- Add GHCR (GitHub Container Registry) token support for public images
- Clean up dockerUpdateFirstSeen tracking when containers are removed
- Improve UpdateIcon tooltip to show digest info
- Add cursor-help to indicate hoverable tooltip
- Add routes for infrastructure update detection API:
- GET /api/infra-updates - list all container updates with filtering
- GET /api/infra-updates/summary - aggregated stats per host
- GET /api/infra-updates/host/{hostId} - updates for specific host
- GET /api/infra-updates/{resourceId} - specific resource update status
- POST /api/infra-updates/check - trigger update check (placeholder)
- Update handlers to query Docker container updates from monitor state
- Protected by auth and monitoring_read scope
When a Proxmox host has multiple network interfaces (management, Ceph,
cluster ring), the agent would use heuristic scoring to pick an IP,
which could select an isolated network instead of the management network.
Now the agent first determines which local IP is actually used to connect
to the Pulse server, ensuring registration uses a reachable IP. Falls back
to the heuristic scoring if connection-based detection fails.
Related to #929
When the same Ceph cluster is reported from multiple sources (PVE API
and host agent), it showed up twice in the UI. Now we deduplicate by
FSID before converting to frontend format, keeping the cluster entry
with the most complete data (most monitors/managers/pools reported).
Related to #928
Ubuntu was showing as "debian 24.04" because we used PlatformFamily
(which is "debian" for all Debian derivatives) instead of Platform
(which is "ubuntu" for Ubuntu).
Now uses Platform first, falling back to PlatformFamily only if empty.
Related to #927
Previously, preflight only built amd64 images, so multi-arch failures
(like the QEMU timeout in 5.0.5) weren't caught until after the
release was published.
Now preflight builds linux/amd64,linux/arm64 staging images. If
multi-arch build fails, the release pipeline stops before publishing.
Combined with the Dockerfile fix (forcing amd64 for build stages),
this ensures Docker build issues are caught early.
The multi-arch Docker build was timing out after 1 hour because
the backend-builder stage was running under QEMU emulation for arm64.
Building 31 Go binaries under QEMU is extremely slow.
Since Go cross-compiles all target architectures anyway, and the
frontend build produces platform-independent JS, there's no need
to run these stages under QEMU. Force them to linux/amd64 and let
Go handle cross-compilation natively.
Only the runtime stages need to be multi-arch (for the correct
Alpine base image and binary selection).
Show the actual update commands with copy buttons for Docker installations,
making it easier for Docker users to update. Includes both docker run and
docker-compose variants.
This addresses audit finding that Docker updates need better documentation
since they can't auto-update like LXC/systemd deployments.
When an agent registers using an IP address, check if any existing node's
hostname resolves to that same IP. This prevents duplicates when a node
was manually configured via hostname and later the agent is installed
which registers using the host's IP.
Changes:
- Add extractHostIP() to extract IP from URL if present
- Add resolveHostnameToIP() with 2s timeout for DNS resolution
- During agent auto-registration, check if existing hostname-based
configs resolve to the new IP and update instead of creating duplicates
- Add test for extractHostIP helper function
The legacy state file could represent either PVE or PBS registration,
depending on what was installed at the time. Now we check what's
currently installed to determine the correct behavior:
- If PVE is installed: legacy file means PVE was registered
- If PBS-only (no PVE): legacy file means PBS was registered
When PBS is installed directly on a PVE host (an officially supported
configuration), the agent now detects and registers BOTH products instead
of only detecting PVE.
Changes:
- Add detectProxmoxTypes() to detect all Proxmox products on a host
- Add RunAll() method to register each detected product separately
- Use per-type state files (proxmox-pve-registered, proxmox-pbs-registered)
to track registration status for each product independently
- Maintain backward compatibility with legacy single state file
- Add tests for new state file path logic
- Add DELETE /api/agents/unregister endpoint for agent self-unregistration
- Agent now unregisters itself from Pulse server when uninstalled
- Add clarifying note in UnifiedAgents explaining linked agents behavior
- Linked agents are managed via their PVE node but this is now explained in UI
- Add LastSeen field to HostAgent model for better agent status tracking
- Add /api/agents/host/uninstall endpoint for agent self-unregistration
- Update install.sh to notify server during --uninstall (reads agent ID from disk)
- Update install.ps1 with same logic for Windows
- Update frontend uninstall command to include URL/token flags
This ensures that when an agent is uninstalled, the host record is
immediately removed from Pulse and any linked PVE nodes have their
+Agent badge cleared.
When the unified agent binary isn't found locally (happens on LXC/barebone
installations that update via web UI which only updates the pulse binary),
redirect to GitHub releases using HTTP 307.
This complements the install.sh GitHub proxy fallback from 7b6613bb.
Related to #909
When install.sh or install.ps1 don't exist locally (happens on LXC/barebone
installations that were updated via web UI which only updates the binary),
fallback to fetching from GitHub raw content.
Related to #909
When nodes are updated, now validates that LinkedHostAgentID points to
an existing host agent. References to deleted host agents are automatically
cleared, fixing the 'Agent' tag persistence for users who removed agent
entries before commit c394d24.
Related to #920
The healthcheck was hardcoded to use HTTP, which fails when
HTTPS_ENABLED=true. Now uses a script that detects the protocol
and uses --no-check-certificate for self-signed certs.
Related to #922
Add ?kiosk=1 URL parameter to hide the filter panel and section nav
for a cleaner dashboard view. Useful for dedicated LCD displays or
wallboard setups.
Related to #917
When a host agent is deleted via the UI, the LinkedHostAgentID on any
PVE nodes that were linked to it was not being cleared. This caused
the "Agent" tag to persist in the UI after uninstalling the agent.
Related to #920
Acknowledged alerts were still triggering repeated webhook notifications
because the re-notification logic only checked cooldown period, not
acknowledgment status. Now acknowledged alerts are skipped entirely.
Related to #921
- Check if tag exists before creating (skip if pointing to HEAD, fail with
helpful message if pointing elsewhere)
- Check if draft release exists before creating (update existing draft)
- Add --clobber to all asset uploads to allow re-uploading on retry
- Implement compact mobile navigation with label truncation on xs screens
- Optimize Alerts Overview with tighter spacing and better description truncation
- Enhance Storage table mobile view: consolidate Shared column, use StatusDots, and increase bar thickness
- Increase Node Summary table row height and column min-widths for readability
- Add xs (400px) breakpoint for granular mobile styling
- Fix Storage.tsx using number priorities instead of string literals
- Move husky configuration to repository root for proper git hook support
- Add package.json/lock.json to root (un-ignore in .gitignore)
- Configure pre-push hook to run type-check before push
Users can now pass disk exclusion patterns during agent installation:
curl ... | bash -s -- --disk-exclude '/mnt/*' --url ... --token ...
The flag is repeatable for multiple exclusion patterns.
Related to #896
Users who accumulated AI findings before the patrol-without-AI bug was
fixed (24c4bb0b) could not dismiss them because the AI Insights tab
and Clear All button were only visible when patrol was enabled.
Now the AI Insights tab and Clear All button are visible whenever there
are findings to clear, even if AI/patrol is not enabled.
Related to #885
Adds husky with a pre-push hook that runs type-check before allowing
pushes. This catches the TypeScript errors locally that were causing
repeated CI failures and email spam.
Skip with: git push --no-verify
- Removed redundant 'Needs Backup' toggle from filter bar
- Problems filter already includes backup issues (stale, critical, never)
- Reduces UI clutter while preserving functionality
- Also includes user's lint fixes for Backups tests
- Remove unused setUseRelativeTime in UnifiedBackups.tsx (TS6133)
- Remove unused testing-library imports in PBSEnhancementBanner.test.ts (TS6133)
- Fix type comparison in test by using union type instead of 'as const' (TS2367)
- Full-width search bar on its own row
- Smart Reset button (only shows when filters active)
- Simplified sort options dropdown
- Consistent flex-wrap layout with gap-x-2 gap-y-2
Maintains consistency across Proxmox pages.
- Made search bar full-width and prominent
- Removed redundant Status Filter (can use search)
- Removed redundant Type Filter (overlaps with Source)
- Removed Time Format toggle (rarely used)
- Integrated ColumnPicker inline with filter groups
- Layout now matches Dashboard/Overview pattern
Reduces filter controls from ~10 groups to 5 for cleaner UX.
- Add useColumnVisibility hook to Backups table
- Add ColumnPicker component for toggling columns
- Add Comment column for PBS backups (hidden by default)
- Owner, Size, Storage, Verified columns now toggleable
- Column visibility persisted to localStorage
PBS backups with comments now show the comment when the column
is enabled via the Columns picker.
When adding a PBS node with username/password credentials, Pulse now
automatically:
1. Connects to PBS using the provided credentials
2. Creates a 'pulse-monitor@pbs' user with Audit permissions
3. Generates an API token
4. Stores the token instead of the password
This enables one-click PBS setup for Docker/containerized deployments
where you can't easily run the agent installer. Simply enter root@pam
credentials in the UI and Pulse handles the rest.
Falls back to password auth if token creation fails (e.g., old PBS
version or permission issues).
- Added PBS client methods: CreateUser, SetUserACL, CreateUserToken
- Added SetupMonitoringAccess() turnkey method that creates user + token
- Updated handleSecureAutoRegister to use PBS API for token creation
- Enables one-click PBS setup for Docker/containerized deployments
When users provide PBS root credentials, Pulse can now create the
monitoring user and API token remotely via the PBS API, eliminating
the need to SSH/exec into the container manually.
The toggle button in Alerts > Thresholds > Host Agents was working
functionally (alerts were actually disabled) but the visual state wasn't
updating. This was because the hostAgentsWithOverrides memo was missing
the 'disabled' field in its returned Resource objects.
Related to #893
- Created new PBS.md with setup instructions for direct PBS connection
- Explains difference between direct PBS API vs PVE passthrough
- Documents three setup methods: agent install, one-click script, manual
- Includes permissions reference and troubleshooting section
- Added link in docs/README.md under Monitoring & Agents
Users can now copy the uninstall command from the Actions column of any
registered agent, without needing to start the token creation flow.
Related to #914
