Add migration to update users table schema

Changes:
- Add display_name, email, and groups columns to existing users table
- Handle MariaDB lack of IF NOT EXISTS in ALTER TABLE
- Gracefully skip columns that already exist
- Fixes 500 error when authenticating users

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

.gitignore

@@ -30,6 +30,3 @@ Thumbs.db
 *.swp
 *.swo
 *~
-
-# Claude
-Claude.md

README.md

@@ -1,375 +1,240 @@
 # PULSE - Pipelined Unified Logic & Server Engine
 
-A distributed workflow orchestration platform for managing and executing complex multi-step operations across server clusters through a retro terminal-themed web interface.
+A distributed workflow orchestration platform for managing and executing complex multi-step operations across server clusters through an intuitive web interface.
 
 ## Overview
 
-PULSE is a centralized workflow execution system designed to orchestrate operations across distributed infrastructure. It provides a powerful web-based interface with a vintage CRT terminal aesthetic for defining, managing, and executing workflows that can span multiple servers, require human interaction, and perform complex automation tasks at scale.
+PULSE is a centralized workflow execution system designed to orchestrate operations across distributed infrastructure. It provides a powerful web-based interface for defining, managing, and executing workflows that can span multiple servers, require human interaction, and perform complex automation tasks at scale.
 
 ### Key Features
 
-- **🎨 Retro Terminal Interface**: Phosphor green CRT-style interface with scanlines, glow effects, and ASCII art
+- **Interactive Workflow Management**: Define and execute multi-step workflows with conditional logic, user prompts, and decision points
-- **⚡ Quick Command Execution**: Instantly execute commands on any worker with built-in templates and command history
+- **Distributed Execution**: Run commands and scripts across multiple worker nodes simultaneously
-- **📊 Real-Time Worker Monitoring**: Live system metrics including CPU, memory, load average, and active tasks
+- **High Availability Architecture**: Deploy redundant worker nodes in LXC containers with Ceph storage for fault tolerance
-- **🔄 Interactive Workflow Management**: Define and execute multi-step workflows with conditional logic and user prompts
+- **Web-Based Control Center**: Intuitive interface for workflow selection, monitoring, and interactive input
-- **🌐 Distributed Execution**: Run commands across multiple worker nodes simultaneously via WebSocket
+- **Flexible Worker Pool**: Scale horizontally by adding worker nodes as needed
-- **📈 Execution Tracking**: Comprehensive logging with formatted output, re-run capabilities, and JSON export
+- **Real-Time Monitoring**: Track workflow progress, view logs, and receive notifications
-- **🔐 SSO Authentication**: Seamless integration with Authelia for enterprise authentication
-- **🧹 Auto-Cleanup**: Automatic removal of old executions with configurable retention policies
-- **🔔 Terminal Notifications**: Audio beeps and visual toasts for command completion events
 
 ## Architecture
 
 PULSE consists of two core components:
 
 ### PULSE Server
-**Location:** `10.10.10.65` (LXC Container ID: 122)
-**Directory:** `/opt/pulse-server`
-
 The central orchestration hub that:
-- Hosts the retro terminal web interface
+- Hosts the web interface for workflow management
 - Manages workflow definitions and execution state
-- Coordinates task distribution to worker nodes via WebSocket
+- Coordinates task distribution to worker nodes
-- Handles user interactions through Authelia SSO
+- Handles user interactions and input collection
 - Provides real-time status updates and logging
-- Stores all data in MariaDB database
-
-**Technology Stack:**
-- Node.js 20.x
-- Express.js (web framework)
-- WebSocket (ws package) for real-time bidirectional communication
-- MySQL2 (MariaDB driver)
-- Authelia SSO integration
 
 ### PULSE Worker
-**Example:** `10.10.10.151` (LXC Container ID: 153, hostname: pulse-worker-01)
-**Directory:** `/opt/pulse-worker`
-
 Lightweight execution agents that:
-- Connect to PULSE server via WebSocket with heartbeat monitoring
+- Connect to the PULSE server and await task assignments
-- Execute shell commands and report results in real-time
+- Execute commands, scripts, and code on target infrastructure
-- Provide system metrics (CPU, memory, load, uptime)
+- Report execution status and results back to the server
-- Support concurrent task execution with configurable limits
+- Support multiple concurrent workflow executions
-- Automatically reconnect on connection loss
+- Automatically reconnect and resume on failure
-
-**Technology Stack:**
-- Node.js 20.x
-- WebSocket client
-- Child process execution
-- System metrics collection
-
 ```
-┌─────────────────────────────────┐
+┌─────────────────────┐
-│   PULSE Server (10.10.10.65)   │
+│   PULSE Server      │
-│   Terminal Web Interface + API  │
+│   (Web Interface)   │
-│   ┌───────────┐ ┌──────────┐   │
+└──────────┬──────────┘
-│   │ MariaDB   │ │ Authelia │   │
+           │
-│   │ Database  │ │   SSO    │   │
+    ┌──────┴───────┬──────────────┬──────────────┐
-│   └───────────┘ └──────────┘   │
+    │              │              │              │
-└────────────┬────────────────────┘
+┌───▼────┐    ┌───▼────┐    ┌───▼────┐    ┌───▼────┐
-             │ WebSocket
+│ Worker │    │ Worker │    │ Worker │    │ Worker │
-    ┌────────┴────────┬───────────┐
+│ Node 1 │    │ Node 2 │    │ Node 3 │    │ Node N │
-    │                 │           │
+└────────┘    └────────┘    └────────┘    └────────┘
-┌───▼────────┐   ┌───▼────┐  ┌──▼─────┐
+     LXC Containers in Proxmox with Ceph
-│ Worker 1   │   │Worker 2│  │Worker N│
-│10.10.10.151│   │  ...   │  │  ...   │
-└────────────┘   └────────┘  └────────┘
- LXC Containers in Proxmox with Ceph
 ```
 
-## Installation
+## Deployment
 
 ### Prerequisites
 
-- **Node.js 20.x** or higher
+- **Proxmox VE Cluster**: Hypervisor environment for container deployment
-- **MariaDB 10.x** or higher
+- **Ceph Storage**: Distributed storage backend for high availability
-- **Authelia** configured for SSO (optional but recommended)
+- **LXC Support**: Container runtime for worker node deployment
-- **Network Connectivity** between server and workers
+- **Network Connectivity**: Communication between server and workers
 
-### PULSE Server Setup
+### Installation
 
+#### PULSE Server
 ```bash
-# Clone repository
+# Clone the repository
-cd /opt
+git clone https://github.com/yourusername/pulse.git
-git clone <your-repo-url> pulse-server
+cd pulse
-cd pulse-server
 
 # Install dependencies
-npm install
+npm install  # or pip install -r requirements.txt
 
-# Create .env file with configuration
+# Configure server settings
-cat > .env << EOF
+cp config.example.yml config.yml
-# Server Configuration
+nano config.yml
-PORT=8080
-SECRET_KEY=your-secret-key-here
 
-# MariaDB Configuration
+# Start the PULSE server
-DB_HOST=10.10.10.50
+npm start  # or python server.py
-DB_PORT=3306
-DB_NAME=pulse
-DB_USER=pulse_user
-DB_PASSWORD=your-db-password
-
-# Worker API Key (for worker authentication)
-WORKER_API_KEY=your-worker-api-key
-
-# Auto-cleanup configuration (optional)
-EXECUTION_RETENTION_DAYS=30
-EOF
-
-# Create systemd service
-cat > /etc/systemd/system/pulse.service << EOF
-[Unit]
-Description=PULSE Workflow Orchestration Server
-After=network.target
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/pulse-server
-ExecStart=/usr/bin/node server.js
-Restart=always
-RestartSec=10
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-# Start service
-systemctl daemon-reload
-systemctl enable pulse.service
-systemctl start pulse.service
 ```
 
-### PULSE Worker Setup
+#### PULSE Worker
-
 ```bash
-# On each worker node
+# On each worker node (LXC container)
-cd /opt
-git clone <your-repo-url> pulse-worker
 cd pulse-worker
 
 # Install dependencies
-npm install
+npm install  # or pip install -r requirements.txt
 
-# Create .env file
+# Configure worker connection
-cat > .env << EOF
+cp worker-config.example.yml worker-config.yml
-# Worker Configuration
+nano worker-config.yml
-WORKER_NAME=pulse-worker-01
-PULSE_SERVER=http://10.10.10.65:8080
-PULSE_WS=ws://10.10.10.65:8080
-WORKER_API_KEY=your-worker-api-key
 
-# Performance Settings
+# Start the worker daemon
-HEARTBEAT_INTERVAL=30
+npm start  # or python worker.py
-MAX_CONCURRENT_TASKS=5
+```
-EOF
 
-# Create systemd service
+### High Availability Setup
-cat > /etc/systemd/system/pulse-worker.service << EOF
-[Unit]
-Description=PULSE Worker Node
-After=network.target
 
-[Service]
+Deploy multiple worker nodes across Proxmox hosts:
-Type=simple
+```bash
-User=root
+# Create LXC template
-WorkingDirectory=/opt/pulse-worker
+pct create 1000 local:vztmpl/ubuntu-22.04-standard_amd64.tar.zst \
-ExecStart=/usr/bin/node worker.js
+  --rootfs ceph-pool:8 \
-Restart=always
+  --memory 2048 \
-RestartSec=10
+  --cores 2 \
+  --net0 name=eth0,bridge=vmbr0,ip=dhcp
 
-[Install]
+# Clone for additional workers
-WantedBy=multi-user.target
+pct clone 1000 1001 --full --storage ceph-pool
-EOF
+pct clone 1000 1002 --full --storage ceph-pool
+pct clone 1000 1003 --full --storage ceph-pool
 
-# Start service
+# Start all workers
-systemctl daemon-reload
+for i in {1000..1003}; do pct start $i; done
-systemctl enable pulse-worker.service
-systemctl start pulse-worker.service
 ```
 
 ## Usage
 
-### Quick Command Execution
+### Creating a Workflow
 
-1. Access PULSE at `http://your-server:8080`
+1. Access the PULSE web interface at `http://your-server:8080`
-2. Navigate to **⚡ Quick Command** tab
+2. Navigate to **Workflows** → **Create New**
-3. Select a worker from the dropdown
+3. Define workflow steps using the visual editor or YAML syntax
-4. Use **Templates** for pre-built commands or **History** for recent commands
+4. Specify execution targets (specific nodes, groups, or all workers)
-5. Enter your command and click **Execute**
+5. Add interactive prompts where user input is required
-6. View results in the **Executions** tab
+6. Save and activate the workflow
 
-**Built-in Command Templates:**
+### Example Workflow
-- System Info: `uname -a`
+```yaml
-- Disk Usage: `df -h`
+name: "System Update and Reboot"
-- Memory Usage: `free -h`
+description: "Update all servers in the cluster with user confirmation"
-- CPU Info: `lscpu`
+steps:
-- Running Processes: `ps aux --sort=-%mem | head -20`
+  - name: "Check Current Versions"
-- Network Interfaces: `ip addr show`
+    type: "execute"
-- Docker Containers: `docker ps -a`
+    targets: ["all"]
-- System Logs: `tail -n 50 /var/log/syslog`
+    command: "apt list --upgradable"
     
-### Worker Monitoring
+  - name: "User Approval"
+    type: "prompt"
+    message: "Review available updates. Proceed with installation?"
+    options: ["Yes", "No", "Cancel"]
     
-The **Workers** tab displays real-time metrics for each worker:
+  - name: "Install Updates"
-- System information (OS, architecture, CPU cores)
+    type: "execute"
-- Memory usage (used/total with percentage)
+    targets: ["all"]
-- Load averages (1m, 5m, 15m)
+    command: "apt-get update && apt-get upgrade -y"
-- System uptime
+    condition: "prompt_response == 'Yes'"
-- Active tasks vs. maximum concurrent capacity
     
-### Execution Management
+  - name: "Reboot Confirmation"
+    type: "prompt"
+    message: "Updates complete. Reboot all servers?"
+    options: ["Yes", "No"]
     
-- **View Details**: Click any execution to see formatted logs with timestamps, status, and output
+  - name: "Rolling Reboot"
-- **Re-run Command**: Click "Re-run" button in execution details to repeat a command
+    type: "execute"
-- **Download Logs**: Export execution data as JSON for auditing
+    targets: ["all"]
-- **Clear Completed**: Bulk delete finished executions
+    command: "reboot"
-- **Auto-Cleanup**: Executions older than 30 days are automatically removed
+    strategy: "rolling"
+    condition: "prompt_response == 'Yes'"
+```
 
-### Workflow Creation (Future Feature)
+### Running a Workflow
 
-1. Navigate to **Workflows** → **Create New**
+1. Select a workflow from the dashboard
-2. Define workflow steps using JSON syntax
+2. Click **Execute**
-3. Specify target workers
+3. Monitor progress in real-time
-4. Add interactive prompts where needed
+4. Respond to interactive prompts as they appear
-5. Save and execute
+5. View detailed logs for each execution step
-
-## Features in Detail
-
-### Terminal Aesthetic
-- Phosphor green (#00ff41) on black (#0a0a0a) color scheme
-- CRT scanline animation effect
-- Text glow and shadow effects
-- ASCII box-drawing characters for borders
-- Boot sequence animation on first load
-- Hover effects with smooth transitions
-
-### Real-Time Communication
-- WebSocket-based bidirectional communication
-- Instant command result notifications
-- Live worker status updates
-- Terminal beep sounds for events
-- Toast notifications with visual feedback
-
-### Execution Tracking
-- Formatted log display (not raw JSON)
-- Color-coded success/failure indicators
-- Timestamp and duration for each step
-- Scrollable output with syntax highlighting
-- Persistent history with pagination
-- Load More button for large execution lists
-
-### Security
-- Authelia SSO integration for user authentication
-- API key authentication for workers
-- User session management
-- Admin-only operations (worker deletion, workflow management)
-- Audit logging for all executions
-
-### Performance
-- Automatic cleanup of old executions (configurable retention)
-- Pagination for large execution lists (50 at a time)
-- Efficient WebSocket connection pooling
-- Worker heartbeat monitoring
-- Database connection pooling
 
 ## Configuration
 
-### Environment Variables
+### Server Configuration (`config.yml`)
+```yaml
+server:
+  host: "0.0.0.0"
+  port: 8080
+  secret_key: "your-secret-key"
 
-**Server (.env):**
+database:
-```bash
+  type: "postgresql"
-PORT=8080                           # Server port
+  host: "localhost"
-SECRET_KEY=<random-string>          # Session secret
+  port: 5432
-DB_HOST=10.10.10.50                # MariaDB host
+  name: "pulse"
-DB_PORT=3306                        # MariaDB port
+
-DB_NAME=pulse                       # Database name
+workers:
-DB_USER=pulse_user                  # Database user
+  heartbeat_interval: 30
-DB_PASSWORD=<password>              # Database password
+  timeout: 300
-WORKER_API_KEY=<api-key>           # Worker authentication key
+  max_concurrent_tasks: 10
-EXECUTION_RETENTION_DAYS=30         # Auto-cleanup retention (default: 30)
+
+security:
+  enable_authentication: true
+  require_approval: true
 ```
 
-**Worker (.env):**
+### Worker Configuration (`worker-config.yml`)
-```bash
+```yaml
-WORKER_NAME=pulse-worker-01         # Unique worker name
+worker:
-PULSE_SERVER=http://10.10.10.65:8080   # Server HTTP URL
+  name: "worker-01"
-PULSE_WS=ws://10.10.10.65:8080          # Server WebSocket URL
+  server_url: "http://pulse-server:8080"
-WORKER_API_KEY=<api-key>            # Must match server key
+  api_key: "worker-api-key"
-HEARTBEAT_INTERVAL=30               # Heartbeat seconds (default: 30)
+  
-MAX_CONCURRENT_TASKS=5              # Max parallel tasks (default: 5)
+resources:
+  max_cpu_percent: 80
+  max_memory_mb: 1024
+  
+executor:
+  shell: "/bin/bash"
+  working_directory: "/tmp/pulse"
+  timeout: 3600
 ```
 
-## Database Schema
+## Features in Detail
 
-PULSE uses MariaDB with the following tables:
+### Interactive Workflows
+- Pause execution to collect user input via web forms
+- Display intermediate results for review
+- Conditional branching based on user decisions
+- Multi-choice prompts with validation
 
-- **users**: User accounts from Authelia SSO
+### Mass Execution
-- **workers**: Worker node registry with metadata
+- Run commands across all workers simultaneously
-- **workflows**: Workflow definitions (JSON)
+- Target specific node groups or individual servers
-- **executions**: Execution history with logs
+- Rolling execution for zero-downtime updates
+- Parallel and sequential execution strategies
 
-See [Claude.md](Claude.md) for complete schema details.
+### Monitoring & Logging
+- Real-time workflow execution dashboard
+- Detailed per-step logging and output capture
+- Historical execution records and analytics
+- Alert notifications for failures or completion
 
-## Troubleshooting
+### Security
+- Role-based access control (RBAC)
+- API key authentication for workers
+- Workflow approval requirements
+- Audit logging for all actions
 
-### Worker Not Connecting
-```bash
-# Check worker service status
-systemctl status pulse-worker
-
-# Check worker logs
-journalctl -u pulse-worker -n 50 -f
-
-# Verify API key matches server
-grep WORKER_API_KEY /opt/pulse-worker/.env
-```
-
-### Commands Stuck in "Running"
-- This was fixed in recent updates - restart the server:
-```bash
-systemctl restart pulse.service
-```
-
-### Clear All Executions
-Use the database directly if needed:
-```bash
-mysql -h 10.10.10.50 -u pulse_user -p pulse
-> DELETE FROM executions WHERE status IN ('completed', 'failed');
-```
-
-## Development
-
-### Recent Updates
-
-**Phase 1-6 Improvements:**
-- Formatted log display with color-coding
-- Worker system metrics monitoring
-- Command templates and history
-- Re-run and download execution features
-- Auto-cleanup and pagination
-- Terminal aesthetic refinements
-- Audio notifications and visual toasts
-
-See git history for detailed changelog.
-
-### Future Enhancements
-- Full workflow system implementation
-- Multi-worker command execution
-- Scheduled/cron job support
-- Execution search and filtering
-- Dark/light theme toggle
-- Mobile-responsive design
-- REST API documentation
-- Webhook integrations
-
-## License
-
-MIT License - See LICENSE file for details
 
 ---
 
-**PULSE** - Orchestrating your infrastructure, one heartbeat at a time. ⚡
+**PULSE** - Orchestrating your infrastructure, one heartbeat at a time.
-
-Built with retro terminal aesthetics 🖥️ | Powered by WebSockets 🔌 | Secured by Authelia 🔐