diff --git a/src/shared/components/icons/icons.tsx b/src/shared/components/icons/icons.tsx
index 1c877c7..27783e8 100644
--- a/src/shared/components/icons/icons.tsx
+++ b/src/shared/components/icons/icons.tsx
@@ -77,3 +77,76 @@ export const CloseIcon = ({ size = 12 }: { size?: number }) => (
     <path d="m7.293 8-3.147 3.146a.5.5 0 0 0 .708.708L8 8.707l3.146 3.147a.5.5 0 0 0 .708-.708L8.707 8l3.147-3.146a.5.5 0 1 0-.708-.708L8 7.293 4.854 4.146a.5.5 0 1 0-.708.708L7.293 8Z" />
   </svg>
 );
+
+export const EntityIcon = {
+  host: (
+    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
+      <rect x="2" y="3" width="12" height="8" rx="1" />
+      <path d="M5 13h6M8 11v2" />
+      <circle cx="4.5" cy="7" r="0.4" fill="currentColor" stroke="none" />
+    </svg>
+  ),
+  user: (
+    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" aria-hidden="true">
+      <circle cx="8" cy="6" r="2.5" />
+      <path d="M3 13c0-2.5 2.2-4 5-4s5 1.5 5 4" />
+    </svg>
+  ),
+  process: (
+    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
+      <rect x="2" y="3" width="12" height="10" rx="1" />
+      <path d="M4.5 6.5 6 8 4.5 9.5M7.5 9.5h3" />
+    </svg>
+  ),
+  executable: (
+    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
+      <path d="M3 2h7l3 3v9a1 1 0 0 1-1 1H3a1 1 0 0 1-1-1V3a1 1 0 0 1 1-1z" />
+      <path d="M10 2v3h3" />
+    </svg>
+  ),
+};
+
+export const FactIcon = {
+  status: (
+    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" aria-hidden="true">
+      <circle cx="8" cy="8" r="5.5" />
+      <circle cx="8" cy="8" r="2" fill="currentColor" stroke="none" />
+    </svg>
+  ),
+  severity: (
+    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
+      <path d="M8 2.5 1.5 13.5h13z" />
+      <path d="M8 7v3" />
+      <circle cx="8" cy="12" r="0.4" fill="currentColor" stroke="none" />
+    </svg>
+  ),
+  alerts: (
+    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
+      <path d="M3 12.5V7a5 5 0 0 1 10 0v5.5z" />
+      <path d="M6.5 14.5a1.5 1.5 0 0 0 3 0" />
+    </svg>
+  ),
+  comments: (
+    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinejoin="round" aria-hidden="true">
+      <path d="M3 3h10a1 1 0 0 1 1 1v6a1 1 0 0 1-1 1H8l-3 2v-2H3a1 1 0 0 1-1-1V4a1 1 0 0 1 1-1z" />
+    </svg>
+  ),
+  createdBy: (
+    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" aria-hidden="true">
+      <circle cx="8" cy="6" r="2.5" />
+      <path d="M3 13c0-2.5 2.2-4 5-4s5 1.5 5 4" />
+    </svg>
+  ),
+  created: (
+    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
+      <circle cx="8" cy="8" r="6" />
+      <path d="M8 4.5V8l2.2 1.5" />
+    </svg>
+  ),
+  updated: (
+    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
+      <path d="M13 8a5 5 0 1 1-1.5-3.5" />
+      <path d="M13 2.5V5H10.5" />
+    </svg>
+  ),
+};
diff --git a/src/views/alert-triage/components/AlertCard.tsx b/src/views/alert-triage/components/AlertCard.tsx
index 748b257..7317907 100644
--- a/src/views/alert-triage/components/AlertCard.tsx
+++ b/src/views/alert-triage/components/AlertCard.tsx
@@ -8,34 +8,7 @@
 import React from "react";
 import { timeAgo } from "../../../shared/theme";
 import type { SecurityAlert } from "../../../shared/types";
-
-export const EntityIcon = {
-  host: (
-    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
-      <rect x="2" y="3" width="12" height="8" rx="1" />
-      <path d="M5 13h6M8 11v2" />
-      <circle cx="4.5" cy="7" r="0.4" fill="currentColor" stroke="none" />
-    </svg>
-  ),
-  user: (
-    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" aria-hidden="true">
-      <circle cx="8" cy="6" r="2.5" />
-      <path d="M3 13c0-2.5 2.2-4 5-4s5 1.5 5 4" />
-    </svg>
-  ),
-  process: (
-    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
-      <rect x="2" y="3" width="12" height="10" rx="1" />
-      <path d="M4.5 6.5 6 8 4.5 9.5M7.5 9.5h3" />
-    </svg>
-  ),
-  executable: (
-    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
-      <path d="M3 2h7l3 3v9a1 1 0 0 1-1 1H3a1 1 0 0 1-1-1V3a1 1 0 0 1 1-1z" />
-      <path d="M10 2v3h3" />
-    </svg>
-  ),
-};
+import { EntityIcon } from "../../../shared/components/icons/icons";
 
 interface AlertCardProps {
   alert: SecurityAlert;
diff --git a/src/views/alert-triage/components/DetailView.tsx b/src/views/alert-triage/components/DetailView.tsx
index fdd3909..1472a3d 100644
--- a/src/views/alert-triage/components/DetailView.tsx
+++ b/src/views/alert-triage/components/DetailView.tsx
@@ -9,7 +9,8 @@ import React, { useRef, useState } from "react";
 import { ChevronDownIcon, LoadingState } from "../../../shared/components";
 import { useClickOutside } from "../../../shared/hooks/useClickOutside";
 import type { AlertContext, SecurityAlert } from "../../../shared/types";
-import { AlertScoreRing, EntityIcon } from "./AlertCard";
+import { AlertScoreRing } from "./AlertCard";
+import { EntityIcon } from "../../../shared/components/icons/icons";
 import { ExpandSection } from "./ExpandSection";
 import { FactCol } from "./FactCol";
 import { NetworkTable } from "./NetworkTable";
diff --git a/src/views/case-management/App.tsx b/src/views/case-management/App.tsx
index 0d7fa55..e9a8775 100644
--- a/src/views/case-management/App.tsx
+++ b/src/views/case-management/App.tsx
@@ -40,6 +40,7 @@ import {
 import type { Severity } from "../../shared/components";
 import { useFullscreen } from "../../shared/hooks/useFullscreen";
 import { useMcpApp } from "../../shared/hooks/useMcpApp";
+import { FactIcon } from "../../shared/components/icons/icons";
 import "./styles.css";
 
 type SeverityKey = Severity;
@@ -937,52 +938,6 @@ function FactCol({ label, value, icon, onFilter }: { label: string; value?: stri
   );
 }
 
-// ─── Fact icons ──────────────────────────────────────────────────────────────
-
-const FactIcon = {
-  status: (
-    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" aria-hidden="true">
-      <circle cx="8" cy="8" r="5.5" />
-      <circle cx="8" cy="8" r="2" fill="currentColor" stroke="none" />
-    </svg>
-  ),
-  severity: (
-    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
-      <path d="M8 2.5 1.5 13.5h13z" />
-      <path d="M8 7v3" />
-      <circle cx="8" cy="12" r="0.4" fill="currentColor" stroke="none" />
-    </svg>
-  ),
-  alerts: (
-    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
-      <path d="M3 12.5V7a5 5 0 0 1 10 0v5.5z" />
-      <path d="M6.5 14.5a1.5 1.5 0 0 0 3 0" />
-    </svg>
-  ),
-  comments: (
-    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinejoin="round" aria-hidden="true">
-      <path d="M3 3h10a1 1 0 0 1 1 1v6a1 1 0 0 1-1 1H8l-3 2v-2H3a1 1 0 0 1-1-1V4a1 1 0 0 1 1-1z" />
-    </svg>
-  ),
-  createdBy: (
-    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" aria-hidden="true">
-      <circle cx="8" cy="6" r="2.5" />
-      <path d="M3 13c0-2.5 2.2-4 5-4s5 1.5 5 4" />
-    </svg>
-  ),
-  created: (
-    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
-      <circle cx="8" cy="8" r="6" />
-      <path d="M8 4.5V8l2.2 1.5" />
-    </svg>
-  ),
-  updated: (
-    <svg width="12" height="12" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
-      <path d="M13 8a5 5 0 1 1-1.5-3.5" />
-      <path d="M13 2.5V5H10.5" />
-    </svg>
-  ),
-};
 
 function ExpandSection({ title, count, expanded, onToggle, previewCount, children }: {
   title: string; count: number; expanded: boolean; onToggle: () => void; previewCount: number; children: React.ReactNode;
diff --git a/src/views/sample-data/App.tsx b/src/views/sample-data/App.tsx
index b54bd61..f782137 100644
--- a/src/views/sample-data/App.tsx
+++ b/src/views/sample-data/App.tsx
@@ -9,6 +9,7 @@ import React, { useState, useCallback, useMemo } from "react";
 import { App as McpApp } from "@modelcontextprotocol/ext-apps";
 import { extractCallResult } from "../../shared/extract-tool-text";
 import { SeverityChip } from "../../shared/components";
+import { AppGlyph, SearchIcon } from "../../shared/components/icons/icons";
 import { useMcpApp } from "../../shared/hooks/useMcpApp";
 import "./styles.css";
 
@@ -489,12 +490,6 @@ const SEVERITY_FILTERS: { key: SeverityFilter; label: string }[] = [
   { key: "medium", label: "Medium" },
 ];
 
-const AppGlyph = () => (
-  <svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true">
-    <path d="M23.9506 12.4984C23.9527 11.5265 23.6542 10.5777 23.0961 9.78204C22.538 8.98635 21.7475 8.38267 20.8329 8.05369C20.9165 7.62975 20.9586 7.19872 20.9588 6.76664C20.9593 5.33599 20.5061 3.94206 19.6645 2.78515C18.8228 1.62826 17.6361 0.767973 16.2748 0.327936C14.9135 -0.112099 13.4478 -0.109226 12.0882 0.336144C10.7287 0.781513 9.54534 1.64645 8.70826 2.80664C8.09097 2.32848 7.33466 2.06452 6.55389 2.05472C5.77314 2.04491 5.01045 2.2898 4.38134 2.75229C3.75222 3.21479 3.29095 3.86969 3.0674 4.61782C2.84384 5.36595 2.87015 6.16656 3.14238 6.8984C2.22542 7.23206 1.43269 7.83861 0.870884 8.63641C0.309073 9.43422 0.00515049 10.385 2.34805e-05 11.3608C-0.00305405 12.3366 0.296461 13.2893 0.857326 14.0879C1.41819 14.8864 2.21282 15.4914 3.13179 15.8195C3.05214 16.2435 3.01275 16.6741 3.01414 17.1054C3.01158 18.5358 3.46368 19.9298 4.30518 21.0864C5.14666 22.2429 6.33397 23.1021 7.69564 23.5398C9.05729 23.9775 10.5228 23.9711 11.8806 23.5214C13.2384 23.0718 14.4181 22.2022 15.2494 21.0384C15.8649 21.5186 16.6204 21.7849 17.4009 21.7969C18.1815 21.8089 18.9447 21.566 19.5747 21.1049C20.2047 20.6438 20.6669 19.9898 20.8915 19.242C21.1161 18.4944 21.0906 17.6938 20.8188 16.9619C21.734 16.6265 22.5246 16.0189 23.0845 15.2211C23.6442 14.4232 23.9465 13.4731 23.9506 12.4984ZM9.27296 3.52899C10.0442 2.40726 11.1788 1.586 12.4853 1.20381C13.7919 0.821635 15.1902 0.901957 16.4444 1.43121C17.6986 1.96048 18.7316 2.90626 19.3694 4.10891C20.0071 5.31156 20.2104 6.69741 19.9447 8.03252L14.6576 12.6631L9.41649 10.2749L8.39297 8.09017L9.27296 3.52899ZM6.62238 2.94075C7.24393 2.94062 7.84828 3.14484 8.34238 3.52193L7.54943 7.60311L3.95885 6.75487C3.80314 6.32609 3.75287 5.86614 3.81229 5.41386C3.87172 4.96158 4.03908 4.53022 4.30026 4.15621C4.56145 3.78221 4.90878 3.47653 5.31293 3.26499C5.71708 3.05344 6.1662 2.94224 6.62238 2.94075ZM0.925906 11.3713C0.931192 10.5387 1.19621 9.72838 1.68401 9.05351C2.17182 8.37865 2.85807 7.87284 3.64708 7.60664L7.58826 8.53722L8.51296 10.5149L3.47414 15.0725C2.72441 14.7865 2.07928 14.2793 1.62421 13.6184C1.16915 12.9574 0.925627 12.1738 0.925906 11.3713ZM14.7012 20.3348C13.9892 21.3831 12.9599 22.1753 11.7643 22.5953C10.5688 23.0152 9.27013 23.0407 8.05905 22.668C6.84795 22.2953 5.78828 21.5441 5.03568 20.5247C4.28307 19.5053 3.8772 18.2714 3.87767 17.0042C3.87822 16.6092 3.91764 16.2152 3.99532 15.8278L9.14826 11.1643L14.4094 13.5619L15.5741 15.7878L14.7012 20.3348ZM17.3341 20.9231C16.7144 20.9209 16.1126 20.7142 15.6224 20.3348L16.4035 16.2666L19.9918 17.1054C20.1479 17.5339 20.1986 17.9934 20.1396 18.4455C20.0808 18.8976 19.914 19.3289 19.6534 19.7031C19.3928 20.0772 19.0461 20.3831 18.6425 20.5951C18.2388 20.8069 17.79 20.9187 17.3341 20.9207V20.9231ZM20.3035 16.2513L16.3529 15.3278L15.3035 13.3278L20.4706 8.80075C21.2209 9.08447 21.8672 9.58986 22.3234 10.2497C22.7796 10.9096 23.0242 11.6926 23.0247 12.4948C23.0173 13.3258 22.7512 14.1336 22.2635 14.8065C21.7759 15.4792 21.0908 15.9834 20.3035 16.2489V16.2513Z" fill="currentColor"/>
-  </svg>
-);
-
 export function App() {
   const [selected, setSelected] = useState<Set<string>>(new Set());
   const [expanded, setExpanded] = useState<string | null>(null);
@@ -715,7 +710,7 @@ export function App() {
               })}
             </div>
             <div className="sample-toolbar-search">
-              <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round"><circle cx="11" cy="11" r="7" /><path d="m21 21-4.35-4.35" /></svg>
+              <SearchIcon />
               <input
                 type="text"
                 placeholder="Filter scenarios..."
diff --git a/src/views/threat-hunt/App.tsx b/src/views/threat-hunt/App.tsx
index c3401b3..83d2506 100644
--- a/src/views/threat-hunt/App.tsx
+++ b/src/views/threat-hunt/App.tsx
@@ -10,6 +10,7 @@ import { extractToolText, extractCallResult } from "../../shared/extract-tool-te
 import type { EsqlResult } from "../../shared/types";
 import { useFullscreen } from "../../shared/hooks/useFullscreen";
 import { useMcpApp } from "../../shared/hooks/useMcpApp";
+import { AppGlyph, FullscreenIcon, ExitFullscreenIcon } from "../../shared/components/icons/icons";
 import { QueryEditor } from "./components/QueryEditor";
 import { ResultsTable } from "./components/ResultsTable";
 // TODO: re-enable the force-directed Network view once it's stable.
@@ -18,60 +19,12 @@ import type { GNode, GEdge } from "./components/InvestigationGraph";
 import { CardGraph } from "./components/CardGraph";
 import "./styles.css";
 
-const AppGlyph = () => (
-  <svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true">
-    <path d="M23.9506 12.4984C23.9527 11.5265 23.6542 10.5777 23.0961 9.78204C22.538 8.98635 21.7475 8.38267 20.8329 8.05369C20.9165 7.62975 20.9586 7.19872 20.9588 6.76664C20.9593 5.33599 20.5061 3.94206 19.6645 2.78515C18.8228 1.62826 17.6361 0.767973 16.2748 0.327936C14.9135 -0.112099 13.4478 -0.109226 12.0882 0.336144C10.7287 0.781513 9.54534 1.64645 8.70826 2.80664C8.09097 2.32848 7.33466 2.06452 6.55389 2.05472C5.77314 2.04491 5.01045 2.2898 4.38134 2.75229C3.75222 3.21479 3.29095 3.86969 3.0674 4.61782C2.84384 5.36595 2.87015 6.16656 3.14238 6.8984C2.22542 7.23206 1.43269 7.83861 0.870884 8.63641C0.309073 9.43422 0.00515049 10.385 2.34805e-05 11.3608C-0.00305405 12.3366 0.296461 13.2893 0.857326 14.0879C1.41819 14.8864 2.21282 15.4914 3.13179 15.8195C3.05214 16.2435 3.01275 16.6741 3.01414 17.1054C3.01158 18.5358 3.46368 19.9298 4.30518 21.0864C5.14666 22.2429 6.33397 23.1021 7.69564 23.5398C9.05729 23.9775 10.5228 23.9711 11.8806 23.5214C13.2384 23.0718 14.4181 22.2022 15.2494 21.0384C15.8649 21.5186 16.6204 21.7849 17.4009 21.7969C18.1815 21.8089 18.9447 21.566 19.5747 21.1049C20.2047 20.6438 20.6669 19.9898 20.8915 19.242C21.1161 18.4944 21.0906 17.6938 20.8188 16.9619C21.734 16.6265 22.5246 16.0189 23.0845 15.2211C23.6442 14.4232 23.9465 13.4731 23.9506 12.4984ZM9.27296 3.52899C10.0442 2.40726 11.1788 1.586 12.4853 1.20381C13.7919 0.821635 15.1902 0.901957 16.4444 1.43121C17.6986 1.96048 18.7316 2.90626 19.3694 4.10891C20.0071 5.31156 20.2104 6.69741 19.9447 8.03252L14.6576 12.6631L9.41649 10.2749L8.39297 8.09017L9.27296 3.52899ZM6.62238 2.94075C7.24393 2.94062 7.84828 3.14484 8.34238 3.52193L7.54943 7.60311L3.95885 6.75487C3.80314 6.32609 3.75287 5.86614 3.81229 5.41386C3.87172 4.96158 4.03908 4.53022 4.30026 4.15621C4.56145 3.78221 4.90878 3.47653 5.31293 3.26499C5.71708 3.05344 6.1662 2.94224 6.62238 2.94075ZM0.925906 11.3713C0.931192 10.5387 1.19621 9.72838 1.68401 9.05351C2.17182 8.37865 2.85807 7.87284 3.64708 7.60664L7.58826 8.53722L8.51296 10.5149L3.47414 15.0725C2.72441 14.7865 2.07928 14.2793 1.62421 13.6184C1.16915 12.9574 0.925627 12.1738 0.925906 11.3713ZM14.7012 20.3348C13.9892 21.3831 12.9599 22.1753 11.7643 22.5953C10.5688 23.0152 9.27013 23.0407 8.05905 22.668C6.84795 22.2953 5.78828 21.5441 5.03568 20.5247C4.28307 19.5053 3.8772 18.2714 3.87767 17.0042C3.87822 16.6092 3.91764 16.2152 3.99532 15.8278L9.14826 11.1643L14.4094 13.5619L15.5741 15.7878L14.7012 20.3348ZM17.3341 20.9231C16.7144 20.9209 16.1126 20.7142 15.6224 20.3348L16.4035 16.2666L19.9918 17.1054C20.1479 17.5339 20.1986 17.9934 20.1396 18.4455C20.0808 18.8976 19.914 19.3289 19.6534 19.7031C19.3928 20.0772 19.0461 20.3831 18.6425 20.5951C18.2388 20.8069 17.79 20.9187 17.3341 20.9207V20.9231ZM20.3035 16.2513L16.3529 15.3278L15.3035 13.3278L20.4706 8.80075C21.2209 9.08447 21.8672 9.58986 22.3234 10.2497C22.7796 10.9096 23.0242 11.6926 23.0247 12.4948C23.0173 13.3258 22.7512 14.1336 22.2635 14.8065C21.7759 15.4792 21.0908 15.9834 20.3035 16.2489V16.2513Z" fill="currentColor"/>
-  </svg>
-);
-
-const FullscreenIcon = () => (
-  <svg width="16" height="16" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
-    <path d="M2 6V2h4" /><path d="M14 6V2h-4" /><path d="M2 10v4h4" /><path d="M14 10v4h-4" />
-  </svg>
-);
-
-const ExitFullscreenIcon = () => (
-  <svg width="16" height="16" viewBox="0 0 16 16" fill="none" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" aria-hidden="true">
-    <path d="M6 2v4H2" /><path d="M10 2v4h4" /><path d="M6 14v-4H2" /><path d="M10 14v-4h4" />
-  </svg>
-);
-
-/**
- * Default state seeds a realistic ES|QL scenario on first load (results table).
- * The investigation graph stays hidden until the user runs a query that returns
- * rows and clicks entities, or uses "Example graph".
- */
-const DEFAULT_QUERY = `FROM logs-*
-| WHERE host.name == "win-dc-01"
-| STATS count = COUNT(*) BY user.name, process.name
-| SORT count DESC
-| LIMIT 10`;
-
-const DEFAULT_RESULTS: EsqlResult = {
-  columns: [
-    { name: "user.name", type: "keyword" },
-    { name: "process.name", type: "keyword" },
-    { name: "host.name", type: "keyword" },
-    { name: "count", type: "long" },
-  ],
-  values: [
-    ["svc_backup", "powershell.exe", "win-dc-01", 147],
-    ["svc_backup", "procdump.exe", "win-dc-01", 42],
-    ["admin.backup", "powershell.exe", "win-dc-01", 38],
-    ["svc_backup", "cmd.exe", "win-dc-01", 29],
-    ["admin.backup", "rundll32.exe", "win-dc-01", 21],
-    ["svc_backup", "net.exe", "win-dc-01", 17],
-    ["admin.backup", "wmic.exe", "win-dc-01", 14],
-    ["svc_backup", "reg.exe", "win-dc-01", 11],
-  ],
-};
-
 export function App() {
-  const [query, setQuery] = useState(DEFAULT_QUERY);
-  const [results, setResults] = useState<EsqlResult | null>(DEFAULT_RESULTS);
+  const [query, setQuery] = useState("");
+  const [results, setResults] = useState<EsqlResult | null>(null);
   const [queryError, setQueryError] = useState<string | null>(null);
   const [executing, setExecuting] = useState(false);
-  const [hasExecuted, setHasExecuted] = useState(true);
+  const [hasExecuted, setHasExecuted] = useState(false);
 
   const [graphNodes, setGraphNodes] = useState<GNode[]>([]);
   const [graphEdges, setGraphEdges] = useState<GEdge[]>([]);
