- Add TierCloud to license features with full Cloud capability set
- Hosted mode: tenant middleware gates on subscription lifecycle
(active/grace/bounded-trial) instead of FeatureMultiTenant
- Seed trial billing state on hosted signup so tenants are usable
before Stripe checkout completes (14-day bounded trial)
- SAML SSO creation/update now requires AdvancedSSO license (OIDC
remains free on all tiers)
- Stripe webhook handlers use TierCloud instead of TierPro for
hosted checkout/subscription capability derivation
- MultiTenantChecker accepts hostedMode flag for correct WebSocket
gating in Cloud deployments
- Comprehensive tests for hosted subscription gating (active, trial
with/without end date, expired, canceled, grace period)
Complete the post-checkout signup flow: Stripe checkout → container
starts → magic link generated → user clicks → logged into tenant
dashboard.
- Add pkg/cloudauth for shared HMAC-SHA256 handoff token sign/verify
- Add internal/cloudcp/auth for control plane magic link service with
SQLite-backed token store (standalone, no internal/api dependency)
- Add magic link verify handler on control plane that generates a
short-lived handoff token and redirects to tenant container
- Add /auth/cloud-handoff endpoint on tenant side that validates
handoff token and creates a session using existing auth machinery
- Expand provisioner to write per-tenant handoff key, poll container
health (2s interval, 60s timeout), and generate magic link on success
- Wire magic link service into control plane server and routes
Port from 5.1.x hotfix line (815c990e). Adds privilege probing so
the host agent only requests PVE permissions that exist on the target
version (VM.Monitor on PVE 8, VM.GuestAgent.Audit on PVE 9+). Demotes
apt/update 403 to Debug. Setup script uses comma-separated privs and
modify-before-add for the PulseMonitor role.
- Enhance Kubernetes agent with comprehensive usage metrics collection
- Add monitoring improvements for Kubernetes agents
- Integrate Kubernetes resources into unified resource registry
- Add report format improvements for Kubernetes agent reports
- Include new test coverage for usage metrics and registry integration
Refactors API handlers, updates notification logic, and enhances service discovery and configuration management. Includes extensive test coverage updates.
## Summary
Complete implementation of the Unified Resource Model with new navigation.
## Features
- v2 resources API with identity matching across sources (Proxmox, Agent, Docker)
- Infrastructure page with merged host view
- Workloads page for all VMs/LXC/Docker containers
- Global search (Cmd/Ctrl+K) with keyboard navigation
- Mobile navigation with bottom tabs and drawer
- Keyboard shortcuts (g+key navigation, ? for help)
- What's New modal for user onboarding
- Report Incorrect Merge feature for false positive fixes
- Debug tab in resource drawer (enable via localStorage)
## Technical
- Async audit logging for improved performance
- WebSocket-driven real-time updates for unified resources
- Session-based auth achieves <2ms API response times
## Tests
- Backend: 78 tests passed
- Frontend: 397 tests passed
