[Security Solution] Register Workflows with Inbox (elastic#266256)

## Summary

Introduces **Inbox ↔ Workflows** as a first-class integration so that
any `waitForInput` step in a Workflow surfaces as a schema-driven,
schema-validated action in the shared **Inbox** plugin, with a
responsive flyout for human resolution. Lays the platform rails
(registry, common contracts, privilege model, space scoping, demo
fixtures) so future providers can plug in with zero additional Inbox
work.

Plugin introduced in elastic#265634, and
with this changeset data now comes from real workflows!

Plugin is disabled by default, so enable via:

```
xpack.inbox.enabled: true
```

And populate sample workflows exercising each schema variation with:

```
KIBANA_URL=http://localhost:5601 \
  KIBANA_USERNAME=elastic \
  KIBANA_PASSWORD=changeme \
  KIBANA_SPACE_ID=default \
  node --import tsx x-pack/platform/plugins/shared/inbox/scripts/demo/seed_inbox_demo.ts
```

(or using [this
branch](https://github.com/spong/example-mcp-app-security/tree/inbox) of
the `example-mcp-app-security`. All setup details in
[`/inbox/scripts/demo/README.md`](https://github.com/spong/kibana/blob/12e3c1b50762f4f7979327007ac652ee89378bc8/x-pack/platform/plugins/shared/inbox/scripts/demo/README.md))

<p align="center">
<img width="700"
src="https://github.com/user-attachments/assets/14c76d17-4319-46d1-8b39-298418398f58"
/>
</p> 
Complete with support for dynamic response actions:


<p align="center">
<img width="700"
src="https://github.com/user-attachments/assets/67d9c867-dee6-454c-8a16-3dfcedc3285d"
/>
</p> 



## What's in this PR

### Inbox plugin — provider platform
- **`InboxActionProvider` contract**
(`x-pack/platform/plugins/shared/inbox/server/services/inbox_action_provider.ts`)
— the registration shape plugins implement to contribute items to the
Inbox.
- **`InboxActionRegistry`** — fan-out / merge-sort / pagination across
providers, with a clamped `total` so a provider truncating its response
can never desync the UI's pager. Logs a warning on truncation.
- **Routes**
- `GET /internal/inbox/actions` — list + filter (status, source_app,
pagination)
- `POST /internal/inbox/actions/{source_app}/{source_id}/respond` —
schema-validated respond path
- **Security**
- Split API privileges `inbox_read` / `inbox_respond` so the `read`
feature role cannot invoke the respond route (previously collapsed under
a single `api: [PLUGIN_ID]`).
- Dynamic space resolution via the `spaces` plugin — no more hardcoded
`'default'` leaking rows across spaces. Falls back to `'default'` only
when `spaces` is absent (single-space installs).
- **Public app hardening**
- Lazy detail-renderer loader catches chunk-load / module-init failures
and falls back to the default form instead of crashing the tree.
- `TimeoutChip` guards against malformed `timeout_at` so it can't render
`NaNh NaNm`.
- `SchemaForm` accessibility pass: label fallbacks to field name, visual
`*` required marker, `hasChildLabel={false}` for `EuiSwitch` rows,
localized select placeholder.
- **React-Query tuning** (`public/application.tsx`):
`refetchOnWindowFocus: 'always'` + `refetchOnMount: 'always'` with a 30s
`staleTime` dedupe window so the list is always current when the tab/app
regains focus, plus locked-in `invalidateQueries` on the respond
mutation so responded items drop off the list without a manual refresh.

### Workflows-management — Inbox provider
- New `WorkflowsInboxProvider`
(`src/platform/plugins/shared/workflows_management/server/inbox/`)
converts paused `waitForInput` steps into `InboxAction`s
(`to_inbox_action.ts`) and registers with the Inbox plugin at setup.
- New `WorkflowExecutionQueryService#listWaitingForInputSteps` to
fan-out across the executions index for paused steps (filtered by
`spaceId` + `status: waiting_for_input`); `WorkflowsManagementService`
exposes it via the same-name delegating method consistent with the rest
of the facade. Wire-level regression tests live in
`workflow_execution_query_service.test.ts` (term-only query / pagination
math / `index_not_found_exception` swallowed / log+rethrow), with a
delegation test in the facade suite.

### Common contracts (`@kbn/inbox-common`)
- OpenAPI / Zod schemas for the list and respond routes, including
`status`, `source_app`, `input_schema`, `submission_channel`, and
`timeout_at`.
- Helper `buildRespondToActionUrl(sourceApp, sourceId)` with proper
URL-encoding for composite source IDs.
- Privilege constants `INBOX_API_PRIVILEGE_READ` /
`INBOX_API_PRIVILEGE_RESPOND`.

### Demo fixtures
- `x-pack/platform/plugins/shared/inbox/scripts/demo/`:
- Six minimal workflow YAMLs covering the field-type matrix (string /
number / boolean / single-enum / array-of-enum / required+defaults).
- `seed_inbox_demo.ts` — dependency-light `fetch` script that imports +
triggers each workflow against a running Kibana so the Inbox populates
immediately.
- `README.md` with run instructions and the matching MCP-app
`generate-inbox-data` flow.

### FTR wiring
- New stateful FTR config
`x-pack/platform/test/inbox_api_integration/config.ts` opt-in via
`--xpack.inbox.enabled=true`.
- `inbox_flow.ts` — contract-level coverage (empty-registry list, query
validation, 404 on unknown source, 400 on missing `input`).
Live-workflow lifecycle assertions are stubbed as `describe.skip` with
TODOs pointing at the Workflows execution-engine harness work.
- Registered in `.buildkite/ftr_platform_stateful_configs.yml` and
`.github/CODEOWNERS`.


### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [X] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [X] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [X] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
- [X] Review the [backport
guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)
and apply applicable `backport:*` labels.

---

_PR developed with Cursor + Claude Opus 4.7 Super Duper xHigh
Thinking++_

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>

Author: spong

.buildkite/ftr_platform_stateful_configs.yml

@@ -483,6 +483,7 @@ enabled:
   - x-pack/platform/test/api_integration_basic/apis/security/config.ts
   - x-pack/platform/test/automatic_import_api_integration/configs/config.stateful.ts
   - x-pack/platform/test/encrypted_saved_objects_api_integration/config.ts
+  - x-pack/platform/test/inbox_api_integration/config.ts
   - x-pack/platform/test/fleet_multi_cluster/config.ts
   - x-pack/platform/test/monitoring_api_integration/config.ts
   - x-pack/platform/test/plugin_api_integration/config.ts

.github/CODEOWNERS

@@ -1032,7 +1032,7 @@ x-pack/platform/packages/shared/kbn-event-stacktrace @elastic/obs-presentation-t
 x-pack/platform/packages/shared/kbn-failure-store-modal @elastic/kibana-management
 x-pack/platform/packages/shared/kbn-fs @elastic/kibana-security
 x-pack/platform/packages/shared/kbn-grok-heuristics @elastic/obs-onboarding-team
-x-pack/platform/packages/shared/kbn-inbox-common @elastic/security-pds-deployment @elastic/security-generative-ai
+x-pack/platform/packages/shared/kbn-inbox-common @elastic/security-generative-ai
 x-pack/platform/packages/shared/kbn-inference-cli @elastic/appex-ai-infra @elastic/search-inference-team
 x-pack/platform/packages/shared/kbn-inference-connectors @elastic/search-kibana
 x-pack/platform/packages/shared/kbn-inference-endpoint-ui-common @elastic/search-kibana
@@ -1165,7 +1165,7 @@ x-pack/platform/plugins/shared/fields_metadata @elastic/obs-onboarding-team
 x-pack/platform/plugins/shared/fleet @elastic/fleet
 x-pack/platform/plugins/shared/fleet/cypress @elastic/fleet
 x-pack/platform/plugins/shared/global_search @elastic/appex-sharedux
-x-pack/platform/plugins/shared/inbox @elastic/security-pds-deployment @elastic/security-generative-ai
+x-pack/platform/plugins/shared/inbox @elastic/security-generative-ai
 x-pack/platform/plugins/shared/index_management @elastic/kibana-management
 x-pack/platform/plugins/shared/inference @elastic/search-kibana
 x-pack/platform/plugins/shared/inference_endpoint @elastic/search-kibana
@@ -3435,6 +3435,9 @@ x-pack/solutions/observability/plugins/synthetics/server/saved_objects/synthetic
 /.buildkite/pipelines/evals/ @elastic/obs-ai-team @elastic/security-generative-ai
 /.buildkite/scripts/steps/evals/ @elastic/obs-ai-team @elastic/security-generative-ai
 
+# Inbox FTR test directory (no kibana.jsonc — manual entry)
+/x-pack/platform/test/inbox_api_integration/ @elastic/security-generative-ai
+
 ####
 ## These rules are always last so they take ultimate priority over everything else
 ####

src/platform/plugins/shared/workflows_execution_engine/integration_tests/tests/wait_for_input.test.ts

@@ -237,4 +237,73 @@ steps:
       expect(step?.output).toEqual({ ticket: 'T-42', priority: 'high' });
     });
   });
+
+  describe('resume after workflow-level timeout has already fired', () => {
+    // Regression: an analyst responds to an Inbox entry whose parent workflow
+    // has sat paused long enough to exceed `settings.timeout`. On the resume
+    // iteration the workflow-level monitor fires concurrently with the
+    // waitForInput step, aborts the step runtime, and calls
+    // `failStep(TimeoutError)`. Before the fix, `WaitForInputStepImpl.run()`
+    // then re-entered `tryEnterWaitUntil` (which saw the in-memory status as
+    // FAILED, not WAITING_FOR_INPUT), and the subsequent upsert overwrote
+    // `status` back to `waiting_for_input` — leaving `error`/`finishedAt`
+    // in place and producing a zombie that the Inbox listing keeps
+    // resurfacing forever.
+    const timeoutYaml = `
+settings:
+  timeout: 200ms
+
+steps:
+  - name: ask
+    type: waitForInput
+    with:
+      message: "Approve?"
+  - name: log
+    type: console
+    with:
+      message: "done"
+`;
+
+    it('must not reset a timed-out step back to WAITING_FOR_INPUT on resume', async () => {
+      await fixture.runWorkflow({ workflowYaml: timeoutYaml });
+
+      const pausedExec = fixture.workflowExecutionRepositoryMock.workflowExecutions.get(
+        'fake_workflow_execution_id'
+      );
+      expect(pausedExec?.status).toBe(ExecutionStatus.WAITING_FOR_INPUT);
+
+      // Push us comfortably past the 200ms workflow-level timeout so the
+      // monitor's first pass during the resume iteration fires
+      // synchronously, racing with the step's run().
+      await new Promise((resolve) => setTimeout(resolve, 350));
+
+      const exec = fixture.workflowExecutionRepositoryMock.workflowExecutions.get(
+        'fake_workflow_execution_id'
+      )!;
+      exec.context = { ...exec.context, resumeInput: { approved: true } };
+      fixture.workflowExecutionRepositoryMock.workflowExecutions.set(exec.id, exec);
+
+      await fixture.resumeWorkflow();
+
+      const askStep = Array.from(fixture.stepExecutionRepositoryMock.stepExecutions.values()).find(
+        (s) => s.stepId === 'ask'
+      );
+
+      // The zombie shape we must never persist again: status=waiting_for_input
+      // alongside finishedAt+error. Either the step is FAILED/TIMED_OUT (the
+      // timeout won the race and the fix prevented re-entry), or the step is
+      // COMPLETED (the step ran first and the resume succeeded before the
+      // monitor noticed the deadline). Both are acceptable; the zombie is not.
+      expect(askStep).toBeDefined();
+      expect([
+        ExecutionStatus.FAILED,
+        ExecutionStatus.TIMED_OUT,
+        ExecutionStatus.COMPLETED,
+      ]).toContain(askStep!.status);
+      if (askStep!.status !== ExecutionStatus.COMPLETED) {
+        expect(askStep!.error?.message).toContain('Failed due to workflow timeout');
+        expect(askStep!.finishedAt).toBeDefined();
+      }
+    });
+  });
 });

src/platform/plugins/shared/workflows_execution_engine/server/plugin.ts

@@ -1235,6 +1235,20 @@ export class WorkflowsExecutionEnginePlugin
         );
       }
 
+      // Freshness guard: a waitForInput step whose parent workflow already
+      // terminated (timeout, cancel, external failure) can leave the execution
+      // doc with `status: waiting_for_input` but `finishedAt` set — writing
+      // resumeInput and scheduling a resume task in that state is a no-op that
+      // silently swallows the analyst's response. Reject explicitly so the
+      // caller sees a 409 and the Inbox provider can surface a real error.
+      if (workflowExecution.finishedAt) {
+        throw new WorkflowExecutionInvalidStatusError(
+          executionId,
+          `${workflowExecution.status} (already finished at ${workflowExecution.finishedAt})`,
+          ExecutionStatus.WAITING_FOR_INPUT
+        );
+      }
+
       await workflowExecutionRepository.updateWorkflowExecution({
         id: executionId,
         context: { ...workflowExecution.context, resumeInput: input },

src/platform/plugins/shared/workflows_execution_engine/server/step/wait_for_input_step/wait_for_input_step.test.ts

@@ -43,6 +43,7 @@ describe('WaitForInputStepImpl', () => {
       setInput: jest.fn(),
       updateWorkflowExecution: jest.fn(),
       stepExecutionId: 'test-step-exec-id',
+      abortController: new AbortController(),
       contextManager: {
         renderValueAccordingToContext: jest.fn(<T>(v: T): T => v),
       },
@@ -222,6 +223,40 @@ describe('WaitForInputStepImpl', () => {
     });
   });
 
+  describe('aborted runtime — race with workflow-level timeout', () => {
+    // Regression: when the workflow-level timeout monitor fires in parallel
+    // with a resume iteration, it aborts the step runtime and calls
+    // `failStep(timeoutError)`. Without this guard the waitForInput step
+    // proceeded to re-enter its wait state, overwriting `status: FAILED` back
+    // to `status: WAITING_FOR_INPUT` (error/finishedAt survived because
+    // `updateStep` spreads). The zombie step then permanently reappeared in
+    // the Inbox because `listWaitingForInputSteps` filters only on status.
+    beforeEach(() => {
+      mockStepExecutionRuntime.abortController.abort();
+    });
+
+    it('should not call tryEnterWaitUntil when the runtime is already aborted', async () => {
+      await underTest.run();
+      expect(mockStepExecutionRuntime.tryEnterWaitUntil).not.toHaveBeenCalled();
+    });
+
+    it('should not mutate step state when the runtime is already aborted', async () => {
+      await underTest.run();
+      expect(mockStepExecutionRuntime.setInput).not.toHaveBeenCalled();
+      expect(mockStepExecutionRuntime.finishStep).not.toHaveBeenCalled();
+      expect(mockStepExecutionRuntime.updateWorkflowExecution).not.toHaveBeenCalled();
+      expect(mockWorkflowRuntime.navigateToNextNode).not.toHaveBeenCalled();
+    });
+
+    it('should emit an observable hitl:aborted debug event', async () => {
+      await underTest.run();
+      expect(workflowLogger.logDebug).toHaveBeenCalledWith(
+        expect.stringContaining('run aborted before wait-entry'),
+        expect.objectContaining({ event: { action: 'hitl:aborted' } })
+      );
+    });
+  });
+
   describe('resume run — exiting wait state with null context', () => {
     beforeEach(() => {
       mockStepExecutionRuntime.tryEnterWaitUntil.mockReturnValue(false);

src/platform/plugins/shared/workflows_execution_engine/server/step/wait_for_input_step/wait_for_input_step.ts

@@ -23,6 +23,22 @@ export class WaitForInputStepImpl implements NodeImplementation {
   ) {}
 
   async run(): Promise<void> {
+    // The step runtime's abort signal is how monitors (workflow-level timeout,
+    // cancellation) tell a step "you have already been settled — do not touch
+    // state". Without this guard a waitForInput that is resumed after the
+    // workflow has timed out would enter `tryEnterWaitUntil` with an in-memory
+    // status of FAILED (set by the monitor's failStep call), treat itself as
+    // "not already waiting", and re-write status back to WAITING_FOR_INPUT —
+    // leaving a zombie step that `listWaitingForInputSteps` keeps surfacing in
+    // the Inbox forever.
+    if (this.stepExecutionRuntime.abortController.signal.aborted) {
+      this.workflowLogger.logDebug(
+        `Step '${this.node.stepId}' run aborted before wait-entry; skipping`,
+        { event: { action: 'hitl:aborted' } }
+      );
+      return;
+    }
+
     if (this.stepExecutionRuntime.tryEnterWaitUntil(undefined, ExecutionStatus.WAITING_FOR_INPUT)) {
       // Store step config as input so the record is self contained
       // consistent with every other step type & readable without a definition lookup

src/platform/plugins/shared/workflows_management/kibana.jsonc

@@ -32,8 +32,8 @@
       "embeddable",
       "licensing"
     ],
-    "optionalPlugins": ["alerting", "serverless", "cloud"],
-    "runtimePluginDependencies": ["agentBuilder"],
+    "optionalPlugins": ["alerting", "serverless", "cloud", "inbox"],
+    "runtimePluginDependencies": ["agentBuilder", "agentContextLayer"],
     "extraPublicDirs": ["common"]
   }
 }

src/platform/plugins/shared/workflows_management/moon.yml

@@ -97,7 +97,8 @@ dependsOn:
   - '@kbn/cloud-plugin'
   - '@kbn/kbn-client'
   - '@kbn/rule-data-utils'
-  - '@kbn/std'
+  - '@kbn/inbox-plugin'
+  - '@kbn/inbox-common'
   - '@kbn/core-saved-objects-common'
 tags:
   - plugin

src/platform/plugins/shared/workflows_management/server/api/workflows_management_api.ts

@@ -606,6 +606,17 @@ export class WorkflowsManagementApi {
     return workflowsExecutionEngine.resumeWorkflowExecution(executionId, spaceId, input, request);
   }
 
+  /**
+   * Cross-workflow listing of step executions currently blocked on
+   * `waitForInput`. Consumed by the Inbox plugin's workflows provider.
+   */
+  public async listWaitingForInputSteps(
+    spaceId: string,
+    params: { page?: number; perPage?: number } = {}
+  ): Promise<{ results: EsWorkflowStepExecution[]; total: number }> {
+    return this.workflowsService.listWaitingForInputSteps(spaceId, params);
+  }
+
   public async getWorkflowStats(spaceId: string, options?: { includeExecutionStats?: boolean }) {
     return this.workflowsService.getWorkflowStats(spaceId, options);
   }

src/platform/plugins/shared/workflows_management/server/api/workflows_management_service.test.ts

@@ -291,4 +291,22 @@ describe('WorkflowsService (facade)', () => {
       await expect(service.getWorkflow('wf-1', 'default')).rejects.toBe(boom);
     });
   });
+
+  describe('listWaitingForInputSteps', () => {
+    it('delegates to WorkflowExecutionQueryService.listWaitingForInputSteps after init', async () => {
+      // Behavioural coverage for this method lives next to the implementation
+      // in `services/workflow_execution_query_service.test.ts`. This facade
+      // test only asserts the delegation shape.
+      const listSpy = jest
+        .spyOn(WorkflowExecutionQueryService.prototype, 'listWaitingForInputSteps')
+        .mockResolvedValue({ results: [], total: 0 } as never);
+      try {
+        const service = await buildService();
+        await service.listWaitingForInputSteps('my-space', { page: 2, perPage: 25 });
+        expect(listSpy).toHaveBeenCalledWith('my-space', { page: 2, perPage: 25 });
+      } finally {
+        listSpy.mockRestore();
+      }
+    });
+  });
 });