[o11y AI] Refactor tools (elastic#247070)

Refactors the o11y tools to a consistent separation between tool
definition and handling logic. Previously, tools mixed these and used
inconsistent naming conventions, making it harder to navigate (both for
humans and LLMs)

New folder structure
-  `tool.ts`: Contains the tool schema, metadata  and registration
- `handler.ts`: Encapsulates the business logic (mostly data retrieval
and data formatting)

**Advantages**
- This improves maintainability and readability. 
- This will enable us to consume tools from AI insight routes by calling
the tool handler directly (bypassing the tool wrapper)

Author: sorenlouv

x-pack/solutions/observability/plugins/observability_agent_builder/server/data_registry/data_registry_types.ts

@@ -38,7 +38,7 @@ interface ServiceSummary {
   deployments: Array<{ '@timestamp': string }>;
 }
 
-interface APMDownstreamDependency {
+export interface APMDownstreamDependency {
   'service.name'?: string | undefined;
   'span.destination.service.resource': string;
   'span.type'?: string | undefined;
@@ -86,7 +86,7 @@ interface APMTransaction {
   };
 }
 
-interface ServicesItemsItem {
+export interface ServicesItemsItem {
   serviceName: string;
   transactionType?: string;
   environments?: string[];
@@ -129,7 +129,7 @@ interface InfraEntityMetadata {
   value: string | number | null;
 }
 
-interface InfraEntityMetricsItem {
+export interface InfraEntityMetricsItem {
   name: string;
   metrics: InfraEntityMetrics[];
   metadata: InfraEntityMetadata[];

x-pack/solutions/observability/plugins/observability_agent_builder/server/routes/ai_insights/apm_error/fetch_apm_error_context.ts

@@ -16,7 +16,7 @@ import type {
   ObservabilityAgentBuilderPluginStart,
   ObservabilityAgentBuilderPluginStartDependencies,
 } from '../../../types';
-import { getFilteredLogCategories } from '../../../tools/get_log_categories/get_log_categories';
+import { getFilteredLogCategories } from '../../../tools/get_log_categories/handler';
 import { getLogsIndices } from '../../../utils/get_logs_indices';
 import { getApmIndices } from '../../../utils/get_apm_indices';
 import { parseDatemath } from '../../../utils/time';

x-pack/solutions/observability/plugins/observability_agent_builder/server/tools/get_alerts/handler.ts

@@ -0,0 +1,119 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { omit } from 'lodash';
+import type { CoreSetup, KibanaRequest, Logger } from '@kbn/core/server';
+import {
+  ALERT_STATUS,
+  ALERT_STATUS_ACTIVE,
+  AlertConsumers,
+} from '@kbn/rule-registry-plugin/common/technical_rule_data_field_names';
+import { OBSERVABILITY_RULE_TYPE_IDS_WITH_SUPPORTED_STACK_RULE_TYPES } from '@kbn/observability-shared-plugin/common';
+import type {
+  ObservabilityAgentBuilderPluginStart,
+  ObservabilityAgentBuilderPluginStartDependencies,
+} from '../../types';
+import { getRelevantAlertFields } from './get_relevant_alert_fields';
+import { getHitsTotal } from '../../utils/get_hits_total';
+import { kqlFilter as buildKqlFilter } from '../../utils/dsl_filters';
+import { getDefaultConnectorId } from '../../utils/get_default_connector_id';
+
+const OMITTED_ALERT_FIELDS = [
+  'event.action',
+  'event.kind',
+  'kibana.alert.rule.execution.uuid',
+  'kibana.alert.rule.revision',
+  'kibana.alert.rule.tags',
+  'kibana.alert.rule.uuid',
+  'kibana.alert.workflow_status',
+  'kibana.space_ids',
+  'kibana.alert.time_range',
+  'kibana.version',
+] as const;
+
+export async function getToolHandler({
+  core,
+  request,
+  logger,
+  start,
+  end,
+  query,
+  kqlFilter,
+  includeRecovered,
+}: {
+  core: CoreSetup<
+    ObservabilityAgentBuilderPluginStartDependencies,
+    ObservabilityAgentBuilderPluginStart
+  >;
+  request: KibanaRequest;
+  logger: Logger;
+  start: string;
+  end: string;
+  query: string;
+  kqlFilter?: string;
+  includeRecovered?: boolean;
+}) {
+  const [coreStart, pluginStart] = await core.getStartServices();
+  const { inference, ruleRegistry } = pluginStart;
+
+  const alertsClient = await ruleRegistry.getRacClientWithRequest(request);
+  const connectorId = await getDefaultConnectorId({
+    coreStart,
+    inference,
+    request,
+    logger,
+  });
+
+  const boundInferenceClient = inference.getClient({
+    request,
+    bindTo: { connectorId },
+  });
+
+  const selectedFields = await getRelevantAlertFields({
+    coreStart,
+    pluginStart,
+    request,
+    inferenceClient: boundInferenceClient,
+    logger,
+    query,
+  });
+
+  const response = await alertsClient.find({
+    ruleTypeIds: OBSERVABILITY_RULE_TYPE_IDS_WITH_SUPPORTED_STACK_RULE_TYPES,
+    consumers: [
+      AlertConsumers.APM,
+      AlertConsumers.INFRASTRUCTURE,
+      AlertConsumers.LOGS,
+      AlertConsumers.UPTIME,
+      AlertConsumers.SLO,
+      AlertConsumers.OBSERVABILITY,
+      AlertConsumers.ALERTS,
+    ],
+    query: {
+      bool: {
+        filter: [
+          {
+            range: {
+              'kibana.alert.start': {
+                gte: start,
+                lte: end,
+              },
+            },
+          },
+          ...buildKqlFilter(kqlFilter),
+          ...(includeRecovered ? [] : [{ term: { [ALERT_STATUS]: ALERT_STATUS_ACTIVE } }]),
+        ],
+      },
+    },
+    size: 10,
+  });
+
+  const total = getHitsTotal(response);
+  const alerts = response.hits.hits.map((hit) => omit(hit._source ?? {}, ...OMITTED_ALERT_FIELDS));
+
+  return { alerts, selectedFields, total };
+}

…er/server/tools/get_alerts/get_alerts.ts …_builder/server/tools/get_alerts/tool.tsx-pack/solutions/observability/plugins/observability_agent_builder/server/tools/get_alerts/get_alerts.ts renamed to x-pack/solutions/observability/plugins/observability_agent_builder/server/tools/get_alerts/tool.ts x-pack/solutions/observability/plugins/observability_agent_builder/server/tools/get_alerts/get_alerts.ts renamed to x-pack/solutions/observability/plugins/observability_agent_builder/server/tools/get_alerts/tool.ts

@@ -6,27 +6,17 @@
  */
 
 import { z } from '@kbn/zod';
-import { omit } from 'lodash';
 import { ToolType } from '@kbn/onechat-common';
 import { ToolResultType } from '@kbn/onechat-common/tools/tool_result';
 import type { BuiltinToolDefinition, StaticToolRegistration } from '@kbn/onechat-server';
 import type { CoreSetup, Logger } from '@kbn/core/server';
-import {
-  ALERT_STATUS,
-  ALERT_STATUS_ACTIVE,
-  AlertConsumers,
-} from '@kbn/rule-registry-plugin/common/technical_rule_data_field_names';
-import { OBSERVABILITY_RULE_TYPE_IDS_WITH_SUPPORTED_STACK_RULE_TYPES } from '@kbn/observability-shared-plugin/common';
 import type {
   ObservabilityAgentBuilderPluginStart,
   ObservabilityAgentBuilderPluginStartDependencies,
 } from '../../types';
-import { getRelevantAlertFields } from './get_relevant_alert_fields';
-import { getHitsTotal } from '../../utils/get_hits_total';
-import { kqlFilter as buildKqlFilter } from '../../utils/dsl_filters';
 import { getAgentBuilderResourceAvailability } from '../../utils/get_agent_builder_resource_availability';
 import { timeRangeSchemaOptional } from '../../utils/tool_schemas';
-import { getDefaultConnectorId } from '../../utils/get_default_connector_id';
+import { getToolHandler } from './handler';
 
 export const OBSERVABILITY_GET_ALERTS_TOOL_ID = 'observability.get_alerts';
 
@@ -62,19 +52,6 @@ export const defaultFields = [
   'transaction.name',
 ];
 
-const OMITTED_ALERT_FIELDS = [
-  'event.action',
-  'event.kind',
-  'kibana.alert.rule.execution.uuid',
-  'kibana.alert.rule.revision',
-  'kibana.alert.rule.tags',
-  'kibana.alert.rule.uuid',
-  'kibana.alert.workflow_status',
-  'kibana.space_ids',
-  'kibana.alert.time_range',
-  'kibana.version',
-] as const;
-
 const getAlertsSchema = z.object({
   ...timeRangeSchemaOptional(DEFAULT_TIME_RANGE),
   query: z.string().min(1).describe('Natural language query to guide relevant field selection.'),
@@ -120,68 +97,17 @@ export function createGetAlertsTool({
       { request }
     ) => {
       try {
-        const [coreStart, pluginStart] = await core.getStartServices();
-        const { inference, ruleRegistry } = pluginStart;
-
-        const alertsClient = await ruleRegistry.getRacClientWithRequest(request);
-
-        const connectorId = await getDefaultConnectorId({
-          coreStart,
-          inference,
-          request,
-          logger,
-        });
-
-        const boundInferenceClient = inference.getClient({
+        const { alerts, selectedFields, total } = await getToolHandler({
+          core,
           request,
-          bindTo: { connectorId },
-        });
-
-        const selectedFields = await getRelevantAlertFields({
-          coreStart,
-          pluginStart,
-          request,
-          inferenceClient: boundInferenceClient,
           logger,
+          start,
+          end,
           query,
+          kqlFilter,
+          includeRecovered,
         });
 
-        const response = await alertsClient.find({
-          ruleTypeIds: OBSERVABILITY_RULE_TYPE_IDS_WITH_SUPPORTED_STACK_RULE_TYPES,
-          consumers: [
-            AlertConsumers.APM,
-            AlertConsumers.INFRASTRUCTURE,
-            AlertConsumers.LOGS,
-            AlertConsumers.UPTIME,
-            AlertConsumers.SLO,
-            AlertConsumers.OBSERVABILITY,
-            AlertConsumers.ALERTS,
-          ],
-          query: {
-            bool: {
-              filter: [
-                {
-                  range: {
-                    'kibana.alert.start': {
-                      gte: start,
-                      lte: end,
-                    },
-                  },
-                },
-                ...buildKqlFilter(kqlFilter),
-                ...(includeRecovered ? [] : [{ term: { [ALERT_STATUS]: ALERT_STATUS_ACTIVE } }]),
-              ],
-            },
-          },
-          size: 10,
-        });
-
-        const total = getHitsTotal(response);
-
-        const alerts = response.hits.hits.map((hit) =>
-          omit(hit._source ?? {}, ...OMITTED_ALERT_FIELDS)
-        );
-
         return {
           results: [
             {