This commit introduces support for Python (.py) scripts on macOS and
Linux, including validation for Python shebangs and updates to
documentation, UI, error messages, and backend validation logic. It also
updates tests and file upload handling to recognize and properly process
Python scripts alongside existing shell (.sh) and PowerShell (.ps1)
scripts.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
---------
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: melpike <79950145+melpike@users.noreply.github.com>
Co-authored-by: jkatz01 <yehonatankatz@gmail.com>
Co-authored-by: Jonathan Katz <44128041+jkatz01@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#41391
# Details
This PR updates front-end API calls to use new URLs and API params, so
that the front end doesn't cause deprecation warnings to appear on the
server.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
n/a, should not be user-visible
## Testing
- [X] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually
The biggest risk here is not that we missed a spot that still causes a
deprecation warning, but that we might inadvertently make a change that
breaks the front end, for instance by sending `fleet_id` to a function
that drops it silently and thus sends no ID to the server. Fortunately
we use TypeScript in virtually every place affected by these changes, so
the code would not compile if there were mismatches between the API
expectation and what we're sending. Still, spot checking as many places
as possible both for deprecation-warning leaks and loss of functionality
is important.
## Summary by CodeRabbit
* **Refactor**
* Updated API nomenclature across the application to use "fleets"
instead of "teams" and "reports" instead of "queries" in endpoint paths
and request/response payloads.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Simplified modal structures across multiple dialog components for
improved code maintainability.
* Enhanced modal component's flexibility to support broader content
types.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
# Details
As mentioned in a previous front-end sync, I realized after having to
add a `reload()` method to the `PaginatedList` imperative handle that I
had strayed too far from the path. The original concept for this
component was for it to be fully self-contained, so the parent didn't
have to concern itself with pagination at all other than being told what
page to load. But the addition of an `onChangePage` property isn't a
tragedy and is totally worth the reduction in code, consistency with use
of `useQuery` elsewhere and React best practice of passing data from
parent to child.
This refactor still retains the use of the imperative handle for
querying the "dirty state" of the list, so parents don't have to manage
that state themselves.
## Testing
- [X] Added/updated automated tests
Updated PaginatedList tests as needed. Also confirmed that tests for the
upstream components (PoliciesPaginatedList, Secrets, RunBatchScriptModal
and ScriptBatchProgress) all passed without any modification.
- [X] QA'd all new/changed functionality manually
Added enough data to paginate each of the components that uses
PaginatedList, confirmed pagination still works and dirty state
functionality (in PoliciesPaginatedList) still works. Also confirmed
add/delete functionality works as expected in Secrets.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Consistent, responsive pagination across Scripts, Secrets, Hosts, and
Policies pages with clearer loading and empty states.
- Bug Fixes
- Delete Secret modal now reliably displays errors and refreshes the
list after deletion.
- Refactor
- Unified data-driven pagination flow for improved performance and
smoother navigation.
- Simplified list interactions by removing manual reloads.
- Tests
- Updated tests to align with the new pagination behavior and data flow.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#34697
<img width="819" height="283" alt="Screenshot 2025-10-23 at 9 58 57 AM"
src="https://github.com/user-attachments/assets/d30bd017-da75-4752-b562-fd4c1fb51db0"
/>
- [x] Changes file added for user-visible changes in `changes/`
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#32632
# Details
This PR updates the Script Library page in the following ways:
* When no scripts are uploaded for a team, it shows the "Add script" UI
with a button that opens a new "Add Script" modal
* When scripts are uploaded, the "Add script" button is instead added to
the header of the scripts list, and clicking it opens that modal
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [ ] Added/updated automated tests
working on this
- [X] QA'd all new/changed functionality manually
- [X] Test empty state: go to controls/scripts/library for a team with
no scripts. Clicking "upload" button in empty state should open the add
script modal.
- [X] In the modal, select a .ps1 script. Should not see additional
text.
- [X] Close modal without uploading. Re-open. File field should be
cleared & upload button visible again.
- [X] Select a .sh script. Should see additional text about macOS and
Linux.
- [X] Add script. Make sure script saves and modal closes.
- [X] Once script has been added, make sure empty state is gone and "Add
script" button is at the top of the list.
- [X] Go to /controls/os-settings/custom-settings for a team with no
profiles uploaded. Make sure empty state text styles match the empty
state for script uploads.
- [X] Open modal to add profile. Make sure upload text styles match the
script upload modal.
- [X] Enable GitOps mode. Go to controls/scripts/library for a team with
scripts added. Make sure new "Add script" button is disabled w/ standard
tooltip in GitOps mode.
Scripts empty state:
<img width="697" height="352" alt="image"
src="https://github.com/user-attachments/assets/32f0f246-bddb-4bb7-bc39-48d9978de9fa"
/>
Scripts uploader:
<img width="745" height="590" alt="image"
src="https://github.com/user-attachments/assets/f82414e2-9318-4543-b5ca-41e759662587"
/>
Scripts uploader with .sh
<img width="750" height="539" alt="image"
src="https://github.com/user-attachments/assets/0b989067-921a-4d18-93ed-09aac90fc9cb"
/>
Scripts table:
<img width="686" height="256" alt="image"
src="https://github.com/user-attachments/assets/848f1b56-6e9e-48d4-9a03-6fdf5427301e"
/>
Profiles empty state:
<img width="700" height="377" alt="image"
src="https://github.com/user-attachments/assets/8f92bcd9-2215-41f6-a540-4774f7e9542b"
/>
Profiles uploader:
<img width="707" height="682" alt="image"
src="https://github.com/user-attachments/assets/eef216af-3447-48e7-882a-e42e888e1c17"
/>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#33888
<img width="1252" height="563" alt="Screenshot 2025-10-06 at 2 00 40 PM"
src="https://github.com/user-attachments/assets/2a021874-688a-4a14-a2b3-43eaa11c7af1"
/>
- [x] QA'd all new/changed functionality manually
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#28711 and #33685
- Adds a confirmation step to 2 run script user flows:
- Host details > Actions > Run script > Actions > Run
- Host details > Actions > Run script > Click script name for script
details > More actions > Run
- For each user flow, canceling / going back takes the user to wherever
they came from, e.g., to the run script (scripts table) modal or to the
script details modal
- Confirming the script run always redirects to the run script (scripts
table) modal
- Consolidates and streamlines logic of the script modal group
- Clarify + solidify modal options in script modal group
<img width="1208" height="693" alt="Screenshot 2025-09-30 at 4 12 46 PM"
src="https://github.com/user-attachments/assets/160d4105-cbd1-48f5-9d52-1e11f81f87f5"
/>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Added a confirmation dialog before running a script from a host’s
details, clearly showing the script and host names.
- Improvements
- Streamlined script run flow with clearer loading indicators and
smoother transitions between modals.
- Enhanced modal behavior: consistent close/cancel handling and the
ability to return to the previous view after canceling a run.
- More consistent actions in script details and run views, reducing
unexpected refreshes and interruptions.
- Chores
- Internal test updates to improve reliability of user interaction
simulations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Fixes#33068.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] QA'd all new/changed functionality manually
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## For #33285
- Push to details page with `status` param included to avoid that page's
effect that muddies browser history. Since tab nav on that page is
controlled by URL query params, this effect is important - there _must_
always be a status param.
- Update the details page table query change handler to replace instead
of push to the URL
https://github.com/user-attachments/assets/b15b4eda-df24-4d01-a7f4-a60a63282e63
- [x] QA'd all new/changed functionality manually
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## PR 1/2 for #32037
- Implements update for the Linux setup experience from the IT admin's
point of view. Updates for the end-user ("My device" page) to follow
- Works in concert with the new endpoints implemented in
https://github.com/fleetdm/fleet/pull/32493
- Splits Controls > Setup experience > Install software into 3 tabbed
sections, one for each of macOS, Windows (placeholder state for now, to
be implemented in following iteration), and Linux.
- Dynamically calls new GET and PUT endpoints and routes data
accordingly depending on which platform software for install is being
updated for.
- Update the software selection modal to display software package
versions, including the package type (deb, rpm, or tar) for Linux
software packges.
- New activity feed item
- Update relevant tests
_Note that the lower-right-hand image in this GIF is outdated and will
be updated with new content once this entire feature is integrated_
~- [ ] Changes file added for user-visible changes in `changes/`~ will
include in PR 2/2
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## For #31226
New features:
- Dynamic header for each possible state of a batch script run: Started,
Scheduled, and Finished (corresponds to tabs at
`/controls/scripts/progress`
- Unique tabs for each possible status of hosts targeted by a batch
script run: Ran, Errored, Pending, Incompatible, Canceled.
- Within each tab, sortable, paginated host results with output preview
and execution time.
- View script/run details, cancel a batch, view manage hosts page
filtered for the script batch run and a status.
- Global script batch runs activities and and Scripts progress rows now
navigate to this details page.
Cleanups and improvements:
- Expand tab count badge options using “alert”/“pending” variants across
hosts, policies, and query results.
- Misc cleanups and improvements
- [x] Changes file added for user-visible changes in `changes/`,
- [x] Updated automated tests - new tests tracked for follow-up work
- [x] QA'd all new/changed functionality manually
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## #32236
Found this bug while testing > 10 scripts or so per-team for another
story.
@jacobshandling mentioned we were missing passing `currentPage` to
`SideNav`.
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
for #32238
# Details
* After a script is canceled, refresh the current tab to show that the
canceled script is no longer there
* When scheduling a script, check the specified time against UTC, not
current timezone time of day.
# Checklist for submitter
## Testing
- [X] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [X] Confirmed that the fix is not expected to adversely impact load
test results
## For #32094
<img width="1800" height="1088" alt="Screenshot 2025-08-19 at 8 08
12 PM"
src="https://github.com/user-attachments/assets/3f83e4bf-af58-48bf-868f-d1417f420f50"
/>
- [x] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [x] Confirmed that the fix is not expected to adversely impact load
test results
- ~[ ] Alerted the release DRI if additional load testing is needed~
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## For #28699 auxiliary feature
- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## For #28159
- Implement UI capability to run scripts on batches of hosts at a time
- Add new hosts table `Run script` primary action, triggers
- new `RunScriptBatch` modal, allows running scripts on the selected
batch of hosts
- new `RunScriptBatchPaginatedList`, handles logic specific to this
modal, and utilizes the now more flexible `PaginatedList` component
- Widen capabilities of `PaginatedList` component to elegantly handle
more diverse applications, including this one
- Widen capabilities of `ScriptDetailsModal` component to elegantly
handle more diverse applications, including this one
- Streamline updating `state`s on manage hosts page
- Clearer, more concise naming
- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
