Use webview in MacOS setup experience

[sgress454]

Related issue: For #33111

Details

This PR updates the setup experience for MacOS to use a web view pointed at the device's "Setting up your device" page rather than using native MacOS UI elements, bringing it more in line with Linux and Windows setup experiences.

This covers only the new web UI for the setup experience progress, not the UI for the new case of blocking the device when a piece of software fails to install. I'll add that in a separate PR.

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  See Changes files for more information.

Testing

• Added/updated automated tests
  Added tests for the updates to the token rotation code.

• QA'd all new/changed functionality manually
  A new tool is provided to allow testing this code against a virtual machine if a separate host that you can wipe and run setup on is not available. See https://github.com/fleetdm/fleet/blob/sgress454/new-setup-experience/tools/mdm/apple/setupexperience/README.md for details.

Summary by CodeRabbit

• New Features
  • macOS setup experience moved to a new web-based UI.
  • Automatic device token rotation during setup to keep sessions valid.
• Bug Fixes
  • More reliable setup flow with improved dialog lifecycle and cleaner handoff to web content.
  • Dialog elements hidden/cleared appropriately when transitioning to the browser.
• Documentation
  • Added guide and tool to simulate the macOS setup experience on a VM, with prerequisites and usage steps.

[codecov]

Codecov Report

❌ Patch coverage is 41.52047% with 100 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.21%. Comparing base (e1ca48f) to head (7856795).
⚠️ Report is 54 commits behind head on main.

Files with missing lines	Patch %	Lines
orbit/pkg/setup_experience/setup_experience.go	0.00%	42 Missing ⚠️
orbit/cmd/orbit/orbit.go	0.00%	37 Missing ⚠️
orbit/pkg/token/readwriter.go	79.77%	14 Missing and 4 partials ⚠️
orbit/pkg/swiftdialog/run.go	0.00%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #33884      +/-   ##
==========================================
+ Coverage   64.13%   64.21%   +0.07%     
==========================================
  Files        2052     2054       +2     
  Lines      206102   206553     +451     
  Branches     6788     6788              
==========================================
+ Hits       132183   132628     +445     
+ Misses      63541    63510      -31     
- Partials    10378    10415      +37     

Flag	Coverage Δ
backend	65.34% <41.52%> (+0.08%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sgress454]

Now that we're using the "My Device" page as the content for the MacOS setup experience, we need to ensure that we have a valid token for the duration of the setup experience. Previously, we only initialized the token and started rotating it if we detected that fleet desktop was enabled. Now, we'll always initialize it (just a single API call) and start rotating if either fleet desktop is enabled OR setup experience is starting (or both). To facilitate this, the token rotation code has been moved into ReadWriter itself, and callers can initiate it with a call to StartRotation(). This is an idempotent function that will start rotation once and return a function to request that the rotation stops; it will only actually stop when every caller has called StopRotation().

[sgress454]

deviceClient is needed in order to call BrowserDeviceURL.

[sgress454]

If the token rotates, we'll automatically refresh the page here since the browserURL will have changed. So no extra code is needed to detect token rotation and manually refresh the page.

[sgress454]

This was wrong, but unused before so we didn't know it.

[sgress454]

Mostly copied from the former implementation in orbit.go, except for the logic around stopping the rotation and making the durations configurable (mainly for testing purposes).

[sgress454]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Walkthrough

Integrates token read/write and automated rotation into Orbit; updates the macOS setup experience to use a web UI via a device URL; extends the token package with rotation lifecycle and remote checks; tweaks SwiftDialog commands; and adds a CLI tool to prepare/enqueue macOS VM setup experience data via MySQL.

Changes

Cohort / File(s)	Summary
Orbit CLI integration orbit/cmd/orbit/orbit.go	Initializes token ReadWriter with a remote check, creates DeviceClient, wires remote update, validates/rotates token on startup, starts rotation watcher when fleet-desktop enabled, and passes deviceClient and trw into the setup experiencer; removes prior ad-hoc rotation goroutine path.
Setup Experience core orbit/pkg/setup_experience/setup_experience.go	Adds OrbitClient and DeviceClient interfaces; SetupExperiencer now stores DeviceClient and trw, updated constructor NewSetupExperiencer(..., deviceClient, ..., trw); Run starts/stops token rotation and navigates SwiftDialog to device web URL (with setup_only=1), simplifying in-dialog state handling.
Token rotation infrastructure orbit/pkg/token/readwriter.go, orbit/pkg/token/readwriter_test.go	ReadWriter gains rotation state and callbacks, constructor becomes NewReadWriter(path, checkTokenFunc), adds StartRotation() (returns stop func), remote/local check intervals, rotation watcher management, and integrates remoteUpdate on Write; tests updated to exercise rotation and new API.
SwiftDialog command tweaks orbit/pkg/swiftdialog/run.go	Adds HideMessage() (sends message: none) and changes HideIcon() to send icon: none.
MDM setup tool (new) tools/mdm/apple/setupexperience/main.go, tools/mdm/apple/setupexperience/README.md	New tool that prepares a macOS VM for the setup experience by connecting to MySQL, ensuring host/enrollment/profile rows, inserting required records, and enqueuing setup items; README documents usage and prerequisites.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User as macOS User
  participant Orbit as orbit (agent)
  participant TRW as Token ReadWriter
  participant DevClient as DeviceClient
  participant SwiftDlg as SwiftDialog
  participant WebUI as Setup Web UI

  rect rgba(230,240,255,0.5)
    note over Orbit,TRW: Init & token wiring
    Orbit->>TRW: NewReadWriter(path, checkTokenFunc)
    Orbit->>TRW: SetRemoteUpdateFunc(update via orbit client)
    Orbit->>DevClient: Init with Fleet URL/certs
    Orbit->>TRW: Read/validate token (rotate if needed)
  end

  rect rgba(240,255,240,0.5)
    note over Orbit,TRW: Rotation lifecycle
    Orbit->>TRW: StartRotation()
    note right of TRW: returns stop() to end rotation
  end

  rect rgba(255,250,230,0.5)
    note over Orbit,WebUI: Setup experience flow
    Orbit->>SwiftDlg: Prepare dialog (hide title/icon/message)
    Orbit->>TRW: Read token
    Orbit->>DevClient: BrowserDeviceURL(token)
    DevClient-->>Orbit: https://.../device?token=...&setup_only=1
    Orbit->>SwiftDlg: Load web content (device URL)
    User-->>WebUI: Complete browser UI steps
  end

  Orbit->>TRW: stop() (on completion/exit)

Loading

sequenceDiagram
  autonumber
  participant TRW as Token ReadWriter
  participant FS as Token File
  participant Server as Fleet Server

  rect rgba(245,245,255,0.6)
    note over TRW: Local rotation checks
    loop local check interval
      TRW->>FS: Stat/Read (mtime, contents)
      alt changed or expired
        TRW->>TRW: Rotate()
        TRW->>FS: Write(new token)
        TRW-->>Server: remoteUpdate(new token)
      else
        TRW-->>TRW: adjust next local check
      end
    end
  end

  rect rgba(255,245,240,0.6)
    note over TRW,Server: Remote validity checks
    loop remote check interval
      TRW->>Server: checkTokenFunc(token)
      alt invalid/unreachable
        TRW->>TRW: Rotate()
        TRW->>FS: Write(new token)
        TRW-->>Server: remoteUpdate(new token)
      else
        TRW-->>TRW: no-op
      end
    end
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Suggested labels

customer-starchik, ~csa

Suggested reviewers

• lukeheath
• rachaelshaw
• marko-lisica

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The pull request description includes a related issue, detailed rationale, and the submitter checklist with testing items but omits several standard sections from the repository’s template such as Database migrations, New Fleet configuration settings, and the fleetd/orbit/Fleet Desktop compatibility checklist. Without these section headings or an explicit note that they are not applicable, the description does not fully adhere to the required template structure.	Please include all standard PR description sections from the repository template—Database migrations, New Fleet configuration settings, and fleetd/orbit/Fleet Desktop—or explicitly mark them as not applicable, and complete the fleetd/orbit compatibility checklist for this change.
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title succinctly captures the primary change of switching the MacOS setup experience to use a webview, reflecting the core update from native UI to web UI. It is concise, clear, and directly related to the main change in the PR.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch sgress454/new-setup-experience

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sgress454]

@CodeRabbit review again

[coderabbitai]

@sgress454: I'll review the changes again.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fb2ef80 and 85e5adc.

📒 Files selected for processing (3)

• orbit/pkg/setup_experience/setup_experience.go (7 hunks)
• tools/mdm/apple/setupexperience/README.md (1 hunks)
• tools/mdm/apple/setupexperience/main.go (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• tools/mdm/apple/setupexperience/README.md

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

⚙️ CodeRabbit configuration file

When reviewing SQL queries that are added or modified, ensure that appropriate filtering criteria are applied—especially when a query is intended to return data for a specific entity (e.g., a single host). Check for missing WHERE clauses or incorrect filtering that could lead to incorrect or non-deterministic results (e.g., returning the first row instead of the correct one). Flag any queries that may return unintended results due to lack of precise scoping.

Files:

• tools/mdm/apple/setupexperience/main.go
• orbit/pkg/setup_experience/setup_experience.go

🧠 Learnings (1)

📚 Learning: 2025-10-03T18:16:11.429Z

Learnt from: MagnusHJensen
PR: fleetdm/fleet#33805
File: server/service/integration_mdm_test.go:1248-1251
Timestamp: 2025-10-03T18:16:11.429Z
Learning: In server/service/integration_mdm_test.go, the helper createAppleMobileHostThenEnrollMDM(platform string) is exclusively for iOS/iPadOS hosts (mobile). Do not flag macOS model/behavior issues based on changes within this helper; macOS provisioning uses different helpers such as createHostThenEnrollMDM.

Applied to files:

• tools/mdm/apple/setupexperience/main.go

🔇 Additional comments (1)

orbit/pkg/setup_experience/setup_experience.go (1)

178-181: ...

[lucasmrod]

LGTM!

Left some nit comments.

[lucasmrod]

Unused.

[lucasmrod]

Should probably be log.Debug()?

[lucasmrod]

Same here, maybe just log.Debug().

[lucasmrod]

Nit: log.Error()

[lucasmrod]

log.Error() same for the ones below.

[lucasmrod]

Maybe instruct how to get the UUID of the VM?

[sgress454]

@lucasmrod comments addressed, thanks!