splunk · Ickerday · May 13, 2026 · May 13, 2026 · May 13, 2026 · May 13, 2026
diff --git a/docs/ai.rst b/docs/ai.rst
@@ -0,0 +1,158 @@
+splunklib.ai
+------------
+
+.. automodule:: splunklib.ai
+
+.. autoclass:: splunklib.ai.agent.Agent
+    :members: invoke, invoke_with_data
+
+.. autoexception:: splunklib.ai.agent.PrivilegedExecutionError
+    :members:
+
+.. rubric:: Models
+
+.. autoclass:: splunklib.ai.model.PredefinedModel
+    :members:
+
+.. autoclass:: splunklib.ai.model.AnthropicModel
+    :members:
+
+.. autoclass:: splunklib.ai.model.OpenAIModel
+    :members:
+
+.. autoclass:: splunklib.ai.model.GoogleModel
+    :members:
+
+.. rubric:: Messages
+
+.. autoclass:: splunklib.ai.messages.BaseMessage
+    :members:
+
+.. autoclass:: splunklib.ai.messages.HumanMessage
+    :members:
+
+.. autoclass:: splunklib.ai.messages.AIMessage
+    :members:
+
+.. autoclass:: splunklib.ai.messages.SystemMessage
+    :members:
+
+.. autoclass:: splunklib.ai.messages.ToolMessage
+    :members:
+
+.. autoclass:: splunklib.ai.messages.SubagentMessage
+    :members:
+
+.. autoclass:: splunklib.ai.messages.AgentResponse
+    :members:
+
+.. autoclass:: splunklib.ai.messages.TextBlock
+    :members:
+
+.. autoclass:: splunklib.ai.messages.ToolCall
+    :members:
+
+.. autoclass:: splunklib.ai.messages.SubagentCall
+    :members:
+
+.. autoclass:: splunklib.ai.messages.ToolResult
+    :members:
+
+.. autoclass:: splunklib.ai.messages.SubagentTextResult
+    :members:
+
+.. autoclass:: splunklib.ai.messages.SubagentStructuredResult
+    :members:
+
+.. autoclass:: splunklib.ai.messages.ToolFailureResult
+    :members:
+
+.. autoclass:: splunklib.ai.messages.SubagentFailureResult
+    :members:
+
+.. rubric:: Middleware
+
+.. autoclass:: splunklib.ai.middleware.AgentMiddleware
+    :members:
+
+.. autofunction:: splunklib.ai.middleware.agent_middleware
+
+.. autofunction:: splunklib.ai.middleware.model_middleware
+
+.. autofunction:: splunklib.ai.middleware.tool_middleware
+
+.. autofunction:: splunklib.ai.middleware.subagent_middleware
+
+.. autoclass:: splunklib.ai.middleware.AgentState
+    :members:
+
+.. autoclass:: splunklib.ai.middleware.AgentRequest
+    :members:
+
+.. autoclass:: splunklib.ai.middleware.ModelRequest
+    :members:
+
+.. autoclass:: splunklib.ai.middleware.ModelResponse
+    :members:
+
+.. autoclass:: splunklib.ai.middleware.ToolRequest
+    :members:
+
+.. autoclass:: splunklib.ai.middleware.ToolResponse
+    :members:
+
+.. autoclass:: splunklib.ai.middleware.SubagentRequest
+    :members:
+
+.. autoclass:: splunklib.ai.middleware.SubagentResponse
+    :members:
+
+.. rubric:: Limits
+
+.. autoclass:: splunklib.ai.limits.AgentLimits
+    :members:
+
+.. autoexception:: splunklib.ai.limits.AgentStopException
+    :members:
+
+.. autoexception:: splunklib.ai.limits.TokenLimitExceededException
+    :members:
+
+.. autoexception:: splunklib.ai.limits.StepsLimitExceededException
+    :members:
+
+.. autoexception:: splunklib.ai.limits.TimeoutExceededException
+    :members:
+
+.. autoexception:: splunklib.ai.limits.StructuredOutputRetryLimitExceededException
+    :members:
+
+.. rubric:: Tool settings
+
+.. autoclass:: splunklib.ai.tool_settings.ToolSettings
+    :members:
+
+.. autoclass:: splunklib.ai.tool_settings.LocalToolSettings
+    :members:
+
+.. autoclass:: splunklib.ai.tool_settings.RemoteToolSettings
+    :members:
+
+.. autoclass:: splunklib.ai.tool_settings.ToolAllowlist
+    :members:
+
+.. rubric:: Conversation store
+
+.. autoclass:: splunklib.ai.conversation_store.ConversationStore
+    :members:
+
+.. autoclass:: splunklib.ai.conversation_store.InMemoryStore
+    :members:
+
+.. rubric:: Security
+
+.. autofunction:: splunklib.ai.security.detect_injection
+
+.. autofunction:: splunklib.ai.security.truncate_input
+
+.. autofunction:: splunklib.ai.security.create_structured_prompt
diff --git a/docs/index.rst b/docs/index.rst
@@ -12,6 +12,7 @@ For more information, see the `Splunk Developer Portal <http://dev.splunk.com/vi
    modularinput
    searchcommands
    searchcommandsvalidators
+   ai
 
 
 :doc:`binding`
@@ -139,7 +140,7 @@ For more information, see the `Splunk Developer Portal <http://dev.splunk.com/vi
 :doc:`results`
 --------------
 
-    :class:`~splunklib.results.ResultsReader` class
+    :class:`~splunklib.results.JSONResultsReader` class
 
     :class:`~splunklib.results.Message` class
 
@@ -171,4 +172,59 @@ For more information, see the `Splunk Developer Portal <http://dev.splunk.com/vi
 
     :class:`~splunklib.searchcommands.StreamingCommand` class
 
+    :class:`~splunklib.searchcommands.ExternalSearchCommand` class
+
     :class:`~splunklib.searchcommands.Option` class
+
+    :func:`~splunklib.searchcommands.dispatch` function
+
+    :func:`~splunklib.searchcommands.execute` function
+
+    :data:`~splunklib.searchcommands.SearchMetric`
+
+:doc:`ai`
+---------
+
+    :class:`~splunklib.ai.agent.Agent` class
+
+    **Models**
+
+    :class:`~splunklib.ai.model.AnthropicModel` class
+
+    :class:`~splunklib.ai.model.OpenAIModel` class
+
+    :class:`~splunklib.ai.model.GoogleModel` class
+
+    **Messages**
+
+    :class:`~splunklib.ai.messages.HumanMessage` class
+
+    :class:`~splunklib.ai.messages.AIMessage` class
+
+    :class:`~splunklib.ai.messages.AgentResponse` class
+
+    **Middleware**
+
+    :class:`~splunklib.ai.middleware.AgentMiddleware` class
+
+    **Limits**
+
+    :class:`~splunklib.ai.limits.AgentLimits` class
+
+    **Tool settings**
+
+    :class:`~splunklib.ai.tool_settings.ToolSettings` class
+
+    **Conversation store**
+
+    :class:`~splunklib.ai.conversation_store.ConversationStore` class
+
+    :class:`~splunklib.ai.conversation_store.InMemoryStore` class
+
+    **Security**
+
+    :func:`~splunklib.ai.security.detect_injection` function
+
+    :func:`~splunklib.ai.security.truncate_input` function
+
+    :func:`~splunklib.ai.security.create_structured_prompt` function
diff --git a/docs/results.rst b/docs/results.rst
@@ -4,5 +4,7 @@ splunklib.results
 .. automodule:: splunklib.results
 
 .. autoclass:: Message
+    :members:
 
 .. autoclass:: JSONResultsReader
+    :members:
diff --git a/docs/searchcommands.rst b/docs/searchcommands.rst
@@ -72,31 +72,22 @@ splunklib.searchcommands
     :inherited-members:
     :exclude-members: Item, View, fix_up
 
-.. autoclass:: Boolean
+.. autoclass:: ExternalSearchCommand
     :members:
-    :inherited-members:
 
-.. autoclass:: Duration
-    :members:
-    :inherited-members:
+.. autofunction:: execute
 
-.. autoclass:: File
-    :members:
-    :inherited-members:
+.. autodata:: SearchMetric
 
-.. autoclass:: Integer
-    :members:
-    :inherited-members:
+.. rubric:: Environment helpers
 
-.. autoclass:: Float
-    :members:
-    :inherited-members:
+.. autodata:: app_file
 
-.. autoclass:: RegularExpression
-    :members:
-    :inherited-members:
+.. autodata:: app_root
 
-.. autoclass:: Set
-    :members:
-    :inherited-members:
+.. autodata:: logging_configuration
+
+.. autodata:: splunk_home
+
+.. autodata:: splunklib_logger
 
diff --git a/docs/searchcommandsvalidators.rst b/docs/searchcommandsvalidators.rst
@@ -3,10 +3,58 @@ splunklib.searchcommands.validators
 
 .. automodule:: splunklib.searchcommands.validators
 
+.. autoclass:: Validator
+    :members:
+    :inherited-members:
+
+.. autoclass:: Boolean
+    :members:
+    :inherited-members:
+
+.. autoclass:: Code
+    :members:
+    :inherited-members:
+
+.. autoclass:: Duration
+    :members:
+    :inherited-members:
+
 .. autoclass:: Fieldname
     :members:
     :inherited-members:
 
-.. autoclass:: Validator
+.. autoclass:: File
+    :members:
+    :inherited-members:
+
+.. autoclass:: Float
+    :members:
+    :inherited-members:
+
+.. autoclass:: Integer
+    :members:
+    :inherited-members:
+
+.. autoclass:: List
+    :members:
+    :inherited-members:
+
+.. autoclass:: Map
+    :members:
+    :inherited-members:
+
+.. autoclass:: Match
+    :members:
+    :inherited-members:
+
+.. autoclass:: OptionName
+    :members:
+    :inherited-members:
+
+.. autoclass:: RegularExpression
+    :members:
+    :inherited-members:
+
+.. autoclass:: Set
     :members:
     :inherited-members:
diff --git a/splunklib/ai/agent.py b/splunklib/ai/agent.py
@@ -60,6 +60,8 @@ class Agent(BaseAgent[OutputT]):
 
     Agents are async context managers and must be used with `async with`:
 
+    .. code-block:: python
+
         async with Agent(
             model=model,
             system_prompt="You are a helpful Splunk assistant.",
@@ -80,9 +82,9 @@ class Agent(BaseAgent[OutputT]):
 
         tool_settings:
             Optional `ToolSettings` instance controlling which MCP tools are
-            loaded and exposed to the model. When provided, the agent loads:
-              * Local tools via `ToolSettings.local` (registered in `<app_path>/bin/tools.py`).
-              * Remote tools via `ToolSettings.remote` (requires Splunk MCP Server App present on SH).
+            loaded and exposed to the model. When provided, the agent loads
+            local tools via ``ToolSettings.local`` (registered in ``<app_path>/bin/tools.py``)
+            and remote tools via ``ToolSettings.remote`` (requires Splunk MCP Server App present on SH).
 
             Each sub-setting accepts an optional allowlist to restrict which
             tools are exposed. No tools are loaded by default.

diff --git a/splunklib/ai/security.py b/splunklib/ai/security.py
@@ -70,11 +70,14 @@ def create_structured_prompt(instructions: str, data: str | dict[str, Any]) -> s
     external data (alert payloads, log entries, API responses, etc.) to reduce
     the risk of indirect prompt injection.
 
-    Example:
-        HumanMessage(content=create_structured_prompt(
-            instructions="Summarize this security alert and assess its severity.",
-            data=alert_payload,
-        ))
+    Example::
+
+        HumanMessage(
+            content=create_structured_prompt(
+                instructions="Summarize this security alert and assess its severity.",
+                data=alert_payload,
+            )
+        )
     """
     return (
         f"INSTRUCTIONS:\n"