connector ingest → graph build → live ops

Your workspace, as a live process graph.

Five stages, one tenant-scoped graph. Each stage is auditable. Each stage is permission-aware. Each stage is reversible.

the pipeline / 01

Five stages, from raw event to drafted action.

Connector ingest

stage_01 · ingest_lane

A read-only event stream from each connector lands in a tenant-scoped queue. Pulse never copies private content into shared infra. Per-tenant encryption keys; BYOK on the Scale tier.

tenant: pulsehq · queue: ingest_2024_11_21● healthy

// per-tenant ingest lane (read-only)
stream slack.events       → "pulsehq.ingest.slack"      // 4.2k/min
stream github.webhooks    → "pulsehq.ingest.github"     // 91/min
stream notion.delta       → "pulsehq.ingest.notion"     // 38/min
stream linear.events      → "pulsehq.ingest.linear"     // 17/min
stream calendar.changes   → "pulsehq.ingest.cal"        // 6/min

// retention: 30d hot · 365d cold (configurable)
// encryption: per-tenant DEK · KMS-rotated · BYOK on Scale
// rate limits: respected upstream · backoff on 429

▸Read-only, every connector. Pulse never writes back during ingest. Action surface is a separate, scoped credential.
▸ACL captured at the source event. A Slack message’s channel ACL travels with it through every downstream stage.
▸Idempotent re-ingest. Disconnect, reconnect, and Pulse picks up where it left off. No duplicate entities.

Entity extraction

stage_02 · extract_lane

A schema-constrained extraction pass lifts decisions, commitments, features, failure cases, customers out of unstructured streams. Confidence calibration runs on every extraction.

DECISION

“3-tier pricing structure approved”

slack · #pricing-strategy · @apoorv · conf 0.92

COMMIT

@vikram → finalize copy by Tue

slack · #pricing-strategy · conf 0.87

FAILURE

“flat pricing missed mid-market”

notion · post-mortems/q2-2024.md · conf 0.95

SKIPPED

“i think we should maybe try X”, speculation, no rationale

conf 0.31 · below threshold · audit-only

▸Schema-constrained. Every entity has a fixed type, a required rationale field, and an owner. No free-form blobs.
▸Confidence threshold 0.65. Below it, extractions are stored audit-only, visible to admin, not surfaced to users.
▸Human override on every entity. The decision-maker can edit, archive, or split any extracted entity from any surface.

Graph compose

stage_03 · compose_lane

Edges link entities by causality (decision → commitment), ownership (person → feature), and provenance (entity → source). The graph is partitioned per tenant; no cross-tenant edges, ever.

EDGE TYPES

extracted_from · references · causes · owns · proposes · resolves · supersedes · regrets · contradicts

PARTITION

tenant_id is a primary key. Cross-tenant query is a runtime impossibility, not a policy.

Detector loop

stage_04 · detector_lane

Detectors run continuously over the graph, flagging stuck PRs, stalled decisions, churn risk, cross-team gaps. Output is a calm notification stream, never a notification firehose.

detectorsignalcooldown

stuck_prPR awaiting review > 18h24h

stalled_decisionDecision logged 60d, no execution signal7d

churn_riskCustomer champion’s Slack inactive 21d14d

cross_team_gap2 teams referencing same artifact, never met30d

canonical_readySame Q asked 5x, 3+ matching answers, pin?1x

▸Cooldowns prevent firehose. Each detector has a per-entity cooldown, same stuck PR won’t ping you twice in 24h.
▸Per-user routing. Detectors choose recipients by ownership graph, not by channel, only the people who can act on it.
▸F4 oversight. Founder/admin sees a daily digest of every detector firing across the tenant, in calm summary form.

Action draft

stage_05 · action_lane

Detector signals flow into the drafting layer. Pulse mocks the Slack DM, the Linear ticket, the calendar invite, and lands them in your approval inbox. One click sends. 5-minute undo on every external write.

DRAFT QUEUE · awaiting approval

slack.dm~2m ago

DM @vikram · PR review nudge

linear.create~6m ago

Refresh onboarding cost analysis

calendar.invite~12m ago

1:1 reschedule · Friday 10am

ALLOWLIST · per-tenant policy

slack.dmdraft → approve

slack.channel_postoff

linear.createdraft → approve

linear.commentauto · capped 5/day

calendar.invitedraft → approve

github.mergenever

how it differs / 02

The structural choices, side by side.

Most enterprise-search products are built around a doc graph and a vendor-level trust contract. Pulse picks a different model on each axis.

dimension

the usual approach

pulse · structural bet

graph model

Doc graph: pages, chunks, embeddings. Decisions are inferred at query time.

Process graph: decisions, commitments, features as first-class entities. Schema-constrained extraction.

permission posture

Search-time ACL filter. Index everything; hope the filter doesn’t leak.

ACL-mirrored at retrieval. Source-system permissions enforced. Request-access flow when content is restricted.

trust surface

Vendor-level trust: the company is SOC 2, therefore the answer is too.

Sentence-level trust. Every passage marked cited or inferred. Every retrieval shows the chain.

action layer

Suggest only. Or fully autonomous, with no undo.

Drafted, allowlisted, reversible. One click sends. 5-minute undo. Per-tenant policy.

onboarding

4-week IT-led setup. Connector-first. Crawl everything, configure later.

30-min founder interview. Working model of your processes day one. Connectors come second.

permission model / 03

Built on permission, not against it.

If you can’t see it in Slack, you can’t see it in Pulse. Three structural guarantees, not three policies.

acl mirror

Source-system ACLs, mirrored.

Pulse never expands access. A Slack DM you couldn’t see is invisible in retrieval, Pulse knows it exists, surfaces a request-access flow, never leaks the body.

confidential mode

Pre-decisional context, scoped.

Mark a thread or doc as confidential. Pulse helps you think but doesn’t remember, no embedding, no extraction, no surfacing to anyone else.

selective amnesia

“Forget this” is a first-class action.

Mark anything forget and it’s purged from the index. Auditable that it was forgotten; gone from retrieval, gone from synthesis.

personal data

Every employee sees what Pulse knows.

A built-in dashboard at /me shows every entity Pulse has extracted about you. Exportable. Deletable for non-shared content.

tenant isolation

tenant_id is a primary key, not a filter.

Cross-tenant query is a runtime impossibility, not a policy. Storage, embeddings, and KMS keys are partitioned. BYOK on Scale.

audit trail

Every retrieval, every action, logged.

Configurable retention windows. Audit-log export as JSON or Parquet today; SIEM webhook streaming on the Enterprise roadmap.

operating principles / 04

The four bets that shape every surface.

Pulse looks the way it does because of these four structural choices. Each one constrains a hundred small decisions inside the product.

permission

Permission-aware, never expanding.

Every retrieval, Ask, Search, briefings, agent drafts, passes through visibleDocumentIds() before it returns. We mirror Slack/GitHub/Notion ACLs into the graph at sync time and enforce them at retrieval time. There is no path that bypasses this filter.

process graph

Process graph, not doc graph.

Decisions, commitments, features, failure cases and bottlenecks are first-class entities, not pages waiting to be re-extracted at query time. The graph is the differentiator; the chat box on top is the easy part.

memory

Memory ages on a curve.

Each topic category has a half-life. Pricing decays in 30 days; mission decays in 5 years. Retrieval respects the curve and an 'older than typical' caveat surfaces on the answer when the source is past its half-life.

calm

Calm by default.

Pulse never paints individuals as the problem. Bottleneck detection is stage-level, not person-level. Briefings are role-curated, not all-staff. Agent actions wait for your nod and undo themselves on demand. The product is opinionated about restraint.

getting started / 05

From signup to first agent action: about 30 minutes.

Fast enough to roll out mid-sprint, at 5 people or 500. The 30-minute founder interview is what makes Pulse work for software teams.

first day, condensed

t+0 min

Connect Slack + GitHub

OAuth per workspace. Pulse starts read-only ingestion immediately. No data writes.

t+15 min

Founder interview

30-min conversational onboarding. Pulse learns your vocabulary, processes, and pain points.

t+30 min

First decisions extracted

Pulse surfaces 8–12 decisions from the last 90 days for confirmation. Edits welcome.

t+24 hr

First drafted action

Detector loop runs overnight. First Slack-DM nudge or Linear ticket lands in the approval inbox.

Features

The full capability catalogue.

Security

Permission-aware retrieval, audit log, BYOK.

MCP server

Expose Pulse to any MCP-aware client.

30 minutes, not 30 days.

Bring three connectors and a half-hour conversation. Pulse will have a working model of your team before lunch.

See connectors