apps/web) provides a multi-section operator interface for managing the daemon’s lifecycle, security posture, and resource utilization. Each section maps to specific gRPC and HTTP surfaces within palyrad, primarily targeting the /console/v1 and /admin/v1 endpoints.
Operations and Diagnostics
The OperationsSection serves as the technical nerve center, aggregating runtime health, audit logs, and self-healing status. It transitions technical details away from the high-level Overview to provide a dedicated troubleshooting surface.- Implementation: Uses
app.diagnosticsSnapshotandapp.auditEventsto populate the view apps/web/src/console/sections/OperationsSection.tsx#52-53. - Data Flow: Fetches data via
refreshDiagnosticsandrefreshAuditcalls to theConsoleApiClientapps/web/src/console/sections/OperationsSection.tsx#99-111. - Key Components:
WorkspaceMetricCard: Displays provider state, auth state, and browser service status apps/web/src/console/sections/OperationsSection.tsx#125-142.AuditStream: Renders a filterable list of system events apps/web/src/console/sections/OperationsSection.tsx#238.
Diagnostics Mapping
| UI Entity | Code Entity | Source |
|---|---|---|
| Model Provider State | model_provider.state | apps/web/src/console/sections/OperationsSection.tsx#87 |
| Connector Dead Letters | observability.connector.dead_letters | apps/web/src/console/sections/OperationsSection.tsx#145 |
| Self-Healing Incidents | self_healing.summary.active | apps/web/src/console/sections/OperationsSection.tsx#157 |
Usage and Cost Governance
The UsageSection tracks token consumption, run throughput, and latency. It leverages backend-driven aggregation to avoid heavy processing in the browser.- Logic: Encapsulated in the
useUsageDomainhook apps/web/src/console/sections/UsageSection.tsx#36. - Features:
- Time Filtering: Supports windows (24h, 7d, 30d, 90d) and bucket sizes (hour, day) apps/web/src/console/sections/UsageSection.tsx#168-188.
- Cost Tracking: Displays USD estimates based on
model_mixdata apps/web/src/console/sections/UsageSection.tsx#109-114. - Routing Insights: Visualizes recent failover and model routing decisions apps/web/src/console/sections/UsageSection.tsx#45-52.
Access and Identity Management
The AccessSection manages the trust boundary between the daemon and external nodes/devices. It handles the lifecycle of pairing codes and mTLS device enrollment.Node Pairing Workflow
- Minting: Operator generates a
NodePairingCodewith a specific TTL apps/web/src/console/sections/AccessSection.tsx#182. - Request: A remote node uses the code to submit a
NodePairingRequest. - Approval: The operator reviews the request in the “Pending approvals” list and calls
approveSupportPairingRequestapps/web/src/console/sections/AccessSection.tsx#123. - Enrollment: The device is added to the
InventoryDeviceRecordwith atrustedstate apps/web/src/console/sections/AccessSection.tsx#98.
Provider Auth and Profiles
The AuthSection manages credentials for LLM providers (OpenAI, Anthropic). It supports two primary flows: Static API Keys and OAuth Bootstrap.- API Key Flow: Validates the key against the provider’s
/modelsendpoint before persisting it to the Vault crates/palyra-daemon/src/openai_surface.rs#34-40. - OAuth Flow: Initiates a stateful handshake.
palyradmanages theOpenAiOAuthBootstrapRequest, while the web UI handles the callback viawindow.postMessageapps/web/src/console/hooks/useAuthDomain.ts#79-87. - Vault Integration: Credentials are never stored in the config file. Instead, a
VaultRefis stored, and the raw secret is held in theFilesystemSecretStoreorDesktopSecretStorecrates/palyra-daemon/src/openai_surface.rs#42-48.
Auth Entity Relationship
Sources: apps/web/src/console/hooks/useAuthDomain.ts#130-166, crates/palyra-daemon/src/openai_surface.rs#18-78, apps/web/src/console/sections/AuthSection.tsx#158-185Config and Secret Management
The ConfigSection and SecretsSection provide controlled mutation of the system state.- Config Lifecycle:
- Inspect: Returns a redacted TOML view of the current configuration crates/palyra-control-plane/src/models.rs#154-165.
- Mutate: Applies fine-grained updates to specific keys (e.g.,
model_provider.auth_profile_id) apps/web/src/App.config-access-support.test.tsx#54-59. - Recover: Restores configuration from automated backups (
ConfigBackupRecord) crates/palyra-control-plane/src/models.rs#147-152.
- Secrets: Allows operators to write sensitive values to the
globaloragentscopes. Supports “Explicit Reveal” where values are masked by default and only shown upon user interaction apps/web/src/App.config-access-support.test.tsx#137-142.
Specialized Sections
Memory and Learning
Manages the vector-backed memory and the “Learning” subsystem. Operators can monitor “Reflections” (background tasks that synthesize facts) and purge specific memory namespaces apps/web/src/console/sections/OperationsSection.tsx#115-119.Browser and Channels
- Browser: Tracks the status of
palyra-browserdand managed Chromium profiles apps/web/src/console/sections/OperationsSection.tsx#138-142. - Channels: Manages connector status (Discord, Slack, etc.) and monitors “Dead Letter” queues for failed message deliveries apps/web/src/console/sections/OperationsSection.tsx#144-148.
Support and Recovery
The SupportSection facilitates the generation of diagnostic bundles.- Support Bundles: Operators can trigger a
support.bundlejob which executes a collection script and packages logs/configs (redacted) into a ZIP for debugging apps/web/src/console/fixtures/m56ControlPlane.ts#180-198.