From 59f52a66cc84ad682d9f4ea5715057f97f8eb7a3 Mon Sep 17 00:00:00 2001
From: etorreborre <etorreborre@yahoo.com>
Date: Thu, 28 Sep 2023 17:11:15 +0200
Subject: [PATCH] refactor(rust): remove the supervised node manager

---
 .../rust/ockam/ockam_api/src/nodes/service.rs | 111 ++++---
 .../ockam_api/src/nodes/service/forwarder.rs  |   6 +-
 .../src/nodes/service/in_memory_node.rs       | 272 ++++++++----------
 .../ockam_api/src/nodes/service/portals.rs    |   5 +-
 .../rust/ockam/ockam_api/src/util.rs          |   6 +-
 .../rust/ockam/ockam_app/src/app/state/mod.rs |  19 +-
 .../ockam_app/src/invitations/commands.rs     |   2 +-
 .../src/shared_service/relay/create.rs        |   8 +-
 .../src/shared_service/relay/state.rs         |   4 +-
 .../src/shared_service/tcp_outlet/state.rs    |   4 +-
 .../ockam_command/src/admin/subscription.rs   |  17 +-
 .../ockam/ockam_command/src/enroll/command.rs |  16 +-
 .../rust/ockam/ockam_command/src/lease/mod.rs |   9 +-
 .../ockam/ockam_command/src/message/send.rs   |  11 +-
 .../ockam/ockam_command/src/node/create.rs    |   5 +-
 .../rust/ockam/ockam_command/src/node/show.rs |   2 +-
 .../rust/ockam/ockam_command/src/node/util.rs |  72 +----
 .../ockam/ockam_command/src/operation/util.rs |   3 +-
 .../src/project/addon/configure_confluent.rs  |   4 +-
 .../src/project/addon/configure_influxdb.rs   |   4 +-
 .../src/project/addon/configure_okta.rs       |   4 +-
 .../src/project/addon/disable.rs              |   5 +-
 .../ockam_command/src/project/addon/list.rs   |   5 +-
 .../ockam_command/src/project/addon/mod.rs    |   5 +-
 .../ockam/ockam_command/src/project/create.rs |   6 +-
 .../ockam/ockam_command/src/project/delete.rs |   6 +-
 .../ockam/ockam_command/src/project/enroll.rs |   4 +-
 .../ockam/ockam_command/src/project/info.rs   |   6 +-
 .../ockam/ockam_command/src/project/list.rs   |   4 +-
 .../ockam/ockam_command/src/project/show.rs   |   6 +-
 .../ockam/ockam_command/src/project/ticket.rs |   7 +-
 .../ockam/ockam_command/src/project/util.rs   |  12 +-
 .../ockam_command/src/project/version.rs      |   3 +-
 .../ockam/ockam_command/src/share/accept.rs   |   4 +-
 .../ockam/ockam_command/src/share/create.rs   |   4 +-
 .../ockam/ockam_command/src/share/list.rs     |   4 +-
 .../ockam/ockam_command/src/share/service.rs  |   5 +-
 .../ockam/ockam_command/src/share/show.rs     |   4 +-
 .../ockam/ockam_command/src/space/create.rs   |   8 +-
 .../ockam/ockam_command/src/space/delete.rs   |   5 +-
 .../ockam/ockam_command/src/space/list.rs     |   5 +-
 .../ockam/ockam_command/src/space/show.rs     |   4 +-
 .../ockam/ockam_command/src/subscription.rs   |   9 +-
 43 files changed, 288 insertions(+), 417 deletions(-)

diff --git a/implementations/rust/ockam/ockam_api/src/nodes/service.rs b/implementations/rust/ockam/ockam_api/src/nodes/service.rs
index 8ca03ed32ee..cdf32ba85dc 100644
--- a/implementations/rust/ockam/ockam_api/src/nodes/service.rs
+++ b/implementations/rust/ockam/ockam_api/src/nodes/service.rs
@@ -1,9 +1,9 @@
 //! Node Manager (Node Man, the superhero that we deserve)
 
+use miette::IntoDiagnostic;
 use std::collections::BTreeMap;
 use std::error::Error as _;
 use std::net::SocketAddr;
-use std::ops::Deref;
 use std::path::PathBuf;
 use std::time::Duration;
 
@@ -48,9 +48,7 @@ use crate::nodes::models::portal::{OutletList, OutletStatus};
 use crate::nodes::models::transport::{TransportMode, TransportType};
 use crate::nodes::models::workers::{WorkerList, WorkerStatus};
 use crate::nodes::registry::KafkaServiceKind;
-use crate::nodes::NODEMANAGER_ADDR;
-use crate::session::sessions::{Key, Session};
-use crate::session::MedicHandle;
+use crate::nodes::{InMemoryNode, NODEMANAGER_ADDR};
 use crate::DefaultAddress;
 
 use super::registry::Registry;
@@ -89,56 +87,11 @@ pub(crate) fn encode_request_result<T: Encode<()>>(
     Ok(v)
 }
 
-/// Node manager provides a messaging API to interact with the current node
-pub struct SupervisedNodeManager {
-    node_manager: Arc<NodeManager>,
-    medic_handle: MedicHandle,
-}
-
-impl Deref for SupervisedNodeManager {
-    type Target = Arc<NodeManager>;
-
-    fn deref(&self) -> &Self::Target {
-        &self.node_manager
-    }
-}
-
-impl SupervisedNodeManager {
-    /// Create a new NodeManager with the node name from the ockam CLI
-    pub async fn create(
-        ctx: &Context,
-        general_options: NodeManagerGeneralOptions,
-        transport_options: NodeManagerTransportOptions,
-        trust_options: NodeManagerTrustOptions,
-    ) -> Result<Self> {
-        let node_manager =
-            NodeManager::create(general_options, transport_options, trust_options).await?;
-        debug!("start the Medic");
-        let medic_handle = MedicHandle::start_medic(ctx).await?;
-        Ok(Self {
-            node_manager: Arc::new(node_manager),
-            medic_handle,
-        })
-    }
-
-    pub fn node_manager(&self) -> Arc<NodeManager> {
-        self.node_manager.clone()
-    }
-
-    pub fn add_session(&self, session: Session) -> Key {
-        self.medic_handle.add_session(session)
-    }
-
-    pub async fn stop(&self, ctx: &Context) -> Result<()> {
-        self.medic_handle.stop_medic(ctx).await?;
-        for addr in DefaultAddress::iter() {
-            ctx.stop_worker(addr).await?;
-        }
-        Ok(())
-    }
-}
-
-/// Node manager provides a messaging API to interact with the current node
+/// Node manager provides high-level operations to
+///  - send messages
+///  - create secure channels, inlet, outlet
+///  - configure the trust context
+///  - manage persistent data
 pub struct NodeManager {
     pub(crate) cli_state: CliState,
     node_name: String,
@@ -213,7 +166,43 @@ impl NodeManager {
 }
 
 impl NodeManager {
-    pub async fn make_controller_node_client(&self) -> Result<Controller> {
+    pub async fn create_authority_client(
+        &self,
+        authority_identifier: &Identifier,
+        authority_multiaddr: &MultiAddr,
+        caller_identity_name: Option<String>,
+    ) -> miette::Result<AuthorityNode> {
+        self.make_authority_node_client(
+            authority_identifier,
+            authority_multiaddr,
+            &self
+                .get_identifier(caller_identity_name)
+                .await
+                .into_diagnostic()?,
+        )
+        .await
+        .into_diagnostic()
+    }
+
+    pub async fn create_project_client(
+        &self,
+        project_identifier: &Identifier,
+        project_multiaddr: &MultiAddr,
+        caller_identity_name: Option<String>,
+    ) -> miette::Result<ProjectNode> {
+        self.make_project_node_client(
+            project_identifier,
+            project_multiaddr,
+            &self
+                .get_identifier(caller_identity_name)
+                .await
+                .into_diagnostic()?,
+        )
+        .await
+        .into_diagnostic()
+    }
+
+    pub(crate) async fn make_controller_node_client(&self) -> Result<Controller> {
         SecureClients::controller(
             &self.tcp_transport,
             self.secure_channels.clone(),
@@ -222,7 +211,7 @@ impl NodeManager {
         .await
     }
 
-    pub async fn make_authority_node_client(
+    async fn make_authority_node_client(
         &self,
         authority_identifier: &Identifier,
         authority_multiaddr: &MultiAddr,
@@ -238,7 +227,7 @@ impl NodeManager {
         .await
     }
 
-    pub async fn make_project_node_client(
+    async fn make_project_node_client(
         &self,
         project_identifier: &Identifier,
         project_multiaddr: &MultiAddr,
@@ -273,11 +262,11 @@ impl NodeManager {
 
 #[derive(Clone)]
 pub struct NodeManagerWorker {
-    pub node_manager: Arc<SupervisedNodeManager>,
+    pub node_manager: Arc<InMemoryNode>,
 }
 
 impl NodeManagerWorker {
-    pub fn new(node_manager: Arc<SupervisedNodeManager>) -> Self {
+    pub fn new(node_manager: Arc<InMemoryNode>) -> Self {
         NodeManagerWorker { node_manager }
     }
 
@@ -286,10 +275,6 @@ impl NodeManagerWorker {
         ctx.stop_worker(NODEMANAGER_ADDR).await?;
         Ok(())
     }
-
-    pub async fn make_controller_node_client(&self) -> Result<Controller> {
-        self.node_manager.make_controller_node_client().await
-    }
 }
 
 pub struct IdentityOverride {
diff --git a/implementations/rust/ockam/ockam_api/src/nodes/service/forwarder.rs b/implementations/rust/ockam/ockam_api/src/nodes/service/forwarder.rs
index 7f2dc43a815..7a7626e864a 100644
--- a/implementations/rust/ockam/ockam_api/src/nodes/service/forwarder.rs
+++ b/implementations/rust/ockam/ockam_api/src/nodes/service/forwarder.rs
@@ -19,8 +19,8 @@ use crate::nodes::models::forwarder::{CreateForwarder, ForwarderInfo};
 use crate::nodes::models::secure_channel::{
     CreateSecureChannelRequest, CreateSecureChannelResponse,
 };
-use crate::nodes::service::SupervisedNodeManager;
-use crate::nodes::{BackgroundNode, InMemoryNode};
+use crate::nodes::service::in_memory_node::InMemoryNode;
+use crate::nodes::BackgroundNode;
 use crate::session::sessions::{Replacer, Session};
 use crate::session::sessions::{MAX_CONNECT_TIME, MAX_RECOVERY_TIME};
 
@@ -200,7 +200,7 @@ impl NodeManager {
     }
 }
 
-impl SupervisedNodeManager {
+impl InMemoryNode {
     pub async fn create_forwarder(
         &self,
         ctx: &Context,
diff --git a/implementations/rust/ockam/ockam_api/src/nodes/service/in_memory_node.rs b/implementations/rust/ockam/ockam_api/src/nodes/service/in_memory_node.rs
index 9d3e5c6baf3..5483a8a35be 100644
--- a/implementations/rust/ockam/ockam_api/src/nodes/service/in_memory_node.rs
+++ b/implementations/rust/ockam/ockam_api/src/nodes/service/in_memory_node.rs
@@ -1,52 +1,77 @@
+use miette::IntoDiagnostic;
+use std::ops::Deref;
 use std::path::PathBuf;
-use std::sync::Arc;
-use std::time::Duration;
 
-use miette::IntoDiagnostic;
 use rand::random;
 
-use ockam::identity::Identifier;
-use ockam::{Context, TcpListenerOptions, TcpTransport};
-use ockam_core::async_trait;
-use ockam_multiaddr::MultiAddr;
+use ockam::{Context, Result, TcpTransport};
+use ockam_core::compat::{string::String, sync::Arc};
+use ockam_transport_tcp::TcpListenerOptions;
 
 use crate::cli_state::{add_project_info_to_node_state, init_node_state, CliState};
-use crate::cloud::{AuthorityNode, Controller, ProjectNode};
+use crate::cloud::Controller;
 use crate::config::cli::TrustContextConfig;
-
-use crate::nodes::service::message::MessageSender;
 use crate::nodes::service::{
     NodeManagerGeneralOptions, NodeManagerTransportOptions, NodeManagerTrustOptions,
-    SupervisedNodeManager,
 };
-use crate::nodes::NODEMANAGER_ADDR;
-
-/// This struct represents a node that lives within the current process
+use crate::nodes::{NodeManager, NODEMANAGER_ADDR};
+use crate::session::sessions::{Key, Session};
+use crate::session::MedicHandle;
+use crate::DefaultAddress;
+
+/// An `InMemoryNode` represents a full running node
+/// In addition to a `NodeManager`, which is used to handle all the entities related to a node
+/// (inlet/outlet, secure channels, etc...)
+/// the in memory node also handles the supervisions of the node with other nodes
+///
+/// You need to use an InMemoryNode if:
+///
+///  - you want to start a full node in the current process with services: inlets, outlets, secure channels etc...
+///  - you want to create a client to send requests to the controller, with the `create_controller` method
+///  - you want to create a client to send requests to the project node, with the `create_project_client` method
+///  - you want to create a client to send requests to the authority node, with the `create_authority_client` method
+///
+///
 pub struct InMemoryNode {
-    pub(crate) node_manager: SupervisedNodeManager,
-    controller: Arc<Controller>,
+    pub(crate) node_manager: Arc<NodeManager>,
+    pub(crate) medic_handle: MedicHandle,
+}
+
+/// This Deref instance makes it easy to access the NodeManager functions from an InMemoryNode
+impl Deref for InMemoryNode {
+    type Target = Arc<NodeManager>;
+
+    fn deref(&self) -> &Self::Target {
+        &self.node_manager
+    }
 }
 
 impl InMemoryNode {
-    pub async fn create(
+    /// Start an in memory node
+    pub async fn start(ctx: &Context, cli_state: &CliState) -> miette::Result<Self> {
+        Self::start_with_trust_context(ctx, cli_state, None, None).await
+    }
+
+    /// Start an in memory node with some project and trust context data
+    pub async fn start_with_trust_context(
         ctx: &Context,
         cli_state: &CliState,
         project_path: Option<&PathBuf>,
         trust_context_config: Option<TrustContextConfig>,
-    ) -> miette::Result<InMemoryNode> {
-        let node_manager =
-            start_node_manager(ctx, cli_state, project_path, trust_context_config).await?;
-        let controller = node_manager
-            .make_controller_node_client()
-            .await
-            .into_diagnostic()?;
-        Ok(Self {
-            node_manager,
-            controller: Arc::new(controller),
-        })
+    ) -> miette::Result<Self> {
+        Self::start_node(
+            ctx,
+            cli_state,
+            None,
+            None,
+            project_path,
+            trust_context_config,
+        )
+        .await
     }
 
-    pub async fn create_with_vault_and_identity(
+    /// Start an in memory node
+    pub async fn start_node(
         ctx: &Context,
         cli_state: &CliState,
         vault: Option<String>,
@@ -54,92 +79,83 @@ impl InMemoryNode {
         project_path: Option<&PathBuf>,
         trust_context_config: Option<TrustContextConfig>,
     ) -> miette::Result<InMemoryNode> {
-        let node_manager = start_node_manager_with_vault_and_identity(
-            ctx,
+        let defaults = NodeManagerDefaults::default();
+
+        init_node_state(
             cli_state,
-            vault,
-            identity,
-            project_path,
-            trust_context_config,
+            &defaults.node_name,
+            vault.as_deref(),
+            identity.as_deref(),
         )
         .await?;
-        let controller = node_manager
-            .make_controller_node_client()
-            .await
-            .into_diagnostic()?;
-        Ok(Self {
-            node_manager,
-            controller: Arc::new(controller),
-        })
-    }
 
-    pub async fn make_project_node_client(
-        &self,
-        project_identifier: &Identifier,
-        project_address: &MultiAddr,
-        caller_identity_name: Option<String>,
-    ) -> miette::Result<ProjectNode> {
-        self.node_manager
-            .make_project_node_client(
-                project_identifier,
-                project_address,
-                &self
-                    .node_manager
-                    .get_identifier(caller_identity_name)
-                    .await
-                    .into_diagnostic()?,
-            )
-            .await
-            .into_diagnostic()
+        add_project_info_to_node_state(&defaults.node_name, cli_state, project_path).await?;
+
+        let tcp = TcpTransport::create(ctx).await.into_diagnostic()?;
+        let bind = defaults.tcp_listener_address;
+
+        let options = TcpListenerOptions::new();
+        let listener = tcp.listen(&bind, options).await.into_diagnostic()?;
+
+        let node_manager = Self::new(
+            ctx,
+            NodeManagerGeneralOptions::new(
+                cli_state.clone(),
+                defaults.node_name.clone(),
+                false,
+                None,
+            ),
+            NodeManagerTransportOptions::new(listener.flow_control_id().clone(), tcp),
+            NodeManagerTrustOptions::new(trust_context_config),
+        )
+        .await
+        .into_diagnostic()?;
+        ctx.flow_controls()
+            .add_consumer(NODEMANAGER_ADDR, listener.flow_control_id());
+        Ok(node_manager)
     }
 
-    pub async fn make_authority_node_client(
-        &self,
-        authority_identifier: &Identifier,
-        authority_address: &MultiAddr,
-        caller_identity_name: Option<String>,
-    ) -> miette::Result<AuthorityNode> {
-        self.node_manager
-            .make_authority_node_client(
-                authority_identifier,
-                authority_address,
-                &self
-                    .node_manager
-                    .get_identifier(caller_identity_name)
-                    .await
-                    .into_diagnostic()?,
-            )
-            .await
-            .into_diagnostic()
+    /// Create an in memory node and return its controller
+    pub async fn create_controller(
+        ctx: &Context,
+        cli_state: &CliState,
+    ) -> miette::Result<Controller> {
+        let node = Self::start_node(ctx, cli_state, None, None, None, None).await?;
+        node.controller().await
     }
 
-    pub fn controller(&self) -> Arc<Controller> {
-        self.controller.clone()
+    /// Return a Controller client to send requests to the Controller
+    pub async fn controller(&self) -> miette::Result<Controller> {
+        self.make_controller_node_client().await.into_diagnostic()
     }
 
-    pub fn node_name(&self) -> String {
-        self.node_manager.node_name()
+    pub fn add_session(&self, session: Session) -> Key {
+        self.medic_handle.add_session(session)
     }
-}
 
-impl Drop for InMemoryNode {
-    fn drop(&mut self) {
-        let _ = self.node_manager.node_manager.delete_node();
+    pub async fn stop(&self, ctx: &Context) -> Result<()> {
+        self.medic_handle.stop_medic(ctx).await?;
+        for addr in DefaultAddress::iter() {
+            ctx.stop_worker(addr).await?;
+        }
+        Ok(())
     }
-}
 
-#[async_trait]
-impl MessageSender for InMemoryNode {
-    async fn send_message(
-        &self,
+    /// Create a new in memory node with various options
+    pub async fn new(
         ctx: &Context,
-        addr: &MultiAddr,
-        message: Vec<u8>,
-        timeout: Option<Duration>,
-    ) -> ockam_core::Result<Vec<u8>> {
-        self.node_manager
-            .send_message(ctx, addr, message, timeout)
-            .await
+        general_options: NodeManagerGeneralOptions,
+        transport_options: NodeManagerTransportOptions,
+        trust_options: NodeManagerTrustOptions,
+    ) -> Result<Self> {
+        let node_manager =
+            NodeManager::create(general_options, transport_options, trust_options).await?;
+        debug!("start the Medic");
+        let medic_handle = MedicHandle::start_medic(ctx).await?;
+        Ok(Self {
+            node_manager: Arc::new(node_manager),
+            medic_handle,
+        })
     }
 }
 
@@ -156,59 +172,3 @@ impl Default for NodeManagerDefaults {
         }
     }
 }
-
-pub async fn start_node_manager(
-    ctx: &Context,
-    cli_state: &CliState,
-    project_path: Option<&PathBuf>,
-    trust_context_config: Option<TrustContextConfig>,
-) -> miette::Result<SupervisedNodeManager> {
-    start_node_manager_with_vault_and_identity(
-        ctx,
-        cli_state,
-        None,
-        None,
-        project_path,
-        trust_context_config,
-    )
-    .await
-}
-
-pub async fn start_node_manager_with_vault_and_identity(
-    ctx: &Context,
-    cli_state: &CliState,
-    vault: Option<String>,
-    identity: Option<String>,
-    project_path: Option<&PathBuf>,
-    trust_context_config: Option<TrustContextConfig>,
-) -> miette::Result<SupervisedNodeManager> {
-    let defaults = NodeManagerDefaults::default();
-
-    init_node_state(
-        cli_state,
-        &defaults.node_name,
-        vault.as_deref(),
-        identity.as_deref(),
-    )
-    .await?;
-
-    add_project_info_to_node_state(&defaults.node_name, cli_state, project_path).await?;
-
-    let tcp = TcpTransport::create(ctx).await.into_diagnostic()?;
-    let bind = defaults.tcp_listener_address;
-
-    let options = TcpListenerOptions::new();
-    let listener = tcp.listen(&bind, options).await.into_diagnostic()?;
-
-    let node_manager = SupervisedNodeManager::create(
-        ctx,
-        NodeManagerGeneralOptions::new(cli_state.clone(), defaults.node_name.clone(), false, None),
-        NodeManagerTransportOptions::new(listener.flow_control_id().clone(), tcp),
-        NodeManagerTrustOptions::new(trust_context_config),
-    )
-    .await
-    .into_diagnostic()?;
-    ctx.flow_controls()
-        .add_consumer(NODEMANAGER_ADDR, listener.flow_control_id());
-    Ok(node_manager)
-}
diff --git a/implementations/rust/ockam/ockam_api/src/nodes/service/portals.rs b/implementations/rust/ockam/ockam_api/src/nodes/service/portals.rs
index 0b9d53ccceb..f3d6db41dda 100644
--- a/implementations/rust/ockam/ockam_api/src/nodes/service/portals.rs
+++ b/implementations/rust/ockam/ockam_api/src/nodes/service/portals.rs
@@ -23,7 +23,8 @@ use crate::nodes::models::portal::{
     CreateInlet, CreateOutlet, InletList, InletStatus, OutletList, OutletStatus,
 };
 use crate::nodes::registry::{InletInfo, OutletInfo};
-use crate::nodes::service::{random_alias, SupervisedNodeManager};
+use crate::nodes::service::random_alias;
+use crate::nodes::InMemoryNode;
 use crate::session::sessions::{Replacer, Session, MAX_CONNECT_TIME, MAX_RECOVERY_TIME};
 use crate::{actions, resources, DefaultAddress};
 
@@ -508,7 +509,7 @@ impl NodeManager {
     }
 }
 
-impl SupervisedNodeManager {
+impl InMemoryNode {
     #[allow(clippy::too_many_arguments)]
     pub async fn create_inlet(
         &self,
diff --git a/implementations/rust/ockam/ockam_api/src/util.rs b/implementations/rust/ockam/ockam_api/src/util.rs
index 30ab5bc17f1..3a64158b404 100644
--- a/implementations/rust/ockam/ockam_api/src/util.rs
+++ b/implementations/rust/ockam/ockam_api/src/util.rs
@@ -391,8 +391,8 @@ pub mod test_utils {
     use crate::config::cli::{CredentialRetrieverConfig, TrustAuthorityConfig, TrustContextConfig};
     use crate::nodes::service::{
         NodeManagerGeneralOptions, NodeManagerTransportOptions, NodeManagerTrustOptions,
-        SupervisedNodeManager,
     };
+    use crate::nodes::InMemoryNode;
     use crate::nodes::{NodeManagerWorker, NODEMANAGER_ADDR};
 
     /// This struct is used by tests, it has two responsibilities:
@@ -402,7 +402,7 @@ pub mod test_utils {
     /// - useful access to the NodeManager
     pub struct NodeManagerHandle {
         pub cli_state: CliState,
-        pub node_manager: Arc<SupervisedNodeManager>,
+        pub node_manager: Arc<InMemoryNode>,
         pub tcp: TcpTransport,
         pub secure_channels: Arc<SecureChannels>,
         pub identifier: Identifier,
@@ -473,7 +473,7 @@ pub mod test_utils {
         let node_config = NodeConfig::try_from(&cli_state).unwrap();
         cli_state.nodes.create(&node_name, node_config)?;
 
-        let node_manager = SupervisedNodeManager::create(
+        let node_manager = InMemoryNode::new(
             context,
             NodeManagerGeneralOptions::new(cli_state.clone(), node_name, None, true),
             NodeManagerTransportOptions::new(
diff --git a/implementations/rust/ockam/ockam_app/src/app/state/mod.rs b/implementations/rust/ockam/ockam_app/src/app/state/mod.rs
index 7fe434cbe31..625a76d0bb6 100644
--- a/implementations/rust/ockam/ockam_app/src/app/state/mod.rs
+++ b/implementations/rust/ockam/ockam_app/src/app/state/mod.rs
@@ -22,8 +22,8 @@ use ockam_api::nodes::models::portal::OutletStatus;
 use ockam_api::nodes::models::transport::{CreateTransportJson, TransportMode, TransportType};
 use ockam_api::nodes::service::{
     NodeManagerGeneralOptions, NodeManagerTransportOptions, NodeManagerTrustOptions,
-    SupervisedNodeManager,
 };
+use ockam_api::nodes::InMemoryNode;
 use ockam_api::nodes::NODEMANAGER_ADDR;
 use ockam_api::trust_context::TrustContextConfigBuilder;
 use ockam_multiaddr::MultiAddr;
@@ -48,7 +48,7 @@ pub const PROJECT_NAME: &str = "default";
 pub struct AppState {
     context: Arc<Context>,
     state: Arc<RwLock<CliState>>,
-    node_manager: Arc<RwLock<Arc<SupervisedNodeManager>>>,
+    node_manager: Arc<RwLock<Arc<InMemoryNode>>>,
     model_state: Arc<RwLock<ModelState>>,
     model_state_repository: Arc<RwLock<Arc<dyn ModelStateRepository>>>,
     event_manager: StdRwLock<EventManager>,
@@ -178,7 +178,7 @@ impl AppState {
     }
 
     /// Return the node manager
-    pub async fn node_manager(&self) -> Arc<SupervisedNodeManager> {
+    pub async fn node_manager(&self) -> Arc<InMemoryNode> {
         let node_manager = self.node_manager.read().await;
         node_manager.clone()
     }
@@ -186,10 +186,7 @@ impl AppState {
     /// Return a client to access the Controller
     pub async fn controller(&self) -> Result<Controller> {
         let node_manager = self.node_manager.read().await;
-        Ok(node_manager
-            .make_controller_node_client()
-            .await
-            .into_diagnostic()?)
+        Ok(node_manager.controller().await?)
     }
 
     pub async fn is_enrolled(&self) -> Result<bool> {
@@ -279,7 +276,7 @@ impl AppState {
 }
 
 /// Create a node manager
-fn create_node_manager(ctx: Arc<Context>, cli_state: &CliState) -> SupervisedNodeManager {
+fn create_node_manager(ctx: Arc<Context>, cli_state: &CliState) -> InMemoryNode {
     match block_on(async { make_node_manager(ctx.clone(), cli_state).await }) {
         Ok(w) => w,
         Err(e) => {
@@ -293,7 +290,7 @@ fn create_node_manager(ctx: Arc<Context>, cli_state: &CliState) -> SupervisedNod
 pub(crate) async fn make_node_manager(
     ctx: Arc<Context>,
     cli_state: &CliState,
-) -> miette::Result<SupervisedNodeManager> {
+) -> miette::Result<InMemoryNode> {
     init_node_state(cli_state, NODE_NAME, None, None).await?;
 
     let tcp = TcpTransport::create(&ctx).await.into_diagnostic()?;
@@ -318,7 +315,7 @@ pub(crate) async fn make_node_manager(
     )?;
     let trust_context_config = TrustContextConfigBuilder::new(cli_state).build();
 
-    let node_manager = SupervisedNodeManager::create(
+    let node_manager = InMemoryNode::new(
         &ctx,
         NodeManagerGeneralOptions::new(cli_state.clone(), NODE_NAME.to_string(), None, true),
         NodeManagerTransportOptions::new(listener.flow_control_id().clone(), tcp),
@@ -350,7 +347,7 @@ fn create_model_state_repository(state: &CliState) -> Arc<dyn ModelStateReposito
 /// Load a previously persisted ModelState
 fn load_model_state(
     model_state_repository: Arc<dyn ModelStateRepository>,
-    node_manager: Arc<SupervisedNodeManager>,
+    node_manager: Arc<InMemoryNode>,
     context: Arc<Context>,
     cli_state: &CliState,
 ) -> ModelState {
diff --git a/implementations/rust/ockam/ockam_app/src/invitations/commands.rs b/implementations/rust/ockam/ockam_app/src/invitations/commands.rs
index b0c4d5d674c..a75d0c281b4 100644
--- a/implementations/rust/ockam/ockam_app/src/invitations/commands.rs
+++ b/implementations/rust/ockam/ockam_app/src/invitations/commands.rs
@@ -69,7 +69,7 @@ async fn accept_invitation_impl<R: Runtime>(id: String, app: &AppHandle<R>) -> c
 
     let controller = app_state.controller().await.into_diagnostic()?;
     let res = controller
-        .accept_invitation(&app_state.context(), id)
+        .accept_invitation(&app_state.context(), id.clone())
         .await?;
 
     // Update the invitation status to Accepted
diff --git a/implementations/rust/ockam/ockam_app/src/shared_service/relay/create.rs b/implementations/rust/ockam/ockam_app/src/shared_service/relay/create.rs
index 287ab0aeb7b..b86a948929b 100644
--- a/implementations/rust/ockam/ockam_app/src/shared_service/relay/create.rs
+++ b/implementations/rust/ockam/ockam_app/src/shared_service/relay/create.rs
@@ -4,7 +4,7 @@ use miette::IntoDiagnostic;
 use ockam::Context;
 use ockam_api::cli_state::{CliState, StateDirTrait};
 use ockam_api::nodes::models::forwarder::ForwarderInfo;
-use ockam_api::nodes::service::SupervisedNodeManager;
+use ockam_api::nodes::InMemoryNode;
 use ockam_multiaddr::MultiAddr;
 use once_cell::sync::Lazy;
 use std::str::FromStr;
@@ -17,7 +17,7 @@ pub static RELAY_NAME: Lazy<String> = Lazy::new(|| format!("forward_to_{NODE_NAM
 pub async fn create_relay(
     context: Arc<Context>,
     cli_state: CliState,
-    node_manager: Arc<SupervisedNodeManager>,
+    node_manager: Arc<InMemoryNode>,
 ) {
     loop {
         match create_relay_impl(&context, &cli_state, node_manager.clone()).await {
@@ -36,7 +36,7 @@ pub async fn create_relay(
 async fn create_relay_impl(
     context: &Context,
     cli_state: &CliState,
-    node_manager: Arc<SupervisedNodeManager>,
+    node_manager: Arc<InMemoryNode>,
 ) -> Result<Option<ForwarderInfo>> {
     trace!("Creating relay");
     if !cli_state.is_enrolled().unwrap_or(false) {
@@ -73,7 +73,7 @@ async fn create_relay_impl(
     }
 }
 
-pub(crate) async fn get_relay(node_manager: Arc<SupervisedNodeManager>) -> Option<ForwarderInfo> {
+pub(crate) async fn get_relay(node_manager: Arc<InMemoryNode>) -> Option<ForwarderInfo> {
     node_manager
         .get_forwarders()
         .await
diff --git a/implementations/rust/ockam/ockam_app/src/shared_service/relay/state.rs b/implementations/rust/ockam/ockam_app/src/shared_service/relay/state.rs
index 10c872c8b68..e84b81aad5c 100644
--- a/implementations/rust/ockam/ockam_app/src/shared_service/relay/state.rs
+++ b/implementations/rust/ockam/ockam_app/src/shared_service/relay/state.rs
@@ -1,11 +1,11 @@
 use ockam::Context;
 use ockam_api::cli_state::CliState;
-use ockam_api::nodes::service::SupervisedNodeManager;
+use ockam_api::nodes::InMemoryNode;
 use std::sync::Arc;
 
 pub(crate) fn load_model_state(
     context: Arc<Context>,
-    node_manager: Arc<SupervisedNodeManager>,
+    node_manager: Arc<InMemoryNode>,
     cli_state: &CliState,
 ) {
     let cli_state = cli_state.clone();
diff --git a/implementations/rust/ockam/ockam_app/src/shared_service/tcp_outlet/state.rs b/implementations/rust/ockam/ockam_app/src/shared_service/tcp_outlet/state.rs
index b8d1d9518e1..51091890f2e 100644
--- a/implementations/rust/ockam/ockam_app/src/shared_service/tcp_outlet/state.rs
+++ b/implementations/rust/ockam/ockam_app/src/shared_service/tcp_outlet/state.rs
@@ -2,7 +2,7 @@ use crate::app::ModelState;
 use ockam::Context;
 use ockam_api::cli_state::CliState;
 use ockam_api::nodes::models::portal::OutletStatus;
-use ockam_api::nodes::service::SupervisedNodeManager;
+use ockam_api::nodes::InMemoryNode;
 use std::sync::Arc;
 use tracing::{debug, error};
 
@@ -22,7 +22,7 @@ impl ModelState {
 
 pub(crate) async fn load_model_state(
     context: Arc<Context>,
-    node_manager: Arc<SupervisedNodeManager>,
+    node_manager: Arc<InMemoryNode>,
     model_state: &ModelState,
     cli_state: &CliState,
 ) {
diff --git a/implementations/rust/ockam/ockam_command/src/admin/subscription.rs b/implementations/rust/ockam/ockam_command/src/admin/subscription.rs
index 2120e15e24b..f1bc9deb674 100644
--- a/implementations/rust/ockam/ockam_command/src/admin/subscription.rs
+++ b/implementations/rust/ockam/ockam_command/src/admin/subscription.rs
@@ -6,6 +6,7 @@ use miette::{Context as _, IntoDiagnostic};
 
 use ockam::Context;
 use ockam_api::cloud::subscription::Subscriptions;
+
 use ockam_api::nodes::InMemoryNode;
 
 use crate::output::Output;
@@ -141,8 +142,7 @@ async fn run_impl(
     ctx: Context,
     (opts, cmd): (CommandGlobalOpts, SubscriptionCommand),
 ) -> miette::Result<()> {
-    let node = InMemoryNode::create(&ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let controller = InMemoryNode::create_controller(&ctx, &opts.state).await?;
 
     match cmd.subcommand {
         SubscriptionSubcommand::Attach {
@@ -167,13 +167,8 @@ async fn run_impl(
             subscription_id,
             space_id,
         } => {
-            match get_subscription_by_id_or_space_id(
-                controller.clone(),
-                &ctx,
-                subscription_id,
-                space_id,
-            )
-            .await?
+            match get_subscription_by_id_or_space_id(&controller, &ctx, subscription_id, space_id)
+                .await?
             {
                 Some(subscription) => {
                     let response = controller
@@ -199,7 +194,7 @@ async fn run_impl(
                         .into_diagnostic()
                         .context(format!("failed to read {:?}", &json))?;
                     match get_subscription_by_id_or_space_id(
-                        controller.clone(),
+                        &controller,
                         &ctx,
                         subscription_id,
                         space_id,
@@ -224,7 +219,7 @@ async fn run_impl(
                     new_space_id,
                 } => {
                     match get_subscription_by_id_or_space_id(
-                        controller.clone(),
+                        &controller,
                         &ctx,
                         subscription_id,
                         space_id,
diff --git a/implementations/rust/ockam/ockam_command/src/enroll/command.rs b/implementations/rust/ockam/ockam_command/src/enroll/command.rs
index 9e02656ea7a..946b9f06f85 100644
--- a/implementations/rust/ockam/ockam_command/src/enroll/command.rs
+++ b/implementations/rust/ockam/ockam_command/src/enroll/command.rs
@@ -5,7 +5,6 @@ use std::sync::Arc;
 use clap::Args;
 use colorful::Colorful;
 use miette::{IntoDiagnostic, WrapErr};
-use std::sync::Arc;
 use tokio::sync::Mutex;
 use tokio::try_join;
 use tracing::info;
@@ -112,9 +111,10 @@ async fn run_impl(
         .users_info
         .overwrite(&user_info.email, user_info.clone())?;
 
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
+    let node = InMemoryNode::start(ctx, &opts.state).await?;
+    let controller = node.controller().await?;
 
-    enroll_with_node(node.controller(), ctx, token)
+    enroll_with_node(&controller, ctx, token)
         .await
         .wrap_err("Failed to enroll your local identity with Ockam Orchestrator")?;
 
@@ -135,7 +135,7 @@ pub async fn retrieve_user_project(
     ctx: &Context,
     node: &InMemoryNode,
 ) -> Result<Identifier> {
-    let space = default_space(opts, ctx, node.controller())
+    let space = default_space(opts, ctx, &node.controller().await?)
         .await
         .wrap_err("Unable to retrieve and set a space as default")?;
     info!("Retrieved the user default space {:?}", space);
@@ -167,7 +167,7 @@ pub async fn retrieve_user_project(
 
 /// Enroll a user with a token, using the controller
 pub async fn enroll_with_node(
-    controller: Arc<Controller>,
+    controller: &Controller,
     ctx: &Context,
     token: OidcToken,
 ) -> miette::Result<()> {
@@ -184,7 +184,7 @@ pub async fn enroll_with_node(
 async fn default_space(
     opts: &CommandGlobalOpts,
     ctx: &Context,
-    controller: Arc<Controller>,
+    controller: &Controller,
 ) -> Result<Space> {
     // Get available spaces for node's identity
     opts.terminal
@@ -270,7 +270,7 @@ async fn default_project(
     node: &InMemoryNode,
     space: &Space,
 ) -> Result<Project> {
-    let controller = node.controller();
+    let controller = node.controller().await?;
 
     // Get available project for the given space
     opts.terminal.write_line(&fmt_log!(
@@ -332,7 +332,7 @@ async fn default_project(
         ))?;
 
         let operation_id = project.operation_id.clone().unwrap();
-        check_for_completion(opts, ctx, controller, &operation_id).await?;
+        check_for_completion(opts, ctx, &controller, &operation_id).await?;
 
         project.to_owned()
     }
diff --git a/implementations/rust/ockam/ockam_command/src/lease/mod.rs b/implementations/rust/ockam/ockam_command/src/lease/mod.rs
index c9ce4b1e3ed..8942e291137 100644
--- a/implementations/rust/ockam/ockam_command/src/lease/mod.rs
+++ b/implementations/rust/ockam/ockam_command/src/lease/mod.rs
@@ -13,7 +13,8 @@ use miette::{miette, Context, IntoDiagnostic};
 use ockam_api::cli_state::{ProjectConfigCompact, StateDirTrait, StateItemTrait};
 use ockam_api::cloud::ProjectNode;
 use ockam_api::config::lookup::ProjectLookup;
-use ockam_api::nodes::{Credentials, InMemoryNode};
+use ockam_api::nodes::Credentials;
+use ockam_api::nodes::InMemoryNode;
 
 use crate::identity::get_identity_name;
 
@@ -71,7 +72,7 @@ async fn authenticate(
     trust_opts: &TrustContextOpts,
 ) -> miette::Result<ProjectNode> {
     let trust_context_config = trust_opts.to_config(&opts.state)?.build();
-    let node = InMemoryNode::create(
+    let node = InMemoryNode::start_with_trust_context(
         ctx,
         &opts.state,
         trust_opts.project_path.as_ref(),
@@ -92,7 +93,7 @@ async fn authenticate(
         .ok_or(miette!("Project route is required"))?;
 
     let authority_node = node
-        .make_authority_node_client(
+        .create_authority_client(
             project_authority.identity_id(),
             project_authority.address(),
             Some(identity.clone()),
@@ -102,7 +103,7 @@ async fn authenticate(
     authority_node
         .authenticate(ctx, Some(identity.clone()))
         .await?;
-    node.make_project_node_client(&project_identifier, &project_addr, Some(identity.clone()))
+    node.create_project_client(&project_identifier, &project_addr, Some(identity.clone()))
         .await
 }
 
diff --git a/implementations/rust/ockam/ockam_command/src/message/send.rs b/implementations/rust/ockam/ockam_command/src/message/send.rs
index b58ad2f2125..49a32529617 100644
--- a/implementations/rust/ockam/ockam_command/src/message/send.rs
+++ b/implementations/rust/ockam/ockam_command/src/message/send.rs
@@ -6,7 +6,8 @@ use miette::{Context as _, IntoDiagnostic};
 use ockam::Context;
 use ockam_api::address::extract_address_value;
 use ockam_api::nodes::service::message::{MessageSender, SendMessage};
-use ockam_api::nodes::{BackgroundNode, InMemoryNode};
+use ockam_api::nodes::BackgroundNode;
+use ockam_api::nodes::InMemoryNode;
 use ockam_core::api::Request;
 use ockam_multiaddr::MultiAddr;
 
@@ -89,7 +90,8 @@ async fn rpc(ctx: Context, (opts, cmd): (CommandGlobalOpts, SendCommand)) -> mie
         } else {
             let identity_name = get_identity_name(&opts.state, &cmd.cloud_opts.identity);
             let trust_context_config = cmd.trust_context_opts.to_config(&opts.state)?.build();
-            let node = InMemoryNode::create_with_vault_and_identity(
+
+            let node_manager = InMemoryNode::start_node(
                 ctx,
                 &opts.state,
                 None,
@@ -103,14 +105,15 @@ async fn rpc(ctx: Context, (opts, cmd): (CommandGlobalOpts, SendCommand)) -> mie
             let projects_sc = get_projects_secure_channels_from_config_lookup(
                 &opts,
                 ctx,
-                &node,
+                &node_manager,
                 &meta,
                 Some(identity_name),
                 Some(cmd.timeout),
             )
             .await?;
             let to = clean_projects_multiaddr(to, projects_sc)?;
-            node.send_message(ctx, &to, msg_bytes, Some(cmd.timeout))
+            node_manager
+                .send_message(ctx, &to, msg_bytes, Some(cmd.timeout))
                 .await
                 .into_diagnostic()?
         };
diff --git a/implementations/rust/ockam/ockam_command/src/node/create.rs b/implementations/rust/ockam/ockam_command/src/node/create.rs
index f20e6604797..8c70c2bf11e 100644
--- a/implementations/rust/ockam/ockam_command/src/node/create.rs
+++ b/implementations/rust/ockam/ockam_command/src/node/create.rs
@@ -16,8 +16,9 @@ use ockam::{Context, TcpTransport};
 use ockam_api::cli_state::traits::{StateDirTrait, StateItemTrait};
 use ockam_api::cli_state::{add_project_info_to_node_state, init_node_state, random_name};
 use ockam_api::nodes::models::transport::CreateTransportJson;
-use ockam_api::nodes::service::{NodeManagerTrustOptions, SupervisedNodeManager};
+use ockam_api::nodes::service::NodeManagerTrustOptions;
 use ockam_api::nodes::BackgroundNode;
+use ockam_api::nodes::InMemoryNode;
 use ockam_api::{
     bootstrapped_identities_store::PreTrustedIdentities,
     nodes::models::transport::{TransportMode, TransportType},
@@ -305,7 +306,7 @@ async fn run_foreground_node(
 
     let pre_trusted_identities = load_pre_trusted_identities(&cmd)?;
 
-    let node_man = SupervisedNodeManager::create(
+    let node_man = InMemoryNode::new(
         &ctx,
         NodeManagerGeneralOptions::new(
             opts.state.clone(),
diff --git a/implementations/rust/ockam/ockam_command/src/node/show.rs b/implementations/rust/ockam/ockam_command/src/node/show.rs
index 912dd862d87..d890d3238c6 100644
--- a/implementations/rust/ockam/ockam_command/src/node/show.rs
+++ b/implementations/rust/ockam/ockam_command/src/node/show.rs
@@ -278,7 +278,7 @@ pub async fn is_node_up(
     let cli_state = cli_state.clone();
     let now = std::time::Instant::now();
     for timeout_duration in retries {
-        let node_state = cli_state.nodes.get(&node_name)?;
+        let node_state = cli_state.nodes.get(node_name)?;
         // The node is down if it has not stored its default tcp listener in its state file.
         if node_state.config().setup().api_transport().is_err() {
             trace!(%node_name, "node has not been initialized");
diff --git a/implementations/rust/ockam/ockam_command/src/node/util.rs b/implementations/rust/ockam/ockam_command/src/node/util.rs
index 38f61ab33c6..2dbac41ac26 100644
--- a/implementations/rust/ockam/ockam_command/src/node/util.rs
+++ b/implementations/rust/ockam/ockam_command/src/node/util.rs
@@ -7,19 +7,11 @@ use miette::Context as _;
 use miette::{miette, IntoDiagnostic};
 use rand::random;
 
-use ockam::{Context, TcpListenerOptions, TcpTransport};
-use ockam_api::cli_state::{
-    add_project_info_to_node_state, init_node_state, CliState, StateDirTrait,
-};
-use ockam_api::nodes::service::{
-    NodeManagerGeneralOptions, NodeManagerTransportOptions, NodeManagerTrustOptions,
-    SupervisedNodeManager,
-};
-use ockam_api::nodes::NODEMANAGER_ADDR;
+use ockam_api::cli_state::StateDirTrait;
 use ockam_core::env::get_env_with_default;
 
 use crate::util::api::TrustContextOpts;
-use crate::{CommandGlobalOpts, Result};
+use crate::CommandGlobalOpts;
 
 pub struct NodeManagerDefaults {
     pub node_name: String,
@@ -37,66 +29,6 @@ impl Default for NodeManagerDefaults {
     }
 }
 
-pub async fn start_node_manager(
-    ctx: &Context,
-    cli_state: &CliState,
-    trust_opts: Option<&TrustContextOpts>,
-) -> Result<SupervisedNodeManager> {
-    start_node_manager_with_vault_and_identity(ctx, cli_state, None, None, trust_opts).await
-}
-
-pub async fn start_node_manager_with_vault_and_identity(
-    ctx: &Context,
-    cli_state: &CliState,
-    vault: Option<String>,
-    identity: Option<String>,
-    trust_opts: Option<&TrustContextOpts>,
-) -> Result<SupervisedNodeManager> {
-    let defaults = NodeManagerDefaults::default();
-
-    init_node_state(
-        cli_state,
-        &defaults.node_name,
-        vault.as_deref(),
-        identity.as_deref(),
-    )
-    .await?;
-
-    if let Some(p) = trust_opts {
-        add_project_info_to_node_state(&defaults.node_name, cli_state, p.project_path.as_ref())
-            .await?;
-    } else {
-        add_project_info_to_node_state(
-            &defaults.node_name,
-            cli_state,
-            defaults.trust_context_opts.project_path.as_ref(),
-        )
-        .await?;
-    };
-
-    let trust_context_config = match trust_opts {
-        Some(t) => t.to_config(cli_state)?.build(),
-        None => None,
-    };
-
-    let tcp = TcpTransport::create(ctx).await.into_diagnostic()?;
-    let bind = defaults.tcp_listener_address;
-
-    let options = TcpListenerOptions::new();
-    let listener = tcp.listen(&bind, options).await?;
-
-    let node_manager = SupervisedNodeManager::create(
-        ctx,
-        NodeManagerGeneralOptions::new(cli_state.clone(), defaults.node_name.clone(), None, true),
-        NodeManagerTransportOptions::new(listener.flow_control_id().clone(), tcp),
-        NodeManagerTrustOptions::new(trust_context_config),
-    )
-    .await?;
-    ctx.flow_controls()
-        .add_consumer(NODEMANAGER_ADDR, listener.flow_control_id());
-    Ok(node_manager)
-}
-
 pub fn delete_node(opts: &CommandGlobalOpts, name: &str, force: bool) -> miette::Result<()> {
     opts.state.nodes.delete_sigkill(name, force)?;
     Ok(())
diff --git a/implementations/rust/ockam/ockam_command/src/operation/util.rs b/implementations/rust/ockam/ockam_command/src/operation/util.rs
index 34d86519004..f0ae3e5c797 100644
--- a/implementations/rust/ockam/ockam_command/src/operation/util.rs
+++ b/implementations/rust/ockam/ockam_command/src/operation/util.rs
@@ -1,5 +1,4 @@
 use miette::miette;
-use std::sync::Arc;
 use tokio_retry::strategy::FixedInterval;
 use tokio_retry::Retry;
 
@@ -12,7 +11,7 @@ use crate::CommandGlobalOpts;
 pub async fn check_for_completion(
     opts: &CommandGlobalOpts,
     ctx: &Context,
-    controller: Arc<Controller>,
+    controller: &Controller,
     operation_id: &str,
 ) -> miette::Result<()> {
     let retry_strategy =
diff --git a/implementations/rust/ockam/ockam_command/src/project/addon/configure_confluent.rs b/implementations/rust/ockam/ockam_command/src/project/addon/configure_confluent.rs
index c1a0b11c3ab..b2faae967d2 100644
--- a/implementations/rust/ockam/ockam_command/src/project/addon/configure_confluent.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/addon/configure_confluent.rs
@@ -57,8 +57,8 @@ async fn run_impl(
     let project_id = get_project_id(&opts.state, project_name.as_str())?;
     let config = ConfluentConfig::new(bootstrap_server);
 
-    let node = InMemoryNode::create(&ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let node = InMemoryNode::start(&ctx, &opts.state).await?;
+    let controller = node.controller().await?;
 
     let response = controller
         .configure_confluent_addon(&ctx, project_id.clone(), config)
diff --git a/implementations/rust/ockam/ockam_command/src/project/addon/configure_influxdb.rs b/implementations/rust/ockam/ockam_command/src/project/addon/configure_influxdb.rs
index f594b5756bb..da9224a78db 100644
--- a/implementations/rust/ockam/ockam_command/src/project/addon/configure_influxdb.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/addon/configure_influxdb.rs
@@ -155,8 +155,8 @@ async fn run_impl(
         admin_access_role,
     );
 
-    let node = InMemoryNode::create(&ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let node = InMemoryNode::start(&ctx, &opts.state).await?;
+    let controller = node.controller().await?;
 
     let response = controller
         .configure_influxdb_addon(&ctx, project_id.clone(), config)
diff --git a/implementations/rust/ockam/ockam_command/src/project/addon/configure_okta.rs b/implementations/rust/ockam/ockam_command/src/project/addon/configure_okta.rs
index b2a352b818d..df72074c4b6 100644
--- a/implementations/rust/ockam/ockam_command/src/project/addon/configure_okta.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/addon/configure_okta.rs
@@ -118,8 +118,8 @@ async fn run_impl(
     auth0.validate_provider_config().await?;
 
     // Do request
-    let node = InMemoryNode::create(&ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let node = InMemoryNode::start(&ctx, &opts.state).await?;
+    let controller = node.controller().await?;
 
     let response = controller
         .configure_okta_addon(&ctx, project_id.clone(), okta_config)
diff --git a/implementations/rust/ockam/ockam_command/src/project/addon/disable.rs b/implementations/rust/ockam/ockam_command/src/project/addon/disable.rs
index ebdac1466e2..c665ff519e9 100644
--- a/implementations/rust/ockam/ockam_command/src/project/addon/disable.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/addon/disable.rs
@@ -48,12 +48,11 @@ async fn run_impl(
         addon_id,
     } = cmd;
     let project_id = get_project_id(&opts.state, project_name.as_str())?;
-    let node = InMemoryNode::create(&ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let controller = InMemoryNode::create_controller(&ctx, &opts.state).await?;
 
     let response = controller.disable_addon(&ctx, project_id, addon_id).await?;
     let operation_id = response.operation_id;
-    check_for_completion(&opts, &ctx, controller, &operation_id).await?;
+    check_for_completion(&opts, &ctx, &controller, &operation_id).await?;
 
     opts.terminal
         .write_line(&fmt_ok!("Addon disabled successfully"))?;
diff --git a/implementations/rust/ockam/ockam_command/src/project/addon/list.rs b/implementations/rust/ockam/ockam_command/src/project/addon/list.rs
index 668014bbdb2..85981b5f964 100644
--- a/implementations/rust/ockam/ockam_command/src/project/addon/list.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/addon/list.rs
@@ -35,10 +35,9 @@ async fn run_impl(
     let project_name = cmd.project_name;
     let project_id = get_project_id(&opts.state, project_name.as_str())?;
 
-    let node = InMemoryNode::create(&ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
-
+    let controller = InMemoryNode::create_controller(&ctx, &opts.state).await?;
     let addons = controller.list_addons(&ctx, project_id).await?;
+
     opts.println(&addons)?;
     Ok(())
 }
diff --git a/implementations/rust/ockam/ockam_command/src/project/addon/mod.rs b/implementations/rust/ockam/ockam_command/src/project/addon/mod.rs
index 496f5a87888..8bb28300716 100644
--- a/implementations/rust/ockam/ockam_command/src/project/addon/mod.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/addon/mod.rs
@@ -13,6 +13,7 @@ use ockam_api::cli_state::{CliState, StateDirTrait, StateItemTrait};
 use ockam_api::cloud::addon::Addon;
 use ockam_api::cloud::project::Projects;
 use ockam_api::nodes::InMemoryNode;
+
 use ockam_node::Context;
 
 use crate::project::addon::configure_confluent::AddonConfigureConfluentSubcommand;
@@ -121,8 +122,8 @@ async fn check_configuration_completion(
     project_id: String,
     operation_id: String,
 ) -> Result<()> {
-    let controller = node.controller();
-    check_for_completion(opts, ctx, controller.clone(), &operation_id).await?;
+    let controller = node.controller().await?;
+    check_for_completion(opts, ctx, &controller, &operation_id).await?;
     let project = controller.get_project(ctx, project_id).await?;
     let _ = check_project_readiness(opts, ctx, node, project).await?;
     Ok(())
diff --git a/implementations/rust/ockam/ockam_command/src/project/create.rs b/implementations/rust/ockam/ockam_command/src/project/create.rs
index 791a3669d7a..74392fdb1db 100644
--- a/implementations/rust/ockam/ockam_command/src/project/create.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/create.rs
@@ -51,14 +51,14 @@ async fn run_impl(
     cmd: CreateCommand,
 ) -> miette::Result<()> {
     let space_id = opts.state.spaces.get(&cmd.space_name)?.config().id.clone();
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let node = InMemoryNode::start(ctx, &opts.state).await?;
+    let controller = node.controller().await?;
 
     let project = controller
         .create_project(ctx, space_id, cmd.project_name, vec![])
         .await?;
     let operation_id = project.operation_id.clone().unwrap();
-    check_for_completion(&opts, ctx, controller, &operation_id).await?;
+    check_for_completion(&opts, ctx, &controller, &operation_id).await?;
     let project = check_project_readiness(&opts, ctx, &node, project).await?;
     opts.state
         .projects
diff --git a/implementations/rust/ockam/ockam_command/src/project/delete.rs b/implementations/rust/ockam/ockam_command/src/project/delete.rs
index 51bd9685f19..1d5d33eadb5 100644
--- a/implementations/rust/ockam/ockam_command/src/project/delete.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/delete.rs
@@ -4,6 +4,7 @@ use colorful::Colorful;
 use ockam::Context;
 use ockam_api::cli_state::{StateDirTrait, StateItemTrait};
 use ockam_api::cloud::project::Projects;
+
 use ockam_api::nodes::InMemoryNode;
 
 use crate::project::util::refresh_projects;
@@ -57,8 +58,7 @@ async fn run_impl(
         .confirmed_with_flag_or_prompt(cmd.yes, "Are you sure you want to delete this project?")?
     {
         let space_id = opts.state.spaces.get(&cmd.space_name)?.config().id.clone();
-        let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-        let controller = node.controller();
+        let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
 
         // Lookup project
         let project_id = match opts.state.projects.get(&cmd.project_name) {
@@ -66,7 +66,7 @@ async fn run_impl(
             Err(_) => {
                 // The project is not in the config file.
                 // Fetch all available projects from the cloud.
-                refresh_projects(&opts, ctx, controller.clone()).await?;
+                refresh_projects(&opts, ctx, &controller).await?;
 
                 // If the project is not found in the lookup, then it must not exist in the cloud, so we exit the command.
                 match opts.state.projects.get(&cmd.project_name) {
diff --git a/implementations/rust/ockam/ockam_command/src/project/enroll.rs b/implementations/rust/ockam/ockam_command/src/project/enroll.rs
index cabe95e8bca..aa6783f9258 100644
--- a/implementations/rust/ockam/ockam_command/src/project/enroll.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/enroll.rs
@@ -97,7 +97,7 @@ pub async fn project_enroll(
 
     // Create secure channel to the project's authority node
     let trust_context_config = cmd.trust_opts.to_config(&opts.state)?.build();
-    let node = InMemoryNode::create(
+    let node = InMemoryNode::start_with_trust_context(
         ctx,
         &opts.state,
         cmd.trust_opts.project_path.as_ref(),
@@ -106,7 +106,7 @@ pub async fn project_enroll(
     .await?;
 
     let authority_node: AuthorityNode = node
-        .make_authority_node_client(
+        .create_authority_client(
             project_authority.identity_id(),
             project_authority.address(),
             Some(identity_name),
diff --git a/implementations/rust/ockam/ockam_command/src/project/info.rs b/implementations/rust/ockam/ockam_command/src/project/info.rs
index 1b28d3624cb..f01e277d5dd 100644
--- a/implementations/rust/ockam/ockam_command/src/project/info.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/info.rs
@@ -3,6 +3,7 @@ use clap::Args;
 use ockam::Context;
 use ockam_api::cli_state::{ProjectConfigCompact, StateDirTrait, StateItemTrait};
 use ockam_api::cloud::project::Projects;
+
 use ockam_api::nodes::InMemoryNode;
 
 use crate::project::util::refresh_projects;
@@ -34,14 +35,13 @@ async fn rpc(ctx: Context, (opts, cmd): (CommandGlobalOpts, InfoCommand)) -> mie
 }
 
 async fn run_impl(ctx: &Context, opts: CommandGlobalOpts, cmd: InfoCommand) -> miette::Result<()> {
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
 
     // Lookup project
     let id = match opts.state.projects.get(&cmd.name) {
         Ok(state) => state.config().id.clone(),
         Err(_) => {
-            refresh_projects(&opts, ctx, controller.clone()).await?;
+            refresh_projects(&opts, ctx, &controller).await?;
             opts.state.projects.get(&cmd.name)?.config().id.clone()
         }
     };
diff --git a/implementations/rust/ockam/ockam_command/src/project/list.rs b/implementations/rust/ockam/ockam_command/src/project/list.rs
index b09089201ed..7a03c902fe4 100644
--- a/implementations/rust/ockam/ockam_command/src/project/list.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/list.rs
@@ -6,6 +6,7 @@ use tokio::try_join;
 use ockam::Context;
 use ockam_api::cli_state::StateDirTrait;
 use ockam_api::cloud::project::Projects;
+
 use ockam_api::nodes::InMemoryNode;
 
 use crate::util::api::CloudOpts;
@@ -39,8 +40,7 @@ async fn rpc(ctx: Context, (opts, cmd): (CommandGlobalOpts, ListCommand)) -> mie
 }
 
 async fn run_impl(ctx: &Context, opts: CommandGlobalOpts, _cmd: ListCommand) -> miette::Result<()> {
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
     let is_finished: Mutex<bool> = Mutex::new(false);
 
     let get_projects = async {
diff --git a/implementations/rust/ockam/ockam_command/src/project/show.rs b/implementations/rust/ockam/ockam_command/src/project/show.rs
index 32684bc650d..fd5dfc2dd90 100644
--- a/implementations/rust/ockam/ockam_command/src/project/show.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/show.rs
@@ -3,6 +3,7 @@ use clap::Args;
 use ockam::Context;
 use ockam_api::cli_state::{StateDirTrait, StateItemTrait};
 use ockam_api::cloud::project::Projects;
+
 use ockam_api::nodes::InMemoryNode;
 
 use crate::project::util::refresh_projects;
@@ -41,14 +42,13 @@ async fn rpc(ctx: Context, (opts, cmd): (CommandGlobalOpts, ShowCommand)) -> mie
 }
 
 async fn run_impl(ctx: &Context, opts: CommandGlobalOpts, cmd: ShowCommand) -> miette::Result<()> {
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
 
     // Lookup project
     let id = match &opts.state.projects.get(&cmd.name) {
         Ok(state) => state.config().id.clone(),
         Err(_) => {
-            refresh_projects(&opts, ctx, controller.clone()).await?;
+            refresh_projects(&opts, ctx, &controller).await?;
             opts.state.projects.get(&cmd.name)?.config().id.clone()
         }
     };
diff --git a/implementations/rust/ockam/ockam_command/src/project/ticket.rs b/implementations/rust/ockam/ockam_command/src/project/ticket.rs
index 4ae93833175..5eeaa78f38b 100644
--- a/implementations/rust/ockam/ockam_command/src/project/ticket.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/ticket.rs
@@ -12,6 +12,7 @@ use ockam_api::authenticator::enrollment_tokens::{Members, TokenIssuer};
 use ockam_api::cli_state::{CliState, StateDirTrait, StateItemTrait};
 use ockam_api::config::lookup::{ProjectAuthority, ProjectLookup};
 use ockam_api::nodes::InMemoryNode;
+
 use ockam_multiaddr::{proto, MultiAddr, Protocol};
 
 use crate::identity::{get_identity_name, initialize_identity_if_default};
@@ -74,7 +75,7 @@ async fn run_impl(
     (opts, cmd): (CommandGlobalOpts, TicketCommand),
 ) -> miette::Result<()> {
     let trust_context_config = cmd.trust_opts.to_config(&opts.state)?.build();
-    let node = InMemoryNode::create(
+    let node = InMemoryNode::start_with_trust_context(
         &ctx,
         &opts.state,
         cmd.trust_opts.project_path.as_ref(),
@@ -113,12 +114,12 @@ async fn run_impl(
             .identifier()
             .clone();
 
-        node.make_authority_node_client(&authority_identifier, addr, Some(identity))
+        node.create_authority_client(&authority_identifier, addr, Some(identity))
             .await?
     } else if let (Some(p), Some(a)) = get_project(&opts.state, &cmd.to).await? {
         let identity = get_identity_name(&opts.state, &cmd.cloud_opts.identity);
         project = Some(p);
-        node.make_authority_node_client(a.identity_id(), a.address(), Some(identity))
+        node.create_authority_client(a.identity_id(), a.address(), Some(identity))
             .await?
     } else {
         return Err(miette!("Cannot create a ticket. Please specify a route to your project or to an authority node"));
diff --git a/implementations/rust/ockam/ockam_command/src/project/util.rs b/implementations/rust/ockam/ockam_command/src/project/util.rs
index 008cabb4ef1..60c709cf398 100644
--- a/implementations/rust/ockam/ockam_command/src/project/util.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/util.rs
@@ -2,7 +2,6 @@ use indicatif::ProgressBar;
 use miette::Context as _;
 use miette::{miette, IntoDiagnostic};
 use std::iter::Take;
-use std::sync::Arc;
 use std::time::Duration;
 use tokio_retry::strategy::FixedInterval;
 use tokio_retry::Retry;
@@ -15,6 +14,7 @@ use ockam_api::config::lookup::LookupMeta;
 use ockam_api::error::ApiError;
 use ockam_api::nodes::service::forwarder::SecureChannelsCreation;
 use ockam_api::nodes::InMemoryNode;
+
 use ockam_api::route_to_multiaddr;
 use ockam_core::compat::str::FromStr;
 use ockam_core::route;
@@ -121,7 +121,7 @@ pub async fn check_project_readiness(
     let spinner_option = opts.terminal.progress_spinner();
     let project = check_project_ready(
         ctx,
-        node.controller(),
+        &node.controller().await?,
         project,
         retry_strategy.clone(),
         spinner_option.clone(),
@@ -152,7 +152,7 @@ pub async fn check_project_readiness(
 
 async fn check_project_ready(
     ctx: &Context,
-    controller: Arc<Controller>,
+    controller: &Controller,
     project: Project,
     retry_strategy: Take<FixedInterval>,
     spinner_option: Option<ProgressBar>,
@@ -195,7 +195,7 @@ async fn check_project_node_accessible(
         .as_ref()
         .ok_or(miette!("Project identity is not set."))?;
     let project_node = node
-        .make_project_node_client(project_identity, &project_route, None)
+        .create_project_client(project_identity, &project_route, None)
         .await?;
 
     if let Some(spinner) = spinner_option.as_ref() {
@@ -244,7 +244,7 @@ async fn check_authority_node_accessible(
         .ok_or(miette!("Project does not have an authority defined."))?;
 
     let authority_node = node
-        .make_authority_node_client(authority.identity_id(), authority.address(), None)
+        .create_authority_client(authority.identity_id(), authority.address(), None)
         .await?;
 
     if let Some(spinner) = spinner_option.as_ref() {
@@ -264,7 +264,7 @@ async fn check_authority_node_accessible(
 pub async fn refresh_projects(
     opts: &CommandGlobalOpts,
     ctx: &Context,
-    controller: Arc<Controller>,
+    controller: &Controller,
 ) -> miette::Result<()> {
     let projects = controller.list_projects(ctx).await?;
     for project in projects {
diff --git a/implementations/rust/ockam/ockam_command/src/project/version.rs b/implementations/rust/ockam/ockam_command/src/project/version.rs
index 551f6bec32d..71a981a97b0 100644
--- a/implementations/rust/ockam/ockam_command/src/project/version.rs
+++ b/implementations/rust/ockam/ockam_command/src/project/version.rs
@@ -36,8 +36,7 @@ async fn rpc(ctx: Context, opts: CommandGlobalOpts) -> miette::Result<()> {
 
 async fn run_impl(ctx: &Context, opts: CommandGlobalOpts) -> miette::Result<()> {
     // Send request
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
     let project_version = controller.get_project_version(ctx).await?;
 
     let json = serde_json::to_string(&project_version).into_diagnostic()?;
diff --git a/implementations/rust/ockam/ockam_command/src/share/accept.rs b/implementations/rust/ockam/ockam_command/src/share/accept.rs
index 3327a3eeca1..d9d0da02127 100644
--- a/implementations/rust/ockam/ockam_command/src/share/accept.rs
+++ b/implementations/rust/ockam/ockam_command/src/share/accept.rs
@@ -5,6 +5,7 @@ use tokio::try_join;
 
 use ockam::Context;
 use ockam_api::cloud::share::Invitations;
+
 use ockam_api::nodes::InMemoryNode;
 
 use crate::util::api::CloudOpts;
@@ -39,8 +40,7 @@ async fn run_impl(
     cmd: AcceptCommand,
 ) -> miette::Result<()> {
     let is_finished: Mutex<bool> = Mutex::new(false);
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
 
     let get_accepted_invitation = async {
         let invitation = controller.accept_invitation(ctx, cmd.id).await?;
diff --git a/implementations/rust/ockam/ockam_command/src/share/create.rs b/implementations/rust/ockam/ockam_command/src/share/create.rs
index b3bb8380012..d663f429c4e 100644
--- a/implementations/rust/ockam/ockam_command/src/share/create.rs
+++ b/implementations/rust/ockam/ockam_command/src/share/create.rs
@@ -7,6 +7,7 @@ use tracing::debug;
 
 use ockam::Context;
 use ockam_api::cloud::share::{Invitations, RoleInShare, ShareScope};
+
 use ockam_api::nodes::InMemoryNode;
 
 use crate::util::api::CloudOpts;
@@ -48,8 +49,7 @@ async fn run_impl(
     cmd: CreateCommand,
 ) -> miette::Result<()> {
     let is_finished: Mutex<bool> = Mutex::new(false);
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
 
     let get_sent_invitation = async {
         let invitation = controller
diff --git a/implementations/rust/ockam/ockam_command/src/share/list.rs b/implementations/rust/ockam/ockam_command/src/share/list.rs
index 757cd4c3bd6..b921afbfdca 100644
--- a/implementations/rust/ockam/ockam_command/src/share/list.rs
+++ b/implementations/rust/ockam/ockam_command/src/share/list.rs
@@ -5,6 +5,7 @@ use tokio::try_join;
 
 use ockam::Context;
 use ockam_api::cloud::share::{InvitationListKind, Invitations};
+
 use ockam_api::nodes::InMemoryNode;
 
 use crate::util::api::CloudOpts;
@@ -36,8 +37,7 @@ async fn rpc(ctx: Context, (opts, cmd): (CommandGlobalOpts, ListCommand)) -> mie
 
 async fn run_impl(ctx: &Context, opts: CommandGlobalOpts, _cmd: ListCommand) -> miette::Result<()> {
     let is_finished: Mutex<bool> = Mutex::new(false);
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
 
     let get_invitations = async {
         let invitations = controller
diff --git a/implementations/rust/ockam/ockam_command/src/share/service.rs b/implementations/rust/ockam/ockam_command/src/share/service.rs
index 591e7294189..15e328eaa24 100644
--- a/implementations/rust/ockam/ockam_command/src/share/service.rs
+++ b/implementations/rust/ockam/ockam_command/src/share/service.rs
@@ -8,6 +8,7 @@ use tracing::debug;
 use ockam::identity::Identifier;
 use ockam::Context;
 use ockam_api::cloud::share::{CreateServiceInvitation, Invitations};
+
 use ockam_api::nodes::InMemoryNode;
 
 use crate::util::api::CloudOpts;
@@ -92,9 +93,7 @@ async fn run_impl(
     cmd: ServiceCreateCommand,
 ) -> miette::Result<()> {
     let is_finished: Mutex<bool> = Mutex::new(false);
-
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
 
     let get_sent_invitation = async {
         let invitation = controller
diff --git a/implementations/rust/ockam/ockam_command/src/share/show.rs b/implementations/rust/ockam/ockam_command/src/share/show.rs
index 69d67960b3a..1d7de3a061a 100644
--- a/implementations/rust/ockam/ockam_command/src/share/show.rs
+++ b/implementations/rust/ockam/ockam_command/src/share/show.rs
@@ -6,6 +6,7 @@ use tokio::try_join;
 
 use ockam::Context;
 use ockam_api::cloud::share::Invitations;
+
 use ockam_api::nodes::InMemoryNode;
 
 use crate::util::api::CloudOpts;
@@ -36,8 +37,7 @@ async fn rpc(ctx: Context, (opts, cmd): (CommandGlobalOpts, ShowCommand)) -> mie
 
 async fn run_impl(ctx: &Context, opts: CommandGlobalOpts, cmd: ShowCommand) -> miette::Result<()> {
     let is_finished: Mutex<bool> = Mutex::new(false);
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
 
     let get_invitation_with_access = async {
         let invitation_with_access = controller.show_invitation(ctx, cmd.invitation_id).await?;
diff --git a/implementations/rust/ockam/ockam_command/src/space/create.rs b/implementations/rust/ockam/ockam_command/src/space/create.rs
index e56b74a09e4..7e751e0613c 100644
--- a/implementations/rust/ockam/ockam_command/src/space/create.rs
+++ b/implementations/rust/ockam/ockam_command/src/space/create.rs
@@ -8,6 +8,7 @@ use crate::util::node_rpc;
 use crate::{docs, CommandGlobalOpts};
 use colorful::Colorful;
 use ockam_api::cli_state::{SpaceConfig, StateDirTrait};
+
 use ockam_api::nodes::InMemoryNode;
 
 const LONG_ABOUT: &str = include_str!("./static/create/long_about.txt");
@@ -53,11 +54,8 @@ async fn run_impl(
     opts: CommandGlobalOpts,
     cmd: CreateCommand,
 ) -> miette::Result<()> {
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-    let space = node
-        .controller()
-        .create_space(ctx, cmd.name, cmd.admins)
-        .await?;
+    let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
+    let space = controller.create_space(ctx, cmd.name, cmd.admins).await?;
 
     opts.println(&space)?;
     opts.state
diff --git a/implementations/rust/ockam/ockam_command/src/space/delete.rs b/implementations/rust/ockam/ockam_command/src/space/delete.rs
index 3c87a43535c..0f73a04aee2 100644
--- a/implementations/rust/ockam/ockam_command/src/space/delete.rs
+++ b/implementations/rust/ockam/ockam_command/src/space/delete.rs
@@ -4,6 +4,7 @@ use colorful::Colorful;
 use ockam::Context;
 use ockam_api::cli_state::{StateDirTrait, StateItemTrait};
 use ockam_api::cloud::space::Spaces;
+
 use ockam_api::nodes::InMemoryNode;
 
 use crate::util::api::CloudOpts;
@@ -53,8 +54,8 @@ async fn run_impl(
         .confirmed_with_flag_or_prompt(cmd.yes, "Are you sure you want to delete this space?")?
     {
         let space_id = opts.state.spaces.get(&cmd.name)?.config().id.clone();
-        let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-        node.controller().delete_space(ctx, space_id).await?;
+        let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
+        controller.delete_space(ctx, space_id).await?;
 
         let _ = opts.state.spaces.delete(&cmd.name);
         // TODO: remove projects associated to the space.
diff --git a/implementations/rust/ockam/ockam_command/src/space/list.rs b/implementations/rust/ockam/ockam_command/src/space/list.rs
index 20bbd85e195..34224cdc4ee 100644
--- a/implementations/rust/ockam/ockam_command/src/space/list.rs
+++ b/implementations/rust/ockam/ockam_command/src/space/list.rs
@@ -6,6 +6,7 @@ use tokio::try_join;
 use ockam::Context;
 use ockam_api::cli_state::{SpaceConfig, StateDirTrait};
 use ockam_api::cloud::space::Spaces;
+
 use ockam_api::nodes::InMemoryNode;
 
 use crate::util::api::CloudOpts;
@@ -40,10 +41,10 @@ async fn rpc(ctx: Context, (opts, cmd): (CommandGlobalOpts, ListCommand)) -> mie
 
 async fn run_impl(ctx: &Context, opts: CommandGlobalOpts, _cmd: ListCommand) -> miette::Result<()> {
     let is_finished: Mutex<bool> = Mutex::new(false);
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
+    let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
 
     let get_spaces = async {
-        let spaces = node.controller().list_spaces(ctx).await?;
+        let spaces = controller.list_spaces(ctx).await?;
         *is_finished.lock().await = true;
         Ok(spaces)
     };
diff --git a/implementations/rust/ockam/ockam_command/src/space/show.rs b/implementations/rust/ockam/ockam_command/src/space/show.rs
index 7db2fc62bdb..16848f8171f 100644
--- a/implementations/rust/ockam/ockam_command/src/space/show.rs
+++ b/implementations/rust/ockam/ockam_command/src/space/show.rs
@@ -44,8 +44,8 @@ async fn run_impl(ctx: &Context, opts: CommandGlobalOpts, cmd: ShowCommand) -> m
     let id = opts.state.spaces.get(&cmd.name)?.config().id.clone();
 
     // Send request
-    let node = InMemoryNode::create(ctx, &opts.state, None, None).await?;
-    let space: Space = node.controller().get_space(ctx, id).await?;
+    let controller = InMemoryNode::create_controller(ctx, &opts.state).await?;
+    let space: Space = controller.get_space(ctx, id).await?;
     opts.println(&space)?;
     opts.state
         .spaces
diff --git a/implementations/rust/ockam/ockam_command/src/subscription.rs b/implementations/rust/ockam/ockam_command/src/subscription.rs
index b3e9d8de84a..62e0aae3069 100644
--- a/implementations/rust/ockam/ockam_command/src/subscription.rs
+++ b/implementations/rust/ockam/ockam_command/src/subscription.rs
@@ -1,5 +1,4 @@
 use core::fmt::Write;
-use std::sync::Arc;
 
 use clap::builder::NonEmptyStringValueParser;
 use clap::{Args, Subcommand};
@@ -8,6 +7,7 @@ use miette::{miette, IntoDiagnostic};
 use ockam::Context;
 use ockam_api::cloud::subscription::{Subscription, Subscriptions};
 use ockam_api::cloud::Controller;
+
 use ockam_api::nodes::InMemoryNode;
 
 use crate::output::Output;
@@ -57,15 +57,14 @@ async fn run_impl(
     ctx: Context,
     (opts, cmd): (CommandGlobalOpts, SubscriptionCommand),
 ) -> miette::Result<()> {
-    let node = InMemoryNode::create(&ctx, &opts.state, None, None).await?;
-    let controller = node.controller();
+    let controller = InMemoryNode::create_controller(&ctx, &opts.state).await?;
 
     match cmd.subcommand {
         SubscriptionSubcommand::Show {
             subscription_id,
             space_id,
         } => {
-            match get_subscription_by_id_or_space_id(controller, &ctx, subscription_id, space_id)
+            match get_subscription_by_id_or_space_id(&controller, &ctx, subscription_id, space_id)
                 .await?
             {
                 Some(subscription) => opts.terminal.write_line(&subscription.output()?)?,
@@ -79,7 +78,7 @@ async fn run_impl(
 }
 
 pub(crate) async fn get_subscription_by_id_or_space_id(
-    controller: Arc<Controller>,
+    controller: &Controller,
     ctx: &Context,
     subscription_id: Option<String>,
     space_id: Option<String>,