feat: Introduce cel ast rebuilder

keep-ui/app/(keep)/rules/CorrelationSidebar/AlertsFoundBadge.tsx

@@ -3,12 +3,14 @@ import { AlertDto } from "@/entities/alerts/model";
 import { DynamicImageProviderIcon } from "@/components/ui";
 
 type AlertsFoundBadgeProps = {
+  totalAlertsFound: number;
   alertsFound: AlertDto[];
   isLoading: boolean;
   role: "ruleCondition" | "correlationRuleConditions";
 };
 
 export const AlertsFoundBadge = ({
+  totalAlertsFound,
   alertsFound,
   isLoading,
   role,
@@ -17,15 +19,15 @@ export const AlertsFoundBadge = ({
     if (role === "ruleCondition") {
       return (
         <>
-          {alertsFound.length} alert{alertsFound.length > 1 ? "s" : ""} were
-          found matching this condition
+          {totalAlertsFound} alert{totalAlertsFound > 1 ? "s" : ""} were found
+          matching this condition
         </>
       );
     }
 
     return (
       <>
-        {alertsFound.length} alert{alertsFound.length > 1 ? "s" : ""} were found
+        {totalAlertsFound} alert{totalAlertsFound > 1 ? "s" : ""} were found
         matching correlation rule conditions
       </>
     );
@@ -39,7 +41,7 @@ export const AlertsFoundBadge = ({
     return "No alerts were found with these correlation rule conditions. Please try something else.";
   }
 
-  if (alertsFound.length === 0) {
+  if (totalAlertsFound === 0) {
     return (
       <Badge className="mt-3 w-full" color="gray">
         {isLoading ? "Getting your alerts..." : getNotFoundText()}

keep-ui/app/(keep)/rules/CorrelationSidebar/CorrelationSidebarBody.tsx

@@ -10,13 +10,13 @@ import { Link } from "@/components/ui";
 import { ArrowUpRightIcon } from "@heroicons/react/24/outline";
 import { useRules } from "utils/hooks/useRules";
 import { useRouter, useSearchParams } from "next/navigation";
-import { useSearchAlerts } from "utils/hooks/useSearchAlerts";
 import { AlertsFoundBadge } from "./AlertsFoundBadge";
 import { useApi } from "@/shared/lib/hooks/useApi";
 import { useConfig } from "@/utils/hooks/useConfig";
 import { showErrorToast } from "@/shared/ui";
 import { CorrelationFormType } from "./types";
 import { TIMEFRAME_UNITS_TO_SECONDS } from "./timeframe-constants";
+import { useMatchingAlerts } from "./useMatchingAlerts";
 
 type CorrelationSidebarBodyProps = {
   toggle: VoidFunction;
@@ -46,10 +46,11 @@ export const CorrelationSidebarBody = ({
   const searchParams = useSearchParams();
   const selectedId = searchParams ? searchParams.get("id") : null;
 
-  const { data: alertsFound = [], isLoading } = useSearchAlerts({
-    query: methods.watch("query"),
-    timeframe: timeframeInSeconds,
-  });
+  const {
+    data: alertsFound = [],
+    totalCount: totalAlertsFound,
+    isLoading,
+  } = useMatchingAlerts(methods.watch("query"));
 
   const [isCalloutShown, setIsCalloutShown] = useLocalStorage(
     "correlation-callout",
@@ -85,7 +86,7 @@ export const CorrelationSidebarBody = ({
       celQuery: formatQuery(query, "cel"),
       timeframeInSeconds,
       timeUnit: timeUnit,
-      groupingCriteria: alertsFound.length ? groupedAttributes : [],
+      groupingCriteria: totalAlertsFound ? groupedAttributes : [],
       requireApprove: requireApprove,
       resolveOn: resolveOn,
       createOn: createOn,
@@ -169,8 +170,9 @@ export const CorrelationSidebarBody = ({
             <CorrelationGroups />
           </div>
           <div className="flex flex-col border-t-2">
-            {alertsFound.length > 0 && (
+            {totalAlertsFound > 0 && (
               <AlertsFoundBadge
+                totalAlertsFound={totalAlertsFound}
                 alertsFound={alertsFound}
                 isLoading={false}
                 role={"correlationRuleConditions"}

keep-ui/app/(keep)/rules/CorrelationSidebar/RuleFields.tsx

@@ -18,11 +18,11 @@ import {
 } from "react-querybuilder";
 import { AlertsFoundBadge } from "./AlertsFoundBadge";
 import { useFormContext } from "react-hook-form";
-import { useSearchAlerts } from "utils/hooks/useSearchAlerts";
 import { CorrelationFormType } from "./types";
 import { TIMEFRAME_UNITS_TO_SECONDS } from "./timeframe-constants";
 import { useDeduplicationFields } from "@/utils/hooks/useDeduplicationRules";
 import { get } from "lodash";
+import { useMatchingAlerts } from "./useMatchingAlerts";
 
 const DEFAULT_OPERATORS = defaultOperators.filter((operator) =>
   [
@@ -50,7 +50,7 @@ const OPERATORS_FORCE_TYPE_CAST = {
   "<=": "number",
   "<": "number",
   ">": "number",
-}
+};
 
 const DEFAULT_FIELDS: QueryField[] = [
   { name: "source", label: "source", datatype: "text" },
@@ -117,9 +117,13 @@ const Field = ({
   };
 
   const castValueToOperationType = (value: string) => {
-    const castTo: string = get(OPERATORS_FORCE_TYPE_CAST, ruleField.operator, "text");
+    const castTo: string = get(
+      OPERATORS_FORCE_TYPE_CAST,
+      ruleField.operator,
+      "text"
+    );
     return castTo === "number" ? Number(value) : value;
-  }
+  };
 
   return (
     <div key={ruleField.id}>
@@ -158,7 +162,9 @@ const Field = ({
           {isValueEnabled && (
             <div>
               <TextInput
-                onValueChange={(newValue) => onFieldChange("value", castValueToOperationType(newValue))}
+                onValueChange={(newValue) =>
+                  onFieldChange("value", castValueToOperationType(newValue))
+                }
                 defaultValue={ruleField.value}
                 required
                 error={!ruleField.value}
@@ -279,10 +285,11 @@ export const RuleFields = ({
     ? TIMEFRAME_UNITS_TO_SECONDS[watch("timeUnit")](+watch("timeAmount"))
     : 0;
 
-  const { data: alertsFound = [], isLoading } = useSearchAlerts({
-    query: { combinator: "and", rules: ruleFields },
-    timeframe: timeframeInSeconds,
-  });
+  const {
+    data: alertsFound = [],
+    totalCount: totalAlertsFound,
+    isLoading,
+  } = useMatchingAlerts({ combinator: "and", rules: ruleFields });
 
   return (
     <div key={rule.id} className="bg-gray-100 px-4 py-3 rounded space-y-2">
@@ -346,6 +353,7 @@ export const RuleFields = ({
         </div>
 
         <AlertsFoundBadge
+          totalAlertsFound={totalAlertsFound}
           alertsFound={alertsFound}
           isLoading={isLoading}
           role={"ruleCondition"}