Edit script activity: show diff

[allenhouchins]

• @noahtalerman: User requested this because they need visibility into what was changed when a script is edited in Fleet—not just who edited it. Without this, it’s difficult to audit changes or catch potentially dangerous edits like rm -rf /.
  • @noahtalerman: In the interim they are relying on manual logging and reviewing script contents outside Fleet, but this is prone to error and lacks historical traceability.
  • @noahtalerman: Eventually wants Fleet’s Activity Feed and webhooks to include a diff or full version history of edited scripts so they can trace changes over time and respond faster to risky or unapproved modifications.

Currently Fleet includes this:

{"webhook_action":{"body":{"timestamp":"2025-03-24T15:58:53.751344016Z","actor_full_name":"Allen Houchins","actor_id":252,"actor_email":"[email protected]","type":"updated_script","details":{"script_name":"uninstall-fleetd-macos.sh","team_id":270,"team_name":"Compliance exclusions"}},"headers":{"x_forwarded_for":"3.129.83.211","x_forwarded_proto":"https","x_forwarded_port":"443","host":"rough-silence-1075.tines.com","x_amzn_trace_id":"Root=1-67e1813d-157b72ce329ec01d1ece2a4b","accept_encoding":"gzip","user_agent":"Go-http-client/2.0","version":"HTTP/1.1","content-type":"application/json","content-length":"258","request-method":"POST","date":"Mon, 24 Mar 2025 15:58:54 UTC","request_ip":"X.X.X.X"},"response":{"body":{"status":"ok"},"status":201}}}