Usage:
- `/cherry-pick 43082`: auto-picks the latest RC branch
- `/cherry-pick 43082 rc-minor-fleet-v4.84.0`: targets a specific RC
branch
Sample PR I opened with the skill:
https://github.com/fleetdm/fleet/pull/43110
## Summary
- Adds a comprehensive `.claude/` configuration that gives every
engineer Fleet-aware AI assistance out of the box — no MCP servers,
plugins, or external dependencies required
- Converts legacy `.claude/commands/` to skills with YAML frontmatter,
adds new skills, agents, rules, and hooks
- Adds ~2,500 tokens at startup; rules, skill bodies, and agent bodies
load on demand
## What's included
**6 rules** (auto-apply by file path):
- Go backend, frontend, database, API endpoints, and Orbit agent
conventions
- Covers: ctxerr errors, banned imports, `fleethttp.NewClient()`,
`new(expression)` over legacy `server/ptr`, bounded contexts
(`server/activity/`, `server/mdm/`), transaction safety (no
`ds.reader`/`ds.writer` inside tx), terminology (fleets/reports), React
Query, BEM, permissions utilities, and more
**12 skills** (invoke with `/`):
- `/review-pr`, `/fix-ci`, `/test`, `/find-related-tests`, `/lint` —
review and testing workflows
- `/new-endpoint`, `/new-migration`, `/update-data-dictionary` —
scaffolding and maintenance
- `/fleet-gitops`, `/spec-story`, `/project` — planning and
configuration workflows.
- `/project` includes a minimal self-improvement mechanism. Claude adds
discoveries and gotchas to the workstream context as you work, so each
session starts with slightly richer context than the last.
**3 agents** (specialized reviewers):
- `go-reviewer` (sonnet, proactive) — Go conventions, ctxerr, auth,
testing
- `frontend-reviewer` (sonnet, proactive) — TypeScript, React Query,
BEM, accessibility
- `fleet-security-auditor` (opus, on-demand) — MDM, auth gaps,
injection, PII exposure
**4 hooks** (automated):
- PreToolUse guard blocking dangerous commands (`rm -rf`, `force push`,
`pipe-to-shell`)
- PostToolUse goimports on Go files (`**/*.go`)
- PostToolUse prettier on frontend files (`frontend/**`)
- PostToolUse `lint-on-save`: auto-fixes with `golangci-lint --fix` /
`eslint --fix`, then runs `make lint-go-incremental` and feeds remaining
violations back to Claude as context for self-correction
**Permissions** — pre-approves safe operations (`test`, `lint`, `build`,
`make`, `git` read, `gh` CLI) and blocks dangerous ones (`force push`,
`rm -rf`)
**README** — includes a Claude Code primer for engineers new to the
tool, full reference for all skills/agents/hooks/rules, customization
guide (how to override skills, agents, model, effort), and contributing
instructions
**DATA-DICTIONARY.md** — updated with 13 recent migrations (March 2026)
that were missing
## Not covered (future iterations)
- `android/` (Android app)
- `website/` (Sails.js marketing site)
- `ee/fleetd-chrome/` (Chrome extension)
- `ee/vulnerability-dashboard/` (legacy Sails dashboard)
- `third_party/` (forked external code)
- Documentation workflows (guides, API docs, handbook)
- Fleet-maintained apps (FMA catalog, packaging, `ee/maintained-apps/`)
- MDM-specific conventions beyond the Go backend rule
## How to test
Pull the `.claude/` folder into your working branch without switching:
```bash
git checkout origin/cc-setup-teamwide -- .claude/
claude --debug # start a session and work normally
git checkout -- .claude/ # revert when done
git clean -fd .claude/ # remove new files that weren't on your branch
```
Check the debug log at `~/.claude/debug/` for detailed hook and tool
execution traces.
Try `/test` on a recent change, `/lint` go to lint Go files, or ask
Claude to review your code and watch the `go-reviewer` agent kick in.
### Test plan
- [x] Start a new Claude Code session in the Fleet project and run
`/context` to verify loading
- [x] Type `/` and confirm all 12 skills appear
- [x] Run `/test` on a small package
- [x] Edit a `.go` file and verify goimports runs automatically
- [x] Edit a `.go` file with a lint violation and verify `lint-on-save`
auto-fixes it
- [x] Edit a `.tsx` file and verify prettier runs automatically
- [x] Run a command like `echo test` and verify no permission prompt
(allowed by settings)
- [x] Verify `git diff` runs without prompt
- [x] Ask Claude to review code and check that the `go-reviewer` agent
is invoked
- [x] Verify skills
- [x] `/update-data-dictionary` correctly updates `DATA-DICTIONARY.md`
- [x] `/spec-story` fetches issue and follows the process defined in the
skill
- [x] `/project` detects memory directory and runs in a fork
- [x] `/review-pr` runs in fork, produces detailed review
- [x] `/lint go` detects changes and runs appropriate linters
- [x] `/lint frontend` detects changes and runs appropriate linters
- [x] `/lint full` runs all linters
- [x] `/test` detects changed packages and runs with correct env vars
- [x] `/test` runs frontend tests when frontend files changed
- [x] `/find-related-tests` outputs correct test files and go test
commands
- [x] `/fix-ci` with a real failing CI run URL
- [x] `/fleet-gitops` provides GitOps context and references
- [x] `/new-endpoint` scaffolds with correct Fleet patterns
- [x] `/new-migration` creates timestamped file + test file with correct
structure
- [x] Verify hooks
- [x] Verify agents
- [x] Verify rules
### Hooks test results
<img width="792" height="502" alt="Screenshot 2026-04-04 at 10 16 14 AM"
src="https://github.com/user-attachments/assets/ed066f65-1b79-4faa-a06f-3ce50837f055"
/>
<img width="811" height="693" alt="Screenshot 2026-04-06 at 8 49 28 AM"
src="https://github.com/user-attachments/assets/4513423e-d16c-40c1-a8d8-27f38a87acfd"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated internal developer documentation and Claude Code configuration
for improved development workflows, including coding standards, security
guidelines, testing procedures, and automated code review/formatting
setup.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This will only fire if Claude adds `math/rand` as an import.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated code style guidelines and enhanced linting configuration to
enforce stricter code quality standards.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Motivation: add a check for a common issue I see humans and AI agents
making, so that we don't have to waste time on it in code reviews.
Resolves#42635
Note: This lint check has been mostly AI generated. I don't think it
needs a thorough review because it is not production code and not even
test code. Any issues will be obvious from usage by contributors.
Add a custom go/analysis analyzer that detects map[T]bool variables
used as sets (where only the literal `true` is ever assigned) and
suggests using map[T]struct{} instead, which is the idiomatic Go
approach for sets — zero memory for values and unambiguous semantics.
The analyzer minimizes false positives by:
- Only flagging when ALL indexed assignments use the literal `true`
- Skipping variables initialized from function calls (unknown source)
- Skipping variables reassigned from unknown sources
- Skipping function parameters and exported package-level variables
- Skipping range loop variables
Integrated as an incremental linter (new/changed code only) to avoid
breaking existing code.
Running this check on our whole codebase flags valid cases:
```
cmd/fleet/serve.go:306:2: map[string]bool used as a set; consider map[string]struct{} instead (setboolcheck)
allowedHostIdentifiers := map[string]bool{
^
cmd/fleetctl/fleetctl/generate_gitops.go:189:3: map[string]bool used as a set; consider map[string]struct{} instead (setboolcheck)
handled := make(map[string]bool, len(renames)*2)
^
cmd/fleetctl/fleetctl/generate_gitops.go:1593:2: map[uint]bool used as a set; consider map[uint]struct{} instead (setboolcheck)
m := make(map[uint]bool, len(ids))
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Added a new code analyzer to detect maps used as boolean sets and
recommend more efficient alternatives for better performance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Scott Gress <scott@fleetdm.com>
## Summary
- Adds `.claude/commands/fleet-gitops.md`, a new slash command
(`/fleet-gitops`) for Claude Code users working in the `it-and-security`
folder
- Mirrors the existing Kilocode skill
(`/.kilocode/skills/fleet-gitops/SKILL.md`) with the same validation
rules for osquery queries, configuration profiles
(Apple/Windows/Android), software management, DDM declarations, and CVE
remediation
- Command is explicitly invoked only — does not auto-trigger, so it has
zero impact on the engineering team's normal Claude usage
## Test plan
- [ ] Verify `/fleet-gitops` is available as a slash command in Claude
Code when opened in this repo
- [ ] Confirm the command correctly sets context for GitOps work
(queries, profiles, software, DDM)
- [ ] Confirm no change to existing engineering commands (`/review-pr`,
`/test`, `/fix-ci`, etc.)
@sgress454 The test instructions aren't working for me. Claude just
doesn't run tests, and then it tries to argue with me why it can't run
them. This happened multiple times. I have everything set up for tests.
❯ Why didn't you run the test, or did you?
⏺ I didn't run the tests — I can't run them locally since they require
MySQL (MYSQL_TEST=1).
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#40450
## Details
This PR checks in a `.claude` folder with a main `CLAUDE.md` file,
hooks, commands, agents and settings useful for working with Fleet.
Claude generated these itself based on some of the work I was doing with
it:
* `CLAUDE.md`: contains basic information about the repo and project to
give Claude needed context before working on Fleet code
* `commands/project.md`: allows you to maintain memory across multiple
related Claude sessions. For example I use `/project renaming` whenever
I'm working on the project to rename "teams" to "fleets", so that I
don't have to explain every time what it is we're trying to accomplish.
It keeps track of goals, what we've done, what's left, etc.
* `commands/fix-ci.md`: given a GitHub action run URL, it will find any
failing tests, fix the broken ones and report on any that look
legitimate. Example: `/fix-ci
https://github.com/fleetdm/fleet/actions/runs/22364613741/job/64727183666?pr=40414`
* Other commands: `test.md`, `fix-related-tests.md`, `test.md`,
`review-pr.md` -- I haven't used these, leaving them in for discussion.
The `review-pr` one is interesting as it should utilize the
`agents/go-reviewer.md` agent which we can customize to do things like
look at our patterns files.
* Settings + goimports hook: whenever Claude makes edits or creates
files, run the formatter
