Allow disabling historical data collection (GitOps / API)

[sgress454]

Related issue: For #44077

Details

• Adds historical_data key to app and team config (and gitops) with uptime and vulnerabilities subkeys. Keys default to true, meaning "collect this data"
• Adds enabled_historical_dataset and disabled_historical_dataset activities when these values are flipped via GitOps or the config APIs

The majority of the file changes in here are GitOps test files that need to be updated to have the new config in them.

This PR does not implement using these configs to actually disable data collection or purge data; that will come in a follow-up PR (as well as the front-end)

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  See Changes files for more information.
  n/a, unreleased

Testing

• Added/updated automated tests

• QA'd all new/changed functionality manually

  Defaults

  • Fresh install: GET /api/v1/fleet/config returns features.historical_data.uptime: true and features.historical_data.vulnerabilities: true
  • Created a new fleet via POST /api/v1/fleet/teams, then GET /api/v1/fleet/fleets/{id} returns features.historical_data.uptime: true and features.historical_data.vulnerabilities: true

  Global PATCH (POST /api/v1/fleet/config)

  • PATCHed {"features": {"historical_data": {"vulnerabilities": false}}} — vulnerabilities flipped to false, uptime unchanged at true
  • PATCHed {"features": {"historical_data": {"uptime": false, "vulnerabilities": true}}} — both values applied as sent
  • PATCHed {"features": {"historical_data": {"vulnerabilites": false}}} (typo in sub-key) — request rejected with 4xx, stored config unchanged

  Fleet PATCH (PATCH /api/v1/fleet/fleets/{id})

  • PATCHed a fleet with {"features": {"historical_data": {"uptime": false}}} — fleet's uptime flipped to false, vulnerabilities unchanged
  • Subsequent GET /api/v1/fleet/fleets/{id} returns the toggled values under features.historical_data (storage shape is symmetric with global)
  • PATCHed a fleet with {"features": {"enable_host_users": false}} (a non-historical_data features sub-field) — request returned 200 but the fleet's enable_host_users is unchanged (silently ignored, per existing endpoint convention)

  GitOps — global (fleetctl gitops -f global.yml)

  • Applied a YAML with features.historical_data: {uptime: true, vulnerabilities: false} — vulnerabilities is false after apply, uptime is true
  • Applied a YAML whose org_settings omits features entirely — both sub-keys are true after apply (defaults injected even if previously disabled)
  • Applied a YAML where historical_data only contains uptime: false — uptime: false is honored, vulnerabilities defaults to true
  • Disabled vulnerabilities via the API, then ran fleetctl gitops with a YAML that doesn't pin it — vulnerabilities flips back to true (this is intentional; gitops is the source of truth)

  GitOps — fleet

  • Applied a fleet YAML with features.historical_data: {uptime: false} — that fleet has uptime: false, vulnerabilities: true after apply
  • Applied a fleet YAML whose team_settings.features omits historical_data — both sub-keys are true after apply
  • Applied a fleet YAML that omits features entirely — both sub-keys are true after apply

  fleetctl apply (legacy, partial-merge)

  • Disabled vulnerabilities via the API, then ran fleetctl apply with a YAML that doesn't mention historical_data — vulnerabilities is still false (apply leaves omitted fields alone)

  Activities — global

  • After PATCHing global to disable vulnerabilities, the latest activity is disabled_historical_dataset with payload {"dataset": "vulnerabilities", "fleet_id": null, "fleet_name": null}
  • After PATCHing global with both sub-keys flipping in one request, two activities are emitted (one per sub-key)
  • After PATCHing global with the same values that are already stored, zero new activities are emitted
  • After re-enabling a previously disabled dataset, the activity type is enabled_historical_dataset

  Activities — per fleet

  • After PATCHing fleet workstations to disable uptime, the activity is disabled_historical_dataset with payload {"dataset": "uptime", "fleet_id": <workstations id>, "fleet_name": "workstations"}
  • Toggling the same dataset on two different fleets produces two distinct activities, one per fleet
  • After a fleet PATCH with the same values already stored, zero new activities are emitted

For unreleased bug fixes in a release candidate, one of:

• Confirmed that the fix is not expected to adversely impact load test results
• Alerted the release DRI if additional load testing is needed

New Fleet configuration settings

• Setting(s) is/are explicitly excluded from GitOps

If you didn't check the box above, follow this checklist for GitOps-enabled settings:

• Verified that the setting is exported via fleetctl generate-gitops
• Verified the setting is documented in a separate PR to the GitOps documentation
  • disable data collection docs #44703
• Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional)
• Verified that any relevant UI is disabled when GitOps mode is enabled

Summary by CodeRabbit

• New Features

  • Historical-data controls: per-org and per-team toggles for uptime and vulnerability time‑series, with defaults applied when keys are omitted and enable/disable activities emitted on changes.

• Bug Fixes

  • Partial updates and PATCH/GitOps flows preserve unspecified historical-data sub-keys instead of clearing them.

• Tests

  • Expanded unit and integration tests covering defaults, partial PATCH/GitOps behavior, idempotency, and activity emission.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds per-dataset historical-data feature flags to Features via a new HistoricalDataSettings type (Uptime, Vulnerabilities, Enabled), persists them in app and team config, and provides partial-patch payloads (HistoricalDataPayload with optjson.Bool) for team updates. Ensures GitOps apply injects defaults for missing historical_data keys. Introduces EmitHistoricalDataActivities and two new activity detail types to emit enable/disable events when historical-data flags change. Integrates emission into ModifyTeam and ModifyAppConfig, and adds unit/integration tests plus updated test fixtures and GitOps/YAML outputs.

Possibly related PRs

• Trim spaces on Fleet's names (36312) #41739: Modifies ModifyTeam — touches the same function now updated to emit historical-data activities.
• Allow configuring webhook policy automations for "No team" #32129: Updates team update handling — overlaps with changes to ModifyTeam and team config patch semantics.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 21.43% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Allow disabling historical data collection (GitOps / API)' directly and concisely describes the main feature being added—the ability to disable historical data collection through both GitOps and API interfaces.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	PR description includes related issue, detailed functionality overview, and comprehensive testing checklist with most items checked and verified.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sgress454/44077-chart-disabling-gitops-api

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@server/service/client.go`:
- Around line 3464-3482: The helper ensureHistoricalDataDefaults currently
silently replaces non-map values at features["historical_data"] (e.g., scalars
or lists) with a default map; change it to validate the type instead of
overwriting: update ensureHistoricalDataDefaults to return an error, detect if
features["historical_data"] is present but not a map[string]any (and not nil),
and return a clear fmt.Errorf indicating the malformed value (include the actual
value/type); only when the key is absent or nil create and inject the default
map and continue; update any callers to handle/propagate the returned error from
ensureHistoricalDataDefaults.

In `@server/service/integration_core_test.go`:
- Around line 1039-1061: After reading previousRawConfig, register a guaranteed
cleanup that restores app_config_json so failures in the subsequent assertions
don't leave DB mutated: immediately after capturing previousRawConfig call
t.Cleanup with a closure that uses mysql.ExecAdhocSQL (same restore SQL and
parameters used later) against s.ds to re-insert previousRawConfig; remove or
keep the later ad-hoc restore block as appropriate to avoid duplicate restores.
Ensure the closure captures previousRawConfig and ctx so the restore uses the
original value.

In `@server/service/integration_enterprise_test.go`:
- Around line 1764-1768: The test only asserts the single boolean stayed the
same; instead capture the entire prior features and historical data before the
PATCH (e.g. priorFeatures := modResp.Team.Config.Features and
priorHistoricalData := modResp.Team.Config.HistoricalData), perform the PATCH
via s.DoJSON, then assert the whole features struct and historical data are
unchanged using require.Equal (compare priorFeatures to
modResp.Team.Config.Features and priorHistoricalData to
modResp.Team.Config.HistoricalData) and also assert no new activity was emitted
(check the activity store/listing for no additional entries created during the
request). Use the existing modResp and s.DoJSON call and replace the
single-field assertion on priorEnableHostUsers with these full-struct and
activity checks.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b5276c02-a34e-4871-9db2-216f4d1de26d

📥 Commits

Reviewing files that changed from the base of the PR and between 2aa6f24 and 9705a94.

📒 Files selected for processing (11)

• cmd/fleetctl/fleetctl/gitops_test.go
• ee/server/service/teams.go
• server/fleet/activities.go
• server/fleet/app.go
• server/fleet/app_test.go
• server/fleet/historical_data.go
• server/fleet/teams.go
• server/service/appconfig.go
• server/service/client.go
• server/service/integration_core_test.go
• server/service/integration_enterprise_test.go

[Copilot]

Pull request overview

Adds a new features.historical_data configuration block (global + per-fleet) to control collection for dashboard chart datasets, including GitOps default-injection and audit activities when toggles change.

Changes:

• Introduce features.historical_data.{uptime,vulnerabilities} with defaults to true.
• Emit enabled_historical_dataset / disabled_historical_dataset activities when either sub-key flips (global and team-scoped).
• Ensure GitOps applies default historical_data sub-keys to true when omitted in YAML, and add integration/unit test coverage.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
server/service/integration_enterprise_test.go	Adds EE integration tests for per-fleet PATCH + activities + spec apply round-trip.
server/service/integration_core_test.go	Adds core integration test for global config defaults, PATCH semantics, and activities.
server/service/client.go	Injects GitOps defaults for features.historical_data (global + team).
server/service/appconfig.go	Emits historical-data enable/disable activities on global config modify.
server/fleet/teams.go	Extends TeamPayload to accept per-fleet features.historical_data PATCH payload.
server/fleet/historical_data.go	Adds shared helper to emit activities per sub-key flip.
server/fleet/app_test.go	Adds unit tests for defaults/copy behavior and dataset-name mapping.
server/fleet/app.go	Adds HistoricalDataSettings to Features, defaulting behavior, and internal-name mapping.
server/fleet/activities.go	Registers and defines new activity types for historical dataset toggles.
ee/server/service/teams.go	Applies per-fleet PATCH merge semantics for historical_data and emits activities.
cmd/fleetctl/fleetctl/gitops_test.go	Adds fleetctl GitOps tests for default injection + explicit historical_data application.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

❌ Patch coverage is 82.65306% with 17 lines in your changes missing coverage. Please review.
✅ Project coverage is 65.35%. Comparing base (5e7f5a7) to head (c41240d).
⚠️ Report is 5 commits behind head on main.

Files with missing lines	Patch %	Lines
ee/server/service/teams.go	69.56%	4 Missing and 3 partials ⚠️
...migrations/tables/20260423161823_AddHostSCDData.go	73.33%	2 Missing and 2 partials ⚠️
server/service/client.go	77.77%	2 Missing and 2 partials ⚠️
server/fleet/historical_data.go	95.83%	0 Missing and 1 partial ⚠️
server/service/appconfig.go	87.50%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #44488      +/-   ##
==========================================
- Coverage   66.61%   65.35%   -1.26%     
==========================================
  Files        2657     2658       +1     
  Lines      214087   214185      +98     
  Branches     9820     9820              
==========================================
- Hits       142605   139977    -2628     
- Misses      58510    61220    +2710     
- Partials    12972    12988      +16     

Flag	Coverage Δ
backend-activity	86.37% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@cmd/fleetctl/fleetctl/testdata/expectedGetTeamsJson.json`:
- Around line 11-14: The fixture JSON has inverted defaults for the
historical_data feature: change the "historical_data" object's "uptime" and
"vulnerabilities" values from false to true in the expectedGetTeamsJson.json
test fixtures (update all occurrences where "historical_data": { "uptime":
false, "vulnerabilities": false } appears, e.g., the blocks around lines shown)
so the fixture matches the PR intent that features.historical_data.uptime and
features.historical_data.vulnerabilities default to true.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d4409e9f-5def-44d2-9a13-e28e8e0d0e7c

📥 Commits

Reviewing files that changed from the base of the PR and between 9705a94 and fb54888.

📒 Files selected for processing (21)

• cmd/fleetctl/fleetctl/testdata/expectedGetConfigAppConfigJson.json
• cmd/fleetctl/fleetctl/testdata/expectedGetConfigAppConfigTeamMaintainerJson.json
• cmd/fleetctl/fleetctl/testdata/expectedGetConfigAppConfigTeamMaintainerYaml.yml
• cmd/fleetctl/fleetctl/testdata/expectedGetConfigAppConfigYaml.yml
• cmd/fleetctl/fleetctl/testdata/expectedGetConfigIncludeServerConfigJson.json
• cmd/fleetctl/fleetctl/testdata/expectedGetConfigIncludeServerConfigYaml.yml
• cmd/fleetctl/fleetctl/testdata/expectedGetTeamsJson.json
• cmd/fleetctl/fleetctl/testdata/expectedGetTeamsYaml.yml
• cmd/fleetctl/fleetctl/testdata/generateGitops/expectedOrgSettings-insecure.yaml
• cmd/fleetctl/fleetctl/testdata/generateGitops/expectedOrgSettings.yaml
• cmd/fleetctl/fleetctl/testdata/generateGitops/expectedTeamSettings-insecure.yaml
• cmd/fleetctl/fleetctl/testdata/generateGitops/expectedTeamSettings.yaml
• cmd/fleetctl/fleetctl/testdata/generateGitops/test_dir_free/default.yml
• cmd/fleetctl/fleetctl/testdata/generateGitops/test_dir_premium/default.yml
• cmd/fleetctl/fleetctl/testdata/generateGitops/test_dir_premium/fleets/team-a-thumbsup.yml
• cmd/fleetctl/fleetctl/testdata/macosSetupExpectedAppConfigEmpty.yml
• cmd/fleetctl/fleetctl/testdata/macosSetupExpectedAppConfigSet.yml
• cmd/fleetctl/fleetctl/testdata/macosSetupExpectedTeam1And2Empty.yml
• cmd/fleetctl/fleetctl/testdata/macosSetupExpectedTeam1And2Set.yml
• cmd/fleetctl/fleetctl/testdata/macosSetupExpectedTeam1Empty.yml
• cmd/fleetctl/fleetctl/testdata/macosSetupExpectedTeam1Set.yml

✅ Files skipped from review due to trivial changes (19)

• cmd/fleetctl/fleetctl/testdata/expectedGetConfigIncludeServerConfigYaml.yml
• cmd/fleetctl/fleetctl/testdata/generateGitops/expectedOrgSettings.yaml
• cmd/fleetctl/fleetctl/testdata/generateGitops/test_dir_free/default.yml
• cmd/fleetctl/fleetctl/testdata/macosSetupExpectedAppConfigEmpty.yml
• cmd/fleetctl/fleetctl/testdata/generateGitops/test_dir_premium/default.yml
• cmd/fleetctl/fleetctl/testdata/generateGitops/expectedTeamSettings-insecure.yaml
• cmd/fleetctl/fleetctl/testdata/expectedGetConfigAppConfigJson.json
• cmd/fleetctl/fleetctl/testdata/macosSetupExpectedAppConfigSet.yml
• cmd/fleetctl/fleetctl/testdata/expectedGetConfigAppConfigTeamMaintainerJson.json
• cmd/fleetctl/fleetctl/testdata/generateGitops/expectedTeamSettings.yaml
• cmd/fleetctl/fleetctl/testdata/macosSetupExpectedTeam1And2Empty.yml
• cmd/fleetctl/fleetctl/testdata/expectedGetConfigAppConfigYaml.yml
• cmd/fleetctl/fleetctl/testdata/generateGitops/test_dir_premium/fleets/team-a-thumbsup.yml
• cmd/fleetctl/fleetctl/testdata/expectedGetConfigAppConfigTeamMaintainerYaml.yml
• cmd/fleetctl/fleetctl/testdata/macosSetupExpectedTeam1Set.yml
• cmd/fleetctl/fleetctl/testdata/expectedGetConfigIncludeServerConfigJson.json
• cmd/fleetctl/fleetctl/testdata/expectedGetTeamsYaml.yml
• cmd/fleetctl/fleetctl/testdata/macosSetupExpectedTeam1And2Set.yml
• cmd/fleetctl/fleetctl/testdata/macosSetupExpectedTeam1Empty.yml

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@server/service/integration_core_test.go`:
- Around line 994-1028: The tests are using lastActivityOfTypeMatches(..., 0)
after PATCHes which can read stale rows; before each mutating Do("PATCH",
"/api/latest/fleet/config") call capture the prior activity id/count with
lastActivityOfTypeMatches for the relevant activity types (use
ActivityTypeEnabledHistoricalDataset{}.ActivityName() and
ActivityTypeDisabledHistoricalDataset{}.ActivityName()) like you already do for
the no-op check (priorActivityID), then perform the PATCH and assert that
lastActivityOfTypeMatches returns a different/new id (or increased count) for
the expected activity type(s); apply this snapshot-and-compare pattern around
the PATCH at the flip-both step (and for both enabled and disabled dataset
checks) and reuse getConfig() to validate toggles as before.

In `@server/service/integration_enterprise_test.go`:
- Around line 1771-1775: Update the PATCH payload in the s.DoJSON call so it
flips "enable_host_users" to true (instead of false) to make the request
non-noop; locate the call to s.DoJSON(fmt.Sprintf("/api/latest/fleet/fleets/%d",
teamID), json.RawMessage(`{"features": {"enable_host_users": false}}`), ...) and
change the JSON to `{"features": {"enable_host_users": true}}` so the assertion
comparing priorFeatures.EnableHostUsers to
modResp.Team.Config.Features.EnableHostUsers will catch accidental acceptance of
unknown/ignored feature sub-fields.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 70be55f5-6fe5-4de7-9ffb-0aa083c22972

📥 Commits

Reviewing files that changed from the base of the PR and between 353e4e4 and 0e95c35.

📒 Files selected for processing (3)

• server/service/integration_core_test.go
• server/service/integration_enterprise_test.go
• server/service/teams_test.go

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/test-go-suite.yaml:
- Around line 249-254: preview_test.go is still using the hardcoded path
"tools/osquery/in-a-box" for --preview-config-path so the /tmp/preview-config
changes are ignored; update preview_test.go to read the
FLEET_PREVIEW_CONFIG_PATH environment variable (and/or use it as the default for
the existing --preview-config-path flag) and fall back to the repo path only if
the env var is unset, ensuring the test uses the /tmp/preview-config when the
workflow sets FLEET_PREVIEW_CONFIG_PATH; locate where the preview config flag or
variable (e.g., the --preview-config-path flag or a variable like
previewConfigPath) is parsed/used in preview_test.go and switch to/env-check or
default-to the env var there.

In `@server/datastore/mysql/schema.sql`:
- Line 224: The seeded row in app_config_json in
server/datastore/mysql/schema.sql incorrectly hardcodes "historical_data":
{"uptime": false, "vulnerabilities": false}—this was introduced by a hand-edited
snapshot instead of the migration and bypasses the legacy/default-injection
path; fix it by updating the migration that adds or backfills the app config
(the migration that defines the default app_config_json or backfills missing
keys) to leave historical_data absent or set to the intended default behavior,
run the project's migration-to-schema generator to regenerate
server/datastore/mysql/schema.sql, and ensure the INSERT for app_config_json in
the regenerated file matches the migration behavior (do not manually edit
schema.sql).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6e57e8cd-4382-4e75-8378-01543bedad67

📥 Commits

Reviewing files that changed from the base of the PR and between 0e95c35 and e74c8ba.

📒 Files selected for processing (8)

• .github/workflows/test-go-suite.yaml
• cmd/fleetctl/integrationtest/preview/preview_test.go
• server/datastore/mysql/schema.sql
• server/service/integration_core_test.go
• server/service/integration_enterprise_test.go
• tools/cloner-check/generated_files/appconfig.txt
• tools/cloner-check/generated_files/features.txt
• tools/cloner-check/generated_files/teamconfig.txt

✅ Files skipped from review due to trivial changes (3)

• tools/cloner-check/generated_files/appconfig.txt
• tools/cloner-check/generated_files/features.txt
• server/service/integration_core_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• server/service/integration_enterprise_test.go

[sgress454]

This updates our Go Test harness to build a fleet preview image from source, like we now do in https://github.com/fleetdm/fleet/blob/main/.github/workflows/fleetctl-preview-latest.yml, so that new GitOps config doesn't fail the preview test with "unknown keys" errors.

[sgress454]

Update the preview test to use the image we built in the harness, rather than the published image. We have a separate CI test (https://github.com/fleetdm/fleet/actions/workflows/fleetctl-preview.yml) that checks against the published image nightly.

[sgress454]

Pretty common pattern ModifyTeam, since it's a PATCH API.

[sgress454]

Set the charts to true (enabled) when we ship, so existing installations get it automatically and we don't have to worry about other migrations accidentally flipping it to false because it doesn't have a value yet.

Since this is unreleased it's far easier to update the existing migration than add a new one.

[ksykulev]

:( don't love editing migrations, but definitely easier in this case. 👍

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[ksykulev]

Few small comments. Mostly looking good though!! 🚀

[ksykulev]

:( don't love editing migrations, but definitely easier in this case. 👍

[ksykulev]

Do we need an omitempty here
json:"historical_data,omitempty"

[sgress454]

Not for this one, because it's made up of booleans so we always want to show what the values are in responses. That is, we'd want to show historical_data: { uptime: false, vulnerabilities: false } rather than leaving it out. In reality we're coercing empty values to true in ApplyDefaults anyway so this should never actually be empty.