fix(agent-builder): address backend review findings on bulk alerts attachment

jonwalstedt · claude · jonwalstedt · commit 942afc3c90be · 2026-05-21T17:38:09.000+02:00
- Bound alertIds to [1,20] with Zod .min(1).max(20); empty batches now
  rejected at validation rather than producing a zero-alert attachment
- Add server-side guard in getAlertsById throwing when ids.length &gt; 20,
  preventing unbounded ES terms queries regardless of call site
- Remove try/catch around resolveMaxContentLength so resolution errors
  propagate visibly instead of silently truncating to the 10k default
- Fix agent description tool name: attachments_read → attachment_read,
  consistent with the framework system prompt
- Fix misleading JSDoc on maxContentLength: remove "highest value wins"
  claim; limit is applied per-attachment, not across types

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/x-pack/platform/packages/shared/agent-builder/agent-builder-server/attachments/type_definition.ts b/x-pack/platform/packages/shared/agent-builder/agent-builder-server/attachments/type_definition.ts
@@ -74,8 +74,8 @@ export interface AttachmentTypeDefinition<TType extends string = string, TConten
    */
   isReadonly?: boolean;
   /**
-   * Maximum content length (in characters) allowed when this type is presented inline to the LLM.
-   * When multiple attachment types are present, the highest value wins.
+   * Maximum content length (in characters) for attachments of this type when presented inline
+   * to the LLM. Applied per-attachment — each attachment is truncated to its own type's limit.
    * Defaults to the global DEFAULT_MAX_CONTENT_LENGTH (10 000).
    */
   maxContentLength?: number;
diff --git a/x-pack/platform/plugins/shared/agent_builder/server/services/execution/run_agent/utils/attachment_presentation.test.ts b/x-pack/platform/plugins/shared/agent_builder/server/services/execution/run_agent/utils/attachment_presentation.test.ts
@@ -136,18 +136,17 @@ describe('attachment_presentation', () => {
       expect(result.content.length).toBeGreaterThan(500);
     });
 
-    it('should fall back to default when resolveMaxContentLength throws', async () => {
+    it('should propagate when resolveMaxContentLength throws', async () => {
       const largeContent = 'x'.repeat(15000);
       const attachments = [createMockAttachment('1', 'text', largeContent)];
 
-      const result = await prepareAttachmentPresentation(attachments, {
-        resolveMaxContentLength: () => {
-          throw new Error('resolver error');
-        },
-      });
-
-      expect(result.content).toContain('[content truncated');
-      expect(result.content.length).toBeGreaterThan(500);
+      await expect(
+        prepareAttachmentPresentation(attachments, {
+          resolveMaxContentLength: () => {
+            throw new Error('resolver error');
+          },
+        })
+      ).rejects.toThrow('resolver error');
     });
 
     it('should handle visualization type as JSON', async () => {
diff --git a/x-pack/platform/plugins/shared/agent_builder/server/services/execution/run_agent/utils/attachment_presentation.ts b/x-pack/platform/plugins/shared/agent_builder/server/services/execution/run_agent/utils/attachment_presentation.ts
@@ -111,12 +111,7 @@ const formatInlineAttachments = async (
       (formatContent ? await formatContent(attachment, latest.data) : undefined) ??
       formatAttachmentContent(attachment, latest.data);
 
-    let effectiveMax = DEFAULT_MAX_CONTENT_LENGTH;
-    try {
-      effectiveMax = resolveMaxContentLength?.(attachment) ?? DEFAULT_MAX_CONTENT_LENGTH;
-    } catch {
-      // fall back to default if per-attachment resolution fails
-    }
+    const effectiveMax = resolveMaxContentLength?.(attachment) ?? DEFAULT_MAX_CONTENT_LENGTH;
     if (contentStr.length > effectiveMax) {
       contentStr =
         contentStr.substring(0, effectiveMax) +
diff --git a/x-pack/solutions/security/plugins/security_solution/server/agent_builder/attachments/alerts.test.ts b/x-pack/solutions/security/plugins/security_solution/server/agent_builder/attachments/alerts.test.ts
@@ -63,10 +63,18 @@ describe('createBulkAlertsAttachmentType', () => {
       }
     });
 
-    it('returns valid with an empty alertIds array', async () => {
+    it('returns invalid with an empty alertIds array', async () => {
       const result = await attachmentType.validate({ alertIds: [] });
 
-      expect(result.valid).toBe(true);
+      expect(result.valid).toBe(false);
+    });
+
+    it('returns invalid when alertIds exceeds 20 entries', async () => {
+      const result = await attachmentType.validate({
+        alertIds: Array.from({ length: 21 }, (_, i) => `id-${i}`),
+      });
+
+      expect(result.valid).toBe(false);
     });
 
     it('returns invalid when alertIds field is missing', async () => {
diff --git a/x-pack/solutions/security/plugins/security_solution/server/agent_builder/attachments/alerts.ts b/x-pack/solutions/security/plugins/security_solution/server/agent_builder/attachments/alerts.ts
@@ -21,7 +21,7 @@ import { getAlertsById } from '../tools/get_alerts_by_id';
 import { securityAttachmentDataSchema } from './security_attachment_data_schema';
 
 export const bulkAlertsAttachmentDataSchema = securityAttachmentDataSchema.extend({
-  alertIds: z.array(z.string()),
+  alertIds: z.array(z.string()).min(1).max(20),
 });
 
 export type BulkAlertsAttachmentData = z.infer<typeof bulkAlertsAttachmentDataSchema>;
@@ -101,7 +101,7 @@ export const createBulkAlertsAttachmentType = (
 
 When the conversation has many batches (summary mode), the system shows metadata only. Read each batch before answering:
 - Each batch appears as <attachment attachment_id="<some-id>" type="security.alerts" ...> in the XML
-- Call the attachment read tool (attachments_read) and pass the attachment_id value directly as the "attachment_id" parameter
+- Call the attachment read tool (attachment_read) and pass the attachment_id value directly as the "attachment_id" parameter
 - Read ALL batches before forming conclusions
 
 Process each batch in order:
diff --git a/x-pack/solutions/security/plugins/security_solution/server/agent_builder/tools/get_alerts_by_id.test.ts b/x-pack/solutions/security/plugins/security_solution/server/agent_builder/tools/get_alerts_by_id.test.ts
@@ -26,6 +26,16 @@ describe('getAlertsById', () => {
     expect(esClient.search).not.toHaveBeenCalled();
   });
 
+  it('throws when more than 20 ids are provided', async () => {
+    const esClient = makeClient([]);
+    const ids = Array.from({ length: 21 }, (_, i) => `id-${i}`);
+
+    await expect(getAlertsById({ esClient, index, ids })).rejects.toThrow(
+      'getAlertsById: ids.length (21) exceeds the maximum of 20'
+    );
+    expect(esClient.search).not.toHaveBeenCalled();
+  });
+
   it('returns hits keyed by _id with _source as the value', async () => {
     const source1 = { 'kibana.alert.rule.name': 'Rule A' };
     const source2 = { 'kibana.alert.rule.name': 'Rule B' };
diff --git a/x-pack/solutions/security/plugins/security_solution/server/agent_builder/tools/get_alerts_by_id.ts b/x-pack/solutions/security/plugins/security_solution/server/agent_builder/tools/get_alerts_by_id.ts
@@ -23,6 +23,9 @@ export const getAlertsById = async ({
   if (ids.length === 0) {
     return {};
   }
+  if (ids.length > 20) {
+    throw new Error(`getAlertsById: ids.length (${ids.length}) exceeds the maximum of 20`);
+  }
 
   const response = await esClient.search({
     index,

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,9 @@ export const getAlertsById = async ({`
`23`	`23`	`if (ids.length === 0) {`
`24`	`24`	`return {};`
`25`	`25`	`}`
	`26`	`+ if (ids.length > 20) {`
	`27`	+ throw new Error(`getAlertsById: ids.length (${ids.length}) exceeds the maximum of 20`);
	`28`	`+ }`
`26`	`29`
`27`	`30`	`const response = await esClient.search({`
`28`	`31`	`index,`