86d4162f1d
## Summary
- Adds a comprehensive `.claude/` configuration that gives every
engineer Fleet-aware AI assistance out of the box — no MCP servers,
plugins, or external dependencies required
- Converts legacy `.claude/commands/` to skills with YAML frontmatter,
adds new skills, agents, rules, and hooks
- Adds ~2,500 tokens at startup; rules, skill bodies, and agent bodies
load on demand
## What's included
**6 rules** (auto-apply by file path):
- Go backend, frontend, database, API endpoints, and Orbit agent
conventions
- Covers: ctxerr errors, banned imports, `fleethttp.NewClient()`,
`new(expression)` over legacy `server/ptr`, bounded contexts
(`server/activity/`, `server/mdm/`), transaction safety (no
`ds.reader`/`ds.writer` inside tx), terminology (fleets/reports), React
Query, BEM, permissions utilities, and more
**12 skills** (invoke with `/`):
- `/review-pr`, `/fix-ci`, `/test`, `/find-related-tests`, `/lint` —
review and testing workflows
- `/new-endpoint`, `/new-migration`, `/update-data-dictionary` —
scaffolding and maintenance
- `/fleet-gitops`, `/spec-story`, `/project` — planning and
configuration workflows.
- `/project` includes a minimal self-improvement mechanism. Claude adds
discoveries and gotchas to the workstream context as you work, so each
session starts with slightly richer context than the last.
**3 agents** (specialized reviewers):
- `go-reviewer` (sonnet, proactive) — Go conventions, ctxerr, auth,
testing
- `frontend-reviewer` (sonnet, proactive) — TypeScript, React Query,
BEM, accessibility
- `fleet-security-auditor` (opus, on-demand) — MDM, auth gaps,
injection, PII exposure
**4 hooks** (automated):
- PreToolUse guard blocking dangerous commands (`rm -rf`, `force push`,
`pipe-to-shell`)
- PostToolUse goimports on Go files (`**/*.go`)
- PostToolUse prettier on frontend files (`frontend/**`)
- PostToolUse `lint-on-save`: auto-fixes with `golangci-lint --fix` /
`eslint --fix`, then runs `make lint-go-incremental` and feeds remaining
violations back to Claude as context for self-correction
**Permissions** — pre-approves safe operations (`test`, `lint`, `build`,
`make`, `git` read, `gh` CLI) and blocks dangerous ones (`force push`,
`rm -rf`)
**README** — includes a Claude Code primer for engineers new to the
tool, full reference for all skills/agents/hooks/rules, customization
guide (how to override skills, agents, model, effort), and contributing
instructions
**DATA-DICTIONARY.md** — updated with 13 recent migrations (March 2026)
that were missing
## Not covered (future iterations)
- `android/` (Android app)
- `website/` (Sails.js marketing site)
- `ee/fleetd-chrome/` (Chrome extension)
- `ee/vulnerability-dashboard/` (legacy Sails dashboard)
- `third_party/` (forked external code)
- Documentation workflows (guides, API docs, handbook)
- Fleet-maintained apps (FMA catalog, packaging, `ee/maintained-apps/`)
- MDM-specific conventions beyond the Go backend rule
## How to test
Pull the `.claude/` folder into your working branch without switching:
```bash
git checkout origin/cc-setup-teamwide -- .claude/
claude --debug # start a session and work normally
git checkout -- .claude/ # revert when done
git clean -fd .claude/ # remove new files that weren't on your branch
```
Check the debug log at `~/.claude/debug/` for detailed hook and tool
execution traces.
Try `/test` on a recent change, `/lint` go to lint Go files, or ask
Claude to review your code and watch the `go-reviewer` agent kick in.
### Test plan
- [x] Start a new Claude Code session in the Fleet project and run
`/context` to verify loading
- [x] Type `/` and confirm all 12 skills appear
- [x] Run `/test` on a small package
- [x] Edit a `.go` file and verify goimports runs automatically
- [x] Edit a `.go` file with a lint violation and verify `lint-on-save`
auto-fixes it
- [x] Edit a `.tsx` file and verify prettier runs automatically
- [x] Run a command like `echo test` and verify no permission prompt
(allowed by settings)
- [x] Verify `git diff` runs without prompt
- [x] Ask Claude to review code and check that the `go-reviewer` agent
is invoked
- [x] Verify skills
- [x] `/update-data-dictionary` correctly updates `DATA-DICTIONARY.md`
- [x] `/spec-story` fetches issue and follows the process defined in the
skill
- [x] `/project` detects memory directory and runs in a fork
- [x] `/review-pr` runs in fork, produces detailed review
- [x] `/lint go` detects changes and runs appropriate linters
- [x] `/lint frontend` detects changes and runs appropriate linters
- [x] `/lint full` runs all linters
- [x] `/test` detects changed packages and runs with correct env vars
- [x] `/test` runs frontend tests when frontend files changed
- [x] `/find-related-tests` outputs correct test files and go test
commands
- [x] `/fix-ci` with a real failing CI run URL
- [x] `/fleet-gitops` provides GitOps context and references
- [x] `/new-endpoint` scaffolds with correct Fleet patterns
- [x] `/new-migration` creates timestamped file + test file with correct
structure
- [x] Verify hooks
- [x] Verify agents
- [x] Verify rules
### Hooks test results
<img width="792" height="502" alt="Screenshot 2026-04-04 at 10 16 14 AM"
src="https://github.com/user-attachments/assets/ed066f65-1b79-4faa-a06f-3ce50837f055"
/>
<img width="811" height="693" alt="Screenshot 2026-04-06 at 8 49 28 AM"
src="https://github.com/user-attachments/assets/4513423e-d16c-40c1-a8d8-27f38a87acfd"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated internal developer documentation and Claude Code configuration
for improved development workflows, including coding standards, security
guidelines, testing procedures, and automated code review/formatting
setup.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
|
||
|---|---|---|
| .claude | ||
| .github | ||
| .kilocode/skills/fleet-gitops | ||
| .storybook | ||
| .vscode | ||
| android | ||
| articles | ||
| assets | ||
| changes | ||
| charts | ||
| client | ||
| cmd | ||
| docs | ||
| ee | ||
| frontend | ||
| git-hooks | ||
| handbook | ||
| infrastructure | ||
| it-and-security | ||
| orbit | ||
| pkg | ||
| proposals | ||
| schema | ||
| security | ||
| server | ||
| terraform | ||
| test/upgrade | ||
| third_party | ||
| tools | ||
| website | ||
| .coderabbit.yaml | ||
| .custom-gcl.yml | ||
| .dockerignore | ||
| .eslintignore | ||
| .eslintrc.js | ||
| .gitattributes | ||
| .gitignore | ||
| .gitpod.yml | ||
| .golangci-incremental.yml | ||
| .golangci.yml | ||
| .goreleaser-snapshot.yml | ||
| .goreleaser.yml | ||
| .npmignore | ||
| .pre-commit-config.yaml | ||
| .prettierignore | ||
| .prettierrc.json | ||
| .yarnrc | ||
| babel.config.json | ||
| CHANGELOG.md | ||
| CODE_OF_CONDUCT.md | ||
| codecov.yml | ||
| CODEOWNERS | ||
| docker-compose-redis-cluster.yml | ||
| docker-compose.yml | ||
| Dockerfile-desktop-linux | ||
| go.mod | ||
| go.sum | ||
| kilo.md | ||
| LICENSE | ||
| Makefile | ||
| manifest.yml.cloudgov.example | ||
| osv-scanner.toml | ||
| package.json | ||
| postcss.config.js | ||
| README.md | ||
| render.yaml | ||
| SECURITY.md | ||
| tsconfig.json | ||
| webpack.config.js | ||
| yarn.lock | ||
News · Report a bug · Handbook · Why open source? · Art
Open-source platform for IT and security teams with thousands of computers. Designed for APIs, GitOps, webhooks, YAML, and humans.
What's it for?
Organizations like Fastly and Gusto use Fleet for vulnerability reporting, detection engineering, device management (MDM), device health monitoring, posture-based access control, managing unused software licenses, and more.
Explore data
To see what kind of data you can use Fleet to gather, check out the table reference documentation.
Out-of-the-box policies
Fleet includes out-of-the box support for all CIS benchmarks for macOS and Windows, as well as many simpler queries.
Take as much or as little as you need for your organization.
Supported platforms
Here are the platforms Fleet currently supports:
- Linux (all distros)
- macOS
- Windows
- Chromebooks
- Amazon Web Services (AWS)
- Google Cloud (GCP)
- Azure (Microsoft cloud)
- Data centers
- Containers (kube, etc)
- Linux-based IoT devices
Lighter than air
Fleet is lightweight and modular. You can use it for security without using it for MDM, and vice versa. You can turn off features you are not using.
Openness
Fleet is dedicated to flexibility, accessibility, and clarity. We think everyone can contribute and that tools should be as easy as possible for everyone to understand.
Good neighbors
Fleet has no ambition to replace all of your other tools. (Though it might replace some, if you want it to.) Ready-to-use, enterprise-friendly integrations exist for Snowflake, Splunk, GitHub Actions, Vanta, Elastic Jira, Zendesk, and more.
Fleet plays well with Munki, Chef, Puppet, and Ansible, as well as with security tools like Crowdstrike and SentinelOne. For example, you can use the free version of Fleet to quickly report on what hosts are actually running your EDR agent.
Free as in free
The free version of Fleet will always be free. Fleet is independently backed and actively maintained with the help of many amazing contributors.
Longevity
The company behind Fleet is founded (and majority-owned) by true believers in open source. The company's business model is influenced by GitLab (NYSE: GTLB), with great investors, happy customers, and the capacity to become profitable at any time.
In keeping with Fleet's value of openness, Fleet Device Management's company handbook is public and open source. You can read about the history of Fleet and osquery and our commitment to improving the product.
Is it any good?
Fleet is used in production by IT and security teams with thousands of laptops and servers. Many deployments support tens of thousands of hosts, and a few large organizations manage deployments as large as 400,000+ hosts.
Chat
Please join us in MacAdmins Slack or in osquery Slack.
The Fleet community is full of kind and helpful people. Whether or not you are a paying customer, if you need help, just ask.
Contributing 
The landscape of cybersecurity and IT is too complex. Let's open it up.
Contributions are welcome, whether you answer questions on Slack / GitHub / StackOverflow / LinkedIn / Twitter, improve the documentation or website, write a tutorial, give a talk at a conference or local meetup, give an interview on a podcast, troubleshoot reported issues, or submit a patch. The Fleet code of conduct is on GitHub.
What's next?
To see what Fleet can do, head over to fleetdm.com and try it out for yourself, grab time with one of the maintainers to discuss, or visit the docs and roll it out to your organization.
Production deployment
Fleet is simple enough to spin up for yourself. Or you can have us host it for you. Premium features are available either way.
Documentation
Complete documentation for Fleet can be found at https://fleetdm.com/docs.
License
The free version of Fleet is available under the MIT license. The commercial license is also designed to allow contributions to paid features for users whose employment agreements allow them to contribute to open source projects. (See LICENSE.md for details.)
Fleet is built on osquery, nanoMDM, Nudge, and swiftDialog.