Merge branch 'main' into changes-history/mvp-ui

Author: maximpn

.buildkite/ftr-manifests/ftr_platform_stateful_configs.yml

@@ -123,7 +123,6 @@ enabled:
   - src/platform/test/functional/apps/management/group2/config.ts
   - src/platform/test/functional/apps/management/group3/config.ts
   - src/platform/test/functional/apps/management/group4/config.ts
-  - src/platform/test/functional/apps/saved_objects_management/config.ts
   - src/platform/test/functional/apps/status_page/config.ts
   - src/platform/test/functional/apps/visualize/group1/config.ts
   - src/platform/test/functional/apps/visualize/group2/config.ts
@@ -319,7 +318,6 @@ enabled:
   - x-pack/platform/test/functional/apps/remote_clusters/config.ts
   - x-pack/platform/test/functional/apps/reporting_management/config.ts
   - x-pack/platform/test/functional/apps/rollup_job/config.ts
-  - x-pack/platform/test/functional/apps/saved_objects_management/config.ts
   - x-pack/platform/test/functional/apps/security/config.ts
   - x-pack/platform/test/functional/apps/snapshot_restore/config.ts
   - x-pack/platform/test/functional/apps/spaces/config.ts

.buildkite/scout_ci_config.yml

@@ -40,6 +40,7 @@ plugins:
     - logstash
     - maps
     - ml
+    - monitoring
     - navigation
     - observability
     - observability_onboarding

.github/CODEOWNERS

@@ -2289,9 +2289,7 @@ x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security
 # Core
 /src/platform/test/api_integration/fixtures/kbn_archiver/management/saved_objects/relationships.json @elastic/kibana-core @elastic/kibana-data-discovery
 /src/platform/test/functional/fixtures/kbn_archiver/saved_search.json @elastic/kibana-core # Assigned per only use: https://github.com/elastic/kibana/blob/main/test/interpreter_functional/test_suites/run_pipeline/esaggs.ts#L100
-/src/platform/test/functional/fixtures/kbn_archiver/saved_objects_management/show_relationships.json @elastic/kibana-core # Assigned per only use: https://github.com/elastic/kibana/blob/main/test/functional/apps/saved_objects_management/show_relationships.ts#L20
 /src/platform/test/functional/fixtures/kbn_archiver/saved_objects_management/hidden_from_http_apis.json @elastic/kibana-core
-/src/platform/test/functional/fixtures/kbn_archiver/saved_objects_management/edit_saved_object.json @elastic/kibana-core # Assigned per only use: https://github.com/elastic/kibana/blob/main/test/functional/apps/saved_objects_management/inspect_saved_objects.ts#L40
 /src/platform/test/functional/fixtures/es_archiver/saved_objects_management @elastic/kibana-core
 /src/platform/test/api_integration/fixtures/es_archiver/saved_objects @elastic/kibana-core
 /src/platform/test/api_integration/fixtures/kbn_archiver/saved_objects @elastic/kibana-core
@@ -2362,7 +2360,6 @@ x-pack/platform/test/plugin_api_integration/test_suites/platform/ @elastic/kiban
 /src/platform/test/api_integration/apis/stats @elastic/kibana-core # Assigned per: https://github.com/elastic/kibana/pull/20577
 /src/platform/test/api_integration/apis/saved_objects* @elastic/kibana-core
 /src/platform/test/api_integration/apis/core/*.ts @elastic/kibana-core
-/x-pack/platform/test/functional/apps/saved_objects_management @elastic/kibana-core
 /x-pack/platform/test/usage_collection @elastic/kibana-core
 /x-pack/platform/test/licensing_plugin @elastic/kibana-core
 /x-pack/platform/test/functional_execution_context @elastic/kibana-core
@@ -2711,7 +2708,6 @@ x-pack/platform/test/functional/page_objects/search_profiler_page.ts @elastic/se
 /src/platform/test/functional/page_objects/embedded_console.ts @elastic/kibana-management
 /src/platform/test/functional/page_objects/console_page.ts @elastic/kibana-management
 /src/platform/test/functional/firefox/console.config.ts @elastic/kibana-management
-/src/platform/test/functional/apps/saved_objects_management @elastic/kibana-management
 /src/platform/test/functional/apps/console/*.ts @elastic/kibana-management
 /src/platform/test/api_integration/apis/console/*.ts @elastic/kibana-management
 /src/platform/test/accessibility/apps/management.ts @elastic/kibana-management
@@ -3181,6 +3177,7 @@ x-pack/platform/plugins/shared/actions/server/lib/token_tracking @elastic/securi
 /x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/index @elastic/security-detection-engine
 /x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals @elastic/security-detection-engine
 /x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/unified_alerts @elastic/security-detection-engine @elastic/security-threat-hunting
+/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/attacks @elastic/security-detection-engine @elastic/security-threat-hunting
 
 /x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine @elastic/security-detection-engine
 

.github/workflows/failed-test-investigator.md

@@ -87,20 +87,9 @@ Investigate a failed-test issue, classify the failure, and propose a fix when ap
 - **`issues` trigger**: use the triggering issue (non-PR, labeled `failed-test`).
 - **`workflow_dispatch`**: use issue `${{ github.event.inputs.issue_number }}`. Fetch it explicitly before analysis, and post the final comment there.
 
-## Where did the test run?
-
-The test's **target** (e.g. `local-stateful-classic`, `cloud-serverless-security_complete`) tells you where it ran:
-
-- **`cloud-*`** — ran against a real Elastic Cloud project (serverless) or deployment (stateful). Pipeline names: `appex-qa-{serverless|stateful}-kibana-{ftr|scout}-tests`.
-- **`local-*`** — ran on the agent's local machine. `kibana-on-merge` and `kibana-pull-request` are local (no Elastic Cloud API calls), so the environment is more stable and less prone to network/env flakiness.
-
 ## Investigate
 
-1. Read the issue title, body, labels, and all comments.
-2. Parse test metadata if present: location (test file path), config path, code owners, target.
-3. Look at all the failures reported in the issue. The very same test could have been failing with different error messages, for different reasons, on different pipelines, and on different branches.
-4. Inspect the relevant test file and nearby helpers/fixtures. For Scout, start from the reported location; otherwise infer from the title.
-5. Check recent git history and blame on the test file and related product code.
+Investigate the test failure(s) using the `flaky-test-investigator` skill.
 
 Every conclusion must cite specific evidence. Do not guess.
 
@@ -150,53 +139,32 @@ No other side-effects beyond posting the comment and updating the label.
 
 ## Comment format
 
-Post exactly one comment with two main parts:
-
-- **Visible section**: a very concise summary that would inform a developer with a quick glance. Highlight main findings. Keep it high-signal and to the point.
-- **Collapsed `<details>` section**: full long-form context for the downstream auto-fix agent (and any human who wants to audit the call).
-
-The visible section is a _distillation_ of the collapsed one. Do not repeat content verbatim across both: the visible bullets summarize, the collapsed block holds the full evidence the summary was derived from.
-
-### Visible (top), in this order:
-
-1. **One-line bold headline** stating the result kind and one identifying detail. Consistent with `classification` but not templated. Example: `**Likely test-design fix** — missing waitForAlertsToPopulate() in building_block_alerts.spec.ts`.
-
-2. **A 3–5 sentence prose paragraph** (no headings, no bullets) covering: what broke and where (name the test file/name), the most likely root cause, and any evidence-backed author attribution with `@username` so they get notified on first read.
-
-3. **One-line action hint**: the proposed fix, recommended action, or missing evidence. Skip if the paragraph already covers it.
-
-4. **Findings bullets** — exactly these four, in this order, with one concrete value each. Downstream tooling parses these directly; preserve keys, casing, and `` - `key`: value `` shape:
-
-   - `classification`: `test-design` | `test-environment` | `application` | `external` | `inconclusive`
-   - `confidence`: `high` | `medium` | `low`
-   - `test.type`: `scout` (if `scout-playwright` label) | `ftr` | `jest` | `unknown`
-   - `test.file`: repo-relative path, or `unknown`
-
-5. **Suspected root cause** — 2–4 short bullets, each tied to a specific piece of evidence. Skip the section entirely when `classification` is `external` or `inconclusive` and there is nothing concrete to assert.
-
-6. **Key references** — at most 3 Markdown links: the failing test file, the failing CI run, and the implicated commit (when one exists). Skip any of the three that are not applicable; skip the section entirely when none apply.
-
-### Collapsed (`<details>`):
-
-This section is the full context for agents and humans to dive deep into the findings. Verify all information. Wrap it in a single `<details>` block. The blank lines around `</summary>` and `</details>` are required for the inner markdown to render.
-
-```
-<details>
-<summary>See full details</summary>
+Post exactly one comment. Keep the visible portion very short and easy to read:
 
-#### Full root-cause analysis
+1. **One-line bold headline** stating the result kind and one identifying detail.
+2. **Diagnosis** (≤5 concise bullet points): what broke and where, the most likely root cause.
+3. **Next steps** (≤5 concise bullet points).
 
-The long-form version of the visible "Suspected root cause" bullets. Walk through the evidence chain step by step. Cite the specific log lines, stack frames, blame results, or related PRs that led to the conclusion.
+Put the full `flaky-test-investigator` skill output inside a collapsed `<details><summary>Investigation details</summary> ... </details>` block (not in the visible portion). Open the block with a `#### Findings` subsection containing exactly these four bullets in this order — downstream tooling parses them, so preserve keys, casing, and `` - `key`: value `` shape. These bullets must live **inside `<details>`**, never in the visible portion:
 
-#### Evidence used
+- `classification`: `test-design` | `test-environment` | `application` | `external` | `inconclusive`
+- `confidence`: `high` | `medium` | `low`
+- `test.type`: `scout` (if `scout-playwright` label) | `ftr` | `jest` | `unknown`
+- `test.file`: repo-relative path, or `unknown`
 
-A complete list of the evidence consulted: issue comments, file paths, commits, CI runs, blame output, related PRs. Each item should be a Markdown link, not a bare path or SHA.
+The skill's "Reporting" subsections should also be inside the collapsible section:
 
-#### Suggested patch
+- What the test does
+- What failed and when
+- Where it ran
+- Root cause hypothesis
+- Evidence
+- Failure screenshot
+- Recommended next step
+- Open questions
 
-Only when justified by the evidence: a small diff-style snippet showing the suggested edit. Include the exact file, function, assertion, wait condition, fixture, selector, API, or behavior to change. Omit this section entirely when no defensible patch can be proposed.
+Blank lines around `</summary>` and `</details>` are required for the inner markdown to render.
 
-</details>
-```
+End the comment with this footer line (verbatim, on its own line after the `</details>` block):
 
-Use `####` headings inside the details block (not `###`) so they nest below the comment's own structure. Any of the three subsections may be omitted when there is nothing meaningful to put in it.
+`<sup>AI-generated, share feedback in [#appex-qa](https://elastic.slack.com/archives/C04HT4P1YS3)</sup>`

docs/extend/scout.md

@@ -12,6 +12,7 @@ Scout is Kibana’s **modern UI and API test framework** built on [Playwright](h
 - [Best practices](./scout/best-practices.md) (see also [UI](./scout/ui-best-practices.md) and [API](./scout/api-best-practices.md) test best practices)
 - [UI testing](./scout/ui-testing.md)
 - [API testing](./scout/api-testing.md)
+- [Migrate tests to Scout](./scout/migrate-tests.md)
 
 ## Scout benefits [scout-main-features]
 
@@ -57,7 +58,7 @@ We welcome contributions to one of the Scout packages.
 | Is reusable but scoped to a solution  | In the solution Scout package (for example `@kbn/scout-security`, `@kbn/scout-oblt`, `@kbn/scout-search`) | Solution workflows and domain-specific helpers     |
 | Is specific to one plugin or package  | In your plugin or package’s `test/scout` directory                                                        | Components specific to your plugin or package only |
 
-## Need help?
+## Need help? [need-help]
 
 - **Internal (Elasticians)**: reach out to the AppEx QA team in the `#kibana-scout` Slack channel for guidance.
 
@@ -95,7 +96,7 @@ Existing FTR tests continue to run, and teams can migrate them to Scout incremen
 
 #### Q: Should I migrate every FTR test to Scout? [scout-faq-migrate-ftr-to-scout]
 
-_It, depends_: [pick the right test type](./scout/best-practices.md#pick-the-right-test-type) before migrating a test.
+_It depends_: [pick the right test type](./scout/best-practices.md#pick-the-right-test-type) before migrating a test. Refer to our [Migrate tests to Scout](./scout/migrate-tests.md) guide.
 
 #### Q: Does Scout support feature flags? [scout-faq-feature-flags]
 

docs/extend/scout/deployment-tags.md

@@ -51,6 +51,21 @@ test.describe(
 
 This test will only run locally (stateful classic and serverless Security complete tier), and will be skipped by Elastic Cloud pipelines.
 
+## Pick the right tags [scout-deployment-tags-pick]
+
+Pick the narrowest scope that's still correct for the feature under test, as every extra deployment target spins up an additional run:
+
+| The test covers…                                 | Use                                                                                                                  |
+| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------- |
+| A platform feature that works everywhere         | [`tags.deploymentAgnostic`](#scout-deployment-tags-deployment-agnostic)                                              |
+| A solution feature                               | `tags.stateful.<solution>` + `tags.serverless.<solution>` (use `.complete` when the solution has tiers)              |
+| Behavior specific to one serverless project tier | The explicit tier tag, e.g. `tags.serverless.security.essentials` or `tags.serverless.observability.logs_essentials` |
+| Behavior that only exists on stateful            | `tags.stateful.<solution>` alone                                                                                     |
+
+::::::{warning}
+Don't reach for `tags.deploymentAgnostic` from a solution module. It runs your test across every solution and is expensive — use explicit per-deployment tags instead. See the [`tags.deploymentAgnostic` note](#scout-deployment-tags-deployment-agnostic).
+::::::
+
 ## Common shortcuts [scout-deployment-tags-shortcuts]
 
 ### `tags.deploymentAgnostic` [scout-deployment-tags-deployment-agnostic]

docs/extend/scout/feature-flags.md

@@ -8,14 +8,14 @@ Some Kibana features are gated behind feature flags or experimental configuratio
 
 ## When to use runtime versus server-level flags [scout-feature-flags-when-to-use]
 
-|  | Runtime flags | Custom server configs |
-|---|---|---|
-| **API** | `apiServices.core.settings()` | `ScoutServerConfig` config set |
-| **Restart required** | No — applied while running | Yes — must be present at boot |
-| **Elastic Cloud (QA)** | Supported | Not supported — local only |
-| **CI cost** | Low — shares default servers | Higher — dedicated server instance |
-| **Toggle per suite** | Yes | No — fixed at server start |
-| **When to use** | **Preferred** for most flags | Settings required at boot (e.g., route registration) |
+|                        | Runtime flags                 | Custom server configs                                |
+| ---------------------- | ----------------------------- | ---------------------------------------------------- |
+| **API**                | `apiServices.core.settings()` | `ScoutServerConfig` config set                       |
+| **Restart required**   | No — applied while running    | Yes — must be present at boot                        |
+| **Elastic Cloud (QA)** | Supported                     | Not supported — local only                           |
+| **CI cost**            | Low — shares default servers  | Higher — dedicated server instance                   |
+| **Toggle per suite**   | Yes                           | No — fixed at server start                           |
+| **When to use**        | **Preferred** for most flags  | Settings required at boot (e.g., route registration) |
 
 For custom server configs, reach out to the AppEx QA team before creating one (see [below](#scout-feature-flags-custom-servers)).
 
@@ -89,7 +89,7 @@ test.describe('Browse integration', { tag: tags.stateful.classic }, () => {
 
 When using `feature_flags.overrides`, the keys must match the feature flag IDs registered by the owning plugin. Overrides bypass variation and type validation, so ensure the values match what the consuming code expects.
 
-## Custom server configs (reach out to AppEx QA first) [scout-feature-flags-custom-servers]
+## Custom server configs [scout-feature-flags-custom-servers]
 
 Some settings — such as those used during the plugin `setup` lifecycle (e.g., HTTP route registration) — cannot be changed at runtime and must be present when Kibana starts. For these cases Scout supports **custom server configuration sets** that manage a local Kibana process.
 

docs/extend/scout/getting-started.md

@@ -10,3 +10,4 @@ Start here to set up Scout in a plugin/package, run tests, and debug failures.
 - [Run Scout tests](./run-tests.md)
 - [Debug Scout test runs](./debugging.md)
 - [Best practices for Scout tests](./best-practices.md)
+- [Migrate tests to Scout](./migrate-tests.md)