mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-22 11:10:33 +00:00
3da835c5bc
The MCP adapter shipped in slice 51 with one install option:
clone the repo and go build. This slice integrates pulse-mcp
into Pulse's existing governed release pipeline so a Pulse
release publishes a pulse-mcp binary alongside the unified agent
and the install scripts that bring it home in one command.
What ships:
- scripts/build-release.sh extended to build pulse-mcp for
the same multi-OS matrix as the unified agent, package
per-platform tarballs and zips, and copy bare binaries to
RELEASE_DIR for /releases/latest/download/ redirect
compatibility.
- .github/workflows/create-release.yml extended to upload
the bare pulse-mcp binaries plus install-mcp.sh and
install-mcp.ps1 as release assets.
- scripts/install-mcp.sh: bash one-line installer that
detects platform/arch, downloads the matching binary from
the configured release (latest by default), verifies SHA256
against the published checksums.txt, places at
~/.local/bin/pulse-mcp (or /usr/local/bin if not writable).
Honors PULSE_MCP_VERSION, PULSE_MCP_BIN_DIR, PULSE_MCP_REPO,
PULSE_MCP_NO_VERIFY env vars; declines Windows shells with
a pointer at the .ps1 sibling.
- scripts/install-mcp.ps1: PowerShell installer for Windows,
placing pulse-mcp.exe at $LOCALAPPDATA\pulse-mcp.
Documentation aligned:
- cmd/pulse-mcp/README.md gains an Install section above
Quick start with three options: one-line installer,
GitHub Release download, go install. Documents the macOS
Gatekeeper bypass since v1 is unnotarized by design.
- The Settings -> API Access agent-integrations panel now
surfaces the curl|bash command above the config snippet so
operators see "install pulse-mcp" before "configure your
MCP client."
- docs/releases/AGENT_PARADIGM.md drops the "no published
distribution path" item from "what it does not do yet" and
documents the Gatekeeper / Homebrew gaps as next-tier
follow-ups.
Trade-offs surfaced and chosen:
- Same cadence as Pulse: pulse-mcp ships per Pulse release,
not on its own track. The MCP server reads the manifest
from the Pulse it talks to, so version alignment is the
natural model.
- No Homebrew tap or core formula in v1. Maintaining a tap
is real ongoing work; foundation supports adding Homebrew
later as a layer.
- No Docker image. Stdio JSON-RPC fights Docker's stdin
/stdout pattern.
- No notarization in v1. SHA256 verification through the
installer preserves the audit trail; README documents the
Gatekeeper bypass.
Subsystem contract: deployment-installability.md gains
scripts/install-mcp.sh, scripts/install-mcp.ps1, and
cmd/pulse-mcp/ in canonical files (mid-list entries
renumbered) plus a paragraph documenting the new MCP entry
point alongside the existing installer family.
Verification artifacts:
- scripts/installtests/build_release_assets_test.go gains
TestBuildReleasePackagesPulseMcpForAllPlatforms which pins
the build/package/copy wiring and the load-bearing
install-mcp.sh helpers (platform detection, SHA256
verification, install-dir resolution).
- scripts/release_control/render_release_body_test.py gains
test_agent_paradigm_release_notes_blurb_documents_-
distribution_path which pins the AGENT_PARADIGM.md draft's
install-mcp.sh reference and the four-axis frame so a
future edit cannot regress the install story silently.
Smoke-tested install-mcp.sh locally on darwin-arm64: platform
detection, install-dir resolution, URL building, and 404 error
handling all correct. The full end-to-end install path becomes
live the moment a Pulse release ships pulse-mcp binaries; the
next RC cut will exercise it.
|
||
|---|---|---|
| .. | ||
| api | ||
| architecture | ||
| images | ||
| monitoring | ||
| operations | ||
| release-control | ||
| releases | ||
| security | ||
| AGENT_SECURITY.md | ||
| AGENT_SUBSTRATE.md | ||
| AI.md | ||
| AI_AUTONOMY.md | ||
| API.md | ||
| AUDIT_LOGGING.md | ||
| AUTO_UPDATE.md | ||
| CANONICAL_ALERT_ENGINE_MIGRATION_2026-03-10.md | ||
| CENTRALIZED_MANAGEMENT.md | ||
| CLOUD.md | ||
| CONFIGURATION.md | ||
| DEPLOYMENT_MODELS.md | ||
| DOCKER.md | ||
| FAQ.md | ||
| INSTALL.md | ||
| KUBERNETES.md | ||
| MAIL_GATEWAY.md | ||
| METRICS_HISTORY.md | ||
| MIGRATION.md | ||
| MIGRATION_UNIFIED_NAV.md | ||
| MULTI_TENANT.md | ||
| OIDC.md | ||
| PBS.md | ||
| PRIVACY.md | ||
| PROXY_AUTH.md | ||
| PULSE_PRO.md | ||
| RBAC.md | ||
| README.md | ||
| RECOVERY.md | ||
| RELAY.md | ||
| RELEASE_NOTES.md | ||
| REPO_BOUNDARY.md | ||
| REVERSE_PROXY.md | ||
| SCREENSHOTS.md | ||
| SECURITY.md | ||
| STORAGE_ARCHITECTURE.md | ||
| TEMPERATURE_MONITORING.md | ||
| TROUBLESHOOTING.md | ||
| TRUENAS.md | ||
| UNIFIED_AGENT.md | ||
| UNIFIED_RESOURCES.md | ||
| UPGRADE_v5.md | ||
| UPGRADE_v6.md | ||
| VM_DISK_MONITORING.md | ||
| WEBHOOKS.md | ||
| ZFS_MONITORING.md | ||
📚 Pulse Documentation
Welcome to the Pulse documentation portal. Here you'll find everything you need to install, configure, and master Pulse.
v6 Execution Canonical Source
For Pulse v6 build/release execution work, do not start from this broad docs index. Use:
docs/release-control/v6/internal/SOURCE_OF_TRUTH.mdfor stable human governance and locked decisionsdocs/release-control/v6/internal/status.jsonfor live lane state, lane-to-subsystem ownership, structured evidence references, typed lane/subsystem decision records, and canonical ordered listsdocs/release-control/v6/status.schema.jsonfor the machine-readable status contractdocs/release-control/v6/internal/subsystems/registry.jsonanddocs/release-control/v6/internal/subsystems/registry.schema.jsonfor subsystem ownership, explicit shared-ownership exceptions, and proof-routing rulespython3 scripts/release_control/status_audit.py --checkif you need a machine-derived evidence health auditpython3 scripts/release_control/registry_audit.py --checkif you need a machine-derived subsystem registry auditpython3 scripts/release_control/contract_audit.py --checkif you need a machine-derived subsystem contract audit, including explicit cross-subsystem dependency checks and exact registry-derived shared-boundary wording Local pre-commit runs the v6 machine audits against staged control-file content so partial staging cannot hide governance drift. Local pre-commit also blocks partial staging for hook-sensitive governance files underdocs/release-control/v6/,scripts/release_control/,internal/repoctl/,.husky/pre-commit, and.github/workflows/canonical-governance.yml, because those checks still execute or structurally read the working-tree versions locally.python3 scripts/release_control/subsystem_lookup.py <path> [<path> ...] --pretty --leanif you need subsystem ownership, proof routing, exact contract-focus lines, and compact lane context for a change
For governed runtime changes, a staged subsystem contract only counts if its
diff updates a substantive contract section such as Purpose, Canonical Files,
Shared Boundaries, Extension Points, Forbidden Paths,
Completion Obligations, or Current State, rather than metadata alone.
All other documents are supporting references unless explicitly required for evidence.
🚀 Getting Started
- Installation Guide Step-by-step guides for Docker, Kubernetes, and bare metal.
- Configuration
Learn how to configure authentication, notifications (Email, Discord, etc.), and system settings. - Deployment Models
Where config lives, how updates work, and what differs per deployment. - Migration Guide
Moving to a new server? Here's how to export and import your data safely. - Upgrade to v6
Practical upgrade guidance and post-upgrade checks for Pulse v6. - FAQ Common questions and quick answers.
🛠️ Deployment & Operations
- Docker Guide – Advanced Docker & Compose configurations.
- Kubernetes – Helm charts, ingress, and HA setups.
- Reverse Proxy – Nginx, Caddy, Traefik, and Cloudflare Tunnel recipes.
- Troubleshooting – Deep dive into common issues and logs.
🔐 Security
- Security Policy – The core security model (Encryption, Auth, API Scopes).
- Privacy – What leaves your network (and what doesn’t).
- OIDC / SSO – OIDC Single Sign-On configuration (Authentik, Keycloak, Azure AD, etc.).
- Proxy Auth – Authentik/Authelia/Cloudflare proxy authentication configuration.
- Agent Security – Agent privilege model, Proxmox API-only choices, and self-update verification.
📖 Advanced Topics (Relay / Pro / legacy Pro+ / Cloud)
- AI Autonomy & Safety – Configure patrol autonomy levels, assistant control levels, investigation tuning, and safety guardrails.
- Role-Based Access Control (RBAC) – Define custom roles, assign permissions, and integrate with OIDC group mapping.
- Audit Logging – Tamper-evident event logging for compliance, with query, export, and signature verification.
✨ New in 6.0
- Unified Resource Model – How all platforms merge into one model with task-based navigation.
- Unified Navigation Migration – Upgrading from platform-specific tabs to v6 navigation.
- TrueNAS Integration – First-class TrueNAS SCALE/CORE monitoring (pools, datasets, disks, snapshots, replication).
- Relay / Pulse Mobile Handoff – End-to-end encrypted relay for supported Pulse Mobile clients (Relay and above).
- Recovery Central – Unified backup, snapshot, and replication view across all providers.
- Pulse Cloud (Hosted) – Fully managed hosting with automatic updates and backups.
- Pulse AI – Chat assistant, patrol findings, alert analysis, intelligence, and forecasts.
- Metrics History – Persistent metrics storage with configurable retention.
- Mail Gateway – Proxmox Mail Gateway (PMG) monitoring.
- Auto Updates – One-click updates for supported deployments.
- Multi-Tenant Organizations – Isolate infrastructure by organization (Enterprise, opt-in).
- Entitlements Overhaul – Capability-key-based feature gating across Community/Relay/Pro/Cloud, with legacy Pro+ continuity still supported.
💳 Plans (Community / Relay / Pro / Cloud)
Pulse is available in three self-hosted tiers plus hosted Cloud:
-
Community: Free self-hosted monitoring with core monitoring included and 7-day history.
-
Relay: Adds secure remote access to the Pulse web UI, Pulse Mobile pairing for handoff, push notifications, and 14-day history.
-
Pro: Adds alert-triggered root-cause analysis, safe remediation workflows, operations tooling, governance features, and 90-day history.
-
Cloud: Hosted Pulse with Pro-level capabilities; hosted pricing is unchanged by the self-hosted model lock.
-
Plans and entitlements (includes the Community/Relay/Pro/Cloud matrix)
-
Multi-Tenant Organizations (Enterprise) — Isolate infrastructure by organization for MSPs and multi-datacenter deployments.
📡 Monitoring & Agents
- Unified Agent – Single binary for host, Docker, and Kubernetes monitoring.
- Centralized Agent Management (Pro/Cloud) – Agent profiles and remote config.
- Proxmox Backup Server – PBS integration, direct API vs PVE passthrough, token setup.
- TrueNAS – TrueNAS SCALE/CORE integration.
- ZFS Monitoring – Proxmox-native ZFS pool monitoring.
- Storage Architecture – Proposed canonical storage, disk, S.M.A.R.T., and topology model for making storage genuinely operator-useful.
- VM Disk Monitoring – Enabling QEMU Guest Agent for disk stats.
- Temperature Monitoring – Agent-based temperature monitoring (
pulse-agent --enable-proxmox). Sensor proxy has been removed. - Webhooks – Custom notification payloads.
💻 Development
- API Reference – Complete REST API documentation.
- Architecture – System design and component interaction.
- Contributing – How to contribute to Pulse.
📁 Previous Versions
- Upgrade to v5 – Upgrade guidance for v4 → v5 migrations.
- v6 Release Promotion Policy – Canonical stable-vs-prerelease promotion rules and rollback expectations.
- v6 Prerelease Runbook – Internal release operations used during the v6 prerelease period.
Found a bug or have a suggestion?
