7.5 KiB
Pulse v6.0.0-rc.4 Draft Release Notes
Draft only. Do not treat this as published until the governed
v6.0.0-rc.4 tag and GitHub prerelease exist.
v6.0.0-rc.4 is a targeted hardening RC after the published rc.3 prerelease.
Pulse v5.1.29 remains the current stable line.
The purpose of this RC is to carry the latest post-rc.3 release-branch
hardening into a retestable v6 candidate:
- hosted, checkout, magic-link, SSO, Stripe webhook, and organization identity paths now rely on stable principals and fail closed instead of falling back to ambiguous email-shaped identifiers
- agent-ready operations now have API-first and CLI-first action planning, capability discovery, fleet connection reads, action-decision, execution, and audit surfaces
- self-hosted v6 licensing continuity keeps monitored-system and child-resource volume unmetered under the current public policy rather than writing raw monitored-system caps back into runtime state
- Proxmox onboarding, setup-token ACLs, runtime-token ACLs, snapshot polling, guest memory fallback handling, TrueNAS CORE agent restart handling, mdadm fallback discovery, and Ceph pool threshold identity were tightened
- Workloads empty-state detection, Patrol mobile header controls, mock-mode legacy sidecar cleanup, live auth-env watcher teardown, and agent-security guidance were refreshed
This packet was audited against 57 commits in the exact code-backed rc.3 to
rc.4 pre-publication validation range, from the published v6.0.0-rc.3 tag
commit f1744d36d0bde3c8735ae75a190af45c35087841 through validation-risk
commit 7cebe788590d0485f65bf4e04830356204657e86. That range includes 51
feature and runtime commits plus RC4 packet and release-validation commits that
set the governed version, pin Docker install defaults to 6.0.0-rc.4, align
migration tests with the canonical self-hosted licensing contract, make tenant
monitor state broadcasts no-op safely when a headless or test runtime has no
WebSocket hub wired, stabilize TrueNAS ingest proof, and make live config
watcher stop wait for background reload goroutines before teardown.
Support Stance
- Pulse v5.1.29 remains the current stable line.
- Pulse v6
rc.4is still an opt-in evaluation build, not the default production recommendation. - Existing v5 users should still prefer staging, lab, or otherwise controlled evaluation first.
- Hosts already pinned to the historical
rc.2update trust root should not assume unattended auto-update continuity into later prerelease or GA builds. Use a manual reinstall or an explicit trust migration path forrc.4. - The stable rollback target for this candidate is
v5.1.29:./scripts/install.sh --version v5.1.29
What Changed Since rc.3
Identity, Auth, And Hosted Trust Boundaries
- Hosted tenant keys, hosted signup owners, hosted handoff identities, and workspace-owner proof now use stable user and organization principals.
- Blank, ambiguous, or contact-email-derived principals fail closed in magic-link, checkout, and contact-email resolution paths.
- API token minting records owner metadata and binds owner identity across token creation.
- Live auth-env watcher shutdown now waits for the background reload goroutine before teardown, avoiding race-prone config cleanup after a watched auth or mock-env update.
- Stripe webhook fixtures and organization identity invariants now use stable principals, matching the production identity contract.
- SSO runtime paths use stable principals, preserving the Community-tier SSO
posture from
rc.3.
Agent-Ready Operations, CLI, And Auditability
- Pulse now exposes API-first action planning and action-decision paths.
- The CLI can plan actions, discover action capabilities, read action audits, and read fleet connection state.
- Action plans persist into the audit trail, AI action audits align with the execution lifecycle, and dry-run action execution fails closed when a request cannot be safely represented.
- The release-control record now pins the API/CLI-first agent-ready operations direction so MCP remains an adapter over the governed API and CLI contracts.
Self-Hosted Licensing Continuity
- Current public self-hosted v6 plans keep monitored-system and child-resource volume unmetered.
- Legacy continuity paths avoid writing raw monitored-system caps back into runtime state.
- Relay wording remains the
rc.2model: secure remote access to the Pulse web UI, Pulse Mobile pairing for handoff, push notifications, and 14-day history.
Agent, Proxmox, TrueNAS, RAID, Ceph, And Monitoring Correctness
- Root agent service defaults were hardened.
- Proxmox onboarding is API-first, setup-token and runtime-token ACLs are tightened, guest snapshots survive transient polling gaps, and guest memory fallback handling is more reliable.
- TrueNAS CORE agent supervisor restart handling was corrected.
- mdadm RAID fallback discovery is more robust.
- Ceph pool threshold checks now preserve the resource identity needed for correct alert attribution.
- Metrics rollup writes are less noisy after duplicate or repeated rollup opportunities.
- Tenant monitor state broadcasts now tolerate runtimes without a WebSocket hub instead of panicking during background state refresh.
Product Surface And Operator Guidance
- Workloads empty-state source detection is corrected.
- Patrol header controls behave better on mobile viewports.
- Mock mode no longer leaves legacy sidecar drift in the primary runtime path.
- The Agent Security documentation entry now points operators at the current privilege guidance without leaving a stale support-pack reference.
- Public demo admin reads stay hidden from the demo surface.
- Docker Compose and turnkey Docker installer defaults now pin the RC4 image tag instead of the historical RC3 tag.
What Existing v5 Users Should Re-Test In rc.4
- Server upgrade from the current v5 stable line to v6, including the manual
or explicit trust-migration path needed for builds after
rc.2. - Fresh Proxmox LXC install and rollback to v5.1.29.
- Proxmox host onboarding, setup-token handling, runtime-token handling, snapshots, and guest memory reporting.
- TrueNAS CORE agent restart handling, mdadm RAID fallback discovery, Ceph pool thresholds, and storage issue impact reporting.
- Hosted signup, checkout, SSO, magic-link, webhook, and organization-admin flows that depend on stable user and organization principals.
- CLI action planning, capability discovery, action audit reads, fleet connection reads, and dry-run action execution.
- Workloads empty states, Patrol header controls on mobile, and mock-mode toggling.
- Release asset download, checksum/signature, installer, and draft-release validation paths before broader retesting.
Feedback
Use the Pulse v6 pre-release feedback issue template for regressions, upgrade
failures, licensing continuity problems, platform-specific breakage, or
actionable UX friction:
https://github.com/rcourtman/Pulse/issues/new?template=v6_rc_feedback.yml
When reporting an rc.4 problem, include:
- Pulse version
- upgrade path or fresh-install path
- installation type
- whether the host was previously on
rc.1,rc.2,rc.3, or v5 - whether a manual reinstall or trust migration was used after
rc.2 - what you expected
- what happened instead
- sanitized logs, screenshots, or diagnostics when helpful
Operator References
docs/releases/V6_RC4_OPERATOR_SUPPORT_PACK_DRAFT.mddocs/releases/V6_CHANGELOG_RC4_DRAFT.mddocs/UPGRADE_v6.mddocs/AGENT_SECURITY.mddocs/MIGRATION_UNIFIED_NAV.md