Skip to main content
The Node Runtime and Control Plane subsystems manage the lifecycle, trust, and coordination of distributed execution nodes within the Palyra ecosystem. This includes the enrollment of new devices, the execution of remote capabilities, and the unified inventory management of all connected entities.

Node Runtime and Lifecycle

The NodeRuntimeState manages the persistence and in-memory state of paired devices and active nodes crates/palyra-daemon/src/node_runtime.rs#208-213. It tracks pairing codes, active requests, and the registered capabilities of each node crates/palyra-daemon/src/node_runtime.rs#141-151.

Node Enrollment (Pairing)

Nodes enroll into the platform using a multi-step pairing handshake. This process transitions through several states to ensure secure identity establishment.
  1. Code Generation: A pairing code (PIN or QR) is generated with a specific TTL crates/palyra-daemon/src/node_runtime.rs#20-23.
  2. Request Initiation: The node client initiates a pairing request using the code crates/palyra-daemon/src/node_rpc.rs#150-170.
  3. Approval Workflow: A DevicePairingRequestRecord is created, which triggers an ApprovalRecord in the daemon’s journal crates/palyra-daemon/src/node_rpc.rs#187-200.
  4. Material Issuance: Upon approval, the daemon generates mTLS material, including a client certificate and the gateway CA certificate crates/palyra-daemon/src/node_runtime.rs#80-88.
  5. Completion: The node downloads the material and establishes an mTLS-secured gRPC connection crates/palyra-cli/src/commands/node.rs#143-146.

Node Control Flow Diagram

The following diagram illustrates the relationship between the CLI-based Node Host and the Daemon’s RPC services. Node Host to Daemon Interaction Sources: crates/palyra-daemon/src/node_rpc.rs#45-54, crates/palyra-daemon/src/node_rpc.rs#207-215, crates/palyra-daemon/src/node_rpc.rs#230-240, crates/palyra-cli/src/commands/node.rs#207-215

Node Capability Invocation

Capabilities are named functions (e.g., system.health, desktop.open_url) that a node advertises as available crates/palyra-cli/src/commands/node.rs#119-125.

Invocation Lifecycle

When a capability is invoked (via the Console or API), the NodeRuntimeState manages the dispatch:

Capability Execution Data Flow

Sources: crates/palyra-daemon/src/node_runtime.rs#154-166, crates/palyra-daemon/src/node_rpc.rs#230-245, crates/palyra-cli/src/commands/node.rs#218-230

Inventory Management

The Control Plane provides a unified “Inventory” view that aggregates identity, trust, and runtime presence.

Data Models

EntityCode SymbolDescription
Device RecordInventoryDeviceRecordAggregates DeviceRecord, NodeRecord, and NodePairingRequestView crates/palyra-daemon/src/transport/http/handlers/console/inventory.rs#161-166.
Instance RecordInventoryInstanceRecordRepresents a live runtime instance (e.g., a specific daemon or sidecar) crates/palyra-daemon/src/transport/http/handlers/console/inventory.rs#24.
Trust Stateinventory_device_trust_stateDetermines if a device is trusted, untrusted, or revoked based on certificate validity crates/palyra-daemon/src/transport/http/handlers/console/inventory.rs#174.
Presence Stateinventory_device_presence_stateCalculates status (online, stale, offline, degraded) based on heartbeat age crates/palyra-daemon/src/transport/http/handlers/console/inventory.rs#172-173.

Presence Logic

The system uses specific timeouts to categorize node health crates/palyra-daemon/src/transport/http/handlers/console/inventory.rs#11-12:
  • Stale: Heartbeat > 5 minutes.
  • Offline: Heartbeat > 30 minutes.
Sources: crates/palyra-daemon/src/transport/http/handlers/console/inventory.rs#11-12, crates/palyra-daemon/src/transport/http/handlers/console/inventory.rs#161-174, apps/web/src/console/hooks/useInventoryDomain.ts#30-33

Control Plane Coordination

The ControlPlaneClient is the primary interface for multi-node coordination and administrative tasks. It abstracts the HTTP/REST interface of the daemon’s control surface.

Key Capabilities

Access Control Integration

All control plane actions are gated by the AccessRegistry crates/palyra-daemon/src/access_control.rs#13-14. Tokens are validated against specific permissions (e.g., trust.operate, observability.read) before allowing node or inventory mutations crates/palyra-daemon/src/access_control.rs#31-32. Entity Mapping: API to Implementation
API RouteHandler FunctionPermission Required
GET /console/v1/inventoryconsole_inventory_list_handlerobservability.read
GET /console/v1/inventory/devices/:idconsole_inventory_device_detail_handlerobservability.read
POST /node/v1/registerNodeRpcServiceImpl::register_nodemTLS Certificate Bound
POST /node/v1/event-streamNodeRpcServiceImpl::node_event_streammTLS Certificate Bound
Sources: crates/palyra-control-plane/src/client.rs#33-41, crates/palyra-daemon/src/access_control.rs#24-36, crates/palyra-daemon/src/transport/http/handlers/console/inventory.rs#14-17, crates/palyra-daemon/src/node_rpc.rs#100-112