✅ Release Asset Validation (Post-Publish): PASSED
Assets were revalidated after publication due to a release edit.
Status: Live release assets re-validated ✅
Validated: 2026-07-13 21:24:27 UTC
Workflow: Pulse Release Pipeline #306
Validation Summary
- All required assets present ✓
- Checksums verified ✓
- Version strings correct ✓
- Binary architectures validated ✓
Pulse v6.1.0-rc.1 Release Notes
v6.1.0-rc.1 is a release candidate for the next Pulse v6 minor line. It
follows stable v6.0.5 with a substantial monitor-first product update, a
typed Pulse Intelligence action lifecycle, a dedicated Actions workspace,
safer native-agent update and recovery behavior, and broad security and
reliability hardening.
Highlights
- Patrol findings can now move through one reviewed Actions inbox with clear
approval, execution, and verification state. - Pulse can safely carry out a wider set of explicitly governed Docker,
Proxmox, host-update, package-maintenance, and storage-cleanup actions. - Platform pages, connected systems, responsive layouts, and Assistant
conversations are more task-focused and easier to operate day to day. - Native updates, agent recovery, authentication boundaries, and service
hardening fail closed across more installation and recovery paths.
Added
- Pulse Intelligence now has explicit detection and investigation profiles,
a typed proposal-to-action lifecycle, and post-action verification for
supported Docker and Kubernetes operations. - Patrol action state now reconciles from the authoritative action audit and
stays current across investigation history, desktop approval controls, and
Pulse Mobile approve or reject flows. - Actions provides a dedicated inbox for reviewing proposed work, checking
policy and verification details, and seeing pending approvals without
searching through Assistant history. - Patrol can authorize low-risk Docker and Podman restarts through explicit
per-resource capability allowlists and optional recurring maintenance
windows, while unsupported, out-of-window, or downgraded-mode actions remain
approval-gated and fail closed. - Governed host updates, Debian and Ubuntu package maintenance, storage-pressure
cleanup, and supported Proxmox guest lifecycle operations now use reviewed
plans, durable execution receipts, and independent outcome verification. - Local AI setup includes a guided Ollama quickstart for
qwen3:8b, with
clearer Provider & Models readiness guidance. - Cluster members can override their connection addresses when the discovered
address is not the one Pulse should use. - The Unified Agent Windows service now writes owner-controlled rotating logs,
verifies logged readiness during installation, and carries native lifecycle
proof for install, replacement, recovery, persistence, and uninstall.
Improved
- Platform and connected-system pages lead with monitor-first attention and
task-oriented workflows, with more coherent responsive and mobile layouts. - Pulse Intelligence settings and daily-use surfaces use one consistent
product vocabulary while keeping Patrol focused on detection and
investigation. - The provider MSP portal uses the product design system, supports dark mode,
and presents self-service behavior honestly when an email provider is not
configured. - Update execution now uses one canonical lifecycle with clearer completion,
rollback, and operator feedback. - Investigation prompts receive the real typed capability catalog, including
approval requirements and parameter constraints, instead of asking the
model to guess which actions are available. - Assistant conversations can be retried, regenerated, edited and resent, and
steered while a response is running. Long pasted input is collapsed into a
manageable composer attachment, and the last-turn summary reports estimated
model cost when available. - Patrol handoffs now open the related Actions review directly, background
Patrol work stays out of the Assistant quick-resume list, and the Actions tab
shows its pending-approval count. - Docker, Kubernetes, TrueNAS, vSphere, and Proxmox node tables preserve
user-controlled column sorting through one shared platform-table model.
Fixed
- Native updates self-test the replacement binary before swapping it in,
reject silent edition downgrades, preserve a sanctioned rollback path, and
fail fast when signing configuration is incomplete. - Native updates fail closed instead of silently falling back to a community
build, preserve writable configuration backups under hardened services, and
publish verification keys in the exact OpenSSHallowed_signersform used
by the documented verification command. - Docker updates now recreate the container instead of attempting a restart
that cannot apply a new image. - Docker containers retain their grouped-by-host view and open configured web
links consistently after REST resource snapshot hydration. - Docker and Kubernetes agents tolerate realistic clock skew when evaluating
liveness, and posture alerts no longer ignore the intended guest-suppression
rules. - Legacy OIDC callbacks recover the initiating provider correctly.
- Provider/runtime failures and proposal-validation failures remain separate,
so a failed investigation cannot be misreported as a completed
needs-attention result. - Deterministic finding verification now routes each finding to its owning
verifier, and unrelated APT resource state can no longer intercept CPU,
memory, or disk verification. - Legacy raw-command Assistant invocations are denied before dispatch, while
approval decisions bind server-owned actor and evidence records to the exact
action plan. Dry-run plans cannot mint executable approval authority. - Action-result normalization no longer mutates shared evidence or compensation
snapshots, preventing races between concurrent audit readers. - First-run, request parsing, storage, cookie, remediation-lock, and remote
deployment boundaries now fail closed across the hardened paths included in
this candidate. - FreeBSD agent update recovery and Windows service recovery now preserve a
usable runtime across replacement and restart paths. - Cluster re-registration preserves an operator-selected member address, moved
guests keep their alert ownership aligned with the new node, and unavailable
guest-agent disk data is no longer presented as a real measurement. - Physical disks no longer disappear on wide node layouts, standby SSDs no
longer report misleading state, shared Docker network namespaces survive
container updates, and SSO administrators retain the expected settings
authority.
Upgrade Notes
Use the normal v6 install or update flow for v6.1.0-rc.1 only when you are
comfortable testing an RC. The rollback target for this release candidate is
v6.0.5.
The exact rollback reinstall command is:
./scripts/install.sh --version v6.0.5This candidate changes authentication and native installer/updater boundaries,
so it is intentionally using the governed RC path rather than the direct
stable-patch path.
Pulse Mobile iOS candidate build 10 and Android candidate versionCode 8 carry
the matching plan-bound action review and approval client. They remain on the
TestFlight external-beta and Google Play internal-testing tracks; no public
store rollout is part of this RC.
Windows Unified Agent binaries in this release candidate retain the same
checksum and detached-signature verification used by v6.0.5, but they are
not yet Authenticode-signed and Windows may show an unknown-publisher warning.
Public Windows Authenticode signing remains required before stable promotion.
Paid Pulse Pro, Relay, and eligible legacy customers should continue to use the
private download page and private runtime image for paid runtime features.
Installation
Docker (recommended):
docker pull rcourtman/pulse:6.1.0-rc.1Docker Compose:
Update your docker-compose.yml to use rcourtman/pulse:6.1.0-rc.1
See the Installation Guide for complete setup instructions.
Paid Pulse Pro, Relay, and eligible legacy customers: public GitHub release assets and the public rcourtman/pulse Docker image are community builds. They do not include the private Pulse Pro runtime hooks. Use https://pulserelay.pro/download.html with your activation key to get the private Pulse Pro Docker image or Linux/LXC archive.
Promotion Metadata
- Promotion channel: rc
- Candidate stable tag: v6.1.0-rc.1
- Promoted prerelease tag: n/a
- Rollback target: v6.0.5
- Rollback command:
./scripts/install.sh --version v6.0.5 - Hotfix exception: false