[Security solution] naturalLanguageToEsql Tool added to default assistant graph
#192042
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stephmilovic
added
release_note:enhancement
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Great stuff @stephmilovic! 🎉 And good to see where we landed on evals between the two, so thanks for including those! |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
spong
reviewed
Sep 17, 2024
| import { OPEN_AND_ACKNOWLEDGED_ALERTS_TOOL } from './open_and_acknowledged_alerts/open_and_acknowledged_alerts_tool'; | ||
| import { ATTACK_DISCOVERY_TOOL } from './attack_discovery/attack_discovery_tool'; | ||
| import { KNOWLEDGE_BASE_RETRIEVAL_TOOL } from './knowledge_base/knowledge_base_retrieval_tool'; | ||
| import { KNOWLEDGE_BASE_WRITE_TOOL } from './knowledge_base/knowledge_base_write_tool'; | ||
|
|
||
| export const getAssistantTools = (): AssistantTool[] => [ | ||
| export const getAssistantTools = (naturalLanguageESQLToolEnabled: boolean): AssistantTool[] => [ |
There was a problem hiding this comment.
nit: consider making naturalLanguageESQLToolEnabled optional and default to false
spong
reviewed
Sep 17, 2024
Comment on lines
22
to
35
| description: `You MUST use the "${TOOL_NAME}" function when the user wants to: | ||
| - visualize data | ||
| - run any arbitrary query | ||
| - breakdown or filter ES|QL queries that are displayed on the current page | ||
| - convert queries from another language to ES|QL | ||
| - asks general questions about ES|QL | ||
|
|
||
| DO NOT UNDER ANY CIRCUMSTANCES generate ES|QL queries or explain anything about the ES|QL query language yourself. | ||
| DO NOT UNDER ANY CIRCUMSTANCES try to correct an ES|QL query yourself - always use the "${TOOL_NAME}" function for this. | ||
|
|
||
| If the user asks for a query, and one of the dataset info functions was called and returned no results, you should still call the query function to generate an example query. | ||
|
|
||
| Even if the "${TOOL_NAME}" function was used before that, follow it up with the "${TOOL_NAME}" function. If a query fails, do not attempt to correct it yourself. Again you should call the "${TOOL_NAME}" function, | ||
| even if it has been called before.`, |
There was a problem hiding this comment.
We'll probably want to update this to be less suggestive of the additional o11y functions like dataset info, visualize data, etc.
I'll keep an eye out while testing for any flake here, but fine for now while behind a feature flag 👍
spong
reviewed
Sep 17, 2024
| sourceRegister: APP_UI_ID, | ||
| isSupported: (params: ESQLToolParams): params is ESQLToolParams => { | ||
| const { chain, isEnabledKnowledgeBase, modelExists } = params; | ||
| return isEnabledKnowledgeBase && modelExists && chain != null; |
There was a problem hiding this comment.
Just making a note from my other recent works, but isEnabledKnowledgeBase && modelExists can be collapsed into a single param now (in #192665 I'm updating them to be backed by the same value). No change needed here, just noting this upcoming refactor.
spong
reviewed
Sep 17, 2024
.../security_solution/server/assistant/tools/esql_language_knowledge_base/esql_language_tool.ts
Outdated
Show resolved
Hide resolved
pgayvallet
reviewed
Sep 17, 2024
| naturalLanguageToEsql({ | ||
| client: inference.getClient({ request }), | ||
| connectorId, | ||
| input: question, |
There was a problem hiding this comment.
What exactly question is here? Is that only the user's last message?
The task behaves better when additional context is provided (info about which index / index pattern is being targeted, the index's schema or relevant fields to avoid hallucinating fields, and so on). Is that kind of user query rewriting / enhancement performed before calling the task, or not at all? (as this is not something that can be done in this black box, unfortunately)
There was a problem hiding this comment.
What exactly question is here? Is that only the user's last message?
This is going to be however the LLM interprets how it needs to phrase the question to the tool. So for example, take a look at this trace. Within this trace, click into the first orange graph step ActionsClientChatOpenAI.
Here you can see the user's question is:
Generate an ES|QL query that will search for the following use case:
Identifying Rare User Agent
The LLM is then given this message along with tools, tool descriptions, and tool schemas. The LLM then determines that it needs to create an input of question with a question formatted about ESQL. So in this caes, the LLM returns an instruction for a tool call:
"function_call": {
"arguments": "{\"question\":\"Generate an ES|QL query to identify rare user agents.\"}",
"name": "NaturalLanguageESQLTool"
}
Right now the tool schema is:
schema: z.object({
question: z.string().describe(`The user's exact question about ESQL`),
}),
We can try to add prompting for optional fields if an index is specified, but if the user do not provide it we will not have it. Should I try that and run evaluations to see if there is an improvement?
schema: z.object({
question: z.string().describe(`The user's exact question about ESQL`),
index: z.string().optional().describe(`The index the user is referencing.`),
}),
Patryk did have some code in his tool before the NL to ESQL task was available that validated the query alongside the available data views: https://github.com/elastic/kibana/pull/186489/files#diff-bf442ff72176edbab83ea0e5c13d7d23b9273d851bda705fbc6a000afd19232aR209
I did not include that in this PR. I was going to let him expand on that when he returns from PTO on Sept 23.
There was a problem hiding this comment.
@pgayvallet, IMO the NL->ESQL task should be handling all those abstractions. From query re-writing the original prompt, to supplying any dataset info/mappings, and finally both syntax and functional validation.
This would be extremely beneficial for both consistency and ease of use on the consumer side. Soon we'll be bundling this task into other/more complex tasks like generalized retrievers, visualizations, etc, so the less initial input and custom context packing required the better here. Looks like we'll need to update the interface to take some authorizedUser or scoped request so that data access can be taken into account, but looks like it should have everything it needs after that.
There was a problem hiding this comment.
Yeah, I mostly agree, except for that part:
to supplying any dataset info/mappings
Retrieving the mapping from an index is fine, but I'm wondering about the "resolving/deducing which index to use" part:
How would you see that being done in the task itself? The task is a black box, it has no knowledge of the current "context" of the user. How do you see it being able to deduce which index to target?
FWIW, the naturalLanguageToEsql accepts a messages parameter that can be used instead of input, to provide the full conversation (including tool calls) to the task. This is how the o11y assistant is providing the context, as they have a context and dataset tools that the LLM always call because calling the task. That way, the conversation passed to naturalLanguageToEsql has those tool calls, and the agent utilize it to know which index is being targeted
spong
approved these changes
Sep 17, 2024
There was a problem hiding this comment.
Checked out, tested locally and overall implementation LGTM! Thanks for wiring this up @stephmilovic!
Few notes from testing:
- As discussed in this thread, I think we should expand the responsibilities of the NL->ESQL task in the inference plugin to include query re-writing, inclusion of dataset info, validation, etc. This will ensure better consistency in responses across assistants/consumers, while making the task easier to consume and compose into other tasks.
- Before release/final testing, we'll need to update the main tool description as mentioned here since it references o11y specific functions that are not yet available in the inference plugin.
- When testing with Gemini-1.5-pro/Sonnet-3.5, I was seeing the summarizer take over after the tool call and wipe out the query. See this Sonnet trace where there's two more LLM hops after the tool response and this Gemini trace where it thanks the tool for its response 😅. The responses from the tool itself seem mostly 'user-ready', so perhaps we try and return straight from the tool call?
|
@spong thanks for the review!
Sounds good. I saw in the thread that @pgayvallet would add an
Here is that change: 340649c
With LangSmith currently down, I can't see these responses. I'll take a look when I am back from PTO. I can say, I too have seen Gemini talking to itself. I have not quite figured that one out yet but am getting closer. Before LangSmith went down today, I made great progress to improve prompts in the VertexChatAI pr. I plan on iterating further in Gemini, and coming back to Bedrock as well as I saw at least one client issue about performance with that model. I'll reference this PR when working on both of those models. |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Public APIs missing comments
Page load bundle
History
To update your PR or re-run it, just comment with: |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
stephmilovic
added a commit
to stephmilovic/kibana
that referenced
this pull request
Sep 18, 2024
…istant graph (elastic#192042) (cherry picked from commit 798a26f) # Conflicts: # x-pack/plugins/security_solution/tsconfig.json
hop-dev
added a commit
to hop-dev/kibana
that referenced
this pull request
Sep 20, 2024
commit 6d568b0 Merge: 1b0aa69 eabb102 Author: Elastic Machine <elasticmachine@users.noreply.github.com> Date: Thu Sep 19 12:01:52 2024 +0200 Merge branch 'main' into siem-ea-9180-api commit eabb102 Author: Julia <iuliia.guskova@elastic.co> Date: Thu Sep 19 10:28:48 2024 +0200 [ResponseOps][MW] Add telemetry for the maintenance window (elastic#192483) Resolve: elastic#184088 In this PR add telemetry collection of these metrics: - total number of MW in deployments - number of active MW with "repeat" toggle on (time based) - number of active MW with "filter alerts" toggle on (KQL based) ## Testing Create several MW with different settings (toggles on and off) To test changes reflected in telemetry object, modify this file: `x-pack/plugins/alerting/server/usage/task.ts` With: ``` async function scheduleTasks(logger: Logger, taskManager: TaskManagerStartContract) { try { await taskManager.ensureScheduled({ id: TASK_ID, taskType: TELEMETRY_TASK_TYPE, state: emptyState, params: {}, schedule: SCHEDULE, }); } catch (e) { logger.error(`Error scheduling ${TASK_ID}, received ${e.message}`); } await taskManager.runSoon(TASK_ID); } ``` This will cause the telemetry to be sent as soon as the server is restarted. **Run Telemetry usage payload API in your browser console to verify telemetry object:** https://docs.elastic.dev/telemetry/collection/snapshot-telemetry#telemetry-usage-payload-api P.S.: Add space at the beginning of URL ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> commit 210f552 Author: Yulia Čech <6585477+yuliacech@users.noreply.github.com> Date: Thu Sep 19 10:25:33 2024 +0200 [Ingest Pipelines] Fixes processors description (elastic#193183) ## Summary Fixes elastic#191530 This PR adds a stringify helper that is safe to use with objects, arrays, text and numbers. `set` and `append` processors are using this new helper to display `value` in the processor description. Other type of processors don't seem to need it. This PR fixes the pipeline page so that other processors in the pipeline still can be edited via UI. This PR however doesn't fix the processors forms: both processors currently can't handle json objects when editing. This should be fix in a [separate issue](elastic#193186). ### Screenshots <img width="586" alt="Screenshot 2024-09-17 at 16 54 18" src="https://github.com/user-attachments/assets/e1eb64a3-975c-4db7-98a5-b872ec1b016d"> <img width="586" alt="Screenshot 2024-09-17 at 16 54 34" src="https://github.com/user-attachments/assets/ac57406f-ff22-461e-b788-6bdb2d18d7e9"> ### How to test Use this commands in Console to create processors with a json in `value`. ``` PUT _ingest/pipeline/test2 { "processors": [ { "set" : { "field" : "payload", "value" : "test", "if" : "ctx.payload == \"-\"" } } ] } PUT _ingest/pipeline/test1 { "processors": [ { "append": { "field": "test", "value": { "redacted": true } } } ] } ``` ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) commit c676d2b Author: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Thu Sep 19 09:13:14 2024 +0100 Improves Exceptions API docs content (elastic#193040) ## Summary Resolves elastic/security-docs-internal#33 by improving the Exceptions API docs content. Adds missing and improves existing operation summaries and operation descriptions to adhere to our [OAS standards](https://elasticco.atlassian.net/wiki/spaces/DOC/pages/450494532/API+reference+docs). --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> commit 9765f73 Author: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Thu Sep 19 09:03:59 2024 +0100 Improves Timeline API docs content (elastic#192744) ## Summary Resolves elastic/security-docs-internal#35 by improving the Timeline API docs content. Adds missing and improves existing operation summaries and operation descriptions to adhere to our [OAS standards](https://elasticco.atlassian.net/wiki/spaces/DOC/pages/450494532/API+reference+docs). --------- Co-authored-by: Jatin Kathuria <jtn.kathuria@gmail.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> commit f47987f Author: Alex Szabo <alex.szabo@elastic.co> Date: Thu Sep 19 09:53:15 2024 +0200 [ci] skip FTRs that fail on chrome 129 (elastic#193293) ## Summary `google-chrome-stable` is now on version 129. Another set of tests started to fail when running against a VM with unpinned chrome version: https://buildkite.com/elastic/kibana-pull-request/builds/235162 This PR skips another 3 tests and adjusts all messages to point to the central issue. Relates to: elastic/kibana-operations#199 commit 854cb15 Author: Walter Rafelsberger <walter.rafelsberger@elastic.co> Date: Thu Sep 19 08:10:38 2024 +0200 [ML] Anomaly Detection: Adds popover links menu to anomaly explorer charts. (elastic#186587) ## Summary Adds support for clicking on Anomaly Explorer charts to trigger the actions popover menu. - [x] ExplorerChartSingleMetric - [x] ExplorerChartDistribution - [x] Support for embedded charts Anomaly Explorer [ml-anomaly-charts-actions-0001.webm](https://github.com/elastic/kibana/assets/230104/9502b234-7df8-4290-9914-163936487af8) Embedding [ml-anomaly-charts-actions-embedding-0001.webm](https://github.com/elastic/kibana/assets/230104/ee519b47-e924-4947-b127-4f3ecf62616e) ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) commit 32d751f Author: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Thu Sep 19 15:07:39 2024 +1000 [api-docs] 2024-09-19 Daily api_docs build (elastic#193382) Generated by https://buildkite.com/elastic/kibana-api-docs-daily/builds/835 commit 2efd0f0 Author: Vadim Kibana <82822460+vadimkibana@users.noreply.github.com> Date: Thu Sep 19 05:53:05 2024 +0200 [ES|QL] Implement `OrderExpression` for `SORT` command arguments (elastic#189959) ## Summary Closes elastic#189491 - Adds *order expression* AST nodes, which are minted from `SORT` command. - Improves SORT command autocomplete suggestions. Shows fields on first space: <img width="791" alt="image" src="https://github.com/user-attachments/assets/3fec96b4-4e61-4212-a856-ace7a33d9755"> It now shows `NULLS FIRST` and `NULLS LAST`, even before `ASC` or `DESC` was entered, as `ASC` and `DESC` are optional: <img width="871" alt="image" src="https://github.com/user-attachments/assets/4b6d6c28-a7b0-4ac0-bafc-133df1207d54"> Once `ASC` or `DESC` is entered, shows only nulls options: <img width="911" alt="image" src="https://github.com/user-attachments/assets/5b27bd3d-ccdc-4bd0-b09f-fe65e5975e28"> It also now suggests partial modifier, if the in-progress text that user is typing matches it: <img width="504" alt="image" src="https://github.com/user-attachments/assets/9a047c40-b49b-4694-8477-7270cb9c0886"> (However, we are not triggering autocomplete in those cases in UI, so no way to see it in UI right now.) ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> commit 6f4be61 Author: Dominique Clarke <dominique.clarke@elastic.co> Date: Wed Sep 18 21:32:45 2024 -0400 [Synthetics] waterfall chart - handle cached resources (elastic#193089) ## Summary Resolves elastic#184794 Ensures that the cached resources display accurate timing information on the waterfall chart tooltips. The information displayed should match the information displayed in the flyout when the request url is clicked. Tooltip <img width="555" alt="Screenshot 2024-09-16 at 8 49 55 PM" src="https://github.com/user-attachments/assets/516653bc-dcec-4681-965b-08711417ab67"> Flyout <img width="424" alt="Screenshot 2024-09-16 at 2 07 56 PM" src="https://github.com/user-attachments/assets/5fb0bf1c-c65d-4ce3-8a6a-5e95700209dd"> ### Release note Synthetics - resolves an issue for multi step browser journeys where timings for cached resources within the same step were inaccurate within the waterfall chart. ### Testing 1. Create a browser monitor with duplicate requests. For example: ``` step("multi resource step", async () => { await page.goto('https://github.com'); await page.goto('https://github.com'); await page.goto('https://github.com'); }) ``` 2. Navigate to the monitor details page 3. Find the last test run panel, click the view test details button, then click the view performance breakdown button   4. Scroll down to the waterfall chart. If you use github, requests after about 115 should be cached. Note: some request may have been aborted and their waterfall tooltip won't show. Find a request that was not aborted, hover to see the tooltip, then click the request to view the flyout and confirm the information. commit f810bb5 Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Date: Wed Sep 18 18:40:34 2024 -0500 Update docker.elastic.co/wolfi/chainguard-base:latest Docker digest to 6fbf078 (main) (elastic#193356) This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.elastic.co/wolfi/chainguard-base | digest | `d4def25` -> `6fbf078` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> commit 10f86c6 Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Date: Wed Sep 18 18:38:57 2024 -0500 Update dependency msw to ^2.4.5 (main) (elastic#193363) This PR contains the following updates: | Package | Type | Update | Change | Pending | |---|---|---|---|---| | [msw](https://mswjs.io) ([source](https://togithub.com/mswjs/msw)) | devDependencies | patch | [`^2.4.4` -> `^2.4.5`](https://renovatebot.com/diffs/npm/msw/2.4.6/2.4.5) | `2.4.8` (+2) | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkNsb3VkIFNlY3VyaXR5IiwiYmFja3BvcnQ6c2tpcCIsInJlbGVhc2Vfbm90ZTpza2lwIl19--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> commit bcc42d5 Author: Philippe Oberti <philippe.oberti@elastic.co> Date: Thu Sep 19 01:02:36 2024 +0200 [kbn-expandable-flyout] - add support for resizable flyout (elastic#192906) commit 3bea483 Author: Davis Plumlee <56367316+dplumlee@users.noreply.github.com> Date: Wed Sep 18 17:56:10 2024 -0400 [Security Solution] Adds enable on install UI workflow to prebuilt rules page (elastic#191529) ## Summary Adds overflow button UI to all prebuilt rules install buttons in order to enable the rule when it is successfully installed. Previously, a user would have to navigate back to the rules page and find the rule(s) they just installed to enable, this combines those two workflows into a single button action - speeding up the out of the box rule implementation. ### Screenshots **Prebuilt rules table columns** <img width="530" alt="Screenshot 2024-09-04 at 10 38 05 AM" src="https://github.com/user-attachments/assets/4a009afa-a8f0-4eaa-a76b-8f4e509f35a3"> **Prebuilt rules table bulk install** <img width="1478" alt="Screenshot 2024-09-04 at 10 38 16 AM" src="https://github.com/user-attachments/assets/eb6deb9b-9b4e-4be3-a4ac-0da06d6f1e8e"> **Prebuilt rule details flyout** <img width="1489" alt="Screenshot 2024-09-04 at 10 38 44 AM" src="https://github.com/user-attachments/assets/a4bce22d-7e90-42e4-8522-cf411a297659"> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) commit 4c51c00 Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Date: Wed Sep 18 16:10:45 2024 -0500 Update dependency msw to ^2.4.4 (main) (elastic#192955) This PR contains the following updates: | Package | Type | Update | Change | Pending | |---|---|---|---|---| | [msw](https://mswjs.io) ([source](https://togithub.com/mswjs/msw)) | devDependencies | patch | [`^2.4.2` -> `^2.4.4`](https://renovatebot.com/diffs/npm/msw/2.4.2/2.4.4) | `2.4.8` (+3) | --- ### Release Notes <details> <summary>mswjs/msw (msw)</summary> ### [`v2.4.4`](https://togithub.com/mswjs/msw/releases/tag/v2.4.4) [Compare Source](https://togithub.com/mswjs/msw/compare/v2.4.3...v2.4.4) #### v2.4.4 (2024-09-08) ##### Bug Fixes - **fetch:** follow mocked redirect responses ([#&elastic#8203;2268](https://togithub.com/mswjs/msw/issues/2268)) ([`f5785bf`](https://togithub.com/mswjs/msw/commit/f5785bfba1a026075feca4f74cadfcb636ffc257)) [@&elastic#8203;kettanaito](https://togithub.com/kettanaito) - Adopts a new, Socket-based request interception algorithm. ### [`v2.4.3`](https://togithub.com/mswjs/msw/releases/tag/v2.4.3) [Compare Source](https://togithub.com/mswjs/msw/compare/v2.4.2...v2.4.3) #### v2.4.3 (2024-09-07) ##### Bug Fixes - revert "graphql" as optional peer dependency ([#&elastic#8203;2267](https://togithub.com/mswjs/msw/issues/2267)) ([`7cd39e7`](https://togithub.com/mswjs/msw/commit/7cd39e787aa9766eef914bce3d65daec1ce16635)) [@&elastic#8203;kettanaito](https://togithub.com/kettanaito) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkNsb3VkIFNlY3VyaXR5IiwiYmFja3BvcnQ6c2tpcCIsInJlbGVhc2Vfbm90ZTpza2lwIl19--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> commit 798a26f Author: Steph Milovic <stephanie.milovic@elastic.co> Date: Wed Sep 18 15:05:41 2024 -0600 [Security solution] `naturalLanguageToEsql` Tool added to default assistant graph (elastic#192042) commit d4ee1ca Author: Justin Kambic <jk@elastic.co> Date: Wed Sep 18 16:51:52 2024 -0400 [Synthetics] Remove dead code (elastic#193335) ## Summary Gets rid of unused files and some types, constants, etc. that are no longer referenced in production code. commit 91ca8ab Author: Eyo O. Eyo <7893459+eokoneyo@users.noreply.github.com> Date: Wed Sep 18 22:26:44 2024 +0200 [Reporting] update puppeteer to version 23.3.1 (elastic#192345) ## Summary Update for puppeteer, the following changeset updates puppeteer to version `23.3.1`. The chromium version required for this version of puppeteer is `128.0.6613.137` from revision `1331488`, as such the chromium binary included for windows and darwin platforms either match or were the closest revision to the expectation. The linux headless binary was built from commit `fe621c5aa2d6b987e964fb1b5066833da5fb613d` of the same revision. _**N.B.**_ Puppeteer 23.0.0 is earmarked as containing breaking changes see [here](https://github.com/puppeteer/puppeteer/blob/abda5dcc9912f4fa2c5a566403108db783f48538/packages/puppeteer-core/CHANGELOG.md#2300-2024-08-07), this PR considers the outlined changes and makes relevant adjustments so reporting continues working as is. <!-- ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --> ### How to verify linux headless build - clone the following repo https://github.com/tsullivan/kibana-dev-docker - pull this particular PR - follow the steps outlined in the repo, replacing any occurrence of `kibana-<version>-SNAPSHOT-linux-aarch64.tar.gz` from the repo above's step with the output of running build on this changeset. - before running step 4, modify the `kibana.yml` file from the `kibana-dev-docker` repo and include the following so we might be able to verify the version of chromium running; ```yaml logging.loggers: - name: plugins.reporting level: debug ``` - complete the steps outlined in the README, you'll have a linux distro of kibana running on port `5601` - Attempt creating exports of PDF and PNG reports, in dashboard, canvas, and visualizations, on report creation attempt we would see a log output that prints out the chromium version exactly matching this; <img width="1326" alt="Screenshot 2024-09-18 at 14 50 19" src="https://github.com/user-attachments/assets/7206781a-e8f9-469c-ad65-fd13749766b2"> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> commit d84eda1 Author: Justin Kambic <jk@elastic.co> Date: Wed Sep 18 16:07:29 2024 -0400 [Uptime] Delete dead code (elastic#193339) ## Summary Removes code that is unused from the Uptime plugin. commit 3c01b13 Author: Alexi Doak <109488926+doakalexi@users.noreply.github.com> Date: Wed Sep 18 11:53:36 2024 -0700 [ResponseOps] Connector OAS for framework fields (elastic#192767) Resolves elastic#192778 ## Summary This PR updates the following `response` schemas as well as the legacy route schemas for connector APIs to generate OAS documentation: - `POST /api/actions/connector/{id?}` - `GET /api/actions/connector/{id}` - `POST /api/actions/connector/{id}/_execute` - `PUT /api/actions/connector/{id}` The `request` schemas were updated in this [PR](elastic#191678). ### To verify 1. Start ES 2. Add `server.oas.enabled: true` to `kibana.dev.yml` 3. Start Kibana `yarn start --no-base-path` 4. `curl -s -uelastic:changeme http://localhost:5601/api/oas\?pathStartsWith\=/api/actions/ | jq` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Lisa Cawley <lcawley@elastic.co> commit e1db296 Author: Marta Bondyra <4283304+mbondyra@users.noreply.github.com> Date: Wed Sep 18 20:39:25 2024 +0200 [Lens] Corrects incorrect copy for line chart & fix flaky test (elastic#192734) ## Summary Corrects incorrect copy for line chart. Rewrites some of the tests to rtl. Unskips flaky or failing tests. Fixes elastic#192476 Removes some errors from the console that appear during unit test running. --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> commit 4d4afa5 Author: Rickyanto Ang <rickyangwyn@gmail.com> Date: Wed Sep 18 10:55:00 2024 -0700 [Cloud Security] User Name Misconfiguration Table and Preview Contextual Flyout (elastic#192946) ## Summary This PR is the implementation of Misconfiguration Preview and Data table on user.name flyout in Alerts Page. <img width="1717" alt="Screenshot 2024-09-14 at 12 54 37 AM" src="https://github.com/user-attachments/assets/ad405a4a-9820-4bb1-87f0-7e915eeb003b"> How to test: Pre req: In order to test this, you need to generate some fake alerts. This [repo](https://github.com/elastic/security-documents-generator) will help you do that 1. Generate Some Alerts 2. Use the Reindex API to get some Findings data in (change the host.name field to match the host.name from alerts generated if you want to test Findings table in the left panel flyout) 3. Turn on Risky Entity Score if you want to test if both Risk Contribution and Insights tabs shows up, follow this [guide](https://www.elastic.co/guide/en/security/current/turn-on-risk-engine.html) to turn on Risk Entity Score commit b9d7de6 Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Date: Wed Sep 18 12:53:01 2024 -0500 Update OpenFeature (main) (elastic#193332) Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> commit be2d641 Author: Katerina <aikaterini.patticha@elastic.co> Date: Wed Sep 18 20:50:22 2024 +0300 [Inventory] Remove inventory dependency from observability plugin (elastic#193251) ## Summary closes elastic#193200 - Remove inventory dependency from observability plugin - Register inventory in different section in classic stateful sidenav https://github.com/user-attachments/assets/6c9c28bc-7483-4deb-b95a-67585a92f89f commit f40bf52 Author: Melissa Alvarez <melissa.alvarez@elastic.co> Date: Wed Sep 18 11:04:17 2024 -0600 [ML] Serverless Security: Adds ES|QL visualizer menu item in nav (elastic#192314) ## Summary Related issue: elastic#192307 This PR add sthe ES|QL visualizer menu item to the Security solution's nav in serverless. <img width="546" alt="image" src="https://github.com/user-attachments/assets/239c25c8-63af-4009-8e37-78a99d7b6719"> <img width="1189" alt="image" src="https://github.com/user-attachments/assets/e0ac66d4-4066-4c15-8cac-ff5a5e0ae716"> ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> commit de51a1a Author: Sid <siddharthmantri1@gmail.com> Date: Wed Sep 18 19:01:45 2024 +0200 Add debug logging for flaky session tests (elastic#193279) ## Summary Add settings to the ES Test cluster to enable debug logs so that if this test fails in the future, we will have more logs to investigate the issue. __Related:__ elastic#152260 commit 004631b Author: Tomasz Ciecierski <tomasz.ciecierski@elastic.co> Date: Wed Sep 18 18:56:06 2024 +0200 [EDR Workflows] Automated Actions in more rule types (elastic#191874) commit 70b7d26 Author: Nikita Indik <nikita.indik@elastic.co> Date: Wed Sep 18 18:21:00 2024 +0200 [Security Solution] ThreeWayDiff UI: Migrate to using `DiffableRule` TS type in `FieldReadOnly` component (elastic#192342) **Partially addresses: elastic#171520 **Is a follow-up PR to: elastic#191499 This is the 2nd of the 3 PRs for `FieldReadOnly`. - The 1st [PR](elastic#191499) added the `FieldReadOnly` and a bunch of field components. - This (2nd) PR moves away from using `DiffableAllFields` type in favour of `DiffableRule` and splits the large `FieldReadOnly` component into smaller ones for readability. - Next (3rd) PR will add the remaining field components. ## Summary This PR changes the TS type (`DiffableAllFields` -> `DiffableRule`) used by the `FieldReadOnly` component. This component displays a read-only view of a particular rule field, similar to how fields are shown on the Rule Details page. Using `DiffableRule` type makes the component compatible with the flyout context and is safer to use than `DiffableAllFields`. ### Changes - TS type used in the `FieldReadOnly` component and Storybook stories changed to `DiffableRule`. - `FieldReadOnly` field rendering was split into multiple files by rule type to make it more readable. - Added rule-mocking functions to Storybook to allow creation of `DiffableRule` mocks. - Added field components for `name`, `description` and `tags` fields. - Rewrote type narrowing for `Filters` component to a type guard (`isFilters`). - Fixed a couple of outdated code comments. ### Running `FinalReadOnly` and its field components are not yet integrated into the flyout, but you can view components in Storybook. 1. Run Storybook: `yarn storybook security_solution` 2. Go to `http://localhost:9001` in browser. <img width="1062" alt="Schermafbeelding 2024-09-03 om 13 05 11" src="https://github.com/user-attachments/assets/13b227d4-1321-47d9-a0a7-93868c9f4a15"> commit 02ce1b9 Author: Alejandro Fernández Haro <alejandro.haro@elastic.co> Date: Wed Sep 18 18:02:55 2024 +0200 [Feature Flags Service] Hello world 👋 (elastic#188562) Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Jean-Louis Leysens <jloleysens@gmail.com> commit 38d6143 Author: Elena Stoeva <59341489+ElenaStoeva@users.noreply.github.com> Date: Wed Sep 18 16:45:59 2024 +0100 [Index Management] Restrict dot-prefixed index patterns in template form (elastic#193196) Closes elastic#190251 ## Summary This PR adds validation that restricts creating a template with a dot-prefixed index pattern. <img width="1194" alt="Screenshot 2024-09-18 at 10 49 47" src="https://github.com/user-attachments/assets/f24c3e29-7db0-46fc-97de-52d4654073de"> Note: I tried adding tests for this validation [here](https://github.com/elastic/kibana/blob/6a3adf73dacaeda073674ac4a10e8a2597e67739/x-pack/plugins/index_management/__jest__/client_integration/index_template_wizard/template_create.test.tsx#L163), but it didn't work because the index pattern field is mocked in the tests and errors are not triggered from invalid values. commit 78b21cd Author: Tre <wayne.seymour@elastic.co> Date: Wed Sep 18 16:31:11 2024 +0100 [Unskip] x-pack/.../summary_actions.ts (elastic#193120) ## Summary Use retryForTime instead. Test against local (fake mki) and mki; both were security projects. Tested against `x-pack/test_serverless/api_integration/test_suites/security/common_configs/config.group1.ts` Resolves: elastic#193061 --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> commit bfbcf62 Author: Kevin Delemme <kevin.delemme@elastic.co> Date: Wed Sep 18 11:25:42 2024 -0400 chore(rca): show full name in notes and store profile id in model (elastic#193211) commit 5bf4501 Author: Tim Sullivan <tsullivan@users.noreply.github.com> Date: Wed Sep 18 08:19:05 2024 -0700 [Spaces Management] Ensure current badge can only appear for single entry (elastic#193195) ## Summary Closes elastic#192811 ### Checklist Delete any items that are not applicable to this PR. - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or commit e3f3c68 Author: Cauê Marcondes <55978943+cauemarcondes@users.noreply.github.com> Date: Wed Sep 18 16:06:13 2024 +0100 [Inventory][ECO] Entities table (elastic#193272) Real data: <img width="1237" alt="Screenshot 2024-09-18 at 14 23 17" src="https://github.com/user-attachments/assets/ecc496aa-1c43-4c3c-9ac8-d6e4e6cb8aad"> Storybook: <img width="1256" alt="Screenshot 2024-09-18 at 14 23 22" src="https://github.com/user-attachments/assets/03d9f940-7b3f-4aea-9221-42b1c07119d1"> Tooltips: <img width="1250" alt="Screenshot 2024-09-18 at 13 49 19" src="https://github.com/user-attachments/assets/dc99b4cc-4eba-4815-8892-8e3fe7a041bb"> - Use ESQL to fetch the top 500 entities sorted by last seen property. - Display 20 entities per page. - Sorting is handles by the server and saved on the URL - Current page is saved on the URL - Filter entities types `service`, `host` or `container` - Filter only entities from the built in definition - LIMITATION: The EuiGrid doesn't have an embedded loading state, for now, I'm switching the entire view to display a loading spinner while data is being fetched. - PLUS: Storybook created with mock data. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> commit 5040e35 Author: Sébastien Loix <sebastien.loix@elastic.co> Date: Wed Sep 18 15:54:13 2024 +0100 [Chrome service] Expose handler to toggle the sidenav (elastic#193192) commit 1b0aa69 Merge: 1310ae1 26a50f7 Author: Pablo Machado <pablo.nevesmachado@elastic.co> Date: Wed Sep 18 16:06:10 2024 +0200 Merge branch 'main' into siem-ea-9180-api commit 1310ae1 Author: machadoum <pablo.nevesmachado@elastic.co> Date: Wed Sep 18 14:54:27 2024 +0200 Fix CI commit 7eb1118 Merge: c2b1724 61d0b7f Author: Elastic Machine <elasticmachine@users.noreply.github.com> Date: Wed Sep 18 10:33:28 2024 +0200 Merge branch 'main' into siem-ea-9180-api commit c2b1724 Author: machadoum <pablo.nevesmachado@elastic.co> Date: Tue Sep 17 17:06:14 2024 +0200 Improve get entity index function commit a8b96d8 Author: machadoum <pablo.nevesmachado@elastic.co> Date: Tue Sep 17 16:40:48 2024 +0200 Fix build commit 1b94ce7 Author: machadoum <pablo.nevesmachado@elastic.co> Date: Tue Sep 17 14:47:35 2024 +0200 Add code review suggestions commit 7064282 Author: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue Sep 17 12:38:17 2024 +0000 [CI] Auto-commit changed files from 'yarn openapi:bundle' commit ab6e773 Author: machadoum <pablo.nevesmachado@elastic.co> Date: Tue Sep 17 13:49:10 2024 +0200 Rename User and Host records commit 4216ff3 Author: machadoum <pablo.nevesmachado@elastic.co> Date: Tue Sep 17 13:45:24 2024 +0200 Fix API tests commit 500b631 Author: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue Sep 17 10:17:06 2024 +0000 [CI] Auto-commit changed files from 'yarn openapi:bundle' commit 98250e9 Author: machadoum <pablo.nevesmachado@elastic.co> Date: Tue Sep 17 11:22:28 2024 +0200 Code review improvements commit fbb7479 Author: machadoum <pablo.nevesmachado@elastic.co> Date: Tue Sep 10 13:58:47 2024 +0200 Create list entities API add API test Add data client test
8 tasks
spong
added a commit
that referenced
this pull request
Sep 25, 2024
…192665) ## Summary This PR updates the Knowledge Base Management Settings page to use the new `entries` API introduced in #186566. Many thanks to @angorayc for her work on the Assistant Management Settings overhaul, and initial implementation of this new KB Management UI over in #186847. <p align="center"> <img width="600" src="https://github.com/user-attachments/assets/0a82587e-f33c-45f1-9165-1a676d6db5fa" /> </p> ### Feature Flag & Setup The changes in this PR, as with the other [recent V2 KB enhancements](#186566), are behind the following feature flag: ``` xpack.securitySolution.enableExperimental: - 'assistantKnowledgeBaseByDefault' ``` ~They also require a code change in the `AIAssistantService` to enable the new mapping (since setup happens on plugin start before FF registration), so be sure to update `fieldMap` to `knowledgeBaseFieldMapV2` below before testing:~ This is no longer the case as of [cdec104](cdec104). Just changing the above feature flag is now sufficient, just note that if upgrading and the KB was previously setup, you'll need to manually delete the data stream (`DELETE /_data_stream/.kibana-elastic-ai-assistant-knowledge-base-default`) or the management table will be littered with the old ESQL docs instead of being a single aggregate entry. Once configured, the new Knowledge Base Management Settings will become available in Stack Management. The old settings UI is currently still available via the Settings Modal, but will soon be removed and replaced with links to the new interface via the Assistant Settings Context Menu (replacing the existing `cog`). Please see the designs ([Security GenAI](https://www.figma.com/design/BMvpY9EhcPIaoOS7LSrkL0/%5B8.15%2C-%5D-GenAI-Security-Settings?node-id=51-25207&node-type=canvas&t=t3vZSPhMxQhScJVt-0) / [Unified AI Assistant](https://www.figma.com/design/xN20zMRNtMlirWB6n9n1xJ/Unified-AI-Assistant-Settings?node-id=0-1&node-type=canvas&t=3RDYE7h2DjLlFlcN-0)) for all changes. > [!IMPORTANT] > There are no migrations in place between the legacy and v2 KB mappings, so be sure to start with a clean ES data directory. ### Testing To aid with developing the UI, I took the opportunity to start fleshing out the KB Entries API integration tests. These live in [x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries](https://github.com/spong/kibana/tree/7ae6be136ad992b2163df13b55118556b01b6cb9/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries), and are currently configured to only run on `@ess`, as running `tiny_elser` in serverless and MKI environments can be tricky (more on that later). To start the server and run the tests, from the `x-pack/test/security_solution_api_integration/` directory run `yarn genai_kb_entries:server:ess`, and once started, `yarn genai_kb_entries:runner:ess`. ##### Changes in support of testing In order to setup the API integration tests for use with the Knowledge Base, some functional changes needed to be made to the assistant/config: 1. Since ELSER is a heavy model to run in CI, the ML folks have created `pt_tiny_elser` for use in testing. Unfortunately, the `getELSER()` helper off the `ml` client that we use to get the `modelld` for installing ELSER, ingest pipelines, etc, cannot be overridden ([#193633](#193633)), so we must have some other means of doing that. So to get things working in the test env, I've plumbed through an optional `modelId` override to the POST knowledge base route (`/ internal/ elastic_assistant/ knowledge_base/{resource?}?modelId=pt_tiny_elser`). This then overrides the aiAssistantService `getELSER()` function [when fetching](https://github.com/elastic/kibana/blob/645b3b863be16d70b8a7130a84b248c19729c340/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts#L334-L354) a `kbDataClient` using the request, which appears to be the only way to also trigger a reinitialization of the ingest pipeline (which required the `modelId`), since that usually only occurs on plugin start. If there is a cleaner way to perform this reinitialization, please let me know! 2. Turns out [`getService('ml').importTrainedModel()`](https://github.com/elastic/kibana/blob/f18224c6869ae52228da3764ca9a427106b872fb/x-pack/test/functional/services/ml/api.ts#L1575-L1587) can't be run in test env's with `ssl:true`, which is the default security config. You can read more about that issue in [#193477](#193477), but the current workaround is to turn off `ssl` for this specific test configuration, so that's why [`ess.config.ts`](https://github.com/spong/kibana/blob/cf73d4c7fcd69207a9625046456a94212da833c7/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/ess.config.ts#L22) looks a little different. If there's a better way to manage this config, also please let me know! ##### Additional notes We don't currently have a `securityAssistant` API client/service to use in integration tests, so I've just been creating one-off functions using `supertest` for now. I don't have the bandwidth to work this now, but perhaps @MadameSheema / @muskangulati-qasource could lend a hand here? I did need to test multi-user and multi-space scenarios, so I ported over the same [auth helpers](https://github.com/elastic/kibana/tree/dc26f1012f35c2445028a87dcc8cb3f063e058b0/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/utils/auth) I saw used in other suites. Would be nice if these were bundled into the client as well ala how the o11y folks have done it [here](https://github.com/elastic/kibana/blob/e9f23aa98e3abadd491be61b17e7daa3cc110cdb/x-pack/test/observability_ai_assistant_api_integration/tests/knowledge_base/knowledge_base.spec.ts#L27-L34). Perhaps this is also on the list of things for @maximpn to generate from OAS's.... 🙃 ### RBAC In plumbing the UI, I've tried to place `// TODO: KB-RBAC` tags in all the places I came across that will require an RBAC check/change. This includes some of the API integration tests, which I currently have skipped as they would fail without RBAC. ### Other notable changes * There are now dedicated `legacy` and `v2` helper functions when managing persistence/retrieval of knowledge base entries. This should help with tearing out the old KB later, and better readability now. * I've tried to remove dependency on the `ElasticsearchStore` as much as possible. The store's only use should now be within tools as a retriever [here](https://github.com/elastic/kibana/blob/de89153368848397df823c062e907a607d347dff/x-pack/plugins/elastic_assistant/server/routes/helpers.ts#L397-L405), and in post_evaluate [here](https://github.com/elastic/kibana/blob/de89153368848397df823c062e907a607d347dff/x-pack/plugins/elastic_assistant/server/routes/evaluate/post_evaluate.ts#L170-L179). If we adopt the new [`naturalLanguageToESQL`](#192042) tool in `8.16` (or update our existing ESQL tool to use the `kbDataClient` for retrieval), we should be able to get rid of this entirely. * Added a [`spaces_roles_users_data.http`](https://github.com/elastic/kibana/blob/7447394fe39d5e2e098c266c14875d3aa17d3067/x-pack/packages/kbn-elastic-assistant-common/impl/utils/spaces_roles_users_data.http#L1) file for adding spaces, roles, users, and a sample `slackbot` index for use with [sample `IndexEntries` here](https://github.com/elastic/kibana/blob/7447394fe39d5e2e098c266c14875d3aa17d3067/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/crud_knowledge_base_entries_route.http#L18-L56). ### // TODO In effort to make incremental progress and facilitate early knowledge share with @patrykkopycinski, I'm capping this PR where it's at, and so here are the remaining items to complete full integration of the new Knowledge Base Management Settings interface: - [ ] Support `Update` action - [ ] Move from `EuiInMemoryTable` - [ ] Finalize `Setup` UI - [ ] Cleanup `Save` loaders - [ ] Plumb through `{{knowledge_history}}` prompt template and include use's `required` entries All this work is behind the aforementioned feature flag and required code change, and this changeset has also been manually upgrade tested to ensure there are no issues that would impact the regularly scheduled serverless releases. This is more of a note to reviewers when testing that full functionality is not present. ### Checklist - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials * Feature currently behind feature flag. Documentation to be added before flag is removed. Tracked in elastic/security-docs#5337 - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
stephmilovic
added a commit
that referenced
this pull request
Sep 25, 2024
…lt assistant graph (#192042) (#193364) # Backport This will backport the following commits from `main` to `8.x`: - [[Security solution] `naturalLanguageToEsql` Tool added to default assistant graph (#192042)](#192042) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Steph Milovic","email":"stephanie.milovic@elastic.co"},"sourceCommit":{"committedDate":"2024-09-18T21:05:41Z","message":"[Security solution] `naturalLanguageToEsql` Tool added to default assistant graph (#192042)","sha":"798a26f93ce0501ed8fe72e6de94fd7454315d8e","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","v9.0.0","Team: SecuritySolution","Team:Security Generative AI","v8.16.0"],"number":192042,"url":"https://github.com/elastic/kibana/pull/192042","mergeCommit":{"message":"[Security solution] `naturalLanguageToEsql` Tool added to default assistant graph (#192042)","sha":"798a26f93ce0501ed8fe72e6de94fd7454315d8e"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192042","number":192042,"mergeCommit":{"message":"[Security solution] `naturalLanguageToEsql` Tool added to default assistant graph (#192042)","sha":"798a26f93ce0501ed8fe72e6de94fd7454315d8e"}},{"branch":"8.x","label":"v8.16.0","labelRegex":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Garrett Spong <spong@users.noreply.github.com>
spong
added a commit
to spong/kibana
that referenced
this pull request
Sep 25, 2024
…lastic#192665) ## Summary This PR updates the Knowledge Base Management Settings page to use the new `entries` API introduced in elastic#186566. Many thanks to @angorayc for her work on the Assistant Management Settings overhaul, and initial implementation of this new KB Management UI over in elastic#186847. <p align="center"> <img width="600" src="https://github.com/user-attachments/assets/0a82587e-f33c-45f1-9165-1a676d6db5fa" /> </p> ### Feature Flag & Setup The changes in this PR, as with the other [recent V2 KB enhancements](elastic#186566), are behind the following feature flag: ``` xpack.securitySolution.enableExperimental: - 'assistantKnowledgeBaseByDefault' ``` ~They also require a code change in the `AIAssistantService` to enable the new mapping (since setup happens on plugin start before FF registration), so be sure to update `fieldMap` to `knowledgeBaseFieldMapV2` below before testing:~ This is no longer the case as of [cdec104](elastic@cdec104). Just changing the above feature flag is now sufficient, just note that if upgrading and the KB was previously setup, you'll need to manually delete the data stream (`DELETE /_data_stream/.kibana-elastic-ai-assistant-knowledge-base-default`) or the management table will be littered with the old ESQL docs instead of being a single aggregate entry. Once configured, the new Knowledge Base Management Settings will become available in Stack Management. The old settings UI is currently still available via the Settings Modal, but will soon be removed and replaced with links to the new interface via the Assistant Settings Context Menu (replacing the existing `cog`). Please see the designs ([Security GenAI](https://www.figma.com/design/BMvpY9EhcPIaoOS7LSrkL0/%5B8.15%2C-%5D-GenAI-Security-Settings?node-id=51-25207&node-type=canvas&t=t3vZSPhMxQhScJVt-0) / [Unified AI Assistant](https://www.figma.com/design/xN20zMRNtMlirWB6n9n1xJ/Unified-AI-Assistant-Settings?node-id=0-1&node-type=canvas&t=3RDYE7h2DjLlFlcN-0)) for all changes. > [!IMPORTANT] > There are no migrations in place between the legacy and v2 KB mappings, so be sure to start with a clean ES data directory. ### Testing To aid with developing the UI, I took the opportunity to start fleshing out the KB Entries API integration tests. These live in [x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries](https://github.com/spong/kibana/tree/7ae6be136ad992b2163df13b55118556b01b6cb9/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries), and are currently configured to only run on `@ess`, as running `tiny_elser` in serverless and MKI environments can be tricky (more on that later). To start the server and run the tests, from the `x-pack/test/security_solution_api_integration/` directory run `yarn genai_kb_entries:server:ess`, and once started, `yarn genai_kb_entries:runner:ess`. ##### Changes in support of testing In order to setup the API integration tests for use with the Knowledge Base, some functional changes needed to be made to the assistant/config: 1. Since ELSER is a heavy model to run in CI, the ML folks have created `pt_tiny_elser` for use in testing. Unfortunately, the `getELSER()` helper off the `ml` client that we use to get the `modelld` for installing ELSER, ingest pipelines, etc, cannot be overridden ([elastic#193633](elastic#193633)), so we must have some other means of doing that. So to get things working in the test env, I've plumbed through an optional `modelId` override to the POST knowledge base route (`/ internal/ elastic_assistant/ knowledge_base/{resource?}?modelId=pt_tiny_elser`). This then overrides the aiAssistantService `getELSER()` function [when fetching](https://github.com/elastic/kibana/blob/645b3b863be16d70b8a7130a84b248c19729c340/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts#L334-L354) a `kbDataClient` using the request, which appears to be the only way to also trigger a reinitialization of the ingest pipeline (which required the `modelId`), since that usually only occurs on plugin start. If there is a cleaner way to perform this reinitialization, please let me know! 2. Turns out [`getService('ml').importTrainedModel()`](https://github.com/elastic/kibana/blob/f18224c6869ae52228da3764ca9a427106b872fb/x-pack/test/functional/services/ml/api.ts#L1575-L1587) can't be run in test env's with `ssl:true`, which is the default security config. You can read more about that issue in [elastic#193477](elastic#193477), but the current workaround is to turn off `ssl` for this specific test configuration, so that's why [`ess.config.ts`](https://github.com/spong/kibana/blob/cf73d4c7fcd69207a9625046456a94212da833c7/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/ess.config.ts#L22) looks a little different. If there's a better way to manage this config, also please let me know! ##### Additional notes We don't currently have a `securityAssistant` API client/service to use in integration tests, so I've just been creating one-off functions using `supertest` for now. I don't have the bandwidth to work this now, but perhaps @MadameSheema / @muskangulati-qasource could lend a hand here? I did need to test multi-user and multi-space scenarios, so I ported over the same [auth helpers](https://github.com/elastic/kibana/tree/dc26f1012f35c2445028a87dcc8cb3f063e058b0/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/utils/auth) I saw used in other suites. Would be nice if these were bundled into the client as well ala how the o11y folks have done it [here](https://github.com/elastic/kibana/blob/e9f23aa98e3abadd491be61b17e7daa3cc110cdb/x-pack/test/observability_ai_assistant_api_integration/tests/knowledge_base/knowledge_base.spec.ts#L27-L34). Perhaps this is also on the list of things for @maximpn to generate from OAS's.... 🙃 ### RBAC In plumbing the UI, I've tried to place `// TODO: KB-RBAC` tags in all the places I came across that will require an RBAC check/change. This includes some of the API integration tests, which I currently have skipped as they would fail without RBAC. ### Other notable changes * There are now dedicated `legacy` and `v2` helper functions when managing persistence/retrieval of knowledge base entries. This should help with tearing out the old KB later, and better readability now. * I've tried to remove dependency on the `ElasticsearchStore` as much as possible. The store's only use should now be within tools as a retriever [here](https://github.com/elastic/kibana/blob/de89153368848397df823c062e907a607d347dff/x-pack/plugins/elastic_assistant/server/routes/helpers.ts#L397-L405), and in post_evaluate [here](https://github.com/elastic/kibana/blob/de89153368848397df823c062e907a607d347dff/x-pack/plugins/elastic_assistant/server/routes/evaluate/post_evaluate.ts#L170-L179). If we adopt the new [`naturalLanguageToESQL`](elastic#192042) tool in `8.16` (or update our existing ESQL tool to use the `kbDataClient` for retrieval), we should be able to get rid of this entirely. * Added a [`spaces_roles_users_data.http`](https://github.com/elastic/kibana/blob/7447394fe39d5e2e098c266c14875d3aa17d3067/x-pack/packages/kbn-elastic-assistant-common/impl/utils/spaces_roles_users_data.http#L1) file for adding spaces, roles, users, and a sample `slackbot` index for use with [sample `IndexEntries` here](https://github.com/elastic/kibana/blob/7447394fe39d5e2e098c266c14875d3aa17d3067/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/crud_knowledge_base_entries_route.http#L18-L56). ### // TODO In effort to make incremental progress and facilitate early knowledge share with @patrykkopycinski, I'm capping this PR where it's at, and so here are the remaining items to complete full integration of the new Knowledge Base Management Settings interface: - [ ] Support `Update` action - [ ] Move from `EuiInMemoryTable` - [ ] Finalize `Setup` UI - [ ] Cleanup `Save` loaders - [ ] Plumb through `{{knowledge_history}}` prompt template and include use's `required` entries All this work is behind the aforementioned feature flag and required code change, and this changeset has also been manually upgrade tested to ensure there are no issues that would impact the regularly scheduled serverless releases. This is more of a note to reviewers when testing that full functionality is not present. ### Checklist - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials * Feature currently behind feature flag. Documentation to be added before flag is removed. Tracked in elastic/security-docs#5337 - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit 63730ea)
spong
referenced
this pull request
Sep 26, 2024
…s UI (#192665) (#194074) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Assistant] Adds new Knowledge Base Management Settings UI (#192665)](#192665) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Garrett Spong","email":"spong@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-09-25T20:38:18Z","message":"[Security Assistant] Adds new Knowledge Base Management Settings UI (#192665)\n\n## Summary\r\n\r\nThis PR updates the Knowledge Base Management Settings page to use the\r\nnew `entries` API introduced in\r\nhttps://github.com//pull/186566. Many thanks to @angorayc\r\nfor her work on the Assistant Management Settings overhaul, and initial\r\nimplementation of this new KB Management UI over in\r\nhttps://github.com//pull/186847.\r\n\r\n<p align=\"center\">\r\n<img width=\"600\"\r\nsrc=\"https://github.com/user-attachments/assets/0a82587e-f33c-45f1-9165-1a676d6db5fa\"\r\n/>\r\n</p> \r\n\r\n\r\n\r\n### Feature Flag & Setup\r\nThe changes in this PR, as with the other [recent V2 KB\r\nenhancements](#186566), are behind\r\nthe following feature flag:\r\n```\r\nxpack.securitySolution.enableExperimental:\r\n - 'assistantKnowledgeBaseByDefault'\r\n```\r\n\r\n~They also require a code change in the `AIAssistantService` to enable\r\nthe new mapping (since setup happens on plugin start before FF\r\nregistration), so be sure to update `fieldMap` to\r\n`knowledgeBaseFieldMapV2` below before testing:~\r\n\r\nThis is no longer the case as of\r\n[cdec104](https://github.com/elastic/kibana/pull/192665/commits/cdec10402f2e9b889598693f9f415c98ccd9855c).\r\nJust changing the above feature flag is now sufficient, just note that\r\nif upgrading and the KB was previously setup, you'll need to manually\r\ndelete the data stream (`DELETE\r\n/_data_stream/.kibana-elastic-ai-assistant-knowledge-base-default`) or\r\nthe management table will be littered with the old ESQL docs instead of\r\nbeing a single aggregate entry.\r\n\r\nOnce configured, the new Knowledge Base Management Settings will become\r\navailable in Stack Management. The old settings UI is currently still\r\navailable via the Settings Modal, but will soon be removed and replaced\r\nwith links to the new interface via the Assistant Settings Context Menu\r\n(replacing the existing `cog`). Please see the designs ([Security\r\nGenAI](https://www.figma.com/design/BMvpY9EhcPIaoOS7LSrkL0/%5B8.15%2C-%5D-GenAI-Security-Settings?node-id=51-25207&node-type=canvas&t=t3vZSPhMxQhScJVt-0)\r\n/ [Unified AI\r\nAssistant](https://www.figma.com/design/xN20zMRNtMlirWB6n9n1xJ/Unified-AI-Assistant-Settings?node-id=0-1&node-type=canvas&t=3RDYE7h2DjLlFlcN-0))\r\nfor all changes.\r\n\r\n> [!IMPORTANT]\r\n> There are no migrations in place between the legacy and v2 KB\r\nmappings, so be sure to start with a clean ES data directory.\r\n\r\n### Testing\r\n\r\nTo aid with developing the UI, I took the opportunity to start fleshing\r\nout the KB Entries API integration tests. These live in\r\n[x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries](https://github.com/spong/kibana/tree/7ae6be136ad992b2163df13b55118556b01b6cb9/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries),\r\nand are currently configured to only run on `@ess`, as running\r\n`tiny_elser` in serverless and MKI environments can be tricky (more on\r\nthat later).\r\n\r\nTo start the server and run the tests, from the\r\n`x-pack/test/security_solution_api_integration/` directory run `yarn\r\ngenai_kb_entries:server:ess`, and once started, `yarn\r\ngenai_kb_entries:runner:ess`.\r\n\r\n##### Changes in support of testing\r\n\r\nIn order to setup the API integration tests for use with the Knowledge\r\nBase, some functional changes needed to be made to the assistant/config:\r\n\r\n1. Since ELSER is a heavy model to run in CI, the ML folks have created\r\n`pt_tiny_elser` for use in testing. Unfortunately, the `getELSER()`\r\nhelper off the `ml` client that we use to get the `modelld` for\r\ninstalling ELSER, ingest pipelines, etc, cannot be overridden\r\n([#193633](#193633)), so we must\r\nhave some other means of doing that. So to get things working in the\r\ntest env, I've plumbed through an optional `modelId` override to the\r\nPOST knowledge base route (`/ internal/ elastic_assistant/\r\nknowledge_base/{resource?}?modelId=pt_tiny_elser`). This then overrides\r\nthe aiAssistantService `getELSER()` function [when\r\nfetching](https://github.com/elastic/kibana/blob/645b3b863be16d70b8a7130a84b248c19729c340/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts#L334-L354)\r\na `kbDataClient` using the request, which appears to be the only way to\r\nalso trigger a reinitialization of the ingest pipeline (which required\r\nthe `modelId`), since that usually only occurs on plugin start. If there\r\nis a cleaner way to perform this reinitialization, please let me know!\r\n\r\n2. Turns out\r\n[`getService('ml').importTrainedModel()`](https://github.com/elastic/kibana/blob/f18224c6869ae52228da3764ca9a427106b872fb/x-pack/test/functional/services/ml/api.ts#L1575-L1587)\r\ncan't be run in test env's with `ssl:true`, which is the default\r\nsecurity config. You can read more about that issue in\r\n[#193477](#193477), but the\r\ncurrent workaround is to turn off `ssl` for this specific test\r\nconfiguration, so that's why\r\n[`ess.config.ts`](https://github.com/spong/kibana/blob/cf73d4c7fcd69207a9625046456a94212da833c7/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/ess.config.ts#L22)\r\nlooks a little different. If there's a better way to manage this config,\r\nalso please let me know!\r\n\r\n##### Additional notes\r\n\r\nWe don't currently have a `securityAssistant` API client/service to use\r\nin integration tests, so I've just been creating one-off functions using\r\n`supertest` for now. I don't have the bandwidth to work this now, but\r\nperhaps @MadameSheema / @muskangulati-qasource could lend a hand here? I\r\ndid need to test multi-user and multi-space scenarios, so I ported over\r\nthe same [auth\r\nhelpers](https://github.com/elastic/kibana/tree/dc26f1012f35c2445028a87dcc8cb3f063e058b0/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/utils/auth)\r\nI saw used in other suites. Would be nice if these were bundled into the\r\nclient as well ala how the o11y folks have done it\r\n[here](https://github.com/elastic/kibana/blob/e9f23aa98e3abadd491be61b17e7daa3cc110cdb/x-pack/test/observability_ai_assistant_api_integration/tests/knowledge_base/knowledge_base.spec.ts#L27-L34).\r\nPerhaps this is also on the list of things for @maximpn to generate from\r\nOAS's.... 🙃\r\n\r\n### RBAC\r\nIn plumbing the UI, I've tried to place `// TODO: KB-RBAC` tags in all\r\nthe places I came across that will require an RBAC check/change. This\r\nincludes some of the API integration tests, which I currently have\r\nskipped as they would fail without RBAC.\r\n\r\n### Other notable changes\r\n\r\n* There are now dedicated `legacy` and `v2` helper functions when\r\nmanaging persistence/retrieval of knowledge base entries. This should\r\nhelp with tearing out the old KB later, and better readability now.\r\n* I've tried to remove dependency on the `ElasticsearchStore` as much as\r\npossible. The store's only use should now be within tools as a retriever\r\n[here](https://github.com/elastic/kibana/blob/de89153368848397df823c062e907a607d347dff/x-pack/plugins/elastic_assistant/server/routes/helpers.ts#L397-L405),\r\nand in post_evaluate\r\n[here](https://github.com/elastic/kibana/blob/de89153368848397df823c062e907a607d347dff/x-pack/plugins/elastic_assistant/server/routes/evaluate/post_evaluate.ts#L170-L179).\r\nIf we adopt the new\r\n[`naturalLanguageToESQL`](https://github.com/elastic/kibana/pull/192042)\r\ntool in `8.16` (or update our existing ESQL tool to use the\r\n`kbDataClient` for retrieval), we should be able to get rid of this\r\nentirely.\r\n* Added a\r\n[`spaces_roles_users_data.http`](https://github.com/elastic/kibana/blob/7447394fe39d5e2e098c266c14875d3aa17d3067/x-pack/packages/kbn-elastic-assistant-common/impl/utils/spaces_roles_users_data.http#L1)\r\nfile for adding spaces, roles, users, and a sample `slackbot` index for\r\nuse with [sample `IndexEntries`\r\nhere](https://github.com/elastic/kibana/blob/7447394fe39d5e2e098c266c14875d3aa17d3067/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/crud_knowledge_base_entries_route.http#L18-L56).\r\n\r\n### // TODO\r\nIn effort to make incremental progress and facilitate early knowledge\r\nshare with @patrykkopycinski, I'm capping this PR where it's at, and so\r\nhere are the remaining items to complete full integration of the new\r\nKnowledge Base Management Settings interface:\r\n\r\n- [ ] Support `Update` action\r\n- [ ] Move from `EuiInMemoryTable` \r\n- [ ] Finalize `Setup` UI\r\n- [ ] Cleanup `Save` loaders\r\n- [ ] Plumb through `{{knowledge_history}}` prompt template and include\r\nuse's `required` entries\r\n\r\nAll this work is behind the aforementioned feature flag and required\r\ncode change, and this changeset has also been manually upgrade tested to\r\nensure there are no issues that would impact the regularly scheduled\r\nserverless releases. This is more of a note to reviewers when testing\r\nthat full functionality is not present.\r\n\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [X] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n* Feature currently behind feature flag. Documentation to be added\r\nbefore flag is removed. Tracked in\r\nhttps://github.com/elastic/security-docs/issues/5337\r\n- [X] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"63730ea0c9d9b036a05cb919b25b6d19c2ea8f03","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Feature:Security Assistant","Team:Security Generative AI","v8.16.0","backport:version"],"number":192665,"url":"https://github.com/elastic/kibana/pull/192665","mergeCommit":{"message":"[Security Assistant] Adds new Knowledge Base Management Settings UI (#192665)\n\n## Summary\r\n\r\nThis PR updates the Knowledge Base Management Settings page to use the\r\nnew `entries` API introduced in\r\nhttps://github.com//pull/186566. Many thanks to @angorayc\r\nfor her work on the Assistant Management Settings overhaul, and initial\r\nimplementation of this new KB Management UI over in\r\nhttps://github.com//pull/186847.\r\n\r\n<p align=\"center\">\r\n<img width=\"600\"\r\nsrc=\"https://github.com/user-attachments/assets/0a82587e-f33c-45f1-9165-1a676d6db5fa\"\r\n/>\r\n</p> \r\n\r\n\r\n\r\n### Feature Flag & Setup\r\nThe changes in this PR, as with the other [recent V2 KB\r\nenhancements](#186566), are behind\r\nthe following feature flag:\r\n```\r\nxpack.securitySolution.enableExperimental:\r\n - 'assistantKnowledgeBaseByDefault'\r\n```\r\n\r\n~They also require a code change in the `AIAssistantService` to enable\r\nthe new mapping (since setup happens on plugin start before FF\r\nregistration), so be sure to update `fieldMap` to\r\n`knowledgeBaseFieldMapV2` below before testing:~\r\n\r\nThis is no longer the case as of\r\n[cdec104](https://github.com/elastic/kibana/pull/192665/commits/cdec10402f2e9b889598693f9f415c98ccd9855c).\r\nJust changing the above feature flag is now sufficient, just note that\r\nif upgrading and the KB was previously setup, you'll need to manually\r\ndelete the data stream (`DELETE\r\n/_data_stream/.kibana-elastic-ai-assistant-knowledge-base-default`) or\r\nthe management table will be littered with the old ESQL docs instead of\r\nbeing a single aggregate entry.\r\n\r\nOnce configured, the new Knowledge Base Management Settings will become\r\navailable in Stack Management. The old settings UI is currently still\r\navailable via the Settings Modal, but will soon be removed and replaced\r\nwith links to the new interface via the Assistant Settings Context Menu\r\n(replacing the existing `cog`). Please see the designs ([Security\r\nGenAI](https://www.figma.com/design/BMvpY9EhcPIaoOS7LSrkL0/%5B8.15%2C-%5D-GenAI-Security-Settings?node-id=51-25207&node-type=canvas&t=t3vZSPhMxQhScJVt-0)\r\n/ [Unified AI\r\nAssistant](https://www.figma.com/design/xN20zMRNtMlirWB6n9n1xJ/Unified-AI-Assistant-Settings?node-id=0-1&node-type=canvas&t=3RDYE7h2DjLlFlcN-0))\r\nfor all changes.\r\n\r\n> [!IMPORTANT]\r\n> There are no migrations in place between the legacy and v2 KB\r\nmappings, so be sure to start with a clean ES data directory.\r\n\r\n### Testing\r\n\r\nTo aid with developing the UI, I took the opportunity to start fleshing\r\nout the KB Entries API integration tests. These live in\r\n[x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries](https://github.com/spong/kibana/tree/7ae6be136ad992b2163df13b55118556b01b6cb9/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries),\r\nand are currently configured to only run on `@ess`, as running\r\n`tiny_elser` in serverless and MKI environments can be tricky (more on\r\nthat later).\r\n\r\nTo start the server and run the tests, from the\r\n`x-pack/test/security_solution_api_integration/` directory run `yarn\r\ngenai_kb_entries:server:ess`, and once started, `yarn\r\ngenai_kb_entries:runner:ess`.\r\n\r\n##### Changes in support of testing\r\n\r\nIn order to setup the API integration tests for use with the Knowledge\r\nBase, some functional changes needed to be made to the assistant/config:\r\n\r\n1. Since ELSER is a heavy model to run in CI, the ML folks have created\r\n`pt_tiny_elser` for use in testing. Unfortunately, the `getELSER()`\r\nhelper off the `ml` client that we use to get the `modelld` for\r\ninstalling ELSER, ingest pipelines, etc, cannot be overridden\r\n([#193633](#193633)), so we must\r\nhave some other means of doing that. So to get things working in the\r\ntest env, I've plumbed through an optional `modelId` override to the\r\nPOST knowledge base route (`/ internal/ elastic_assistant/\r\nknowledge_base/{resource?}?modelId=pt_tiny_elser`). This then overrides\r\nthe aiAssistantService `getELSER()` function [when\r\nfetching](https://github.com/elastic/kibana/blob/645b3b863be16d70b8a7130a84b248c19729c340/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts#L334-L354)\r\na `kbDataClient` using the request, which appears to be the only way to\r\nalso trigger a reinitialization of the ingest pipeline (which required\r\nthe `modelId`), since that usually only occurs on plugin start. If there\r\nis a cleaner way to perform this reinitialization, please let me know!\r\n\r\n2. Turns out\r\n[`getService('ml').importTrainedModel()`](https://github.com/elastic/kibana/blob/f18224c6869ae52228da3764ca9a427106b872fb/x-pack/test/functional/services/ml/api.ts#L1575-L1587)\r\ncan't be run in test env's with `ssl:true`, which is the default\r\nsecurity config. You can read more about that issue in\r\n[#193477](#193477), but the\r\ncurrent workaround is to turn off `ssl` for this specific test\r\nconfiguration, so that's why\r\n[`ess.config.ts`](https://github.com/spong/kibana/blob/cf73d4c7fcd69207a9625046456a94212da833c7/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/ess.config.ts#L22)\r\nlooks a little different. If there's a better way to manage this config,\r\nalso please let me know!\r\n\r\n##### Additional notes\r\n\r\nWe don't currently have a `securityAssistant` API client/service to use\r\nin integration tests, so I've just been creating one-off functions using\r\n`supertest` for now. I don't have the bandwidth to work this now, but\r\nperhaps @MadameSheema / @muskangulati-qasource could lend a hand here? I\r\ndid need to test multi-user and multi-space scenarios, so I ported over\r\nthe same [auth\r\nhelpers](https://github.com/elastic/kibana/tree/dc26f1012f35c2445028a87dcc8cb3f063e058b0/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/utils/auth)\r\nI saw used in other suites. Would be nice if these were bundled into the\r\nclient as well ala how the o11y folks have done it\r\n[here](https://github.com/elastic/kibana/blob/e9f23aa98e3abadd491be61b17e7daa3cc110cdb/x-pack/test/observability_ai_assistant_api_integration/tests/knowledge_base/knowledge_base.spec.ts#L27-L34).\r\nPerhaps this is also on the list of things for @maximpn to generate from\r\nOAS's.... 🙃\r\n\r\n### RBAC\r\nIn plumbing the UI, I've tried to place `// TODO: KB-RBAC` tags in all\r\nthe places I came across that will require an RBAC check/change. This\r\nincludes some of the API integration tests, which I currently have\r\nskipped as they would fail without RBAC.\r\n\r\n### Other notable changes\r\n\r\n* There are now dedicated `legacy` and `v2` helper functions when\r\nmanaging persistence/retrieval of knowledge base entries. This should\r\nhelp with tearing out the old KB later, and better readability now.\r\n* I've tried to remove dependency on the `ElasticsearchStore` as much as\r\npossible. The store's only use should now be within tools as a retriever\r\n[here](https://github.com/elastic/kibana/blob/de89153368848397df823c062e907a607d347dff/x-pack/plugins/elastic_assistant/server/routes/helpers.ts#L397-L405),\r\nand in post_evaluate\r\n[here](https://github.com/elastic/kibana/blob/de89153368848397df823c062e907a607d347dff/x-pack/plugins/elastic_assistant/server/routes/evaluate/post_evaluate.ts#L170-L179).\r\nIf we adopt the new\r\n[`naturalLanguageToESQL`](https://github.com/elastic/kibana/pull/192042)\r\ntool in `8.16` (or update our existing ESQL tool to use the\r\n`kbDataClient` for retrieval), we should be able to get rid of this\r\nentirely.\r\n* Added a\r\n[`spaces_roles_users_data.http`](https://github.com/elastic/kibana/blob/7447394fe39d5e2e098c266c14875d3aa17d3067/x-pack/packages/kbn-elastic-assistant-common/impl/utils/spaces_roles_users_data.http#L1)\r\nfile for adding spaces, roles, users, and a sample `slackbot` index for\r\nuse with [sample `IndexEntries`\r\nhere](https://github.com/elastic/kibana/blob/7447394fe39d5e2e098c266c14875d3aa17d3067/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/crud_knowledge_base_entries_route.http#L18-L56).\r\n\r\n### // TODO\r\nIn effort to make incremental progress and facilitate early knowledge\r\nshare with @patrykkopycinski, I'm capping this PR where it's at, and so\r\nhere are the remaining items to complete full integration of the new\r\nKnowledge Base Management Settings interface:\r\n\r\n- [ ] Support `Update` action\r\n- [ ] Move from `EuiInMemoryTable` \r\n- [ ] Finalize `Setup` UI\r\n- [ ] Cleanup `Save` loaders\r\n- [ ] Plumb through `{{knowledge_history}}` prompt template and include\r\nuse's `required` entries\r\n\r\nAll this work is behind the aforementioned feature flag and required\r\ncode change, and this changeset has also been manually upgrade tested to\r\nensure there are no issues that would impact the regularly scheduled\r\nserverless releases. This is more of a note to reviewers when testing\r\nthat full functionality is not present.\r\n\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [X] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n* Feature currently behind feature flag. Documentation to be added\r\nbefore flag is removed. Tracked in\r\nhttps://github.com/elastic/security-docs/issues/5337\r\n- [X] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"63730ea0c9d9b036a05cb919b25b6d19c2ea8f03"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192665","number":192665,"mergeCommit":{"message":"[Security Assistant] Adds new Knowledge Base Management Settings UI (#192665)\n\n## Summary\r\n\r\nThis PR updates the Knowledge Base Management Settings page to use the\r\nnew `entries` API introduced in\r\nhttps://github.com//pull/186566. Many thanks to @angorayc\r\nfor her work on the Assistant Management Settings overhaul, and initial\r\nimplementation of this new KB Management UI over in\r\nhttps://github.com//pull/186847.\r\n\r\n<p align=\"center\">\r\n<img width=\"600\"\r\nsrc=\"https://github.com/user-attachments/assets/0a82587e-f33c-45f1-9165-1a676d6db5fa\"\r\n/>\r\n</p> \r\n\r\n\r\n\r\n### Feature Flag & Setup\r\nThe changes in this PR, as with the other [recent V2 KB\r\nenhancements](#186566), are behind\r\nthe following feature flag:\r\n```\r\nxpack.securitySolution.enableExperimental:\r\n - 'assistantKnowledgeBaseByDefault'\r\n```\r\n\r\n~They also require a code change in the `AIAssistantService` to enable\r\nthe new mapping (since setup happens on plugin start before FF\r\nregistration), so be sure to update `fieldMap` to\r\n`knowledgeBaseFieldMapV2` below before testing:~\r\n\r\nThis is no longer the case as of\r\n[cdec104](https://github.com/elastic/kibana/pull/192665/commits/cdec10402f2e9b889598693f9f415c98ccd9855c).\r\nJust changing the above feature flag is now sufficient, just note that\r\nif upgrading and the KB was previously setup, you'll need to manually\r\ndelete the data stream (`DELETE\r\n/_data_stream/.kibana-elastic-ai-assistant-knowledge-base-default`) or\r\nthe management table will be littered with the old ESQL docs instead of\r\nbeing a single aggregate entry.\r\n\r\nOnce configured, the new Knowledge Base Management Settings will become\r\navailable in Stack Management. The old settings UI is currently still\r\navailable via the Settings Modal, but will soon be removed and replaced\r\nwith links to the new interface via the Assistant Settings Context Menu\r\n(replacing the existing `cog`). Please see the designs ([Security\r\nGenAI](https://www.figma.com/design/BMvpY9EhcPIaoOS7LSrkL0/%5B8.15%2C-%5D-GenAI-Security-Settings?node-id=51-25207&node-type=canvas&t=t3vZSPhMxQhScJVt-0)\r\n/ [Unified AI\r\nAssistant](https://www.figma.com/design/xN20zMRNtMlirWB6n9n1xJ/Unified-AI-Assistant-Settings?node-id=0-1&node-type=canvas&t=3RDYE7h2DjLlFlcN-0))\r\nfor all changes.\r\n\r\n> [!IMPORTANT]\r\n> There are no migrations in place between the legacy and v2 KB\r\nmappings, so be sure to start with a clean ES data directory.\r\n\r\n### Testing\r\n\r\nTo aid with developing the UI, I took the opportunity to start fleshing\r\nout the KB Entries API integration tests. These live in\r\n[x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries](https://github.com/spong/kibana/tree/7ae6be136ad992b2163df13b55118556b01b6cb9/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries),\r\nand are currently configured to only run on `@ess`, as running\r\n`tiny_elser` in serverless and MKI environments can be tricky (more on\r\nthat later).\r\n\r\nTo start the server and run the tests, from the\r\n`x-pack/test/security_solution_api_integration/` directory run `yarn\r\ngenai_kb_entries:server:ess`, and once started, `yarn\r\ngenai_kb_entries:runner:ess`.\r\n\r\n##### Changes in support of testing\r\n\r\nIn order to setup the API integration tests for use with the Knowledge\r\nBase, some functional changes needed to be made to the assistant/config:\r\n\r\n1. Since ELSER is a heavy model to run in CI, the ML folks have created\r\n`pt_tiny_elser` for use in testing. Unfortunately, the `getELSER()`\r\nhelper off the `ml` client that we use to get the `modelld` for\r\ninstalling ELSER, ingest pipelines, etc, cannot be overridden\r\n([#193633](#193633)), so we must\r\nhave some other means of doing that. So to get things working in the\r\ntest env, I've plumbed through an optional `modelId` override to the\r\nPOST knowledge base route (`/ internal/ elastic_assistant/\r\nknowledge_base/{resource?}?modelId=pt_tiny_elser`). This then overrides\r\nthe aiAssistantService `getELSER()` function [when\r\nfetching](https://github.com/elastic/kibana/blob/645b3b863be16d70b8a7130a84b248c19729c340/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts#L334-L354)\r\na `kbDataClient` using the request, which appears to be the only way to\r\nalso trigger a reinitialization of the ingest pipeline (which required\r\nthe `modelId`), since that usually only occurs on plugin start. If there\r\nis a cleaner way to perform this reinitialization, please let me know!\r\n\r\n2. Turns out\r\n[`getService('ml').importTrainedModel()`](https://github.com/elastic/kibana/blob/f18224c6869ae52228da3764ca9a427106b872fb/x-pack/test/functional/services/ml/api.ts#L1575-L1587)\r\ncan't be run in test env's with `ssl:true`, which is the default\r\nsecurity config. You can read more about that issue in\r\n[#193477](#193477), but the\r\ncurrent workaround is to turn off `ssl` for this specific test\r\nconfiguration, so that's why\r\n[`ess.config.ts`](https://github.com/spong/kibana/blob/cf73d4c7fcd69207a9625046456a94212da833c7/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/ess.config.ts#L22)\r\nlooks a little different. If there's a better way to manage this config,\r\nalso please let me know!\r\n\r\n##### Additional notes\r\n\r\nWe don't currently have a `securityAssistant` API client/service to use\r\nin integration tests, so I've just been creating one-off functions using\r\n`supertest` for now. I don't have the bandwidth to work this now, but\r\nperhaps @MadameSheema / @muskangulati-qasource could lend a hand here? I\r\ndid need to test multi-user and multi-space scenarios, so I ported over\r\nthe same [auth\r\nhelpers](https://github.com/elastic/kibana/tree/dc26f1012f35c2445028a87dcc8cb3f063e058b0/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/utils/auth)\r\nI saw used in other suites. Would be nice if these were bundled into the\r\nclient as well ala how the o11y folks have done it\r\n[here](https://github.com/elastic/kibana/blob/e9f23aa98e3abadd491be61b17e7daa3cc110cdb/x-pack/test/observability_ai_assistant_api_integration/tests/knowledge_base/knowledge_base.spec.ts#L27-L34).\r\nPerhaps this is also on the list of things for @maximpn to generate from\r\nOAS's.... 🙃\r\n\r\n### RBAC\r\nIn plumbing the UI, I've tried to place `// TODO: KB-RBAC` tags in all\r\nthe places I came across that will require an RBAC check/change. This\r\nincludes some of the API integration tests, which I currently have\r\nskipped as they would fail without RBAC.\r\n\r\n### Other notable changes\r\n\r\n* There are now dedicated `legacy` and `v2` helper functions when\r\nmanaging persistence/retrieval of knowledge base entries. This should\r\nhelp with tearing out the old KB later, and better readability now.\r\n* I've tried to remove dependency on the `ElasticsearchStore` as much as\r\npossible. The store's only use should now be within tools as a retriever\r\n[here](https://github.com/elastic/kibana/blob/de89153368848397df823c062e907a607d347dff/x-pack/plugins/elastic_assistant/server/routes/helpers.ts#L397-L405),\r\nand in post_evaluate\r\n[here](https://github.com/elastic/kibana/blob/de89153368848397df823c062e907a607d347dff/x-pack/plugins/elastic_assistant/server/routes/evaluate/post_evaluate.ts#L170-L179).\r\nIf we adopt the new\r\n[`naturalLanguageToESQL`](https://github.com/elastic/kibana/pull/192042)\r\ntool in `8.16` (or update our existing ESQL tool to use the\r\n`kbDataClient` for retrieval), we should be able to get rid of this\r\nentirely.\r\n* Added a\r\n[`spaces_roles_users_data.http`](https://github.com/elastic/kibana/blob/7447394fe39d5e2e098c266c14875d3aa17d3067/x-pack/packages/kbn-elastic-assistant-common/impl/utils/spaces_roles_users_data.http#L1)\r\nfile for adding spaces, roles, users, and a sample `slackbot` index for\r\nuse with [sample `IndexEntries`\r\nhere](https://github.com/elastic/kibana/blob/7447394fe39d5e2e098c266c14875d3aa17d3067/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/crud_knowledge_base_entries_route.http#L18-L56).\r\n\r\n### // TODO\r\nIn effort to make incremental progress and facilitate early knowledge\r\nshare with @patrykkopycinski, I'm capping this PR where it's at, and so\r\nhere are the remaining items to complete full integration of the new\r\nKnowledge Base Management Settings interface:\r\n\r\n- [ ] Support `Update` action\r\n- [ ] Move from `EuiInMemoryTable` \r\n- [ ] Finalize `Setup` UI\r\n- [ ] Cleanup `Save` loaders\r\n- [ ] Plumb through `{{knowledge_history}}` prompt template and include\r\nuse's `required` entries\r\n\r\nAll this work is behind the aforementioned feature flag and required\r\ncode change, and this changeset has also been manually upgrade tested to\r\nensure there are no issues that would impact the regularly scheduled\r\nserverless releases. This is more of a note to reviewers when testing\r\nthat full functionality is not present.\r\n\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [X] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n* Feature currently behind feature flag. Documentation to be added\r\nbefore flag is removed. Tracked in\r\nhttps://github.com/elastic/security-docs/issues/5337\r\n- [X] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"63730ea0c9d9b036a05cb919b25b6d19c2ea8f03"}},{"branch":"8.x","label":"v8.16.0","labelRegex":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds a new tool to AI Assistant and Evaluator -
NaturalLanguageESQLTool, which utilizes the new inference NL-to-ESQL task. It is behind a feature flag. When the feature flag is enabled, the newNaturalLanguageESQLToolis used instead of theESQLKnowledgeBaseTool. To enable, add this to your kibana.dev.yml:Test runs
To see the tool in use, check out the ES|QL Generation Regression Suite. As Gemini is still in progress, we are only comparing Bedrock and OpenAI runs. Please compare the
ESQLKnowledgeBaseToolruns (91-94) compared to theNaturalLanguageESQLToolruns (111-114). As you can see, OpenAI runs remained consistent in correctness and Bedrock saw improvementsESQLKnowledgeBaseToolNaturalLanguageESQLToolNote:
The correctness difference between the 2
NaturalLanguageESQLToolBedrock runs is due to Bedrock server errors and we can assume this is a server issue, not an issue with the tool