PBS often runs in Docker containers, so the container check was preventing
legitimate setups. Also fixed the script to check for proxmox-backup-manager
instead of pveum (which is PVE-only).
- Added required field validation for name, type, and host in node configuration
- Added duplicate node prevention by name (returns 409 Conflict)
- Added IP address format validation to reject invalid IPs
- Added port range validation (1-65535)
- Added validation for negative polling intervals in system settings
- Added HEAD request support for health and version endpoints
- Reduced node addition timeout from 10s to 3s to prevent UI hanging
These validation improvements were discovered through comprehensive testing
and prevent invalid data from being accepted by the API.
The setup script no longer mentions VM disk monitoring at all, as requested.
This avoids confusion about what works or doesn't work on different
Proxmox versions. The permissions are still set up correctly behind
the scenes, but users don't need to see confusing information about it.
The setup script was incorrectly claiming that VM disk monitoring works
on Proxmox 9 with API tokens. This is not true due to an upstream
Proxmox limitation where API tokens cannot access guest agent data
even with the correct permissions.
Updated the setup script to clearly explain:
- This is a known Proxmox 9 limitation, not a Pulse issue
- API tokens are blocked from accessing get-fsinfo
- Available workarounds (use root@pam or wait for upstream fix)
- Link to issue #348 for full context
This should prevent further confusion for users running Proxmox 9.
- Fixed reactivity issue where PVE node tables weren't showing on hard refresh
- Removed component re-mounting caused by IIFE wrapper in App.tsx
- Added text truncation with ellipsis to prevent row height changes
- Fixed table visibility to properly hide when filtering excludes all nodes
- Added cache-busting headers to ensure browser loads latest JS/CSS files
- Remove max-width constraint on search fields to utilize available space
- Node summary table now updates based on search/filter criteria
- Only show nodes with matching guests when filtering is active
- Calculate node metrics based on filtered guests only
- Show matched guest count in node summary when filtering
- Provides better visual feedback on what the filters are affecting
- Setup scripts now accept both temporary setup codes and permanent API tokens
- Setup codes (6 chars): For manual setup by others, expire in 5 minutes
- API tokens: For automation and trusted environments, no expiration
- Modified auto-registration endpoint to accept API tokens directly
- Fixed JSON escaping issues with exclamation marks in bash scripts
- Updated README with clear documentation of both authentication methods
- Discovery modal now shows cached results immediately while scanning
This enables both secure manual setup (via temporary codes) and reliable
automation (via API tokens) without compromising security.
The discovery functionality was broken because the router was using a
simple GET-only handler instead of the complete HandleDiscoverServers
function that supports both GET (cached results) and POST (manual scans
with subnet parameters).
Changes:
- Updated router to use configHandlers.HandleDiscoverServers instead of r.handleDiscovery
- Removed the redundant handleDiscovery function
- Discovery endpoint now supports both GET and POST methods as expected by frontend
- Added proper authentication requirement for discovery endpoint
This addresses the discovery being broken in the latest RC releases.
Added detailed VM disk monitoring checks to the diagnostics page:
- Tests actual guest agent connectivity for each node
- Shows how many VMs have agents configured vs working
- Performs a detailed test on one VM and reports the result
- Provides specific recommendations based on the error encountered
- Shows SUCCESS when disk monitoring is working properly
This helps users quickly identify why VM disk monitoring might not be working:
- Guest agent not installed/running
- Permission issues with API tokens
- VM configuration problems
The diagnostics clearly show when everything is working (like the delly.lan cluster showing 19.3% disk usage) vs when there are issues to resolve.
TESTED AND CONFIRMED: API tokens CAN access guest agent data on PVE 9!
- Created test tokens and verified they work
- Guest agent API returns proper disk usage data
- The cluster/resources endpoint shows disk=0 but that's not what Pulse uses
- Pulse correctly fetches data via /nodes/{node}/qemu/{vmid}/agent/get-fsinfo
The misinformation about PVE 9 not working was completely wrong. It does work when properly configured with PVEAuditor role which includes VM.GuestAgent.Audit permission.
Stop making definitive claims about what works or doesn't work. The reality:
- Some users (like you) have it working fine in cluster configs
- Others report 0% disk usage
- The exact conditions that make it work are unclear
- Results vary between different setups
Updated all docs and messages to reflect this uncertainty rather than making false claims about non-existent workarounds or absolute limitations.
Previous advice was completely wrong. The facts:
- VM.Monitor permission doesn't exist in PVE 9 (was removed)
- It was replaced with VM.GuestAgent.Audit
- But even with correct permissions, API tokens CANNOT access guest agent data on PVE 9
- This is Proxmox bug #1373 with NO working workaround for API tokens
- Users must accept 0% VM disk usage on PVE 9 until Proxmox fixes it upstream
Updated all documentation and error messages to reflect this reality instead of giving false hope about non-existent workarounds.
The root@pam suggestion doesn't actually work since it requires the Linux system root password, not a Proxmox-specific password. Most users don't know or have disabled their Linux root password for security.
Updated all documentation and error messages to correctly advise users to grant VM.Monitor permission to their API token user instead.
The setup code section in the modal is no longer shown when the auth token
is already embedded in the setup script URL. Since the token is included
as auth_token parameter, there's no need for users to see or enter it.
The real issue for PVE 8 users seeing 0% disk usage:
- Users who added nodes BEFORE v4.7 don't have VM.Monitor permission
- The setup script always created tokens with privsep=0, so that wasn't the issue
- Solution: Re-run the setup script or manually add VM.Monitor permission
Updated error messages and documentation to reflect the actual cause
and provide the correct fix for users experiencing this issue.
- Add detailed logging when VM disk monitoring fails due to permissions
- Explain Proxmox 9 limitation: API tokens cannot access guest agent data (PVE bug #1373)
- Explain Proxmox 8 requirements: VM.Monitor permission and privsep=0 for tokens
- Update setup script to show appropriate warnings for each PVE version
- Update FAQ with troubleshooting steps for 0% disk usage on VMs
- Log messages now clearly indicate workarounds for each scenario
The core issue: Proxmox 9 removed VM.Monitor permission and the replacement
permissions don't allow API tokens to access guest agent filesystem info.
This is a Proxmox upstream bug that affects their own web UI as well.
For users experiencing this issue:
- PVE 9: Use root@pam credentials or wait for Proxmox to fix upstream
- PVE 8: Ensure token has VM.Monitor and privsep=0
- All versions: QEMU guest agent must be installed in VMs
addresses #348
After extensive testing and research:
CONFIRMED: This is a Proxmox 9 API limitation, not a configuration issue
- Guest agent get-fsinfo works when called as root (qm agent <vmid> get-fsinfo)
- API tokens CANNOT access this data even with VM.GuestAgent.Audit permission
- Proxmox's own web UI also shows 0% for VM disk usage (bug #1373)
Updated:
- Setup script now clearly explains this is a known Proxmox limitation
- Changed log level from Warn to Debug for permission errors (expected on PVE 9)
- Added references to Proxmox bug #1373
Workarounds for users:
1. Use root@pam credentials instead of API tokens for full VM disk monitoring
2. Container (LXC) disk usage works correctly with tokens
3. Wait for Proxmox to fix this upstream
The guest agent returns the data (total-bytes, used-bytes) but Proxmox's
API doesn't allow token access to it. This is not something we can fix
in Pulse - it needs to be addressed in Proxmox itself.
addresses #348
After testing on actual PVE 9.0.5 nodes:
- Confirmed VM.Monitor privilege was removed in PVE 9
- PVEAuditor role includes VM.GuestAgent.Audit permission
- Added Sys.Audit permission (replacement for VM.Monitor)
- Added clear warning about known PVE 9 guest agent limitations
The issue appears to be a Proxmox 9 limitation where even with correct
permissions (VM.GuestAgent.Audit + Sys.Audit), the guest agent API may
not return disk usage data for non-root tokens. This is likely a bug or
intentional security restriction in Proxmox 9 that needs to be addressed
upstream.
Updated setup script to:
1. Properly detect PVE 9 and add appropriate permissions
2. Warn users about the known limitation
3. Suggest workarounds (using root credentials if needed)
addresses #348
- Updated setup script to properly detect and handle Proxmox 9 where VM.Monitor was removed
- For PVE 9+, now creates custom role with Sys.Audit permissions (replaces VM.Monitor)
- Attempts to add VM.Agent or Sys.Modify permissions for better guest agent access
- Added better error logging to identify permission issues with guest agent API
- Warns users about PVE 9 permission requirements if disk usage shows 0%
The setup script now:
1. Properly detects PVE version using pveversion command
2. Creates appropriate roles based on PVE version (VM.Monitor for PVE 8, Sys.Audit for PVE 9)
3. Provides clear instructions if guest agent access still doesn't work
The SecurityHeaders middleware was not being applied to the router,
causing the "Allow iframe embedding" setting to not take effect.
This fix properly applies the middleware with the saved settings,
allowing iframe embedding to work when enabled.
addresses #351
Addresses #222 - Allow Pulse to be embedded in iframes (e.g., Homepage dashboard)
- Add AllowEmbedding and AllowedEmbedOrigins settings to SystemSettings
- Update security headers to respect embedding configuration
- When disabled: X-Frame-Options: DENY, frame-ancestors 'none'
- When enabled (same-origin): X-Frame-Options: SAMEORIGIN, frame-ancestors 'self'
- When enabled with origins: Adds specified origins to frame-ancestors
- Add UI controls in Settings → System → Network Settings
- Properly handle CSP frame-ancestors directive for cross-origin embedding
Users can now enable iframe embedding and specify allowed origins for embedding Pulse in Homepage or other dashboard applications.
The temporary auth tokens generated by authenticated users are now properly
validated even when Pulse has authentication enabled. This fixes the issue
where fresh installs (which are secured by default) couldn't use the
auto-registration feature.
Replaced the two-step setup code process with a simpler token-in-URL approach:
- Auth token is now embedded directly in the setup URL
- No more prompting users for setup codes
- Same security level with better UX
- Backwards compatible with old setupCode field
The new flow generates a command like:
curl -sSL "http://pulse/api/setup-script?...&auth_token=TOKEN" | bash
This makes it much easier for users, especially in Proxmox shell where
interactive prompts can be problematic.
- The generated command now includes PULSE_SETUP_CODE environment variable
- Users can simply copy-paste the command in Proxmox shell without needing to type the code
- Makes the setup process more streamlined for the primary use case
- Add bulk acknowledge and clear operations for alerts
- Support selecting multiple alerts with checkboxes
- Add select all functionality for bulk operations
- Improve Proxmox permission setup to handle both PVE 8 and 9+
- Use PVEAuditor role which includes VM.GuestAgent.Audit for PVE 9+
- Add fallback VM.Monitor role for PVE 8 and below
- Bump version to 4.7.3
- Fixed parsing of pveversion output (uses colon separator not slash)
- Now correctly extracts version number from 'pve-manager: X.Y.Z' format
- addresses #348
- Detect Proxmox version in setup script
- Use VM.GuestAgent.Audit for PVE 9+ instead of VM.Monitor
- Update UI instructions to handle both PVE 8 and 9
- addresses #348
- Webhook test was showing success even when receiving 400/500 errors
- Now correctly reports HTTP status errors to the UI
- Added debug logging for Gotify webhooks to help troubleshooting
- Addresses #342 where Gotify webhooks appeared to work but didn't
- Setup script no longer requires authentication (uses setup codes instead)
- Fixed discovery service not starting when toggled via settings
- Addresses #347 and discussion #344
addresses #346
The issue was that the code was checking for specific ports (:8007 or :443) in the host string, which would incorrectly add the default port even when a custom port was already specified. Now it properly checks if any port exists after the protocol before adding the default.
Delete and recreate the PulseMonitor role each time instead of trying to modify it. This ensures a clean, predictable state with exactly the permissions needed.
Also fixes incorrect pveum command syntax - should be 'role add' not 'role create'.
Addresses issue reported by NameLessJedi in #340
- Theme changes now broadcast instantly via WebSocket to all connected browsers
- No page refresh needed - theme updates in real-time across all devices
- Theme preference is persisted server-side and loaded on new sessions
- Added WebSocket message type 'settingsUpdate' for broadcasting settings changes
- Updated SystemSettingsHandler to broadcast theme changes to all clients
- Added frontend event listener to handle incoming theme change messages
- Fixed API endpoint routing to use the new handler with broadcast support
- Added proper DISABLE_AUTH check in CheckAuth for auth-disabled environments
This creates a seamless experience where toggling dark/light mode on one device
instantly updates all other connected devices (phones, tablets, browsers).
PBS was incorrectly appending default port :8007 even when custom ports were specified, resulting in malformed URLs like domain:443:8007. Now properly detects existing ports after the protocol prefix.
Implements header-based proxy authentication for SSO integration with
Authentik, Authelia, and other authentication proxies.
- Add CheckProxyAuth function to validate proxy headers
- Support for username and role-based access control
- Frontend integration with logout URL support
- Comprehensive documentation with examples
- Backwards compatible - no breaking changes
Addresses #327
Configuration via environment variables:
- PROXY_AUTH_SECRET: Shared secret for validation
- PROXY_AUTH_USER_HEADER: Header containing username
- PROXY_AUTH_ROLE_HEADER: Header containing roles/groups
- PROXY_AUTH_LOGOUT_URL: SSO logout endpoint
- Add GetVMFSInfo method to fetch filesystem data from guest agent
- Integrate guest agent disk stats for VMs in both polling modes
- Aggregate real disk usage from all filesystems (skip special mounts)
- Fall back gracefully to allocated size when agent unavailable
- Add VM.Monitor permission to auto-negotiation script via PulseMonitor role
- Update frontend NodeModal with new permission instructions
VMs with QEMU guest agent now show actual disk usage like LXCs do.
Addresses #344
Addresses #343 - users can now disable Proxmox/PBS server discovery through:
- UI toggle in Settings > System > Network Settings
- Environment variable DISCOVERY_ENABLED=false
- system.json configuration
Discovery runs by default but can be completely disabled for environments where automatic scanning causes issues (e.g., shared hosting networks).
- Auto-detects Proxmox VE hosts and creates LXC containers
- Quick mode with sensible defaults (1GB RAM, 4GB disk)
- Advanced mode for full customization
- Automatic cleanup on failure
- Simple 'update' command in containers
- Improved error handling and network detection
- Professional, clean output without verbose noise
- Docker detection to prevent container-in-container
- Removed all references to community scripts
This is now the primary recommended installation method.
addresses #340 - more secure authentication for Quick Token Setup
Major security improvement:
- Replaced URL-embedded tokens with 6-character one-time setup codes
- Setup codes are entered interactively, never transmitted in URLs
- Codes are hashed for storage and expire after 5 minutes
- Each code can only be used once
How it works:
1. User clicks "copy command" in Pulse UI
2. A unique setup code is generated and shown to the user
3. User runs the curl command on their Proxmox server
4. Script prompts for the setup code
5. Code is validated and node is auto-registered
This approach is much more secure as no authentication tokens travel over the network in URLs, and the codes are short-lived and single-use.
addresses #340 - Quick Token Setup improvements
Changed:
- Auto-registration now uses temporary setup tokens instead of API tokens (API tokens are hashed and can't be passed directly)
- Setup script shows token value for manual configuration when auto-registration fails
- Improved error messages to explain why auto-registration might fail
- Auto-register endpoint now accepts either API tokens or temporary setup tokens
This ensures the Quick Token Setup feature works as intended - automatically registering nodes without manual token copying when possible, while providing clear fallback instructions when authentication is required.
- API tokens now work even when DISABLE_AUTH is set
- Added API token section back to Security tab in settings
- API tokens can protect API access for automation while keeping UI open
- Invalid tokens are rejected even with auth disabled
- Export/import endpoints still require valid API token
- Added DISABLE_AUTH env var to completely bypass authentication
- Useful for reverse proxy setups (Authentik, Authelia, etc.)
- Updated documentation in CONFIGURATION.md and REVERSE_PROXY.md
- Fixed security tests to handle auth disabled state
Frontend (TypeScript):
- Eliminated all 'any' types (7 → 0)
- Added proper types for event system with generics
- Fixed event data interfaces with specific types
- Replaced any with unknown where appropriate
Backend (Go):
- Created central types.go with 30+ typed API structures
- Eliminated all interface{} in /internal/api package (158 → 0)
- Replaced map[string]interface{} with typed structs:
- ChartResponse, VMChartData, NodeChartData, StorageChartData
- DiagnosticsInfo with NodeDetails, ClusterInfo, PBSDetails
- StorageChartsResponse with StorageMetrics
- Improved compile-time type safety for all API responses
Benefits:
- Better IDE support and autocomplete
- Compile-time error detection
- Clearer API contracts
- Improved maintainability
All tests passing, service running successfully with typed code.
- Add helpful "No Proxmox VE nodes configured" message to Storage and Backup tabs
- Include "Go to Settings" button for easy navigation when no nodes exist
- Enhance network discovery for Docker environments with smart subnet detection
- Auto-detect Docker network configuration and scan appropriate subnets
- Add support for common Docker network ranges (172.16.0.0/12, 10.0.0.0/8)
- Improve discovery logging to show subnet being scanned
- Fix discovery API endpoint to properly return discovered servers
- Automatically hash plain text API tokens (SHA3-256) and passwords (bcrypt) when loaded from env vars
- Remove unnecessary PULSE_SETUP_TOKEN feature in favor of simpler env var approach
- Remove HandleInitialSetup endpoint - not needed with env var configuration
- Update authentication to always use hashed comparisons (no plain text warnings)
- Update documentation to clearly explain auto-hashing capability
- Maintain backward compatibility with pre-hashed credentials
This makes Pulse secure by default while keeping deployment simple - users can
provide plain text credentials via environment variables and Pulse automatically
hashes them for security.
- Track which settings are overridden by env vars in backend
- Expose env override information in system settings API
- Show clear warnings in UI when settings are controlled by env vars
- Disable input fields when overridden by environment variables
- Add helpful instructions for users to remove env vars if needed
This improves UX by making it clear why UI changes don't take effect
when environment variables are set. Follows container best practices
where env vars have highest precedence, while clearly communicating
this behavior to users.
Addresses user confusion when UI settings don't work due to env var overrides.
- API tokens now hashed before storage (never stored in plain text)
- Raw token shown only once during generation
- Backward compatible with existing plain text tokens
- Added migration warnings for users with plain tokens
- Updated documentation to reflect security improvements
