Pulse Intelligence
July 2, 2026 · View on GitHub
Pulse Patrol is available to everyone on the Community plan with BYOK (your own AI provider). Pro adds hands-on Patrol modes, issue investigation, governed fixes, verified outcomes, and 90-day history, while hosted Cloud carries those capabilities for hosted environments. Learn more at https://pulserelay.pro or see PULSE_PRO.md.
Overview
Pulse Intelligence is built around a shared Pulse Intelligence Core: Canonical context, governed actions, safety gates, approval state, action audit, and verification shared by Pulse Assistant, Pulse MCP, and Pulse Patrol.
That core is deliberately surfaced with Patrol as the primary built-in operator and Assistant plus MCP as access paths over the same governed capabilities:
- Pulse Patrol: Patrol is the first-party operations surface: it checks infrastructure, investigates issues, follows the chosen Patrol mode before acting, verifies outcomes, and records what happened.
- Pulse Assistant: The contextual explanation, approval, and handoff surface for Patrol findings, governed actions, verification, and operator questions. Affordances: tools and interactive questions.
- Pulse MCP: The external-agent adapter that projects canonical Pulse Intelligence capabilities as MCP tools. Affordances: tools, resources, prompts, and capability metadata.
These surfaces are built on the same action-driven architecture: the configured LLM owns diagnosis, prioritization, fix reasoning, and action choice; Pulse supplies context, capabilities, safety gates, approval state, and audit trails. Verification is part of the governed action lifecycle rather than a separate model-owned feature.
Not Just Another Chatbot
Pulse Assistant is a protocol-driven, safety-gated LLM tool surface that:
- Provides governed context — attaches explicit resource mentions and recent session facts without rewriting user intent
- Caches session facts — extracts bounded tool facts to avoid redundant queries during the current conversation
- Enforces workflow invariants — FSM prevents dangerous state transitions
- Supports parallel tool execution — efficient batch operations with concurrency control
- Grounds answers in real tool work — visible tool traces, read-after-write verification, and transcript hygiene prevent unsupported execution claims from being treated as facts
- Returns structured tool errors — the model can recover from clear, machine-readable failures
📖 For a deep technical dive into the Assistant architecture, see architecture/pulse-assistant-deep-dive.md.
Not Just Another Alerting System
Pulse Patrol is a scheduled and event-triggered governed operator that:
- Assembles evidence from metrics, storage, backups, discovery, alerts, and resource timelines
- Provides statistical context such as baselines, trend summaries, capacity estimates, and event relationships
- Lets the configured LLM reason over that evidence and decide whether to call tools or report findings
- Routes governed actions through approval, entitlement, policy, verification, and audit boundaries
- Preserves operator feedback as context for future model runs without converting it into Pulse-authored fixes
All while running entirely on your infrastructure with BYOK for complete privacy.
📖 For a deep technical dive into the Patrol runtime, see architecture/pulse-patrol-deep-dive.md.
See architecture/pulse-assistant.md for the original safety architecture documentation.
Assistant And MCP
Pulse Assistant and pulse-mcp are sibling surfaces over Pulse Intelligence,
not competing implementations, and neither replaces the other. Assistant remains
the in-app Pro surface for current resource/finding/run handoffs, approval
cards, governed action status, and operator-friendly timelines. pulse-mcp
owns the external-agent bridge: it fetches /api/agent/capabilities, projects
those canonical API capabilities as MCP tools, and preserves the same stable
error envelopes and approval/audit contracts. New operational capabilities
should be added to the canonical API manifest first, then consumed by Assistant
or MCP as appropriate; MCP-only actions and Assistant-only copies of the same
business logic are drift.
Pulse Patrol
Patrol is a scheduled model workflow that builds a rich, system-wide snapshot and gives your configured LLM the tools it needs to produce actionable findings.
How Patrol Works
Scheduled/Event Trigger
│
▼
buildSeedContext() ── infrastructure evidence and policy context
│
▼
LLM analysis (with tools) ← pulse_storage, pulse_metrics, pulse_alerts, etc.
│
▼
patrol_report_finding() / patrol_resolve_finding() ── model-owned finding lifecycle calls
│
├── DetectSignals() ── deterministic evidence extraction from tool outputs
│ │
│ ▼
│ Evaluation pass ── focused LLM review of unmatched evidence
│
▼
model-reported findings ── validated, deduplicated, stored
│
▼ (if configured)
MaybeInvestigateFinding() ── model investigation + governed fix planning/execution
What Patrol Sees
Every patrol run passes the LLM comprehensive context about your environment:
| Data Category | What's Included |
|---|---|
| Proxmox Nodes | Status, CPU%, memory%, uptime, 24h/7d trend analysis |
| VMs & Containers | Full metrics, backup status, OCI images, historical trends, anomaly evidence |
| Storage Pools | Usage %, capacity estimates, type (ZFS/LVM/Ceph), growth rates |
| Docker/Podman | Container counts, health states, unhealthy container lists |
| Kubernetes | Nodes, pods, deployments, services, DaemonSets, StatefulSets, namespaces |
| TrueNAS | Pools, datasets, disk health, SMART status, replication, alerts |
| PBS/PMG | Datastore status, backup jobs, job failures, verification status |
| Ceph | Cluster health, OSD states, PG status |
| Agent Hosts | Load averages, memory, disk, RAID status, temperatures |
Model-Bound Context
Beyond raw metrics, Patrol prepares structured evidence for the model:
- Trend summaries — 24h and 7d samples showing
growing,stable,declining, orvolatilebehavior - Baseline evidence — Z-score anomaly evidence from historical metrics
- Capacity estimates — "Storage pool reaches 95% in about 12 days at current growth rate"
- Infrastructure changes — Detected config changes, VM migrations, new deployments
- Resource relationships — Related events and topology context
- User notes — Your annotations explaining expected behavior
- Dismissed findings — Respects your feedback and suppressed alerts
- Investigation context — Uses prior alert context, Patrol run history, and resource timelines
Deterministic Evidence Extraction
Patrol parses tool outputs for concrete evidence such as backup failures, storage pressure, and disk health failures. These signals are not final findings by themselves: unmatched signals are sent to a focused LLM evaluation pass, and if the model still declines to report them, Pulse does not convert them into Pulse-authored findings.
| Signal Type | Trigger | Default Threshold |
|---|---|---|
smart_failure | SMART health status not OK/PASSED, or critical SMART counters such as pending sectors, offline uncorrectable sectors, or NVMe media errors | N/A |
high_cpu | Average CPU usage | 70% |
high_memory | Average memory usage | 80% |
high_disk | Storage pool usage | 75% (warning), 95% (critical) |
backup_failed | Recent backup task with error status | Within 48h |
backup_stale | No backup completed for VM/CT | 48+ hours |
Thresholds can be configured via alert settings to match user-defined values.
Examples of What Patrol Catches
| Issue | Severity | Example |
|---|---|---|
| Disk approaching capacity | Warning/Critical | Storage growing toward full with concrete time-to-threshold evidence |
| Backup failures | Warning | PBS job failed, no backup in 48+ hours |
| Storage issues | Critical | PBS datastore errors, ZFS pool degraded |
| Ceph problems | Warning/Critical | Degraded OSDs, unhealthy PGs |
| Kubernetes issues | Warning | Pods stuck in Pending/CrashLoopBackOff |
| SMART failures | Critical | Disk health check failed, pending sectors, offline uncorrectable sectors, or NVMe media errors |
| Alert-triggered investigations | Pro / Cloud | A fired alert prompts the model to gather surrounding context and explain likely cause |
What Patrol Ignores (by design)
Patrol is intentionally conservative to avoid noise:
- Small baseline deviations ("CPU at 15% vs typical 10%")
- Low utilization that's "elevated" but fine (disk at 40%)
- Stopped VMs/containers that were intentionally stopped
- Brief spikes that resolve on their own
- Anything that doesn't require human action
- Conditions already fully covered by the normal alert lifecycle unless the model finds additional context that changes the operator decision
Philosophy: If a finding wouldn't be worth waking someone up at 3am, Patrol won't create it.
Finding Severity
- Critical: Immediate attention required (service down, data at risk)
- Warning: Should be addressed soon (disk filling, backup stale)
Note: info and watch level findings are filtered out to reduce noise.
Managing Findings
Findings can be managed via the UI or API:
- Get help: Chat with AI to troubleshoot the issue
- Resolve: Mark as fixed (finding will reappear if the issue resurfaces)
- Dismiss: Mark as expected behavior (creates suppression rule)
Dismissed and resolved findings persist across Pulse restarts.
Patrol Modes
Patrol supports four modes that decide how far Pulse can go after it finds an issue:
| Mode | Behavior | Plan |
|---|---|---|
| Watch only | Detect issues only. No investigation or fixes. | Community (BYOK) |
| Ask before changes | Investigates findings and proposes fixes. All fixes require approval before execution. | Pro / hosted Cloud |
| Auto-fix safe issues | Runs warning-level governed fixes automatically and verifies results. Critical findings still require approval by default. | Pro / hosted Cloud |
| Policy autopilot | Runs eligible governed fixes automatically and verifies results. Use only in environments where this is acceptable. | Pro / hosted Cloud |
Community and Relay installs can still run scheduled Patrol findings with BYOK. Watch only remains the free-first baseline; investigation, proposed fixes, and fix execution are paid AI-operations capabilities rather than a core monitoring limit.
Investigation Flow
When a finding is created in a Pro Patrol mode:
Finding created
│
▼
MaybeInvestigateFinding()
│
├─ Has orch + chatService?
│ │
│ ▼
│ InvestigateFinding()
│ │
│ ▼
│ Create chat session
│ │
│ ▼
│ AI analysis (with tools)
│ │
│ ▼
│ [Fix proposed?] ──Yes──► Queue approval (or auto-execute in full mode)
│ │
│ No
│ ▼
│ Update finding with outcome
│
└─ Skip investigation
Investigation Configuration
| Setting | Default | Description |
|---|---|---|
MaxTurns | 15 | Maximum agentic turns per investigation |
Timeout | 10 min | Maximum duration per investigation |
MaxConcurrent | 3 | Maximum concurrent investigations |
MaxAttemptsPerFinding | 3 | Maximum investigation attempts per finding |
CooldownDuration | 1 hour | Cooldown before re-investigating |
TimeoutCooldownDuration | 10 min | Shorter cooldown for timeout failures |
VerificationDelay | 30 sec | Wait before verifying fix |
Investigation Outcomes
| Outcome | Meaning |
|---|---|
resolved | Issue resolved during investigation |
fix_queued | Fix proposed, awaiting approval |
fix_executed | Fix auto-executed successfully |
fix_failed | Fix attempted but failed |
fix_verified | Fix worked, issue confirmed resolved |
fix_verification_failed | Fix ran but issue persists |
needs_attention | Requires human intervention |
cannot_fix | Issue cannot be automatically fixed |
timed_out | Investigation timed out (will retry sooner) |
Pulse Assistant (Chat)
Pulse Assistant is a tool-driven chat interface. It does not "guess" system state — it calls live tools and reports their outputs.
The Model's Workflow (Discover → Investigate → Act)
- Discover: Uses
pulse_queryorpulse_discoveryto find real resources and IDs - Investigate: Uses
pulse_readto run bounded, read-only commands and check status/logs - Act (optional): Uses
pulse_controlfor changes, then verifies with a read
Tool Inventory
The Assistant tool list is registry-owned at runtime, not hand-maintained in
this public overview. Each turn receives an available-tool manifest generated
from Pulse's governed tool registry, including action mode (read, mixed,
write) and approval policy (scope_only, action_plan). That same registry
feeds the Assistant system prompt, provider tool declarations, tool-result
handling, approval boundaries, and Patrol-only tool filtering.
For the current source-owned inventory, see the native tool registry and
governance projection in internal/ai/tools/ and
internal/agentcapabilities/. For external agents, use the live
/api/agent/capabilities manifest or pulse-mcp tools/list; those surfaces
project the canonical agent capabilities rather than a separate MCP-only tool
table.
The same manifest also carries reusable workflowPrompts metadata so Pulse
Assistant-compatible starters and MCP prompts/list clients discover the same
fleet triage, resource investigation, and Patrol finding review workflows.
Safety Gates
The assistant enforces multiple safety gates:
- Discovery Before Action — Action tools cannot operate on resources that weren't first discovered
- Verification After Write — After any write, the model must perform a read/status check before providing a final answer
- Read/Write Separation — Read operations route through
pulse_read(stays in READING state); write operations route throughpulse_control(enters VERIFYING state) - Grounded Execution Guardrails — Visible tool traces and read-after-write checks prevent unsupported execution claims from being treated as facts
- Approval Mode — In Controlled mode, every write requires explicit user approval
- Execution Context Binding — Commands execute within the resolved resource's context, not on parent hosts
Control Levels
| Level | Behavior | Plan |
|---|---|---|
| Read-only | AI can observe and query data only | Community |
| Controlled | AI asks for approval before executing commands | Community |
| Autonomous | AI executes actions without prompting | Pro / hosted Cloud |
Using Approvals (Controlled Mode)
When control level is Controlled, write actions pause for approval:
- Tool returns
APPROVAL_REQUIRED: { approval_id, command, ... } - Agentic loop emits
approval_neededSSE event - UI shows approval card with the proposed command
- Approve to execute and verify, or Deny to cancel
- Only users with admin privileges can approve/deny
Configuration
Configure providers in the UI: Settings → Pulse Intelligence → Provider & Models
Supported Providers
- Anthropic (API key)
- OpenAI
- OpenRouter
- DeepSeek
- Google Gemini
- Ollama (self-hosted, with tool/function calling support)
- OpenAI-compatible base URL (for providers that implement the OpenAI API shape)
Legacy Anthropic OAuth fields may still appear in stored settings so existing installs can disconnect and clear old tokens, but Anthropic OAuth is not a supported runtime authentication method and does not make Anthropic configured.
Models
Pulse uses model identifiers in the form: provider:model-name
You can set separate models for:
- Chat (
chat_model) - Patrol (
patrol_model) - Patrol fix model (
auto_fix_model, retained as the compatibility settings key)
Storage
AI settings are stored encrypted at rest in ai.enc under the Pulse config directory. Related files:
| File | Purpose |
|---|---|
ai.enc | Encrypted AI configuration and credentials |
ai_findings.json | Patrol findings |
ai_patrol_runs.json | Patrol run history |
ai_usage_history.json | Token usage data |
ai_chat_sessions.json | Legacy chat sessions (UI sync) |
baselines.json | Learned resource baselines |
ai_correlations.json | Resource correlation data |
ai_patterns.json | Detected patterns |
Config directory: /etc/pulse (systemd) or /data (Docker/Kubernetes)
Testing
- Test provider connectivity:
POST /api/ai/testandPOST /api/ai/test/{provider} - List available models:
GET /api/ai/models
Schedule and Triggers
Patrol runs on a configurable schedule:
| Interval | Description |
|---|---|
| Disabled | Patrol runs only when manually triggered |
| 10 min – 7 days | Configurable interval (default: 6 hours) |
Patrol can also be triggered by:
- Manual run: Click "Run Patrol" in the UI
- Alert-triggered analysis (Pro and above): Runs when an alert fires
- API call:
POST /api/ai/patrol/run
Model Context Layer
Pulse includes a model-context layer that aggregates evidence from AI runtime subsystems:
Components
| Component | Purpose |
|---|---|
| Baseline Store | Maintains statistical metric summaries and anomaly evidence |
| Pattern Store | Records recurring event evidence and trend context |
| Correlation Store | Links related events and resource relationships for model context |
| Investigation Context | Uses alert history, Patrol runs, and resource timelines |
| Knowledge Store | Persists user annotations and model-safe context |
| Forecast Service | Estimates capacity trajectories from historical samples |
Health Scoring
The Patrol UI can show an operational score (A-F) based on active findings, Patrol coverage, runtime errors, and structured evidence. This score is a presentation aid, not a replacement for model diagnosis.
Model Matrix (Pulse Assistant)
This table summarizes the most recent Pulse Assistant eval runs per model.
Update the table from eval reports:
EVAL_REPORT_DIR=tmp/eval-reports go run ./cmd/eval -scenario matrix -auto-models
python3 scripts/eval/render_model_matrix.py tmp/eval-reports --write-doc docs/AI.md
Or use the helper script:
scripts/eval/run_model_matrix.sh
Run the resource-context Assistant handoff eval against a live resource:
EVAL_RESOURCE_CONTEXT_ID=delly:delly:101 \
EVAL_RESOURCE_CONTEXT_NAME=homeassistant \
EVAL_RESOURCE_CONTEXT_TYPE=system-container \
EVAL_RESOURCE_CONTEXT_NODE=delly \
EVAL_RESOURCE_CONTEXT_FORBIDDEN="/mnt/pve/finance-db,/var/lib/homeassistant,literal-provider-token-123" \
go run ./cmd/eval -scenario resource-context -url http://127.0.0.1:7655 -user admin -pass "$PULSE_EVAL_PASS"
| Model | Smoke | Read-only | Time (matrix) | Tokens (matrix) | Last run (UTC) |
|---|---|---|---|---|---|
| anthropic:claude-3-haiku-20240307 | ✅ | ❌ | 2m 42s | — | 2026-01-29 |
| anthropic:claude-haiku-4-5-20251001 | ✅ | ✅ | 8s | 18,923 | 2026-01-29 |
| anthropic:claude-opus-4-5-20251101 | ✅ | ✅ | 9m 31s | 1,120,530 | 2026-01-29 |
| gemini:gemini-3-flash-preview | ✅ | ✅ | 7m 4s | — | 2026-01-29 |
| gemini:gemini-3-pro-preview | ✅ | ✅ | 3m 54s | 1,914 | 2026-01-29 |
| openai:gpt-5.2 | ✅ | ✅ | 5s | 12,363 | 2026-01-29 |
| openai:gpt-5.2-chat-latest | ✅ | ✅ | 8s | 12,595 | 2026-01-29 |
Safety Controls
Pulse includes settings that control how "active" AI features are:
- Patrol modes (Pro and above): Lets you choose whether Patrol only watches, asks before changes, handles safe fixes, or uses policy autopilot
- Governed fixes (Pro and above): Allows Patrol to propose, approve, run, verify, and record fixes under the Patrol mode you choose
- Issue investigation (Pro and above): Lets Patrol investigate findings with surrounding infrastructure context
- Policy autopilot unlock (Pro and above): Permits eligible critical fixes without per-fix approval after an explicit opt-in
If you enable execution features, ensure agent tokens and scopes are appropriately restricted.
Advanced Network Restrictions
Pulse blocks AI tool HTTP fetches to loopback and link-local addresses by default. For local development:
PULSE_AI_ALLOW_LOOPBACK=true
Use this only in trusted environments.
Privacy
Patrol runs on your server and only sends the minimal context needed for analysis to the configured provider (when AI is enabled). Outbound usage telemetry (a rotating pseudonymous install ID, counts, feature flags, and coarse Patrol mode and governed Pulse Intelligence operations adoption flags and counters only; no hostnames, credentials, prompts, chat messages, command text, action output, token values, IP addresses, or resource identifiers in the payload) is enabled by default and can be disabled any time. See Privacy for details.
Why Patrol Is Different From Traditional Alerts
Alerts are threshold-based and narrow. Patrol gives the selected model a broader, tool-backed operating picture.
- Alerts: "Disk > 90%"
- Patrol: "The model sees ZFS pool usage, growth rate, datastore consumers, backup context, and governed actions, then decides whether that evidence warrants a finding or action recommendation."
Cost Tracking
Pulse tracks token usage and costs:
- View usage summary:
GET /api/ai/cost/summary - Reset counters:
POST /api/ai/cost/reset(admin) - Set monthly budget limits in AI settings
Troubleshooting
| Issue | Solution |
|---|---|
| Assistant or Patrol not responding | Verify provider credentials in Settings → Pulse Intelligence → Provider & Models |
| No execution capability | Confirm at least one agent is connected |
| Findings not persisting | Check Pulse has write access to ai_findings.json in the config directory |
| Too many findings | This shouldn't happen — please report if it does |
| Investigation stuck | Check circuit breaker status at /api/ai/circuit/status; may auto-reset after cooldown |
| Model not available | Ensure provider API key is valid and model ID matches provider format |
Related Documentation
Deep Dives (Recommended for Technical Audiences)
- Pulse Assistant Deep Dive — Complete technical breakdown of the model-owned tool surface: explicit context, session fact caching, FSM enforcement, parallel execution, grounded execution guardrails, structured errors
- Pulse Patrol Deep Dive — Patrol runtime documentation: evidence assembly, deterministic signal extraction, model evaluation, investigation context, investigation orchestration
Reference Documentation
- Architecture: Pulse Assistant (Safety Gates) — Detailed FSM states, tool protocol, and invariants
- API Reference — Complete API endpoint documentation
- Plans and entitlements — Community/Relay/Pro/Cloud features and licensing