[8.x] [Bug] [Assistant API] - Do not allow empty conversation ID in chat/complete route (#11783) (#213049) (#213088)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Bug] [Assistant API] - Do not allow empty conversation ID in
chat/complete route (#11783)
(#213049)](https://github.com/elastic/kibana/pull/213049)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Ievgen
Sorokopud","email":"ievgen.sorokopud@elastic.co"},"sourceCommit":{"committedDate":"2025-03-04T12:05:51Z","message":"[Bug]
[Assistant API] - Do not allow empty conversation ID in chat/complete
route (#11783) (#213049)\n\n## Summary\n\nBUG:
https://github.com/elastic/security-team/issues/11783\n\nThis PR fixes
the behaviour of the\n`/api/security_ai_assistant/chat/complete` route
where the\n`conversationId` can be passed as an empty string. This may
lead to\nunexpected results described
in\nhttps://github.com/elastic/security-team/issues/11783#issuecomment-2696529040.\n\n###
Expected behaviour\n\nWe should throw a bad request (400) http error
when empty\n`conversationId` has been passed.\n\n### Testing\n\n* Use
this `curl` command to test the endpoint.\n\n```\ncurl --location
'http://localhost:5601/api/security_ai_assistant/chat/complete'
\\\n--header 'kbn-xsrf: true' \\\n--header 'Content-Type:
application/json' \\\n--data '{\n \"connectorId\":
\"{{my-gpt4o-ai}}\",\n \"conversationId\": \"\",\n \"isStream\":
false,\n \"messages\": [\n {\n \"content\": \"Follow up\",\n \"role\":
\"user\"\n }\n ],\n \"persist\": true\n}'\n```\n\nYou should see next
error as a response:\n\n```\n{\n \"statusCode\": 400,\n \"error\": \"Bad
Request\",\n \"message\": \"[request body]: conversationId: String must
contain at least 1 character(s), conversationId: No empty strings
allowed\"\n}\n```\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"7db897a5393f2d776eca1d9760801dc2fa72ad9d","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","Team:
SecuritySolution","Team:Security Generative
AI","backport:version","v8.17.0","v8.18.0","v9.1.0","v8.19.0"],"title":"[Bug]
[Assistant API] - Do not allow empty conversation ID in chat/complete
route
(#11783)","number":213049,"url":"https://github.com/elastic/kibana/pull/213049","mergeCommit":{"message":"[Bug]
[Assistant API] - Do not allow empty conversation ID in chat/complete
route (#11783) (#213049)\n\n## Summary\n\nBUG:
https://github.com/elastic/security-team/issues/11783\n\nThis PR fixes
the behaviour of the\n`/api/security_ai_assistant/chat/complete` route
where the\n`conversationId` can be passed as an empty string. This may
lead to\nunexpected results described
in\nhttps://github.com/elastic/security-team/issues/11783#issuecomment-2696529040.\n\n###
Expected behaviour\n\nWe should throw a bad request (400) http error
when empty\n`conversationId` has been passed.\n\n### Testing\n\n* Use
this `curl` command to test the endpoint.\n\n```\ncurl --location
'http://localhost:5601/api/security_ai_assistant/chat/complete'
\\\n--header 'kbn-xsrf: true' \\\n--header 'Content-Type:
application/json' \\\n--data '{\n \"connectorId\":
\"{{my-gpt4o-ai}}\",\n \"conversationId\": \"\",\n \"isStream\":
false,\n \"messages\": [\n {\n \"content\": \"Follow up\",\n \"role\":
\"user\"\n }\n ],\n \"persist\": true\n}'\n```\n\nYou should see next
error as a response:\n\n```\n{\n \"statusCode\": 400,\n \"error\": \"Bad
Request\",\n \"message\": \"[request body]: conversationId: String must
contain at least 1 character(s), conversationId: No empty strings
allowed\"\n}\n```\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"7db897a5393f2d776eca1d9760801dc2fa72ad9d"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.17","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213049","number":213049,"mergeCommit":{"message":"[Bug]
[Assistant API] - Do not allow empty conversation ID in chat/complete
route (#11783) (#213049)\n\n## Summary\n\nBUG:
https://github.com/elastic/security-team/issues/11783\n\nThis PR fixes
the behaviour of the\n`/api/security_ai_assistant/chat/complete` route
where the\n`conversationId` can be passed as an empty string. This may
lead to\nunexpected results described
in\nhttps://github.com/elastic/security-team/issues/11783#issuecomment-2696529040.\n\n###
Expected behaviour\n\nWe should throw a bad request (400) http error
when empty\n`conversationId` has been passed.\n\n### Testing\n\n* Use
this `curl` command to test the endpoint.\n\n```\ncurl --location
'http://localhost:5601/api/security_ai_assistant/chat/complete'
\\\n--header 'kbn-xsrf: true' \\\n--header 'Content-Type:
application/json' \\\n--data '{\n \"connectorId\":
\"{{my-gpt4o-ai}}\",\n \"conversationId\": \"\",\n \"isStream\":
false,\n \"messages\": [\n {\n \"content\": \"Follow up\",\n \"role\":
\"user\"\n }\n ],\n \"persist\": true\n}'\n```\n\nYou should see next
error as a response:\n\n```\n{\n \"statusCode\": 400,\n \"error\": \"Bad
Request\",\n \"message\": \"[request body]: conversationId: String must
contain at least 1 character(s), conversationId: No empty strings
allowed\"\n}\n```\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"7db897a5393f2d776eca1d9760801dc2fa72ad9d"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Ievgen Sorokopud <ievgen.sorokopud@elastic.co>

oas_docs/output/kibana.serverless.yaml

@@ -40491,7 +40491,7 @@ components:
         connectorId:
           type: string
         conversationId:
-          type: string
+          $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString'
         isStream:
           type: boolean
         langSmithApiKey:

oas_docs/output/kibana.yaml

@@ -28677,7 +28677,7 @@ components:
         connectorId:
           type: string
         conversationId:
-          type: string
+          $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString'
         isStream:
           type: boolean
         langSmithApiKey:

x-pack/platform/packages/shared/kbn-elastic-assistant-common/docs/openapi/ess/elastic_assistant_api_2023_10_31.bundled.schema.yaml

@@ -1093,7 +1093,7 @@ components:
         connectorId:
           type: string
         conversationId:
-          type: string
+          $ref: '#/components/schemas/NonEmptyString'
         isStream:
           type: boolean
         langSmithApiKey:

x-pack/platform/packages/shared/kbn-elastic-assistant-common/docs/openapi/serverless/elastic_assistant_api_2023_10_31.bundled.schema.yaml

@@ -1093,7 +1093,7 @@ components:
         connectorId:
           type: string
         conversationId:
-          type: string
+          $ref: '#/components/schemas/NonEmptyString'
         isStream:
           type: boolean
         langSmithApiKey:

x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/schemas/chat/post_chat_complete_route.gen.ts

@@ -16,6 +16,8 @@
 
 import { z } from '@kbn/zod';
 
+import { NonEmptyString } from '../common_attributes.gen';
+
 export type RootContext = z.infer<typeof RootContext>;
 export const RootContext = z.literal('security');
 
@@ -52,7 +54,7 @@ export const ChatMessage = z.object({
 
 export type ChatCompleteProps = z.infer<typeof ChatCompleteProps>;
 export const ChatCompleteProps = z.object({
-  conversationId: z.string().optional(),
+  conversationId: NonEmptyString.optional(),
   promptId: z.string().optional(),
   isStream: z.boolean().optional(),
   responseLanguage: z.string().optional(),

x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/schemas/chat/post_chat_complete_route.schema.yaml

@@ -83,7 +83,7 @@ components:
       type: object
       properties:
         conversationId:
-          type: string
+          $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
         promptId:
           type: string
         isStream:
@@ -103,7 +103,7 @@ components:
         messages:
           type: array
           items:
-              $ref: '#/components/schemas/ChatMessage'
+            $ref: '#/components/schemas/ChatMessage'
       required:
         - messages
         - persist