elastic
diff --git a/‎.claude/CLAUDE.md‎
Lines changed: 1 addition & 0 deletions b/‎.claude/CLAUDE.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 4 additions & 2 deletions b/‎.github/CODEOWNERS‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 2 deletions b/‎.gitignore‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎dev_docs/tutorials/generating_oas_for_http_apis.mdx‎
Lines changed: 12 additions & 0 deletions b/‎dev_docs/tutorials/generating_oas_for_http_apis.mdx‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎examples/grid_example/public/use_layout_styles.tsx‎
Lines changed: 0 additions & 5 deletions b/‎examples/grid_example/public/use_layout_styles.tsx‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎oas_docs/bundle.json‎
Lines changed: 60 additions & 0 deletions b/‎oas_docs/bundle.json‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎oas_docs/bundle.serverless.json‎
Lines changed: 60 additions & 0 deletions b/‎oas_docs/bundle.serverless.json‎
Lines changed: 60 additions & 0 deletions
@@ -0,0 +1 @@
+../AGENTS.md
@@ -2586,8 +2586,8 @@ x-pack/platform/test/functional/page_objects/search_profiler_page.ts @elastic/se
 /x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/automatic_import @elastic/integration-experience
 /x-pack/solutions/security/plugins/security_solution/public/configurations @elastic/security-generative-ai
 /x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/ai_soc @elastic/security-solution @elastic/security-threat-hunting-investigations
-/x-pack/solutions/security/plugins/security_solution/public/agent_builder @elastic/security-generative-ai
-/x-pack/solutions/security/plugins/security_solution/server/agent_builder @elastic/security-generative-ai
+/x-pack/solutions/security/plugins/security_solution/public/agent_builder @elastic/security-threat-hunting @elastic/security-generative-ai
+/x-pack/solutions/security/plugins/security_solution/server/agent_builder @elastic/security-threat-hunting @elastic/security-generative-ai
 
 # AI4DSOC in Security Solution
 /x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/ai4dsoc @elastic/security-engineering-productivity
@@ -2927,6 +2927,7 @@ x-pack/platform/plugins/shared/actions/server/lib/token_tracking @elastic/securi
 /x-pack/solutions/security/plugins/security_solution/public/exceptions @elastic/security-detection-engine
 
 /x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/migrations @elastic/security-detection-engine
+/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/ai_rule_creation @elastic/security-detection-engine
 /x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_actions_legacy @elastic/security-detection-engine
 /x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_exceptions @elastic/security-detection-engine
 /x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_preview @elastic/security-detection-engine
@@ -3241,6 +3242,7 @@ x-pack/solutions/security/test/moon.yml @elastic/kibana-operations
 
 # Leads approval
 /AGENTS.md @elastic/kibana-tech-leads
+/.claude/ @elastic/kibana-tech-leads
 
 ####
 ## These rules are always last so they take ultimate priority over everything else
 
@@ -19,11 +19,10 @@ target
 /build
 .jruby
 .idea
-.claude
+.claude/*.local.json
 .cursor
 !x-pack/solutions/security/test/security_solution_cypress/.cursor/
 .windsurf
-claude.md
 *.iml
 *.log
 types.eslint.config.js
 
@@ -270,6 +270,18 @@ responses:
       application/json:
         examples:
           # Apply a similar pattern to writing examples here
+x-codeSamples:
+- lang: cURL
+  # label: A label which will be used as a title. Defaults to the lang value.
+  source: |
+    curl \
+      -X POST /api/foo
+      -H "kbn-xsrf: true"
+      -d '{...}'
+- lang: Console
+  source: |
+    POST kbn:/api/agent_builder/tools
+    {...}
 ```
 
 </details>
 
@@ -40,10 +40,6 @@ export const useLayoutStyles = () => {
       --dashboardHoverActionsActivePanelBoxShadow--singleWrapper: 0 0 0
         ${euiTheme.border.width.thin} ${euiTheme.colors.vis.euiColorVis0};
 
-      --dashboardHoverActionsActivePanelBoxShadow: -${euiTheme.border.width.thin} 0 ${euiTheme.colors.vis.euiColorVis0},
-        ${euiTheme.border.width.thin} 0 ${euiTheme.colors.vis.euiColorVis0},
-        0 -${euiTheme.border.width.thin} ${euiTheme.colors.vis.euiColorVis0};
-
       .kbnGridSection--targeted {
         background-position: top calc((var(--kbnGridGutterSize) / 2) * -1px) left
           calc((var(--kbnGridGutterSize) / 2) * -1px);
@@ -85,7 +81,6 @@ export const useLayoutStyles = () => {
       .kbnGridPanel--active {
         // overwrite the border style on panels + hover actions for active panels
         --hoverActionsBorderStyle: var(--dashboardActivePanelBorderStyle);
-        --hoverActionsBoxShadowStyle: var(--dashboardHoverActionsActivePanelBoxShadow);
         --hoverActionsSingleWrapperBoxShadowStyle: var(
           --dashboardHoverActionsActivePanelBoxShadow--singleWrapper
         );
 
@@ -3202,6 +3202,16 @@
         "tags": [
           "agent builder"
         ],
+        "x-codeSamples": [
+          {
+            "lang": "curl",
+            "source": "curl \\\n  -X GET \"https://${KIBANA_URL}/api/agent_builder/tools\" \\\n  -H \"Authorization: ApiKey ${API_KEY}\"\n"
+          },
+          {
+            "lang": "Console",
+            "source": "GET kbn:/api/agent_builder/tools\n"
+          }
+        ],
         "x-state": "Added in 9.2.0"
       },
       "post": {
@@ -3403,6 +3413,16 @@
         "tags": [
           "agent builder"
         ],
+        "x-codeSamples": [
+          {
+            "lang": "curl",
+            "source": "curl \\\n -X POST \"https://${KIBANA_URL}/api/agent_builder/tools\" \\\n -H \"Authorization: ApiKey ${API_KEY}\" \\\n -H \"kbn-xsrf: true\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n   \"id\": \"example-esql-tool\",\n   \"type\": \"esql\",\n   \"description\": \"Example ES|QL query tool for analyzing financial trades with time filtering\",\n   \"tags\": [\"analytics\", \"finance\"],\n   \"configuration\": {\n     \"query\": \"FROM financial_trades | WHERE execution_timestamp >= ?startTime | STATS trade_count=COUNT(*), avg_price=AVG(execution_price) BY symbol | SORT trade_count DESC | LIMIT ?limit\",\n     \"params\": {\n       \"startTime\": {\n         \"type\": \"date\",\n         \"description\": \"Start time for the analysis in ISO format\"\n       },\n       \"limit\": {\n         \"type\": \"integer\",\n         \"description\": \"Maximum number of results to return\"\n       }\n     }\n   }\n }'\n"
+          },
+          {
+            "lang": "Console",
+            "source": "POST kbn:/api/agent_builder/tools\n{\n  \"id\": \"example-esql-tool\",\n  \"type\": \"esql\",\n  \"description\": \"An ES|QL query tool for analyzing financial trades with time filtering\",\n  \"tags\": [\"analytics\", \"finance\", \"updated\"],\n  \"configuration\": {\n    \"query\": \"FROM financial_trades | WHERE execution_timestamp >= ?startTime | STATS trade_count=COUNT(*), avg_price=AVG(execution_price) BY symbol | SORT trade_count DESC | LIMIT ?limit\",\n    \"params\": {\n      \"startTime\": {\n        \"type\": \"date\",\n        \"description\": \"Start time for the analysis in ISO format\"\n      },\n      \"limit\": {\n        \"type\": \"integer\",\n        \"description\": \"Maximum number of results to return\"\n      }\n    }\n  }\n}\n"
+          }
+        ],
         "x-state": "Added in 9.2.0"
       }
     },
@@ -3708,6 +3728,16 @@
         "tags": [
           "agent builder"
         ],
+        "x-codeSamples": [
+          {
+            "lang": "curl",
+            "source": "curl \\\n -X POST \"https://${KIBANA_URL}/api/agent_builder/tools/_execute\" \\\n -H \"Authorization: ApiKey ${API_KEY}\" \\\n -H \"kbn-xsrf: true\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n   \"tool_id\": \"platform.core.search\",\n   \"tool_params\": {\n     \"query\": \"can you find john doe's email from the employee index?\"}\n   }\n }'\n"
+          },
+          {
+            "lang": "Console",
+            "source": "POST kbn:/api/agent_builder/tools/_execute\n{\n  \"tool_id\": \"platform.core.search\",\n  \"tool_params\": {\n    \"query\": \"can you find john doe's email from the employee index?\"\n  }\n}\n"
+          }
+        ],
         "x-state": "Added in 9.2.0"
       }
     },
@@ -3757,6 +3787,16 @@
         "tags": [
           "agent builder"
         ],
+        "x-codeSamples": [
+          {
+            "lang": "curl",
+            "source": "curl \\\n  -X DELETE \"https://${KIBANA_URL}/api/agent_builder/tools/{toolId}\" \\\n  -H \"Authorization: ApiKey ${API_KEY}\" \\\n  -H \"kbn-xsrf: true\"\n"
+          },
+          {
+            "lang": "Console",
+            "source": "DELETE kbn:/api/agent_builder/tools/{toolId}\n"
+          }
+        ],
         "x-state": "Added in 9.2.0"
       },
       "get": {
@@ -3894,6 +3934,16 @@
         "tags": [
           "agent builder"
         ],
+        "x-codeSamples": [
+          {
+            "lang": "curl",
+            "source": "curl \\\n  -X GET \"https://${KIBANA_URL}/api/agent_builder/tools/{toolId}\" \\\n  -H \"Authorization: ApiKey ${API_KEY}\"\n"
+          },
+          {
+            "lang": "Console",
+            "source": "GET kbn:/api/agent_builder/tools/{toolId}\n"
+          }
+        ],
         "x-state": "Added in 9.2.0"
       },
       "put": {
@@ -4095,6 +4145,16 @@
         "tags": [
           "agent builder"
         ],
+        "x-codeSamples": [
+          {
+            "lang": "curl",
+            "source": "curl \\\n -X PUT \"https://${KIBANA_URL}/api/agent_builder/tools/{toolId}\" \\\n -H \"Authorization: ApiKey ${API_KEY}\" \\\n -H \"kbn-xsrf: true\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n   \"description\": \"Updated ES|QL query tool for analyzing financial trades with time filtering\",\n   \"tags\": [\"analytics\", \"finance\", \"updated\"],\n   \"configuration\": {\n     \"query\": \"FROM financial_trades | WHERE execution_timestamp >= ?startTime | STATS trade_count=COUNT(*), avg_price=AVG(execution_price) BY symbol | SORT trade_count DESC | LIMIT ?limit\",\n     \"params\": {\n       \"startTime\": {\n         \"type\": \"date\",\n         \"description\": \"Start time for the analysis in ISO format\"\n       },\n       \"limit\": {\n         \"type\": \"integer\",\n         \"description\": \"Maximum number of results to return\"\n       }\n     }\n   }\n }'\n"
+          },
+          {
+            "lang": "Console",
+            "source": "PUT kbn:/api/agent_builder/tools/{toolId}\n{\n  \"description\": \"Updated ES|QL query tool for analyzing financial trades with time filtering\",\n  \"tags\": [\"analytics\", \"finance\", \"updated\"],\n  \"configuration\": {\n    \"query\": \"FROM financial_trades | WHERE execution_timestamp >= ?startTime | STATS trade_count=COUNT(*), avg_price=AVG(execution_price) BY symbol | SORT trade_count DESC | LIMIT ?limit\",\n    \"params\": {\n      \"startTime\": {\n        \"type\": \"date\",\n        \"description\": \"Start time for the analysis in ISO format\"\n      },\n      \"limit\": {\n        \"type\": \"integer\",\n        \"description\": \"Maximum number of results to return\"\n      }\n    }\n  }\n}\n"
+          }
+        ],
         "x-state": "Added in 9.2.0"
       }
     },
 
@@ -3202,6 +3202,16 @@
         "tags": [
           "agent builder"
         ],
+        "x-codeSamples": [
+          {
+            "lang": "curl",
+            "source": "curl \\\n  -X GET \"https://${KIBANA_URL}/api/agent_builder/tools\" \\\n  -H \"Authorization: ApiKey ${API_KEY}\"\n"
+          },
+          {
+            "lang": "Console",
+            "source": "GET kbn:/api/agent_builder/tools\n"
+          }
+        ],
         "x-state": ""
       },
       "post": {
@@ -3403,6 +3413,16 @@
         "tags": [
           "agent builder"
         ],
+        "x-codeSamples": [
+          {
+            "lang": "curl",
+            "source": "curl \\\n -X POST \"https://${KIBANA_URL}/api/agent_builder/tools\" \\\n -H \"Authorization: ApiKey ${API_KEY}\" \\\n -H \"kbn-xsrf: true\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n   \"id\": \"example-esql-tool\",\n   \"type\": \"esql\",\n   \"description\": \"Example ES|QL query tool for analyzing financial trades with time filtering\",\n   \"tags\": [\"analytics\", \"finance\"],\n   \"configuration\": {\n     \"query\": \"FROM financial_trades | WHERE execution_timestamp >= ?startTime | STATS trade_count=COUNT(*), avg_price=AVG(execution_price) BY symbol | SORT trade_count DESC | LIMIT ?limit\",\n     \"params\": {\n       \"startTime\": {\n         \"type\": \"date\",\n         \"description\": \"Start time for the analysis in ISO format\"\n       },\n       \"limit\": {\n         \"type\": \"integer\",\n         \"description\": \"Maximum number of results to return\"\n       }\n     }\n   }\n }'\n"
+          },
+          {
+            "lang": "Console",
+            "source": "POST kbn:/api/agent_builder/tools\n{\n  \"id\": \"example-esql-tool\",\n  \"type\": \"esql\",\n  \"description\": \"An ES|QL query tool for analyzing financial trades with time filtering\",\n  \"tags\": [\"analytics\", \"finance\", \"updated\"],\n  \"configuration\": {\n    \"query\": \"FROM financial_trades | WHERE execution_timestamp >= ?startTime | STATS trade_count=COUNT(*), avg_price=AVG(execution_price) BY symbol | SORT trade_count DESC | LIMIT ?limit\",\n    \"params\": {\n      \"startTime\": {\n        \"type\": \"date\",\n        \"description\": \"Start time for the analysis in ISO format\"\n      },\n      \"limit\": {\n        \"type\": \"integer\",\n        \"description\": \"Maximum number of results to return\"\n      }\n    }\n  }\n}\n"
+          }
+        ],
         "x-state": ""
       }
     },
@@ -3708,6 +3728,16 @@
         "tags": [
           "agent builder"
         ],
+        "x-codeSamples": [
+          {
+            "lang": "curl",
+            "source": "curl \\\n -X POST \"https://${KIBANA_URL}/api/agent_builder/tools/_execute\" \\\n -H \"Authorization: ApiKey ${API_KEY}\" \\\n -H \"kbn-xsrf: true\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n   \"tool_id\": \"platform.core.search\",\n   \"tool_params\": {\n     \"query\": \"can you find john doe's email from the employee index?\"}\n   }\n }'\n"
+          },
+          {
+            "lang": "Console",
+            "source": "POST kbn:/api/agent_builder/tools/_execute\n{\n  \"tool_id\": \"platform.core.search\",\n  \"tool_params\": {\n    \"query\": \"can you find john doe's email from the employee index?\"\n  }\n}\n"
+          }
+        ],
         "x-state": ""
       }
     },
@@ -3757,6 +3787,16 @@
         "tags": [
           "agent builder"
         ],
+        "x-codeSamples": [
+          {
+            "lang": "curl",
+            "source": "curl \\\n  -X DELETE \"https://${KIBANA_URL}/api/agent_builder/tools/{toolId}\" \\\n  -H \"Authorization: ApiKey ${API_KEY}\" \\\n  -H \"kbn-xsrf: true\"\n"
+          },
+          {
+            "lang": "Console",
+            "source": "DELETE kbn:/api/agent_builder/tools/{toolId}\n"
+          }
+        ],
         "x-state": ""
       },
       "get": {
@@ -3894,6 +3934,16 @@
         "tags": [
           "agent builder"
         ],
+        "x-codeSamples": [
+          {
+            "lang": "curl",
+            "source": "curl \\\n  -X GET \"https://${KIBANA_URL}/api/agent_builder/tools/{toolId}\" \\\n  -H \"Authorization: ApiKey ${API_KEY}\"\n"
+          },
+          {
+            "lang": "Console",
+            "source": "GET kbn:/api/agent_builder/tools/{toolId}\n"
+          }
+        ],
         "x-state": ""
       },
       "put": {
@@ -4095,6 +4145,16 @@
         "tags": [
           "agent builder"
         ],
+        "x-codeSamples": [
+          {
+            "lang": "curl",
+            "source": "curl \\\n -X PUT \"https://${KIBANA_URL}/api/agent_builder/tools/{toolId}\" \\\n -H \"Authorization: ApiKey ${API_KEY}\" \\\n -H \"kbn-xsrf: true\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n   \"description\": \"Updated ES|QL query tool for analyzing financial trades with time filtering\",\n   \"tags\": [\"analytics\", \"finance\", \"updated\"],\n   \"configuration\": {\n     \"query\": \"FROM financial_trades | WHERE execution_timestamp >= ?startTime | STATS trade_count=COUNT(*), avg_price=AVG(execution_price) BY symbol | SORT trade_count DESC | LIMIT ?limit\",\n     \"params\": {\n       \"startTime\": {\n         \"type\": \"date\",\n         \"description\": \"Start time for the analysis in ISO format\"\n       },\n       \"limit\": {\n         \"type\": \"integer\",\n         \"description\": \"Maximum number of results to return\"\n       }\n     }\n   }\n }'\n"
+          },
+          {
+            "lang": "Console",
+            "source": "PUT kbn:/api/agent_builder/tools/{toolId}\n{\n  \"description\": \"Updated ES|QL query tool for analyzing financial trades with time filtering\",\n  \"tags\": [\"analytics\", \"finance\", \"updated\"],\n  \"configuration\": {\n    \"query\": \"FROM financial_trades | WHERE execution_timestamp >= ?startTime | STATS trade_count=COUNT(*), avg_price=AVG(execution_price) BY symbol | SORT trade_count DESC | LIMIT ?limit\",\n    \"params\": {\n      \"startTime\": {\n        \"type\": \"date\",\n        \"description\": \"Start time for the analysis in ISO format\"\n      },\n      \"limit\": {\n        \"type\": \"integer\",\n        \"description\": \"Maximum number of results to return\"\n      }\n    }\n  }\n}\n"
+          }
+        ],
         "x-state": ""
       }
     },