Skip to content

[EDR Workflows] Initialize SelectorComponent value in Scripts picker#225451

Closed
tomsonpl wants to merge 36 commits intoelastic:mainfrom
tomsonpl:fix-script-picker
Closed

[EDR Workflows] Initialize SelectorComponent value in Scripts picker#225451
tomsonpl wants to merge 36 commits intoelastic:mainfrom
tomsonpl:fix-script-picker

Conversation

@tomsonpl
Copy link
Contributor

@tomsonpl tomsonpl commented Jun 26, 2025

Description

Previously, #204965 introduced a string based Selector Component, however the Response Console's framework wasn't adjusted to fully support it:

  • Selector Components Not Restoring State from History:
    When users selected a command from history (e.g., custom script execution), the selector UI (such as script dropdowns) could not restore its value from the previously entered command text. This left the UI out of sync with the command, confusing users and breaking workflows.

  • Broken Paste Functionality:
    Pasting a full command (including arguments meant for selectors) into the console did not populate the selector UI components. As a result, users who pasted commands from documentation or shared snippets would see empty or incorrect selector states, making it difficult to execute or edit those commands.

These issues stemmed from the lack of a unified mechanism for synchronizing between the command text and selector state. Command-specific logic was difficult to maintain and extend.


How was it resolved?

This PR introduces a unified, handler-based approach to command parsing and selector state management:

  • Command Handlers:
    Each supported command (e.g., runscript) now has a dedicated handler responsible for:

    • Initializing selector state from command text (for both history and paste)
    • Reconstructing command text from the current selector state (for editing and display)
    • Keeping the UI and command text in sync at all times

    Note: For file upload, the selector is always initialized as empty, matching the intended UX.

  • Central Registry:
    All command handlers are registered in a central registry, allowing the system to dynamically delegate parsing and state management to the correct handler for each command. This eliminates scattered logic and makes the system much more maintainable.

  • Bidirectional Synchronization:
    Selector components now reliably initialize their state from both command history and pasted text (where applicable). Any changes in the selector UI are immediately reflected in the command text, and vice versa.


Additional Architectural Improvements

Based on code review feedback, this PR also addresses architectural concerns with the CustomScriptSelector component:

  • 🔧 Standard React Component:
    Converted from function-returning-component pattern (CustomScriptSelector('agentType')) to standard React component (<CustomScriptSelector />)

  • 🔧 Console Framework Encapsulation:
    Removed direct useConsoleStateDispatch() coupling and replaced with proper callback-based architecture (onChange, requestFocus)

  • 🔧 Command Metadata Integration:
    Agent type now extracted from command.commandDefinition.meta?.agentType instead of function parameters, following console framework patterns

  • 🔧 Enhanced Interface:
    Added command: Command and requestFocus?: () => void props to CommandArgumentValueSelectorProps for better component integration

These changes ensure the console remains a generic, maintainable framework while providing clean interfaces for selector components.


Result

  • Selector UI components now always reflect the correct state when loading from history or after pasting a command (for commands where this is supported).
  • Users can confidently copy, paste, and re-run complex commands with selector arguments.
  • The codebase is more maintainable and ready for future extension.
  • Console framework maintains proper encapsulation with well-defined component interfaces.
Screen.Recording.2025-06-27.at.12.15.47.mov

Closes: #225269
Closes: #225407

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl tomsonpl self-assigned this Jun 27, 2025
@tomsonpl
Copy link
Contributor Author

tomsonpl commented Jul 1, 2025

/ci

@tomsonpl
Copy link
Contributor Author

tomsonpl commented Jul 1, 2025

/ci

@tomsonpl
Copy link
Contributor Author

tomsonpl commented Jul 1, 2025

/ci

@tomsonpl
Copy link
Contributor Author

tomsonpl commented Jul 1, 2025

/ci

@tomsonpl
Copy link
Contributor Author

tomsonpl commented Jul 2, 2025

/ci

@tomsonpl
Copy link
Contributor Author

tomsonpl commented Jul 3, 2025

/ci

@tomsonpl tomsonpl marked this pull request as ready for review July 3, 2025 13:45
@tomsonpl tomsonpl requested a review from a team as a code owner July 3, 2025 13:45
@tomsonpl tomsonpl added release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution backport:version Backport to applied version labels v9.1.0 v8.19.0 v9.2.0 labels Jul 3, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@szwarckonrad szwarckonrad removed their request for review July 3, 2025 14:14
@tomsonpl tomsonpl force-pushed the fix-script-picker branch from 32aa098 to 7e003e7 Compare July 4, 2025 13:17
@tomsonpl tomsonpl requested a review from szwarckonrad July 7, 2025 08:33
@elasticmachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #70 / Actions and Triggers app Connectors General connector functionality should delete a connector

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 7850 7855 +5

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 9.8MB 9.8MB +2.6KB

History

cc @tomsonpl

@tomsonpl tomsonpl marked this pull request as draft July 10, 2025 12:55
@elasticmachine
Copy link
Contributor

🤖 Jobs for this PR can be triggered through checkboxes. 🚧

ℹ️ To trigger the CI, please tick the checkbox below 👇

  • Click to trigger kibana-pull-request for this PR!
  • Click to trigger kibana-deploy-project-from-pr for this PR!
  • Click to trigger kibana-deploy-cloud-from-pr for this PR!

@tomsonpl
Copy link
Contributor Author

closing in favor of: #227463

@tomsonpl tomsonpl closed this Jul 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport:version Backport to applied version labels release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.19.0 v9.1.0 v9.2.0

Projects

None yet

3 participants