Address review feedback: audit test + brand obs-ai namespace

rudolf · cursoragent · rudolf · commit cfcce5ee574f · 2026-05-28T17:18:28.000+02:00
- security/audit_service.test.ts: new test verifying that a spaceId on a fake KibanaRequest surfaces as `kibana.space_id` in the audit log when the audit service is wired with `getSpaceId: (req) => req.spaceId` (mirrors real wiring through spacesService). Addresses #266371 (comment)... by @jeramysoucy. - observability_ai_assistant: change the internal `namespace: string` field on the client/knowledge-base service dependency contracts to `namespace: SpaceId`. This was a real instance of the smell branded types are designed to flush out: `request.spaceId` (branded SpaceId) was being assigned into a `string` field, immediately losing the semantic distinction. Now the value stays branded all the way through the in-process API surface; the storage shape on ES (`Omit<KnowledgeBaseEntry, 'id'> & { namespace: string }`) stays a plain string because brands only exist in TypeScript and don't survive serialization. Use `getSpaceUrlPrefix` from `@kbn/core-spaces-common` for the space-aware URL, removing the local `DEFAULT_SPACE_ID` branching. Addresses #266371 (comment)... by @viduni94. Co-authored-by: Cursor <cursoragent@cursor.com>
diff --git a/x-pack/platform/plugins/shared/observability_ai_assistant/server/service/client/index.test.ts b/x-pack/platform/plugins/shared/observability_ai_assistant/server/service/client/index.test.ts
@@ -18,6 +18,7 @@ import { isEmpty, last, merge, repeat, size } from 'lodash';
 import { Subject, Observable } from 'rxjs';
 import { EventEmitter, type Readable } from 'stream';
 import { finished } from 'stream/promises';
+import { asSpaceId, DEFAULT_SPACE_ID, type SpaceId } from '@kbn/core-spaces-common';
 import { ObservabilityAIAssistantClient } from '.';
 import { MessageRole, type Message, CONTEXT_FUNCTION_NAME } from '../../../common';
 import type {
@@ -146,7 +147,7 @@ describe('Observability AI Assistant client', () => {
 
   let llmSimulator: LlmSimulator;
 
-  function createClient(namespace: string = 'default') {
+  function createClient(namespace: SpaceId = DEFAULT_SPACE_ID) {
     jest.resetAllMocks();
 
     // uncomment this line for debugging
@@ -219,7 +220,7 @@ describe('Observability AI Assistant client', () => {
       inferenceClient: inferenceClientMock,
       knowledgeBaseService: knowledgeBaseServiceMock,
       logger: loggerMock,
-      namespace: 'default',
+      namespace: DEFAULT_SPACE_ID,
       user: {
         name: 'johndoe',
       },
@@ -1757,7 +1758,7 @@ describe('Observability AI Assistant client', () => {
       );
     });
 
-    const runWithNamespace = async (namespace: string) => {
+    const runWithNamespace = async (namespace: SpaceId) => {
       // client = createClient(namespace);
       client = createClient();
       (client as any).dependencies.namespace = namespace;
@@ -1777,7 +1778,7 @@ describe('Observability AI Assistant client', () => {
     };
 
     it('generates a link without space segment for default space', async () => {
-      await runWithNamespace('default');
+      await runWithNamespace(DEFAULT_SPACE_ID);
 
       expect(functionClientMock.registerInstruction).toHaveBeenCalled();
       expect(functionClientMock.registerInstruction).toHaveBeenCalledWith(
@@ -1790,7 +1791,7 @@ describe('Observability AI Assistant client', () => {
 
     it('generates a link with space segment for non-default space', async () => {
       const space = 'myspace';
-      await runWithNamespace('myspace');
+      await runWithNamespace(asSpaceId('myspace'));
 
       expect(functionClientMock.registerInstruction).toHaveBeenCalled();
       expect(functionClientMock.registerInstruction).toHaveBeenCalledWith(
diff --git a/x-pack/platform/plugins/shared/observability_ai_assistant/server/service/client/index.ts b/x-pack/platform/plugins/shared/observability_ai_assistant/server/service/client/index.ts
@@ -12,7 +12,8 @@ import type { Logger } from '@kbn/logging';
 import type { PublicMethodsOf } from '@kbn/utility-types';
 import { last, merge, omit } from 'lodash';
 import type { Observable } from 'rxjs';
-import { DEFAULT_SPACE_ID } from '@kbn/core-spaces-common';
+import { getSpaceUrlPrefix } from '@kbn/core-spaces-common';
+import type { SpaceId } from '@kbn/core-spaces-common';
 import {
   catchError,
   defer,
@@ -95,7 +96,7 @@ export class ObservabilityAIAssistantClient {
       core: CoreSetup<ObservabilityAIAssistantPluginStartDependencies>;
       actionsClient: PublicMethodsOf<ActionsClient>;
       uiSettingsClient: IUiSettingsClient;
-      namespace: string;
+      namespace: SpaceId;
       esClient: {
         asInternalUser: ElasticsearchClient;
         asCurrentUser: ElasticsearchClient;
@@ -234,10 +235,7 @@ export class ObservabilityAIAssistantClient {
 
       if (persist && !isConversationUpdate && kibanaPublicUrl) {
         const { namespace } = this.dependencies;
-        const spaceAwarePath =
-          namespace === DEFAULT_SPACE_ID
-            ? '/app/observabilityAIAssistant'
-            : `/s/${namespace}/app/observabilityAIAssistant`;
+        const spaceAwarePath = `${getSpaceUrlPrefix(namespace)}/app/observabilityAIAssistant`;
 
         const conversationUrl = `${kibanaPublicUrl}${spaceAwarePath}/conversations/${conversationId}`;
 
diff --git a/x-pack/platform/plugins/shared/observability_ai_assistant/server/service/knowledge_base_service/index.ts b/x-pack/platform/plugins/shared/observability_ai_assistant/server/service/knowledge_base_service/index.ts
@@ -12,6 +12,7 @@ import { orderBy } from 'lodash';
 import { encode } from 'gpt-tokenizer';
 import { isLockAcquisitionError } from '@kbn/lock-manager';
 import type { DocumentationManagerAPI } from '@kbn/product-doc-base-plugin/server/services/doc_manager';
+import type { SpaceId } from '@kbn/core-spaces-common';
 import { resourceNames } from '..';
 import type {
   Instruction,
@@ -75,7 +76,7 @@ export class KnowledgeBaseService {
   }: {
     queries: Array<{ text: string; boost?: number }>;
     categories?: string[];
-    namespace: string;
+    namespace: SpaceId;
     user?: { name: string };
   }): Promise<RecalledEntry[]> {
     const response = await this.dependencies.esClient.asInternalUser.search<
@@ -188,7 +189,7 @@ export class KnowledgeBaseService {
     queries: Array<{ text: string; boost?: number }>;
     categories?: string[];
     user?: { name: string };
-    namespace: string;
+    namespace: SpaceId;
     esClient: { asCurrentUser: ElasticsearchClient; asInternalUser: ElasticsearchClient };
     uiSettingsClient: IUiSettingsClient;
     limit?: { tokens?: number; size?: number };
@@ -277,7 +278,7 @@ export class KnowledgeBaseService {
   };
 
   getUserInstructions = async (
-    namespace: string,
+    namespace: SpaceId,
     user?: { name: string }
   ): Promise<Array<Instruction & { public?: boolean }>> => {
     if (!this.dependencies.config.enableKnowledgeBase) {
@@ -330,7 +331,7 @@ export class KnowledgeBaseService {
     query?: string;
     sortBy?: string;
     sortDirection?: 'asc' | 'desc';
-    namespace: string;
+    namespace: SpaceId;
   }): Promise<{ entries: KnowledgeBaseEntry[] }> => {
     if (!this.dependencies.config.enableKnowledgeBase) {
       return { entries: [] };
@@ -478,7 +479,7 @@ export class KnowledgeBaseService {
   }: {
     entry: Omit<KnowledgeBaseEntry, '@timestamp'>;
     user?: { name: string; id?: string };
-    namespace: string;
+    namespace: SpaceId;
   }): Promise<void> => {
     if (!this.dependencies.config.enableKnowledgeBase) {
       return;
@@ -538,7 +539,7 @@ export class KnowledgeBaseService {
   }: {
     entries: Array<Omit<KnowledgeBaseEntry, '@timestamp'>>;
     user?: { name: string; id?: string };
-    namespace: string;
+    namespace: SpaceId;
   }): Promise<void> => {
     if (!this.dependencies.config.enableKnowledgeBase) {
       return;
diff --git a/x-pack/platform/plugins/shared/security/server/audit/audit_service.test.ts b/x-pack/platform/plugins/shared/security/server/audit/audit_service.test.ts
@@ -13,6 +13,7 @@ import type { FakeRawRequest } from '@kbn/core-http-server';
 import { httpServerMock, httpServiceMock } from '@kbn/core-http-server-mocks';
 import { kibanaRequestFactory } from '@kbn/core-http-server-utils';
 import { loggingSystemMock } from '@kbn/core-logging-server-mocks';
+import { asSpaceId } from '@kbn/core-spaces-common';
 import type { AuditEvent } from '@kbn/security-plugin-types-server';
 
 import {
@@ -267,6 +268,40 @@ describe('#asScoped', () => {
     audit.stop();
   });
 
+  it('logs space_id from a fake request that carries a spaceId', async () => {
+    const audit = new AuditService(logger);
+    const auditSetup = audit.setup({
+      license,
+      config,
+      logging,
+      http,
+      getCurrentUser,
+      // Mirror real wiring (spacesService.getSpaceId) by sourcing the space id
+      // directly from the request.
+      getSpaceId: (req) => req.spaceId,
+      getSID: () => Promise.resolve(undefined),
+      recordAuditLoggingUsage,
+    });
+
+    const fakeRawRequest: FakeRawRequest = {
+      headers: {},
+      spaceId: asSpaceId('my-space'),
+    };
+    const request = kibanaRequestFactory(fakeRawRequest);
+
+    await auditSetup.asScoped(request).log({
+      message: 'MESSAGE',
+      event: { action: 'ACTION' },
+    });
+    expect(logger.info).toHaveBeenLastCalledWith(
+      'MESSAGE',
+      expect.objectContaining({
+        kibana: expect.objectContaining({ space_id: 'my-space' }),
+      })
+    );
+    audit.stop();
+  });
+
   it('does not log to audit logger if event matches ignore filter', async () => {
     const audit = new AuditService(logger);
     const auditSetup = audit.setup({
