Add comprehensive PMG monitoring with mail statistics, queue depth tracking,
spam distribution analysis, and quarantine monitoring. Includes full discovery
support and UI consistency improvements across all Proxmox products.
Backend:
- Add pkg/pmg package with complete API client for PMG operations
- Implement mail statistics collection (inbound/outbound, spam, virus, bounces)
- Add queue depth monitoring (active, deferred, hold, incoming queues)
- Support spam score distribution and quarantine totals
- Add PMG-specific discovery logic to differentiate from PVE on port 8006
- Extend mock data generator with realistic PMG instances and metrics
- Add PMG node configuration support in config system
Frontend:
- Create MailGateway.tsx component with detailed PMG dashboard
- Display mail flow statistics with time-series charts
- Show queue depth with color-coded warnings (>50 messages or >30min age)
- Add spam distribution histogram and quarantine status
- Support cluster node status with individual queue monitoring
- Add PMG to network discovery with purple branding and mail icon
- Implement conditional navigation (hide PMG tab when no instances configured)
- Standardize discovery UI controls across PVE/PBS/PMG settings pages
API:
- Add /api/config/pmg endpoints for node configuration
- Support PMG-specific monitoring toggles (mail stats, queues, quarantine)
- Extend system settings with PMG configuration options
Discovery:
- Detect PMG vs PVE on shared port 8006 using /api2/json/statistics/mail endpoint
- Return 'pmg' type for mail gateway servers in discovery results
- Update DiscoveryModal to display PMG servers with appropriate styling
This completes ecosystem monitoring support for all three Proxmox products:
Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
- Add detailed logging when VM disk monitoring fails due to permissions
- Explain Proxmox 9 limitation: API tokens cannot access guest agent data (PVE bug #1373)
- Explain Proxmox 8 requirements: VM.Monitor permission and privsep=0 for tokens
- Update setup script to show appropriate warnings for each PVE version
- Update FAQ with troubleshooting steps for 0% disk usage on VMs
- Log messages now clearly indicate workarounds for each scenario
The core issue: Proxmox 9 removed VM.Monitor permission and the replacement
permissions don't allow API tokens to access guest agent filesystem info.
This is a Proxmox upstream bug that affects their own web UI as well.
For users experiencing this issue:
- PVE 9: Use root@pam credentials or wait for Proxmox to fix upstream
- PVE 8: Ensure token has VM.Monitor and privsep=0
- All versions: QEMU guest agent must be installed in VMs
- Documented the new /api/setup-script-url endpoint
- Explained the one-time setup code security features
- Updated auto-register endpoint documentation
- Added security features section highlighting the improvements
- Included environment variable option for automation
- Add pending restart detection when .env exists but not loaded
- Update frontend to show pending state instead of re-showing setup
- Fix QuickSecuritySetup to refresh security status after configuration
- Remove auto-restart attempts from security setup
- Show deployment-appropriate restart instructions
- Update documentation to reflect new update mechanism
Related to security setup issues after removing sudo/auto-restart capabilities
- Add clear documentation that auth settings are intentionally excluded from exports
- Update API docs to explicitly state what is/isn't included in exports
- Enhance migration guide with security notes about auth exclusion
- Add UI warning in export dialog about auth settings not transferring
- Each Pulse instance should configure its own authentication for security
Related to user feedback about auth settings not transferring between instances
- Homelab users on private networks (192.168.x.x, 10.x.x.x, 172.16.x.x) can now export/import without any configuration
- No need to set ALLOW_UNPROTECTED_EXPORT=true for typical homelab setups
- Public network access still requires authentication for security
- Simplifies backup/restore for users who don't need authentication
- Clarify that session auth (password login) is sufficient for export/import
- Document that guest metadata and custom console URLs are included
- Update FAQ with clearer backup instructions
- Add UI-first approach to README backup section
Documentation Updates:
- Fix CORS documentation to reflect new secure defaults (no CORS by default)
- Add API token management endpoints to API.md
- Document CORS configuration in SECURITY.md
- Update environment variable documentation with defaults
- Add authentication variables (PULSE_PASSWORD, API_TOKEN, etc.)
- Add troubleshooting for CORS and authentication issues
- Remove outdated references to ALLOWED_ORIGINS=*
- Clarify that CORS defaults to same-origin only
All documentation now accurately reflects:
- Security improvements from recent audit
- New API token management features
- Correct CORS behavior and configuration
- Complete environment variable reference
- Add custom JSON payload template support for generic webhooks
- Users can now define custom webhook formats with Go template syntax
- Fix Telegram webhook issue where chat_id in URL caused 400 errors
- Automatically strip chat_id from URL and place in JSON body for Telegram
- Add comprehensive webhook documentation with examples
- Update API documentation with webhook endpoints
Addresses #305
- Add registration tokens documentation to SECURITY.md
- Add email configuration guide to README.md
- Create comprehensive API.md with all endpoints documented
- Include examples for bash, PowerShell, and Python API usage
- Document WebSocket connection for real-time updates
- Add rate limiting information and error response formats
