Supervisor and Sidecar Management

The Control Center serves as the central process supervisor and lifecycle manager for the Palyra Desktop application. It is responsible for orchestrating the execution of the core daemon (palyrad), the browser automation daemon (palyra-browserd), and the local palyra node host. The supervisor ensures these sidecars remain healthy, handles log aggregation with sensitive data redaction, and implements an exponential backoff strategy for service recovery.

ControlCenter Architecture

The ControlCenter struct is the primary state container for the supervisor, managed within a Tauri State and wrapped in a Mutex for thread-safe access from async commands apps/desktop/src-tauri/src/commands.rs#63-65. It maintains the runtime configuration, service handles, and log buffers.

Key Components

ManagedService: Tracks the state of an individual sidecar, including its Child process handle, PID, and restart metrics apps/desktop/src-tauri/src/supervisor.rs#108-118.
Supervisor Loop: A 500ms tick loop that evaluates the state of all desired services apps/desktop/src-tauri/src/lib.rs#1-1.
Log Draining: A multi-producer, single-consumer (mpsc) pipeline for aggregating stdout/stderr from sidecars into a unified, size-bounded buffer apps/desktop/src-tauri/src/supervisor.rs#231-232.

Service Entity Mapping

System Name	Code Entity (`ServiceKind`)	Binary Name	Role
Gateway	`ServiceKind::Gateway`	`palyrad`	Central control plane and API provider apps/desktop/src-tauri/src/supervisor.rs#54-54.
Browser	`ServiceKind::Browserd`	`palyra-browserd`	Headless Chrome automation service apps/desktop/src-tauri/src/supervisor.rs#55-55.
Node Host	`ServiceKind::NodeHost`	`palyra node host`	Local capability execution host apps/desktop/src-tauri/src/supervisor.rs#56-56.

Sources: apps/desktop/src-tauri/src/supervisor.rs#35-71, apps/desktop/src-tauri/src/lib.rs#1-10

ManagedService Lifecycle

Each sidecar is modeled as a ManagedService. The supervisor transitions services between states based on the desired_running flag and the actual process status.

Restart Strategy: Exponential Backoff

When a service fails, the supervisor increments restart_attempt and calculates a delay using compute_backoff_ms.

Base delay: 1,000ms.
Scaling: $2^{(attempt-1)} \times 1000$ , capped at 30,000ms apps/desktop/src-tauri/src/supervisor.rs#445-455.
Reset: The attempt counter resets to 0 if the service remains healthy for more than 60 seconds apps/desktop/src-tauri/src/supervisor.rs#435-443.

Lifecycle State Machine

Sources: apps/desktop/src-tauri/src/supervisor.rs#120-148, apps/desktop/src-tauri/src/supervisor.rs#445-465, apps/desktop/src-tauri/src/lib.rs#1-1

Log Management and Sanitization

The supervisor captures stdout and stderr from sidecars using Stdio::piped() apps/desktop/src-tauri/src/supervisor.rs#520-521.

Data Flow

Capture: tokio::io::BufReader reads lines from the process pipes apps/desktop/src-tauri/src/supervisor.rs#17-18.
Sanitization: Every line is passed through sanitize_log_line, which redacts:
- Admin tokens and auth headers.
- URLs containing sensitive credentials.
- Known secret patterns apps/desktop/src-tauri/src/snapshot.rs#11-16.
Ingestion: Sanitized lines are sent via log_tx to the ControlCenter’s internal log_rx receiver apps/desktop/src-tauri/src/supervisor.rs#231-232.
Storage: Lines are stored in a VecDeque<LogLine> per service, capped at MAX_LOG_LINES_PER_SERVICE (400 lines) to prevent memory exhaustion apps/desktop/src-tauri/src/lib.rs#2-2.

Sources: apps/desktop/src-tauri/src/supervisor.rs#530-550, apps/desktop/src-tauri/src/lib.rs#2-3, apps/desktop/src-tauri/src/snapshot.rs#11-16

Sidecar Specifics

palyrad (Gateway)

The primary sidecar. It is launched with essential environment variables including PALYRA_ADMIN_TOKEN and PALYRA_BROWSER_AUTH_TOKEN to secure the internal gRPC and HTTP surfaces apps/desktop/src-tauri/src/supervisor.rs#560-580. It binds to ports 7142 (Admin), 7443 (gRPC), and 7444 (QUIC) by default apps/desktop/src-tauri/src/lib.rs#16-18.

palyra-browserd

Managed based on the browser_service_enabled preference in DesktopStateFile. If enabled, the supervisor ensures it is running and healthy, binding to ports 7143 (Health) and 7543 (gRPC) apps/desktop/src-tauri/src/lib.rs#19-20.

palyra node host

The supervisor manages the local node host using the CLI binary.

Enrollment: Invokes palyra node install to setup local identity material apps/desktop/README.md#56-58.
Execution: Runs palyra node run --json to allow the supervisor to parse machine-readable status updates from the node host apps/desktop/README.md#58-58.

Implementation Reference

Sources: apps/desktop/src-tauri/src/supervisor.rs#108-118, apps/desktop/src-tauri/src/supervisor.rs#212-234, apps/desktop/src-tauri/src/supervisor.rs#35-41

​ControlCenter Architecture

​Key Components

​Service Entity Mapping

​ManagedService Lifecycle

​Restart Strategy: Exponential Backoff

​Lifecycle State Machine

​Log Management and Sanitization

​Data Flow

​Sidecar Specifics

​palyrad (Gateway)

​palyra-browserd

​palyra node host

​Implementation Reference