datadog 2.31.0 → 2.32.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1328115b16393f9d96152ad1d94cb6190c307d8dd5df341087ffe21e2212ec9b
-  data.tar.gz: f408b1437ae55de02488433b637c868bce087289ea5fc8af4aa808cfc4ee3b73
+  metadata.gz: 04ff51661b0a7d494e4beaf4d142c723bce97e2c2a14ad708e1bfd12e780129a
+  data.tar.gz: 0a4a3f4ccc112c3c805a035072270781e360f68ae1f3464356abde84b97944ea
 SHA512:
-  metadata.gz: faf8598916d674b5da3b3ab57c013060f9ecf92b939d69a51528a81e495d07340e9a8a0ba70bf9498f6d8c303a32c08d3fbf971759199ff35b47f34a25d88b0a
-  data.tar.gz: f7629d50a2537e08c9ceb5da1e81c25b788401c2992a3a70a2f2b29e2a44a3cbda7d2e621a316953202f5a068fa3ec201a4810d01b1b27ee4bab5bd1592a9bbd
+  metadata.gz: c664b9d447c8645e4a202f04e5b2f690b85f15b62689f3312a8d5d3ccb2a08ec289a6d07fa414eee8e5dd92a3bea9f040b758fbfed97ab602bdcf4a989e47d6b
+  data.tar.gz: 92ce248e3e351d774b043921c18cd73f3ba064eed1203246a81ef1de9500cb4c6220fc7df81187b5b49bd4062fa87228bf8be8817c599315da8853752740ab96

data/ext/datadog_profiling_native_extension/collectors_cpu_and_wall_time_worker.c

@@ -186,6 +186,11 @@ typedef struct {
     uint64_t gvl_sampling_time_ns_min;
     uint64_t gvl_sampling_time_ns_max;
     uint64_t gvl_sampling_time_ns_total;
+
+    struct vm_metrics {
+      // Total time spent waiting for the GVL
+      uint64_t gvl_waiting_time_ns_total;
+    } vm_metrics;
   } stats;
 } cpu_and_wall_time_worker_state;
 
@@ -1101,6 +1106,7 @@ static VALUE _native_stats(DDTRACE_UNUSED VALUE self, VALUE instance) {
     ID2SYM(rb_intern("gvl_sampling_time_ns_max")),   /* => */ RUBY_NUM_OR_NIL(state->stats.gvl_sampling_time_ns_max, > 0, ULL2NUM),
     ID2SYM(rb_intern("gvl_sampling_time_ns_total")), /* => */ RUBY_NUM_OR_NIL(state->stats.gvl_sampling_time_ns_total, > 0, ULL2NUM),
     ID2SYM(rb_intern("gvl_sampling_time_ns_avg")),   /* => */ RUBY_AVG_OR_NIL(state->stats.gvl_sampling_time_ns_total, state->stats.after_gvl_running),
+    ID2SYM(rb_intern("gvl_waiting_time_ns_total")),  /* => */ state->gvl_profiling_enabled ? ULL2NUM(state->stats.vm_metrics.gvl_waiting_time_ns_total) : Qnil,
   };
   for (long unsigned int i = 0; i < VALUE_COUNT(arguments); i += 2) rb_hash_aset(stats_as_hash, arguments[i], arguments[i+1]);
   return stats_as_hash;
@@ -1141,6 +1147,7 @@ static void reset_stats_not_thread_safe(cpu_and_wall_time_worker_state *state) {
     .cpu_sampling_time_ns_min        = UINT64_MAX,
     .allocation_sampling_time_ns_min = UINT64_MAX,
     .gvl_sampling_time_ns_min        = UINT64_MAX,
+    // Other fields are reset to 0
   };
 }
 
@@ -1399,7 +1406,7 @@ static VALUE _native_resume_signals(DDTRACE_UNUSED VALUE self) {
       // Interesting note: A RUBY_INTERNAL_THREAD_EVENT_RESUMED is guaranteed to be called with the GVL being acquired.
       // (And... I think target_thread will be == rb_thread_current()?)
       //
-      // But we're not sure if we're on the main Ractor yet. The thread context collector actually can actually help here:
+      // But we're not sure if we're on the main Ractor yet. The thread context collector can actually help here:
       // it tags threads it's tracking, so if a thread is tagged then by definition we know that thread belongs to the main
       // Ractor. Thus, if we get a ON_GVL_RUNNING_UNKNOWN result we shouldn't touch any state, but otherwise we're good to go.
 
@@ -1407,19 +1414,22 @@ static VALUE _native_resume_signals(DDTRACE_UNUSED VALUE self) {
         target_thread = gvl_profiling_state_maybe_initialize();
       #endif
 
+      cpu_and_wall_time_worker_state *state = active_sampler_instance_state; // Read from global variable, see "sampler global state safety" note above
+      if (state == NULL) return; // This should not happen, but just in case...
+
       on_gvl_running_result result = thread_context_collector_on_gvl_running(target_thread);
 
-      if (result == ON_GVL_RUNNING_SAMPLE) {
+      if (result.waiting_for_gvl_duration_ns > 0) {
+        state->stats.vm_metrics.gvl_waiting_time_ns_total += (uint64_t) result.waiting_for_gvl_duration_ns;
+      }
+
+      if (result.action == ON_GVL_RUNNING_SAMPLE) {
         #ifndef NO_POSTPONED_TRIGGER
           rb_postponed_job_trigger(after_gvl_running_from_postponed_job_handle);
         #else
           rb_postponed_job_register_one(0, after_gvl_running_from_postponed_job, NULL);
         #endif
-      } else if (result == ON_GVL_RUNNING_DONT_SAMPLE) {
-        cpu_and_wall_time_worker_state *state = active_sampler_instance_state; // Read from global variable, see "sampler global state safety" note above
-
-        if (state == NULL) return; // This should not happen, but just in case...
-
+      } else if (result.action == ON_GVL_RUNNING_DONT_SAMPLE) {
         state->stats.gvl_dont_sample++;
       }
     } else {

data/ext/datadog_profiling_native_extension/collectors_thread_context.c

@@ -1924,10 +1924,14 @@ static uint64_t otel_span_id_to_uint(VALUE otel_span_id) {
     intptr_t gvl_waiting_at = gvl_profiling_state_get(thread);
 
     // Thread was not being profiled / not waiting on gvl
-    if (gvl_waiting_at == 0 || gvl_waiting_at == GVL_WAITING_ENABLED_EMPTY) return ON_GVL_RUNNING_UNKNOWN;
+    if (gvl_waiting_at == 0 || gvl_waiting_at == GVL_WAITING_ENABLED_EMPTY) {
+      return (on_gvl_running_result) {.action = ON_GVL_RUNNING_UNKNOWN, .waiting_for_gvl_duration_ns = 0};
+    }
 
     // @ivoanjo: I'm not sure if this can happen -- It means we should've sampled already but haven't gotten the chance yet?
-    if (gvl_waiting_at < 0) return ON_GVL_RUNNING_SAMPLE;
+    if (gvl_waiting_at < 0) {
+      return (on_gvl_running_result) {.action = ON_GVL_RUNNING_SAMPLE, .waiting_for_gvl_duration_ns = 0};
+    }
 
     long waiting_for_gvl_duration_ns = monotonic_wall_time_now_ns(DO_NOT_RAISE_ON_FAILURE) - gvl_waiting_at;
 
@@ -1943,7 +1947,10 @@ static uint64_t otel_span_id_to_uint(VALUE otel_span_id) {
       gvl_profiling_state_set(thread, GVL_WAITING_ENABLED_EMPTY);
     }
 
-    return should_sample ? ON_GVL_RUNNING_SAMPLE : ON_GVL_RUNNING_DONT_SAMPLE;
+    return (on_gvl_running_result) {
+      .action = should_sample ? ON_GVL_RUNNING_SAMPLE : ON_GVL_RUNNING_DONT_SAMPLE,
+      .waiting_for_gvl_duration_ns = waiting_for_gvl_duration_ns,
+    };
   }
 
   __attribute__((warn_unused_result))
@@ -2146,7 +2153,7 @@ static uint64_t otel_span_id_to_uint(VALUE otel_span_id) {
 
     debug_enter_unsafe_context();
 
-    VALUE result = thread_context_collector_on_gvl_running(thread_from_thread_object(thread)) == ON_GVL_RUNNING_SAMPLE ? Qtrue : Qfalse;
+    VALUE result = thread_context_collector_on_gvl_running(thread_from_thread_object(thread)).action == ON_GVL_RUNNING_SAMPLE ? Qtrue : Qfalse;
 
     debug_leave_unsafe_context();
 

data/ext/datadog_profiling_native_extension/collectors_thread_context.h

@@ -2,6 +2,7 @@
 
 #include <ruby.h>
 #include <stdbool.h>
+#include <stdint.h>
 
 #include "gvl_profiling_helper.h"
 
@@ -25,6 +26,11 @@ VALUE enforce_thread_context_collector_instance(VALUE object);
     ON_GVL_RUNNING_UNKNOWN, // Thread is not known, it may not even be from the current Ractor
     ON_GVL_RUNNING_DONT_SAMPLE, // Thread is known, but "Waiting for GVL" period was too small to be sampled
     ON_GVL_RUNNING_SAMPLE, // Thread is known, and "Waiting for GVL" period should be sampled
+  } on_gvl_running_enum;
+
+  typedef struct {
+    on_gvl_running_enum action;
+    long waiting_for_gvl_duration_ns;
   } on_gvl_running_result;
 
   void thread_context_collector_on_gvl_waiting(gvl_profiling_thread thread);

data/ext/datadog_profiling_native_extension/extconf.rb

@@ -69,11 +69,16 @@ $stderr.puts(
 # NOTE: we MUST NOT require 'mkmf' before we check the #skip_building_extension? because the require triggers checks
 # that may fail on an environment not properly setup for building Ruby extensions.
 require "mkmf"
+Datadog::LibdatadogExtconfHelpers.dump_mkmf_log_on_failure!
 
 Logging.message("[datadog] Using compiler:\n")
 xsystem("#{CONFIG["CC"]} -v")
 Logging.message("[datadog] End of compiler information\n")
 
+# We must *never* `append_cflags "-Wall"` or `append_cflags "-Wextra"`, because those add the flag at the end,
+# which then overrides earlier -Wno-* flags from RbConfig::CONFIG["warnflags"], and causes errors if -Werror is added.
+# There is no need to add them anyway, Ruby since 1.9 has RbConfig::CONFIG["warnflags"] starting with "-Wall -Wextra ".
+
 # Because we can't control what compiler versions our customers use, shipping with -Werror by default is a no-go.
 # But we can enable it in CI, so that we quickly spot any new warnings that just got introduced.
 append_cflags "-Werror" if ENV["DATADOG_GEM_CI"] == "true"
@@ -106,10 +111,6 @@ append_cflags "-fvisibility=hidden"
 # Avoid legacy C definitions
 append_cflags "-Wold-style-definition"
 
-# Enable all other compiler warnings
-append_cflags "-Wall"
-append_cflags "-Wextra"
-
 if ENV["DDTRACE_DEBUG"] == "true"
   $defs << "-DDD_DEBUG"
   CONFIG["optflags"] = "-O0"

data/ext/datadog_profiling_native_extension/http_transport.c

@@ -198,15 +198,15 @@ static VALUE _native_do_export(
   VALUE flush
 ) {
   VALUE encoded_profile = rb_funcall(flush, rb_intern("encoded_profile"), 0);
-  VALUE code_provenance_file_name = rb_funcall(flush, rb_intern("code_provenance_file_name"), 0);
   VALUE code_provenance_data = rb_funcall(flush, rb_intern("code_provenance_data"), 0);
+  VALUE metrics_json = rb_funcall(flush, rb_intern("metrics"), 0);
   VALUE tags_as_array = rb_funcall(flush, rb_intern("tags_as_array"), 0);
   VALUE internal_metadata_json = rb_funcall(flush, rb_intern("internal_metadata_json"), 0);
   VALUE info_json = rb_funcall(flush, rb_intern("info_json"), 0);
   VALUE process_tags = rb_funcall(flush, rb_intern("process_tags"), 0);
 
   enforce_encoded_profile_instance(encoded_profile);
-  ENFORCE_TYPE(code_provenance_file_name, T_STRING);
+  ENFORCE_TYPE(metrics_json, T_STRING);
   ENFORCE_TYPE(tags_as_array, T_ARRAY);
   ENFORCE_TYPE(internal_metadata_json, T_STRING);
   ENFORCE_TYPE(info_json, T_STRING);
@@ -216,13 +216,18 @@ static VALUE _native_do_export(
   bool have_code_provenance = !NIL_P(code_provenance_data);
   if (have_code_provenance) ENFORCE_TYPE(code_provenance_data, T_STRING);
 
-  int to_compress_length = have_code_provenance ? 1 : 0;
+  int to_compress_length = 1 + (have_code_provenance ? 1 : 0);
   ddog_prof_Exporter_File to_compress[to_compress_length];
   ddog_prof_Exporter_Slice_File files_to_compress_and_export = {.ptr = to_compress, .len = to_compress_length};
 
+  to_compress[0] = (ddog_prof_Exporter_File) {
+    .name = DDOG_CHARSLICE_C("metrics.json"),
+    .file = byte_slice_from_ruby_string(metrics_json),
+  };
+
   if (have_code_provenance) {
-    to_compress[0] = (ddog_prof_Exporter_File) {
-      .name = char_slice_from_ruby_string(code_provenance_file_name),
+    to_compress[1] = (ddog_prof_Exporter_File) {
+      .name = DDOG_CHARSLICE_C("code-provenance.json"),
       .file = byte_slice_from_ruby_string(code_provenance_data),
     };
   }

data/ext/libdatadog_api/di.c

@@ -3,7 +3,12 @@
 #include "datadog_ruby_common.h"
 
 // Prototypes for Ruby functions declared in internal Ruby headers.
+// rb_iseqw_new wraps an internal iseq pointer into a Ruby-visible
+// RubyVM::InstructionSequence object.
 VALUE rb_iseqw_new(const void *iseq);
+// rb_iseqw_to_iseq unwraps a RubyVM::InstructionSequence object back
+// to its internal iseq pointer.
+const void *rb_iseqw_to_iseq(VALUE iseqw);
 int rb_objspace_internal_object_p(VALUE obj);
 void rb_objspace_each_objects(
     int (*callback)(void *start, void *end, size_t stride, void *data),
@@ -70,10 +75,53 @@ static VALUE exception_message(DDTRACE_UNUSED VALUE _self, VALUE exception) {
   return rb_ivar_get(exception, id_mesg);
 }
 
+// rb_iseq_type was added in Ruby 3.1 (commit 89a02d89 by Koichi Sasada,
+// 2021-12-19). It returns the iseq type as a Symbol. On Ruby < 3.1 this
+// function does not exist, so have_func('rb_iseq_type') in extconf.rb
+// gates compilation. When unavailable, backfill_registry falls back to
+// the first_lineno == 0 heuristic.
+#ifdef HAVE_RB_ISEQ_TYPE
+VALUE rb_iseq_type(const void *iseq);
+
+/*
+ * call-seq:
+ *   DI.iseq_type(iseq) -> Symbol
+ *
+ * Returns the type of an InstructionSequence as a symbol by calling
+ * the internal rb_iseq_type() function (available since Ruby 3.1).
+ *
+ * This method is only defined when rb_iseq_type is detected at compile
+ * time via have_func in extconf.rb. On Ruby < 3.1 it is not available
+ * and callers must use an alternative (e.g. first_lineno heuristic).
+ *
+ * Possible return values: :top, :method, :block, :class, :rescue,
+ * :ensure, :eval, :main, :plain.
+ *
+ * :top and :main represent whole-file iseqs (from require/load and the
+ * entry point script respectively). Other types represent sub-file
+ * constructs (method definitions, class bodies, blocks, etc.).
+ *
+ * Used by CodeTracker#backfill_registry to distinguish whole-file iseqs
+ * from per-method/block/class iseqs when populating the registry from
+ * the object space.
+ *
+ * @param iseq [RubyVM::InstructionSequence] The instruction sequence
+ * @return [Symbol] The iseq type
+ */
+static VALUE iseq_type(DDTRACE_UNUSED VALUE _self, VALUE iseq_val) {
+  const void *iseq = rb_iseqw_to_iseq(iseq_val);
+  if (!iseq) return Qnil;
+  return rb_iseq_type(iseq);
+}
+#endif
+
 void di_init(VALUE datadog_module) {
   id_mesg = rb_intern("mesg");
 
   VALUE di_module = rb_define_module_under(datadog_module, "DI");
   rb_define_singleton_method(di_module, "all_iseqs", all_iseqs, 0);
   rb_define_singleton_method(di_module, "exception_message", exception_message, 1);
+#ifdef HAVE_RB_ISEQ_TYPE
+  rb_define_singleton_method(di_module, "iseq_type", iseq_type, 1);
+#endif
 }

data/ext/libdatadog_api/extconf.rb

@@ -31,6 +31,11 @@ libdatadog_issue = Datadog::LibdatadogExtconfHelpers.load_libdatadog_or_get_issu
 skip_building_extension!("issue setting up `libdatadog` gem: #{libdatadog_issue}") if libdatadog_issue
 
 require 'mkmf'
+Datadog::LibdatadogExtconfHelpers.dump_mkmf_log_on_failure!
+
+# We must *never* `append_cflags "-Wall"` or `append_cflags "-Wextra"`, because those add the flag at the end,
+# which then overrides earlier -Wno-* flags from RbConfig::CONFIG["warnflags"], and causes errors if -Werror is added.
+# There is no need to add them anyway, Ruby since 1.9 has RbConfig::CONFIG["warnflags"] starting with "-Wall -Wextra ".
 
 # Because we can't control what compiler versions our customers use, shipping with -Werror by default is a no-go.
 # But we can enable it in CI, so that we quickly spot any new warnings that just got introduced.
@@ -64,10 +69,6 @@ append_cflags '-fvisibility=hidden'
 # Avoid legacy C definitions
 append_cflags '-Wold-style-definition'
 
-# Enable all other compiler warnings
-append_cflags '-Wall'
-append_cflags '-Wextra'
-
 if ENV['DDTRACE_DEBUG'] == 'true'
   $defs << '-DDD_DEBUG'
   CONFIG['optflags'] = '-O0'
@@ -89,6 +90,8 @@ Datadog::LibdatadogExtconfHelpers.add_libdatadog_version_define
 # When requiring, we need to use the exact same string, including the version and the platform.
 EXTENSION_NAME = "libdatadog_api.#{RUBY_VERSION[/\d+.\d+/]}_#{RUBY_PLATFORM}".freeze
 
+have_func('rb_iseq_type')
+
 create_makefile(EXTENSION_NAME)
 
 # rubocop:enable Style/GlobalVars

data/ext/libdatadog_extconf_helpers.rb

@@ -170,6 +170,43 @@ module Datadog
     end
     # rubocop:enable Style/GlobalVars
 
+    # When setting up the extension build fails (e.g. a missing header), the actual failure ends up in mkmf.log
+    # and is not printed, which is confusing and complicates debugging. To fix that, this monkey patch actually
+    # prints the failure.
+    def self.dump_mkmf_log_on_failure!
+      # Doesn't work on 2.5/2.6 and not worth extra complexity to support
+      return if RUBY_VERSION < '2.7'
+
+      MakeMakefile.prepend(DumpMkmfLogOnFailure)
+    end
+
+    # rubocop:disable Style/GlobalVars,Style/StderrPuts
+    # See `dump_mkmf_log_on_failure!` for details.
+    module DumpMkmfLogOnFailure
+      def mkmf_failed(path)
+        unless $makefile_created || File.exist?('Makefile')
+          log_path = File.expand_path('mkmf.log')
+          if File.exist?(log_path)
+            # The full log is very verbose so let's grab only the last check which should be the one that failed
+            entries = File.read(log_path).split(/^-{20}$\n?/)
+            last_entry = entries.reverse.find { |e| !e.strip.empty? } || ''
+
+            $stderr.puts(
+              "+------------------------------------------------------------------------------+\n" \
+              "| There was an issue setting up extension build:                               |\n" \
+              "+------------------------------------------------------------------------------+" \
+              "#{last_entry.chomp}" \
+              "+------------------------------------------------------------------------------+\n" \
+              "| Full failure log is at #{log_path}\n" \
+              "+------------------------------------------------------------------------------+\n" \
+            )
+          end
+        end
+        super
+      end
+    end
+    # rubocop:enable Style/GlobalVars,Style/StderrPuts
+
     # Note: This helper is currently only used in the `libdatadog_api/extconf.rb` BUT still lives here to enable testing.
     def self.load_libdatadog_or_get_issue
       try_loading_libdatadog do |exception|

data/lib/datadog/ai_guard/configuration.rb

@@ -1,11 +1,114 @@
 # frozen_string_literal: true
 
+require "uri"
+require_relative "configuration/ext"
+
 module Datadog
   module AIGuard
     # Configuration module for AI Guard
     module Configuration
+      # AI Guard specific settings
+      module Settings
+        def self.extended(base)
+          base = base.singleton_class unless base.is_a?(Class)
+          add_settings!(base)
+        end
+
+        def self.add_settings!(base)
+          base.class_eval do
+            # AI Guard specific configurations.
+            # @public_api
+            #
+            # Steep does not update `self` for this `class_eval` block.
+            # @type self: Datadog::Core::Configuration::Base::_DslContext
+            settings :ai_guard do
+              # Enable AI Guard.
+              #
+              # You can use this option to skip calls to AI Guard API without having to remove library as a whole.
+              #
+              # @default `DD_AI_GUARD_ENABLED`, otherwise `false`
+              # @return [Boolean]
+              option :enabled do |o|
+                o.type :bool
+                o.env Ext::ENV_AI_GUARD_ENABLED
+                o.default false
+              end
+
+              define_method(:instrument) do |integration_name|
+                return unless enabled # steep:ignore
+
+                if (registered_integration = Datadog::AIGuard::Contrib::Integration.registry[integration_name])
+                  klass = registered_integration.klass
+                  if klass.loaded? && klass.compatible?
+                    instance = klass.new
+                    instance.patcher.patch unless instance.patcher.patched?
+                  end
+                end
+              end
+
+              # AI Guard API endpoint path.
+              #
+              # @default `DD_AI_GUARD_ENDPOINT`, otherwise `nil`
+              # @return [String, nil]
+              option :endpoint do |o|
+                o.type :string, nilable: true
+                o.env Ext::ENV_AI_GUARD_ENDPOINT
+
+                o.setter do |value|
+                  next unless value
+
+                  uri = URI(value.to_s)
+                  raise ArgumentError, "Please provide an absolute URI that includes a protocol" unless uri.absolute?
+
+                  uri.to_s.delete_suffix("/")
+                end
+              end
+
+              # Datadog Application key.
+              #
+              # @default `DD_APP_KEY` environment variable, otherwise `nil`
+              # @return [String, nil]
+              option :app_key do |o|
+                o.type :string, nilable: true
+                o.env Ext::ENV_APP_KEY
+              end
+
+              # Request timeout in milliseconds.
+              #
+              # @default `DD_AI_GUARD_TIMEOUT`, otherwise 10 000 ms
+              # @return [Integer]
+              option :timeout_ms do |o|
+                o.type :int
+                o.env Ext::ENV_AI_GUARD_TIMEOUT
+                o.default 10_000
+              end
+
+              # Maximum content size in bytes.
+              # Content that exceeds the maximum allowed size is truncated before
+              # being stored in the current span context.
+              #
+              # @default `DD_AI_GUARD_MAX_CONTENT_SIZE`, otherwise 524 228 bytes
+              # @return [Integer]
+              option :max_content_size_bytes do |o|
+                o.type :int
+                o.env Ext::ENV_AI_GUARD_MAX_CONTENT_SIZE
+                o.default 512 * 1024
+              end
+
+              # Maximum number of messages.
+              # Older messages are omitted once the message limit is reached.
+              #
+              # @default `DD_AI_GUARD_MAX_MESSAGES_LENGTH`, otherwise 16 messages
+              # @return [Integer]
+              option :max_messages_length do |o|
+                o.type :int
+                o.env Ext::ENV_AI_GUARD_MAX_MESSAGES_LENGTH
+                o.default 16
+              end
+            end
+          end
+        end
+      end
     end
   end
 end
-
-require_relative "configuration/settings"

data/lib/datadog/ai_guard/evaluation.rb

@@ -15,6 +15,7 @@ module Datadog
               Tracing::Metadata::Ext::Distributed::TAG_DECISION_MAKER,
               Tracing::Sampling::Ext::Decision::AI_GUARD
             )
+            trace.set_tag(Ext::EVENT_TAG, true)
 
             if (last_message = messages.last)
               if last_message.tool_call

data/lib/datadog/ai_guard/ext.rb

@@ -10,6 +10,7 @@ module Datadog
       ACTION_TAG = "ai_guard.action"
       REASON_TAG = "ai_guard.reason"
       BLOCKED_TAG = "ai_guard.blocked"
+      EVENT_TAG = "ai_guard.event"
       METASTRUCT_TAG = "ai_guard"
     end
   end

data/lib/datadog/appsec/autoload.rb

@@ -7,7 +7,7 @@ if %w[1 true].include?((Datadog::DATADOG_ENV['DD_APPSEC_ENABLED'] || '').downcas
   rescue => e
     Kernel.warn(
       '[datadog] AppSec failed to instrument. No security check will be performed. error: ' \
-      " #{e.class}: #{e}"
+      " #{e.class}: #{e.message}"
     )
   end
 end

data/lib/datadog/appsec/component.rb

@@ -47,7 +47,7 @@ module Datadog
           security_engine = SecurityEngine::Engine.new(appsec_settings: settings.appsec, telemetry: telemetry)
           new(security_engine: security_engine)
         rescue => e
-          Datadog.logger.warn("AppSec is disabled: #{e.class}: #{e}; there may be additional logged errors above")
+          Datadog.logger.warn("AppSec is disabled: #{e.class}: #{e.message}; there may be additional logged errors above")
 
           # Not reporting to telemetry here because some of the rescued exceptions
           # have already been reported by the code that raised them