Commit graph

83 commits

Author SHA1 Message Date
rcourtman
b311bdd069 Rename legacy settings tabs to Proxmox and Hosts 2025-10-24 08:50:18 +00:00
rcourtman
9d372ba9a8 refactor: improve frontend performance with lazy loading and component extraction
Add lazy loading for major route components (Dashboard, Settings, Docker, etc.) to reduce initial bundle size and improve load times. Extract node configuration tables (PVE, PBS, PMG) into dedicated reusable components with consistent table-based layouts. Implement Suspense fallbacks for smoother transitions between routes.
2025-10-24 08:20:12 +00:00
rcourtman
9925a0d78f refactor: use semantic metric types instead of conditional logic in HostsOverview
Changed MetricBar type prop from conditional (value > 80 ? 'danger' : 'primary')
to semantic types ('cpu', 'memory', 'disk') for better maintainability and
consistency with the component's design system.

This allows MetricBar to handle threshold logic internally based on metric
type, rather than duplicating threshold conditions at each call site.
2025-10-23 22:38:44 +00:00
rcourtman
8fb9ef2e8f fix: correct checksum URL construction in install script
The checksum URL was incorrectly constructed by appending .sha256
to the entire download URL including query parameters, resulting in:
  /download/pulse-host-agent?platform=linux&arch=amd64.sha256

This caused .sha256 to be part of the arch parameter, which prevented
the checksum endpoint from being reached correctly.

Fixed to construct checksum URL with .sha256 as part of the path:
  /download/pulse-host-agent.sha256?platform=linux&arch=amd64

Tested on Proxmox VE host (delly):
- Installation: ✓ Binary downloaded and installed successfully
- Service: ✓ systemd service created, enabled, and started
- Validation: ✓ Service running and attempting to report
- Logs: ✓ JSON logs writing to /var/log/pulse/host-agent.log
- Uninstallation: ✓ Complete cleanup (binary, service, logs)
- Colors: ✓ ANSI colored output working properly

Note: Checksum validation gracefully handled when endpoint
unavailable (server doesn't provide checksums yet)
2025-10-23 22:34:07 +00:00
rcourtman
b4247fc095 feat: add server-side support for agent installation improvements
API Enhancements:
- Add SHA256 checksum endpoint for binary downloads
  - Computes checksum on-the-fly when .sha256 suffix is requested
  - Example: /download/pulse-host-agent?platform=linux&arch=amd64.sha256
  - Enables installer scripts to verify binary integrity
- Add /uninstall-host-agent.sh endpoint for Linux/macOS uninstall script
- Add endpoint to public paths (no auth required)

Checksum Implementation:
- New serveChecksum() function computes SHA256 hash using crypto/sha256
- Returns plain text checksum in hex format
- Supports all binary download endpoints
- Zero performance impact (only computed when requested)

Install Script Updates:
- Add --force/-f flag to skip all interactive prompts
  - URL/token prompts skipped with --force
  - Reinstall confirmation skipped with --force
  - Checksum mismatch still aborts (security first)
- Force mode auto-accepts updates and reinstalls
- Usage: ./install-host-agent.sh --url $URL --token $TOKEN --force

Security Notes:
- Checksum verification protects against:
  - Corrupted downloads due to network issues
  - Man-in-the-middle binary tampering
  - Storage corruption on server
- Force mode maintains security by aborting on checksum mismatch
- No bypass for security-critical validations

These improvements enable:
- Automated deployments (--force flag)
- Binary integrity verification (checksums)
- Better security posture (tamper detection)
- Standardized uninstall process (endpoint)

The /api/version endpoint already exists and returns version info
for update checks (no changes needed).
2025-10-23 22:27:02 +00:00
rcourtman
df8e12df33 feat: enhance macOS/Linux agent installation to match Windows quality
Major improvements to the host agent installation experience:

Installation Enhancements:
- Add interactive mode with prompts for URL/token if not provided
- Add colored output with ANSI codes (✓ ℹ ⚠ ✗) matching Windows style
- Add professional header/footer with bordered sections
- Display masked configuration before installation
- Add version detection and update notifications
- Add reinstall confirmation for existing installations

Security Improvements:
- Store tokens in macOS Keychain instead of plaintext plist
- Create wrapper script to read token from Keychain at runtime
- Add SHA256 checksum verification for downloaded binaries
- Set restrictive permissions (chmod 600) on service configs
- Graceful fallback if Keychain access denied

Validation & Verification:
- Wait 10 seconds and verify service is running
- Query /api/hosts endpoint to confirm agent registered
- Verify hostname appears in Pulse server
- Provide detailed troubleshooting if validation fails

Error Handling:
- Comprehensive error messages with actionable guidance
- Platform-specific install instructions for missing dependencies
- 4-step troubleshooting guide for download failures
- Build-from-source fallback instructions
- Service failure diagnostics with log viewing commands

Logging Improvements:
- Use persistent log directories (no more /tmp)
- macOS: ~/Library/Logs/Pulse/host-agent.log
- Linux: /var/log/pulse/host-agent.log
- Automatically create log directories

Post-Install:
- Display service management commands (start/stop/restart/logs)
- Show installed file locations
- Provide uninstall instructions
- Link to Pulse dashboard

Uninstall Script:
- New dedicated uninstall script with colored output
- Comprehensive cleanup (service, binary, logs, Keychain)
- Platform detection and appropriate cleanup steps
- Remove macOS Keychain entries and wrapper scripts
- Remove temporary logs from old /tmp location
- Retry logic for file locking issues

Progress Indicators:
- Better download progress with curl --progress-bar
- Clear status messages for each installation step
- Visual feedback throughout installation

These changes bring the macOS/Linux installation experience to parity
with Windows and add several features that exceed Windows quality:
- API endpoint verification (Windows doesn't have)
- Checksum verification (Windows doesn't have)
- macOS Keychain integration (more secure than Windows config)
- Update detection (Windows doesn't have)
2025-10-23 22:23:23 +00:00
rcourtman
6333a445e9 feat: add native Windows service support and expandable host details
Windows Host Agent Enhancements:
- Implement native Windows service support using golang.org/x/sys/windows/svc
- Add Windows Event Log integration for troubleshooting
- Create professional PowerShell installation/uninstallation scripts
- Add process termination and retry logic to handle Windows file locking
- Register uninstall endpoint at /uninstall-host-agent.ps1

Host Agent UI Improvements:
- Add expandable drawer to Hosts page (click row to view details)
- Display system info, network interfaces, disks, and temperatures in cards
- Replace status badges with subtle colored indicators
- Remove redundant master-detail sidebar layout
- Add search filtering for hosts

Technical Details:
- service_windows.go: Windows service lifecycle management with graceful shutdown
- service_stub.go: Cross-platform compatibility for non-Windows builds
- install-host-agent.ps1: Full Windows installation with validation
- uninstall-host-agent.ps1: Clean removal with process termination and retries
- HostsOverview.tsx: Expandable row pattern matching Docker/Proxmox pages

Files Added:
- cmd/pulse-host-agent/service_windows.go
- cmd/pulse-host-agent/service_stub.go
- scripts/install-host-agent.ps1
- scripts/uninstall-host-agent.ps1
- frontend-modern/src/components/Hosts/HostsOverview.tsx
- frontend-modern/src/components/Hosts/HostsFilter.tsx

The Windows service now starts reliably with automatic restart on failure,
and the uninstall script handles file locking gracefully without requiring reboots.
2025-10-23 22:11:56 +00:00
rcourtman
745e6b386b fix: require explicit confirm before showing agent commands 2025-10-23 18:35:06 +00:00
rcourtman
45e6ff48eb fix: gate agent commands until token step confirmed 2025-10-23 18:23:38 +00:00
rcourtman
f800d7d59d refactor: unify agent hub layout and copy 2025-10-23 18:09:09 +00:00
rcourtman
30b78784e0 Refine inline URL editor event handling
- Add double-checks in global click handlers to prevent race conditions
- Add isCurrentlyMounted flag to prevent cleanup during re-renders
- Remove onBlur handler that was causing premature editor closure
- Simplify conditional logic in click handlers

These changes improve the robustness of the inline editor when
websocket updates occur during editing sessions.
2025-10-23 17:56:58 +00:00
rcourtman
5de564d945 Remove animated transitions from I/O metrics
The AnimatedMetric wrapper was causing distracting slide-up/slide-down
animations on every websocket update. While visually interesting, the
high-frequency updates made the dashboard feel too busy. Replaced with
direct value display while maintaining color-coded speed indicators.
2025-10-23 17:56:50 +00:00
rcourtman
32cd925e1f Fix inline editor persistence during websocket updates
Critical fixes to prevent the inline URL editor from closing during API updates:

1. Implement stable guest store with reconcile:
   - Use createStore with reconcile() to maintain stable object references
   - Key function ensures each guest keeps same proxy instance across updates
   - Prevents <For> loop from remounting rows during websocket updates

2. Allow switching between guest editors:
   - Mark guest name spans with data-guest-name-editable attribute
   - Click handler allows clicking another guest name to switch editors
   - Prevents click consumption when opening a different guest's editor

This ensures the inline editor stays open and preserves user input even when
websocket updates arrive, while still allowing seamless switching between
editing different guests.
2025-10-23 17:45:54 +00:00
rcourtman
15252c95ce Add inline URL editing for guest rows with click-away protection
Redesigned guest URL management from a bulky settings table to streamlined
inline editing directly on the dashboard:

Features:
- Single-click guest name to edit custom URL
- Text cursor indicates editability
- Inline editor with save (✓) and delete (✕) buttons
- Auto-focus and text selection on edit start
- Tag badges hidden during editing to maximize input space
- Click-away closes editor without activating underlying elements

Technical improvements:
- Global editing state prevents multiple simultaneous edits
- Smart click capture intercepts mousedown/click events when editor is open
- Prevents accidental row expansion or other actions during editing
- Delete button (✕) removes URL and icon entirely
- Escape key closes without saving
- Enter key saves and closes
2025-10-23 17:42:40 +00:00
rcourtman
e565b292bf feat: unify agent deployments and scoped token flows 2025-10-23 17:14:34 +00:00
rcourtman
84d89c8c81 Redesign API token manager UI for improved usability
Restructure the API token management interface with a focus on
information density and modern design patterns:

- Replace large card layouts with compact table view for token list
- Add visual statistics cards for total, scoped, and wildcard tokens
- Implement toggle button controls instead of checkboxes for scope selection
- Streamline token creation form with collapsible custom scopes
- Improve visual hierarchy with SectionHeader and ApiIcon components
- Add gradient backgrounds and refined spacing throughout
- Maintain accessibility while reducing overall page footprint

The new design presents all critical information at a glance while
preserving functionality and reducing visual clutter.
2025-10-23 13:30:46 +00:00
rcourtman
76263be05d Add gradient banners to settings pages for visual consistency
Adds polished gradient banner headers to all configuration pages:
- System > General, Network, Updates, Backups
- Security > Authentication (updated from gray to blue/indigo gradient)
- API Access

Resource management pages (PVE, PBS, Docker, etc.) intentionally left
without banners to keep focus on node tables and operational content.
2025-10-23 12:57:39 +00:00
rcourtman
5c54685f04 Add API token scopes and standalone host agent
Introduces granular permission scopes for API tokens (docker:report, docker:manage, host-agent:report, monitoring:read/write, settings:read/write) allowing tokens to be restricted to minimum required access. Legacy tokens default to full access until scopes are explicitly configured.

Adds standalone host agent for monitoring Linux, macOS, and Windows servers outside Proxmox/Docker estates. New Servers workspace in UI displays uptime, OS metadata, and capacity metrics from enrolled agents.

Includes comprehensive token management UI overhaul with scope presets, inline editing, and visual scope indicators.
2025-10-23 11:40:31 +00:00
rcourtman
e1fe8354e9 Ensure Docker agent builds stay static (#597) 2025-10-22 21:48:57 +00:00
rcourtman
b0b363ce66 Center Pulse branding in header 2025-10-22 19:16:59 +00:00
rcourtman
fe1533ea13 Improve PMG metric ingestion refs #551 2025-10-22 18:15:27 +00:00
rcourtman
87cab2b882 feat: allow per-node overrides for Proxmox endpoints 2025-10-22 17:16:54 +00:00
rcourtman
3a3e0e080c Add replication monitoring plumbing and UI
Refs #395
2025-10-22 16:10:15 +00:00
rcourtman
c9543e8a7e Add qemu guest agent version metadata 2025-10-22 15:24:07 +00:00
rcourtman
f61a61aad0 Add Apprise API controls to notification panel (#584) 2025-10-22 13:44:39 +00:00
rcourtman
be26f957c0 Add snapshot size alert thresholds (#585) 2025-10-22 13:30:40 +00:00
rcourtman
4ba5dcc785 feat: improve mobile layout responsiveness 2025-10-22 12:39:53 +00:00
rcourtman
9d1b9a78c4 refactor: unify notifications into global toast 2025-10-22 12:39:01 +00:00
rcourtman
971d55f334 Use lucide loader icon for discovery spinners 2025-10-22 12:30:04 +00:00
rcourtman
bc479643e4 release: prepare v4.25.0 2025-10-22 10:46:18 +00:00
rcourtman
4eb8bed9b5 Fix initial setup caching and container discovery defaults 2025-10-22 07:34:32 +00:00
rcourtman
ff4dc49ae4 Update Pulse install flow and related components 2025-10-21 19:58:53 +00:00
rcourtman
29bb2460e4 fix: escape apostrophes in alert notification strings
Fixes build failure caused by unescaped apostrophes in single-quoted
strings. The Vite/Babel parser was failing on "You'll" and "you'll"
in ActivationModal.tsx, preventing successful frontend builds.
2025-10-21 13:33:56 +00:00
rcourtman
acedd18c07 fix: upgrade vite to 6.4.1 to resolve CVE-2025-62522
Fixes Dependabot alert #33 - path traversal vulnerability in vite's
server.fs.deny when using backslash on Windows. Upgraded from 6.3.5 to 6.4.1.
2025-10-21 12:41:08 +00:00
rcourtman
c98fe537d3 fix: improve alert activation messaging for clarity and friendliness
Replace harsh/technical language with clearer, more positive messaging:

BEFORE → AFTER:
- "No alert violations detected during observation yet" → "All systems healthy — no alerts triggered"
- "Monitoring is live; notifications will start after..." → "Monitoring is active. Review your settings..."
- "24h observation ending" → "24-hour setup period ending soon"
- "Review alerts before activating" → "Ready to activate notifications"
- "breached thresholds" → "triggered"
- "violations" → "alerts"

Key improvements:
- Removed jargon: "observation window", "during observation"
- Removed ominous language: "yet", harsh "violations"
- More conversational: "You'll receive" vs "will dispatch to configured destinations"
- Positive framing: "All systems healthy" vs absence-focused language
- Clearer actions: "turning on alerts" vs "enabling notifications"
- Enthusiastic success messages: "Notifications activated!" with exclamation

Affected components:
- ActivationBanner.tsx: 4 text improvements
- ActivationModal.tsx: 5 text improvements

Impact: Better first-run UX, less intimidating language, clearer call-to-action
2025-10-21 11:09:59 +00:00
rcourtman
85ffe10aed docs: add Mermaid diagrams to improve visual documentation
Enhance documentation with six Mermaid diagrams to better explain
complex system implementations:

- Adaptive polling lifecycle flowchart showing enqueue→execute→feedback
  cycle with scheduler, priority queue, and worker interactions
- Circuit breaker state machine diagram illustrating Closed↔Open↔Half-open
  transitions with triggers and recovery paths
- Temperature proxy architecture diagram highlighting trust boundaries,
  security controls, and data flow between host/container/cluster
- Sensor proxy request flow sequence diagram showing auth, rate limiting,
  validation, and SSH execution pipeline
- Alert webhook pipeline flowchart detailing template resolution, URL
  rendering, HTTP dispatch, and retry logic
- Script library workflow diagram illustrating dev→test→bundle→distribute
  lifecycle emphasizing modular design

These visualizations make it easier for operators and contributors to
understand Pulse's sophisticated architectural patterns.
2025-10-21 10:40:33 +00:00
rcourtman
66b97333f7 fix: skip update check for source builds and show appropriate UI message
Source builds use commit hashes (main-c147fa1) not semantic versions
(v4.23.0), so update checks would always fail or show misleading
"Update Available" banners.

Changes:
- Add IsSourceBuild flag to VersionInfo struct
- Detect source builds via BUILD_FROM_SOURCE marker file
- Skip update check for source builds (like Docker)
- Update frontend to show "Built from source" message
- Disable manual update check button for source builds
- Return "source" deployment type for source builds

Backend:
- internal/updates/version.go: Add isSourceBuildEnvironment() detection
- internal/updates/manager.go: Skip check with appropriate message
- internal/api/types.go: Add isSourceBuild to API response
- internal/api/router.go: Include isSourceBuild in version endpoint

Frontend:
- src/api/updates.ts: Add isSourceBuild to VersionInfo type
- src/stores/updates.ts: Don't poll for updates on source builds
- src/components/Settings/Settings.tsx: Show "Built from source" message

Fixes the confusing "Update Available" banner for users who explicitly
chose --source to get latest main branch code.

Co-authored-by: Codex AI
2025-10-21 10:08:00 +00:00
rcourtman
c7d1abf874 feat: implement staleness tracker for adaptive polling (Phase 2 Task 4)
Adds freshness metadata tracking for all monitored instances:
- StalenessTracker with per-instance last success/error/mutation timestamps
- Change hash detection using SHA1 for detecting data mutations
- Normalized staleness scoring (0-1 scale) based on age vs maxStale
- Integration with PollMetrics for authoritative last-success data
- Wired into all poll functions (PVE/PBS/PMG) via UpdateSuccess/UpdateError
- Connected to scheduler as StalenessSource implementation

Task 4 of 10 complete. Ready for adaptive interval logic.
2025-10-20 15:13:37 +00:00
rcourtman
57429900a6 feat: add adaptive polling scheduler infrastructure (Phase 2 Tasks 1-3)
Implements adaptive scheduling foundation for Phase 2:
- Poll cycle metrics: duration, staleness, queue depth, in-flight counters
- Adaptive scheduler with pluggable staleness/interval/enqueue interfaces
- Config support: ADAPTIVE_POLLING_ENABLED flag + min/max/base intervals
- Feature flag defaults to disabled for safe rollout
- Scheduler wiring into Monitor with conditional instantiation

Tasks 1-3 of 10 complete. Ready for staleness tracker implementation.
2025-10-20 15:13:37 +00:00
rcourtman
524f42cc28 security: complete Phase 1 sensor proxy hardening
Implements comprehensive security hardening for pulse-sensor-proxy:
- Privilege drop from root to unprivileged user (UID 995)
- Hash-chained tamper-evident audit logging with remote forwarding
- Per-UID rate limiting (0.2 QPS, burst 2) with concurrency caps
- Enhanced command validation with 10+ attack pattern tests
- Fuzz testing (7M+ executions, 0 crashes)
- SSH hardening, AppArmor/seccomp profiles, operational runbooks

All 27 Phase 1 tasks complete. Ready for production deployment.
2025-10-20 15:13:37 +00:00
rcourtman
b640347a78 fix: improve discovery performance and reliability
Discovery Fixes:
- Always update cache even when scan finds no servers (prevents stale data)
- Remove automatic re-add of deleted nodes to discovery (was causing confusion)
- Optimize Docker subnet scanning from 762 IPs to 254 IPs (3x faster)
- Add getHostSubnetFromGateway() to detect host network from container

Frontend Type Fixes:
- Fix ThresholdsTable editScope type errors
- Fix SnapshotAlertConfig index signature
- Remove unused variable in Settings.tsx

These changes make discovery faster, more reliable, and fix the issue where
deleted nodes would persist in the discovery cache or immediately reappear.
2025-10-18 22:59:40 +00:00
Pulse Automation Bot
cfdfe896be Adjust backup and snapshot alert handling 2025-10-18 20:11:01 +00:00
Pulse Automation Bot
80b9d0602a Add Apprise notification integration (#570) 2025-10-18 16:39:39 +00:00
Pulse Automation Bot
0b4e4f9c59 Add configurable backup polling interval 2025-10-18 13:06:41 +00:00
Richard Courtman
d79b8e8883 feat: display temperature min/max range in tooltip and remove unused NodeCard
- Add instant-display tooltip on temperature column showing min-max range
- Color-code min/max temperatures individually (green/yellow/red)
- Remove unused NodeCard.tsx component from codebase
- Keep table row height consistent by using tooltip instead of inline display

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-18 08:57:10 +00:00
Richard Courtman
97b9c6739c feat: add min/max temperature tracking for nodes
Track minimum and maximum CPU temperatures since monitoring started.
This provides better insight into temperature trends and cooling
adequacy over time.

Changes:
- Backend: Add CPUMin, CPUMaxRecord, MinRecorded, MaxRecorded fields
  to Temperature model
- Backend: Implement min/max tracking logic in monitoring cycle that
  preserves values across polling cycles
- Backend: Initialize min/max on first reading, update on extremes
- Frontend: Update Temperature TypeScript interface with new fields
- Frontend: Display min/max range in NodeCard tooltip (e.g., "52°C
  (48-67°C since monitoring started)")
- Frontend: Rebuild dist assets

Temperature display now shows:
- Current temperature with color coding (green/yellow/red)
- Tooltip with full min-max range and context
- Min/max tracked in-memory (resets on Pulse restart)

Example tooltip: "CPU: 52°C (48-67°C since monitoring started)"

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-18 08:15:10 +00:00
Richard Courtman
669d7dc05c feat: add turnkey temperature monitoring for standalone nodes
Implements automatic temperature monitoring setup for standalone
Proxmox/Pimox nodes without manual SSH key configuration.

Changes:
- Add /api/system/proxy-public-key endpoint to expose proxy's SSH public key
- Setup script now detects standalone nodes (non-cluster)
- Auto-fetches and installs proxy SSH key with forced commands
- Add Raspberry Pi temperature support via cpu_thermal and /sys/class/thermal
- Enhance setup script with better error handling for lm-sensors installation
- Add RPi detection to skip lm-sensors and use native thermal interface

Security:
- Public key endpoint is safe (public keys are meant to be public)
- All installed keys use forced command="sensors -j" with full restrictions
- No shell access, port forwarding, or other SSH features enabled
2025-10-17 22:15:50 +00:00
Pulse Automation
5d9757ac2d temp: add dist for build 2025-10-17 22:13:44 +00:00
rcourtman
123e0f04ca feat: add comprehensive node cleanup system
Implements automated cleanup workflow when nodes are deleted from Pulse, removing all monitoring footprint from the host. Changes include a new RPC handler in the sensor proxy for cleanup requests, enhanced node deletion modal with detailed cleanup explanations, and improved SSH key management with proper tagging for atomic updates.
2025-10-17 18:53:45 +00:00
rcourtman
f141f7db33 feat: enhance sensor proxy with improved cluster discovery and SSH management
Improvements to pulse-sensor-proxy:
- Fix cluster discovery to use pvecm status for IP addresses instead of node names
- Add standalone node support for non-clustered Proxmox hosts
- Enhanced SSH key push with detailed logging, success/failure tracking, and error reporting
- Add --pulse-server flag to installer for custom Pulse URLs
- Configure www-data group membership for Proxmox IPC access

UI and API cleanup:
- Remove unused "Ensure cluster keys" button from Settings
- Remove /api/diagnostics/temperature-proxy/ensure-cluster-keys endpoint
- Remove EnsureClusterKeys method from tempproxy client

The setup script already handles SSH key distribution during initial configuration,
making the manual refresh button redundant.
2025-10-17 11:43:26 +00:00