[SigEvents] Auto-create rules for high-severity queries during onboarding (elastic#267395)

## Summary

Wires `cloneApiKeysOnCreate` (from elastic#265530) into the streams onboarding
task so that high-severity (>=60) non-STATS queries get backing Kibana
rules created automatically during onboarding, eliminating the manual
promotion step for those queries.

### Changes

- **Onboarding task** passes `rulesClientOptions: {
cloneApiKeysOnCreate: true }` so rules get independent, non-expiring API
keys
- **`persistQueries`** routes new high-severity non-STATS queries to the
rule-creating `syncQueries` path (same bulk call used by rule-backed
replacements), while low-severity and STATS queries remain draft (no
rules)

### Cleanup

Removes the legacy manual-promotion UI and supporting code that is now
redundant:

- **Deleted components**: `PromotionCallout`, `SuggestedRulesFlyout`
- **Deleted hooks**: `usePromotableQueries`, `useUnbackedQueriesCount`
- **Removed client API methods**: `promoteAll`,
`getUnbackedQueriesCount` from `useQueriesApi`
- **Removed UI elements**: "Promote all" callout and unbacked-count
badge from `KnowledgeIndicatorsTable` / discovery page tabs
- **Removed server route**: `GET
/internal/streams/queries/_unbacked_count`
- **Removed server method**: `countPromotableUnbackedQueries` from
`QueryClient` (and its tests)


https://github.com/user-attachments/assets/d549d7b0-2c35-42e1-8808-99231e578fbf

---------

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: cesco-f

x-pack/platform/packages/shared/kbn-streams-schema/index.ts

@@ -139,6 +139,7 @@ export {
   type QueryType,
   QUERY_TYPE_MATCH,
   QUERY_TYPE_STATS,
+  HIGH_SEVERITY_THRESHOLD,
   queryTypeSchema,
   type QueriesGetResponse,
   type QueriesOccurrencesGetResponse,

x-pack/platform/packages/shared/kbn-streams-schema/src/queries/index.ts

@@ -30,6 +30,13 @@ export const QUERY_TYPE_STATS = 'stats' as const;
 
 export type QueryType = typeof QUERY_TYPE_MATCH | typeof QUERY_TYPE_STATS;
 
+/**
+ * Minimum severity score for auto-creating backing rules.
+ * Severity bands: Low < 40, Medium [40, 60), High [60, 80), Critical >= 80.
+ * High + Critical queries are eligible for automatic rule creation.
+ */
+export const HIGH_SEVERITY_THRESHOLD = 60;
+
 export const queryTypeSchema = z.enum([QUERY_TYPE_MATCH, QUERY_TYPE_STATS]);
 
 export interface StreamQuery extends StreamQueryBase {

x-pack/platform/plugins/private/translations/translations/de-DE.json

@@ -51829,14 +51829,6 @@
     "xpack.streams.significantEvents.emptyState.onboardStreamButtonLabel": "Wissensindikatoren generieren",
     "xpack.streams.significantEvents.emptyState.title": "Die Wissensindikatoren dieses Streams wurden noch nicht extrahiert",
     "xpack.streams.significantEvents.emptyStateImage": "Illustration des leeren Zustands für die Ansicht „Wichtige Ereignisse“",
-    "xpack.streams.significantEvents.promotionCallout.acknowledgeError": "Generierungsergebnisse konnten nicht bestätigt werden",
-    "xpack.streams.significantEvents.promotionCallout.errorToast": "Abfragen konnten nicht befördert werden",
-    "xpack.streams.significantEvents.promotionCallout.message": "Wir haben {queryCount} erkannt, das Sie in {ruleCount} aufgrund der letzten Ausführung fördern können.",
-    "xpack.streams.significantEvents.promotionCallout.promoteButton": "Regeln erstellen",
-    "xpack.streams.significantEvents.promotionCallout.queryCount": "{count, plural, one {# query} other {# Abfragen}}",
-    "xpack.streams.significantEvents.promotionCallout.reviewButton": "Ergebnisse überprüfen",
-    "xpack.streams.significantEvents.promotionCallout.ruleCount": "{count, plural, one {# rule} other {# Regeln}}",
-    "xpack.streams.significantEvents.promotionCallout.successToast": "{count, plural, one {# query} other {# queries}} wurde erfolgreich zu {count, plural, one {rule} other {rules}} befördert.",
     "xpack.streams.significantEventsDiscovery.breadcrumbTitle": "Wichtige Ereignisse",
     "xpack.streams.significantEventsDiscovery.illustrationImage": "Illustration für die Entdeckungsansicht „Wichtige Ereignisse“",
     "xpack.streams.significantEventsDiscovery.knowledgeIndicatorsTab": "Wissensindikatoren",
@@ -52779,22 +52771,6 @@
     "xpack.streams.streamsTreeTable.retentionColumnName": "Aufbewahrung",
     "xpack.streams.streamsTreeTable.searchAriaLabel": "Streams nach Namen suchen",
     "xpack.streams.streamsTreeTable.tableCaptionAriaLabel": "Datentabelle für Streams, die Streamnamen mit Links, Dokumentanzahlen und Aufbewahrungsrichtlinien mit Links",
-    "xpack.streams.suggestedRulesFlyout.cancelButton": "Abbrechen",
-    "xpack.streams.suggestedRulesFlyout.createRulesButton": "Regeln erstellen",
-    "xpack.streams.suggestedRulesFlyout.createRulesError": "Regeln konnten nicht erstellt werden",
-    "xpack.streams.suggestedRulesFlyout.createRulesSuccess": "{count, plural, one {# rule} other {# Regeln}} erfolgreich erstellt.",
-    "xpack.streams.suggestedRulesFlyout.deleteAction": "Löschen",
-    "xpack.streams.suggestedRulesFlyout.deleteActionDescription": "Diese vorgeschlagene Regel entfernen",
-    "xpack.streams.suggestedRulesFlyout.deleteQueryError": "Abfrage konnte nicht gelöscht werden",
-    "xpack.streams.suggestedRulesFlyout.description": "Wir erstellen Regeln auf der Grundlage der Abfragen, die für diesen Stream von entscheidender Bedeutung sind. Sie können die Ergebnisse überprüfen und verwerfen.",
-    "xpack.streams.suggestedRulesFlyout.expandAriaLabel": "Zeilendetails erweitern",
-    "xpack.streams.suggestedRulesFlyout.minimizeAriaLabel": "Zeilendetails einklappen",
-    "xpack.streams.suggestedRulesFlyout.noItems": "Keine vorgeschlagenen Regeln gefunden.",
-    "xpack.streams.suggestedRulesFlyout.rulesColumn": "Regeln",
-    "xpack.streams.suggestedRulesFlyout.severityColumn": "Priorität",
-    "xpack.streams.suggestedRulesFlyout.showing": "Zeigt {count, plural, one {# Rule} other {# Regeln}}",
-    "xpack.streams.suggestedRulesFlyout.tableCaption": "Empfohlene Regeln",
-    "xpack.streams.suggestedRulesFlyout.title": "Empfohlene Regeln",
     "xpack.streams.suggestPipelineImage": "Pipeline vorschlagen",
     "xpack.streams.tableTitle.showing": "{count} von {total} {label} wird angezeigt",
     "xpack.streams.technicalPreviewLabel": "Technische Vorschau",

x-pack/platform/plugins/private/translations/translations/fr-FR.json

@@ -51652,11 +51652,6 @@
     "xpack.streams.significantEvents.emptyState.onboardStreamButtonLabel": "Générer des indicateurs de connaissances",
     "xpack.streams.significantEvents.emptyState.title": "Les indicateurs de connaissance de ce flux n’ont pas encore été extraits",
     "xpack.streams.significantEvents.emptyStateImage": "Illustration d'état vide pour la vue des événements significatifs",
-    "xpack.streams.significantEvents.promotionCallout.acknowledgeError": "Impossible de confirmer les résultats de la génération",
-    "xpack.streams.significantEvents.promotionCallout.errorToast": "Impossible de promouvoir les requêtes",
-    "xpack.streams.significantEvents.promotionCallout.message": "Nous avons détecté {queryCount} que vous pouvez promouvoir dans {ruleCount}, sur la base de la dernière exécution.",
-    "xpack.streams.significantEvents.promotionCallout.promoteButton": "Créer des règles",
-    "xpack.streams.significantEvents.promotionCallout.reviewButton": "Examiner les résultats",
     "xpack.streams.significantEventsDiscovery.breadcrumbTitle": "Événements importants",
     "xpack.streams.significantEventsDiscovery.illustrationImage": "Illustration pour la vue de découverte des événements importants",
     "xpack.streams.significantEventsDiscovery.knowledgeIndicatorsTab": "Indicateurs de connaissances",
@@ -52600,21 +52595,6 @@
     "xpack.streams.streamsTreeTable.retentionColumnName": "Conservation",
     "xpack.streams.streamsTreeTable.searchAriaLabel": "Rechercher les flux par nom",
     "xpack.streams.streamsTreeTable.tableCaptionAriaLabel": "Tableau de données Streams, listant les noms de flux avec des liens, les comptes de documents et les politiques de rétention avec des liens",
-    "xpack.streams.suggestedRulesFlyout.cancelButton": "Annuler",
-    "xpack.streams.suggestedRulesFlyout.createRulesButton": "Créer des règles",
-    "xpack.streams.suggestedRulesFlyout.createRulesError": "Échec de la création des règles",
-    "xpack.streams.suggestedRulesFlyout.deleteAction": "Supprimer",
-    "xpack.streams.suggestedRulesFlyout.deleteActionDescription": "Supprimez cette règle suggérée",
-    "xpack.streams.suggestedRulesFlyout.deleteQueryError": "Impossible de supprimer la requête",
-    "xpack.streams.suggestedRulesFlyout.description": "Nous générons des règles basées sur les requêtes qui sont d'une importance critique pour ce flux. Vous pouvez consulter et supprimer les résultats.",
-    "xpack.streams.suggestedRulesFlyout.expandAriaLabel": "Développer les détails de la ligne",
-    "xpack.streams.suggestedRulesFlyout.minimizeAriaLabel": "Réduire les détails de la ligne",
-    "xpack.streams.suggestedRulesFlyout.noItems": "Aucune règle suggérée n'a été trouvée.",
-    "xpack.streams.suggestedRulesFlyout.rulesColumn": "Règles",
-    "xpack.streams.suggestedRulesFlyout.severityColumn": "Gravité",
-    "xpack.streams.suggestedRulesFlyout.showing": "Affichage de {count, plural, one {# Rule} other {# Règles}}",
-    "xpack.streams.suggestedRulesFlyout.tableCaption": "Règles suggérées",
-    "xpack.streams.suggestedRulesFlyout.title": "Règles suggérées",
     "xpack.streams.suggestPipelineImage": "Suggérez un pipeline",
     "xpack.streams.tableTitle.showing": "Affichage de {count} {label} sur {total}",
     "xpack.streams.technicalPreviewLabel": "Version d'évaluation technique",

x-pack/platform/plugins/private/translations/translations/ja-JP.json

@@ -52020,14 +52020,6 @@
     "xpack.streams.significantEvents.emptyState.onboardStreamButtonLabel": "知識指標を生成する",
     "xpack.streams.significantEvents.emptyState.title": "このストリームのナレッジインジケーターはまだ抽出されていません",
     "xpack.streams.significantEvents.emptyStateImage": "重要なイベントビューの空の状態イラスト",
-    "xpack.streams.significantEvents.promotionCallout.acknowledgeError": "生成結果を認識できませんでした",
-    "xpack.streams.significantEvents.promotionCallout.errorToast": "クエリの昇格に失敗しました",
-    "xpack.streams.significantEvents.promotionCallout.message": "前回の実行に基づき、{ruleCount}件で昇格可能な{queryCount}件を検出しました。",
-    "xpack.streams.significantEvents.promotionCallout.promoteButton": "ルールを作成",
-    "xpack.streams.significantEvents.promotionCallout.queryCount": "{count, plural, one {# query} other {#件のクエリ}}",
-    "xpack.streams.significantEvents.promotionCallout.reviewButton": "結果を確認",
-    "xpack.streams.significantEvents.promotionCallout.ruleCount": "{count, plural, one {# rule} other {#件のルール}}",
-    "xpack.streams.significantEvents.promotionCallout.successToast": "{count, plural, one {# query} other {#件のクエリ}}が{count, plural, one {rule} other {ルール}}に正常に昇格しました。",
     "xpack.streams.significantEventsDiscovery.breadcrumbTitle": "重要なイベント",
     "xpack.streams.significantEventsDiscovery.illustrationImage": "重要なイベントの検出ビューの図",
     "xpack.streams.significantEventsDiscovery.knowledgeIndicatorsTab": "ナレッジインジケーター",
@@ -52969,22 +52961,6 @@
     "xpack.streams.streamsTreeTable.retentionColumnName": "保存",
     "xpack.streams.streamsTreeTable.searchAriaLabel": "名前でストリームを検索",
     "xpack.streams.streamsTreeTable.tableCaptionAriaLabel": "リンク付きストリーム名、ドキュメント数、リンク付き保持ポリシーを一覧表示したStreamsデータテーブル、",
-    "xpack.streams.suggestedRulesFlyout.cancelButton": "キャンセル",
-    "xpack.streams.suggestedRulesFlyout.createRulesButton": "ルールを作成",
-    "xpack.streams.suggestedRulesFlyout.createRulesError": "ルールの作成に失敗しました",
-    "xpack.streams.suggestedRulesFlyout.createRulesSuccess": "{count, plural, one {# rule} other {# 件のルール}}が正常に作成されました。",
-    "xpack.streams.suggestedRulesFlyout.deleteAction": "削除",
-    "xpack.streams.suggestedRulesFlyout.deleteActionDescription": "この推奨ルールを削除",
-    "xpack.streams.suggestedRulesFlyout.deleteQueryError": "クエリの削除に失敗しました",
-    "xpack.streams.suggestedRulesFlyout.description": "このストリームにとって重要なクエリに基づいてルールを生成します。結果を確認したり、破棄したりできます。",
-    "xpack.streams.suggestedRulesFlyout.expandAriaLabel": "行の詳細を展開",
-    "xpack.streams.suggestedRulesFlyout.minimizeAriaLabel": "行の詳細を折りたたみ",
-    "xpack.streams.suggestedRulesFlyout.noItems": "推奨ルールが見つかりません。",
-    "xpack.streams.suggestedRulesFlyout.rulesColumn": "ルール",
-    "xpack.streams.suggestedRulesFlyout.severityColumn": "深刻度",
-    "xpack.streams.suggestedRulesFlyout.showing": "{count, plural, one {# Rule} other {#件のルール}}を表示中",
-    "xpack.streams.suggestedRulesFlyout.tableCaption": "推奨されるルール",
-    "xpack.streams.suggestedRulesFlyout.title": "推奨されるルール",
     "xpack.streams.suggestPipelineImage": "パイプラインを提案してください",
     "xpack.streams.tableTitle.showing": "{total} {label}件中{count}を表示しています",
     "xpack.streams.technicalPreviewLabel": "テクニカルプレビュー",

x-pack/platform/plugins/private/translations/translations/zh-CN.json

@@ -52011,14 +52011,6 @@
     "xpack.streams.significantEvents.emptyState.onboardStreamButtonLabel": "生成知识指标",
     "xpack.streams.significantEvents.emptyState.title": "该流的知识指标尚未提取。",
     "xpack.streams.significantEvents.emptyStateImage": "“重大事件”视图的空状态示意图",
-    "xpack.streams.significantEvents.promotionCallout.acknowledgeError": "无法确认生成结果。",
-    "xpack.streams.significantEvents.promotionCallout.errorToast": "提升查询失败",
-    "xpack.streams.significantEvents.promotionCallout.message": "我们检测到 {queryCount}，您可以在 {ruleCount} 中进行推广，基于上一次运行的结果。",
-    "xpack.streams.significantEvents.promotionCallout.promoteButton": "创建规则",
-    "xpack.streams.significantEvents.promotionCallout.queryCount": "{count, plural, one {# 个查询} other {# 个查询}}",
-    "xpack.streams.significantEvents.promotionCallout.reviewButton": "复查结果",
-    "xpack.streams.significantEvents.promotionCallout.ruleCount": "{count, plural, one {# 个规则} other {# 个规则}}",
-    "xpack.streams.significantEvents.promotionCallout.successToast": "{count, plural, one {# 个查询} other {# 个查询}} 已成功提升为{count, plural, one {规则} other {规则}}。",
     "xpack.streams.significantEventsDiscovery.breadcrumbTitle": "重大事件",
     "xpack.streams.significantEventsDiscovery.illustrationImage": "重大事件发现视图的示意图",
     "xpack.streams.significantEventsDiscovery.knowledgeIndicatorsTab": "知识指标",
@@ -52962,22 +52954,6 @@
     "xpack.streams.streamsTreeTable.retentionColumnName": "保留",
     "xpack.streams.streamsTreeTable.searchAriaLabel": "按名称搜索流",
     "xpack.streams.streamsTreeTable.tableCaptionAriaLabel": "Streams 数据表，列出带链接的数据流名称、文档数量以及带链接的保留策略。",
-    "xpack.streams.suggestedRulesFlyout.cancelButton": "取消",
-    "xpack.streams.suggestedRulesFlyout.createRulesButton": "创建规则",
-    "xpack.streams.suggestedRulesFlyout.createRulesError": "无法创建规则",
-    "xpack.streams.suggestedRulesFlyout.createRulesSuccess": "{count, plural, one {# rule} other {# rules}} 创建成功。",
-    "xpack.streams.suggestedRulesFlyout.deleteAction": "删除",
-    "xpack.streams.suggestedRulesFlyout.deleteActionDescription": "移除此建议规则",
-    "xpack.streams.suggestedRulesFlyout.deleteQueryError": "无法删除查询",
-    "xpack.streams.suggestedRulesFlyout.description": "我们根据对该数据流至关重要的查询来生成规则。您可以复查并丢弃结果",
-    "xpack.streams.suggestedRulesFlyout.expandAriaLabel": "展开行详情",
-    "xpack.streams.suggestedRulesFlyout.minimizeAriaLabel": "折叠行详情",
-    "xpack.streams.suggestedRulesFlyout.noItems": "未找到建议规则。",
-    "xpack.streams.suggestedRulesFlyout.rulesColumn": "规则",
-    "xpack.streams.suggestedRulesFlyout.severityColumn": "严重性",
-    "xpack.streams.suggestedRulesFlyout.showing": "显示 {count, plural, one {# 条规则} other {# 条规则}}",
-    "xpack.streams.suggestedRulesFlyout.tableCaption": "建议规则",
-    "xpack.streams.suggestedRulesFlyout.title": "推荐的规则",
     "xpack.streams.suggestPipelineImage": "建议管道",
     "xpack.streams.tableTitle.showing": "正在显示 {count} 个（共 {total} 个）{label}",
     "xpack.streams.technicalPreviewLabel": "技术预览",