fix: type hinting fixes and additional code checks

[traut]

Pull Request

Issue link(s):

• https://github.com/elastic/ia-trade-team/issues/626
• https://github.com/elastic/ia-trade-team/issues/481
• [FR] Add Support for Python 3.13 #4534

Summary - What I changed

• adding ruff and pyright checks in CI workflow
• making sure pyright has no complains

How To Test

Checklist

• Added a label for the type of pr: bug, enhancement, schema, maintenance, Rule: New, Rule: Deprecation, Rule: Tuning, Hunt: New, or Hunt: Tuning so guidelines can be generated
• Added the meta:rapid-merge label if planning to merge within 24 hours
• Secret and sensitive material has been managed correctly
• Automated testing was updated or added to match the most common scenarios
• Documentation and comments were added for features that require explanation

Contributor checklist

• Have you signed the contributor license agreement?
• Have you followed the contributor guidelines?

[github-actions]

Enhancement - Guidelines

These guidelines serve as a reminder set of considerations when addressing adding a new schema feature to the code.

Documentation and Context

• Describe the feature enhancement in detail (alternative solutions, description of the solution, etc.) if not already documented in an issue.
• Include additional context or screenshots.
• Ensure the enhancement includes necessary updates to the documentation and versioning.

Code Standards and Practices

• Code follows established design patterns within the repo and avoids duplication.
• Code changes do not introduce new warnings or errors.
• Variables and functions are well-named and descriptive.
• Any unnecessary / commented-out code is removed.
• Ensure that the code is modular and reusable where applicable.
• Check for proper exception handling and messaging.

Testing

• New unit tests have been added to cover the enhancement.
• Existing unit tests have been updated to reflect the changes.
• Provide evidence of testing and validating the enhancement (e.g., test logs, screenshots).
• Validate that any rules affected by the enhancement are correctly updated.
• Ensure that performance is not negatively impacted by the changes.
• Verify that any release artifacts are properly generated and tested.

Additional Schema Related Checks

• Ensure that the enhancement does not break existing functionality. (e.g., run make test-cli)
• Review the enhancement with a peer or team member for additional insights.
• Verify that the enhancement works across all relevant environments (e.g., different OS versions).
• Confirm that all dependencies are up-to-date and compatible with the changes.
• Link to the relevant Kibana PR or issue provided
• Exported detection rule(s) from Kibana to showcase the feature(s)
• Converted the exported ndjson file(s) to toml in the detection-rules repo
• Re-exported the toml rule(s) to ndjson and re-imported into Kibana
• Updated necessary unit tests to accommodate the feature
• Applied min_compat restrictions to limit the feature to a specified minimum stack version
• Executed all unit tests locally with a test toml rule to confirm passing
• Included Kibana PR implementer as an optional reviewer for insights on the feature
• Implemented requisite downgrade functionality
• Cross-referenced the feature with product documentation for consistency
• Incorporated a comprehensive test rule in unit tests for full schema coverage
• Conducted system testing, including fleet, import, and create APIs (e.g., run make test-remote-cli)
• Confirm that the proper version label is applied to the PR patch, minor, major.

[Mikaayenson]

Suggested change

	detection_rules/etc/*/* @mikaayenson @eric-forte-elastic @traut
	detection_rules/etc/*/* @mikaayenson @eric-forte-elastic @traut
	# exclude files from code owners
	detection_rules/etc/non-ecs-schema.json

[Mikaayenson]

per our team discussion in the team sync today.

[Mikaayenson]

🥂

[Mikaayenson]

Is the message supposed to be rolled up instead of failing here?

[Mikaayenson]

Should we just delete this test or is it a bug?

[eric-forte-elastic]

TLDR I think we can delete this test.

I think the intent for this unittest.skip was similar to / the inverse of

    @unittest.skipIf(PACKAGE_STACK_VERSION < Version("8.3.0"),
                     "Test only applicable to 8.3+ stacks regarding related integrations build time field.")

Which were both added in 2429 to address

In 8.3, we added new build-time fields to our rules, specifically required_fields,related_integrations,setup. This feature request focuses solely on the related_integrations field.

At this time to determine which integrations to build the integrations manifest file, we rely on the integrations folder to determine this and then reference these names in package-storage. For matching, we rely solely on event.dataset fields in these integration queries

The issue:
We do not include the endpoint integration to this integrations manifest. In addition, we cannot rely on event.dataset, we need to look for the logs-endpoint* index for this.

[Mikaayenson]

We should double check that when the transform occurs, its still formatted correctly.

[Mikaayenson]

should we type hint the parsed field below

[Mikaayenson]

Unused?

[Mikaayenson]

Seems a bit odd to type hint as Path when we explicitly set as a Path object. We also dont type hint the next field path.

[Mikaayenson]

Suggested change

	raw = [t.rsplit(".", maxsplit=2) for t in tests]
	raw: list[list[str]] = [t.rsplit(".", maxsplit=2) for t in tests]

?

[Mikaayenson]

Is there a way to clean this up?

[Mikaayenson]

Can we add this to the function # type: ignore[reportUnknownMemberType] instead of inline.

[Mikaayenson]

Curious as to why this was a tuple

[Mikaayenson]

• Any reason why the build didn't run? Waiting for status to be reported
• Note, I think we need to run the lint tests locally and add to this PR (since the workflow won't run until the action is on main)
• We'll also want to open a maintenance window and test the backporting logic.