[Workflows] support passing attachments to run_agent step#251291
Merged
KDKHD merged 15 commits intoelastic:mainfrom Feb 24, 2026
Merged
[Workflows] support passing attachments to run_agent step#251291KDKHD merged 15 commits intoelastic:mainfrom
KDKHD merged 15 commits intoelastic:mainfrom
Conversation
KDKHD
changed the title
KDKHD
changed the title
KDKHD
added
release_note:skip
pgayvallet
reviewed
Feb 3, 2026
Contributor
pgayvallet
left a comment
pgayvallet
left a comment
There was a problem hiding this comment.
Feature makes sense, thanks for adding that.
There's only one thing we need to address, about attachment validation - added a specific comment below.
| outputSchema: schema, | ||
| nextInput: { | ||
| message, | ||
| attachments, |
Contributor
There was a problem hiding this comment.
We're going to have a problem with the way attachment validation currently work.
Atm, validation is done in the converse route handler directly (which is pretty bad - agreed). This was "fine" because before this PR, the converse API was the only entry point for attachments, so for their validation.
kibana/x-pack/platform/plugins/shared/agent_builder/server/routes/chat.ts
Lines 172 to 189 in f2c007b
So passing attachments directly to chatService.converse as done here bypass this validation.
But now we need to find a way to address that, either by:
- moving the validation which is currently living in the
converseroute handler a few layers down, either inchatServiceor even lower in the chain, so that we hit the attachment validation when calling an agent via that workflow step (probably the most robust way, even if more work - there might be a few type issues between Attachment vs AttachmentInput) - extract / re-use the logic we use from the route handler in the step definition - move that
validateAttachmentsliving in the handler file elsewhere, and then re-use it from the step definition (I would be fine with that too) - re-use the "attachment state manager" we use for the attachment routes (
x-pack/platform/plugins/shared/agent_builder/server/routes/attachments.ts). It doesn't have an API for validation atm, but it has an internalvalidateAttachmentDatafunction. we could add a new public "validateAttachment" which would reproduce the logic of what we do in validateAttachments` in the converse route handler today, and then use this in the step definition and in the route (seems like a good compromise)
Fine with either, you can pick.
Member
Author
There was a problem hiding this comment.
Moved into ExecutionService since ChatService has been removed.
Member
Author
|
@elasticmachine merge upstream |
Contributor
|
merge conflict between base and head |
…w_run_agent_attachments
botelastic
Bot
added
the
Team:One Workflow
KDKHD
commented
Feb 18, 2026
| ), | ||
| }); | ||
|
|
||
| const validateAttachments = async ({ |
Member
Author
There was a problem hiding this comment.
Moved attachment validation down into the execution service.
…w_run_agent_attachments
…DKHD/kibana into feature/workflow_run_agent_attachments
10 tasks
talboren
removed
the
Team:One Workflow
Member
Author
|
@elasticmachine merge upstream |
botelastic
Bot
added
the
Team:One Workflow
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Page load bundle
Unknown metric groupsReferences to deprecated APIs
Unreferenced deprecated APIs
History
|
pgayvallet
approved these changes
Feb 23, 2026
mbondyra
added a commit
to rgodfrey-elastic/kibana
that referenced
this pull request
Feb 24, 2026
…ps-config-rebase * commit 'f135f030951237c5e9b0251931441aee3121b31d': (163 commits) [CPS] Support data view requests and do not sanitize project_routing in data plugin/resolve indices (elastic#253654) [One Workflow] Execute workflow from historical (elastic#253396) [streams][background tasks] gracefully handle non existing stream (elastic#254683) [Lens API] Waffle/Mosaic get green as a default color (elastic#254304) [Security Solution] Remove prebuilt rules customization callout on Rule Management page (elastic#254386) [Workflows] support passing attachments to run_agent step (elastic#251291) [One Discover][Logs UX] Update OpenTelemetry Semantic Conventions (elastic#254367) [kbn-es] Add --docker flag to yarn es snapshot (elastic#254306) [Workplace AI] Remove Data Source Config (elastic#254521) [Entity Store v2] Add CRUD API (elastic#252052) [CI] Increase type checking machine (elastic#254676) [main] Sync bundled packages with Package Storage (elastic#254232) Skip flaky test elastic#254625 (elastic#254662) Upgrade `@elastic/elasticsearch` to 9.3.1 (elastic#253660) [One Workflow] Migrate http step to new connector (elastic#249004) [Entity Store] Store EUID Scripts (elastic#254515) [APM] Fix Otel missing fields undefined errors (elastic#254271) [Console] Add support for documentation links on Serverless (elastic#254489) Create edit ILM flow (elastic#253393) [Agent Builder] Mid term: minimal recommended model set elastic#12875 (elastic#254560) ...
nreese
pushed a commit
to nreese/kibana
that referenced
this pull request
Feb 25, 2026
…1291) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. Add support for passing attachments to the run agent step in workflows. <img width="3355" height="1040" alt="image" src="https://github.com/user-attachments/assets/1890761d-6e17-4746-b9fd-0b40e89983a8" /> <img width="2180" height="615" alt="image" src="https://github.com/user-attachments/assets/60f1675b-89a8-4fb5-9c14-0ce16efdb0ff" /> Example workflow with alert attachment ``` name: New workflow enabled: false description: This is a new workflow triggers: - type: alert steps: - name: ai_agent_step type: ai.agent connector-id: "<connector_id>" with: message: "Summarise these alert" attachments: - type: security.alert data: alert: "{{event.alerts | json:2}}" attachmentLabel: "Alert attachment." ``` PR also moves attachment validation down into ExecutionService so that attachments passed via workflows are validated. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Mar 11, 2026
…1291) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. Add support for passing attachments to the run agent step in workflows. <img width="3355" height="1040" alt="image" src="https://github.com/user-attachments/assets/1890761d-6e17-4746-b9fd-0b40e89983a8" /> <img width="2180" height="615" alt="image" src="https://github.com/user-attachments/assets/60f1675b-89a8-4fb5-9c14-0ce16efdb0ff" /> Example workflow with alert attachment ``` name: New workflow enabled: false description: This is a new workflow triggers: - type: alert steps: - name: ai_agent_step type: ai.agent connector-id: "<connector_id>" with: message: "Summarise these alert" attachments: - type: security.alert data: alert: "{{event.alerts | json:2}}" attachmentLabel: "Alert attachment." ``` PR also moves attachment validation down into ExecutionService so that attachments passed via workflows are validated. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Summarize your PR. If it involves visual changes include a screenshot or gif.
Add support for passing attachments to the run agent step in workflows.
Example workflow with alert attachment
PR also moves attachment validation down into ExecutionService so that attachments passed via workflows are validated.
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelinesbackport:*labels.Identify risks
Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.