[8.19] review of action response codes (elastic#240420) (elastic#240821)

# Backport

This will backport the following commits from `main` to `8.19`:
- [review of action response codes
(elastic#240420)](elastic#240420)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Leszek
Kubik","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-10-27T13:49:21Z","message":"review
of action response codes (elastic#240420)\n\n## Summary\n\nI've reviewed action
response codes. One was wrong, few were missing.\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] Any text
added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[
]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas
added for features that require explanation or tutorials\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] If a plugin
configuration key changed, check if it needs to be\nallowlisted in the
cloud and added to the
[docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n-
[ ] This was checked for breaking HTTP API changes, and any
breaking\nchanges have been approved by the breaking-change committee.
The\n`release_note:breaking` label should be applied in these
situations.\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [ ] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n-
[ ] Review the
[backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand
apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this
PR introduce any risks? For example, consider risks like hard\nto test
bugs, performance regression, potential of data loss.\n\nDescribe the
risk, its severity, and mitigation for each identified\nrisk. Invite
stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See
some
risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n-
[ ] ...\n\n---------\n\nCo-authored-by: Ashokaditya
<[email protected]>","sha":"59cc9148f037f3d810e94a54f62195fd03dbe68d","branchLabelMapping":{"^v9.3.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","backport:all-open","v9.3.0"],"title":"review
of action response
codes","number":240420,"url":"https://github.com/elastic/kibana/pull/240420","mergeCommit":{"message":"review
of action response codes (elastic#240420)\n\n## Summary\n\nI've reviewed action
response codes. One was wrong, few were missing.\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] Any text
added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[
]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas
added for features that require explanation or tutorials\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] If a plugin
configuration key changed, check if it needs to be\nallowlisted in the
cloud and added to the
[docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n-
[ ] This was checked for breaking HTTP API changes, and any
breaking\nchanges have been approved by the breaking-change committee.
The\n`release_note:breaking` label should be applied in these
situations.\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [ ] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n-
[ ] Review the
[backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand
apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this
PR introduce any risks? For example, consider risks like hard\nto test
bugs, performance regression, potential of data loss.\n\nDescribe the
risk, its severity, and mitigation for each identified\nrisk. Invite
stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See
some
risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n-
[ ] ...\n\n---------\n\nCo-authored-by: Ashokaditya
<[email protected]>","sha":"59cc9148f037f3d810e94a54f62195fd03dbe68d"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.3.0","branchLabelMappingKey":"^v9.3.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/240420","number":240420,"mergeCommit":{"message":"review
of action response codes (elastic#240420)\n\n## Summary\n\nI've reviewed action
response codes. One was wrong, few were missing.\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] Any text
added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n-
[
]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas
added for features that require explanation or tutorials\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] If a plugin
configuration key changed, check if it needs to be\nallowlisted in the
cloud and added to the
[docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n-
[ ] This was checked for breaking HTTP API changes, and any
breaking\nchanges have been approved by the breaking-change committee.
The\n`release_note:breaking` label should be applied in these
situations.\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n- [ ] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n-
[ ] Review the
[backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand
apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this
PR introduce any risks? For example, consider risks like hard\nto test
bugs, performance regression, potential of data loss.\n\nDescribe the
risk, its severity, and mitigation for each identified\nrisk. Invite
stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See
some
risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n-
[ ] ...\n\n---------\n\nCo-authored-by: Ashokaditya
<[email protected]>","sha":"59cc9148f037f3d810e94a54f62195fd03dbe68d"}}]}]
BACKPORT-->

Co-authored-by: Leszek Kubik <[email protected]>
Co-authored-by: Ashokaditya <[email protected]>

Author: 3 people

x-pack/solutions/security/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts

@@ -451,9 +451,11 @@ export class EndpointActionGenerator extends BaseDataGenerator {
 
   randomScanFailureCode(): string {
     return this.randomChoice([
-      'ra_scan_error_scan-invalid-input',
+      'ra_scan_error_invalid-input',
       'ra_scan_error_not-found',
-      'ra_scan_error_scan-queue-quota',
+      'ra_scan_error_queue-quota',
+      'ra_scan_error_processing',
+      'ra_scan_error_processing-interrupted',
     ]);
   }
 

x-pack/solutions/security/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.test.tsx

@@ -250,7 +250,7 @@ describe('EndpointActionFailureMessage', () => {
       const errorMessages = getByTestId(testId);
       expect(errorMessages).not.toBeNull();
       expect(errorMessages.textContent).toContain(
-        'The following errors were encountered:Host: Fails-a-lotErrors: Too many scans are queued | Error info A | Error info B | Error info CHost: Errs-a-lotErrors: File path or folder was not found (404) | Error info P | Error info Q | Error info R'
+        'The following errors were encountered:Host: Fails-a-lotErrors: Too many scans are queued | Error info A | Error info B | Error info CHost: Errs-a-lotErrors: File path or folder was not found | Error info P | Error info Q | Error info R'
       );
     });
 
@@ -367,7 +367,7 @@ describe('EndpointActionFailureMessage', () => {
       const errorMessages = getByTestId(testId);
       expect(errorMessages).not.toBeNull();
       expect(errorMessages.textContent).toContain(
-        'The following errors were encountered:Host: Errs-a-lotErrors: File path or folder was not found (404) | Error info P | Error info Q | Error info R'
+        'The following errors were encountered:Host: Errs-a-lotErrors: File path or folder was not found | Error info P | Error info Q | Error info R'
       );
     });
 
@@ -422,7 +422,7 @@ describe('EndpointActionFailureMessage', () => {
       const errorMessages = getByTestId(testId);
       expect(errorMessages).not.toBeNull();
       expect(errorMessages.textContent).toContain(
-        'The following error was encountered:Host: Errs-a-lotErrors: File path or folder was not found (404)'
+        'The following error was encountered:Host: Errs-a-lotErrors: File path or folder was not found'
       );
     });
   });

x-pack/solutions/security/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/scan_action.test.tsx

@@ -243,16 +243,19 @@ describe('When using scan action from response actions console', () => {
     });
   });
 
-  it.each(['ra_scan_error_not-found', 'ra_scan_error_invalid-input', 'ra_scan_error_queue-quota'])(
-    'should show detailed error if `scan` failure returned code: %s',
-    async (outputCode) => {
-      const mockData = apiMocks.responseProvider.actionDetails({
-        path: '/api/endpoint/action/agent-a',
-      }).data;
-
-      const actionDetailsApiResponseMock: ReturnType<
-        typeof apiMocks.responseProvider.actionDetails
-      > = {
+  it.each([
+    'ra_scan_error_not-found',
+    'ra_scan_error_invalid-input',
+    'ra_scan_error_queue-quota',
+    'ra_scan_error_processing',
+    'ra_scan_error_processing-interrupted',
+  ])('should show detailed error if `scan` failure returned code: %s', async (outputCode) => {
+    const mockData = apiMocks.responseProvider.actionDetails({
+      path: '/api/endpoint/action/agent-a',
+    }).data;
+
+    const actionDetailsApiResponseMock: ReturnType<typeof apiMocks.responseProvider.actionDetails> =
+      {
         data: {
           ...mockData,
           id: '123',
@@ -282,16 +285,15 @@ describe('When using scan action from response actions console', () => {
         },
       };
 
-      apiMocks.responseProvider.actionDetails.mockReturnValue(actionDetailsApiResponseMock);
-      await render();
-      await enterConsoleCommand(renderResult, user, 'scan --path="/error/path"');
+    apiMocks.responseProvider.actionDetails.mockReturnValue(actionDetailsApiResponseMock);
+    await render();
+    await enterConsoleCommand(renderResult, user, 'scan --path="/error/path"');
 
-      await waitFor(() => {
-        expect(renderResult.getByTestId('scan-actionFailure').textContent).toMatch(
-          // RegExp below taken from: https://github.com/sindresorhus/escape-string-regexp/blob/main/index.js
-          new RegExp(endpointActionResponseCodes[outputCode].replace(/[|\\{}()[\]^$+*?.]/g, '\\$&'))
-        );
-      });
-    }
-  );
+    await waitFor(() => {
+      expect(renderResult.getByTestId('scan-actionFailure').textContent).toMatch(
+        // RegExp below taken from: https://github.com/sindresorhus/escape-string-regexp/blob/main/index.js
+        new RegExp(endpointActionResponseCodes[outputCode].replace(/[|\\{}()[\]^$+*?.]/g, '\\$&'))
+      );
+    });
+  });
 });

x-pack/solutions/security/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/upload_action.test.tsx

@@ -220,7 +220,7 @@ describe.skip('When using `upload` response action', () => {
 
   it.each([
     'ra_upload_error_failure',
-    'ra_upload_already-exists',
+    'ra_upload_error_already-exists',
     'ra_upload_error_not-found',
     'ra_upload_error_not-permitted',
     'ra_upload_error_too-big',

x-pack/solutions/security/plugins/security_solution/public/management/components/endpoint_responder/lib/endpoint_action_response_codes.ts

@@ -84,8 +84,8 @@ const CODES = Object.freeze({
   ),
 
   /**
-   * Code will be used when the provided process can not be killed (for stability reasons).
-   * Example: This occurs if you try to kill Endpoint Security
+   * Code will be used when the provided process can not be suspended (for stability reasons).
+   * Example: This occurs if you try to suspend Endpoint Security
    */
   'ra_suspend-process_error_not-permitted': i18n.translate(
     'xpack.securitySolution.endpointActionResponseCodes.suspendProcess.notPermittedSuccess',
@@ -228,7 +228,7 @@ const CODES = Object.freeze({
 
   // Dev:
   // File with the given name already exists and overwrite was not allowed.
-  'ra_upload_already-exists': i18n.translate(
+  'ra_upload_error_already-exists': i18n.translate(
     'xpack.securitySolution.endpointActionResponseCodes.upload.fileAlreadyExists',
     {
       defaultMessage:
@@ -270,6 +270,13 @@ const CODES = Object.freeze({
     { defaultMessage: 'Failed to save file to disk or validate its integrity' }
   ),
 
+  // Dev:
+  // Fleet upload API was unreachable or misconfigured
+  'ra_upload_error_upload-api-unreachable': i18n.translate(
+    'xpack.securitySolution.endpointActionResponseCodes.upload.uploadApiUnreachable',
+    { defaultMessage: 'Failed to retrieve the file. File upload api (fleet-server) is unreachable' }
+  ),
+
   // -----------------------------------------------------------------
   // SCAN CODES
   // -----------------------------------------------------------------
@@ -280,10 +287,10 @@ const CODES = Object.freeze({
   ),
 
   // Dev:
-  // file path not found failure (404)
+  // local disk path not found failure
   'ra_scan_error_not-found': i18n.translate(
     'xpack.securitySolution.endpointActionResponseCodes.scan.notFound',
-    { defaultMessage: 'File path or folder was not found (404)' }
+    { defaultMessage: 'File path or folder was not found' }
   ),
 
   // Dev:
@@ -293,6 +300,21 @@ const CODES = Object.freeze({
     { defaultMessage: 'Too many scans are queued' }
   ),
 
+  // Dev:
+  // an error happened while scanning files, scan was not completed
+  ra_scan_error_processing: i18n.translate(
+    'xpack.securitySolution.endpointActionResponseCodes.scan.processingError',
+    { defaultMessage: 'An error occurred while processing the scan' }
+  ),
+
+  // Dev:
+  // scan was interrupted, for example: system shutdown, endpoint service stop/restart.
+  // Endpoint does not track yet scan progress, that's why it can't resume
+  'ra_scan_error_processing-interrupted': i18n.translate(
+    'xpack.securitySolution.endpointActionResponseCodes.scan.processingInterrupted',
+    { defaultMessage: 'The scan was interrupted' }
+  ),
+
   // Dev:
   // scan success/completed
   ra_scan_success_done: i18n.translate(

x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts

@@ -122,7 +122,7 @@ describe(
 
         cy.getByTestSubj('scan-actionFailure')
           .should('exist')
-          .contains('File path or folder was not found (404)');
+          .contains('File path or folder was not found');
       });
     });
   }