- Frontend was looking for smtpHost/smtpPort but backend returns server/port
- Fixed field mapping in NotificationsAPI to use correct field names
- Email SMTP server now properly displays saved value instead of placeholder
- Fixed startTLS field name inconsistency (was starttls, now startTLS)
- Added automatic reload of email config when switching to Notifications tab
- Email config now properly displays saved SMTP server instead of placeholder
- Ensures fresh data is loaded when user navigates to email settings
Updated logging to exclude request bodies that may contain passwords
or other sensitive information. Now only logs metadata about requests
without exposing actual credentials.
Ensures each modal (PVE/PBS) only receives editingNode if the node type
matches. This prevents PBS edit from showing PVE form and vice versa.
Both issues from #296 are now addressed:
1. PBS forms no longer get contaminated with PVE data (previous commit)
2. PBS edit now correctly shows PBS form instead of PVE form (this commit)
Separated PVE and PBS modals into distinct component instances to prevent
form state contamination. Each node type now has its own Show component
that mounts/unmounts independently, ensuring clean form state.
Also added resetKey tracking and node type change detection for
additional form reset triggers.
Verified with automated tests that PBS forms no longer show data
from previously canceled PVE forms.
Fixed the remaining contamination issue where PBS forms would retain PVE data
after canceling a PVE node addition. The form now properly resets when opening
the modal for adding a new node.
Two fixes were needed:
1. Set currentNodeType when editing any node (previous commit)
2. Clear form data when opening modal for new nodes (this commit)
Both issues reported by krom are now resolved:
- PBS forms no longer show PVE data
- Editing PBS nodes properly populates the form
The issue was that when editing a PBS node, the currentNodeType wasn't being set,
causing the modal to not populate the form correctly. Now setCurrentNodeType is
called with the node's type when editing any node.
This ensures:
- PBS forms don't get contaminated with PVE data
- Editing PBS nodes properly populates the form with PBS data
- No cross-contamination between node types
Frontend improvements:
- Store raw override config separately to handle delayed WebSocket state loading
- Use createEffect to reprocess overrides when WebSocket state becomes available
- Properly maintain raw config when adding/updating/removing overrides
- Ensures overrides don't disappear when switching tabs or navigating
This addresses the issue where custom thresholds would disappear after navigating
away from the tab, which was caused by the WebSocket state not being fully loaded
when the initial config was processed.
Frontend fixes:
- Fixed VM thresholds incorrectly showing as 'CT' in alerts UI (issue #295)
- Fixed threshold slider not reaching 0% and 100% edges (issue #295)
- Fixed PBS form auto-filling with PVE settings (issue #296)
- Fixed email config property mapping (server/port instead of smtpHost/smtpPort)
Backend fixes:
- Updated EmailConfig struct to use 'server' and 'port' JSON tags for consistency
- Added 'provider' and 'startTLS' fields to EmailConfig
- Fixed PORT env var to correctly set FrontendPort instead of BackendPort
- Changed default log level from Debug to Info
All changes tested and verified working correctly.
- Added detailed reverse proxy guide for nginx, Caddy, Apache, Traefik, HAProxy, and Cloudflare Tunnel
- Emphasized WebSocket requirement for v4
- Added testing instructions and troubleshooting tips
- Updated README and CONFIGURATION docs to reference the new guide
- Addresses user feedback from issue #244 about WebSocket requirement
- VMs now properly display as "VM" instead of "CT" in custom thresholds
- Slider thumb now reaches 0% and 100% edges correctly
- Custom rules and schedule changes now trigger unsaved changes warning
- Fixed missing setHasUnsavedChanges calls for override operations
- Fixed mismatch between backend (unhealthy) and frontend (error)
- Both PVE and PBS nodes now correctly show red dot when unhealthy
- Fixes issue #293 where PBS showed red dot despite being connected
- Add automatic HTTPS defaulting when no protocol specified
- Warn users when using HTTP for PBS (which requires HTTPS)
- Improve error messages to suggest HTTPS when HTTP fails
- Add UI hints about PBS requiring HTTPS on port 8007
- Fix placeholder to show correct default port for PBS
- Add UI modal to prompt for API token when required
- Detect and handle invalid/expired tokens automatically
- Clear invalid tokens and re-prompt user
- Add ability to clear stored tokens from browser
- Fix race condition in modal retry logic
- Improve error messages for auth failures
- Handle both export and import authentication consistently
- Track operation source to ensure correct retry behavior
Fixes issue reported by da99Beast where Docker users with API_TOKEN
environment variable couldn't authenticate for export/import operations
Fixed issue where discovered nodes and manual node setup would incorrectly
call updateNode instead of addNode. The problem was that discovered nodes
were set with an empty string ID, which made the code think it was editing
an existing node.
Now properly checks for both editingNode existence AND a valid ID before
deciding whether to update or add.
Fixes#289
The buttons were incorrectly disabled due to inverted logic. They now work properly regardless of security configuration. Also improved error messages to show the actual error from the API.
- Added clearer error message when export fails due to missing auth
- UI now explicitly tells users to set API_TOKEN or ALLOW_UNPROTECTED_EXPORT
- Addresses issue #286 where error wasn't clear
Changed the default authentication method from username/password to API token when clicking on auto-discovered servers. API tokens are more secure and the recommended approach for most users.
- PBS instances now show as online when datastores are accessible even if version endpoint fails
- Email sending now uses proper STARTTLS support for compatibility with providers like SMTP2GO
- Email recipient input no longer filters entries while typing
- Auto-update setting now properly persists and loads from config
- Fixed CPU usage alerts for offline VMs (already addressed in previous commits)
- Use actual verified field from backend for PBS backups through PVE storage
- Was incorrectly hardcoded to null causing verified checkmarks not to show
- Added format field checking for pbs-ct and pbs-vm
- Changed unknown type fallback from VM to LXC (more common)
- Fixes issue where all backups showed as VM type
- Added service field to WebhookConfig to identify Discord webhooks
- Use Discord-specific template when sending Discord webhooks
- Fixed backup type detection for PBS backups (vm/ct)
- Fixed shared storage duplicate IDs across instances
- Fixed alert acknowledge/clear response format to match frontend expectations
- Fix CPU core display to show for all guests with CPU data
- Previously only showed cores when CPU > 0 (truthy)
- Now shows "(0.0/X cores)" consistently for all running/stopped guests
- Improve code organization with new helper utilities
- Clean up import statements and remove debug logs
- Remove sessionStorage for API tokens - it clears on tab close
- localStorage is correct for persistent auth tokens
- sessionStorage would log users out every time they close the tab
- Keep other security improvements from previous commit
- Fix unsafe JSON parsing in WebSocket with proper error handling
- Fix unsafe JSON parsing in Settings import with validation
- Improve API token security by using sessionStorage as primary storage
- Remove debug console statements from production code
- Fix race conditions in WebSocket alert handling with atomic updates
- Add NaN validation for parseFloat operations in search queries
- Add safer error handling alternatives in generics utility
- Improve graceful shutdown in Settings API with proper timing
- All changes verified with successful frontend and backend builds
- Fix XSS vulnerabilities in Tooltip component by replacing innerHTML with textContent and adding content sanitization
- Fix XSS vulnerability in UnifiedBackups by replacing innerHTML with safe DOM manipulation
- Add proper null checks for props.guest.cpu in GuestRow to prevent NaN errors
- Replace unsafe non-null assertions with proper conditional rendering
- Fix memory leak in Settings component by improving interval cleanup
- Fix WebSocket reconnection race condition by adding proper timeout cleanup
- Create standardized error handler utility for consistent error handling
- Enable VM state support in monitoring (resolves TODO)
- Improve type safety throughout the codebase
- All changes verified with successful frontend and backend builds
- Remove .env syncing - UI no longer writes to .env file
- system.json is the single source for UI-managed settings
- .env files are read-only for deployment overrides
- Environment variables still override everything (Docker/systemd)
- Cleaner separation: env vars for deployment, JSON for runtime
- Updated documentation to clarify configuration hierarchy
- Simpler code with less failure points
- UI settings now automatically update .env file when changed
- .env file and system.json stay in sync
- Settings hierarchy preserved: env vars > .env > UI
- .env file is auto-generated/updated when UI saves settings
- Improved user experience - changes in UI reflect in .env and vice versa
- Fix Export/Import API token authentication (wasn't sending X-API-Token header)
- Add client-side passphrase validation (12+ chars with visual feedback)
- Fix settings persistence for AllowedOrigins field
- Fix hardcoded port display in diagnostics (now shows actual port)
- Add .env file support for non-sensitive configuration (ports, logging, etc)
- Keep sensitive data (API tokens, passwords) using secure methods (systemd env vars)
- Update documentation with configuration guide and latest features
- Document auto-discovery, cluster detection, and export/import features
- Badges should be for statuses/counts, not descriptive properties
- Cluster information is already shown in dedicated section below
- Keeps only functional badges (VMs, Containers, Storage, Backups)
- Cleaner, less cluttered interface
- Both badges now use gray color scheme (bg-gray-200/700, text-gray-600/400)
- Removes the blue coloring from cluster badge that made it inconsistent
- Better visual hierarchy - badges are informational, not action items
- Update checkbox label to 'Enable storage permissions for backup visibility'
- Clarify that PVEDatastoreAdmin is needed to READ backup files (Proxmox API limitation)
- Remove misleading text about managing/creating/deleting backups
- Make it clear Pulse only reads backup data, doesn't control backups
- Add checkbox to control whether backup write permissions are granted
- When checked: adds PVEDatastoreAdmin role on /storage (allows backup management)
- When unchecked: only PVEAuditor role (read-only, no PVE backups in Storage tab)
- Update setup script generation to conditionally add storage permissions
- Update UI to clearly explain the implications of each choice
- Remove DiscoveryModal component and Discover button
- Show discovered nodes directly in PVE/PBS tabs (greyed out)
- Discovered nodes are clickable to configure
- Intelligently filter out nodes that are part of configured clusters
- Prevent duplicate entries for cluster members in discovery results
- Maintain glassmorphic styling throughout
Frontend:
- Enhanced cluster vs standalone node visual distinction in Settings
- Added glassmorphic style to all toast notifications for consistency
- Fixed test connection in edit modal to use stored encrypted credentials
- Added batch credential modal for bulk node operations
- Added network discovery modal with auto-subnet detection
- Improved notification system with dual toast/notification support
- Added event bus for component communication
Backend:
- Fixed duplicate toast notifications during auto-registration
- Fixed PBS auto-registration token extraction from JSON output
- Added network discovery service with background scanning
- Improved cluster detection with actual cluster name from API
- Added helper function to reduce code duplication in cluster detection
- Fixed host URL normalization in auto-registration
- Enhanced PBS client token authentication parsing
Bug Fixes:
- Fixed stacking toast notifications creating visual bugs
- Fixed PBS authentication failures after auto-registration
- Fixed network discovery not finding Proxmox servers
- Fixed test connection for existing nodes with encrypted tokens
- Removed duplicate WebSocket broadcasts for auto-registration events
- Fixed NodeModal to correctly detect token auth based on tokenName instead of user field
- Backend now properly clears user field when using token authentication
- Backend now properly clears token fields when using password authentication
- This fixes the issue where PBS nodes using token auth would show "User:" instead of "Token:"
Fixes#263, #261
- Removed PBS summary card from Dashboard and Backups tabs (not needed)
- Fixed backup frequency chart to use local timezone instead of UTC
- Chart now properly includes today in the date range
- Dates display according to user's browser timezone
The Apply Update button was not showing when an update was available because it only checked for 'idle' status but the API returns 'available' status when an update is ready.
