[Security Solution] Product features simplification refactor

[semd]

Summary

The introduction of the siemV3 feature exposed limitations and increasing complexity in the existing product feature framework.

Two main challenges surfaced:

• Conditional feature definitions – Handling replaceBy logic in PLI definitions and offers (e.g., serverless vs ESS) required brittle, hard‑to‑maintain workarounds.
• Multi-version feature support – Managing parallel versions of the same feature (v1, v2, v3) was cumbersome, as the original framework was not designed for versioning.

This PR refactors and streamlines the product feature framework to make it clearer, easier to maintain, and more developer‑friendly.

Note

This PR is dev-only and introduces no functional or UX changes. All updates are internal and transparent to end users.

Files by Code Owner

elastic/kibana-core

• src/platform/packages/shared/kbn-utility-types/index.ts

elastic/kibana-security

• x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts

elastic/security-solution

• x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/cases_product_feature_params.ts
• x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/mocks.ts
• x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features.test.ts
• x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features.ts
• x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features_api_access_control.ts
• x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features_config_merger.test.ts
• x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features_config_merger.ts
• x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features_service.test.ts
• x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features_service.ts
• x-pack/solutions/security/plugins/security_solution/server/plugin.ts
• x-pack/solutions/security/plugins/security_solution/tsconfig.json
• x-pack/solutions/security/plugins/security_solution_ess/server/jest.config.js
• x-pack/solutions/security/plugins/security_solution_ess/server/plugin.ts
• x-pack/solutions/security/plugins/security_solution_ess/server/product_features/assistant_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_ess/server/product_features/attack_discovery_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_ess/server/product_features/cases_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_ess/server/product_features/index.ts
• x-pack/solutions/security/plugins/security_solution_ess/server/product_features/notes_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_ess/server/product_features/product_features_extensions.test.ts
• x-pack/solutions/security/plugins/security_solution_ess/server/product_features/product_features_extensions.ts
• x-pack/solutions/security/plugins/security_solution_ess/server/product_features/security_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_ess/server/product_features/siem_migrations_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_ess/server/product_features/timeline_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_ess/tsconfig.json
• x-pack/solutions/security/plugins/security_solution_serverless/server/plugin.ts
• x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/assistant_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/attack_discovery_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/cases_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/index.ts
• x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/notes_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/product_features_extensions.test.ts
• x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/product_features_extensions.ts
• x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/security_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/siem_migrations_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/timeline_product_features_config.ts
• x-pack/solutions/security/plugins/security_solution_serverless/tsconfig.json
• x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts

elastic/security-threat-hunting-investigations

• x-pack/solutions/security/packages/features/config.ts
• x-pack/solutions/security/packages/features/src/assistant/index.ts
• x-pack/solutions/security/packages/features/src/assistant/product_feature_config.ts
• x-pack/solutions/security/packages/features/src/attack_discovery/index.ts
• x-pack/solutions/security/packages/features/src/attack_discovery/product_feature_config.ts
• x-pack/solutions/security/packages/features/src/cases/index.ts
• x-pack/solutions/security/packages/features/src/cases/kibana_sub_features.ts
• x-pack/solutions/security/packages/features/src/cases/product_feature_config.ts
• x-pack/solutions/security/packages/features/src/cases/types.ts
• x-pack/solutions/security/packages/features/src/cases/v1_features/kibana_features.ts
• x-pack/solutions/security/packages/features/src/cases/v1_features/kibana_sub_features.ts
• x-pack/solutions/security/packages/features/src/cases/v1_features/types.ts
• x-pack/solutions/security/packages/features/src/cases/v2_features/kibana_features.ts
• x-pack/solutions/security/packages/features/src/cases/v2_features/kibana_sub_features.ts
• x-pack/solutions/security/packages/features/src/cases/v3_features/kibana_features.ts
• x-pack/solutions/security/packages/features/src/cases/v3_features/kibana_sub_features.ts
• x-pack/solutions/security/packages/features/src/helpers.ts
• x-pack/solutions/security/packages/features/src/notes/index.ts
• x-pack/solutions/security/packages/features/src/notes/product_feature_config.ts
• x-pack/solutions/security/packages/features/src/product_features_keys.ts
• x-pack/solutions/security/packages/features/src/security/index.ts
• x-pack/solutions/security/packages/features/src/security/kibana_sub_features.ts
• x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
• x-pack/solutions/security/packages/features/src/security/types.ts
• x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts
• x-pack/solutions/security/packages/features/src/security/v1_features/product_feature_config.ts
• x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts
• x-pack/solutions/security/packages/features/src/security/v2_features/product_feature_config.ts
• x-pack/solutions/security/packages/features/src/security/v3_features/kibana_sub_features.ts
• x-pack/solutions/security/packages/features/src/siem_migrations/index.ts
• x-pack/solutions/security/packages/features/src/siem_migrations/product_feature_config.ts
• x-pack/solutions/security/packages/features/src/timeline/index.ts
• x-pack/solutions/security/packages/features/src/timeline/product_feature_config.ts
• x-pack/solutions/security/packages/features/src/types.ts
• x-pack/solutions/security/packages/features/src/utils/index.ts
• x-pack/solutions/security/packages/features/src/utils/product_feature_config.test.ts
• x-pack/solutions/security/packages/features/src/utils/product_feature_config.ts
• x-pack/solutions/security/packages/features/src/utils/sub_features.test.ts
• x-pack/solutions/security/packages/features/src/utils/sub_features.ts
• x-pack/solutions/security/packages/features/utils.ts

---

Key Changes

• ProductFeatureService Refactor

  • The setProductFeaturesConfigurator contract was streamlined:

    • Before: Expected a single large object containing all ProductFeatureConfig entries, with the object keys implicitly defining the enabled productFeaturesKeys.

    • Now:

      • Accepts enabledProductFeatureKeys separately.
      • Accepts extensions of the product feature configs (supports version-specific and common definitions for all feature versions); generic configs are now loaded statically from the package.
      • Extension/merging logic is fully encapsulated inside the service, so consumers (ess and serverless plugins) no longer need to perform it manually.

  • The ProductFeaturesService constructor has been refactored to better support multiple feature versions (v1, v2, v3) and to simplify its usage.

  • Some internal logic has been modularised into separate files for clarity. No functional or UX changes.

• Version Extensions Support

  • Version-specific configurations

    • product_feature_config.ts files now can be defined per-version (v1, v2, v3, etc.). Only the extensions from the base top-level product_feature_config.ts need to be specified. Tools to merge configurations have been created.

  • Centralised Sub-Feature Definitions

    • Introduced a top-level kibana_sub_features.ts file to define all subFeatures in one place, eliminating duplication across versions.
    • Version-specific configs can now import from this unified source to construct their subFeatureMap, tools to add version-specific privileges or deprecation replacements have been created to facilitate feature migrations.

  • Utility Enhancements

    • New helper utilities in src/utils/product_feature_config.ts simplify merging version-specific ProductFeatureConfig definitions.
    • New helper utilities in src/utils/sub_features.ts simplify creating and extending version-specific subFeatureMap objects.

• featureConfigModifiers (formerly baseFeatureConfigModifier)

  • Renamed for clarity and updated to reflect its new role: it now modifies the final KibanaFeatureConfig, including merged subFeatures.
  • Updated to accept a mutable copy of KibanaFeatureConfig, simplifying the function’s implementation and usage.
  • Updated to be an array, so it is possible to add multiple small modifier functions.

• ProductFeatureKeys Relaxed Typing

  • Type requirement loosened: ProductFeatureKeys is now Partial in ProductFeatureConfig, so devs no longer need to define empty configurations just to satisfy type constraints.

• Type Simplifications

  • Introduced new generics to streamline complex types and improve DX.

[gergoabraham]

@semd, I cannot add you as a reviewer, but it would be great if you could have a look at the changes 👐

I didn't do much changes, I think we already have lots of changes that can support going forward, and in case it turns out we can include more simplification, we can do that. I'll test this soon when I unify Endpoint exception ESS vs serverless sub-feature privileges in the next weeks, that's for sure.

[afharo]

New RecursiveWritable LGTM

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 51c7b1f

Failed CI Steps

• FTR Configs #70

Test Failures

• [job] [logs] FTR Configs #70 / Alerting getActionErrorLog get and filter action error logs for rules with multiple action errors

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
@kbn/security-solution-features	26	30	+4

Unknown metric groups

API count

id	before	after	diff
@kbn/security-solution-features	26	36	+10
@kbn/utility-types	37	38	+1
total			+11

History

• 💔 Build #332765 failed 04d4700
• 💚 Build #332017 succeeded 5e51bd8
• 💚 Build #331778 succeeded 9f6667c
• 💚 Build #331687 succeeded 62f9888
• 💔 Build #331491 failed af31727

cc @gergoabraham

[xcrzx]

Hey, we’re planning to introduce siemV4 in 9.2. Here's a draft PR - #232113. I believe once this refactoring is merged, we’ll end up with a ton of conflicts. Any chance you could hold off on the refactoring so we can finish our RBAC work on time?

cc @yctercero @banderror

[semd]

Any chance you could hold off on the refactoring so we can finish our RBAC work on time?

Hey @xcrzx, I see your point. From my perspective, it might be better to merge this refactoring first. These changes should make it easier to integrate siemV4. Even though we’ll run into some conflicts, resolving them will likely simplify the overall implementation and reduce the number of changes.

[PhilippeOberti]

Thanks for this code cleanup and simplification! I love seeing over a 1500 lines removed!

[gergoabraham]

hey @xcrzx, it's an unfortunate timing, but this refactor PR could (and i think should) be merged today, which would allow time for fixing the conflicts, and not delaying an important simplification.

also, when do you plan to merge the siemV4 PR? our team also has plans for adding a feature deprecation - it is pending at the moment if it will make it into 9.2 or 9.3, but if it is 9.2, it'd be reasonable to collect all changes in one PR to avoid introducing siemV5 so quickly. cc @dasansol92

in case we make it to 9.2, i can also offer to - instead of fighting conflicts - create a new siemV4 PR with our changes, and you can cherry-pick your changes into that PR.

[xcrzx]

hey @xcrzx, it's an unfortunate timing, but this refactor PR could (and i think should) be merged today, which would allow time for fixing the conflicts, and not delaying an important simplification.

Yeah, if it’s ready to be merged today, then okay, it’s better not to hold it off for too long. We’re targeting 9.2 for the siemV4 changes, but unfortunately don’t have a more specific date yet, since it’s cross-team work on our end and might take some time to coordinate and test everything. I’d assume it will be ready closer to the 9.2 feature freeze.

Regarding creating a shared siemV4 branch, I’ll discuss it internally with the teams involved, but that might be difficult to manage since the changeset we are going to implement isn't small.

[gergoabraham]

thanks @xcrzx, it's in.

Regarding creating a shared siemV4 branch, I’ll discuss it internally with the teams involved, but that might be difficult to manage since the changeset we are going to implement isn't small.

sure, let's keep in touch. 👍

[semd]

Awesome! Thanks @gergoabraham, and everybody involved.

Regarding the planned RBAC changes, I agree that we should collaborate cross-team and try to group all of them in V4. So we avoid having to add another one right after.