<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#44330, Resolves#44331
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] Added/updated automated tests. (I'd defer integration tests to a
separate PR since this one is pretty large already.)
- [x] QA'd all new/changed functionality manually. I've tested this on
both the setup flow and the organization settings page. I haven't had
the time to test this on other places where we render the logo (macOS
setup experience / MDM migration dialog).
https://github.com/user-attachments/assets/95d4eae5-3da6-40f4-98a1-8575b97d96b3
## New Fleet configuration settings
- [x] Setting(s) is/are explicitly excluded from GitOps.
Will handle GitOps in a separate PR.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Organizations can upload custom logos for light and dark modes.
* Registration and Org Settings support logo file upload, preview,
per-mode replace/delete, and validation (size & image formats).
* Activity feed records logo changes/deletions; site nav displays
uploaded logos per theme.
* File uploader/preview adds a Fleet logo graphic option and improved
logo validation.
* Config/GitOps outputs now include separate dark/light logo fields.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#43947
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information. **Will come as part of backend PR**
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [x] Timeouts are implemented and retries are limited to avoid infinite
loops
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added an option to preserve host activities when hosts are
re-enrolled.
* New Activity & Data Retention controls (delete activities, expiry
window, preserve option, and stored-results toggle).
* New Features toggles for live queries, scripts, and AI features.
* **Refactor**
* Advanced organization settings reorganized into dedicated sections:
Activity Data Retention, Features, Host Lifecycle, and Server &
Authentication, with GitOps-aware tooltips and conditional inputs.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
The most common misunderstanding that our users have when configuring
SSO (specifically Okta, since it refers to the value by a different
name) is what to put in this Entity ID field. If it doesn't match the
IdP's version, SSO will fail.
We were also directing users to retrieve an issuer URI, which would
presumably be used as the Entity ID. The problem is, the rest of our
docs don't state that, and instead tell users to use a simple value such
as `fleet`.
Backend PR: #44511
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#41422
<img width="618" height="244" alt="image"
src="https://github.com/user-attachments/assets/c223e37d-7051-46a6-a2ea-6bd1bdcbb53e"
/>
<img width="777" height="780" alt="image"
src="https://github.com/user-attachments/assets/3b9ef4e9-2181-406b-a22e-e6773eba67af"
/>
<img width="649" height="236" alt="image"
src="https://github.com/user-attachments/assets/3985faf0-a1e4-404a-b190-cb623f52339a"
/>
<img width="1083" height="768" alt="image"
src="https://github.com/user-attachments/assets/2d4df607-4b34-435c-88db-6dc0fa09db2e"
/>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information. Part of backend PR
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [x] Timeouts are implemented and retries are limited to avoid infinite
loops
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added "Enrollment profile renewal failed" activity type and label.
* Failure entries now appear in activity feeds and host details with a
dedicated activity item and a details flow.
* Users can open a failure details modal showing a status icon, host
name (with fallback), relative failure time, guidance about certificate
expiration, and a link to Fleet support.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Added a checkbox for the setup experience page.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42854
<img width="598" height="373" alt="image"
src="https://github.com/user-attachments/assets/4842190f-f9f8-401f-a9e2-61c5755fb5be"
/>
---
<img width="444" height="377" alt="image"
src="https://github.com/user-attachments/assets/e9da5e65-1b09-4b05-ab8c-a5099866704d"
/>
---
<img width="458" height="387" alt="image"
src="https://github.com/user-attachments/assets/bf10b747-805b-4484-a90f-7700ba177098"
/>
# Checklist for submitter
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added Windows support to the MDM setup experience so admins can
require all software during Windows device setup, saved independently
from macOS.
* **UI**
* Checkbox label clarified to "Cancel setup if software fails".
* Windows checkbox is disabled when Windows MDM is not configured and
shows a contextual tooltip.
* **Tests**
* Added tests covering Windows UI states and save behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Resolves#36976
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Label operations (create, edit, delete) now generate activities shown
in the activity feed with label and optional fleet context.
* Host label add/remove operations emit corresponding label edited
activities; duplicate label names are deduplicated.
* Label activity types are selectable/filterable in the activity
dashboard.
* **Tests**
* Added unit, integration, and UI tests covering label activity
emission, rendering, filtering, and GitOps label lifecycle scenarios.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Fixes a lint issue in (currently unused) code for the 24-hr
checkerboard, that was causing one of our build tests to fail.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Enhanced 24-hour checkerboard visualization tooltips to display
complete data values and totals alongside percentage information.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This pull request introduces support for ingesting Homebrew casks from
third-party taps (not available in the official
`Homebrew/homebrew-cask`) into the Fleet Maintained Apps (FMA) system.
It does this by allowing cask metadata to be committed directly into the
repository and referenced via a new `cask_path` field. The PR also
updates CI workflows to better support Fleet Desktop validation and
documents the new contributor flow.
**Support for custom Homebrew casks:**
* Added a new `cask_path` field to app manifests, allowing the FMA
ingester to read cask metadata from a local JSON file instead of
fetching from the Homebrew API. This enables ingestion of apps from
third-party taps or custom casks not present in the official Homebrew
repository.
[[1]](diffhunk://#diff-be469dd148f0c50ad56489c48bdb514522e1a46d21336e8f747b5880d71a6d1bR49-R66)
[[2]](diffhunk://#diff-abd7db4bef16a062c1bd81f54a7c846f1e91b913a9fe9f87976c8075f39b8cd2R270-R276)
* Refactored the Homebrew ingester (`brewIngester`) to use a new
`fetchCask` helper, which reads from the local file if `cask_path` is
set, or falls back to the API otherwise. Includes robust error handling.
[[1]](diffhunk://#diff-abd7db4bef16a062c1bd81f54a7c846f1e91b913a9fe9f87976c8075f39b8cd2L99-R101)
[[2]](diffhunk://#diff-abd7db4bef16a062c1bd81f54a7c846f1e91b913a9fe9f87976c8075f39b8cd2R200-R251)
* Added comprehensive documentation and examples for the custom tap
workflow, including a new `custom-tap/` directory with cask DSL sources,
generated JSON, and a regeneration script.
[[1]](diffhunk://#diff-2dfa2fc79b9becad555db38289a16afe4ce651665a31868d386fed8b4e160740R1-R85)
[[2]](diffhunk://#diff-be469dd148f0c50ad56489c48bdb514522e1a46d21336e8f747b5880d71a6d1bR49-R66)
* Added new custom casks for `fleet-desktop`, `druva-insync`, and
`zoom-rooms` under `inputs/homebrew/custom-tap/Casks/`.
[[1]](diffhunk://#diff-2555a54830de2bfb0ffca8bc487aac67de84dee5d431fe5f42e90e1754f63bb6R1-R36)
[[2]](diffhunk://#diff-db1fa8a43a27c5adf49a5ade04e61405ce1e9420f266e3160156cabf69ed4ea8R1-R40)
[[3]](diffhunk://#diff-effd461583140683d41dc68d9a93692d039be5ad5e52b6b108ece79f17155107R1-R44)
**Testing and validation:**
* Added a new test (`TestIngestCaskPath`) to ensure the ingester
correctly reads from `cask_path` and does not make unnecessary HTTP
requests, with error handling for missing files.
**CI workflow improvements:**
* Updated GitHub Actions workflows to handle Fleet Desktop's installer
requirements in CI by creating a managed preferences stub when
validating Fleet Desktop, ensuring the installer succeeds even without
MDM enrollment.
[[1]](diffhunk://#diff-28b30c8601cb7662d59efbfbbcf800cae91455fd3d875627659dced8c1257a24R100)
[[2]](diffhunk://#diff-28b30c8601cb7662d59efbfbbcf800cae91455fd3d875627659dced8c1257a24R116-R123)
[[3]](diffhunk://#diff-28b30c8601cb7662d59efbfbbcf800cae91455fd3d875627659dced8c1257a24R148-R172)
[[4]](diffhunk://#diff-c263ffc3062c3b5e4e4eb65976080c6cbddac478a5fed3392fe8b23c49bb2da8R69-R92)
These changes make it possible to maintain and test apps from custom
Homebrew taps within the Fleet repo, improving flexibility and
reliability for Fleet-maintained apps.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added support for three new macOS apps: Fleet Desktop, Druva inSync,
and Zoom Rooms
* Added UI icons for Fleet Desktop and Zoom Rooms
* **Enhancements**
* Fleet Desktop includes an MDM enrollment caveat and improved installer
validation for macOS installers
* Support for overriding Homebrew cask input via a local cask JSON file
* **Tests**
* Added unit coverage for local cask JSON ingestion behavior
* **Chores**
* Added a deterministic script to regenerate Homebrew custom-tap
manifests
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#44249
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
n/a, unreleased
## Testing
- [ ] Added/updated automated tests
not worth it for style fixes and accidental content removal
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [X] QA'd all new/changed functionality manually
- [X] can click on hosts enrolled labels and bars to go to the
appropriate hosts list
- [X] no more weird focus rectangles on hosts enrolled chart
- [X] hosts enrolled chart y-axis respects dark mode
- [X] metrics cards returned to dashboard
- [X] hovering over a bar on the hosts enrolled chart shows a tooltip
with the # of hosts in that platform
For unreleased bug fixes in a release candidate, one of:
- [X] Confirmed that the fix is not expected to adversely impact load
test results
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Hosts Enrolled card: click platform bars or Y-axis labels to navigate
to platform-specific host lists; interactive tooltips show platform and
host count.
* **UI Improvements**
* Streamlined dashboard host-count display with a small loading spinner
while summaries load.
* Improved interactivity cues: hover styles, pointer cursor, and refined
tooltip visuals for chart elements.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Resolves#44301
This PR updates the `fork-ts-checker-webpack-plugin` to resolve the
errors we were seeing when running it. Since it now runs cleanly, it
identified a few typescript errors that need to be resolved at the same
time:
* `<EmptyState>` no longer takes a `graphicName` param since it's been
redesigned in #43896
* `<PoliciesCard>` was reworked in #43411 and no longer takes `router`.
I verified that this compiles cleanly in `make generate` and `make
generate-dev`.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Simplified component properties and prop handling across host details,
packs, and queries pages.
* Refined empty-state configuration in packs management and queries
tables.
* **Chores**
* Updated development build tool dependency from version 6.5.0 to 9.1.0
for TypeScript type-checking integration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Follow up from comments on: #44253
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Improved component styling architecture to follow modern CSS naming
conventions, enhancing code maintainability and consistency across the
setup assistant profile card. No changes to user-facing functionality or
appearance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
**Related issue:** Resolves#44252 & #44227
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
## Testing
- [X] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Bug Fixes
* Fixed an issue preventing users from enabling two-factor
authentication when editing existing user accounts.
* Fixed team assignment handling when editing user accounts to properly
process empty team selections.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
### Needs #44236
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#43790
<img width="1109" height="511" alt="image"
src="https://github.com/user-attachments/assets/256560ee-0d70-4fff-b553-37e46224a54a"
/>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information. Added in backend PR
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [x] Timeouts are implemented and retries are limited to avoid infinite
loops
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Setup Assistant now fetches and shows a default Apple enrollment
profile when a team profile is missing, including its loading state
before showing the uploader.
* **User-facing behavior**
* Default profile can be viewed and downloaded immediately; download
uses a fixed filename and formatted JSON.
* **Documentation**
* Added a "Learn more" link to the Setup Assistant section.
* **Style**
* Default profile card uses a distinct background, smaller description
text, and hides the delete action.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Small PR to improve URL validation for Apple Server URL, frontend now
also requires a protocol, and does require a TLD (aka. no localhost).
Backend requires a scheme/protocol, and no empty hostname, we previously
did not have these validations in place, which breaks if you don't use a
scheme for the URL.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Strengthened validation for MDM Apple Server URL and SSO User URL
settings. MDM Apple Server URL now rejects localhost and non-HTTP/HTTPS
schemes, and reports clearer errors for malformed URLs to reduce
misconfiguration.
* **Tests**
* Added test cases covering malformed MDM Apple Server URL inputs to
ensure validation behaves as expected.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Register Google Gemini for macOS: add a Homebrew input
(ee/maintained-apps/inputs/homebrew/gemini.json), update apps index
(ee/maintained-apps/outputs/apps.json), and add a darwin output with
installer/uninstaller scripts and version 1.49.2.233
(ee/maintained-apps/outputs/google-gemini/darwin.json). Also add
frontend icon component and asset
(frontend/pages/SoftwarePage/components/icons/Gemini.tsx, updated icon
index) and a 60x60@2x PNG app icon
(website/assets/images/app-icon-google-gemini-60x60@2x.png). Includes
installer URL and script refs for install/uninstall, plus app relaunch
handling.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#43135
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Fixed stale "Selected hosts" display on the edit label page by
ensuring host data refreshes after successful label edits, so the UI
reflects the updated host set immediately.
* Fixed stale host selections when navigating between manual labels by
scoping and resetting the form to the correct current host set,
preventing selections from carrying over between labels.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#43591
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] QA'd all new/changed functionality manually
### Before
https://github.com/user-attachments/assets/ddd1bfe6-d8f8-426c-8add-71721013e18d
### After
https://github.com/user-attachments/assets/86e4f60f-b78e-40cb-835b-a7ea40d54f10
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Bug Fixes
* Fixed an issue where the host details activity feed could incorrectly
display activities from a previously viewed host when navigating between
different hosts. The activity data is now properly scoped to ensure the
activity feed shows only activities relevant to the currently selected
host, preventing stale data from appearing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42440
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Enabled renewing and deleting Apple Business Manager (AB) tokens in
the UI when running in GitOps mode.
* Apple Business Manager table actions now adapt to GitOps mode: some
actions are disabled and contextual tooltips explain unavailable options
(including repository-linked guidance when applicable).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** For #40171
# Details
Adds audit activity when enabling or disabling GitOps exceptions.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
n/a, unreleased
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
<img width="714" height="699" alt="image"
src="https://github.com/user-attachments/assets/161bd084-347b-4cde-893e-9b385f13872c"
/>
For unreleased bug fixes in a release candidate, one of:
- [X] Confirmed that the fix is not expected to adversely impact load
test results
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Activity feed now records when GitOps exceptions (labels, software,
secrets) are enabled or disabled.
* **UI**
* Activity messages show which specific exception was enabled or
disabled.
* **Tests**
* Added unit and integration tests verifying generation and rendering of
enable/disable exception activities, including single and multiple flips
and no-op updates.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: sgress454 <553428+sgress454@users.noreply.github.com>
Co-authored-by: Luke Heath <luke@fleetdm.com>
This pull request adds support for the Zen Browser across the
application, including its metadata, installation scripts, and UI icon.
The changes ensure Zen Browser is now recognized as a maintained app,
can be installed/uninstalled via scripts, and displays its icon in the
frontend.
**Zen Browser Integration**
* Added Zen Browser metadata to the maintained apps input (`zen.json`)
and output (`apps.json`) files, making it available in the maintained
apps list.
[[1]](diffhunk://#diff-1227fd3d4a73fdd49df2d7e2977fc94f56c8fe606a444ae5d995916abbbccdb5R1-R8)
[[2]](diffhunk://#diff-4c1446cfc02c6bb0bda874481e333c65b84e184fcea52f656b49a6489f73c9c2R1957-R1963)
* Created a new versioned output file for Zen Browser
(`zen/darwin.json`), including installer and uninstaller scripts,
version information, and download details.
**Frontend/UI Updates**
* Added a new React SVG icon component for Zen Browser (`Zen.tsx`).
* Registered the Zen icon in the icon index and mapped the "zen"
software name to the new icon, enabling its display in the UI.
[[1]](diffhunk://#diff-628095892e1d16090be1db6cc1a5c9cebc65248c32a8b1312385394818f2907bR249)
[[2]](diffhunk://#diff-628095892e1d16090be1db6cc1a5c9cebc65248c32a8b1312385394818f2907bR514)
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** For #43769
# Details
This PR adds "Hosts active" and "Hosts enrolled" charts to the
dashboard.
New components:
* **ChartCard.tsx**: encapsulates a visualization-agnostic chart, for
data provided by the new `/charts` endpoint created in
https://github.com/fleetdm/fleet/pull/43910
* **ChartFilterModal.tsx**: modal for setting filters on a chart.
Currently supports filtering by label, platform and individual host.
* **CheckerboardViz.tsx**: a checkerboard visualization for use in
ChartCard. Capable of charting 1, 7, 14 or 30 days at a time, although
only 30 day charts are used right now. Bespoke rendering using SVG,
since recharts scatterchart was harder to wrangle than it was worth.
* **LineChartViz.tsx**: a line-chart visualization using Recharts
* **HostsEnrolledCard.tsx**: a bar chart of enrolled hosts using
Recharts
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
- With backend provided by https://github.com/fleetdm/fleet/pull/43910:
<img width="1426" height="428" alt="image"
src="https://github.com/user-attachments/assets/0f53b9d1-c87b-4225-a175-2d40af5afe41"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Dashboard now shows interactive "Hosts active" (line/heatmap) and
"Hosts enrolled" (bar) charts with metric selection, filter modal
(labels/platforms/hosts), legends, tooltips, and responsive layout.
* **Tests**
* Added comprehensive tests covering chart rendering, checkerboard
heatmap, and no-data states.
* **Chores**
* Added charting library dependency to support visualizations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Resolves#33557
The tems.name column uses utf8mb4_unicode_ci, so names like "ABC" and
"abc" compare as equal at the database level. Before this change name
collisions were handled in different ways in the UI and in GitOps.
The changes introduced here, consolidates the logic used for detecting
name collisions in all code path. All conflicts return 409 with the
canonical copy "Fleet names must differ by at least one non-special
character (case-insensitive).
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#43977
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [ ] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
- Repro'd issue on main
- Verified on this branch that dirtying the form and then focusing
elsewhere / refocusing on page doesn't lose changes.
For unreleased bug fixes in a release candidate, one of:
- [X] Confirmed that the fix is not expected to adversely impact load
test results
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Bug Fixes
* Fixed an issue where the Change Management form would reset upon
losing and regaining page focus.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#41676
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [ x] Added/updated automated tests
- [x ] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Apple MDM APNS certificate signing now shows a clear, domain-specific
error when an unsupported email domain is supplied (applies to CSR
requests and renewal flows), replacing the previous generic "invalid
email" message.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
**Related issue:** Resolves#42290
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [x] Timeouts are implemented and retries are limited to avoid infinite
loops
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Failed Windows MDM wipe attempts now create a tracked "Failed wipe"
activity showing the affected host and display name for visibility; UI
filter and activity feed now surface this type.
* **Bug Fixes**
* Improved detection and reporting of wipe result statuses so real
failures are reliably surfaced.
* Duplicate failure responses are suppressed to avoid repeated alerts.
* **Tests**
* Added tests validating wipe-failure activity creation and related
control flows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
<!--- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#38348
## What this PR does
On the Policies create and edit pages, the "Save" button was getting
disabled whenever Fleet's SQL parser flagged the query as having a
syntax error. That was a problem because Fleet's parser has gaps --
plenty of valid osquery SQL gets flagged as "invalid", which blocked
admins from saving perfectly good custom queries.
This PR changes the Save button behavior on the Policies form to match
what Reports (formerly "Queries") already does: we still show the
"Syntax error. Please review before saving." message under the editor,
but the user can still click Save. An empty query still disables Save.
The actual code change is small -- one line in `PolicyForm.tsx`:
```diff
- !!size(errors);
+ (!!errors.query && errors.query === EMPTY_QUERY_ERR);
```
Previously the button was disabled for any error (including syntax
errors). Now it's only disabled when the error is specifically the
empty-query error. This exactly mirrors the existing logic in
`EditQueryForm.tsx` for Reports.
I also imported `EMPTY_QUERY_ERR` from the shared validator and dropped
an obsolete `// @ts-ignore` on that import (the validator is now
TypeScript).
## Testing
All testing was done manually on macOS against a local Fleet dev server.
Jest suites run clean.
### Before the change (reproducing the bug)
1. Checked out `main`, ran the dev server.
2. Went to Policies, clicked "Add policy".
3. Pasted a query with a syntax error: `SELCT * FROM users;`.
4. Observed: error message "Syntax error. Please review before saving."
appears under the editor, and the Save button is **disabled** (greyed
out, not clickable). Same behavior when editing an existing policy.
### After the change (fix verified)
1. Checked out `bug_38348`, refreshed the browser (webpack watch picked
up the change).
2. Went to Policies, clicked "Add policy".
3. Pasted the same syntax-error query `SELCT * FROM users;`.
4. Observed: error message still shows, but the Save button is now
**enabled**. Clicking Save opened the "Save policy" modal; completing
the save wrote the policy with the user's exact SQL.
5. Edited the saved policy -- the same syntax-error SQL loaded, Save
remained enabled, edits saved successfully.
6. Cleared the SQL to empty -- error changed to "Query text must be
present" and Save went back to disabled. Good.
7. Ran the same flow on Reports (new and edit) to confirm no regression
-- behavior unchanged from before.
### Tests
-
`frontend/pages/policies/edit/components/PolicyForm/PolicyForm.tests.tsx`
-- 17/17 passing.
-
`frontend/pages/queries/edit/components/EditQueryForm/EditQueryForm.tests.tsx`
-- 15/15 passing (regression check).
- No new unit test was added for the syntax-error path; an existing TODO
in the test file documents why direct testing through react-ace is
awkward.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`
(`changes/38348-allow-saving-invalid-sql`).
- [x] Input data is properly validated (N/A -- frontend-only, no new
SQL).
- [x] QA'd all new/changed functionality manually (see Testing section
above).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Policy forms now allow saving when the SQL has a syntax error; the
syntax-error message remains visible for correction.
* Saving is still blocked when the SQL/query is empty or only
whitespace.
* **Tests**
* Added regression tests verifying save behavior for empty and
syntactically invalid queries.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Juan Fernandez <juan@fleetdm.com>
