vrr/Pulse

mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-22 03:02:35 +00:00

History

rcourtman cef057943a mock(fixtures): scale default fixture sizes to a mature SMB homelab Mock pages were sparse: 3 Proxmox nodes × 3 VMs × 3 LXCs, 2 Docker hosts × 5 containers, 1 K8s cluster × 3 nodes × 10 pods × 4 deployments. That populated platform pages with handfuls of rows rather than table density that exercises sorting, grouping, drawers, and responsive layout. Bump `internal/mock/generator.go::DefaultConfig` to target a mature small-to-mid homelab / SMB environment: - NodeCount: 3 → 5 (matches the curated demo scenario's pve1..pve5 regional naming) - VMsPerNode: 3 → 6 - LXCsPerNode: 3 → 8 - DockerHostCount: 2 → 5 - DockerContainersPerHost: 5 → 14 - GenericHostCount: 2 → 4 - K8sClusterCount: 1 (unchanged; the curated demo and broadcast coalesce tests assume a single cluster identity) - K8sNodesPerCluster: 3 → 5 - K8sPodsPerCluster: 10 → 40 - K8sDeploymentsPerCluster: 4 → 14 Resource survey under the new defaults (live mock backend): - TOTAL 307 unique resources (was ~50-100) - app-container: 75, storage: 55, system-container: 44, pod: 40, vm: 31, physical_disk: 19, agent: 15, k8s-deployment: 14, docker-host: 5, network-endpoint: 5, pmg: 2, pbs: 1, k8s-cluster: 1 Platform pages now feel populated under mock mode: - /docker/overview: 5 hosts (was 2) - /docker/containers: 75 containers (was 13) - /kubernetes/nodes: 5 (was 3) - /kubernetes/pods: 40 (was 10) - /kubernetes/deployments: 14 (was 4) `internal/mock/demo_scenarios.go` extended to season `local`, `local-zfs`, and per-node iso/service-pool storage names for pve6 and beyond, so future NodeCount bumps don't regress the curated demo into generic "service-pool" labels (a test guard explicitly forbids that alias). A new `TestDemoScenarioStorageNamingHandlesScaledNodeCount` covers the scaled-NodeCount path. `internal/monitoring/monitor_unified_state_test.go` updated to compare the broadcast count against the coalesced snapshot count rather than the raw snapshot count — the broadcast path merges resources that share a canonical host key (K8s nodes onto linked agent hosts), so larger fixture sizes legitimately produce more merge candidates, and the prior raw-equality assertion would have broken on any future fixture growth too. The test still asserts every canonical name and mock identity it checked before. `scripts/toggle-mock.sh` (`mock_default_entries`) and the matching `scripts/tests/test-toggle-mock.sh` assertions are aligned with the new defaults so `npm run mock:edit` and per-dev `.env` seeding match the canonical baseline. Contracts updated: - `monitoring.md` Shared Boundaries: records the new DefaultConfig target sizes and the requirement that demo-scenario seasoning stay aligned with NodeCount changes. - `deployment-installability.md` Shared Boundaries: records that `mock_default_entries()` in toggle-mock.sh must stay aligned with `internal/mock.DefaultConfig` so CLI/toggle/runtime mock densities never drift apart. Targeted Go tests: - `go test ./internal/mock/...` green - `go test ./internal/monitoring/...` green Playwright (chromium, live mock-mode dev runtime): - 9 tests, all pass; populated assertions now hit dense tables (5 hosts, 14+ containers, 40 pods, etc.). Known remaining fixture gaps (canonical adapter, not config): - VMware fixture inventory in `internal/vmware/fixtures.go` is hardcoded at 4 hosts / 6 VMs / 4 datastores; not scaled in this commit. - TrueNAS fixture inventory in `internal/truenas/fixtures.go` is similarly hardcoded; not scaled in this commit.		2026-05-16 08:16:00 +01:00
..
api
architecture	Make self-hosted SSO Community-tier	2026-05-03 12:48:01 +01:00
images
monitoring
operations	Rename retired trial acquisition proof assets	2026-04-28 18:38:10 +01:00
release-control	mock(fixtures): scale default fixture sizes to a mature SMB homelab	2026-05-16 08:16:00 +01:00
releases	Document Pulse Cloud launch in v6 release notes	2026-05-11 23:18:05 +01:00
security
AGENT_SECURITY.md	Harden Proxmox setup token ACLs	2026-05-05 14:19:50 +01:00
AGENT_SUBSTRATE.md	Bring action endpoints onto the agent surface with the agent-stable envelope	2026-05-10 15:16:17 +01:00
AI.md	Own public AI docs product language	2026-04-28 21:23:05 +01:00
AI_AUTONOMY.md	Keep self-hosted Pro prompts opt-in	2026-04-28 11:23:49 +01:00
API.md	Restore remote config signature compatibility	2026-05-13 19:00:02 +01:00
AUDIT_LOGGING.md	Label legacy Pro Plus in customer docs	2026-04-26 22:01:24 +01:00
AUTO_UPDATE.md	Route operator updates through the local signed helper	2026-04-22 16:18:16 +01:00
CANONICAL_ALERT_ENGINE_MIGRATION_2026-03-10.md
CENTRALIZED_MANAGEMENT.md	Canonicalize Docker Podman public docs	2026-04-30 00:29:20 +01:00
CLOUD.md	Rename hosted capacity marker copy	2026-04-29 00:07:18 +01:00
CONFIGURATION.md	Wire PULSE_RELAY_ENABLED and PULSE_RELAY_SERVER as real env overrides	2026-05-12 11:18:31 +01:00
DEPLOYMENT_MODELS.md	Label legacy Pro Plus in customer docs	2026-04-26 22:01:24 +01:00
DOCKER.md	Clarify paid Docker compose image override	2026-05-06 23:11:32 +01:00
FAQ.md	Clarify Relay mobile handoff paid copy	2026-04-30 13:18:04 +01:00
INSTALL.md	Fix manual systemd install snippet binary path	2026-05-12 10:51:03 +01:00
KUBERNETES.md	Fix helm chart agent.enabled by routing through main pulse image	2026-05-12 16:11:56 +01:00
MAIL_GATEWAY.md
METRICS_HISTORY.md	Reduce metrics rollup write amplification	2026-05-03 21:43:20 +01:00
MIGRATION.md	Label legacy Pro Plus in customer docs	2026-04-26 22:01:24 +01:00
MIGRATION_UNIFIED_NAV.md
MULTI_TENANT.md	Align self-hosted plan docs and tests	2026-04-29 09:21:10 +01:00
OIDC.md	Fix four customer-facing doc drift findings (RBAC, OIDC, helm, webhooks)	2026-05-12 15:54:24 +01:00
PBS.md
PRIVACY.md	Clarify Relay mobile handoff paid copy	2026-04-30 13:18:04 +01:00
PROXY_AUTH.md
PULSE_PRO.md	Make self-hosted SSO Community-tier	2026-05-03 12:48:01 +01:00
RBAC.md	Fix four customer-facing doc drift findings (RBAC, OIDC, helm, webhooks)	2026-05-12 15:54:24 +01:00
README.md	docs: clarify agent privilege guidance	2026-05-04 18:04:04 +01:00
RECOVERY.md	Simplify recovery presentation and type contracts	2026-05-14 21:08:54 +01:00
RELAY.md	Wire PULSE_RELAY_ENABLED and PULSE_RELAY_SERVER as real env overrides	2026-05-12 11:18:31 +01:00
RELEASE_NOTES.md	Prepare v6.0.0-rc.5 release packet	2026-05-11 16:52:31 +01:00
REPO_BOUNDARY.md
REVERSE_PROXY.md
SCREENSHOTS.md	Align Relay copy with standalone tier	2026-04-30 11:01:22 +01:00
SECURITY.md
STORAGE_ARCHITECTURE.md
TEMPERATURE_MONITORING.md
TROUBLESHOOTING.md	Align self-hosted plan docs and tests	2026-04-29 09:21:10 +01:00
TRUENAS.md
UNIFIED_AGENT.md	Harden Proxmox setup token ACLs	2026-05-05 14:19:50 +01:00
UNIFIED_RESOURCES.md
UPGRADE_v5.md	Harden Proxmox setup token ACLs	2026-05-05 14:19:50 +01:00
UPGRADE_v6.md	Prepare v6.0.0-rc.5 release packet	2026-05-11 16:52:31 +01:00
VM_DISK_MONITORING.md
WEBHOOKS.md	Fix four customer-facing doc drift findings (RBAC, OIDC, helm, webhooks)	2026-05-12 15:54:24 +01:00
ZFS_MONITORING.md

README.md

📚 Pulse Documentation

Welcome to the Pulse documentation portal. Here you'll find everything you need to install, configure, and master Pulse.

v6 Execution Canonical Source

For Pulse v6 build/release execution work, do not start from this broad docs index. Use:

docs/release-control/v6/internal/SOURCE_OF_TRUTH.md for stable human governance and locked decisions
docs/release-control/v6/internal/status.json for live lane state, lane-to-subsystem ownership, structured evidence references, typed lane/subsystem decision records, and canonical ordered lists
docs/release-control/v6/status.schema.json for the machine-readable status contract
docs/release-control/v6/internal/subsystems/registry.json and docs/release-control/v6/internal/subsystems/registry.schema.json for subsystem ownership, explicit shared-ownership exceptions, and proof-routing rules
python3 scripts/release_control/status_audit.py --check if you need a machine-derived evidence health audit
python3 scripts/release_control/registry_audit.py --check if you need a machine-derived subsystem registry audit
python3 scripts/release_control/contract_audit.py --check if you need a machine-derived subsystem contract audit, including explicit cross-subsystem dependency checks and exact registry-derived shared-boundary wording Local pre-commit runs the v6 machine audits against staged control-file content so partial staging cannot hide governance drift. Local pre-commit also blocks partial staging for hook-sensitive governance files under docs/release-control/v6/, scripts/release_control/, internal/repoctl/, .husky/pre-commit, and .github/workflows/canonical-governance.yml, because those checks still execute or structurally read the working-tree versions locally.
python3 scripts/release_control/subsystem_lookup.py <path> [<path> ...] --pretty --lean if you need subsystem ownership, proof routing, exact contract-focus lines, and compact lane context for a change

For governed runtime changes, a staged subsystem contract only counts if its diff updates a substantive contract section such as Purpose, Canonical Files, Shared Boundaries, Extension Points, Forbidden Paths, Completion Obligations, or Current State, rather than metadata alone.

All other documents are supporting references unless explicitly required for evidence.

🚀 Getting Started

Installation Guide Step-by-step guides for Docker, Kubernetes, and bare metal.
Configuration
Learn how to configure authentication, notifications (Email, Discord, etc.), and system settings.
Deployment Models
Where config lives, how updates work, and what differs per deployment.
Migration Guide
Moving to a new server? Here's how to export and import your data safely.
Upgrade to v6
Practical upgrade guidance and post-upgrade checks for Pulse v6.
FAQ Common questions and quick answers.

🛠️ Deployment & Operations

Docker Guide – Advanced Docker & Compose configurations.
Kubernetes – Helm charts, ingress, and HA setups.
Reverse Proxy – Nginx, Caddy, Traefik, and Cloudflare Tunnel recipes.
Troubleshooting – Deep dive into common issues and logs.

🔐 Security

Security Policy – The core security model (Encryption, Auth, API Scopes).
Privacy – What leaves your network (and what doesn’t).
OIDC / SSO – OIDC Single Sign-On configuration (Authentik, Keycloak, Azure AD, etc.).
Proxy Auth – Authentik/Authelia/Cloudflare proxy authentication configuration.
Agent Security – Agent privilege model, Proxmox API-only choices, and self-update verification.

📖 Advanced Topics (Relay / Pro / legacy Pro+ / Cloud)

AI Autonomy & Safety – Configure patrol autonomy levels, assistant control levels, investigation tuning, and safety guardrails.
Role-Based Access Control (RBAC) – Define custom roles, assign permissions, and integrate with OIDC group mapping.
Audit Logging – Tamper-evident event logging for compliance, with query, export, and signature verification.

✨ New in 6.0

Unified Resource Model – How all platforms merge into one model with task-based navigation.
Unified Navigation Migration – Upgrading from platform-specific tabs to v6 navigation.
TrueNAS Integration – First-class TrueNAS SCALE/CORE monitoring (pools, datasets, disks, snapshots, replication).
Relay / Pulse Mobile Handoff – End-to-end encrypted relay for supported Pulse Mobile clients (Relay and above).
Recovery Central – Unified backup, snapshot, and replication view across all providers.
Pulse Cloud (Hosted) – Fully managed hosting with automatic updates and backups.
Pulse AI – Chat assistant, patrol findings, alert analysis, intelligence, and forecasts.
Metrics History – Persistent metrics storage with configurable retention.
Mail Gateway – Proxmox Mail Gateway (PMG) monitoring.
Auto Updates – One-click updates for supported deployments.
Multi-Tenant Organizations – Isolate infrastructure by organization (Enterprise, opt-in).
Entitlements Overhaul – Capability-key-based feature gating across Community/Relay/Pro/Cloud, with legacy Pro+ continuity still supported.

💳 Plans (Community / Relay / Pro / Cloud)

Pulse is available in three self-hosted tiers plus hosted Cloud:

Community: Free self-hosted monitoring with core monitoring included and 7-day history.
Relay: Adds secure remote access to the Pulse web UI, Pulse Mobile pairing for handoff, push notifications, and 14-day history.
Pro: Adds alert-triggered root-cause analysis, safe remediation workflows, operations tooling, governance features, and 90-day history.
Cloud: Hosted Pulse with Pro-level capabilities; hosted pricing is unchanged by the self-hosted model lock.
Learn more at pulserelay.pro
Plans and entitlements (includes the Community/Relay/Pro/Cloud matrix)
AI deep dive
Multi-Tenant Organizations (Enterprise) — Isolate infrastructure by organization for MSPs and multi-datacenter deployments.

📡 Monitoring & Agents

Unified Agent – Single binary for host, Docker, and Kubernetes monitoring.
Centralized Agent Management (Pro/Cloud) – Agent profiles and remote config.
Proxmox Backup Server – PBS integration, direct API vs PVE passthrough, token setup.
TrueNAS – TrueNAS SCALE/CORE integration.
ZFS Monitoring – Proxmox-native ZFS pool monitoring.
Storage Architecture – Proposed canonical storage, disk, S.M.A.R.T., and topology model for making storage genuinely operator-useful.
VM Disk Monitoring – Enabling QEMU Guest Agent for disk stats.
Temperature Monitoring – Agent-based temperature monitoring (pulse-agent --enable-proxmox). Sensor proxy has been removed.
Webhooks – Custom notification payloads.

💻 Development

API Reference – Complete REST API documentation.
Architecture – System design and component interaction.
Contributing – How to contribute to Pulse.

📁 Previous Versions

Upgrade to v5 – Upgrade guidance for v4 → v5 migrations.
v6 Release Promotion Policy – Canonical stable-vs-prerelease promotion rules and rollback expectations.
v6 Prerelease Runbook – Internal release operations used during the v6 prerelease period.

Found a bug or have a suggestion?

README.md Unescape Escape