Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91

Add kilocode SKILL.md for Fleet GitOps (#42258)

Browse source 
Create initial .kilocode/skills/fleet-gitops/SKILL.md to document
guidelines for working with Fleet GitOps configuration. Includes rules
for osquery queries and Fleet reports, validation guidance for Apple,
Windows, and Android configuration profiles, guidance on using
Fleet-maintained apps vs custom packages, and Declarative Device
Management (DDM) declaration validation. Also includes references to
Fleet, Apple, ProfileManifests, and Microsoft documentation. This is the
first version and will be expanded as patterns and constraints evolve.
This commit is contained in:
Allen Houchins 2026-03-23 16:03:33 -05:00 committed by GitHub
parent 4df9ae01a6
commit 800f117660
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 52 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
.kilocode/skills/fleet-gitops/SKILL.md Normal file
View file

@ -0,0 +1,52 @@
---
name: fleet-gitops
description: Use when working on Fleet GitOps configuration files, including osquery queries, configuration profiles, DDM declarations, software management, and CVE remediation in the it-and-security folder.
---
# Fleet GitOps Kilocode Skill
## Queries & Reports
- Only use **Fleet tables and supported columns** when writing osquery queries or Fleet reports.
- Do not reference tables or columns that are not present in the Fleet schema for the target platform.
- Validate tables and column names against the Fleet schema before including them in a query:
- https://github.com/fleetdm/fleet/tree/main/schema
## Configuration Profiles
When generating or modifying configuration profiles:
- **First-party Apple payloads** (`.mobileconfig`) — validate payload keys, types, and allowed values against the Apple Device Management reference:
- https://github.com/apple/device-management/tree/release/mdm/profiles
- **Third-party Apple payloads** (`.mobileconfig`) — validate against the ProfileManifests community reference:
- https://github.com/ProfileManifests/ProfileManifests
- **Windows CSPs** (`.xml`) — validate CSP paths, formats, and allowed values against Microsoft's MDM protocol reference:
- https://learn.microsoft.com/en-us/windows/client-management/mdm/
- **Android profiles** (`.json`) — validate keys and values against the Android Management API `enterprises.policies` reference:
- https://developers.google.com/android/management/reference/rest/v1/enterprises.policies
## Software
- When adding software for macOS or Windows hosts, **always check the Fleet-maintained app catalog first** before using a custom package:
- https://github.com/fleetdm/fleet/tree/main/ee/maintained-apps
- In GitOps YAML, use the `fleet_maintained_apps` key with the app's `slug` to reference a Fleet-maintained app.
- When remediating a CVE, use Fleet's built-in vulnerability detection to identify affected software, then follow the Software section above to deploy a fix — preferring a Fleet-maintained app update where available, otherwise a custom package.
## Declarative Device Management (DDM)
When generating or modifying DDM declarations:
- Validate declaration types, keys, and values against the Apple DDM reference:
- https://github.com/apple/device-management/tree/release/declarative/declarations
- Ensure the `Type` identifier matches a supported declaration type from the reference.
---
## References
- Fleet GitOps documentation: https://fleetdm.com/docs/configuration/yaml-files
- Fleet API documentation: https://fleetdm.com/docs/rest-api/rest-api
---
*This file will grow as new patterns and constraints are established.*