Added Android cert activity logging

[getvictor]

Related issue: Resolves #37546

Docs: #42609

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.

Testing

• QA'd all new/changed functionality manually

Summary by CodeRabbit

• New Features
  • Added certificate installation activity logging for Android hosts, capturing both successful and failed installation attempts
  • New "Installed certificate" activity type now displays in the host activity feed with installation status details
  • Host activity card is now enabled on Android host details page, providing visibility into all certificate installation activities and their outcomes
  • Failed installations include detailed error information when available for troubleshooting

[getvictor]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[codecov]

Codecov Report

❌ Patch coverage is 29.68750% with 45 lines in your changes missing coverage. Please review.
✅ Project coverage is 66.67%. Comparing base (f55eb08) to head (2dfdea2).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
.../hosts/details/HostDetailsPage/HostDetailsPage.tsx	0.00%	30 Missing ⚠️
server/service/certificates.go	68.00%	6 Missing and 2 partials ⚠️
...eActivityItem/InstalledCertificateActivityItem.tsx	22.22%	7 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #42608   +/-   ##
=======================================
  Coverage   66.67%   66.67%           
=======================================
  Files        2533     2535    +2     
  Lines      203216   203249   +33     
  Branches     9231     9229    -2     
=======================================
+ Hits       135485   135515   +30     
- Misses      55469    55473    +4     
+ Partials    12262    12261    -1     

Flag	Coverage Δ
backend	68.50% <68.00%> (+<0.01%)	⬆️
frontend	54.43% <5.12%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Adds a new host activity event for Android certificate installation outcomes, and exposes host activity UI for Android devices so admins can see those events on the host details page.

Changes:

• Logs a new installed_certificate activity when an Android host reports a terminal certificate status (verified/failed).
• Adds backend activity type plumbing + frontend rendering for the new activity item.
• Enables the host Activity card on Android host details.

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
server/service/certificates.go	Logs an installed_certificate activity after persisting certificate status updates.
server/fleet/certificate_templates.go	Introduces CertificateActivityStatus constants used by the service when logging activities.
server/fleet/activities.go	Registers ActivityTypeInstalledCertificate for activity serialization/handling.
frontend/pages/hosts/details/cards/Activity/ActivityItems/InstalledCertificateActivityItem/index.ts	Re-exports the new activity item component.
frontend/pages/hosts/details/cards/Activity/ActivityItems/InstalledCertificateActivityItem/InstalledCertificateActivityItem.tsx	Renders the “installed/failed to install certificate” host activity UI (including optional detail).
frontend/pages/hosts/details/cards/Activity/ActivityConfig.tsx	Wires the new activity type to the host “past activities” component map.
frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx	Removes Android gating so the Activity card renders for Android hosts.
frontend/interfaces/activity.ts	Adds InstalledCertificate to ActivityType, host past activity union, and filter label; adds detail to activity details typing.
changes/37546-android-certificate-install-activity	Changelog entry for activity logging + enabling Activity card on Android.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Walkthrough

This pull request implements activity logging for certificate installation on Android devices. It introduces a new InstalledCertificate activity type that tracks whether certificate installations succeed or fail, with support for optional detail messages. The backend registers the activity in the service layer when certificate status reaches a terminal state, the frontend renders the activity with status-specific messaging, and the Android host details page is updated to always display the activity card.

Possibly related PRs

• Fix: filter out verified remove android certs in host details #37539: Modifies UpdateCertificateStatus in server/service/certificates.go to handle certificate status updates and activity creation logic.
• 41542 android cert resend backend #42099: Adds new certificate-related activity types and registers them in server/fleet/activities.go following the same pattern.
• Adds activities for certificate templates #36903: Adds certificate-related activity detail types with activity interface implementations and registers them in server/fleet/activities.go.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is largely incomplete and does not follow the required template structure comprehensively.	Complete the description template by: (1) ensuring all relevant checklist items are properly addressed with explicit marks, (2) adding a detailed explanation of changes and their impact, (3) confirming automated and manual testing details, (4) addressing any database migration, schema, or configuration considerations, and (5) documenting fleetd/orbit compatibility if applicable.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title 'Added Android cert activity logging' directly describes the main implementation: adding activity/logging for Android certificate installation results.
Linked Issues check	✅ Passed	The PR addresses issue #37546's activity logging requirement by adding Android certificate installation activity logging with success/failure status tracking.
Out of Scope Changes check	✅ Passed	All changes are focused on certificate activity logging and displaying activities in the host details UI, which align with the linked issue's activity logging requirement.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch victor/37546-android-certs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@frontend/pages/hosts/details/cards/Activity/ActivityItems/InstalledCertificateActivityItem/InstalledCertificateActivityItem.tsx`:
- Around line 25-27: Replace the shorthand fragment used to render the detail
string in the InstalledCertificateActivityItem component with a real element to
satisfy Prettier: change the JSX block that checks activity.details?.detail and
currently returns <> Detail: {activity.details.detail}</> to use a <span> (or
React.Fragment with explicit tag) instead, e.g. {activity.details?.detail &&
(<span>Detail: {activity.details.detail}</span>)} so the fragment shorthand is
removed and formatting/lint will pass.
- Around line 12-34: The current ternary uses isFailed only and treats any
other/missing status as a success; update the status handling in
InstalledCertificateActivityItem by explicitly checking for known states:
compute const isFailed = activity.details?.status === "failed_install" and const
isInstalled = activity.details?.status === "installed" (or similar explicit
checks), then render three branches: failed (if isFailed), success (only if
isInstalled), and a safe fallback/neutral message when activity.details?.status
is absent or unknown (e.g., "certificate installation status unknown" or omit
the success claim); adjust references to activity.details?.certificate_name and
activity.details?.detail accordingly.

In `@server/service/certificates.go`:
- Around line 698-700: The status update path currently calls
svc.ds.UpsertCertificateStatus(...) then calls NewActivity and returns an error
if activity creation fails, which causes the endpoint to fail even though the
status is persisted; change this so that after svc.ds.UpsertCertificateStatus
succeeds you do not return an error when NewActivity (or
activityStore.NewActivity) fails—instead treat activity creation as best-effort:
catch/log the NewActivity error (include context like certificate ID and new
status) and continue returning success, or alternatively wrap
UpsertCertificateStatus and NewActivity in a single transactional/atomic
operation if your storage supports it so both succeed or both roll back; update
all similar code paths (including the block referenced at lines 715-724) to
follow the same pattern using the svc.ds.UpsertCertificateStatus and NewActivity
symbols.
- Around line 702-709: The mapping of MDMDeliveryVerified/MDMDeliveryFailed to
CertificateActivityInstalled/CertificateActivityFailedInstall in
UpdateCertificateStatus must only apply to install operations; guard this logic
by checking the certificate operation type (use the update.OperationType field)
and only execute the switch when update.OperationType indicates an install
(e.g., fleet.CertificateOperationInstall); if the operation is a removal, skip
this install-specific mapping so failed removals are not reported as failed
installs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b622c9e8-6c9a-49a8-a1f6-53791297b35c

📥 Commits

Reviewing files that changed from the base of the PR and between 73d9c4f and d1a3416.

📒 Files selected for processing (9)

• changes/37546-android-certificate-install-activity
• frontend/interfaces/activity.ts
• frontend/pages/hosts/details/HostDetailsPage/HostDetailsPage.tsx
• frontend/pages/hosts/details/cards/Activity/ActivityConfig.tsx
• frontend/pages/hosts/details/cards/Activity/ActivityItems/InstalledCertificateActivityItem/InstalledCertificateActivityItem.tsx
• frontend/pages/hosts/details/cards/Activity/ActivityItems/InstalledCertificateActivityItem/index.ts
• server/fleet/activities.go
• server/fleet/certificate_templates.go
• server/service/certificates.go

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}