Release/v11.2.4 (#1888)

* feat(assets-view): refactor asset detail handling and improve status display

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* feat(RequestDsl): enhance search request handling for LIST_CHART visualization

* feat(RequestDsl): enhance search request handling for LIST_CHART visualization

* feat: add updates for Windows visualizations and default time range adjustments

* feat(netflow-filter): add IANA protocol mapping and improve field processing

* feat(assets-view): refactor asset detail handling and improve status display

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* feat(netflow-filter): add update for Netflow filter version 3.1.1 and enhance field processing

* refactor(azure-plugin): extracts event processing logic into separate functions to handle JSON format detection (array vs object)

* feat(windows-visualizations): update outdated fields in Windows visualizations and normalize field names

* feat(windows-visualizations): update field names in Windows visualizations for consistency

* feat(open-alerts): optimize open alerts handling and improve local storage updates

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* feat(visualization-list): integrate UtmToastService for error handling in visualization fetching

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* feat(windows-visualizations): update field names in Windows visualizations for consistency

* feat(windows-visualizations): update field names in Windows visualizations for consistency

* feat(bitdefender-gz): add renaming for log.deviceIps, log.dvchost, and log.act fields

* feat(bitdefender-visualizations): normalize field names in Bitdefender GZ visualizations

* feat(vmware-visualizations): normalize field names in VMware visualizations

* feat(bitdefender-filter): add Bitdefender GravityZone filter update with field renaming and cleanup

* feat(dashboard-render): improve dashboard loading logic and enhance error handling for filters

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* update vmware-esxi filter

* update version vmware-esxi filter

* feat(vmware-esxi-filter): add update for VMware ESXi filter with enhanced parsing and cleanup

* feat[shared]: create shared dependencies

* feat[installer]: remove mfa in dev environments

* refactor[agent]: restructure collector, commands, and dependency management

* chore[go-deps]: update golang dependencies

* feat[agent]: add macOS build pipeline and standardize binary naming

* refactor[agent]: sync updater with release/v11.2.3, remove legacy files

* fix[plugins]: add missing skipTlsVerification param to DoReq calls

* fix[ci]: correct macOS artifact paths in agent-manager build

* fix[frontend](guides): update agent guides

* fix(agent-manager): correct FilterScope to properly chain WHERE clauses and fix LIKE syntax

* feat(agent): add shell selection for command execution and fix agent registration

* fix(agent): download version.json during install before agent registration

* fix(updater,frontend): add legacy binary migration and fix agent search filter

* fix(agent): return errors from low-level packages instead of calling Fatal/Exit

* refactor[agent](collector): use fsnotify for config changes instead of polling

* feat(agent): add shell field to UtmCommand for enhanced command execution context

* feat(fortinet): update fortinet filter

* chore(cleanup): remove unused integrations (Redis, Nginx, PostgreSQL, Apache, MySQL, MongoDB, Elastic, Logstash, Kibana, Kafka, NATS, Traefik, Audit, HAP, IIS, OSQuery)

* chore(cleanup): remove integrations (Redis, Nginx, PostgreSQL, Apache, MySQL, MongoDB, Elastic, Logstash, Kibana, Kafka, NATS, Traefik, Audit, HAP, IIS, OSQuery)

* feat(logstash): enhance logstash stats retrieval with improved error handling and pipeline status management

* fix(system_linux): update filter  with enhanced JSON parsing and field normalization

* feat(filter): add Linux filter update with enhanced JSON parsing and field normalization

* feat(visualization): add update for Linux visualizations to normalize field names and improve dataset consistency

* feat(windows): update windows filter

* feat(saml): enhance SAML registration with improved error handling and environment variable validation

* feat(saml): improve SAML provider loading with enhanced error handling and logging

* feat(saml): enhance SAML provider loading with improved error handling and logging

* feat(correlation): add updates for winevent correlation rules

* feat(winevent): add updates for winevent correlation rules and filter

* feat(winevent): update filter version and rename log fields for improved clarity

* feat(visualizations): update Windows visualizations to align with logstash filter v3.1.0 field transformations

* feat(import): disable back button during loading and fix spacing in upload error message

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* feat(idp): enhance metadata URL validation with improved error handling and encryption key checks

* feat(idp): refactor encryption key handling with dedicated validation method

* feat(saml): implement SAML metadata fetching and provider loading with timeout handling

* feat(saml): enhance SAML2 login success handling with improved user not found logging and provider reloading

* feat(saml): update host retrieval in SAML2 login success handler to use X-Forwarded-Host header

* feat(saml): refactor SAML metadata fetching to improve error handling and registration building

* feat(platforms): enhance platform creation with additional Linux ARM64 support and update Windows service paths

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* fix(config): detect filter and rule deletions by tracking active row counts

hasChanges only checked MAX(timestamp) increases, missing deletions where
the timestamp didn't advance. Now also compares COUNT of active rows so
deactivations and hard deletes trigger config file regeneration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Update go-sdk dependency across multiple plugins

* feat(logstash): integrate Monaco Editor for YAML filter definition and enhance form styling

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* feat: update filter card interaction to improve usability

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* feat(rule-view): integrate Monaco Editor for YAML editing and enhance styling

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* feat: update Windows service paths for UTMStack agent

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* feat(db): add unique constraint on asset_name in utm_tenant_config table

* feat(tenant-config): add findByAssetName method to retrieve UtmTenantConfig by asset name

* feat(data-input-status): add methods to retrieve data input status by source and build sources list from tenant config

* feat(data-input-status): add methods to retrieve data input status by source and build sources list from tenant config

* feat(data-input-status): add methods to retrieve data input status by source and build sources list from tenant config

* feat(data-input-status): add methods to retrieve data input status by source and build sources list from tenant config

* feat(data-input-status): add alias column and update logic for data input status

* feat: remove alert from addTag function in fields-selector component

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* fix: deprecate enable parameter in TFA section

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* feat(.gitignore): add .env file to ignore list

* fix: update winevent correlation rules

* fix: update winevent correlation rules

* fix: update bit-defender correlation rules

* fix: update deceptive-bytes correlation rules

* fix: update eset correlation rules

* fix: update kaspersky  correlation rules

* fix: update cisco-asa  correlation rules

* fix: update cisco-switch correlation rules

* fix: update cisco-firepower correlation rules

* fix: update cisco-meraki correlation rules

* fix: update cisco-meraki correlation rules

* fix: update aws correlation rules

* fix: update azure correlation rules

* fix: update google correlation rules

* feat: add crowdstrike correlation rules

* feat: add crowdstrike correlation rules

* refactor(rule-view): move and rename rule-view component files

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* feat: add crowdstrike correlation rules

* feat: implement asset synchronization service and source activity provider

* feat: add data source validation service for critical data sources

* refactor(asset-sync): rename sync method and improve logging messages

* fix(filters): correct IP and hostname field mapping in Windows events

* feat(filters): enhance Fortinet field mapping and cleanup

* fix(agent): use net.ListenPacket for UDP port binding check

net.Listen only supports TCP, causing all UDP integrations to fail
with "port already in use by another process" error. Now using
net.ListenPacket for UDP protocol validation.

* feat(macos): update filter to version 3.0.1 and rename fields for consistency

* feat: enhance asset synchronization by resolving asset names from tenant configuration

* fix: update fortigate and windows filter

* feat: enhance configuration saving logic with support for multiple groups

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* fix(asset-sync): adjust scheduling parameters for data synchronization

* feat: add logging to ElasticsearchService for better error tracking and index existence checks

* feat: improve source activity fetching and error handling in SourceActivityProvider

* feat: refactor asset synchronization logic and enhance data source aggregation

* feat: refactor asset synchronization logic and enhance data source aggregation

* feat(filters): enhance fortinet field mapping

* fix: adjust infinite scroll throttle for improved performance

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>

* feat: enhance asset processing by separating network asset name and IP mapping

* feat: enhance asset processing by separating network asset name and IP mapping

* feat: enhance asset processing by separating network asset name and IP mapping

---------

Signed-off-by: Manuel Abascal <mjabascal10@gmail.com>
Co-authored-by: JocLRojas <joc.l.rojas02@gmail.com>
Co-authored-by: Yadian Llada Lopez <yadian.llada@gmail.com>
Co-authored-by: Yorjander Hernandez Vergara <yorjaKbayero@gmail.com>
Co-authored-by: Osmany Montero <osmontero@icloud.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Author: 6 people

.github/workflows/v11-deployment-pipeline.yml

@@ -130,62 +130,177 @@ jobs:
       - name: Check out code into the right branch
         uses: actions/checkout@v4
 
-      - name: Build Linux Binaries
+      - name: Build Linux Binaries (amd64)
         env:
           GOOS: linux
           GOARCH: amd64
         run: |
           cd ${{ github.workspace }}/agent
-          go build -o utmstack_agent_service -v -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" .
+          go build -o utmstack_agent_service_linux_amd64 -v -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" .
 
           cd ${{ github.workspace }}/agent/updater
-          go build -o utmstack_updater_service .
+          go build -o utmstack_updater_service_linux_amd64 .
+
+      - name: Build Linux Binaries (arm64)
+        env:
+          GOOS: linux
+          GOARCH: arm64
+        run: |
+          cd ${{ github.workspace }}/agent
+          go build -o utmstack_agent_service_linux_arm64 -v -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" .
+
+          cd ${{ github.workspace }}/agent/updater
+          go build -o utmstack_updater_service_linux_arm64 .
 
       - name: Build Windows Binaries (amd64)
         env:
           GOOS: windows
           GOARCH: amd64
         run: |
           cd ${{ github.workspace }}/agent
-          go build -o utmstack_agent_service.exe -v -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" .
+          go build -o utmstack_agent_service_windows_amd64.exe -v -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" .
 
           cd ${{ github.workspace }}/agent/updater
-          go build -o utmstack_updater_service.exe .
+          go build -o utmstack_updater_service_windows_amd64.exe .
 
       - name: Build Windows Binaries (arm64)
         env:
           GOOS: windows
           GOARCH: arm64
         run: |
           cd ${{ github.workspace }}/agent
-          go build -o utmstack_agent_service_arm64.exe -v -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" .
+          go build -o utmstack_agent_service_windows_arm64.exe -v -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" .
 
           cd ${{ github.workspace }}/agent/updater
-          go build -o utmstack_updater_service_arm64.exe .
+          go build -o utmstack_updater_service_windows_arm64.exe .
 
       - name: Sign Windows Agents
         run: |
           cd ${{ github.workspace }}/agent
-          signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ vars.SIGN_CERT }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ secrets.SIGN_KEY }}}}]=${{ secrets.SIGN_CONTAINER }}" "utmstack_agent_service.exe"
-          signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ vars.SIGN_CERT }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ secrets.SIGN_KEY }}}}]=${{ secrets.SIGN_CONTAINER }}" "utmstack_agent_service_arm64.exe"
+          signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ vars.SIGN_CERT }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ secrets.SIGN_KEY }}}}]=${{ secrets.SIGN_CONTAINER }}" "utmstack_agent_service_windows_amd64.exe"
+          signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ vars.SIGN_CERT }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ secrets.SIGN_KEY }}}}]=${{ secrets.SIGN_CONTAINER }}" "utmstack_agent_service_windows_arm64.exe"
 
           cd ${{ github.workspace }}/agent/updater
-          signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ vars.SIGN_CERT }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ secrets.SIGN_KEY }}}}]=${{ secrets.SIGN_CONTAINER }}" "utmstack_updater_service.exe"
-          signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ vars.SIGN_CERT }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ secrets.SIGN_KEY }}}}]=${{ secrets.SIGN_CONTAINER }}" "utmstack_updater_service_arm64.exe"
+          signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ vars.SIGN_CERT }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ secrets.SIGN_KEY }}}}]=${{ secrets.SIGN_CONTAINER }}" "utmstack_updater_service_windows_amd64.exe"
+          signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ vars.SIGN_CERT }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ secrets.SIGN_KEY }}}}]=${{ secrets.SIGN_CONTAINER }}" "utmstack_updater_service_windows_arm64.exe"
 
       - name: Upload signed binaries as artifacts
         uses: actions/upload-artifact@v4
         with:
           name: signed-agents
           path: |
-            ${{ github.workspace }}/agent/utmstack_agent_service
-            ${{ github.workspace }}/agent/utmstack_agent_service.exe
-            ${{ github.workspace }}/agent/utmstack_agent_service_arm64.exe
-            ${{ github.workspace }}/agent/updater/utmstack_updater_service
-            ${{ github.workspace }}/agent/updater/utmstack_updater_service.exe
-            ${{ github.workspace }}/agent/updater/utmstack_updater_service_arm64.exe
+            ${{ github.workspace }}/agent/utmstack_agent_service_linux_amd64
+            ${{ github.workspace }}/agent/utmstack_agent_service_linux_arm64
+            ${{ github.workspace }}/agent/utmstack_agent_service_windows_amd64.exe
+            ${{ github.workspace }}/agent/utmstack_agent_service_windows_arm64.exe
+            ${{ github.workspace }}/agent/updater/utmstack_updater_service_linux_amd64
+            ${{ github.workspace }}/agent/updater/utmstack_updater_service_linux_arm64
+            ${{ github.workspace }}/agent/updater/utmstack_updater_service_windows_amd64.exe
+            ${{ github.workspace }}/agent/updater/utmstack_updater_service_windows_arm64.exe
           retention-days: 1
-  
+
+  build_agent_darwin:
+    name: Build and Sign Agent (macOS)
+    needs: [setup_deployment]
+    if: ${{ needs.setup_deployment.outputs.tag != '' }}
+    runs-on: macos-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.23'
+
+      - name: Install Apple Certificate
+        env:
+          CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
+          CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+        run: |
+          # Create temporary keychain
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+          KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
+
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # Import certificate
+          echo "$CERTIFICATE_BASE64" | base64 --decode > $RUNNER_TEMP/certificate.p12
+          security import $RUNNER_TEMP/certificate.p12 -P "$CERTIFICATE_PASSWORD" \
+            -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+          # Allow codesign without prompt
+          security set-key-partition-list -S apple-tool:,apple:,codesign: \
+            -s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+      - name: Build macOS Agent (arm64)
+        env:
+          GOOS: darwin
+          GOARCH: arm64
+          CGO_ENABLED: 0
+        run: |
+          cd ${{ github.workspace }}/agent
+          go build -o utmstack_agent_service_darwin_arm64 -v \
+            -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" .
+
+          cd ${{ github.workspace }}/agent/updater
+          go build -o utmstack_updater_service_darwin_arm64 .
+
+      - name: Sign macOS Binaries
+        env:
+          SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+        run: |
+          # Sign agent
+          codesign --force --options runtime \
+            --sign "$SIGNING_IDENTITY" \
+            --timestamp \
+            ${{ github.workspace }}/agent/utmstack_agent_service_darwin_arm64
+
+          # Sign updater
+          codesign --force --options runtime \
+            --sign "$SIGNING_IDENTITY" \
+            --timestamp \
+            ${{ github.workspace }}/agent/updater/utmstack_updater_service_darwin_arm64
+
+      - name: Notarize macOS Binaries
+        env:
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+        run: |
+          # Create zip for notarization (notarytool requires zip/pkg/dmg)
+          cd ${{ github.workspace }}/agent
+          zip utmstack_agent_darwin_arm64.zip utmstack_agent_service_darwin_arm64
+
+          cd ${{ github.workspace }}/agent/updater
+          zip utmstack_updater_darwin_arm64.zip utmstack_updater_service_darwin_arm64
+
+          # Notarize agent
+          xcrun notarytool submit ${{ github.workspace }}/agent/utmstack_agent_darwin_arm64.zip \
+            --apple-id "$APPLE_ID" \
+            --password "$APPLE_APP_PASSWORD" \
+            --team-id "$APPLE_TEAM_ID" \
+            --wait
+
+          # Notarize updater
+          xcrun notarytool submit ${{ github.workspace }}/agent/updater/utmstack_updater_darwin_arm64.zip \
+            --apple-id "$APPLE_ID" \
+            --password "$APPLE_APP_PASSWORD" \
+            --team-id "$APPLE_TEAM_ID" \
+            --wait
+
+      - name: Upload macOS binaries as artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: signed-agents-darwin
+          path: |
+            ${{ github.workspace }}/agent/utmstack_agent_service_darwin_arm64
+            ${{ github.workspace }}/agent/updater/utmstack_updater_service_darwin_arm64
+          retention-days: 1
+
   build_utmstack_collector:
     name: Build UTMStack Collector
     needs: [setup_deployment]
@@ -211,8 +326,8 @@ jobs:
 
   build_agent_manager:
     name: Build Agent Manager Microservice
-    needs: [build_agent, build_utmstack_collector, setup_deployment]
-    if: ${{ always() && needs.build_agent.result == 'success' && needs.build_utmstack_collector.result == 'success' && needs.setup_deployment.outputs.tag != '' }}
+    needs: [build_agent, build_agent_darwin, build_utmstack_collector, setup_deployment]
+    if: ${{ always() && needs.build_agent.result == 'success' && needs.build_agent_darwin.result == 'success' && needs.build_utmstack_collector.result == 'success' && needs.setup_deployment.outputs.tag != '' }}
     runs-on: ubuntu-24.04
     steps:
       - name: Check out code into the right branch
@@ -230,6 +345,12 @@ jobs:
           name: utmstack-collector
           path: ${{ github.workspace }}/utmstack-collector
 
+      - name: Download signed macOS agents from artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: signed-agents-darwin
+          path: ${{ github.workspace }}/agent-darwin
+
       - name: Prepare dependencies for Agent Manager Image
         run: |
           cd ${{ github.workspace }}/agent-manager
@@ -243,17 +364,33 @@ jobs:
           cp "${{ github.workspace }}/utmstack-collector/version.json" ./dependencies/collector/
 
           mkdir -p ./dependencies/agent/
-          curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/agent/utmstack_agent_dependencies_linux.zip" -o ./dependencies/agent/utmstack_agent_dependencies_linux.zip
-          curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/agent/utmstack_agent_dependencies_windows.zip" -o ./dependencies/agent/utmstack_agent_dependencies_windows.zip
-          curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/agent/utmstack_agent_dependencies_windows_arm64.zip" -o ./dependencies/agent/utmstack_agent_dependencies_windows_arm64.zip
-          curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/agent/utmstack-macos-agent-v10.pkg" -o ./dependencies/agent/utmstack-macos-agent.pkg
-
-          cp "${{ github.workspace }}/agent/utmstack_agent_service" ./dependencies/agent/
-          cp "${{ github.workspace }}/agent/utmstack_agent_service.exe" ./dependencies/agent/
-          cp "${{ github.workspace }}/agent/utmstack_agent_service_arm64.exe" ./dependencies/agent/
-          cp "${{ github.workspace }}/agent/updater/utmstack_updater_service" ./dependencies/agent/
-          cp "${{ github.workspace }}/agent/updater/utmstack_updater_service.exe" ./dependencies/agent/
-          cp "${{ github.workspace }}/agent/updater/utmstack_updater_service_arm64.exe" ./dependencies/agent/
+
+          # Linux agents
+          cp "${{ github.workspace }}/agent/utmstack_agent_service_linux_amd64" ./dependencies/agent/
+          cp "${{ github.workspace }}/agent/utmstack_agent_service_linux_arm64" ./dependencies/agent/
+          cp "${{ github.workspace }}/agent/updater/utmstack_updater_service_linux_amd64" ./dependencies/agent/
+          cp "${{ github.workspace }}/agent/updater/utmstack_updater_service_linux_arm64" ./dependencies/agent/
+
+          # Windows agents
+          cp "${{ github.workspace }}/agent/utmstack_agent_service_windows_amd64.exe" ./dependencies/agent/
+          cp "${{ github.workspace }}/agent/utmstack_agent_service_windows_arm64.exe" ./dependencies/agent/
+          cp "${{ github.workspace }}/agent/updater/utmstack_updater_service_windows_amd64.exe" ./dependencies/agent/
+          cp "${{ github.workspace }}/agent/updater/utmstack_updater_service_windows_arm64.exe" ./dependencies/agent/
+
+          # macOS agents (signed and notarized)
+          cp "${{ github.workspace }}/agent-darwin/utmstack_agent_service_darwin_arm64" ./dependencies/agent/
+          cp "${{ github.workspace }}/agent-darwin/updater/utmstack_updater_service_darwin_arm64" ./dependencies/agent/
+          curl -sSL "https://storage.googleapis.com/utmstack-updates/agent_updates/release/macos-agent/latest/utmstack-collector-mac" -o ./dependencies/agent/utmstack-collector-mac
+
+          # TODO: Remove legacy binary names after all agents have migrated to new naming convention
+          # Legacy names for backwards compatibility with existing agents
+          cp "${{ github.workspace }}/agent/utmstack_agent_service_linux_amd64" ./dependencies/agent/utmstack_agent_service
+          cp "${{ github.workspace }}/agent/updater/utmstack_updater_service_linux_amd64" ./dependencies/agent/utmstack_updater_service
+          cp "${{ github.workspace }}/agent/utmstack_agent_service_windows_amd64.exe" ./dependencies/agent/utmstack_agent_service.exe
+          cp "${{ github.workspace }}/agent/updater/utmstack_updater_service_windows_amd64.exe" ./dependencies/agent/utmstack_updater_service.exe
+          cp "${{ github.workspace }}/agent/utmstack_agent_service_windows_arm64.exe" ./dependencies/agent/utmstack_agent_service_arm64.exe
+          cp "${{ github.workspace }}/agent/updater/utmstack_updater_service_windows_arm64.exe" ./dependencies/agent/utmstack_updater_service_arm64.exe
+
           cp "${{ github.workspace }}/agent/version.json" ./dependencies/agent/
       
       - name: Login to GitHub Container Registry