Activity feed: Surface `team_id` and `team_name` in policy and query activities

[RachelElysia]

• @noahtalerman: User requested this because team-specific visibility is missing when policies or queries are added, edited, or deleted. This lack of team context makes it hard to understand the scope or impact of those changes in the activity feed or API logs.
  • @eugkuo: In the interim users must manually correlate policy/query changes with team context outside of Fleet, creating friction and room for error.
  • @noahtalerman: Eventually we should:
  • Add team_id and team_name to the details object for add/edit/delete policy and query activities in the Activity API
  • Display the team name in the Activity Feed UI, consistent with what we already do for software actions
  • Ensure that both global and team-scoped actions are clearly labeled for easy auditing and debugging

Reference: March 31, 2025, Software Design Review (18-minute mark) – Noah and Eugene discussion.

---

[mostlikelee]

related to #25499 , so the software team may want to take this

[eugkuo]

related to https://github.com/fleetdm/fleet/issues/25499 , so the software team may want to take this

@mostlikelee Speaking of this, didn't someone file a ticket about updating activity things on our last call? I'm not sure where that ticket is to link it.

cc @noahtalerman

[drvcodenta]

Hi team, This issue looks beginner-friendly — I’d love to take it up as my first contribution to Fleet.

I’ve gone through the context and the linked issues. The goal is clear:

• Add team_id and team_name to the activity API responses for policy and query actions
• Surface this information in the activity feed UI, similar to how it’s done for software activities Could you please assign this issue to me? 🙏

[noahtalerman]

Hey @drvcodenta! Please feel free to open a PR when you get the chance.

We added this feature request to Feature fest to weigh it for prioritization. Heads up that this feature request has to be prioritized at the next feature fest to merge in your PR: https://fleetdm.com/handbook/company/product-groups#criteria-for-prioritization

If it's prioritized, we'll assign a member of the Fleet team to the feature request. They'll be responsible for helping merge in your PR.

[noahtalerman]

Gong snippet: TODO March 31, 2025, Software Design Review, 18 minutes in - @noahtalerman @eugkuo chat about use case for having this addition but not wanting to blow up scope on a different feature ticket

Problem

When adding, editing, and deleting a policy (also a query), we are not surfacing the team information for those activities in the activity API or activity feed UI. See screenshot:

We do surface the team_id and team_name for adding, editing, and deleting software. See screenshot:

What have you tried?

Potential solutions

• [ ] Add team_id and team_name to the activity details for add/edit/delete policy
• [ ] Surface the team name in the UI for policy activities similar to surfacing the team name in the software activities
• [ ] Add team_id and team_name to the activity details for add/edit/delete query
• [ ] Surface the team name in the UI for query activities similar to surfacing the team name in the software activities

What is the expected workflow as a result of your proposal?

When looking at the global activity on the dashboard, I can clearly see if a policy (or query) has been edited for a specific team or if it was a global policy (or query).

[drvcodenta]

Hi, While working on this issue, I noticed that editing a global policy doesn't create any activity log (no ActivityTypeEditedPolicy is generated and there is no function defined for that purpose in the global_policies). I wanted to know if there is a philosophical reason behind this gap? Or is it likely just an oversight?

[RachelElysia]

@drvcodenta super appreciate you jumping on this ticket!!!

I just added, edited, and deleted a "All teams" (global) policy in the UI and got these activities:

    {
      "created_at": "2025-04-15T18:41:10.419719Z",
      "id": 836,
      "actor_full_name": "Rachel",
      "actor_id": 1,
      "actor_gravatar": "",
      "actor_email": "***",
      "type": "deleted_policy",
      "details": {
        "policy_id": 74,
        "policy_name": "Edit policy"
      },
      "fleet_initiated": false
    },
    {
      "created_at": "2025-04-15T18:41:02.559709Z",
      "id": 835,
      "actor_full_name": "Rachel",
      "actor_id": 1,
      "actor_gravatar": "",
      "actor_email": "***",
      "type": "edited_policy",
      "details": {
        "policy_id": 74,
        "policy_name": "Edit policy"
      },
      "fleet_initiated": false
    },
    {
      "created_at": "2025-04-15T18:40:57.950179Z",
      "id": 834,
      "actor_full_name": "Rachel",
      "actor_id": 1,
      "actor_gravatar": "",
      "actor_email": "***",
      "type": "created_policy",
      "details": {
        "policy_id": 74,
        "policy_name": "Add policy"
      },
      "fleet_initiated": false
    },

Are you not seeing the same on your end?

[drvcodenta]

Interesting!! Yes, I actually don't see any log of the activity when I edit an "All teams"(global) policy on my End Idk why it's causing this weird Behaviour🤔 I also checked for ActivityTypeEditedPolicy inside global_policy.go --> I didn't find any function, so I thought maybe it was intentionally left out for some reason. For reference, here's the process I followed to edit an all teams policy

https://github.com/user-attachments/assets/dc83e140-5606-4b9b-b101-943046cf7a02

[RachelElysia]

@drvcodenta thanks for the detailed screenrecording!! That is so weird!!! I'll take a look again later today, and get back to ya

[drvcodenta]

@RachelElysia I have submitted a patch that solves the issue except for the case of activity type edited policy in all Teams. I’ve attached a screenshot with a sample output for reference. Please let me know if any changes are needed!

[drvcodenta]

I was planning to add the function for activity type edited policy in all teams myself but since it's actually working in your case, i decided to not add it as it may add some unnecessary code.