vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-19 16:27:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
5152 commits 5 branches 435 tags 300 MiB
Commit graph

1804 commits

Author SHA1 Message Date
rcourtman
a60fa03d7f Route operator updates through the local signed helper 2026-04-22 16:18:16 +01:00
rcourtman
ce95ef1fc6 Require signed server installer updates 2026-04-22 15:41:54 +01:00
rcourtman
b33e21e0e8 Add least-privilege SSH deploy mode 2026-04-22 15:23:02 +01:00
rcourtman
dad0529a2f Domain-separate relay channel HKDF derivation 2026-04-22 15:04:09 +01:00
rcourtman
a43476a696 Govern pulse-pro checkout return ownership 2026-04-22 11:57:10 +01:00
rcourtman
e8b93db1e1 Harden dev agent deploy SSH host verification 2026-04-22 11:41:50 +01:00
rcourtman
ca26ed2f44 Pin Dockerfile base images by digest 2026-04-22 11:22:46 +01:00
rcourtman
ba7b991c30 Rate limit relay proxy traffic per channel 2026-04-22 11:06:56 +01:00
rcourtman
8a42bb432e Harden commercial callback and transport URL policy 2026-04-22 10:57:21 +01:00
rcourtman
c64f07eda0 Tighten GA RC feedback intake policy 2026-04-22 10:54:28 +01:00
rcourtman
21950c6e4c Restore QNAP agent boot and update continuity 
Refs #1420

Refs #1422
 2026-04-22 10:48:43 +01:00
rcourtman
5aaa8d98b2 Record #1319 retest coverage on the RC3 candidate 
Refs #1319
 2026-04-22 10:27:32 +01:00
rcourtman
f9be700f99 Restore shared Ceph storage overrides in alerts thresholds 
Refs #1341
 2026-04-22 10:20:30 +01:00
rcourtman
74df03c78c Pin workflow actions and CI image versions 2026-04-22 10:12:15 +01:00
rcourtman
9c8387be6f Export restricted outbound HTTP security helpers 2026-04-22 10:05:57 +01:00
rcourtman
de99fcb1f0 Restrict purchase return HTTP callbacks to loopback 2026-04-22 09:49:36 +01:00
rcourtman
a5b2a037cb Bound Stripe webhook dedupe retention 2026-04-22 09:46:33 +01:00
rcourtman
752f9a49ea Require fresh browser session for ownership transfer 2026-04-22 09:41:30 +01:00
rcourtman
c6357c92a1 Harden self-hosted update runtime against low-disk drift 
Refs #1408
 2026-04-22 09:40:49 +01:00
rcourtman
242c4b432d Restore linked host-agent disk inventory for guest VMs 
Refs #1438
 2026-04-22 09:22:46 +01:00
rcourtman
c0ac251316 Require target-organization approval for org shares 2026-04-22 09:16:40 +01:00
rcourtman
9879c3986a Keep self-update preflight tokens out of argv 2026-04-22 08:12:35 +01:00
rcourtman
2806cc6c9e Split audit log access into dedicated token scope 2026-04-22 07:59:12 +01:00
rcourtman
c1d0d34c16 Cap agent exec websocket connections per IP 2026-04-22 07:22:44 +01:00
rcourtman
ce9b89abee Make hosted signup responses privacy-safe 2026-04-22 07:12:56 +01:00
rcourtman
e68bdc40e2 Require accepted Pulse Account invites before access binding 2026-04-22 07:03:28 +01:00
rcourtman
a44cde6b92 Gate licensing test helpers out of release builds 2026-04-22 06:18:40 +01:00
rcourtman
1841c032f6 Pin deployment defaults and verify Helm docs downloads 2026-04-22 06:05:06 +01:00
rcourtman
9c4bb4a90e Fail closed on auth env hashing and TLS floors 2026-04-22 05:53:02 +01:00
rcourtman
583471b5ee Harden API request and bootstrap state handling 2026-04-22 05:42:45 +01:00
rcourtman
178c073830 Keep bootstrap setup tokens out of logs 2026-04-22 05:30:40 +01:00
rcourtman
160d8126f2 Restrict Ollama provider outbound transport 2026-04-22 05:25:57 +01:00
rcourtman
70b91759d2 Harden secure local key file handling 2026-04-22 05:13:01 +01:00
rcourtman
ccb2edc3b8 Require explicit websocket origin continuity 2026-04-22 04:46:13 +01:00
rcourtman
14fc2bd4f0 Fail closed on wildcard trusted proxy configuration 2026-04-22 04:23:23 +01:00
rcourtman
d64f5b2917 Canonicalize loopback-only Pulse transport validation 2026-04-22 04:11:18 +01:00
rcourtman
4720807ae5 Require signed installer downloads and local release sidecars 2026-04-22 03:51:46 +01:00
rcourtman
96034f5e10 Attest release artifacts and harden image provenance 2026-04-22 03:22:29 +01:00
rcourtman
f7c1d9b629 Require accepted org invitations and stable runtime capabilities 2026-04-22 03:06:22 +01:00
rcourtman
7be844f23a Require signed unified agent release assets 2026-04-22 02:00:29 +01:00
rcourtman
7b1520b760 Add fingerprint-pinned TLS mode for unified agent 2026-04-22 01:36:46 +01:00
rcourtman
43922161e4 Harden connection probe and simple stats rendering 2026-04-22 01:18:33 +01:00
rcourtman
70acd663bd Strengthen export and license persistence encryption 2026-04-22 01:03:10 +01:00
rcourtman
513399b004 Harden hosted signup and audit webhook trust paths 2026-04-22 00:54:49 +01:00
rcourtman
586473ee31 Bind recovery and bootstrap auth to direct loopback 2026-04-22 00:39:53 +01:00
rcourtman
360d08104e Compile out release env guardrail bypasses 2026-04-22 00:05:57 +01:00
rcourtman
c49176d700 Require TLS for non-loopback agent transport 2026-04-21 23:56:07 +01:00
rcourtman
3ec2c0779e Harden agent command and deploy trust boundaries 2026-04-21 23:50:34 +01:00
rcourtman
02e9107ac4 Harden cloud handoff membership authorization 2026-04-21 23:18:35 +01:00
rcourtman
22687e9301 Clear expired status work claim 2026-04-21 22:48:11 +01:00