elastic · adcoelho · May 19, 2026 · May 19, 2026 · May 19, 2026 · May 19, 2026
diff --git a/packages/kbn-optimizer/limits.yml b/packages/kbn-optimizer/limits.yml
@@ -9,7 +9,7 @@ pageLoadAssetSize:
   aiAssistantManagementSelection: 11569
   aiops: 15227
   alerting: 22371
-  alertingVTwo: 51297
+  alertingVTwo: 56591
   apm: 54371
   apmSourcesAccess: 2278
   automaticImport: 18629

@@ -27,6 +27,10 @@
  * and copy the schemaHash from the response for the trigger id.
  */
 export const APPROVED_TRIGGER_DEFINITIONS: Array<{ id: string; schemaHash: string }> = [
+  {
+    id: 'alertingV2.episodeAssigned',
+    schemaHash: 'fce48752c788e4620a70cf8d33040117c7a46c78508a5cf98c5c0fa93f631ad0',
+  },
   {
     id: 'cases.caseCreated',
     schemaHash: '5b562db9463664a1e28ff2f3ee7edec229e83912569190cd8a83f53d38da9ed8',

@@ -46,4 +46,4 @@ If you want implementation detail for one subsystem, continue with:
 - API shape or saved object contracts: inspect `server/routes/` and `server/saved_objects/` together with the relevant subsystem docs
 - Workflow triggers (workflows_extensions registration + runtime emission): see the public and server READMEs
   - [`public/lib/workflow_extensions/README.md`](public/lib/workflow_extensions/README.md)
-  - [`server/lib/services/workflow_extensions_service/README.md`](server/lib/services/workflow_extensions_service/README.md)
+  - [`server/lib/services/workflow_service/README.md`](server/lib/services/workflow_service/README.md)
@@ -0,0 +1,101 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+import { z } from '@kbn/zod/v4';
+import type { CommonTriggerDefinition } from '@kbn/workflows-extensions/common';
+
+export const EPISODE_ASSIGNED_TRIGGER_ID = 'alertingV2.episodeAssigned' as const;
+
+export const episodeAssignedPayloadSchema = z
+  .object({
+    occurredAt: z.string().describe(
+      i18n.translate('xpack.alertingVTwo.triggers.episodeAssigned.schema.occurredAt', {
+        defaultMessage: 'ISO timestamp of when the assignment occurred.',
+      })
+    ),
+    groupHash: z.string().describe(
+      i18n.translate('xpack.alertingVTwo.triggers.episodeAssigned.schema.groupHash', {
+        defaultMessage: 'Stable hash of the alert grouping the episode belongs to.',
+      })
+    ),
+    episodeId: z.string().describe(
+      i18n.translate('xpack.alertingVTwo.triggers.episodeAssigned.schema.episodeId', {
+        defaultMessage: 'Identifier of the alerting episode whose assignee changed.',
+      })
+    ),
+    ruleId: z.string().describe(
+      i18n.translate('xpack.alertingVTwo.triggers.episodeAssigned.schema.ruleId', {
+        defaultMessage: 'Identifier of the alerting rule the episode belongs to.',
+      })
+    ),
+    spaceId: z.string().describe(
+      i18n.translate('xpack.alertingVTwo.triggers.episodeAssigned.schema.spaceId', {
+        defaultMessage: 'Kibana space the episode lives in.',
+      })
+    ),
+    actorUid: z
+      .string()
+      .nullable()
+      .describe(
+        i18n.translate('xpack.alertingVTwo.triggers.episodeAssigned.schema.actorUid', {
+          defaultMessage:
+            'User-profile uid of the actor who changed the assignee, or null when performed by an internal/system context.',
+        })
+      ),
+    assigneeUid: z
+      .string()
+      .nullable()
+      .describe(
+        i18n.translate('xpack.alertingVTwo.triggers.episodeAssigned.schema.assigneeUid', {
+          defaultMessage:
+            'User-profile uid of the new assignee, or null when the episode was unassigned.',
+        })
+      ),
+  })
+  .strict();
+
+export type EpisodeAssignedPayload = z.infer<typeof episodeAssignedPayloadSchema>;
+
+export const episodeAssignedTriggerCommonDefinition: CommonTriggerDefinition<
+  typeof episodeAssignedPayloadSchema
+> = {
+  id: EPISODE_ASSIGNED_TRIGGER_ID,
+  eventSchema: episodeAssignedPayloadSchema,
+  title: i18n.translate('xpack.alertingVTwo.workflowTriggers.episodeAssigned.title', {
+    defaultMessage: 'Alerting - Episode assigned',
+  }),
+  description: i18n.translate('xpack.alertingVTwo.workflowTriggers.episodeAssigned.description', {
+    defaultMessage: 'Emitted when an alerting episode is assigned to a user.',
+  }),
+  documentation: {
+    details: i18n.translate(
+      'xpack.alertingVTwo.workflowTriggers.episodeAssigned.documentation.details',
+      {
+        defaultMessage:
+          'Emitted after an episode assign action is persisted with a non-null assignee. The payload includes event.episodeId, event.ruleId, event.spaceId, and event.assigneeUid for trigger conditions.',
+      }
+    ),
+    examples: [
+      i18n.translate('xpack.alertingVTwo.workflowTriggers.episodeAssigned.documentation.example', {
+        defaultMessage: `## Run for a specific rule
+\`\`\`yaml
+triggers:
+  - type: {triggerId}
+    on:
+      condition: 'event.ruleId: "my-rule-id"'
+\`\`\``,
+        values: {
+          triggerId: EPISODE_ASSIGNED_TRIGGER_ID,
+        },
+      }),
+    ],
+  },
+  snippets: {
+    condition: 'event.assigneeUid: "user-profile-uid"',
+  },
+};
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export {
+  EPISODE_ASSIGNED_TRIGGER_ID,
+  episodeAssignedPayloadSchema,
+  episodeAssignedTriggerCommonDefinition,
+} from './episode_assigned';
+export type { EpisodeAssignedPayload } from './episode_assigned';
@@ -9,7 +9,7 @@ This folder owns the **public-side (browser) registration** of `alerting_v2` wor
 - **Public setup contract** (`WorkflowsExtensionsPublicPluginSetup`) — UI metadata for the Workflows builder (title, description, icon, docs, snippets). This is what controls discoverability of a trigger in the Workflows UI.
 - **Server setup contract** (`WorkflowsExtensionsServerPluginSetup`) — runtime validation/execution of triggers and steps.
 
-This README covers the **public** side. For the server side (where runtime emission also lives), see [`server/lib/services/workflow_extensions_service/README.md`](../../../server/lib/services/workflow_extensions_service/README.md).
+This README covers the **public** side. For the server side (where runtime emission also lives), see [`server/lib/services/workflow_service/README.md`](../../../server/lib/services/workflow_service/README.md).
 
 ## Registering a new trigger
 

@@ -5,10 +5,8 @@
  * 2.0.
  */
 
-import type {
-  PublicTriggerDefinition,
-  WorkflowsExtensionsPublicPluginSetup,
-} from '@kbn/workflows-extensions/public';
+import type { WorkflowsExtensionsPublicPluginSetup } from '@kbn/workflows-extensions/public';
+import { episodeAssignedTriggerPublicDefinition } from './triggers/episode_assigned';
 
 /**
  * Registers all alerting-v2 public workflow trigger definitions (UI metadata).
@@ -17,11 +15,5 @@ import type {
 export function registerTriggerDefinitions(
   workflowsExtensions: WorkflowsExtensionsPublicPluginSetup
 ): void {
-  const triggerDefinitions: PublicTriggerDefinition[] = [
-    // Add PublicTriggerDefinition entries here (spread common id + eventSchema + title, icon, docs).
-  ];
-
-  for (const definition of triggerDefinitions) {
-    workflowsExtensions.registerTriggerDefinition(definition);
-  }
+  workflowsExtensions.registerTriggerDefinition(episodeAssignedTriggerPublicDefinition);
 }
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import type { PublicTriggerDefinition } from '@kbn/workflows-extensions/public';
+import { episodeAssignedTriggerCommonDefinition } from '../../../../common/workflows/triggers';
+
+const EpisodeAssignedIcon = React.lazy(() =>
+  // @ts-expect-error EUI does not ship `.d.ts` files for deep `icon/assets/*`
+  // subpaths. Other plugins work around this with an ambient `eui_icons.d.ts`
+  // (see e.g. x-pack/platform/plugins/shared/cases/public/workflows/eui_icons.d.ts).
+  import('@elastic/eui/es/components/icon/assets/user').then(({ icon }) => ({
+    default: icon,
+  }))
+);
+
+export const episodeAssignedTriggerPublicDefinition: PublicTriggerDefinition = {
+  ...episodeAssignedTriggerCommonDefinition,
+  icon: EpisodeAssignedIcon,
+};
@@ -14,6 +14,7 @@ import { bindOnSetup } from './setup/bind_on_setup';
 import { bindOnStart } from './setup/bind_on_start';
 import { bindRoutes } from './setup/bind_routes';
 import { bindServices } from './setup/bind_services';
+import { bindEvents } from './setup/bind_events';
 import { bindRuleExecutionServices } from './setup/bind_rule_executor';
 import { bindDispatcherExecutionServices } from './setup/bind_dispatcher_executor';
 import { bindTasks } from './setup/bind_tasks';
@@ -28,6 +29,7 @@ export const module = new ContainerModule((options) => {
   bindContract(options);
   bindRoutes(options);
   bindServices(options);
+  bindEvents(options);
   bindRuleExecutionServices(options);
   bindDispatcherExecutionServices(options);
   bindTasks(options);

@@ -8,7 +8,10 @@
 import type { ElasticsearchClient } from '@kbn/core/server';
 import type { UserProfileServiceStart } from '@kbn/core-user-profile-server';
 import type { DeeplyMockedApi } from '@kbn/core-elasticsearch-client-server-mocks';
+import { httpServerMock } from '@kbn/core-http-server-mocks';
 import type { PublicMethodsOf } from '@kbn/utility-types';
+import { createAlertActionEventPublisher } from '../events/alert_action_event_publisher/alert_action_event_publisher.mock';
+import type { AlertActionEventPublisher } from '../events/alert_action_event_publisher/alert_action_event_publisher';
 import { createQueryService } from '../services/query_service/query_service.mock';
 import { createStorageService } from '../services/storage_service/storage_service.mock';
 import { createUserService, createUserProfile } from '../services/user_service/user_service.mock';
@@ -19,21 +22,32 @@ export function createAlertActionsClient(): {
   queryServiceEsClient: DeeplyMockedApi<ElasticsearchClient>;
   storageServiceEsClient: jest.Mocked<ElasticsearchClient>;
   userProfileService: jest.Mocked<UserProfileServiceStart>;
+  alertActionEventPublisher: AlertActionEventPublisher;
 } {
   const { queryService, mockEsClient: queryServiceEsClient } = createQueryService();
   const { storageService, mockEsClient: storageServiceEsClient } = createStorageService();
   const { userService, userProfileService } = createUserService();
+  const { publisher: alertActionEventPublisher } = createAlertActionEventPublisher();
+  const request = httpServerMock.createKibanaRequest();
 
   userProfileService.getCurrent.mockResolvedValue(createUserProfile('test-uid'));
 
   const alertActionsClient = new AlertActionsClient(
     queryService,
     storageService,
     userService,
-    'default'
+    request,
+    'default',
+    alertActionEventPublisher
   );
 
-  return { alertActionsClient, queryServiceEsClient, storageServiceEsClient, userProfileService };
+  return {
+    alertActionsClient,
+    queryServiceEsClient,
+    storageServiceEsClient,
+    userProfileService,
+    alertActionEventPublisher,
+  };
 }
 
 export function createAlertActionsClientMock(): jest.Mocked<PublicMethodsOf<AlertActionsClient>> {

@@ -10,6 +10,7 @@ import type { UserProfileServiceStart } from '@kbn/core-user-profile-server';
 import type { DeeplyMockedApi } from '@kbn/core-elasticsearch-client-server-mocks';
 import type { BulkCreateAlertActionItemBody } from '@kbn/alerting-v2-schemas';
 import { ALERT_EPISODE_ACTION_TYPE, type CreateAlertActionBody } from '@kbn/alerting-v2-schemas';
+import type { AlertActionEventPublisher } from '../events/alert_action_event_publisher/alert_action_event_publisher';
 import type { AlertActionsClient } from './alert_actions_client';
 import { createAlertActionsClient } from './alert_actions_client.mock';
 import {
@@ -24,14 +25,18 @@ describe('AlertActionsClient', () => {
   let queryServiceEsClient: DeeplyMockedApi<ElasticsearchClient>;
   let storageServiceEsClient: jest.Mocked<ElasticsearchClient>;
   let userProfileService: jest.Mocked<UserProfileServiceStart>;
+  let alertActionEventPublisher: AlertActionEventPublisher;
+  let emitEpisodeActionsSpy: jest.SpyInstance;
 
   beforeEach(() => {
     ({
       alertActionsClient: client,
       queryServiceEsClient,
       storageServiceEsClient,
       userProfileService,
+      alertActionEventPublisher,
     } = createAlertActionsClient());
+    emitEpisodeActionsSpy = jest.spyOn(alertActionEventPublisher, 'emitEpisodeActions');
     storageServiceEsClient.bulk.mockResolvedValueOnce({ items: [], errors: false, took: 1 });
   });
 
@@ -216,6 +221,83 @@ describe('AlertActionsClient', () => {
     });
   });
 
+  describe('episode action domain events', () => {
+    it('calls emitEpisodeActions with the persisted assign action document', async () => {
+      queryServiceEsClient.esql.query.mockResolvedValueOnce(getAlertEventESQLResponse());
+
+      await client.createAction({
+        groupHash: 'test-group-hash',
+        action: {
+          action_type: ALERT_EPISODE_ACTION_TYPE.ASSIGN,
+          episode_id: 'episode-1',
+          assignee_uid: 'assignee-uid-1',
+        },
+      });
+
+      expect(emitEpisodeActionsSpy).toHaveBeenCalledTimes(1);
+      expect(emitEpisodeActionsSpy).toHaveBeenCalledWith(expect.anything(), [
+        expect.objectContaining({
+          action_type: ALERT_EPISODE_ACTION_TYPE.ASSIGN,
+          assignee_uid: 'assignee-uid-1',
+          episode_id: 'episode-1',
+          group_hash: 'test-group-hash',
+          actor: 'test-uid',
+        }),
+      ]);
+    });
+
+    it('does not call emitEpisodeActions when persistence fails', async () => {
+      queryServiceEsClient.esql.query.mockResolvedValueOnce(getEmptyESQLResponse());
+
+      await expect(
+        client.createAction({
+          groupHash: 'unknown-group-hash',
+          action: {
+            action_type: ALERT_EPISODE_ACTION_TYPE.ASSIGN,
+            episode_id: 'episode-1',
+            assignee_uid: 'assignee-uid-1',
+          },
+        })
+      ).rejects.toThrow();
+
+      expect(emitEpisodeActionsSpy).not.toHaveBeenCalled();
+    });
+
+    it('calls emitEpisodeActions for bulk assign actions only among persisted docs', async () => {
+      const actions: BulkCreateAlertActionItemBody[] = [
+        {
+          group_hash: 'group-hash-1',
+          action_type: ALERT_EPISODE_ACTION_TYPE.ASSIGN,
+          episode_id: 'episode-1',
+          assignee_uid: 'assignee-uid-1',
+        },
+        {
+          group_hash: 'group-hash-2',
+          action_type: ALERT_EPISODE_ACTION_TYPE.ACK,
+          episode_id: 'episode-2',
+        },
+      ];
+
+      queryServiceEsClient.esql.query.mockResolvedValueOnce(
+        getBulkAlertEventsESQLResponse([
+          { group_hash: 'group-hash-1', episode_id: 'episode-1' },
+          { group_hash: 'group-hash-2', episode_id: 'episode-2' },
+        ])
+      );
+
+      await client.createBulkActions(actions);
+
+      expect(emitEpisodeActionsSpy).toHaveBeenCalledTimes(1);
+      expect(emitEpisodeActionsSpy.mock.calls[0][1]).toHaveLength(2);
+      expect(emitEpisodeActionsSpy.mock.calls[0][1][0]).toMatchObject({
+        action_type: ALERT_EPISODE_ACTION_TYPE.ASSIGN,
+      });
+      expect(emitEpisodeActionsSpy.mock.calls[0][1][1]).toMatchObject({
+        action_type: ALERT_EPISODE_ACTION_TYPE.ACK,
+      });
+    });
+  });
+
   describe('error codes and details', () => {
     it('attaches ALERT_EVENT_NOT_FOUND code with group_hash and episode_id details on createAction', async () => {
       queryServiceEsClient.esql.query.mockResolvedValueOnce(getEmptyESQLResponse());