vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-19 07:54:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Document RC3 commit coverage audit

Browse source
This commit is contained in:
rcourtman 2026-05-03 11:52:51 +01:00
parent 9ba0c3fa96
commit 7e9a7a3fd4
6 changed files with 325 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

121
docs/release-control/v6/internal/records/documentation-currentness-and-legacy-cleanup-rc3-commit-audit-2026-05-03.md Normal file
View file

@ -0,0 +1,121 @@
# Documentation Currentness And Legacy Cleanup RC3 Commit Audit Record
- Date: `2026-05-03`
- Gate: `documentation-currentness-and-legacy-cleanup`
- Scope:
- `pulse`
- lane `L9`
## Context
Before publishing `v6.0.0-rc.3`, the release packet needed to be checked
against the actual post-`rc.2` release range rather than only the late RC3
maintenance commits. The existing draft changelog existed, but it primarily
described the v5.1.29 maintenance ports and current RC issue follow-up. That
was accurate but under-scoped for the full `rc.2` to `rc.3` delta.
## Reviewed Range
- From tag: `v6.0.0-rc.2`
- From commit: `2868b44cf91b59bca85cd886711d78cd3c376fab`
- To tag: `v6.0.0-rc.3`
- To commit: `9ba0c3fa960ad9e90471dc5f443a62e01ac01836`
- Git range: `v6.0.0-rc.2..v6.0.0-rc.3`
- Commit count: `597`
- Date span in the range: `2026-04-16` through `2026-05-03`
- Changed scope: `1755` files, `112950` insertions, `72377` deletions
## Review Method
The audit read the full commit subject range in chronological order, checked
the tag boundaries, reviewed the aggregate diff scope, and grouped the commits
by changed surface and release risk. The range was not treated as only a v5
maintenance port because many post-`rc.2` commits changed release packaging,
security, commercial posture, hosted/mobile proof, governance surfaces, and
frontend layout behavior.
Commands used for the coverage pass:
- `git rev-parse v6.0.0-rc.2^{}`
- `git rev-parse v6.0.0-rc.3^{}`
- `git rev-list --count v6.0.0-rc.2..v6.0.0-rc.3`
- `git log --reverse --format='%h%x09%an%x09%ad%x09%s' --date=short v6.0.0-rc.2..v6.0.0-rc.3`
- `git diff --stat v6.0.0-rc.2..v6.0.0-rc.3`
- `git log --format='%h%x09%s' --name-only v6.0.0-rc.2..v6.0.0-rc.3`
## Commit Coverage Summary
The 597 commits were covered by these release-note buckets:
- release packaging, release validation, signed assets, installer resolution,
update signer continuity, rollback posture, Helm, Docker, and workflow
hardening
- security, auth, token handling, setup/bootstrap state, transport validation,
trusted proxy, websocket origin, workflow permission, webhook, and outbound
HTTP hardening
- commercial, licensing, Relay, Pro, self-hosted plan, hosted signup, Pulse
Account, tenant/workspace, MSP, and Cloud readiness cleanup
- infrastructure, connections, Unified Agent, Proxmox, PBS, PMG, TrueNAS,
VMware, Docker, Podman, platform admission, and fleet governance
- monitoring, alerts, metrics history, Workloads, Storage, Recovery, backup,
snapshot, Ceph, ZFS, RAID, filters, tables, charts, and summary layout
- AI, Patrol, action governance, approval/audit history, command policy, and
Ollama local-runtime behavior
- mobile companion-role, hosted mobile proof, approval routing, and device
readiness evidence
- documentation, release-control evidence, contribution policy, support-pack,
upgrade-guide, and public-copy cleanup
- frontend layout, Dashboard retirement, Infrastructure-first routing,
Settings surfaces, first-session/setup flow, shared table primitives, filter
decks, saved views, sticky summaries, and responsive controls
## Packet Updates
The public RC3 packet was expanded so it no longer describes `rc.3` as only a
corrective maintenance RC:
- `docs/releases/V6_CHANGELOG_RC3_DRAFT.md`
- records the exact commit range and count
- adds release packaging, security/auth, hosted/mobile, governance, latest
storage, skip-auth, and artifact-validation coverage
- `docs/releases/RELEASE_NOTES_v6_RC3_DRAFT.md`
- expands the release intent from a narrow corrective RC to a broad
hardening RC with corrective maintenance at its core
- adds release packaging, security/auth, hosted/mobile, governance, storage
summary, skip-auth, and artifact-validation re-test notes
- `docs/releases/V6_RC3_OPERATOR_SUPPORT_PACK_DRAFT.md`
- aligns maintainer-facing support language with the broader audited delta
- adds the newest storage, skip-auth, and release-asset validation notes
- `docs/release-control/v6/internal/subsystems/deployment-installability.md`
- records that post-draft packet changes must carry exact commit coverage,
artifact/release-pipeline evidence, and a refreshed draft before
publication
- `scripts/release_control/render_release_body_test.py`
- verifies that the RC3 packet retains commit coverage and release artifact
hardening language
## Outcome
The audit did not identify a new unhandled code blocker from the commit range.
It did identify a documentation gap: the existing RC3 packet under-described
the full post-`rc.2` release delta. That gap is now recorded and addressed in
the draft packet before publication.
No GitHub release publication, Docker publication, public issue comment,
retitle, closure, or other external state change was made as part of this
audit.
## Verification
- `git diff --check -- docs/releases/V6_CHANGELOG_RC3_DRAFT.md docs/releases/RELEASE_NOTES_v6_RC3_DRAFT.md docs/releases/V6_RC3_OPERATOR_SUPPORT_PACK_DRAFT.md docs/release-control/v6/internal/records/documentation-currentness-and-legacy-cleanup-rc3-commit-audit-2026-05-03.md docs/release-control/v6/internal/subsystems/deployment-installability.md scripts/release_control/render_release_body_test.py`
- passed
- `python3 scripts/release_control/documentation_currentness_test.py`
- passed, 6 tests
- `python3 scripts/release_control/render_release_body_test.py`
- passed, 4 tests
- `PYTHONPATH=scripts/release_control python3 -m unittest scripts.release_control.release_promotion_policy_test.ReleasePromotionPolicyTest.test_release_notes_index_points_at_current_rc_packet scripts.release_control.release_promotion_policy_test.ReleasePromotionPolicyTest.test_operator_support_packs_keep_free_first_paid_continuity_wording scripts.release_control.release_promotion_policy_test.ReleasePromotionPolicyTest.test_version_file_matches_current_rc_packet -q`
- passed, 3 tests
- `python3 scripts/release_control/status_audit.py --pretty`
- `repo_ready=True`
- `rc_ready=True`
- `release_ready=True`

5
docs/release-control/v6/internal/subsystems/deployment-installability.md
View file

@ -169,6 +169,11 @@ server-side update execution surfaces.
rollback target and any prerelease trust-root continuity caveat in the
current release notes, changelog, operator support pack, upgrade guide, and
release-control evidence record before the release workflow is dispatched.
When a draft packet is updated after the candidate tag or draft release has
already been prepared, the packet must record an exact previous-RC to
current-candidate commit coverage audit, include any new artifact
validation or release-pipeline assertions in the release-control evidence,
and refresh the draft release from the new branch head before publication.
The prerelease feedback intake template and active demo/update metadata must
also stay on generic or current-RC wording instead of hard-coding stale
`rc.1` examples once later candidates exist.

75
docs/releases/RELEASE_NOTES_v6_RC3_DRAFT.md
View file

@ -3,13 +3,18 @@
_Draft only. Do not treat this as published until the governed
`v6.0.0-rc.3` tag and GitHub prerelease exist._
`v6.0.0-rc.3` is intended to be the second corrective RC after the public
`rc.1` release and the first candidate after the `v5.1.29` maintenance sweep.
Pulse v5.1.29 remains the current stable line.
`v6.0.0-rc.3` is intended to be a broad hardening RC after `rc.2` and the
first candidate after the `v5.1.29` maintenance sweep. Pulse v5.1.29 remains
the current stable line.
The purpose of this RC is to carry late v5 maintenance fixes and recent RC
feedback into the v6 candidate before broader retesting:
The purpose of this RC is to carry late v5 maintenance fixes, recent RC
feedback, and the post-`rc.2` release-readiness work into the v6 candidate
before broader retesting:
- release artifacts, draft metadata, upload retries, signing, validation, and
installer resolution should match the current release workflow
- auth, token, update, hosted callback, transport, and workflow trust
boundaries should fail closed where the `rc.2` line was too loose
- v5-to-v6 installs and updates should avoid avoidable installer, disk-space,
token-display, and rollback surprises
- agent identity and reconnect behavior should remain stable across Docker LXC,
@ -18,9 +23,17 @@ feedback into the v6 candidate before broader retesting:
current v5 maintenance line
- Workloads, Storage, and Infrastructure should be retestable with the current
table-first and responsive UI corrections
- Pulse Account, hosted signup, MSP, mobile, policy-aware data, resource
change, action governance, platform admission, and fleet governance proofs
should remain represented in the candidate
- the support packet should be explicit about the post-`rc.2` update-signer
transition and the stable rollback target
This packet was audited against all `597` commits in
`v6.0.0-rc.2..v6.0.0-rc.3`, from
`2868b44cf91b59bca85cd886711d78cd3c376fab` through
`9ba0c3fa960ad9e90471dc5f443a62e01ac01836`.
## Support Stance
- Pulse v5.1.29 remains the current stable line.
@ -36,6 +49,34 @@ feedback into the v6 candidate before broader retesting:
## What Changed Since `rc.2`
### Release Packaging And Publish Readiness
- The release workflow now validates signed release sidecars, generated SBOM
assets, prerelease metadata, and expected artifact completeness before
treating the RC draft as publishable.
- GitHub draft-release validation preserves draft metadata instead of
accidentally changing release visibility during validation.
- Release asset uploads use bounded retries so transient upload failures are
less likely to leave a partially populated RC draft.
- Released images and release builds keep clean VCS metadata for version
reporting and validation.
- The release packet records the exact `rc.2` to `rc.3` commit coverage audit
in the release-control evidence appendix.
### Security, Auth, And Trust Boundaries
- Workflow token permissions, CI image pins, Docker base images, signed
installer downloads, and local release sidecars are restricted for the
release path.
- Setup tokens, bootstrap state, update tokens, self-update preflight tokens,
and installer-support paths avoid leaking sensitive values through logs,
arguments, or overly broad fallback behavior.
- Local loopback, websocket origin, trusted proxy, TLS, outbound HTTP, hosted
callback, ownership-transfer, invitation, webhook, and license-persistence
paths were hardened after `rc.2`.
- Skip-auth local/dev login now treats the expected unauthenticated response as
auth state instead of surfacing it as a client-side request failure.
### Installer And Update Continuity
- The stable install path remains anchored to v5.1.29 instead of accidentally
@ -97,10 +138,27 @@ feedback into the v6 candidate before broader retesting:
v6 release branch.
- On narrow/mobile Workloads views, summary charts stay out of the primary
table flow so the table remains usable.
- Storage summary tiles keep labels and values inside the shared sticky summary
grid at narrow widths.
- Summary-chart hover tooltips now offset from the guide line instead of
covering the exact value under the cursor.
### Security And Public Feedback Flow
### Commercial, Hosted, Mobile, And Governance Readiness
- The `rc.2` self-hosted plan direction remains intact: current public
self-hosted plans include core monitoring, Relay adds remote/mobile
convenience and 14-day history, and Pro adds AI operations, automation,
advanced admin features, and 90-day history.
- Stale self-hosted trial, quickstart, upgrade, monitored-system cap, and
customer-side commercial analytics paths were retired or hidden from public
runtime and docs.
- Hosted signup, Pulse Account, workspace/tenant, MSP, mobile approval, and
mobile companion-role proofs were refreshed.
- Policy-aware data handling, resource-change intelligence, action governance,
platform admission, and fleet-governance projections are included in the
candidate rather than left as untracked post-`rc.2` drift.
### Dependencies And Public Feedback Flow
- Frontend sanitization and Go network dependencies are current for this
release branch.
@ -129,8 +187,11 @@ remains Relay plus AI operations, automation, advanced admin features, and
and PBS/ZFS filesystem attribution.
6. Workloads, Storage, and Infrastructure table layouts at desktop and mobile
sizes, including summary-chart hover behavior.
7. AI/Patrol local discovery and Ollama-backed flows if those features are in
7. Skip-auth local/dev login if that mode is used for testing.
8. AI/Patrol local discovery and Ollama-backed flows if those features are in
use.
9. Release asset download, checksum/signature, installer, and draft-release
validation paths before broader retesting.
## Feedback

118
docs/releases/V6_CHANGELOG_RC3_DRAFT.md
View file

@ -1,28 +1,55 @@
# Pulse v6.0.0-rc.3 Draft Changelog
_Draft only. This changelog describes the current `pulse/v6-release` delta
since the planned `v6.0.0-rc.2` candidate. Do not treat it as published until
since the `v6.0.0-rc.2` tag. Do not treat it as published until
the governed `v6.0.0-rc.3` prerelease exists._
## What `rc.3` changes compared with `rc.2`
`v6.0.0-rc.3` is a corrective maintenance RC. It carries the late v5.1.29
maintenance sweep and the current RC feedback fixes into the v6 release branch
without reopening the product model that `rc.2` settled.
`v6.0.0-rc.3` is a broad hardening RC with a corrective maintenance core. It
carries the late v5.1.29 maintenance sweep and the current RC feedback fixes
into the v6 release branch while also preserving the post-`rc.2` release
packaging, security, hosted/mobile, commercial-model, governance, and UI
readiness work that landed on the release line.
The main release risk addressed here is regression drift: fixes that users
already received on the v5 stable line should not disappear when they evaluate
v6.
v6. The secondary risk is release drift: the candidate should publish with the
same signed-artifact, validation, auth, UI, and documentation behavior that was
tested after `rc.2`.
## Commit Coverage Audit
The changelog was audited against every commit in the exact release range:
- `v6.0.0-rc.2`: `2868b44cf91b59bca85cd886711d78cd3c376fab`
- `v6.0.0-rc.3`: `9ba0c3fa960ad9e90471dc5f443a62e01ac01836`
- range: `v6.0.0-rc.2..v6.0.0-rc.3`
- commit count: `597`
- changed scope: `1755` files, `112950` insertions, `72377` deletions
Those commits are grouped in this changelog rather than listed one by one. The
range includes release/install/update work, security and trust-boundary
hardening, commercial and hosted-account cleanup, infrastructure and agent
platform work, monitoring/storage/recovery corrections, AI/Patrol/action
governance, mobile/hosted proof, documentation/governance records, and
frontend layout and product-surface polish.
## Major Changes
### 1. Installer and rollback behavior is safer for RC retesting
### 1. Release packaging, install/update, and rollback behavior are safer for RC retesting
The release branch now keeps the stable install/update path anchored to
v5.1.29 while preparing the `rc.3` prerelease packet.
The installer changes in this candidate include:
The release and installer changes in this candidate include:
- signed installer downloads, signed release sidecars, SBOM publication, and
release-asset validation gates
- draft-release validation that preserves GitHub draft metadata
- bounded release-asset upload retries so transient GitHub upload failures do
not leave a partially populated RC draft
- clean VCS metadata inside released container images and release builds
- Proxmox LXC stable installs do not accidentally fall through to a v6 RC
- low-disk updates fail before stopping the current service
- installer bundle fallback logic works without relying on a missing external
@ -37,7 +64,24 @@ historical `rc.2` update trust root should use a manual reinstall or explicit
trust migration for later prerelease and GA builds. Do not assume unattended
`rc.2` to `rc.3` continuity.
### 2. Agent identity and setup paths are less fragile
### 2. Security, auth, and trust boundaries are tighter
The post-`rc.2` range includes a concentrated hardening pass across the
release, hosted, local, and agent boundaries:
- workflow token permissions, CI image pins, Docker base-image digests, and
release asset signing are restricted
- update, installer, bootstrap, and self-update token paths keep sensitive
values out of logs and process arguments
- setup tokens, recovery/bootstrap auth, non-loopback local transport, trusted
proxy configuration, websocket origins, and outbound HTTP helpers fail closed
where the earlier behavior was too permissive
- org invitation, ownership transfer, hosted callback, purchase return,
webhook, and license persistence paths were hardened
- skip-auth login handling now treats the expected 401 as a local-mode auth
state instead of surfacing it as a client failure
### 3. Agent identity and setup paths are less fragile
`rc.3` carries the v5/v6 agent continuity corrections from the late issue
sweep:
@ -50,7 +94,7 @@ sweep:
- the agent privilege model is documented for operators
- Patrol discovery probes align with the agent command policy
### 3. Alerts, recovery, and storage views match late v5 fixes
### 4. Alerts, recovery, and storage views match late v5 fixes
The candidate includes the alert and recovery correctness fixes from the
maintenance audit:
@ -66,34 +110,62 @@ maintenance audit:
- host-linked PBS/ZFS filesystems merge into guest overviews where ownership is
known
### 4. Runtime history and AI behavior are quieter
### 5. Runtime history and AI behavior are quieter
The duplicate-metrics path is idempotent, reducing noisy historical rows during
polling overlap. Local Ollama-backed AI calls also use a shorter keep-alive
window so evaluation systems are less likely to retain model resources
unnecessarily.
### 5. Workloads, Storage, and Infrastructure are ready for another UI pass
### 6. Workloads, Storage, and Infrastructure are ready for another UI pass
The current branch keeps the table-first v6 operational UI corrections:
- Workloads, Storage, and Infrastructure have the current filter, saved-view,
table, chart-toggle, and responsive wrapping fixes
- narrow Workloads layouts keep charts out of the primary mobile table flow
- Storage summary tiles keep their labels and values inside the shared sticky
summary grid at narrow widths
- summary-chart hover tooltips now offset away from the guide line instead of
covering the value being inspected
### 6. Security dependencies and contribution guidance are current
### 7. Commercial, hosted, and mobile readiness stays aligned with the `rc.2` model
The range keeps the `rc.2` free-first self-hosted direction while removing
stale sales, trial, and cap-era assumptions from runtime and public docs:
- self-hosted core monitoring remains included on the current public plans
- Relay remains secure remote access to the Pulse web UI. Relay includes
Pulse Mobile pairing for handoff, push notifications, and 14-day history
- Pro remains Relay plus AI operations, automation, advanced admin features,
and 90-day history
- inactive self-hosted upsell, trial-start, quickstart, and customer-side
commercial analytics paths are retired or hidden from the public runtime
- hosted signup, Pulse Account, tenant/workspace, MSP, mobile approval, and
mobile companion-role proofs were refreshed for the RC floor
### 8. Data, resource, action, platform, and fleet governance reached the RC floor
The post-`rc.2` release line also includes the governed v6 architecture slices
that are now part of the RC candidate:
- policy-aware data handling and AI resource sanitization
- resource-change envelopes, relationship-aware timelines, and the resource
relationship map
- approval-backed action plans, action-audit preflight, resource action
history, and command-policy alignment
- platform support-floor projection and admitted-platform classification
- fleet-governance projection for enrollment, liveness, version drift, adapter
health, credential posture, update posture, and remote-control posture
### 9. Dependencies, docs, and contribution guidance are current
The frontend sanitizer and Go network dependency updates are present on the
release branch. Public contribution guidance now matches the issue-first
policy for the current RC cycle while preserving the dedicated v6 feedback
template.
The self-hosted paid wording remains aligned with `rc.2`: Relay is secure
remote access to the Pulse web UI, Pulse Mobile pairing for handoff, push
notifications, and 14-day history, while Pro adds AI operations, automation,
advanced admin features, and 90-day history.
template. The release packet also reflects the Dashboard retirement,
Infrastructure-first routing, and current first-session/setup documentation
instead of leaving readers on older `rc.2` assumptions.
## What existing v5 users should re-test in `rc.3`
@ -105,8 +177,13 @@ advanced admin features, and 90-day history.
alert paths.
5. Backup, snapshot, recovery, PBS, ZFS, Synology RAID, and Ceph inventory
views.
6. Workloads, Storage, and Infrastructure at desktop and mobile sizes.
7. AI/Patrol local discovery and Ollama-backed flows where enabled.
6. Workloads, Storage, and Infrastructure at desktop and mobile sizes,
including sticky summary tiles, filter wrapping, saved views, and chart
hover behavior.
7. Skip-auth local/dev login flows where enabled.
8. AI/Patrol local discovery and Ollama-backed flows where enabled.
9. Release artifact download, checksum/signature, and installer validation
paths before broad retesting.
## Evidence Appendix
@ -118,3 +195,4 @@ release line, see:
- `docs/release-control/v6/internal/records/known-rc-issue-closure-for-ga-v5-129-delta-2026-05-01.md`
- `docs/release-control/v6/internal/records/known-rc-issue-closure-for-ga-late-issue-intake-2026-05-01.md`
- `docs/release-control/v6/internal/records/known-rc-issue-closure-for-ga-summary-sparkline-tooltip-2026-05-01.md`
- `docs/release-control/v6/internal/records/documentation-currentness-and-legacy-cleanup-rc3-commit-audit-2026-05-03.md`

16
docs/releases/V6_RC3_OPERATOR_SUPPORT_PACK_DRAFT.md
View file

@ -8,9 +8,10 @@ _Draft only. Use this as the working support brief for the planned
- Pulse v5.1.29 remains the current stable line.
- Pulse v6 `rc.3` is an opt-in evaluation build, not the default production
recommendation.
- `rc.3` should be described as a corrective maintenance RC: it carries late v5
maintenance fixes and current RC feedback into the v6 candidate before
broader retesting.
- `rc.3` should be described as a broad hardening RC with a corrective
maintenance core: it carries late v5 maintenance fixes, current RC feedback,
release packaging hardening, security/auth tightening, and post-`rc.2`
readiness work into the v6 candidate before broader retesting.
- Systems pinned to the historical `rc.2` update trust root should use a manual
reinstall or explicit trust migration for later prerelease or GA builds.
@ -76,6 +77,8 @@ Use this cohort breakdown:
### What changed from `rc.2` that users should notice immediately?
- release artifact validation, draft metadata preservation, upload retries,
signing, and clean version metadata are hardened for the RC path
- stable install paths stay on v5.1.29 unless the user explicitly opts into v6
- installer disk preflight runs before stopping the current service
- bootstrap-token display uses the supported command path
@ -83,7 +86,10 @@ Use this cohort breakdown:
- alert notification disablement, thresholds, and PBS/Docker alert paths are
corrected
- backup, snapshot, and linked filesystem views carry the late v5 fixes
- Storage summary tiles wrap cleanly in the shared sticky summary grid
- Workloads summary-chart tooltips no longer cover the guide line
- skip-auth local/dev login handles the expected unauthenticated response
without surfacing a request failure
### What if a fresh Proxmox LXC stable install lands on a v6 RC?
@ -135,7 +141,9 @@ posting.
7. Re-test alerts, backup/recovery, snapshots, PBS/ZFS attribution, Synology
RAID scrub handling, and Ceph inventory.
8. Re-test Workloads, Storage, and Infrastructure at desktop and mobile sizes.
9. Upgrade agents separately only when the user is explicitly testing the
9. Re-test release artifact download, checksum/signature, installer, and draft
validation paths before broader retesting.
10. Upgrade agents separately only when the user is explicitly testing the
v5-to-v6 agent path.
## Ask For These Details

21
scripts/release_control/render_release_body_test.py
View file

@ -108,6 +108,27 @@ Old metadata section.
self.assertNotIn("mobile app pairing", text)
self.assertNotIn("remote access/mobile/push", text)
def test_rc3_packet_records_commit_coverage_and_release_artifact_hardening(self) -> None:
repo_root = Path(__file__).resolve().parents[2]
release_notes = (repo_root / "docs/releases/RELEASE_NOTES_v6_RC3_DRAFT.md").read_text(
encoding="utf-8"
)
changelog = (repo_root / "docs/releases/V6_CHANGELOG_RC3_DRAFT.md").read_text(
encoding="utf-8"
)
support_pack = (
repo_root / "docs/releases/V6_RC3_OPERATOR_SUPPORT_PACK_DRAFT.md"
).read_text(encoding="utf-8")
self.assertIn("v6.0.0-rc.2..v6.0.0-rc.3", release_notes)
self.assertIn("commit count: `597`", changelog)
self.assertIn("broad hardening RC with a corrective maintenance core", changelog)
self.assertIn("Release asset uploads use bounded retries", release_notes)
self.assertIn(
"release artifact validation, draft metadata preservation, upload retries",
support_pack,
)
if __name__ == "__main__":
unittest.main()