## Summary
- Fixed a broken link in the "Writing style" section of the company
handbook (`handbook/company/writing.md`)
- The "Mister Rogersing" example link was pointing to the old URL
(`/handbook/company/communications#what-would-mister-rogers-say`) which
no longer exists
- Updated it to the correct URL
(`/handbook/company/writing#what-would-mister-rogers-say`)
Built for [Michael
Thomas](https://fleetdm.slack.com/archives/D0AL6RD36GL/p1773287035750919)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#40607
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
## Testing
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#38585
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
## Testing
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Fixed Microsoft NDES CA selection to work immediately after deleting
an existing NDES CA without requiring a page refresh.
* Added validation preventing multiple NDES CAs from being added, with a
tooltip message explaining the limitation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Documents the two types of Salesforce campaigns (working campaigns and
parent campaigns) under the existing "Campaign hierarchy" H3 on the
Marketing Ops handbook page.
- Calls out the **campaign record type** as the controlling field that
determines whether a campaign is a working campaign or a parent
campaign.
- Adds links to the Salesforce list views for parent campaigns and
active working campaigns.
Built for [Sam
Pfluger](https://fleetdm.slack.com/archives/D0AF8QFBVHB/p1773266321452929?thread_ts=1773265867.373719&cid=D0AF8QFBVHB)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
## Summary
- Adds Backblaze (data backup and storage service) as a new
fleet-maintained app with **macOS** support via Homebrew cask
(`backblaze`).
- Backblaze uses a manual installer (`Backblaze Installer.app`) inside a
DMG, so custom install and uninstall scripts are provided following the
same pattern as Adobe Creative Cloud.
- The install script mounts the DMG, locates `Backblaze Installer.app`,
and runs the `bzinstall_mate` binary with the `-nogui` flag for silent
installation.
- The uninstall script stops launchctl services
(`com.backblaze.bzbmenu`, `com.backblaze.bzserv`), removes app bundles,
preference pane, diagnostic reports, package data, and per-user
preferences.
### Files added/changed
| File | Description |
|------|-------------|
| `ee/maintained-apps/inputs/homebrew/backblaze.json` | macOS input
definition |
| `ee/maintained-apps/inputs/homebrew/scripts/backblaze_install.sh` |
Custom install script (DMG mount + manual installer execution) |
| `ee/maintained-apps/inputs/homebrew/scripts/backblaze_uninstall.sh` |
Custom uninstall script (launchctl cleanup + file removal) |
| `ee/maintained-apps/outputs/backblaze/darwin.json` | Generated macOS
output manifest |
| `ee/maintained-apps/outputs/apps.json` | Updated with Backblaze entry
and description |
### Windows support note
Windows support via WinGet (`Backblaze.Backblaze`) is not included in
this PR because the Backblaze package has never been successfully merged
into the [winget-pkgs
repository](https://github.com/microsoft/winget-pkgs). All submission
attempts were rejected due to the installer failing WinGet's unattended
installation validation. Windows support can be added once Backblaze is
available in winget-pkgs.
### Checklist
- [x] macOS input file follows Homebrew input schema
- [x] Custom scripts follow existing patterns (Adobe Creative Cloud)
- [x] Output manifest matches expected format
- [x] `apps.json` updated with description following sentence casing
format
- [x] Entry sorted alphabetically in `apps.json`
- [ ] Icon generation (requires macOS host with Backblaze installed)
- [ ] Validation on macOS host
---
Built for [Mitch
Francese](https://fleetdm.slack.com/archives/D0AG92RJGHY/p1773172809438909?thread_ts=1773163736.129729&cid=D0AG92RJGHY)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Co-authored-by: Mitch Francese <2227948+tux234@users.noreply.github.com>
## Summary
- Adds Ollama as a fleet-maintained app (FMA) with support for both
macOS and Windows platforms
- Ollama is a popular tool to get up and running with large language
models locally
## Changes
### macOS (Darwin)
- **Input**: `ee/maintained-apps/inputs/homebrew/ollama.json` — uses
Homebrew cask `ollama-app`
- **Installer format**: `zip`
- **Bundle identifier**: `com.electron.ollama`
- **Output**: `ee/maintained-apps/outputs/ollama/darwin.json` —
generated via `go run cmd/maintained-apps/main.go --slug="ollama/darwin"
--debug`
### Windows
- **Input**: `ee/maintained-apps/inputs/winget/ollama.json` — uses
WinGet package `Ollama.Ollama`
- **Installer type**: `exe` (Inno Setup)
- **Installer scope**: `user`
- **Custom scripts**: `ollama_install.ps1` and `ollama_uninstall.ps1`
with Inno Setup silent flags (`/VERYSILENT /SUPPRESSMSGBOXES
/NORESTART`)
- **Output**: `ee/maintained-apps/outputs/ollama/windows.json` —
generated via `go run cmd/maintained-apps/main.go
--slug="ollama/windows" --debug`
### App catalog
- Added Ollama entries (darwin + windows) to
`ee/maintained-apps/outputs/apps.json` with description
## Notes
- Icon generation and frontend integration (`tools/software/icons`)
still need to be done separately per the FMA contributing guide
- Category: `Developer tools`
Built for [Mitch
Francese](https://fleetdm.slack.com/archives/D0AG92RJGHY/p1773163983187599?thread_ts=1773163736.129729&cid=D0AG92RJGHY)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Co-authored-by: Mitch Francese <2227948+tux234@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#39781
- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually - TODO with wip
backend work
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled
## Summary
- Updates the "Go-To-Market tools" section in the GTM operations
handbook to clarify that demos of GTM tools (tools used in Sales,
Marketing, Customer Success, or that integrate with/use data from
Salesforce) must also be kicked off by the Head of GTM Architecture.
Built for [Sam
Pfluger](https://fleetdm.slack.com/archives/D0AF8QFBVHB/p1773261960488039)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
To be included in Apple MDM setup guide.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Related to #39063
## Summary
- Adds Sequel Ace (free, open-source MySQL/MariaDB database manager for
macOS) as a fleet-maintained app
- Includes input JSON, generated output, app icon, and apps.json entry
- macOS only (zip installer format, cask: `sequel-ace`)
## Test plan
- [ ] Verify `sequel-ace/darwin` output JSON has correct installer URL
and SHA256
- [ ] Verify icon renders correctly in the software page
- [ ] Verify apps.json entry is in correct alphabetical order with
description
#41229
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#40609 (maybe, untested)
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
Changes:
- Updated the create-vanta-authorization-request action to return a
`fleetInstanceNotResponding` response if requests fail with a 404 status
code.
Updated content:
- Changed to "High-agency device management."
- Updated all references of "configuration-as-code" to
"infrastructure-as-code."
- Referenced 20% "busy work" example in "Shorten the feedback loop"
section
- Referenced no vendor lock-in example in "Deploy anywhere you want"
section and updated image
- Referenced global privacy conflicts example in "Scope transparency"
section
- Referenced peer review point in "Modern change management" section
- Brought AI reference section higher up the page
Changes:
- Updated `build-static-content` to support a new article category:
`whitepaper`
- Added a new article template page: `basic-whitepaper.ejs`.
- Added `deliver-whitepaper-download-request`, an action that
creates/updates a contact and account in the CRM and creates a
historical event when a user submits a form to download a whitepaper.
- Updated the "News" link in the website's header navigation to be
"Resources / Blog", and changed the link to /articles
- Added a link to the whitepapers category page (/whitepapers) to the
side bar navigation on article category pages
- Added a whitepaper article: "Modern endpoint management: Managing
devices as code"
Fixing typo
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
Added two case studies
- Global collaboration platform consolidates device management with
Fleet
- Financial data company scales endpoint visibility with Fleet
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#41074
# Details
Fixes an issue where CSV export still has `team_name` and `team_id`
columns, but not `fleet_name` or `fleet_id`.
Unlike the API param and other renames, I took a manual approach here
since it's just the two fields and isn't likely to expand. I added
cleaning them up to my Fleet 5 punchlist.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [X] Added/updated automated tests
- [X] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [X] QA'd all new/changed functionality manually
- [X] exported report from UI, saw both team_name and fleet_name
- [X] exported report via API with no columns requested (so all columns
returned), saw team_id, team_name, fleet_id and fleet_name
## Summary
- Updated the security incident identification and triage process (Phase
I) in the IT security handbook to clarify how Fleet members should
report suspected security incidents.
- Reports should now be sent to the **#g-security** Slack channel with
`@mention` for **@Allen Houchins** and **@Pepper (Andrea Pepper)**.
- For serious incidents or if there isn't a timely response, members
should also follow up with a direct message (DM) to both Allen Houchins
and Pepper (Andrea Pepper).
## Changes
This replaces the previous generic list of reporting methods (direct
report, email, phone, Slack) with specific, actionable guidance
directing team members to the #g-security Slack channel with the
appropriate contacts.
---
Built for [Allen
Houchins](https://fleetdm.slack.com/archives/D0AFASNBZMW/p1773202350274859)
by [Kilo for Slack](https://kilo.ai/features/slack-integration)
---------
Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
Co-authored-by: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.10 to 7.5.11.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bf776f6731"><code>bf776f6</code></a>
7.5.11</li>
<li><a
href="f48b5fa3b7"><code>f48b5fa</code></a>
prevent escaping symlinks with drive-relative paths</li>
<li><a
href="97cff15d35"><code>97cff15</code></a>
docs: more security info</li>
<li>See full diff in <a
href="https://github.com/isaacs/node-tar/compare/v7.5.10...v7.5.11">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
This pull request updates the application validation logic to better
handle Google Chrome's auto-update behavior on Windows. Specifically, it
ensures that the validation does not fail if Chrome's installed version
is newer than the installer version, which is a common case due to its
auto-updating nature.
Application validation improvements:
* Modified the `appExists` function in `windows.go` to skip strict
version checks for Google Chrome and log an informational message when a
version mismatch is detected, treating the app as installed if found.
## Summary
- Adds Warp terminal as a Fleet maintained app for macOS (darwin)
- Uses direct CDN URL (`releases.warp.dev`) instead of Homebrew's URL
which requires `User-Agent: Homebrew` header
- Single `WarpDirectInstaller` enricher: overrides URL, sets `sha256:
no_check`, strips `.stable_` from version string
- Version: `0.2026.02.25.08.24.01` (latest stable)
## Validation checklist
- [ ] App can be downloaded using manifest URL
- [ ] App installs successfully on macOS host using manifest install
script
- [ ] App exists in software inventory after install
(`dev.warp.Warp-Stable`)
- [ ] App uninstalls successfully using manifest uninstall script
## Notes
Supersedes #37901 (branch had corrupted git history from a rewrite; this
is a clean branch off main).
