datadog 2.27.0 → 2.29.0

data/lib/datadog/appsec/utils/http/media_type.rb

@@ -4,22 +4,19 @@ module Datadog
   module AppSec
     module Utils
       module HTTP
-        # Implementation of media type for content negotiation
+        # Implementation of media type for HTTP headers
         #
         # See:
         # - https://www.rfc-editor.org/rfc/rfc7231#section-5.3.1
         # - https://www.rfc-editor.org/rfc/rfc7231#section-5.3.2
         class MediaType
-          class ParseError < ::StandardError
-          end
-
           WILDCARD = '*'
 
           # See: https://www.rfc-editor.org/rfc/rfc7230#section-3.2.6
           TOKEN_RE = /[-#$%&'*+.^_`|~A-Za-z0-9]+/.freeze
 
           # See: https://www.rfc-editor.org/rfc/rfc7231#section-3.1.1.1
-          PARAMETER_RE = %r{ # rubocop:disable Style/RegexpLiteral
+          PARAMETER_RE = %r{
             (?:
               (?<parameter_name>#{TOKEN_RE})
               =
@@ -46,39 +43,49 @@ module Datadog
 
           attr_reader :type, :subtype, :parameters
 
-          def initialize(media_type)
-            media_type_match = MEDIA_TYPE_RE.match(media_type)
+          def self.parse(media)
+            match = MEDIA_TYPE_RE.match(media)
+            return if match.nil?
 
-            raise ParseError, media_type.inspect if media_type_match.nil?
+            type = match['type'] || WILDCARD
+            type.downcase!
 
-            @type = (media_type_match['type'] || WILDCARD).downcase
-            @subtype = (media_type_match['subtype'] || WILDCARD).downcase
-            @parameters = {}
+            subtype = match['subtype'] || WILDCARD
+            subtype.downcase!
 
-            parameters = media_type_match['parameters']
+            parameters = {}
+            params = match['parameters']
 
-            return if parameters.nil?
+            unless params.nil? || params.empty?
+              params.scan(PARAMETER_RE) do |name, unquoted_value, quoted_value|
+                # NOTE: Order of unquoted_value and quoted_value does not matter,
+                #       as they are mutually exclusive by the regex.
+                # @type var value: ::String?
+                value = unquoted_value || quoted_value
+                next if name.nil? || value.nil?
 
-            parameters.split(';').map(&:strip).each do |parameter|
-              parameter_match = PARAMETER_RE.match(parameter)
+                # See https://github.com/soutaro/steep/issues/2051
+                name.downcase! # steep:ignore NoMethod
+                value.downcase!
 
-              next if parameter_match.nil?
-
-              parameter_name = parameter_match['parameter_name']
-              parameter_value = parameter_match['parameter_value']
+                # See https://github.com/soutaro/steep/issues/2051
+                parameters[name] = value # steep:ignore ArgumentTypeMismatch
+              end
+            end
 
-              next if parameter_name.nil? || parameter_value.nil?
+            new(type: type, subtype: subtype, parameters: parameters)
+          end
 
-              @parameters[parameter_name.downcase] = parameter_value.downcase
-            end
+          def initialize(type:, subtype:, parameters: {})
+            @type = type
+            @subtype = subtype
+            @parameters = parameters
           end
 
           def to_s
-            s = +"#{@type}/#{@subtype}"
-
-            s << ';' << @parameters.map { |k, v| "#{k}=#{v}" }.join(';') if @parameters.count > 0
+            return "#{@type}/#{@subtype}" if @parameters.empty?
 
-            s
+            "#{@type}/#{@subtype};#{@parameters.map { |k, v| "#{k}=#{v}" }.join(";")}"
           end
         end
       end

data/lib/datadog/appsec/utils/http/url_encoded.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'cgi'
+
+module Datadog
+  module AppSec
+    module Utils
+      module HTTP
+        # Module for parsing URL encoded payloads
+        module URLEncoded
+          # Parses a URL encoded payload (query string or form data) into a hash
+          # of keys and values, merging duplicate keys.
+          #
+          # Example:
+          #
+          #   URLEncoded.parse("foo=bar&foo=baz&qux=quux") # => {"foo" => ["bar", "baz"], "qux" => "quux"}
+          #
+          # NOTE: Use it in the absence of `Rack::Utils.parse_query`
+          #
+          # WARNING: This method doesn't limit params byte size.
+          #          See: https://github.com/rack/rack/blob/603b799de38b5eb9b2ff1657c8036a20f4c4db7b/lib/rack/query_parser.rb#L231-L233
+          def self.parse(payload)
+            return {} if payload.nil? || payload.empty?
+
+            payload.split('&').each_with_object({}) do |pair, memo|
+              next if pair.empty?
+
+              # NOTE: Steep has issues with mutation methods
+              #       See https://github.com/ruby/rbs/issues/2819
+              #
+              # @type var key: ::String
+              # @type var value: ::String
+              key, value = pair.split('=', 2).map! do |value| #: ::String
+                CGI.unescape(value)
+              end
+
+              if (stored = memo[key])
+                if stored.is_a?(Array)
+                  stored.push(value)
+                else
+                  memo[key] = [stored, value]
+                end
+              else
+                memo[key] = value
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/core/configuration/components.rb

@@ -11,6 +11,8 @@ require_relative '../runtime/metrics'
 require_relative '../telemetry/component'
 require_relative '../workers/runtime_metrics'
 require_relative '../remote/component'
+require_relative '../utils/at_fork_monkey_patch'
+require_relative '../utils/only_once'
 require_relative '../../tracing/component'
 require_relative '../../profiling/component'
 require_relative '../../appsec/component'
@@ -28,6 +30,9 @@ module Datadog
     module Configuration
       # Global components for the trace library.
       class Components
+        # Class-level constant to ensure fork patch is applied only once
+        AT_FORK_ONLY_ONCE = Utils::OnlyOnce.new
+
         class << self
           def build_health_metrics(settings, logger, telemetry)
             settings = settings.health_metrics
@@ -38,7 +43,7 @@ module Datadog
           end
 
           def build_logger(settings)
-            logger = settings.logger.instance || Core::Logger.new($stdout)
+            logger = settings.logger.instance || Core::Logger.new($stderr)
             logger.level = settings.diagnostics.debug ? ::Logger::DEBUG : settings.logger.level
 
             logger
@@ -80,14 +85,15 @@ module Datadog
             Datadog::Core::Crashtracking::Component.build(settings, agent_settings, logger: logger)
           end
 
-          def build_data_streams(settings, agent_settings, logger)
+          def build_data_streams(settings, agent_settings, logger, agent_info)
             return unless settings.data_streams.enabled
 
             Datadog::DataStreams::Processor.new(
               interval: settings.data_streams.interval,
               logger: logger,
               settings: settings,
-              agent_settings: agent_settings
+              agent_settings: agent_settings,
+              agent_info: agent_info
             )
           rescue => e
             logger.warn("Failed to initialize Data Streams Monitoring: #{e.class}: #{e}")
@@ -121,6 +127,17 @@ module Datadog
           StableConfig.log_result(@logger)
           Deprecations.log_deprecations_from_all_sources(@logger)
 
+          # Register fork handling once globally
+          self.class::AT_FORK_ONLY_ONCE.run do
+            Utils::AtForkMonkeyPatch.apply!
+
+            # Register callback that calls Components.after_fork
+            Utils::AtForkMonkeyPatch.at_fork(:child) do
+              # Access via global to avoid capturing 'self'
+              Datadog.send(:components, allow_initialization: false)&.after_fork
+            end
+          end
+
           # This agent_settings is intended for use within Core. If you require
           # agent_settings within a product outside of core you should extend
           # the Core resolver from within your product/component's namespace.
@@ -150,13 +167,21 @@ module Datadog
           @open_feature = OpenFeature::Component.build(settings, agent_settings, logger: @logger, telemetry: telemetry)
           @dynamic_instrumentation = Datadog::DI::Component.build(settings, agent_settings, @logger, telemetry: telemetry)
           @error_tracking = Datadog::ErrorTracking::Component.build(settings, @tracer, @logger)
-          @data_streams = self.class.build_data_streams(settings, agent_settings, @logger)
+          @data_streams = self.class.build_data_streams(settings, agent_settings, @logger, @agent_info)
           @environment_logger_extra[:dynamic_instrumentation_enabled] = !!@dynamic_instrumentation
 
           # Configure non-privileged components.
           Datadog::Tracing::Contrib::Component.configure(settings)
         end
 
+        # Called when a fork is detected
+        def after_fork
+          telemetry.after_fork
+          remote&.after_fork
+          crashtracker&.update_on_fork
+          ProcessDiscovery.after_fork
+        end
+
         # Hot-swaps with a new sampler.
         # This operation acquires the Components lock to ensure
         # there is no concurrent modification of the sampler.

data/lib/datadog/core/configuration/supported_configurations.rb

@@ -16,8 +16,10 @@ module Datadog
           "DD_AI_GUARD_MAX_MESSAGES_LENGTH",
           "DD_AI_GUARD_TIMEOUT",
           "DD_API_KEY",
+          "DD_API_SECURITY_DOWNSTREAM_BODY_ANALYSIS_SAMPLE_RATE",
           "DD_API_SECURITY_ENABLED",
           "DD_API_SECURITY_ENDPOINT_COLLECTION_ENABLED",
+          "DD_API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS",
           "DD_API_SECURITY_REQUEST_SAMPLE_RATE",
           "DD_API_SECURITY_SAMPLE_DELAY",
           "DD_APM_TRACING_ENABLED",
@@ -42,12 +44,14 @@ module Datadog
           "DD_APP_KEY",
           "DD_CRASHTRACKING_ENABLED",
           "DD_DATA_STREAMS_ENABLED",
+          "DD_DBM_INJECT_SQL_BASEHASH",
           "DD_DBM_PROPAGATION_MODE",
           "DD_DISABLE_DATADOG_RAILS",
           "DD_DYNAMIC_INSTRUMENTATION_ENABLED",
           "DD_DYNAMIC_INSTRUMENTATION_PROBE_FILE",
           "DD_DYNAMIC_INSTRUMENTATION_REDACTED_IDENTIFIERS",
           "DD_DYNAMIC_INSTRUMENTATION_REDACTED_TYPES",
+          "DD_DYNAMIC_INSTRUMENTATION_REDACTION_EXCLUDED_IDENTIFIERS",
           "DD_ENV",
           "DD_ERROR_TRACKING_HANDLED_ERRORS",
           "DD_ERROR_TRACKING_HANDLED_ERRORS_INCLUDE",

data/lib/datadog/core/configuration.rb

@@ -284,7 +284,7 @@ module Datadog
         # This enables logging during initialization, otherwise we'd run into deadlocks.
 
         @temp_logger ||= begin
-          logger = configuration.logger.instance || Core::Logger.new($stdout)
+          logger = configuration.logger.instance || Core::Logger.new($stderr)
           logger.level = configuration.diagnostics.debug ? ::Logger::DEBUG : configuration.logger.level
           logger
         end
@@ -298,7 +298,7 @@ module Datadog
           debug_env_value = DATADOG_ENV[Ext::Diagnostics::ENV_DEBUG_ENABLED]&.strip&.downcase
           debug_value = debug_env_value == 'true' || debug_env_value == '1'
 
-          logger = Core::Logger.new($stdout)
+          logger = Core::Logger.new($stderr)
           # We cannot access config and the default level is INFO, so we need to set the level manually
           logger.level = debug_value ? ::Logger::DEBUG : ::Logger::INFO
           logger

data/lib/datadog/core/crashtracking/component.rb

@@ -3,8 +3,6 @@
 require 'libdatadog'
 
 require_relative 'tag_builder'
-require_relative '../utils/only_once'
-require_relative '../utils/at_fork_monkey_patch'
 
 module Datadog
   module Core
@@ -18,10 +16,8 @@ module Datadog
       #
       # Methods prefixed with _native_ are implemented in `crashtracker.c`
       class Component
-        ONLY_ONCE = Core::Utils::OnlyOnce.new
-
         def self.build(settings, agent_settings, logger:)
-          tags = TagBuilder.call(settings)
+          tags = latest_tags(settings)
           agent_base_url = agent_settings.url
 
           ld_library_path = ::Libdatadog.ld_library_path
@@ -45,6 +41,32 @@ module Datadog
           ).tap(&:start)
         end
 
+        # Reports unhandled exceptions to the crash tracker if available and appropriate.
+        # This is called from the at_exit hook to report unhandled exceptions.
+        def self.report_unhandled_exception(exception)
+          return unless exception && !exception.is_a?(SystemExit) && !exception.is_a?(NoMemoryError)
+
+          begin
+            crashtracker = Datadog.send(:components, allow_initialization: false)&.crashtracker
+            return unless crashtracker
+
+            crashtracker.report_unhandled_exception(exception)
+          rescue => e
+            # Unhandled exception report triggering means that the application is already in a bad state
+            # We don't want to swallow non-StandardError exceptions here; we would rather just let the
+            # application crash
+            Datadog.logger.debug("Crashtracker failed to report unhandled exception: #{e.message}")
+          end
+        end
+
+        # Gets the latest tags from the current configuration.
+        #
+        # We always fetch fresh tags because:
+        # After forking, we need the latest tags, not the parent's tags, such as the pid or runtime-id
+        def self.latest_tags(settings)
+          TagBuilder.call(settings)
+        end
+
         def initialize(tags:, agent_base_url:, ld_library_path:, path_to_crashtracking_receiver_binary:, logger:)
           @tags = tags
           @agent_base_url = agent_base_url
@@ -54,24 +76,62 @@ module Datadog
         end
 
         def start
-          Utils::AtForkMonkeyPatch.apply!
-
           start_or_update_on_fork(action: :start, tags: tags)
-
-          ONLY_ONCE.run do
-            Utils::AtForkMonkeyPatch.at_fork(:child) do
-              # Must NOT reference `self` here, as only the first instance will
-              # be captured by the ONLY_ONCE and we want to pick the latest active one
-              # (which may have different tags or agent config)
-              Datadog.send(:components, allow_initialization: false)&.crashtracker&.update_on_fork
-            end
-          end
         end
 
         def update_on_fork(settings: Datadog.configuration)
-          # Here we pick up the latest settings, so that we pick up any tags that change after forking
-          # such as the pid or runtime-id
-          start_or_update_on_fork(action: :update_on_fork, tags: TagBuilder.call(settings))
+          start_or_update_on_fork(action: :update_on_fork, tags: self.class.latest_tags(settings))
+        end
+
+        def report_unhandled_exception(exception, settings: Datadog.configuration)
+          # Maximum number of stack frames to include in exception crash reports
+          # This is the same number used for signal-based crashtracking's runtime stack
+          max_exception_stack_frames = 512
+
+          current_tags = self.class.latest_tags(settings)
+          # extract all frame data upfront; c expects exactly 3 elements, proper types, no nils
+          # limit to max_exception_stack_frames frames
+          all_backtrace_locations = exception.backtrace_locations || []
+          was_truncated = all_backtrace_locations.length > max_exception_stack_frames
+
+          backtrace_slice = all_backtrace_locations[0...max_exception_stack_frames] || []
+          # @type var frames_data: Array[[String, String, Integer]]
+          frames_data = backtrace_slice.map do |loc|
+            file = loc.path
+            file = '<unknown>' if file.nil? || file.empty? || !file.is_a?(String)
+
+            function = loc.label
+            function = '<unknown>' if function.nil? || function.empty? || !function.is_a?(String)
+
+            line = loc.lineno
+            line = 0 if line.nil? || line < 0 || !line.is_a?(Integer)
+
+            [file, function, line]
+          end
+
+          # Add truncation indicator frame if we had to cut off frames
+          if was_truncated
+            truncated_count = all_backtrace_locations.length - max_exception_stack_frames
+            frames_data << ['<truncated>', "<truncated #{truncated_count} more frames>", 0]
+          end
+
+          exception_message = exception.message
+          message =
+            if exception_message && !exception_message.empty?
+              "Process was terminated due to an unhandled exception of type '#{exception.class}'. Message: \"#{exception_message}\""
+            else
+              "Process was terminated due to an unhandled exception of type '#{exception.class}'."
+            end
+
+          success = self.class._native_report_ruby_exception(
+            agent_base_url,
+            message,
+            frames_data,
+            current_tags.to_a,
+            Datadog::VERSION::STRING
+          )
+
+          logger.debug('Crashtracker failed to report unhandled exception to crash tracker') unless success
         end
 
         def stop

data/lib/datadog/core/crashtracking/tag_builder.rb

@@ -2,6 +2,7 @@
 
 require_relative '../tag_builder'
 require_relative '../utils'
+require_relative '../environment/process'
 
 module Datadog
   module Core
@@ -13,6 +14,11 @@ module Datadog
             'is_crash' => 'true',
           )
 
+          if settings.experimental_propagate_process_tags_enabled
+            process_tags = Environment::Process.serialized
+            hash['process_tags'] = process_tags unless process_tags.empty?
+          end
+
           Utils.encode_tags(hash)
         end
       end

data/lib/datadog/core/environment/agent_info.rb

@@ -1,5 +1,8 @@
 # frozen_string_literal: true
 
+require_relative '../utils/fnv'
+require_relative 'process'
+
 module Datadog
   module Core
     module Environment
@@ -59,19 +62,80 @@ module Datadog
           @client = Remote::Transport::HTTP.root(agent_settings: agent_settings, logger: logger)
         end
 
-        # Fetches the information from the agent.
+        # Fetches the information from the Trace Agent.
         # @return [Datadog::Core::Remote::Transport::HTTP::Negotiation::Response] the response from the agent
         # @return [nil] if an error occurred while fetching the information
         def fetch
           res = @client.send_info
           return unless res.ok?
 
+          update_propagation_checksum(res)
+
           res
         end
 
         def ==(other)
           other.is_a?(self.class) && other.agent_settings == agent_settings
         end
+
+        # Returns the propagation checksum, comprising of process tags and optionally container tags (from the Trace Agent)
+        # Currently called/used by the DBM code to inject the propagation checksum into the SQL comment.
+        #
+        # This checksum is used for correlation across signals (traces, DBM, data streams, etc.) in environments
+        #
+        # The checksum is populated by the trace transport's periodic fetch calls.
+        # @return [Integer, nil] the FNV hash based on the container and process tags or nil
+        attr_reader :propagation_checksum
+
+        private
+
+        # Trace Agent 7.69.0+ provides a SHA256 checksum in the response header DATADOG-CONTAINER-TAGS-HASH based on the container id computed in Datadog::Core::Environment::Container
+        # This is a short checksum that uniquely identifies this process, its container environment, and
+        # the Datadog agent it connects to.
+        #
+        # This checksum only has to be internally consistent: the same value must be used by every signal
+        # emitted by this process+container+agent combinations). It is not required that this checksum is
+        # consistent with other SDKs.
+        # During calls to the Trace Agent, this checksum is cached but invalidated if a new value is returned
+        # The resulting propagation_checksum uses the container_tags_checksum
+        # https://github.com/DataDog/datadog-agent/pull/38515
+        attr_reader :container_tags_checksum
+
+        # Setting DD_EXPERIMENTAL_PROPAGATE_PROCESS_TAGS_ENABLED to true enables the following behavior:
+        #  - Computes a propagation checksum from process tags and optionally container tags when tags change
+        #  - This is needed in traces (dsm and dbm related spans), DBM, and DSM.
+        #
+        # Container tags extraction:
+        # Datadog::Core::Environment::Container extracts the container id from the cgroup folder if possible
+        # (note: not currently available in cgroupv2) and sends it to the Trace Agent via the header Datadog-Container-ID.
+        # The Trace Agent takes the container id and looks for matching container tags to compute a SHA256 checksum via the response header DATADOG-CONTAINER-TAGS-HASH
+        # https://github.com/DataDog/datadog-agent/blob/c923da011c8e51c35c0d05b6b10d016521915e7d/pkg/trace/api/info.go#L203-L227
+        #
+        # When deciding whether the propagation checksum should be updated, we need to be aware of some concerns:
+        #     - The tracer fails to send the container id in the first place
+        #     - It is possible that older Trace Agents may not have this specific header
+        #     - It is possible that we don't have access to the value if the Trace Agent is temporarily down. In these cases, we need to check for the value again on the next call to the info endpoint
+        #     - If we have access to the value, we need to check if it changed from the previous value.
+        #     - The Trace Agent runs into a permissions/setup issue.
+        def update_propagation_checksum(res)
+          return unless Datadog.configuration.experimental_propagate_process_tags_enabled
+
+          header_value = res.headers[Core::Transport::Ext::HTTP::HEADER_CONTAINER_TAGS_HASH]
+          new_container_tags_checksum = header_value if header_value && !header_value.empty?
+
+          # if the Trace Agent returns a new value for the checksum, calculate and cache the propagation checksum
+          # If there was no previous propagation_checksum, then we should calculate the checksum by checking the agent and getting process info
+          if @propagation_checksum.nil? || (new_container_tags_checksum && new_container_tags_checksum != @container_tags_checksum)
+            @container_tags_checksum = new_container_tags_checksum
+
+            checksum_input = Process.serialized
+            # Use local variable for Steep type narrowing (helps Steep with type narrowing)
+            container_checksum = @container_tags_checksum
+            checksum_input += container_checksum if container_checksum
+
+            @propagation_checksum = Core::Utils::FNV.fnv1_64(checksum_input)
+          end
+        end
       end
     end
   end

data/lib/datadog/core/knuth_sampler.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Datadog
+  module Core
+    # Deterministic sampler using Knuth multiplicative hash algorithm.
+    #
+    # This sampler provides consistent sampling decisions based on an input value,
+    # ensuring the same input always produces the same sampling decision for a given rate.
+    #
+    # The algorithm multiplies the input by a large prime (Knuth factor), takes modulo
+    # to constrain to a fixed range, and compares against a threshold derived from the sample rate.
+    #
+    # @api private
+    # @see https://en.wikipedia.org/wiki/Hash_function#Multiplicative_hashing
+    class KnuthSampler
+      # Maximum unsigned 64-bit integer for uniform distribution across 64-bit input space.
+      UINT64_MAX = (1 << 64) - 1
+      UINT64_MODULO = 1 << 64
+
+      # Golden ratio constant for optimal distribution.
+      # @see https://en.wikipedia.org/wiki/Hash_function#Fibonacci_hashing
+      DEFAULT_KNUTH_FACTOR = 11400714819323198485
+
+      attr_reader :rate
+
+      # @param rate [Float] Sampling rate between +0.0+ and +1.0+ (inclusive).
+      #   +0.0+ means no samples are kept; +1.0+ means all samples are kept.
+      #   Invalid values fall back to +1.0+ (sample everything).
+      # @param knuth_factor [Integer] Multiplicative constant for hashing.
+      #   Different factors produce different sampling distributions.
+      def initialize(rate = 1.0, knuth_factor: DEFAULT_KNUTH_FACTOR)
+        @knuth_factor = knuth_factor
+
+        rate = rate.to_f
+        unless rate >= 0.0 && rate <= 1.0
+          Datadog.logger.warn("Sample rate #{rate} is not between 0.0 and 1.0, falling back to 1.0")
+          rate = 1.0
+        end
+
+        @rate = rate
+        @threshold = @rate * UINT64_MAX
+      end
+
+      # Determines if the given input should be sampled.
+      #
+      # This method is deterministic: the same input value always produces
+      # the same result for a given sample rate and configuration.
+      #
+      # @param input [Integer] Value to determine sampling decision.
+      #   Typically a trace ID or incrementing counter.
+      # @return [Boolean] +true+ if input should be sampled, +false+ otherwise
+      def sample?(input)
+        ((input * @knuth_factor) % UINT64_MODULO) <= @threshold
+      end
+    end
+  end
+end

data/lib/datadog/core/logger.rb

@@ -28,7 +28,7 @@ module Datadog
 
         if message.nil?
           if block
-            super do
+            super(severity, nil, progname) do
               "[#{self.progname}] #{where}#{yield}"
             end
           else

data/lib/datadog/core/metrics/logging.rb

@@ -12,7 +12,7 @@ module Datadog
           attr_accessor :logger
 
           def initialize(logger = nil)
-            @logger = logger || Logger.new($stdout).tap do |l|
+            @logger = logger || Logger.new($stderr).tap do |l|
               l.level = ::Logger::INFO
               l.progname = nil
               l.formatter = proc do |_severity, datetime, _progname, msg|

data/lib/datadog/core/process_discovery.rb

@@ -1,16 +1,13 @@
 # frozen_string_literal: true
 
-require 'datadog/core/process_discovery/tracer_memfd'
-
-require_relative 'utils/at_fork_monkey_patch'
-require_relative 'utils/only_once'
+require_relative 'process_discovery/tracer_memfd'
+require_relative 'environment/process'
+require_relative 'environment/container'
 
 module Datadog
   module Core
     # Class used to store tracer metadata in a native file descriptor.
     module ProcessDiscovery
-      ONLY_ONCE = Core::Utils::OnlyOnce.new
-
       class << self
         def publish(settings)
           if (libdatadog_api_failure = Datadog::Core::LIBDATADOG_API_FAILURE)
@@ -18,8 +15,6 @@ module Datadog
             return
           end
 
-          ONLY_ONCE.run { apply_at_fork_patch }
-
           metadata = get_metadata(settings)
 
           shutdown!
@@ -27,8 +22,15 @@ module Datadog
         end
 
         def shutdown!
-          @file_descriptor&.shutdown!(Datadog.logger)
-          @file_descriptor = nil
+          if defined?(@file_descriptor)
+            @file_descriptor&.shutdown!(Datadog.logger)
+            @file_descriptor = nil
+          end
+        end
+
+        def after_fork
+          # The runtime-id changes after a fork. We call publish to ensure that the runtime-id is updated.
+          publish(Datadog.configuration)
         end
 
         private
@@ -44,17 +46,11 @@ module Datadog
             service_name: settings.service || '',
             service_env: settings.env || '',
             service_version: settings.version || '',
-            # TODO: Implement process tags and container id
-            process_tags: '',
-            container_id: ''
+            # Follows Java: https://github.com/DataDog/dd-trace-java/blob/2ebc964340ac530342cc389ba68ff0f5070d5f9f/dd-trace-core/src/main/java/datadog/trace/core/servicediscovery/ServiceDiscovery.java#L37-L38
+            process_tags: settings.experimental_propagate_process_tags_enabled ? Core::Environment::Process.serialized : '',
+            container_id: Core::Environment::Container.container_id || ''
           }
         end
-
-        def apply_at_fork_patch
-          # The runtime-id changes after a fork. We apply this patch to at_fork to ensure that the runtime-id is updated.
-          Utils::AtForkMonkeyPatch.apply!
-          Utils::AtForkMonkeyPatch.at_fork(:child) { publish(Datadog.configuration) }
-        end
       end
     end
   end