessions are invalidated based on expires_at_unix_ms with a 5-second CONSOLE_SESSION_EXPIRY_SKEW_MS to prevent race conditions during handoff apps/desktop/src-tauri/src/snapshot.rs#31.

Sources: apps/desktop/src-tauri/src/supervisor.rs#173-189, apps/desktop/src-tauri/src/snapshot.rs#17-33, apps/desktop/src-tauri/src/lib.rs#5-12

​ControlCenter Orchestration

​Key Components

​Data Flow: System Initialization

​ManagedService State Machine

​Implementation Details

​Service Lifecycle Diagram

​Snapshot Generation Pipeline

​Pipeline Stages

​Snapshot Entity Mapping

​ConsoleSessionCache and DesktopSecretStore

​DesktopSecretStore

​ConsoleSessionCache