palyrad daemon. It is organized into functional sections categorized under Observability, Control, Agent, and Settings groups. The console facilitates everything from real-time chat and usage tracking to low-level configuration mutations and security audit log reviews.
Architecture and Navigation
The console utilizes a section-based navigation model defined inapps/web/src/console/navigation.ts. The ConsoleApp component serves as the entry point, managing the transition between the boot screen, authentication screen, and the main shell.
Navigation Structure
The UI is divided into five logical groups:- Chat: Direct interaction with agents via the
ChatConsolePanel. - Observability: High-level status via Overview, Sessions, Usage, Logs, Inventory, and Support.
- Control: Active management of Approvals, Routines (Cron), Channels, and Browser automation.
- Agent: Configuration of Agents, Skills, and Memory.
- Settings: System-level Auth profiles, Access control, Config mutations, and Secrets.
Request Pipeline and ConsoleApiClient
All communication with the daemon is brokered by theConsoleApiClient. This client handles endpoint routing, JSON serialization, and security headers.
Key Features:
- Base Path: Targets
/console/v1for all administrative operations apps/web/src/consoleApi.ts#66. - CSRF Protection: The client automatically attaches the
x-palyra-csrf-tokenheader to all mutating requests (POST, PUT, DELETE) once a session is established apps/web/src/consoleApi.test.ts#88-90. - Error Handling: Uses
ControlPlaneApiErrorto encapsulate HTTP error states, including specialized handling for 429 (Rate Limit) and 403 (Forbidden) during bootstrap apps/web/src/console/useConsoleAppState.tsx#85.
Desktop Handoff Flow
Palyra supports a “Desktop Handoff” mechanism where the Tauri-based desktop application can launch the web console in a standard browser while maintaining the authenticated session.- Token Generation: The desktop sidecar generates a short-lived
desktop_handoff_token. - Redirection: The browser is opened with the token in the query string:
?desktop_handoff_token=.... - Consumption: The
useConsoleAppStatehook detects the token, callsapi.consumeDesktopHandoff(), and then clears the token from the address bar to prevent reuse or leakage apps/web/src/console/useConsoleAppState.tsx#109-153. - Fallback: If handoff fails, the app attempts a standard bootstrap session refresh apps/web/src/console/useConsoleAppState.tsx#117-122.
Console Sections Detail
1. Overview and Observability
- Overview: Displays deployment posture, capability catalog, and active warnings apps/web/src/console/sections/OverviewSection.tsx#1.
- Usage: Provides token consumption metrics, estimated costs (USD), and model-specific latency tracking apps/web/src/consoleApi.ts#97-130.
- Inventory: Manages the trust state of connected devices and nodes apps/web/src/console/sections/AccessSection.tsx#73-78.
- Logs: Streams system-level audit events and diagnostic logs.
2. Control and Automation
- Approvals: The inbox for “Human-in-the-loop” tool execution. Operators review pending actions requested by agents apps/web/src/console/sections/ApprovalsSection.tsx#1.
- Routines (Cron): Manages scheduled agent tasks. Supports natural language schedule previews (e.g., “every 2h”) and manual dispatch apps/web/src/consoleApi.test.ts#141-154.
- Channels: Controls connector status (Discord, Slack, etc.). Provides a surface for testing connectivity and viewing liveness apps/web/src/consoleApi.ts#9-15.
3. Settings and Security
- Config: Implements a “Redacted Mutate” flow. Operators can inspect, validate, and apply changes to the
RootFileConfigwithout direct TOML editing apps/web/src/App.config-access-support.test.tsx#48-69. - Secrets: Interface for the
palyra-vault. Supports storing keys and an “Explicit Reveal” toggle that requires operator acknowledgement before unmasking sensitive values in the UI apps/web/src/App.config-access-support.test.tsx#137-142. - Access: Manages mTLS node pairing. Operators can mint pairing codes or approve/reject incoming pairing requests from new nodes apps/web/src/console/sections/AccessSection.tsx#118-135.
4. Support and Diagnostics
The Support section provides tools for incident remediation:- Support Bundles: Queues background jobs to collect logs and state for debugging apps/web/src/console/sections/SupportSection.tsx#178-180.
- Doctor Recovery: Interfaces with the
palyra-clidoctor framework to preview and apply self-healing recovery plans apps/web/src/console/sections/SupportSection.tsx#114-121.
consoleApi.ts.
Title: Console Data Mapping
Sources: apps/web/src/consoleApi.ts#29-49, apps/web/src/consoleApi.ts#97-108, apps/web/src/console/sections/AccessSection.tsx#69-72, apps/web/src/console/sections/SupportSection.tsx#73-74
State Management and Auto-Refresh
The console uses a TTL-based auto-refresh strategy to keep observability data current without overloading the daemon. TTLs are defined per section inuseConsoleAppState.tsx.
| Section | TTL (ms) |
|---|---|
| Overview | 10,000 |
| Channels | 8,000 |
| Config / Secrets | 15,000 |
| Access | 10,000 |
| Support | 10,000 |
shouldAutoRefreshSection function evaluates if a section requires a background update based on the lastRefreshedAt timestamp apps/web/src/console/useConsoleAppState.tsx#42-72.
Sources: apps/web/src/console/useConsoleAppState.tsx#42-54, apps/web/src/console/useConsoleAppState.tsx#62-72