- Document auto-update feature in README
- Add detailed setup instructions in INSTALL.md
- Include auto-update configuration in CONFIGURATION.md
- Explain systemd timer behavior and controls
- Note that Docker doesn't support auto-updates
- Setup scripts now accept both temporary setup codes and permanent API tokens
- Setup codes (6 chars): For manual setup by others, expire in 5 minutes
- API tokens: For automation and trusted environments, no expiration
- Modified auto-registration endpoint to accept API tokens directly
- Fixed JSON escaping issues with exclamation marks in bash scripts
- Updated README with clear documentation of both authentication methods
- Discovery modal now shows cached results immediately while scanning
This enables both secure manual setup (via temporary codes) and reliable
automation (via API tokens) without compromising security.
- Add detailed logging when VM disk monitoring fails due to permissions
- Explain Proxmox 9 limitation: API tokens cannot access guest agent data (PVE bug #1373)
- Explain Proxmox 8 requirements: VM.Monitor permission and privsep=0 for tokens
- Update setup script to show appropriate warnings for each PVE version
- Update FAQ with troubleshooting steps for 0% disk usage on VMs
- Log messages now clearly indicate workarounds for each scenario
The core issue: Proxmox 9 removed VM.Monitor permission and the replacement
permissions don't allow API tokens to access guest agent filesystem info.
This is a Proxmox upstream bug that affects their own web UI as well.
For users experiencing this issue:
- PVE 9: Use root@pam credentials or wait for Proxmox to fix upstream
- PVE 8: Ensure token has VM.Monitor and privsep=0
- All versions: QEMU guest agent must be installed in VMs
- LXC containers run as root and don't have sudo installed
- Updated all documentation to remove sudo references
- Updated frontend UI to show correct install command
- Keep sudo mention only in troubleshooting for edge cases
Replaced the two-step setup code process with a simpler token-in-URL approach:
- Auth token is now embedded directly in the setup URL
- No more prompting users for setup codes
- Same security level with better UX
- Backwards compatible with old setupCode field
The new flow generates a command like:
curl -sSL "http://pulse/api/setup-script?...&auth_token=TOKEN" | bash
This makes it much easier for users, especially in Proxmox shell where
interactive prompts can be problematic.
Implements header-based proxy authentication for SSO integration with
Authentik, Authelia, and other authentication proxies.
- Add CheckProxyAuth function to validate proxy headers
- Support for username and role-based access control
- Frontend integration with logout URL support
- Comprehensive documentation with examples
- Backwards compatible - no breaking changes
Addresses #327
Configuration via environment variables:
- PROXY_AUTH_SECRET: Shared secret for validation
- PROXY_AUTH_USER_HEADER: Header containing username
- PROXY_AUTH_ROLE_HEADER: Header containing roles/groups
- PROXY_AUTH_LOGOUT_URL: SSO logout endpoint
- Added comprehensive PORT_CONFIGURATION.md guide
- Updated CONFIGURATION.md to clarify .env is for auth only
- Install script no longer loads .env for environment variables
- Documented proper port configuration methods (systemd, system.json)
- Added port config guide to README documentation section
addresses #110 - helps users understand where to configure ports
- Simple update commands for each installation type
- LXC containers just run 'update' command
- Standard installs re-run the installer
- Docker users pull and recreate
- Added 'pulse --version' and 'pulse version' commands
- Version info embedded at build time (version, commit, build date)
- Added Privacy section to README - no telemetry/analytics
- Added example alert messages to show webhook capabilities
- Build script now properly embeds version information
- Removed overly aggressive Quick Install section
- Added brief description of what Pulse does
- Kept sponsorship section high for visibility
- Install command now in logical Quick Start section
- Better context and explanation before showing commands
- Auto-detects Proxmox VE hosts and creates LXC containers
- Quick mode with sensible defaults (1GB RAM, 4GB disk)
- Advanced mode for full customization
- Automatic cleanup on failure
- Simple 'update' command in containers
- Improved error handling and network detection
- Professional, clean output without verbose noise
- Docker detection to prevent container-in-container
- Removed all references to community scripts
This is now the primary recommended installation method.
Changed install options order to recommend the official installer first for
systemd/bare metal installations, with community scripts as an alternative option
- Add ability to completely disable alerts for specific guests in Custom Overrides
- Refactor override editing to use single form instead of inline editing
- Add dashboard indicators for guests with custom overrides (blue cog for custom thresholds, grey bell-slash for disabled)
- Remove complex Proxmox tag-based alert control system in favor of simpler UI controls
- Improve layout and UX for alert override management
- pulse-no-alerts: completely silent, no alerts generated at all
- pulse-monitor-only: alerts show in UI for manual checking, but no notifications sent
- updated descriptions to make the distinction clearer
- improved use case examples to show when to use each
removed incorrect 'temporary override' framing - users want permanent control for VMs with special needs (TrueNAS, Samba, Frigate, etc). tags are now presented as direct per-VM control that can be used for both permanent configuration and temporary needs
key insight: tags let users say 'this specific VM is special' vs custom rules for patterns
- updated documentation to clearly distinguish between:
- Custom Rules: permanent alert policies configured in UI
- Tags: temporary operational overrides applied in Proxmox
- improved log messages to indicate tags are temporary overrides
- added clear use cases and best practices for each approach
- emphasized that tags complement (not replace) custom rules
changed pulse-relaxed behavior to override with fixed values (95% CPU/RAM, 98% disk) rather than adding to existing thresholds. this avoids confusing interactions with custom alert rules and provides more predictable behavior
also updated docs to clarify the priority order of tags vs custom rules
documented the new tag-based alert suppression feature that allows controlling alert behavior per VM/container without UI changes. includes pulse-no-alerts, pulse-monitor-only, and pulse-relaxed tags with examples
- Auto-detect Docker environment and scan common home/office subnets
- Scans 192.168.1.0/24, 192.168.0.0/24, 10.0.0.0/24, 192.168.88.0/24, 172.16.0.0/24
- Removes friction - nodes are discovered automatically without configuration
- DISCOVERY_SUBNET env var now optional (only for non-standard networks)
- Update documentation to reflect automatic discovery
This makes the first-run experience much smoother - users see their
Proxmox nodes immediately without having to figure out subnet configuration.
- Automatically hash plain text API tokens (SHA3-256) and passwords (bcrypt) when loaded from env vars
- Remove unnecessary PULSE_SETUP_TOKEN feature in favor of simpler env var approach
- Remove HandleInitialSetup endpoint - not needed with env var configuration
- Update authentication to always use hashed comparisons (no plain text warnings)
- Update documentation to clearly explain auto-hashing capability
- Maintain backward compatibility with pre-hashed credentials
This makes Pulse secure by default while keeping deployment simple - users can
provide plain text credentials via environment variables and Pulse automatically
hashes them for security.
- Add clear warnings that env vars override UI/system.json settings
- Update log messages to indicate when env vars are overriding values
- Document standard container practice: env vars have highest precedence
- Users must remove env vars to allow UI configuration to take effect
This prevents confusion when UI changes don't work due to env var overrides.
- Re-enable DISCOVERY_SUBNET env var for Docker network configuration
- Re-enable LOG_LEVEL env var for runtime logging control
- Re-enable CONNECTION_TIMEOUT env var for timeout configuration
- Re-enable ALLOWED_ORIGINS env var for CORS configuration
- Update documentation to reflect working env vars
These env vars were accidentally disabled but are useful for Docker deployments.
Env vars override system.json settings when present.
Addresses #214 - user requested DISCOVERY_SUBNET env var support
- Remove all PBS-AGENT.md references (hallucinated feature)
- Fix DISCOVERY_SUBNET env var name in Docker docs (was incorrectly PULSE_DISCOVERY_SUBNET)
- Add DISCOVERY_SUBNET examples to README for Docker users
- Update FAQ to clarify PBS push mode is not supported
Addresses #214 - user reported 404 on PBS-AGENT.md link
The PBS push mode/agent feature was never actually implemented in v4.
This was documentation for a planned feature that doesn't exist.
Removed PBS-AGENT.md correctly as the feature isn't present in the codebase.
- Move development scripts to scripts/ directory (dev.sh, hot-dev.sh, build.sh, etc.)
- Move UPGRADE_NOTICE to docs/ directory
- Remove empty 2025-08-14 file
- Update all references to moved scripts in documentation
- Add HTTPS_ENABLED, TLS_CERT_FILE, TLS_KEY_FILE environment variables
- Server automatically starts in HTTPS mode when configured
- Falls back to HTTP with warning if certs missing
- WebSocket origins automatically adjust for HTTPS
- Fully backward compatible - defaults to HTTP
- Documented in README and CONFIGURATION.md
Addresses kenrmayfield's request for HTTPS support
- Add clear ProxmoxVE LXC update instructions (just type 'update')
- Fix incorrect FAQ about UI updates (no longer possible)
- Explain why Pulse cannot self-update for security reasons
- Make it clear that most users run in LXC containers
- Document --rc, --stable, and --version flags
- Show how to update to RC releases
- Include both script and Docker update methods
- Make it clear how users can test pre-releases
- Remove outdated v3 to v4 migration guide
- Update README with mandatory security setup steps
- Clarify that authentication is now required, not optional
- Update Docker, Security, and Troubleshooting docs
- Remove references to optional authentication
Removed outdated DISCOVERY_SUBNET environment variable references and documented the correct way to configure discovery subnet in Docker containers via system.json. Docker containers detect their internal network by default, so manual configuration is needed for LAN discovery.
- Fix alternating zero I/O metrics by implementing rate caching for stale data from Proxmox
- Hardcode polling interval to 10 seconds (matching Proxmox cluster/resources update cycle)
- Remove polling interval settings from UI (no longer user-configurable)
- Implement efficient VM/container polling using single cluster/resources API call
- Remove 'Remove Password' feature (auth is now mandatory)
- Fix CSRF validation for Basic Auth (exempt from CSRF checks)
- Fix Generate API Token modal and authentication
- Remove redundant 'Active' status from Authentication section
- Remove Connection Timeout setting from frontend (backend-only)
- Clean up frontend console logging (reduce verbosity)
- Remove PBS polling interval setting (fixed at 10s)
- Add frontend rebuild detection to backend-watch script
- Improve first-run setup flow and error handling
- Add pending restart detection when .env exists but not loaded
- Update frontend to show pending state instead of re-showing setup
- Fix QuickSecuritySetup to refresh security status after configuration
- Remove auto-restart attempts from security setup
- Show deployment-appropriate restart instructions
- Update documentation to reflect new update mechanism
Related to security setup issues after removing sudo/auto-restart capabilities
- Add critical docker-compose bcrypt escaping documentation
- Create comprehensive TROUBLESHOOTING.md guide
- Create dedicated DOCKER.md deployment guide
- Update CONFIGURATION.md with service name variations
- Document that .env file is not created when using env vars
- Add warnings about dollar sign escaping in docker-compose.yml
These docs address the main confusion points from recent issues,
especially the docker-compose bcrypt hash problem affecting many users.
- ProxmoxVE script can now check if auth is already set without credentials
- Quick-setup endpoint is now public but handler checks if setup should be skipped
- Prevents duplicate auth configuration attempts
- Critical for automated setup scripts
- clarified .env file usage for Docker (it's acceptable for Docker volumes)
- emphasized need for quotes around bcrypt hashes to prevent shell expansion
- removed incorrect SHA3-256 'cost factor' reference (only bcrypt has cost factor)
- added notes about proper quoting in Docker examples
- Clarify that session auth (password login) is sufficient for export/import
- Document that guest metadata and custom console URLs are included
- Update FAQ with clearer backup instructions
- Add UI-first approach to README backup section
- Clarify that passwords are ALWAYS bcrypt hashed (never plain text)
- Document SHA3-256 hashing for API tokens
- Add Quick Security Setup as recommended method
- Update examples to show hashed format required
- Add security best practices section
- Add verification script reference
- Update troubleshooting for new auth variables
Documentation Updates:
- Fix CORS documentation to reflect new secure defaults (no CORS by default)
- Add API token management endpoints to API.md
- Document CORS configuration in SECURITY.md
- Update environment variable documentation with defaults
- Add authentication variables (PULSE_PASSWORD, API_TOKEN, etc.)
- Add troubleshooting for CORS and authentication issues
- Remove outdated references to ALLOWED_ORIGINS=*
- Clarify that CORS defaults to same-origin only
All documentation now accurately reflects:
- Security improvements from recent audit
- New API token management features
- Correct CORS behavior and configuration
- Complete environment variable reference
- Created MIGRATION.md with clear backup/migration procedures
- Emphasizes export/import as the only supported migration method
- Warns against direct file copying
- Includes security notes about passphrase protection
- Added troubleshooting and pro tips
- Updated README and SECURITY docs to reference migration guide
