OCTALUM-PULSE

Cross-distro Linux maintenance CLI — update, audit, rollback, repeat.

Pulse keeps Linux fleets healthy across distros — update, audit, rollback, repeat — with the same dry-run-first discipline an SRE applies to production.

_{DRAWING NO. 03.00 · REV. 2026.05 · SHEET 03 OF 05}

The problem · Install · Quickstart · Distro support · How it works · Comparison · FAQ · Documentation · Roadmap

The problem

Linux maintenance is the same chore on every box and a different command on every distro. apt, dnf, pacman, zypper, apk each have their own flags, log formats, and failure modes. Audit, cleanup, and rollback split across distro-specific scripts that drift over time. Pulse gives one binary, one command set, dry-run by default, and an audit trail you can roll back.

Install

curl -fsSL https://raw.githubusercontent.com/Harery/OCTALUM-PULSE/main/scripts/install.sh | sh

Quickstart

pulse doctor                       # detect distro, package manager, init system, kernel
pulse update --smart --dry-run     # preview upgrades without touching the system
pulse security audit               # CVE scan against installed packages

What you get

A single static Go binary (pulse) plus an optional agent daemon (pulse-agent) for fleet mode.

$ pulse doctor
OS: linux | Distro: ubuntu 24.04 | PM: apt | Init: systemd | Arch: amd64 | Kernel: 6.8.0
ok  package manager reachable
ok  state DB writable (~/.local/state/pulse/state.db)
ok  plugins loaded: packages, security, compliance, performance, observability

Releases ship for linux/amd64 and linux/arm64 via goreleaser, plus .deb, .rpm, .apk, a Helm chart (helm/), Kubernetes manifests (k8s/), Docker images (docker/), Ansible role (ansible/), and a Terraform provider scaffold (contrib/).

Distro support

Verified against internal/platform/detect.go. Rows mark distros where the package-manager backend is wired and tested.

Distro	update	cleanup	security audit	optimization	rollback
Ubuntu	yes	yes	yes	yes	yes
Debian	yes	yes	yes	yes	yes
Fedora	yes	yes	yes	yes	yes
RHEL / CentOS	yes	yes	yes	yes	yes
Rocky / AlmaLinux	yes	yes	yes	yes	yes
Arch / Manjaro	yes	yes	yes	yes	partial
openSUSE (Leap / Tumbleweed)	yes	yes	yes	yes	yes
Alpine	yes	yes	partial	yes	partial
NixOS	partial	no	partial	no	partial

Pop!_OS, Linux Mint, and EndeavourOS inherit their parent distro's backend through the ID_LIKE fallback in detect.go.

How it works

flowchart LR
    user([sysadmin / SRE]) -->|pulse cmd| cli[pulse CLI]
    cli --> detect[platform.Detect]
    cli --> plugins{plugin registry}
    plugins --> pkg[packages]
    plugins --> sec[security]
    plugins --> comp[compliance]
    plugins --> perf[performance]
    plugins --> obs[observability]
    cli --> state[(state.db<br/>SQLite)]
    cli -.optional.-> web[web/api<br/>REST + gRPC]
    web -.fleet mode.-> agent[pulse-agent<br/>daemon]
    agent --> cli

Loading

The CLI reads /etc/os-release via platform.Detect, loads plugins from internal/plugin, executes the requested action through the matching package-manager backend, and records every transaction in a SQLite state DB so pulse rollback can replay or invert it. The optional web/api package exposes the same operations over REST and gRPC; pulse-agent runs that API on remote hosts for fleet control.

Comparison

	Pulse	topgrade	Cockpit	Ansible Roles	chezmoi / dotbot
Cross-distro single binary	yes	yes	partial	yes (controller)	yes
Dry-run first	yes	partial	no	yes (check mode)	yes
Built-in rollback / state DB	yes	no	no	manual	partial
Agent / fleet mode	yes (gRPC)	no	yes (web)	yes (push)	no
License	MIT	GPL-3.0	LGPL-2.1	GPL-3.0	MIT / Apache-2.0

FAQ

What distros does it support?

Nine families with first-class backends: Ubuntu, Debian, Fedora, RHEL, Rocky / AlmaLinux, Arch / Manjaro, openSUSE (Leap and Tumbleweed), Alpine. Derivatives (Pop!_OS, Mint, EndeavourOS) inherit through ID_LIKE. NixOS detection works; declarative actions are partial.

Is it safe to run unattended?

Yes. Every mutating command runs in dry-run by default. Pass --apply (or --yes for batch use) to commit. Mutations journal to SQLite so a failed transaction rolls back cleanly. CI runs the suite at 47.3% coverage; web/api is at 96%, pkg/client at 91%.

How is this different from topgrade?

Topgrade fans out to existing updaters and exits. Pulse owns the operation: one command surface, plugin architecture (security, compliance, performance, observability), a persistent state DB, rollback, and an agent mode. Topgrade fits one laptop; Pulse fits many machines.

How do I roll back?

pulse history          # list recorded transactions
pulse rollback <id>    # revert a specific run

Rollback uses the state DB and the package manager's own transaction log where available (dnf history, zypper rollback, btrfs snapshots when present).

Can I use it on a fleet?

Run pulse-agent on each host. The agent exposes the gRPC API defined in web/api. Drive it from a controller, the Helm chart in helm/, the Ansible role in ansible/, or the Terraform provider scaffold in contrib/.

Is there a TUI?

pulse tui opens an interactive view over the same plugin set. Use it to explore on a single host before scripting actions for a fleet.

Documentation

• Docs site: docs/
• Examples: examples/
• Plugin SDK: internal/plugin/ plus the five reference plugins under plugins/
• Roadmap: ROADMAP.md
• Changelog: CHANGELOG.md
• Security policy: SECURITY.md
• Marketing & social: MARKETING.md, SOCIAL_PREVIEW.md

Roadmap

• 2026-Q2 — NixOS first-class backend (declarative + rollback parity)
• 2026-Q2 — Signed plugin registry and supply-chain attestations (SLSA L3)
• 2026-Q3 — Web UI for pulse-agent fleets (read-only dashboard, then actions)
• 2026-Q3 — eBPF-backed observability plugin (no extra daemon)
• 2026-Q4 — OpenTelemetry exporter for every transaction
• 2027-Q1 — Stable v3 plugin ABI and out-of-tree plugin marketplace

Contributing · License · Security

• Contributions: see CONTRIBUTING.md and GOVERNANCE.md.
• License: MIT.
• Vulnerabilities: report privately per SECURITY.md.

---

Drawn by the same hand

A working portfolio of digital infrastructure, designed and maintained by Mohamed Harery — Architect of Digital Systems.

Sheet	Repo	What it is
00	harery.com	The studio — portfolio, ledger, contact
01	OCTALUME	8-phase enterprise SDLC framework
02	LuminaPy	Python DSA & coding-interview prep
03	OCTALUM-PULSE	Cross-distro Linux maintenance CLI
04	Merged into OCTALUME	(Phase 0: idea → spec → build pipeline)

_{harery.com · github.com/Harery · LinkedIn}

_{BLUEPRINT · drawn 2026 · MIT-licensed code · all drawings reserved}