elastic · dominiqueclarke · Apr 23, 2026 · Apr 23, 2026 · Apr 23, 2026 · Apr 23, 2026
@@ -16,3 +16,4 @@ export const ALERTING_V2_INTERNAL_SUGGEST_USER_PROFILES_API_PATH =
   '/api/alerting/v2/internal/user_profiles/_suggest' as const;
 export const ALERTING_V2_RULE_DOCTOR_INSIGHTS_API_PATH =
   '/api/alerting/v2/rule_doctor/insights' as const;
+export const ALERTING_V2_RULE_DOCTOR_RUN_API_PATH = '/api/alerting/v2/rule_doctor/run' as const;
@@ -21,6 +21,7 @@
       "security",
       "encryptedSavedObjects",
       "workflowsManagement",
+      "workflowsExtensions",
       "expressions",
       "uiActions",
       "fieldFormats",

diff --git a/x-pack/platform/plugins/shared/alerting_v2/moon.yml b/x-pack/platform/plugins/shared/alerting_v2/moon.yml
@@ -103,6 +103,12 @@ dependsOn:
   - '@kbn/unified-doc-viewer-plugin'
   - '@kbn/core-user-profile-browser'
   - '@kbn/user-profile-components'
+  - '@kbn/core-logging-server-mocks'
+  - '@kbn/core-ui-settings-server-mocks'
+  - '@kbn/core-saved-objects-server-mocks'
+  - '@kbn/core-ui-settings-server'
+  - '@kbn/management-settings-ids'
+  - '@kbn/workflows-extensions'
   - '@kbn/esql-types'
   - '@kbn/agent-builder-plugin'
   - '@kbn/agent-builder-server'

@@ -7,13 +7,15 @@
 
 import type { ElasticsearchClient } from '@kbn/core/server';
 import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+import { loggingSystemMock } from '@kbn/core-logging-server-mocks';
 import type { DeeplyMockedApi } from '@kbn/core-elasticsearch-client-server-mocks';
 
 import {
   RULE_DOCTOR_INSIGHTS_INDEX,
   type RuleDoctorInsightDoc,
 } from '../../resources/indices/rule_doctor_insights';
 import type { LoggerServiceContract } from '../services/logger_service/logger_service';
+import { createMockResourceManager } from '../services/resource_service/resource_manager.mock';
 import { RuleDoctorInsightsClient } from './rule_doctor_insights_client';
 
 const mockLoggerService: jest.Mocked<LoggerServiceContract> = {
@@ -37,8 +39,8 @@ const makeInsight = (overrides: Partial<RuleDoctorInsightDoc> = {}): RuleDoctorI
   justification: '',
   rule_ids: ['rule-1', 'rule-2'],
   data: {},
-  current: null,
-  proposed: null,
+  current: {},
+  proposed: {},
   space_id: 'default',
   ...overrides,
 });
@@ -260,4 +262,31 @@ describe('RuleDoctorInsightsClient', () => {
       );
     });
   });
+
+  describe('ensureIndex', () => {
+    it('calls ensureResourceRegistered when resourceManager is provided', async () => {
+      const resourceManager = createMockResourceManager();
+      resourceManager.ensureResourceRegistered.mockResolvedValue(undefined);
+      const rawLogger = loggingSystemMock.createLogger();
+
+      const clientWithRM = new RuleDoctorInsightsClient(
+        esClient,
+        mockLoggerService,
+        resourceManager,
+        rawLogger
+      );
+      await clientWithRM.ensureIndex();
+
+      expect(resourceManager.ensureResourceRegistered).toHaveBeenCalledWith(
+        `index:${RULE_DOCTOR_INSIGHTS_INDEX}`,
+        expect.objectContaining({ initialize: expect.any(Function) }),
+        { optional: true }
+      );
+    });
+
+    it('is a no-op when resourceManager is not provided', async () => {
+      const clientWithoutRM = new RuleDoctorInsightsClient(esClient, mockLoggerService);
+      await expect(clientWithoutRM.ensureIndex()).resolves.toBeUndefined();
+    });
+  });
 });
@@ -7,26 +7,47 @@
 
 import Boom from '@hapi/boom';
 import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
-import type { ElasticsearchClient } from '@kbn/core/server';
+import type { ElasticsearchClient, Logger } from '@kbn/core/server';
 import { inject, injectable } from 'inversify';
 import type { LoggerServiceContract } from '../services/logger_service/logger_service';
 import { LoggerServiceToken } from '../services/logger_service/logger_service';
+import type { ResourceManagerContract } from '../services/resource_service/resource_manager';
+import { IndexInitializer } from '../services/resource_service/index_initializer';
 import {
   RULE_DOCTOR_INSIGHTS_INDEX,
+  getRuleDoctorInsightsResourceDefinition,
+  ruleDoctorInsightStatus,
   type RuleDoctorInsightDoc,
   type RuleDoctorInsightStatus,
 } from '../../resources/indices/rule_doctor_insights';
-import type { ListInsightsParams, ListInsightsResult, BulkIndexInsightsResult } from './types';
+import type {
+  ListInsightsParams,
+  ListInsightsResult,
+  BulkIndexInsightsResult,
+  BulkDismissInsightsResult,
+  PersistFindingsResult,
+} from './types';
 
 const DEFAULT_PAGE_SIZE = 20;
 
 @injectable()
 export class RuleDoctorInsightsClient {
   constructor(
     private readonly esClient: ElasticsearchClient,
-    @inject(LoggerServiceToken) private readonly logger: LoggerServiceContract
+    @inject(LoggerServiceToken) private readonly logger: LoggerServiceContract,
+    private readonly resourceManager?: ResourceManagerContract,
+    private readonly rawLogger?: Logger
   ) {}
 
+  public async ensureIndex(): Promise<void> {
+    if (!this.resourceManager || !this.rawLogger) {
+      return;
+    }
+    const def = getRuleDoctorInsightsResourceDefinition();
+    const initializer = new IndexInitializer(this.rawLogger, this.esClient, def);
+    await this.resourceManager.ensureResourceRegistered(def.key, initializer, { optional: true });
+  }
+
   public async listInsights(params: ListInsightsParams): Promise<ListInsightsResult> {
     const { from = 0, size = DEFAULT_PAGE_SIZE } = params;
 
@@ -140,6 +161,58 @@ export class RuleDoctorInsightsClient {
     return { indexed, failed };
   }
 
+  public async bulkDismissInsights(
+    insightIds: string[],
+    spaceId: string
+  ): Promise<BulkDismissInsightsResult> {
+    if (insightIds.length === 0) {
+      return { dismissed: 0, failed: 0 };
+    }
+
+    const operations = insightIds.flatMap((insightId) => [
+      { update: { _index: RULE_DOCTOR_INSIGHTS_INDEX, _id: `${spaceId}:${insightId}` } },
+      { doc: { status: ruleDoctorInsightStatus.dismissed } },
+    ]);
+
+    const response = await this.esClient.bulk({ operations, refresh: 'wait_for' });
+
+    const failed = response.items.filter((item) => item.update?.error).length;
+    const dismissed = insightIds.length - failed;
+
+    if (response.errors) {
+      this.logger.warn({
+        message: `RuleDoctorInsightsClient: failed to dismiss ${failed} insights`,
+      });
+    }
+
+    this.logger.debug({
+      message: `RuleDoctorInsightsClient: dismissed ${dismissed} insights (${failed} failed)`,
+    });
+
+    return { dismissed, failed };
+  }
+
+  public async persistFindings(params: {
+    insights: RuleDoctorInsightDoc[];
+    dismissIds: string[];
+    spaceId: string;
+  }): Promise<PersistFindingsResult> {
+    const { insights, dismissIds, spaceId } = params;
+
+    const indexResult = await this.bulkIndexInsights(insights);
+    const dismissResult = await this.bulkDismissInsights(dismissIds, spaceId);
+
+    this.logger.debug({
+      message: `RuleDoctorInsightsClient: persisted ${indexResult.indexed} insights (${indexResult.failed} failed), dismissed ${dismissResult.dismissed}`,
+    });
+
+    return {
+      indexed: indexResult.indexed,
+      failed: indexResult.failed + dismissResult.failed,
+      dismissed: dismissResult.dismissed,
+    };
+  }
+
   private buildFilterQuery(params: ListInsightsParams): QueryDslQueryContainer {
     const filters: QueryDslQueryContainer[] = [{ term: { space_id: params.spaceId } }];
 

@@ -29,3 +29,14 @@ export interface BulkIndexInsightsResult {
   indexed: number;
   failed: number;
 }
+
+export interface BulkDismissInsightsResult {
+  dismissed: number;
+  failed: number;
+}
+
+export interface PersistFindingsResult {
+  indexed: number;
+  failed: number;
+  dismissed: number;
+}
@@ -13,8 +13,10 @@ export function createMockResourceManager() {
     registerResource: jest.fn(),
     startInitialization: jest.fn(),
     waitUntilReady: jest.fn(),
+    isRegistered: jest.fn(),
     isReady: jest.fn(),
     ensureResourceReady: jest.fn(),
+    ensureResourceRegistered: jest.fn(),
   } satisfies ResourceManagerMock;
 
   return resourceManager;

@@ -94,6 +94,45 @@ describe('ResourceManager', () => {
     }
   });
 
+  it('isRegistered returns true for registered resources and false for unknown keys', () => {
+    const manager = createManager();
+    const init = createInitializer(async () => {});
+
+    expect(manager.isRegistered('r1')).toBe(false);
+
+    manager.registerResource('r1', init);
+    expect(manager.isRegistered('r1')).toBe(true);
+    expect(manager.isRegistered('unknown')).toBe(false);
+  });
+
+  describe('ensureResourceRegistered', () => {
+    it('registers and initializes a new resource', async () => {
+      const manager = createManager();
+      const init = createInitializer(async () => {});
+
+      await manager.ensureResourceRegistered('lazy', init);
+
+      expect(manager.isRegistered('lazy')).toBe(true);
+      expect(manager.isReady('lazy')).toBe(true);
+      expect(init.initialize).toHaveBeenCalledTimes(1);
+    });
+
+    it('skips registration when the resource already exists', async () => {
+      const manager = createManager();
+      const first = createInitializer(async () => {});
+      const second = createInitializer(async () => {});
+
+      manager.registerResource('r1', first);
+      manager.startInitialization();
+      await manager.waitUntilReady();
+
+      await manager.ensureResourceRegistered('r1', second);
+
+      expect(first.initialize).toHaveBeenCalledTimes(1);
+      expect(second.initialize).not.toHaveBeenCalled();
+    });
+  });
+
   it('throws if ensureResourceReady is called for an unregistered resource', async () => {
     const manager = createManager();
     await expect(manager.ensureResourceReady('missing')).rejects.toThrow(

@@ -41,8 +41,14 @@ export interface ResourceManagerContract {
   ): void;
   startInitialization(options?: { resourceKeys?: string[] }): void;
   waitUntilReady(): Promise<void>;
+  isRegistered(key: string): boolean;
   isReady(key: string): boolean;
   ensureResourceReady(key: string): Promise<void>;
+  ensureResourceRegistered(
+    key: string,
+    initializer: IResourceInitializer,
+    options?: RegisterResourceOptions
+  ): Promise<void>;
 }
 
 @injectable()
@@ -132,6 +138,10 @@ export class ResourceManager implements ResourceManagerContract {
     }
   }
 
+  public isRegistered(key: string): boolean {
+    return this.resources.has(key);
+  }
+
   public isReady(key: string): boolean {
     return this.resources.get(key)?.status === 'ready';
   }
@@ -145,6 +155,23 @@ export class ResourceManager implements ResourceManagerContract {
     await this.initResource(key);
   }
 
+  /**
+   * Register a resource if not already registered, then ensure it is ready.
+   *
+   * Safe to call from concurrent requests: only the first caller registers;
+   * subsequent callers coalesce on the existing initialization promise.
+   */
+  public async ensureResourceRegistered(
+    key: string,
+    initializer: IResourceInitializer,
+    options?: RegisterResourceOptions
+  ): Promise<void> {
+    if (!this.resources.has(key)) {
+      this.registerResource(key, initializer, options);
+    }
+    await this.ensureResourceReady(key);
+  }
+
   private async initResource(key: string): Promise<void> {
     const state = this.resources.get(key);
 

@@ -68,23 +68,17 @@ export const ruleDoctorInsightDocSchema = z.object({
   justification: z
     .string()
     .describe('Reasoning for why this insight was raised and the proposed action'),
-  rule_ids: z
-    .array(z.string())
-    .optional()
-    .default([])
-    .describe('IDs of the alerting rules involved'),
+  rule_ids: z.array(z.string()).default([]).describe('IDs of the alerting rules involved'),
   data: z
     .record(z.string(), z.any())
     .optional()
     .describe('Arbitrary structured data supporting the insight'),
-  current: z
-    .record(z.string(), z.unknown())
-    .nullable()
-    .describe('Current rule configuration snapshot'),
+  current: z.record(z.string(), z.unknown()).describe('Current rule configuration snapshot'),
   proposed: z
     .record(z.string(), z.unknown())
-    .nullable()
-    .describe('Proposed rule configuration after applying the action'),
+    .describe(
+      'Object keyed by rule_id with post-action config for each rule (null for deleted rules)'
+    ),
   diffs: z
     .array(
       z.object({

@@ -12,4 +12,5 @@ export {
   ALERTING_V2_MATCHER_VALUE_SUGGESTIONS_API_PATH,
   ALERTING_V2_INTERNAL_SUGGEST_USER_PROFILES_API_PATH,
   ALERTING_V2_RULE_DOCTOR_INSIGHTS_API_PATH,
+  ALERTING_V2_RULE_DOCTOR_RUN_API_PATH,
 } from '@kbn/alerting-v2-constants';