Pulse/docs
rcourtman 74131e56e3 Fix no-op relationship_change spam from registry rebuilds
Every state update rebuilds the resource registry from scratch, which
reconstructs all relationship edges with fresh ObservedAt/LastSeenAt
stamps and fresh metadata maps. recordRegistryChanges compared the old
and new slices with reflect.DeepEqual, so every relationship-bearing
resource emitted a relationship_change row on every rebuild cycle even
when nothing changed. On the public demo this wrote roughly 450k rows
per day (1.2M of 1.6M rows were literal from==to no-ops), grew
unified_resources.db to 1.6GB in three days, starved the store's single
connection until retention pruning failed with SQLITE_BUSY, and drove
the droplet into the swap-thrash outage on 2026-07-08. Same mechanism
as issue #1496.

Compare relationship sets by edge identity instead: canonical source,
canonical target, type, and active state, order-insensitive. Volatile
provenance fields no longer count as change.

Also cap resource_changes at 200k rows during retention pruning so a
pathological writer can never grow the table unbounded inside the
30-day retention window, and record both invariants in the
unified-resources subsystem contract.
2026-07-08 08:10:15 +01:00
..
api
architecture backend and governance: MCP contract, agent capabilities, API, and release-control 2026-06-23 17:26:15 +01:00
i18n Add localized public docs entry points 2026-06-13 08:07:46 +01:00
images
monitoring Fix security scan findings 2026-07-01 09:55:35 +01:00
operations Rename retired trial acquisition proof assets 2026-04-28 18:38:10 +01:00
release-control Fix no-op relationship_change spam from registry rebuilds 2026-07-08 08:10:15 +01:00
releases Prepare v6.0.5 RC3 release packet 2026-07-07 16:48:12 +01:00
security Prefer agent temperatures over SSH fallback 2026-07-03 10:43:28 +01:00
AGENT_SECURITY.md Surface v5 agent migration security guidance 2026-06-03 09:18:07 +01:00
AGENT_SUBSTRATE.md backend and governance: MCP contract, agent capabilities, API, and release-control 2026-06-23 17:26:15 +01:00
AI.md Harden GA telemetry disclosure 2026-07-02 11:50:03 +01:00
AI_AUTONOMY.md backend and governance: MCP contract, agent capabilities, API, and release-control 2026-06-23 17:26:15 +01:00
API.md Accept ping alias for availability targets 2026-06-29 22:43:13 +01:00
AUDIT_LOGGING.md Label legacy Pro Plus in customer docs 2026-04-26 22:01:24 +01:00
AUTO_UPDATE.md Route operator updates through the local signed helper 2026-04-22 16:18:16 +01:00
CANONICAL_ALERT_ENGINE_MIGRATION_2026-03-10.md
CENTRALIZED_MANAGEMENT.md Clarify agent upgrade and notification docs 2026-06-12 19:26:26 +01:00
CLOUD.md Reconcile provider-hosted MSP copy 2026-06-02 19:14:18 +01:00
CONFIGURATION.md Add MSP report scheduling and alert rollup 2026-07-07 20:37:18 +01:00
DEPLOYMENT_MODELS.md Reconcile provider-hosted MSP copy 2026-06-02 19:14:18 +01:00
DOCKER.md Clarify agent upgrade and notification docs 2026-06-12 19:26:26 +01:00
FAQ.md Prefer agent temperatures over SSH fallback 2026-07-03 10:43:28 +01:00
INSTALL.md Fix manual systemd install snippet binary path 2026-05-12 10:51:03 +01:00
KUBERNETES.md Fix helm chart agent.enabled by routing through main pulse image 2026-05-12 16:11:56 +01:00
MAIL_GATEWAY.md
METRICS_HISTORY.md Reduce metrics rollup write amplification 2026-05-03 21:43:20 +01:00
MIGRATION.md Label legacy Pro Plus in customer docs 2026-04-26 22:01:24 +01:00
MIGRATION_UNIFIED_NAV.md Finalize v6 GA release packet 2026-06-03 17:15:00 +01:00
MSP.md Add MSP report scheduling and alert rollup 2026-07-07 20:37:18 +01:00
MULTI_TENANT.md Harden MSP tenant isolation: scope org-bound tokens away from default org, propagate webhook allowlist to all tenants 2026-06-10 11:37:39 +01:00
OIDC.md Fix four customer-facing doc drift findings (RBAC, OIDC, helm, webhooks) 2026-05-12 15:54:24 +01:00
OIDC_SCOPE_GROUP_AUTH_FIX_SPEC.md Record OIDC scope fix resolution in handoff spec 2026-07-07 21:44:23 +01:00
PBS.md Clarify agent upgrade and notification docs 2026-06-12 19:26:26 +01:00
PRIVACY.md Harden GA telemetry disclosure 2026-07-02 11:50:03 +01:00
PROXY_AUTH.md Fix security scan findings 2026-07-01 09:55:35 +01:00
PULSE_PRO.md backend and governance: MCP contract, agent capabilities, API, and release-control 2026-06-23 17:26:15 +01:00
RBAC.md Reconcile provider-hosted MSP copy 2026-06-02 19:14:18 +01:00
README.md backend and governance: MCP contract, agent capabilities, API, and release-control 2026-06-23 17:26:15 +01:00
RECOVERY.md Simplify recovery presentation and type contracts 2026-05-14 21:08:54 +01:00
RELAY.md Point relay pairing at the Pulse Mobile install page 2026-07-07 20:04:36 +01:00
RELEASE_NOTES.md Prepare v6.0.5 RC3 release packet 2026-07-07 16:48:12 +01:00
REPO_BOUNDARY.md
REVERSE_PROXY.md
SCREENSHOTS.md Align Relay copy with standalone tier 2026-04-30 11:01:22 +01:00
SECURITY.md
STORAGE_ARCHITECTURE.md
TEMPERATURE_MONITORING.md Prefer agent temperatures over SSH fallback 2026-07-03 10:43:28 +01:00
TROUBLESHOOTING.md Prefer PVE 9 guest-agent privileges in setup 2026-07-03 11:15:51 +01:00
TRUENAS.md Add native TrueNAS VM inventory to overview 2026-05-20 22:32:46 +01:00
UNIFIED_AGENT.md Improve Patrol SMART disk evidence 2026-06-29 18:17:24 +01:00
UNIFIED_RESOURCES.md
UPGRADE_v5.md Prepare v6.0.0 release candidate 2026-06-04 14:07:14 +01:00
UPGRADE_v6.md Clarify v5 migration recovery states 2026-07-07 21:46:07 +01:00
VM_DISK_MONITORING.md
WEBHOOKS.md Clarify agent upgrade and notification docs 2026-06-12 19:26:26 +01:00
ZFS_MONITORING.md

📚 Pulse Documentation

Welcome to the Pulse documentation portal. Here you'll find everything you need to install, configure, and master Pulse.


v6 Execution Canonical Source

For Pulse v6 build/release execution work, do not start from this broad docs index. Use:

  1. docs/release-control/v6/internal/SOURCE_OF_TRUTH.md for stable human governance and locked decisions
  2. docs/release-control/v6/internal/status.json for live lane state, lane-to-subsystem ownership, structured evidence references, typed lane/subsystem decision records, and canonical ordered lists
  3. docs/release-control/v6/status.schema.json for the machine-readable status contract
  4. docs/release-control/v6/internal/subsystems/registry.json and docs/release-control/v6/internal/subsystems/registry.schema.json for subsystem ownership, explicit shared-ownership exceptions, and proof-routing rules
  5. python3 scripts/release_control/status_audit.py --check if you need a machine-derived evidence health audit
  6. python3 scripts/release_control/registry_audit.py --check if you need a machine-derived subsystem registry audit
  7. python3 scripts/release_control/contract_audit.py --check if you need a machine-derived subsystem contract audit, including explicit cross-subsystem dependency checks and exact registry-derived shared-boundary wording Local pre-commit runs the v6 machine audits against staged control-file content so partial staging cannot hide governance drift. Local pre-commit also blocks partial staging for hook-sensitive governance files under docs/release-control/v6/, scripts/release_control/, internal/repoctl/, .husky/pre-commit, and .github/workflows/canonical-governance.yml, because those checks still execute or structurally read the working-tree versions locally.
  8. python3 scripts/release_control/subsystem_lookup.py <path> [<path> ...] --pretty --lean if you need subsystem ownership, proof routing, exact contract-focus lines, and compact lane context for a change

For governed runtime changes, a staged subsystem contract only counts if its diff updates a substantive contract section such as Purpose, Canonical Files, Shared Boundaries, Extension Points, Forbidden Paths, Completion Obligations, or Current State, rather than metadata alone.

All other documents are supporting references unless explicitly required for evidence.


🚀 Getting Started

  • Localized getting started: DeutschEspañol. These first-wave pages cover the public install path and preserve commands, config keys, image names, activation keys, and product identifiers exactly.
  • Installation Guide Step-by-step guides for Docker, Kubernetes, and bare metal.
  • Configuration
    Learn how to configure authentication, notifications (Email, Discord, etc.), and system settings.
  • Deployment Models
    Where config lives, how updates work, and what differs per deployment.
  • Migration Guide
    Moving to a new server? Here's how to export and import your data safely.
  • Upgrade to v6
    Practical upgrade guidance and post-upgrade checks for Pulse v6.
  • FAQ Common questions and quick answers.

🛠️ Deployment & Operations

🔐 Security

  • Security Policy The core security model (Encryption, Auth, API Scopes).
  • Privacy What leaves your network (and what doesnt).
  • OIDC / SSO OIDC Single Sign-On configuration (Authentik, Keycloak, Azure AD, etc.).
  • Proxy Auth Authentik/Authelia/Cloudflare proxy authentication configuration.
  • Agent Security Agent privilege model, Proxmox API-only choices, and self-update verification.

📖 Advanced Topics (Relay / Pro / legacy Pro+ / Cloud)

  • AI Modes & Safety Configure Patrol mode, assistant control levels, investigation tuning, and safety guardrails.
  • Role-Based Access Control (RBAC) Define custom roles, assign permissions, and integrate with OIDC group mapping.
  • Audit Logging Tamper-evident event logging for compliance, with query, export, and signature verification.

New in 6.0

💳 Plans (Community / Relay / Pro / Cloud)

Pulse is available in three self-hosted tiers plus hosted Cloud:

  • Community: Free self-hosted monitoring with core monitoring included and 7-day history.

  • Relay: Adds secure remote access to the Pulse web UI, Pulse Mobile pairing for handoff, push notifications, and 14-day history.

  • Pro: Adds hands-on Patrol modes, issue investigation, governed fixes, verified outcomes, operations tooling, governance features, and 90-day history.

  • Cloud: Hosted Pulse with Pro-level capabilities; hosted pricing is unchanged by the self-hosted model lock.

  • Learn more at pulserelay.pro

  • Plans and entitlements (includes the Community/Relay/Pro/Cloud matrix)

  • AI deep dive

  • Multi-Tenant Organizations (Enterprise) — Isolate infrastructure by organization for MSPs and multi-datacenter deployments.

📡 Monitoring & Agents

💻 Development

📁 Previous Versions


Found a bug or have a suggestion?

GitHub Issues