**Related issue:** Resolves#44252 & #44227
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
## Testing
- [X] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Bug Fixes
* Fixed an issue preventing users from enabling two-factor
authentication when editing existing user accounts.
* Fixed team assignment handling when editing user accounts to properly
process empty team selections.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
**Related issue:** Resolves#42879
* Full UI for API-only user management: create/edit flows, fleet/role
assignment, selectable API endpoint permissions, and one-time API key
display.
* New reusable components: API user form, endpoint selector, API access
section, and API key presentation.
* Admin workflow switched from in-page modals to dedicated pages and
streamlined action dropdown navigation.
* Layout and styling refinements for user management, team lists, and
dropdown behaviors.
---------
Co-authored-by: Juan Fernandez <juan@fleetdm.com>
Zed + Opus 4.6; prompt: Convert the InputField JSX component to
TypeScript and remove the ts-ignore directives that we no longer need
after doing so.
- [x] Changes file added
- [x] Automated tests updated
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#42311
- Fixes ID collision on Users table (causing users to not be rendered
when an existing user's ID matches an invited user's ID).
- Fixes total users count.
- Fixes `isResettingCurrentUser` check.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] QA'd all new/changed functionality manually
#### Before
- ID collision caused the admin user to not be rendered on the table
(see the user with Invite pending which has id=1 as the admin does).
- Notice that we have a total of 3 users counting the response from
`users` and `invites` endpoints.
<img width="2557" height="477" alt="Screenshot 2026-03-25 at 2 46 31 PM"
src="https://github.com/user-attachments/assets/833b07f5-a0ce-4f15-94bf-79040bd03dba"
/>
<img width="2555" height="722" alt="Screenshot 2026-03-25 at 2 46 26 PM"
src="https://github.com/user-attachments/assets/5707ab37-b060-40b4-913f-864b2254076d"
/>
#### After
- All users showing.
- Updated count to reflect the sum of users + invited users above the
table.
<img width="1358" height="432" alt="Screenshot 2026-03-25 at 2 53 24 PM"
src="https://github.com/user-attachments/assets/2a995e78-0ae8-4846-a8b1-b35edd61cb02"
/>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** For #41030
# Details
This PR updates front-end routes and redirects the old routes to the new
ones.
While I typically have shied away from renaming vars and constants in
this phase of the renaming work, I chose to rename the path constants
here because they're a lot less useful when they have names that don't
correspond to the paths they're representing. I did the renames using
VSCode's "Rename Symbol" feature which automatically finds and fixes any
references. I then asked Claude to verify the changes and it didn't find
any dangling references (also the code would fail to compile unless all
the new names collided with old ones).
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
n/a
## Testing
- [ ] Added/updated automated tests
no relevant tests exist
- [X] QA'd all new/changed functionality manually
## Reports (formerly Queries)
**New routes:**
- [x] /reports/manage — Reports list page
- [x] /reports/new — New report editor
- [x] /reports/new/live — New report live query
- [x] /reports/:id — Report details
- [x] /reports/:id/edit — Edit report
- [x] /reports/:id/live — Live report run
**Redirects from old routes:**
- [x] /queries → /reports
- [x] /queries/manage → /reports/manage
- [x] /queries/new → /reports/new
- [x] /queries/new/live → /reports/new/live
- [x] /queries/:id → /reports/:id
- [x] /queries/:id/edit → /reports/:id/edit
- [x] /queries/:id/live → /reports/:id/live
## Host Reports (formerly Host Queries)
**New routes:**
- [x] /hosts/:host_id/reports/:query_id — Host report results
**Redirects from old routes:**
- [ ] ~/hosts/:host_id/schedule → /hosts/:host_id/reports~ <- this is
not a real URL; removed current broken redirect
- [x] /hosts/:host_id/queries/:query_id →
/hosts/:host_id/reports/:query_id
## Fleets (formerly Teams)
**New routes:**
- [x] /settings/fleets — Fleets list page
- [x] /settings/fleets/users?fleet_id=:id — Fleet users
- [x] /settings/fleets/options?fleet_id=:id — Fleet agent options
- [x] /settings/fleets/settings?fleet_id=:id — Fleet settings
**Redirects from old routes:**
- [x] /settings/teams → /settings/fleets
- [x] /settings/teams/users → /settings/fleets/users
- [x] /settings/teams/options → /settings/fleets/options
- [x] /settings/teams/settings → /settings/fleets/settings
- [x] /settings/teams/:team_id → /settings/fleets
- [x] /settings/teams/:team_id/users → /settings/fleets
- [x] /settings/teams/:team_id/options → /settings/fleets
**Navigation & Links**
- [x] Top nav "Reports" link goes to /reports/manage
- [x] User menu team switcher navigates to
/settings/fleets/users?fleet_id=:id
- [x] Admin sidebar "Fleets" tab goes to /settings/fleets
- [x] "Create a fleet" links (user form, transfer host modal) go to
/settings/fleets
- [x] "Back to fleets" button on fleet details goes to /settings/fleets
- [x] Fleet table name links go to /settings/fleets/users?fleet_id=:id
- [x] Host details "Add query" button goes to /reports/new
- [x] Select query modal links go to /reports/new and /reports/:id/edit
- [x] Query report "full report" link goes to /reports/:id
- [x] Browser tab titles show correct names for report pages
**Query params preserved through redirects**
- [x] /queries/:id?fleet_id=1 → /reports/:id?fleet_id=1
- [x] /settings/teams/users?fleet_id=1 →
/settings/fleets/users?fleet_id=1
For unreleased bug fixes in a release candidate, one of:
- [X] Confirmed that the fix is not expected to adversely impact load
test results
**Related issue:** Resolves#14401
# Checklist for submitter
this updates the mechanism of storing the auth token for a user that is
used for making requests and validating a user session. We change the
storage from local storage to a cookie. This allow a bit more security
and prepares for a future change where we will allow the browser to
handle setting and passing the auth token in the request.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] QA'd all new/changed functionality manually
Resolves#38621, #38627, and #38623.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
## Testing
- [x] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Added a new premium-tier Technician role with read/write permissions
across teams, hosts, policies, queries, and configurations.
* License validation now prevents assigning premium roles on Fleet Free
editions.
* **Bug Fixes**
* Updated role-based access controls across team management pages to
properly restrict technician access.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
for #31876
# Details
This PR updates the validation for password requirements to be
consistent in all places, and to show more specific error messages when
the entered password does not meet the requirements.
Previously the `valid_password` helper just returned a boolean
indicating whether a password was valid. It now returns an object with
`isValid`, `error` and `error_code` so that different types of password
issues can be surfaced. This allows us to continue having a single
source of truth for password validation, while providing more helpful
error messages when a password doesn't meet our criteria.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
- [X] First time setup (adding the initial user)
- [X] Add user in settings -> manage users
- [X] Changer user password in settings -> manage users
- [X] Password reset form
## For #28159
- Implement UI capability to run scripts on batches of hosts at a time
- Add new hosts table `Run script` primary action, triggers
- new `RunScriptBatch` modal, allows running scripts on the selected
batch of hosts
- new `RunScriptBatchPaginatedList`, handles logic specific to this
modal, and utilizes the now more flexible `PaginatedList` component
- Widen capabilities of `PaginatedList` component to elegantly handle
more diverse applications, including this one
- Widen capabilities of `ScriptDetailsModal` component to elegantly
handle more diverse applications, including this one
- Streamline updating `state`s on manage hosts page
- Clearer, more concise naming
- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## For #26229 – Part 1

- This PR contains the core abstractions, routes, API updates, and types
for GitOps mode in the UI. Since this work will touch essentially every
part of the Fleet UI, it is ripe for merge conflicts. To mitigate such
conflicts, I'll be merging this work in a number of iterative PRs. ~To
effectively gate any of this work from showing until it is all merged to
`main`, [this commit](feedbb2d4c) hides
the settings section that allows enabling/disabling this setting,
effectively feature flagging the entire thing. In the last of these
iterative PRs, that commit will be reverted to engage the entire
feature. For testing purposes, reviewers can `git revert
feedbb2d4c25ec2e304e1f18d409cee62f6752ed` locally~ The new settings
section for this feature is feature flagged until all PRs are merged -
to show the setting section while testing, run `ALLOW_GITOPS_MODE=true
NODE_ENV=development yarn run webpack --progress --watch` in place of
`make generate-dev`
- Changes file will be added and feature flag removed in the last PR
- [x] Settings page with routing, form, API integration (hidden until
last PR)
- [x] Activities
- [x] Navbar indicator
- Apply GOM conditional UI to:
- [x] Manage enroll secret modal: .5
- Controls >
- [x] Scripts:
- Setup experience >
- [x] Install software > Select software modal
- [x] OS Settings >
- [x] Custom settings
- [x] Disk encryption
- [x] OS Updates
2/18/25, added to this PR:
- [x] Controls > Setup experience > Run script
- [x] Software >
- [x] Manage automations modal
- [x] Add software >
- [x] App Store (VPP)
- [x] Custom package
- [x] Queries
- [x] Manage
- [x] Automations modal
- [x] New
- [x] Edit
- [x] Policies
- [x] Manage
- [x] New
- [x] Edit
- Manage automations
- [x] Calendar events
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## For #25956
- include the `mfa_enabled` field when rendering the edit user modal
- Include `mfa_enabled` as a changeable field in the form submission
logic

- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## For #24948

- [x] Changes file added for user-visible changes in `changes/`
- [x] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
_Merge only _after_ https://github.com/fleetdm/fleet/pull/25322_
## For #25319
- Team admin can access SSO and 2FA options in user form when they are
enabled (see api response to right):
<img width="1799" alt="Screenshot 2025-01-10 at 1 36 10 PM"
src="https://github.com/user-attachments/assets/66bd5eea-dc1d-4e5b-85fc-b377520f337a"
/>
- [x] Changes file added for user-visible changes in `changes/`,
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Also fixes some capitalization/pluralization issues for user management
for team admins
For #24623.
# Checklist for submitter
- [x] Manual QA for all new/changed functionality