Skip to content

Add scheduled reports for ai tooling#48939

Open
harrisonravazzolo wants to merge 2 commits into
mainfrom
harrisonravazzolo-patch-6
Open

Add scheduled reports for ai tooling#48939
harrisonravazzolo wants to merge 2 commits into
mainfrom
harrisonravazzolo-patch-6

Conversation

@harrisonravazzolo

@harrisonravazzolo harrisonravazzolo commented Jul 8, 2026

Copy link
Copy Markdown
Member

Summary by CodeRabbit

  • New Features
    • Added a new security report to Fleet testing and QA reporting.
    • Expanded reporting coverage to include installed VS Code/compatible IDE extensions on macOS.
    • Added detection of MCP client configurations across several common desktop and CLI apps on multiple operating systems.

@harrisonravazzolo harrisonravazzolo marked this pull request as ready for review July 8, 2026 13:35
@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

This pull request adds a new YAML report file, ai-tool-detection.yml, under it-and-security/lib/all/reports/. It defines two osquery-based automation tasks: one collecting installed VS Code/IDE extensions per user on macOS, and another detecting Model Context Protocol (MCP) client configurations across multiple applications (Cursor, Claude Desktop, Claude Code, VS Code extensions, Gemini CLI, LMStudio) on macOS, Windows, and Linux by reading configuration files and extracting server entries via JSON parsing. The new report is registered in the testing-and-qa.yml fleet configuration's reports list.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The author provided no description, so the required issue reference, checklist, and testing details are missing. Add the template sections, including the related issue, checklist items, and testing/QA details, or remove non-applicable items.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: adding scheduled reports for AI tooling detection.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch harrisonravazzolo-patch-6

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@it-and-security/lib/all/reports/ai-tool-detection.yml`:
- Around line 69-76: The config_files CTE currently builds contents with
group_concat(f.line, '') in an undefined row order, which can scramble
reconstructed JSON. Update the aggregation in config_files to enforce
deterministic line ordering using the per-file line index available in the
query, or use SQLite’s ORDER BY within group_concat if supported, so the
downstream json_extract and json_each logic always receives valid JSON.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b940bccf-1f93-4d14-b822-d27ada71ea9c

📥 Commits

Reviewing files that changed from the base of the PR and between b6e0cac and 371b642.

📒 Files selected for processing (2)
  • it-and-security/fleets/testing-and-qa.yml
  • it-and-security/lib/all/reports/ai-tool-detection.yml

Comment on lines +69 to +76
config_files AS (
SELECT
f.path,
group_concat(f.line, '') AS contents
FROM file_lines f
JOIN full_paths fp ON f.path = fp.full_path
GROUP BY f.path
)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

sqlite group_concat aggregation order guarantee ORDER BY

💡 Result:

In SQLite, the group_concat function does not provide an inherent guarantee of order [1][2]. Without an explicit ORDER BY clause, the order of elements concatenated by group_concat is considered arbitrary and may depend on the order in which rows are processed, which can change between different queries or database states [3][2]. To ensure a specific order for the concatenated results, you should use the ORDER BY clause within the group_concat function, which was introduced to allow control over the input sequence for aggregation [2]. The syntax for using ordered group_concat is as follows [2]: SELECT group_concat(column_name, ',') ORDER BY column_name FROM table_name GROUP BY grouping_column; Alternatively, if you are using an older version of SQLite that does not support the ORDER BY clause within the aggregate function, or if you need to ensure consistent ordering across multiple concatenated columns, the standard practice is to perform the sorting in a subquery or Common Table Expression (CTE) [4][3]: SELECT grouping_column, group_concat(column_name) FROM ( SELECT grouping_column, column_name FROM table_name ORDER BY grouping_column, column_name) GROUP BY grouping_column; This approach ensures that the database processes the rows in the desired order before the aggregation occurs, guaranteeing consistent output [3].

Citations:


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the target file around the reported lines.
FILE="it-and-security/lib/all/reports/ai-tool-detection.yml"
wc -l "$FILE"
sed -n '1,140p' "$FILE" | cat -n

# Look for the `file_lines` CTE/source and any ordering applied before `group_concat`.
rg -n "file_lines|group_concat|ORDER BY|line" it-and-security/lib/all/reports/ai-tool-detection.yml

Repository: fleetdm/fleet

Length of output: 1949


Add an explicit order to group_concat

group_concat(f.line, '') depends on SQLite’s row order, which is arbitrary unless the input is ordered. If the lines are concatenated out of sequence, the reconstructed JSON becomes invalid and the downstream json_extract/json_each calls fail. Order by a per-file line index here, or use ORDER BY inside the aggregate on SQLite versions that support it.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@it-and-security/lib/all/reports/ai-tool-detection.yml` around lines 69 - 76,
The config_files CTE currently builds contents with group_concat(f.line, '') in
an undefined row order, which can scramble reconstructed JSON. Update the
aggregation in config_files to enforce deterministic line ordering using the
per-file line index available in the query, or use SQLite’s ORDER BY within
group_concat if supported, so the downstream json_extract and json_each logic
always receives valid JSON.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant