github rcourtman/Pulse v5.1.0
Pulse v5.1.0
on GitHub

latest releases: helm-chart-5.1.2, helm-chart-5.1.1, v5.1.1...
6 hours ago

✅ Release Asset Validation (Post-Publish): PASSED

Assets were revalidated after publication due to a release edit.

Status: Live release assets re-validated ✅
Validated: 2026-02-04 19:16:06 UTC
Workflow: Validate Release Assets #79

Validation Summary

  • All required assets present ✓
  • Checksums verified ✓
  • Version strings correct ✓
  • Binary architectures validated ✓

Pulse v5.1.0

v5.1.0 is the biggest Pulse release to date. The AI system has been completely redesigned from the ground up into two purpose-built systems — Pulse Assistant for interactive infrastructure chat and Pulse Patrol for autonomous background monitoring. Beyond AI, this release introduces rich resource drawers with sparkline history charts, a new Discovery system that identifies what's actually running inside your VMs and containers, SMART disk health monitoring, multi-resource reporting, FreeBSD/pfSense agent support, and a comprehensive security hardening pass across the entire API surface.

⚠️ Agent Update Required: If you are running Pulse agents, please manually update them to v5.1.0. The agent auto-update functionality currently has a known bug and is being investigated, so agents will not update themselves automatically. If you are seeing unexpected behavior, missing data, or features not working as expected, outdated agents are likely the cause. To update, simply re-run the original install command from Settings → Agents in the Pulse UI.

What's New

Pulse Assistant & Pulse Patrol

The AI system has been rebuilt from scratch into two specialized systems sharing a unified tool foundation.

Pulse Assistant is an interactive chat agent that helps you investigate and manage your infrastructure:

  • Agentic tool loop: Assistant autonomously chains tools to investigate issues, with a finite state machine enforcing safe workflows (read-before-write verification, no dangerous state transitions).
  • Session-level learning: Extracts and caches facts during conversations — it learns what resources exist, their states, and relationships as you talk, eliminating redundant queries.
  • Approval gating: Control actions block and wait for your explicit approval before executing, with a 5-minute timeout.
  • Context prefetching: Proactively gathers context about mentioned resources before the LLM sees your query.
  • Streaming responses: Real-time visibility into tool execution and reasoning as Assistant works.

Pulse Patrol is an autonomous background agent that continuously monitors your infrastructure:

  • Scheduled patrols: Runs on a configurable schedule, scanning your environment for issues and anomalies.
  • Finding lifecycle: Detects issues, creates findings, investigates root causes, proposes fixes, and verifies resolutions — all automatically.
  • Investigation orchestrator: When a finding is created, Patrol can autonomously investigate it using the full tool suite, extract proposed fixes, and queue them for approval.
  • Remediation engine: Generates multi-step fix plans with safety classification (informational, guided, one-click, autonomous) and rollback support.
  • Verification loops: After a fix is applied, Patrol re-checks to confirm the issue is actually resolved.
  • Autonomy levels: Configure how much Patrol can do on its own — from monitor-only (detect but don't act) through approval-required (investigate everything, approve all fixes) to full autonomy (auto-fix routine issues).
  • Event-driven triggers: Alert-triggered patrols with priority queuing, in addition to scheduled runs.
  • Deterministic signal detection: Known issue patterns (SMART failures, backup age, guest unreachability) are detected deterministically without LLM calls.
  • Guest intelligence: Before each patrol, Pulse gathers service identity (from Discovery) and network reachability (via ICMP ping) for every guest. Running-but-unreachable services are flagged immediately.
  • PMG monitoring: Proxmox Mail Gateway instances are now first-class patrol targets — Patrol monitors mail queues, spam volume, processing times, and quarantine status.
  • Circuit breaker: Trips on consecutive LLM failures to prevent runaway API costs.

Shared foundation — both systems use:

  • A single PulseToolExecutor with 12+ tool groups covering Proxmox, PBS, Docker, Kubernetes, PMG, storage, networking, and more.
  • Three control levels: read_only (query only), controlled (per-command approval), autonomous (execute without approval).
  • Safety system with blocked command detection, risk classification, and write pattern analysis.
  • Approval store with replay protection and single-use tokens.

New AI tools added in this release:

  • Storage & backups: Query PBS datastores, ZFS pools, Ceph status, and replication jobs.
  • PMG: Inspect mail statistics, queues, spam score distributions, and quarantine status.
  • Kubernetes: Query clusters, nodes, pods, and deployments with scoped actions requiring approval.

New AI frontend:

  • Redesigned findings view with investigation status, severity indicators, and remediation tracking.
  • Patrol control panel with autonomy level configuration and run history.
  • Approval workflow UI for reviewing and approving proposed fixes.
  • Remediation plan execution with step-by-step progress tracking.

Provider support:

  • DeepSeek Chat and Reasoner models via OpenAI-compatible client handling.
  • Fixed endpoint support for other OpenAI-compatible chat providers.

UI & Monitoring

  • Resource drawers with history charts: Click any VM, container, node, or host to open a detail drawer with interactive performance charts. Each drawer shows CPU, memory, disk, and network history with a shared time range selector (1h / 6h / 12h / 24h / 7d / 30d / 90d). Charts are canvas-rendered with crosshair hover, exact-value tooltips, and persistent min/max indicators in the header. 30d and 90d ranges require Pro.
  • Dashboard sparklines: Toggle between traditional progress bars and inline sparkline trend charts directly in the dashboard table. Sparklines use LTTB downsampling for smooth rendering across hundreds of rows, with automatic color transitions from green to yellow to red based on threshold proximity. Time ranges from 15 minutes to 30 days.
  • SMART disk monitoring: New disk health lifecycle view with per-disk detail drawers. Tracks SMART attributes across SATA and NVMe drives — reallocated sectors, pending sectors, temperature, power-on hours, NVMe life used percentage, available spare capacity, and media errors. Interactive historical charts show wear trends over time to help you spot failing drives before they fail.
  • Multi-resource reports: New resource picker lets you select up to 50 nodes, VMs, or containers and generate a single PDF or CSV report. PDFs include a cover page, fleet summary with aggregate health status, and condensed per-resource breakdowns. CSVs provide side-by-side time-series data for comparison.
  • Executive summary: PDF reports now open with an executive summary including actionable insights and recommendations.
  • Node display names in alerts: Alerts and notifications now show user-configured display names instead of raw Proxmox node identifiers.
  • Chart min/max: History chart headers now persistently display min and max values instead of showing them in flickering tooltips.
  • Dynamic byte formatting: All byte displays across the UI now use dynamic precision, so "1.5 GB / 2 GB" no longer truncates to "1 GB / 2 GB".
  • Docker views: Unified Docker table and cluster services view.
  • System logs: Live log streaming and support bundle download from the UI.
  • Settings layout: Consolidated settings panels with consistent layout and visual polish.

Discovery

Discovery is a new system that identifies what services and applications are actually running inside your VMs, LXC containers, and Docker containers.

  • Service identification: Discovery runs read-only commands inside guests (via QEMU guest agent, LXC exec, or Docker exec), then uses AI to identify what's running. Results include service name, version, category, and confidence level.
  • Infrastructure context: Each discovery captures configuration paths, data paths, log paths, listening ports, CLI access commands, and notable facts (e.g., detected hardware like Coral TPUs, broker addresses).
  • Web interface URLs: Auto-suggests web URLs based on service type and detected ports (100+ service type defaults), with the option to save custom URLs.
  • User notes: Encrypted per-resource field for storing API tokens, passwords, or custom notes.
  • Transparency & trust: Before scanning, users see the exact commands that will run, which AI provider will analyze the results (cloud vs. local), and the agent connection status. During scanning, real-time progress shows which commands are executing.
  • Just-in-time scanning: Discovery doesn't run continuously. A lightweight fingerprint (hash of container metadata — no secrets) detects when something has changed, triggering a re-scan only when needed.
  • Patrol & Assistant integration: Discovery data feeds directly into Patrol and Assistant context, enabling the AI to propose correct CLI commands and reference actual service configurations during investigations.
  • Unified Proxmox discovery: When a PVE node has a linked host agent, discovery results are automatically deduplicated to a single authoritative source.

Security

  • Comprehensive endpoint authorization: Scope checks enforced across all AI, chat, patrol, approval, config, model, notification, RBAC, reporting, and admin endpoints.
  • WebSocket security: Fixed scope validation and agent impersonation vulnerabilities in Socket.IO connections. Query-string token auth now restricted to WebSocket upgrade requests only, preventing token leakage via logs and referrer headers.
  • Proxy auth hardening: Non-admin proxy users blocked from sensitive operations including SSH config, service restart, OIDC config, config export/import, AI admin endpoints, and agent management.
  • Config export/import: Now requires passphrase encryption, with hardened input validation.
  • Recovery endpoint: Rejects forwarded loopback requests to prevent XFF spoofing.
  • SSH key generation: Guarded against execution inside containers.
  • Vulnerability fixes: Addressed SAML, SSRF, approval replay, and OAuth scope bypass issues.
  • Host token binding: Fixed credential exposure and AI findings scope isolation.
  • Secret scanning: Gitleaks pre-commit hook and CI pipeline added.
  • Extensive regression test suite: 140+ security regression tests covering auth bypass, path traversal, scope enforcement, RBAC, and tenant isolation.

Platform & Agents

  • FreeBSD & pfSense support: Native agent binaries for FreeBSD amd64/arm64, with pfSense-specific boot wrapper for proper rc.d integration and auto-restart via daemon.
  • Long-term metrics history: 30d/90d time ranges with downsampling (Pro feature).
  • Arm64 builds: Pure-Go SQLite driver enables CGO-free arm64 Docker images.
  • SQLite stability: Improved timeout handling and reduced contention under I/O pressure.
  • Webhook security: SSRF protections for private/localhost/metadata targets (allowlist supported).
  • OIDC + API tokens: API token authentication now works alongside OIDC, enabling programmatic access in enterprise SSO environments.
  • SMTP flexibility: Authentication now works over unencrypted connections for internal mail servers, and custom email rate limits persist across restarts.
  • Diagnostics sanitization: "Export for GitHub" now properly redacts IP addresses, hostnames, tokens, and other infrastructure details before sharing.
  • Kiosk mode: Enhanced with auto-enable logic and magic link generation.
  • Windows agent: Uninstall command support added in the UI.
  • Backup visibility: Agent now granted PVEDatastoreAdmin for proper backup visibility.
  • Incident context: High-frequency incident capture includes pre-incident history for investigations.

Breaking Changes

  • Legacy sensor proxy removed: pulse-sensor-proxy and related config are removed. Temperature monitoring now relies on unified agents.
  • Config rename: BackendHost/BackendPort replaced by BindAddress. BACKEND_HOST is deprecated; port is controlled by FrontendPort.

Fixes (Selected)

  • VM memory usage no longer inflated by balloon driver — now uses correct memory calculation instead of subtracting guest-visible free memory from max allocation.
  • Host network sparklines now show actual transfer rates instead of cumulative byte counters since boot.
  • PBS backup indicators no longer falsely attributed when VMIDs collide across different PVE instances.
  • Alert history duration no longer shows "0m" — resolved alerts now record actual active duration.
  • Stale alerts no longer persist after disabling threshold rules or when nodes go offline.
  • Optional metric alerts (Disk I/O, Network I/O, Temperature) now clear properly when disabled.
  • Reports no longer return blank data after settings changes or monitor reloads.
  • SSD life percentage now correctly interpreted (100% = healthy, not worn).
  • Offline alert recovery no longer deadlocks.
  • Guest alerts no longer misclassified as node alerts in single-node setups.
  • Host disk threshold overrides now persist correctly.
  • Backup/snapshot settings no longer reset from Global Defaults edits.
  • Setup wizard now shows validation errors and avoids advancing on invalid tokens.
  • SMTP auth now negotiates server-supported mechanisms (including LOGIN for Microsoft 365).
  • Agent installer now supports --hostname and improved URL handling.
  • Disk exclusion patterns now match device paths and disk I/O.
  • WebSocket reconnection now refreshes alert config state.
  • PBS backup verification status now updates after cache populated.
  • Patrol interval setting now persists correctly across reloads.
  • Memory leak from stale metrics history and rate tracker entries now prevented.
  • SSE race conditions and alert user spoofing resolved.
  • Node drawer colspan no longer causes table layout shift.
  • GitHub star prompt now has a 7-day snooze cooldown.
  • Node display name cache pre-populated before guest polling to prevent stale names on first load.

Installation

Docker (recommended): 

docker pull rcourtman/pulse:5.1.0

Docker Compose:
Update your docker-compose.yml to use rcourtman/pulse:5.1.0

See the Installation Guide for complete setup instructions.

Check out latest releases or
releases around rcourtman/Pulse v5.1.0

Don't miss a new Pulse release

NewReleases is sending notifications on new releases.

Get notifications