Console API Client and State Management

The Palyra Web Console is a React-based operator interface that communicates with the palyrad daemon via the Console API. The system manages complex state transitions including asynchronous session bootstrapping, CSRF-protected mutations, and real-time diagnostic streaming.

ConsoleApiClient Implementation

The ConsoleApiClient is the primary interface for all frontend-to-backend communication. It abstracts the underlying HTTP transport, manages session headers, and enforces security protocols like CSRF.

Method Categories

Category	Role	Key Methods
Auth	Session lifecycle and handoff	`getSession`, `login`, `consumeDesktopHandoff`
Chat	Session and run management	`listSessions`, `createSession`, `createRun`, `getChatStream`
Inventory	Node and device management	`listInventory`, `getDeviceDetail`, `rotateDeviceKey`
Diagnostics	System health and audit	`getDiagnostics`, `listAuditEvents`, `listSupportJobs`
Config	Runtime mutation	`inspectConfig`, `validateConfig`, `mutateConfig`, `recoverConfig`

CSRF Enforcement

The client implements a “fail-closed” security model for mutating requests (POST, PUT, DELETE). It requires a valid csrf_token obtained during the session bootstrap or login phase.

Logic: If a mutating request is attempted without a token, the client throws an error before the network call is initiated apps/web/src/consoleApi.test.ts#92-106.
Header: Validated tokens are attached via the x-palyra-csrf-token header apps/web/src/consoleApi.test.ts#87-88.

NDJSON Streaming

For chat interactions, the client utilizes getChatStream to handle Network Delimited JSON (NDJSON). This allows the UI to render incremental LLM tokens and tool execution updates as they arrive from the GatewayService. Sources: apps/web/src/consoleApi.ts#1-100, apps/web/src/consoleApi.test.ts#44-90.

State Management and Session Bootstrap

State is centralized in the useConsoleAppState hook, which orchestrates the transition from a “booting” state to an active operator session.

Session Bootstrap with Exponential Backoff

When the console loads, it attempts to recover an existing session. To handle transient daemon unavailability (e.g., during a restart), the system employs a retry loop:

Attempts: Up to 5 retries apps/web/src/console/useConsoleAppState.tsx#56-56.
Backoff: Delay increases by 150ms * attempt apps/web/src/console/useConsoleAppState.tsx#55-101.
Retryable Errors: Only 401 (Unauthorized), 403 (Forbidden), and 429 (Rate Limited) trigger retries apps/web/src/console/useConsoleAppState.tsx#73-85.

Desktop Handoff Flow

The console supports a seamless transition from the Desktop App via a “Handoff Token.”

The app detects a desktop_handoff_token in the URL query parameters apps/web/src/console/useConsoleAppState.tsx#132-142.
It calls api.consumeDesktopHandoff(token) apps/web/src/console/useConsoleAppState.tsx#114-114.
Upon success, the token is stripped from the address bar to prevent replay or accidental sharing apps/web/src/console/useConsoleAppState.tsx#144-152.

Section TTL Auto-Refresh

To keep diagnostics and status chips current without overwhelming the daemon, the console implements TTL-based background refreshing.

Overview/Diagnostics: 10 seconds apps/web/src/console/useConsoleAppState.tsx#42-42.
Channels: 8 seconds apps/web/src/console/useConsoleAppState.tsx#44-44.
Config/Secrets: 15 seconds apps/web/src/console/useConsoleAppState.tsx#48-49.

Sources: apps/web/src/console/useConsoleAppState.tsx#41-152, apps/web/src/App.test.tsx#38-107.

Data Flow: Code Entity Space

The following diagrams illustrate the relationship between React UI components, the API client, and the backend data models.

Session Initialization Sequence

This diagram shows how useConsoleAppState interacts with ConsoleApiClient and the backend ConsoleSession model. Sources: apps/web/src/App.tsx#11-33, apps/web/src/console/useConsoleAppState.tsx#87-106, crates/palyra-control-plane/src/models.rs#7-16.

Config Mutation Workflow

This diagram maps the UI interaction in the OperationsSection to the ConfigMutationEnvelope in the backend. Sources: apps/web/src/console/sections/OperationsSection.tsx#85-92, apps/web/src/consoleApi.ts#153-175, crates/palyra-control-plane/src/models.rs#164-174.

Technical Detail: Diagnostics and Support

The console provides a deep-dive interface for system troubleshooting via the OperationsSection and SupportSection.

Diagnostics Snapshot

The diagnosticsSnapshot is a comprehensive JSON object containing:

Model Provider State: Circuit breaker status and latency apps/web/src/console/sections/OperationsSection.tsx#106-111.
Observability: Recent failure logs and operation counters apps/web/src/console/sections/OperationsSection.tsx#56-60.
Doctor Recovery: Status of automated fix-it jobs apps/web/src/console/sections/OperationsSection.tsx#137-145.

Support Bundle Lifecycle

Support bundles are managed as asynchronous jobs to ensure large exports do not timeout the browser session.

Queueing: createSupportBundle sends a request to the daemon apps/web/src/console/sections/SupportSection.tsx#178-181.
Tracking: The SupportSection polls supportBundleJobs to show progress (Queued -> Running -> Succeeded/Failed) apps/web/src/console/sections/SupportSection.tsx#97-101.
Retrieval: Once succeeded, the output_path is used to download the ZIP artifact apps/web/src/console/fixtures/m56ControlPlane.ts#180-198.

Sources: apps/web/src/console/sections/OperationsSection.tsx#47-145, apps/web/src/console/sections/SupportSection.tsx#72-174, apps/web/src/App.config-access-support.test.tsx#96-150.

​ConsoleApiClient Implementation

​Method Categories

​CSRF Enforcement

​NDJSON Streaming

​State Management and Session Bootstrap

​Session Bootstrap with Exponential Backoff

​Desktop Handoff Flow

​Section TTL Auto-Refresh

​Data Flow: Code Entity Space

​Session Initialization Sequence

​Config Mutation Workflow

​Technical Detail: Diagnostics and Support

​Diagnostics Snapshot

​Support Bundle Lifecycle