newrelic_rpm 9.1.0 → 9.21.0

data/newrelic.yml

@@ -1,5 +1,5 @@
 #
-# This file configures the New Relic Agent.  New Relic monitors Ruby, Java,
+# This file configures the New Relic agent.  New Relic monitors Ruby, Java,
 # .NET, PHP, Python, Node, and Go applications with deep visibility and low
 # overhead.  For more information, visit www.newrelic.com.
 
@@ -26,49 +26,94 @@ common: &default_settings
   # All of the following configuration options are optional. Review them, and
   # uncomment or edit them if they appear relevant to your application needs.
 
-  # An array of ActiveSupport custom events names to subscribe to and provide
-  # instrumentation for. For example,
-  #   - my.custom.event
-  #   - another.event
-  #   - a.third.event
-  # active_support_custom_events_names: ""
-
-  # If `true`, all logging-related features for the agent can be enabled or disabled
-  # independently. If `false`, all logging-related features are disabled.
+  # An array of ActiveSupport custom event names to subscribe to and instrument.
+  # For example,
+  # - one.custom.event
+  # - another.event
+  # - a.third.event
+  # active_support_custom_events_names: []
+
+  # If false, all LLM instrumentation (OpenAI only for now) will be disabled and
+  # no metrics, events, or spans will be sent. AI Monitoring is automatically
+  # disabled if high_security mode is enabled.
+  # ai_monitoring.enabled: false
+
+  # If false, LLM instrumentation (OpenAI only for now) will not capture input and
+  # output content on specific LLM events.
+  # 
+  # The excluded attributes include:
+  # - content from LlmChatCompletionMessage events
+  # - input from LlmEmbedding events
+  # 
+  # This is an optional security setting to prevent recording sensitive data sent
+  # to and received from your LLMs.
+  # ai_monitoring.record_content.enabled: true
+
+  # If true, enables capture of all HTTP request headers for all destinations.
+  # allow_all_headers: false
+
+  # Your New Relic userKey. Required when using the New Relic REST API v2 to
+  # record deployments using the newrelic deployments command.
+  # api_key: ""
+
+  # If true, enables log decoration and the collection of log events and metrics.
   # application_logging.enabled: true
 
-  # If `true`, the agent captures log records emitted by this application.
+  # A hash with key/value pairs to add as custom attributes to all log events
+  # forwarded to New Relic. If sending using an environment variable, the value
+  # must be formatted like: "key1=value1,key2=value2"
+  # application_logging.forwarding.custom_attributes: {}
+
+  # If true, the agent captures log records emitted by your application.
   # application_logging.forwarding.enabled: true
 
+  # If true, the agent attaches labels to log records.
+  # application_logging.forwarding.labels.enabled: false
+
+  # A case-insensitive array or comma-delimited string containing the labels to
+  # exclude from log records.
+  # application_logging.forwarding.labels.exclude: []
+
+  # Sets the minimum level a log event must have to be forwarded to New Relic.
+  # 
+  # This is based on the integer values of Ruby's Logger::Severity constants.
+  # 
+  # The intention is to forward logs with the level given to the configuration, as
+  # well as any logs with a higher level of severity.
+  # 
+  # For example, setting this value to "debug" will forward all log events to New
+  # Relic. Setting this value to "error" will only forward log events with the
+  # levels "error", "fatal", and "unknown".
+  # 
+  # Valid values (ordered lowest to highest):
+  # - "debug"
+  # - "info"
+  # - "warn"
+  # - "error"
+  # - "fatal"
+  # - "unknown"
+  # application_logging.forwarding.log_level: debug
+
   # Defines the maximum number of log records to buffer in memory at a time.
   # application_logging.forwarding.max_samples_stored: 10000
 
-  # If `true`, the agent captures metrics related to logging for this application.
-  # application_logging.metrics.enabled: true
-
-  # If `true`, the agent decorates logs with metadata to link to entities, hosts, traces, and spans.
+  # If true, the agent decorates logs with metadata to link to entities, hosts,
+  # traces, and spans.
   # application_logging.local_decorating.enabled: false
 
-  # If `true`, the agent will report source code level metrics for traced methods
-  # see: https://docs.newrelic.com/docs/apm/agents/ruby-agent/features/ruby-codestream-integration/
-  # code_level_metrics.enabled: true
-
-  # If true, enables transaction event sampling.
-  # transaction_events.enabled: true
+  # If true, the agent captures metrics related to logging for your application.
+  # application_logging.metrics.enabled: true
 
-  # Defines the maximum number of request events reported from a single harvest.
-  # transaction_events.max_samples_stored: 1200
+  # If true, enables capture of attributes for all destinations.
+  # attributes.enabled: true
 
   # Prefix of attributes to exclude from all destinations. Allows * as wildcard at
   # end.
-  # attributes_exclude: []
+  # attributes.exclude: []
 
   # Prefix of attributes to include in all destinations. Allows * as wildcard at
   # end.
-  # attributes_include: []
-
-  # If true, enables capture of attributes for all destinations.
-  # attributes.enabled: true
+  # attributes.include: []
 
   # If true, enables an audit log which logs communications with the New Relic
   # collector.
@@ -78,24 +123,76 @@ common: &default_settings
   # audit_log.endpoints: [".*"]
 
   # Specifies a path to the audit log file (including the filename).
-  # audit_log.path: "/audit_log"
+  # audit_log.path: log/newrelic_audit.log
+
+  # An array of CLASS#METHOD (for instance methods) and/or CLASS.METHOD (for class
+  # methods) strings representing Ruby methods that the agent can automatically
+  # add custom instrumentation to. This doesn't require any modifications of the
+  # source code that defines the methods.
+  # 
+  # Use fully qualified class names (using the :: delimiter) that include any
+  # module or class namespacing.
+  # 
+  # Here is some Ruby source code that defines a render_png instance method for an
+  # Image class and a notify class method for a User class, both within a
+  # MyCompany module namespace:
+  # 
+  # module MyCompany
+  # class Image
+  # def render_png
+  # # code to render a PNG
+  # end
+  # end
+  # 
+  # class User
+  # def self.notify
+  # # code to notify users
+  # end
+  # end
+  # end
+  # 
+  # 
+  # Given that source code, the newrelic.yml config file might request
+  # instrumentation for both of these methods like so:
+  # 
+  # automatic_custom_instrumentation_method_list:
+  # - MyCompany::Image#render_png
+  # - MyCompany::User.notify
+  # 
+  # 
+  # That configuration example uses YAML array syntax to specify both methods.
+  # Alternatively, you can use a comma-delimited string:
+  # 
+  # automatic_custom_instrumentation_method_list: 'MyCompany::Image#render_png,
+  # MyCompany::User.notify'
+  # 
+  # 
+  # Whitespace around the comma(s) in the list is optional. When configuring the
+  # agent with a list of methods via the
+  # NEW_RELIC_AUTOMATIC_CUSTOM_INSTRUMENTATION_METHOD_LIST environment variable,
+  # use this comma-delimited string format:
+  # 
+  # export
+  # NEW_RELIC_AUTOMATIC_CUSTOM_INSTRUMENTATION_METHOD_LIST='MyCompany::Image#render_png,
+  # MyCompany::User.notify'
+  # automatic_custom_instrumentation_method_list: []
 
   # Specify a list of constants that should prevent the agent from starting
-  # automatically. Separate individual constants with a comma ,.
-  # For example, Rails::Console,UninstrumentedBackgroundJob.
-  # autostart.denylisted_constants: "rails::console"
+  # automatically. Separate individual constants with a comma ,. For example,
+  # "Rails::Console,UninstrumentedBackgroundJob".
+  # autostart.denylisted_constants: Rails::Command::ConsoleCommand,Rails::Command::CredentialsCommand,Rails::Command::Db::System::ChangeCommand,Rails::Command::DbConsoleCommand,Rails::Command::DestroyCommand,Rails::Command::DevCommand,Rails::Command::EncryptedCommand,Rails::Command::GenerateCommand,Rails::Command::InitializersCommand,Rails::Command::NotesCommand,Rails::Command::RoutesCommand,Rails::Command::RunnerCommand,Rails::Command::SecretsCommand,Rails::Console,Rails::DBConsole
 
   # Defines a comma-delimited list of executables that the agent should not
-  # instrument. For example, rake,my_ruby_script.rb.
-  # autostart.denylisted_executables: "irb,rspec"
+  # instrument. For example, "rake,my_ruby_script.rb".
+  # autostart.denylisted_executables: irb,rspec
 
   # Defines a comma-delimited list of Rake tasks that the agent should not
-  # instrument. For example, assets:precompile,db:migrate.
-  # autostart.denylisted_rake_tasks: "about,assets:clean,assets:clobber,assets:environment,assets:precompile,assets:precompile:all,db:create,db:drop,db:fixtures:load,db:migrate,db:migrate:status,db:rollback,db:schema:cache:clear,db:schema:cache:dump,db:schema:dump,db:schema:load,db:seed,db:setup,db:structure:dump,db:version,doc:app,log:clear,middleware,notes,notes:custom,rails:template,rails:update,routes,secret,spec,spec:features,spec:requests,spec:controllers,spec:helpers,spec:models,spec:views,spec:routing,spec:rcov,stats,test,test:all,test:all:db,test:recent,test:single,test:uncommitted,time:zones:all,tmp:clear,tmp:create,webpacker:compile"
+  # instrument. For example, "assets:precompile,db:migrate".
+  # autostart.denylisted_rake_tasks: about,assets:clean,assets:clobber,assets:environment,assets:precompile,assets:precompile:all,db:create,db:drop,db:fixtures:load,db:migrate,db:migrate:status,db:rollback,db:schema:cache:clear,db:schema:cache:dump,db:schema:dump,db:schema:load,db:seed,db:setup,db:structure:dump,db:version,doc:app,log:clear,middleware,notes,notes:custom,rails:template,rails:update,routes,secret,spec,spec:features,spec:requests,spec:controllers,spec:helpers,spec:models,spec:views,spec:routing,spec:rcov,stats,test,test:all,test:all:db,test:recent,test:single,test:uncommitted,time:zones:all,tmp:clear,tmp:create,webpacker:compile
 
-  # Backports the faster Active Record connection lookup introduced in Rails 6,
-  # which improves agent performance when instrumenting Active Record. Note that
-  # this setting may not be compatible with other gems that patch Active Record.
+  # Backports the faster ActiveRecord connection lookup introduced in Rails 6,
+  # which improves agent performance when instrumenting ActiveRecord. Note that
+  # this setting may not be compatible with other gems that patch ActiveRecord.
   # backport_fast_active_record_connection_lookup: false
 
   # If true, the agent captures attributes from browser monitoring.
@@ -109,68 +206,83 @@ common: &default_settings
   # end.
   # browser_monitoring.attributes.include: []
 
-  # This is true by default, this enables auto-injection of the JavaScript header
-  # for page load timing (sometimes referred to as real user monitoring or RUM).
+  # If true, enables auto-injection of the JavaScript header for page load timing
+  # (sometimes referred to as real user monitoring or RUM).
   # browser_monitoring.auto_instrument: true
 
-  # Manual override for the path to your local CA bundle. This CA bundle will be
-  # used to validate the SSL certificate presented by New Relic's data collection
-  # service.
+  # If true, enables auto-injection of Content Security Policy Nonce in browser
+  # monitoring scripts. For now, auto-injection only works with Rails 5.2+.
+  # browser_monitoring.content_security_policy_nonce: true
+
+  # Manual override for the path to your local CA bundle. This CA bundle validates
+  # the SSL certificate presented by New Relic's data collection service.
   # ca_bundle_path: nil
 
   # Enable or disable the capture of memcache keys from transaction traces.
   # capture_memcache_keys: false
 
   # When true, the agent captures HTTP request parameters and attaches them to
-  # transaction traces, traced errors, and TransactionError events. When using the
-  # capture_params setting, the Ruby agent will not attempt to filter secret
-  # information. Recommendation: To filter secret information from request
-  # parameters,use the attributes.include setting instead. For more information,
-  # see the Ruby attribute examples.
+  # transaction traces, traced errors, and TransactionError events.
+  # 
+  # When using the capture_params setting, the Ruby agent will not attempt to
+  # filter secret information. Recommendation: To filter secret information from
+  # request parameters, use the attributes.include setting instead. For more
+  # information, see the Ruby attribute examples.
   # capture_params: false
 
   # If true, the agent will clear Tracer::State in Agent.drop_buffered_data.
   # clear_transaction_state_after_fork: false
 
+  # The AWS account ID for the AWS account associated with this app
+  # cloud.aws.account_id: nil
+
+  # If true, the agent will report source code level metrics for traced methods.
+  # See:
+  # https://docs.newrelic.com/docs/apm/agents/ruby-agent/features/ruby-codestream-integration/
+  # code_level_metrics.enabled: true
+
   # Path to newrelic.yml. If undefined, the agent checks the following directories
-  # (in order): config/newrelic.yml, newrelic.yml, $HOME/.newrelic/newrelic.yml
-  # and $HOME/newrelic.yml.
+  # (in order):
+  # - config/newrelic.yml
+  # - newrelic.yml
+  # - $HOME/.newrelic/newrelic.yml
+  # - $HOME/newrelic.yml
   # config_path: newrelic.yml
 
-  # If true, enables cross application tracing. Cross application tracing is now
-  # deprecated, and disabled by default. Distributed tracing is replacing cross
-  # application tracing as the default means of tracing between services.
-  # To continue using it, set `cross_application_tracer.enabled: true` and
-  # `distributed_tracing.enabled: false`
-  # cross_application_tracer.enabled: false
-
-  # If false, custom attributes will not be sent on New Relic Insights events.
+  # If false, custom attributes will not be sent on events.
   # custom_attributes.enabled: true
 
-  # If true, the agent captures New Relic Insights custom events.
+  # If true, the agent captures custom events.
   # custom_insights_events.enabled: true
 
-  # Specify a maximum number of custom Insights events to buffer in memory at a
-  # time.
+  # - Specify a maximum number of custom events to buffer in memory at a time.
+  #   - When configuring the agent for AI monitoring, set to max value 100000.
+  # This ensures the agent captures the maximum amount of LLM events.
   # custom_insights_events.max_samples_stored: 3000
 
-  # If false, the agent will not add database_name parameter to transaction or #
+  # If false, the agent will not add database_name parameter to transaction or
   # slow sql traces.
   # datastore_tracer.database_name_reporting.enabled: true
 
   # If false, the agent will not report datastore instance metrics, nor add host
-  # or  port_path_or_id parameters to transaction or slow SQL traces.
+  # or port_path_or_id parameters to transaction or slow SQL traces.
   # datastore_tracer.instance_reporting.enabled: true
 
   # If true, disables Action Cable instrumentation.
   # disable_action_cable_instrumentation: false
 
+  # If true, disables Action Controller instrumentation.
+  # disable_action_controller: false
+
   # If true, disables Action Mailbox instrumentation.
   # disable_action_mailbox: false
 
   # If true, disables Action Mailer instrumentation.
   # disable_action_mailer: false
 
+  # If true, disables Active Record instrumentation.
+  # disable_active_record_instrumentation: false
+
   # If true, disables instrumentation for Active Record 4+
   # disable_active_record_notifications: false
 
@@ -183,15 +295,9 @@ common: &default_settings
   # If true, disables Active Job instrumentation.
   # disable_activejob: false
 
-  # If true, disables Active Record instrumentation.
-  # disable_active_record_instrumentation: false
-
   # If true, the agent won't sample the CPU usage of the host process.
   # disable_cpu_sampler: false
 
-  # If true, disables ActiveSupport custom events instrumentation.
-  # disable_custom_events_instrumentation: false
-
   # If true, the agent won't measure the depth of Delayed Job queues.
   # disable_delayed_job_sampler: false
 
@@ -204,8 +310,16 @@ common: &default_settings
 
   # If true, the agent won't wrap third-party middlewares in instrumentation
   # (regardless of whether they are installed via Rack::Builder or Rails).
+  # 
+  # When middleware instrumentation is disabled, if an application is using
+  # middleware that could alter the response code, the HTTP status code reported
+  # on the transaction may not reflect the altered value.
   # disable_middleware_instrumentation: false
 
+  # If true, disables agent middleware for Roda. This middleware is responsible
+  # for advanced feature support such as page load timing and error collection.
+  # disable_roda_auto_middleware: false
+
   # If true, disables the collection of sampler metrics. Sampler metrics are
   # metrics that are not event-based (such as CPU time or memory usage).
   # disable_samplers: false
@@ -217,8 +331,20 @@ common: &default_settings
   # disable_sidekiq: false
 
   # If true, disables agent middleware for Sinatra. This middleware is responsible
-  # for advanced feature support such as distributed tracing, page load
+  # for advanced feature support such as cross application tracing, page load
   # timing, and error collection.
+  # 
+  # Cross application tracing is deprecated in favor of distributed tracing.
+  # Distributed tracing is on by default for Ruby agent versions 8.0.0 and above.
+  # Middlewares are not required to support distributed tracing.
+  # 
+  # To continue using cross application tracing, update the following options in
+  # your newrelic.yml configuration file:
+  # 
+  # cross_application_tracer:
+  # enabled: true
+  # distributed_tracing:
+  # enabled: false
   # disable_sinatra_auto_middleware: false
 
   # If true, disables view instrumentation.
@@ -227,19 +353,41 @@ common: &default_settings
   # If true, the agent won't sample performance measurements from the Ruby VM.
   # disable_vm_sampler: false
 
-  # Distributed tracing tracks and observes service requests as they flow through distributed systems.
-  # With distributed tracing data, you can quickly pinpoint failures or performance issues and fix them.
+  # Distributed tracing lets you see the path that a request takes through your
+  # distributed system. Enabling distributed tracing changes the behavior of some
+  # New Relic features, so carefully consult the transition guide before you
+  # enable this feature.
   # distributed_tracing.enabled: true
 
+  # This setting controls the behavior of transaction sampling when a remote
+  # parent is not sampled and the trace flag is not set in the traceparent.
+  # Available values are default, always_on, and always_off.
+  # distributed_tracing.sampler.remote_parent_not_sampled: default
+
+  # This setting controls the behavior of transaction sampling when a remote
+  # parent is sampled and the trace flag is set in the traceparent. Available
+  # values are default, always_on, and always_off.
+  # distributed_tracing.sampler.remote_parent_sampled: default
+
+  # If true, the agent captures the Elasticsearch cluster name in transaction
+  # traces.
+  # elasticsearch.capture_cluster_name: true
+
+  # If true, the agent captures Elasticsearch queries in transaction traces.
+  # elasticsearch.capture_queries: true
+
+  # If true, the agent obfuscates Elasticsearch queries in transaction traces.
+  # elasticsearch.obfuscate_queries: true
+
   # If true, the agent captures attributes from error collection.
-  # error_collector.attributes.enabled: false
+  # error_collector.attributes.enabled: true
 
-  # Prefix of attributes to exclude from error collection.
-  # Allows * as wildcard at end.
+  # Prefix of attributes to exclude from error collection. Allows * as wildcard at
+  # end.
   # error_collector.attributes.exclude: []
 
-  # Prefix of attributes to include in error collection.
-  # Allows * as wildcard at end.
+  # Prefix of attributes to include in error collection. Allows * as wildcard at
+  # end.
   # error_collector.attributes.include: []
 
   # If true, the agent collects TransactionError events.
@@ -249,11 +397,13 @@ common: &default_settings
   # error_collector.enabled: true
 
   # A list of error classes that the agent should treat as expected.
+  # This option can't be set via environment variable.
   # error_collector.expected_classes: []
 
   # A map of error classes to a list of messages. When an error of one of the
   # classes specified here occurs, if its error message contains one of the
   # strings corresponding to it here, that error will be treated as expected.
+  # This option can't be set via environment variable.
   # error_collector.expected_messages: {}
 
   # A comma separated list of status codes, possibly including ranges. Errors
@@ -262,38 +412,41 @@ common: &default_settings
   # error_collector.expected_status_codes: ""
 
   # A list of error classes that the agent should ignore.
-  # error_collector.ignore_classes: []
+  # This option can't be set via environment variable.
+  # error_collector.ignore_classes: ["ActionController::RoutingError", "Sinatra::NotFound"]
 
   # A map of error classes to a list of messages. When an error of one of the
   # classes specified here occurs, if its error message contains one of the
   # strings corresponding to it here, that error will be ignored.
-  # error_collector.ignore_messages: ""
+  # This option can't be set via environment variable.
+  # error_collector.ignore_messages: {ThreadError: ["queue empty"]}
 
   # A comma separated list of status codes, possibly including ranges. Errors
   # associated with these status codes, where applicable, will be ignored.
   # error_collector.ignore_status_codes: ""
 
   # Defines the maximum number of frames in an error backtrace. Backtraces over
-  # this amount are truncated at the beginning and end.
+  # this amount are truncated in the middle, preserving the beginning and the end
+  # of the stack trace.
   # error_collector.max_backtrace_frames: 50
 
-  # Defines the maximum number of TransactionError events sent to Insights per
-  # harvest cycle.
+  # Defines the maximum number of TransactionError events reported per harvest
+  # cycle.
   # error_collector.max_event_samples_stored: 100
 
   # Allows newrelic distributed tracing headers to be suppressed on outbound
   # requests.
   # exclude_newrelic_header: false
 
-  # Forces the exit handler that sends all cached data to collector before
-  # shutting down to be installed regardless of detecting scenarios where it
-  # generally should not be. Known use-case for this option is where Sinatra is
-  # running as an embedded service within another framework and the agent is
-  # detecting the Sinatra app and skipping the at_exit handler as a result.
-  # Sinatra classically runs the entire application in an at_exit block and would
-  # otherwise misbehave if the Agent's at_exit handler was also installed in
-  # those circumstances. Note: send_data_on_exit should also be set to true in
-  # tandem with this setting.
+  # The exit handler that sends all cached data to the collector before shutting
+  # down is forcibly installed. This is true even when it detects scenarios where
+  # it generally should not be. The known use case for this option is when Sinatra
+  # runs as an embedded service within another framework. The agent detects the
+  # Sinatra app and skips the at_exit handler as a result. Sinatra classically
+  # runs the entire application in an at_exit block and would otherwise misbehave
+  # if the agent's at_exit handler was also installed in those circumstances.
+  # Note: send_data_on_exit should also be set to true in tandem with this
+  # setting.
   # force_install_exit_handler: false
 
   # Ordinarily the agent reports dyno names with a trailing dot and process ID
@@ -304,174 +457,244 @@ common: &default_settings
   # If true, the agent uses Heroku dyno names as the hostname.
   # heroku.use_dyno_names: true
 
-  # If true, enables high security mode. Ensure that you understand the
-  # implication of enabling high security mode before enabling this setting.
-  # https://docs.newrelic.com/docs/agents/manage-apm-agents/configuration/high-security-mode/
+  # If true, enables high security mode. Ensure you understand the implications of
+  # high security mode before enabling this setting.
   # high_security: false
 
-  # Configures the hostname for the Trace Observer Host. When configured, enables
-  # tail-based sampling by sending all recorded spans to a Trace Observer for
+  # If true (the default), data sent to the trace observer is batched instead of
+  # sending each span individually.
+  # infinite_tracing.batching: true
+
+  # Configure the compression level for data sent to the trace observer. May be
+  # one of: :none, :low, :medium, :high. Set the level to :none to disable
+  # compression.
+  # infinite_tracing.compression_level: high
+
+  # Configures the hostname for the trace observer Host. When configured, enables
+  # tail-based sampling by sending all recorded spans to a trace observer for
   # further sampling decisions, irrespective of any usual agent sampling decision.
   # infinite_tracing.trace_observer.host: ""
 
-  # Configures the TCP/IP port for the Trace Observer Host
+  # Configures the TCP/IP port for the trace observer Host
   # infinite_tracing.trace_observer.port: 443
 
-  # Configure the compression level for data sent to the Trace Observer
-  # May be one of [none|low|medium|high]
-  # 'high' is the default. Set the level to 'none' to disable compression
-  # infinite_tracing.compression_level: high
+  # Controls auto-instrumentation of ActiveSupport::BroadcastLogger at start up.
+  # May be one of: auto, prepend, chain, disabled. Used in Rails versions >= 7.1.
+  # instrumentation.active_support_broadcast_logger: auto
 
-  # If true (the default), data sent to the Trace Observer will be batched
-  # instead of each span being sent individually
-  # infinite_tracing.batching: true
+  # Controls auto-instrumentation of ActiveSupport::Logger at start up. May be one
+  # of: auto, prepend, chain, disabled. Used in Rails versions below 7.1.
+  # instrumentation.active_support_logger: auto
 
-  # Controls auto-instrumentation of bunny at start up.
-  # May be one of [auto|prepend|chain|disabled].
-  # instrumentation.bunny: auto
+  # Controls auto-instrumentation of Async::HTTP at start up. May be one of: auto,
+  # prepend, chain, disabled.
+  # instrumentation.async_http: auto
 
-  # Controls auto-instrumentation of Fiber at start up.
-  # May be one of [auto|prepend|chain|disabled]
-  # instrumentation.fiber: auto
+  # Controls auto-instrumentation of the aws-sdk-firehose library at start-up. May
+  # be one of auto, prepend, chain, disabled.
+  # instrumentation.aws_sdk_firehose: auto
+
+  # Controls auto-instrumentation of the aws-sdk-kinesis library at start-up. May
+  # be one of auto, prepend, chain, disabled.
+  # instrumentation.aws_sdk_kinesis: auto
+
+  # Controls auto-instrumentation of the aws_sdk_lambda library at start-up. May
+  # be one of auto, prepend, chain, disabled.
+  # instrumentation.aws_sdk_lambda: auto
 
-  # Controls auto-instrumentation of concurrent_ruby at start up.
-  # May be one of [auto|prepend|chain|disabled]
+  # Controls auto-instrumentation of the aws-sdk-sqs library at start-up. May be
+  # one of: auto, prepend, chain, disabled.
+  # instrumentation.aws_sqs: auto
+
+  # Controls auto-instrumentation of bunny at start-up. May be one of: auto,
+  # prepend, chain, disabled.
+  # instrumentation.bunny: auto
+
+  # Controls auto-instrumentation of the concurrent-ruby library at start-up. May
+  # be one of: auto, prepend, chain, disabled.
   # instrumentation.concurrent_ruby: auto
 
-  # Controls auto-instrumentation of Curb at start up.
-  # May be one of [auto|prepend|chain|disabled].
+  # Controls auto-instrumentation of Curb at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.curb: auto
 
-  # Controls auto-instrumentation of Delayed Job at start up.
-  # May be one of [auto|prepend|chain|disabled].
+  # Controls auto-instrumentation of Delayed Job at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.delayed_job: auto
 
-  # Controls auto-instrumentation of the elasticsearch library at start up.
-  # May be one of [auto|prepend|chain|disabled].
+  # Controls auto-instrumentation of the aws-sdk-dynamodb library at start-up. May
+  # be one of auto, prepend, chain, disabled.
+  # instrumentation.dynamodb: auto
+
+  # Controls auto-instrumentation of the elasticsearch library at start-up. May be
+  # one of: auto, prepend, chain, disabled.
   # instrumentation.elasticsearch: auto
 
-  # Controls auto-instrumentation of Excon at start up.
-  # May be one of [enabled|disabled].
-  # instrumentation.excon: auto
+  # Controls auto-instrumentation of ethon at start up. May be one of auto,
+  # prepend, chain, disabled
+  # instrumentation.ethon: auto
+
+  # Controls auto-instrumentation of Excon at start-up. May be one of: enabled,
+  # disabled.
+  # instrumentation.excon: enabled
+
+  # Controls auto-instrumentation of the Fiber class at start-up. May be one of:
+  # auto, prepend, chain, disabled.
+  # instrumentation.fiber: auto
 
-  # Controls auto-instrumentation of Grape at start up.
-  # May be one of [auto|prepend|chain|disabled].
+  # Controls auto-instrumentation of Grape at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.grape: auto
 
-  # Controls auto-instrumentation of HTTPClient at start up.
-  # May be one of [auto|prepend|chain|disabled].
+  # Specifies a list of hostname patterns separated by commas that will match gRPC
+  # hostnames that traffic is to be ignored by New Relic for. New Relic's gRPC
+  # client instrumentation will ignore traffic streamed to a host matching any of
+  # these patterns, and New Relic's gRPC server instrumentation will ignore
+  # traffic for a server running on a host whose hostname matches any of these
+  # patterns. By default, no traffic is ignored when gRPC instrumentation is
+  # itself enabled. For example, "private.com$,exception.*"
+  # instrumentation.grpc.host_denylist: []
+
+  # Controls auto-instrumentation of gRPC clients at start-up. May be one of:
+  # auto, prepend, chain, disabled.
+  # instrumentation.grpc_client: auto
+
+  # Controls auto-instrumentation of gRPC servers at start-up. May be one of:
+  # auto, prepend, chain, disabled.
+  # instrumentation.grpc_server: auto
+
+  # Controls auto-instrumentation of HTTPClient at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.httpclient: auto
 
-  # Controls auto-instrumentation of http.rb gem at start up.
-  # May be one of [auto|prepend|chain|disabled].
+  # Controls auto-instrumentation of http.rb gem at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.httprb: auto
 
-  # Controls auto-instrumentation of the Ruby standard library Logger.rb.
-  # May be one of [auto|prepend|chain|disabled].
-  # instrumentation.logger: auto
+  # Controls auto-instrumentation of httpx at start up. May be one of auto,
+  # prepend, chain, disabled
+  # instrumentation.httpx: auto
 
-  # Controls auto-instrumentation of ActiveSupport::Logger at start up.
-  # May be one of [auto|prepend|chain|disabled].
-  # instrumentation.active_support.logger: auto
+  # Controls auto-instrumentation of Ruby standard library Logger at start-up. May
+  # be one of: auto, prepend, chain, disabled.
+  # instrumentation.logger: auto
 
-  # Controls auto-instrumentation of memcache-client gem for Memcache at start up.
-  # May be one of [auto|prepend|chain|disabled].
-  # instrumentation.memcache_client: auto
+  # Controls auto-instrumentation of the LogStasher library at start-up. May be
+  # one of: auto, prepend, chain, disabled.
+  # instrumentation.logstasher: auto
 
-  # Controls auto-instrumentation of dalli gem for Memcache at start up.
-  # May be one of [auto|prepend|chain|disabled].
+  # Controls auto-instrumentation of dalli gem for Memcache at start-up. May be
+  # one of: auto, prepend, chain, disabled.
   # instrumentation.memcache: auto
 
-  # Controls auto-instrumentation of memcached gem for Memcache at start up.
-  # May be one of [auto|prepend|chain|disabled].
+  # Controls auto-instrumentation of memcache-client gem for Memcache at start-up.
+  # May be one of: auto, prepend, chain, disabled.
+  # instrumentation.memcache_client: auto
+
+  # Controls auto-instrumentation of memcached gem for Memcache at start-up. May
+  # be one of: auto, prepend, chain, disabled.
   # instrumentation.memcached: auto
 
-  # Controls auto-instrumentation of Mongo at start up.
-  # May be one of [enabled|disabled].
-  # instrumentation.mongo: auto
+  # Controls auto-instrumentation of Mongo at start-up. May be one of: enabled,
+  # disabled.
+  # instrumentation.mongo: enabled
 
-  # Controls auto-instrumentation of Net::HTTP at start up.
-  # May be one of [auto|prepend|chain|disabled].
+  # Controls auto-instrumentation of Net::HTTP at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.net_http: auto
 
-  # Controls auto-instrumentation of Puma::Rack::URLMap at start up.
-  # May be one of [auto|prepend|chain|disabled].
-  # instrumentation.puma_rack_urlmap: auto
+  # Controls auto-instrumentation of the opensearch-ruby library at start-up. May
+  # be one of auto, prepend, chain, disabled.
+  # instrumentation.opensearch: auto
 
   # Controls auto-instrumentation of Puma::Rack. When enabled, the agent hooks
   # into the to_app method in Puma::Rack::Builder to find gems to instrument
-  # during application startup. May be one of [auto|prepend|chain|disabled].
+  # during application startup. May be one of: auto, prepend, chain, disabled.
   # instrumentation.puma_rack: auto
 
-  # Controls auto-instrumentation of Rack::URLMap at start up.
-  # May be one of [auto|prepend|chain|disabled].
-  # instrumentation.rack_urlmap: auto
+  # Controls auto-instrumentation of Puma::Rack::URLMap at start-up. May be one
+  # of: auto, prepend, chain, disabled.
+  # instrumentation.puma_rack_urlmap: auto
 
   # Controls auto-instrumentation of Rack. When enabled, the agent hooks into the
   # to_app method in Rack::Builder to find gems to instrument during application
-  # startup. May be one of [auto|prepend|chain|disabled].
+  # startup. May be one of: auto, prepend, chain, disabled.
   # instrumentation.rack: auto
 
-  # Controls auto-instrumentation of rake at start up.
-  # May be one of [auto|prepend|chain|disabled].
+  # Controls auto-instrumentation of Rack::URLMap at start-up. May be one of:
+  # auto, prepend, chain, disabled.
+  # instrumentation.rack_urlmap: auto
+
+  # Controls auto-instrumentation of rake at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.rake: auto
 
-  # Controls auto-instrumentation of Redis at start up.
-  # May be one of [auto|prepend|chain|disabled].
+  # Controls auto-instrumentation of the rdkafka library at start-up. May be one
+  # of auto, prepend, chain, disabled.
+  # instrumentation.rdkafka: auto
+
+  # Controls auto-instrumentation of Redis at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.redis: auto
 
-  # Controls auto-instrumentation of resque at start up.
-  # May be one of [auto|prepend|chain|disabled].
+  # Controls auto-instrumentation of resque at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.resque: auto
 
-  # Controls auto-instrumentation of Sinatra at start up.
-  # May be one of [auto|prepend|chain|disabled].
-  # instrumentation.sinatra: auto
+  # Controls auto-instrumentation of Roda at start-up. May be one of: auto,
+  # prepend, chain, disabled.
+  # instrumentation.roda: auto
 
-  # Controls auto-instrumentation of Tilt at start up.
-  # May be one of [auto|prepend|chain|disabled].
-  # instrumentation.tilt: auto
+  # Controls auto-instrumentation of the ruby-kafka library at start-up. May be
+  # one of auto, prepend, chain, disabled.
+  # instrumentation.ruby_kafka: auto
 
-  # Controls auto-instrumentation of Typhoeus at start up.
-  # May be one of [auto|prepend|chain|disabled].
-  # instrumentation.typhoeus: auto
+  # Controls auto-instrumentation of the ruby-openai gem at start-up. May be one
+  # of: auto, prepend, chain, disabled. Defaults to disabled in high security
+  # mode.
+  # instrumentation.ruby_openai: auto
 
-  # Controls auto-instrumentation of the Thread class at start up to allow the agent to correctly nest spans inside of an asynchronous transaction.
-  # May be one of [auto|prepend|chain|disabled].
+  # Controls auto-instrumentation of Sinatra at start-up. May be one of: auto,
+  # prepend, chain, disabled.
+  # instrumentation.sinatra: auto
+
+  # Controls auto-instrumentation of Stripe at startup. May be one of: enabled,
+  # disabled.
+  # instrumentation.stripe: enabled
+
+  # Controls auto-instrumentation of the Thread class at start-up to allow the
+  # agent to correctly nest spans inside of an asynchronous transaction. This does
+  # not enable the agent to automatically trace all threads created (see
+  # instrumentation.thread.tracing). May be one of: auto, prepend, chain,
+  # disabled.
   # instrumentation.thread: auto
 
-  # Controls auto-instrumentation of the Thread class at start up to automatically add tracing to all Threads created in the application.
+  # Controls auto-instrumentation of the Thread class at start-up to automatically
+  # add tracing to all Threads created in the application.
   # instrumentation.thread.tracing: true
 
-  # Controls auto-instrumentation of gRPC clients at start up.
-  # May be one of [auto|prepend|chain|disabled].
-  # instrumentation.grpc_client: auto
+  # Controls auto-instrumentation of the Tilt template rendering library at
+  # start-up. May be one of: auto, prepend, chain, disabled.
+  # instrumentation.tilt: auto
 
-  # Controls auto-instrumentation of gRPC servers at start up.
-  # May be one of [auto|prepend|chain|disabled].
-  # instrumentation.grpc_server: auto
+  # Controls auto-instrumentation of Typhoeus at start-up. May be one of: auto,
+  # prepend, chain, disabled.
+  # instrumentation.typhoeus: auto
 
-  # Specifies a list of hostname patterns separated by commas that will match
-  # gRPC hostnames that traffic is to be ignored by New Relic for.
-  # New Relic's gRPC client instrumentation will ignore traffic streamed to a
-  # host matching any of these patterns, and New Relic's gRPC server
-  # instrumentation will ignore traffic for a server running on a host whose
-  # hostname matches any of these patterns. By default, no traffic is ignored
-  # when gRPC instrumentation is itself enabled.
-  # For example, "private.com$,exception.*"
-  # instrumentation.grpc.host_denylist: ""
+  # Controls auto-instrumentation of ViewComponent at startup. May be one of:
+  # auto, prepend, chain, disabled.
+  # instrumentation.view_component: auto
 
   # A dictionary of label names and values that will be applied to the data sent
   # from this agent. May also be expressed as a semicolon-delimited ; string of
-  # colon-separated : pairs.
-  # For example,<var>Server</var>:<var>One</var>;<var>Data Center</var>:<var>Primary</var>.
+  # colon-separated : pairs. For example, Server:One;Data Center:Primary.
   # labels: ""
 
   # Defines a name for the log file.
-  # log_file_name: "newrelic_agent.log"
+  # log_file_name: newrelic_agent.log
 
   # Defines a path to the agent log file, excluding the filename.
-  # log_file_path: "log/"
+  # log_file_path: log/
 
   # Specifies a marshaller for transmitting data to the New Relic collector.
   # Currently json is the only valid value for this setting.
@@ -487,22 +710,21 @@ common: &default_settings
   # If true, the agent obfuscates Mongo queries in transaction traces.
   # mongo.obfuscate_queries: true
 
-  # If true, the agent captures Elasticsearch queries in transaction traces.
-  # elasticsearch.capture_queries: true
-
-  # If true, the agent obfuscates Elasticsearch queries in transaction traces.
-  # elasticsearch.obfuscate_queries: true
-
   # When true, the agent transmits data about your app to the New Relic collector.
   # monitor_mode: true
 
-  # If true, uses Module#prepend rather than alias_method for Active Record
+  # If true, the agent captures OpenSearch queries in transaction traces.
+  # opensearch.capture_queries: true
+
+  # If true, the agent obfuscates OpenSearch queries in transaction traces.
+  # opensearch.obfuscate_queries: true
+
+  # If true, uses Module#prepend rather than alias_method for ActiveRecord
   # instrumentation.
   # prepend_active_record_instrumentation: false
 
-  # Specify a custom host name for display in the New Relic UI
-  # Be be aware that you cannot rename a hostname, so please rename
-  # process_host.display_name: "default hostname"
+  # Specify a custom host name for display in the New Relic UI.
+  # process_host.display_name: default hostname
 
   # Defines a host for communicating with the New Relic collector via a proxy
   # server.
@@ -514,7 +736,7 @@ common: &default_settings
 
   # Defines a port for communicating with the New Relic collector via a proxy
   # server.
-  # proxy_port: nil
+  # proxy_port: 8080
 
   # Defines a user for communicating with the New Relic collector via a proxy
   # server.
@@ -523,15 +745,16 @@ common: &default_settings
   # Timeout for waiting on connect to complete before a rake task
   # rake.connect_timeout: 10
 
-  # Specify an array of Rake tasks to automatically instrument.
-  # This configuration option converts the Array to a RegEx list.
-  # If you'd like to allow all tasks by default, use `rake.tasks: [.+]`.
-  # Rake tasks will not be instrumented unless they're added to this list.
-  # For more information, visit the (New Relic Rake Instrumentation docs)[/docs/apm/agents/ruby-agent/background-jobs/rake-instrumentation].
+  # Specify an Array of Rake tasks to automatically instrument. This configuration
+  # option converts the Array to a RegEx list. If you'd like to allow all tasks by
+  # default, use rake.tasks: [.+]. No rake tasks will be instrumented unless
+  # they're added to this list. For more information, visit the New Relic Rake
+  # Instrumentation docs.
   # rake.tasks: []
 
   # Define transactions you want the agent to ignore, by specifying a list of
-  # patterns matching the URI you want to ignore.
+  # patterns matching the URI you want to ignore. For more detail, see the docs on
+  # ignoring specific transactions.
   # rules.ignore_url_regexes: []
 
   # Applies Language Agent Security Policy settings.
@@ -541,33 +764,54 @@ common: &default_settings
   # before shutting down.
   # send_data_on_exit: true
 
+  # If true, the agent will operate in a streamlined mode suitable for use with
+  # short-lived serverless functions. NOTE: Only AWS Lambda functions are
+  # supported currently and this option isn't intended for use without New Relic's
+  # Ruby Lambda layer offering.
+  # serverless_mode.enabled: false
+
+  # An array of strings that will collectively serve as a denylist for filtering
+  # which Sidekiq job arguments get reported to New Relic. To capture any Sidekiq
+  # arguments, 'job.sidekiq.args.*' must be added to the separate
+  # :'attributes.include' configuration option. Each string in this array will be
+  # turned into a regular expression via Regexp.new to permit advanced matching.
+  # For job argument hashes, if either a key or value matches the pair will be
+  # excluded. All matching job argument array elements and job argument scalars
+  # will be excluded.
+  # sidekiq.args.exclude: []
+
+  # An array of strings that will collectively serve as an allowlist for filtering
+  # which Sidekiq job arguments get reported to New Relic. To capture any Sidekiq
+  # arguments, 'job.sidekiq.args.*' must be added to the separate
+  # :'attributes.include' configuration option. Each string in this array will be
+  # turned into a regular expression via Regexp.new to permit advanced matching.
+  # For job argument hashes, if either a key or value matches the pair will be
+  # included. All matching job argument array elements and job argument scalars
+  # will be included.
+  # sidekiq.args.include: []
+
   # If true, the agent collects slow SQL queries.
-  # slow_sql.enabled: false
+  # slow_sql.enabled: true
 
   # If true, the agent collects explain plans in slow SQL queries. If this setting
-  # is omitted, the transaction_tracer.explain.enabled setting will be applied as
+  # is omitted, the transaction_tracer.explain_enabled setting will be applied as
   # the default setting for explain plans in slow SQL as well.
-  # slow_sql.explain_enabled: false
+  # slow_sql.explain_enabled: true
 
   # Specify a threshold in seconds. The agent collects slow SQL queries and
   # explain plans that exceed this threshold.
-  # slow_sql.explain_threshold: 1.0
+  # slow_sql.explain_threshold: 0.5
 
-  # Defines an obfuscation level for slow SQL queries.
-  # Valid options are obfuscated, raw, or none.
-  # slow_sql.record_sql: none
+  # Defines an obfuscation level for slow SQL queries. Valid options are
+  # obfuscated, raw, or none.
+  # slow_sql.record_sql: obfuscated
 
   # Generate a longer sql_id for slow SQL traces. sql_id is used for aggregation
   # of similar queries.
   # slow_sql.use_longer_sql_id: false
 
   # If true, the agent captures attributes on span events.
-  # span_events_attributes.enabled: true
-
-  # Defines the maximum number of span events reported from a single harvest.
-  # This can be any integer between 1 and 10000. Increasing this value may impact
-  # memory usage.
-  # span_events.max_samples_stored: 2000
+  # span_events.attributes.enabled: true
 
   # Prefix of attributes to exclude from span events. Allows * as wildcard at end.
   # span_events.attributes.exclude: []
@@ -578,6 +822,12 @@ common: &default_settings
   # If true, enables span event sampling.
   # span_events.enabled: true
 
+  # - Defines the maximum number of span events reported from a single harvest.
+  # Any Integer between 1 and 10000 is valid.'
+  #   - When configuring the agent for AI monitoring, set to max value 10000.This
+  # ensures the agent captures the maximum amount of distributed traces.
+  # span_events.max_samples_stored: 2000
+
   # Sets the maximum number of span events to buffer when streaming to the trace
   # observer.
   # span_events.queue_size: 10000
@@ -588,13 +838,36 @@ common: &default_settings
   # strip_exception_messages.allowed_classes: ""
 
   # If true, the agent strips messages from all exceptions except those in the
-  # allowlist. Enabled automatically in high security mode.
-  # strip_exception_messages.enabled: true
+  # allowed classes list. Enabled automatically in high security mode.
+  # strip_exception_messages.enabled: false
+
+  # An array of strings to specify which keys and/or values inside a Stripe
+  # event's user_data hash should
+  # not be reported to New Relic. Each string in this array will be turned into a
+  # regular expression via
+  # Regexp.new to permit advanced matching. For each hash pair, if either the key
+  # or value is matched the pair
+  # isn't reported. By default, no user_data is reported. Use this option only if
+  # the
+  # stripe.user_data.include option is also used.
+  # stripe.user_data.exclude: []
+
+  # An array of strings to specify which keys inside a Stripe event's user_data
+  # hash should be reported
+  # to New Relic. Each string in this array will be turned into a regular
+  # expression via Regexp.new to
+  # enable advanced matching. Setting the value to ["."] will report all
+  # user_data.
+  # stripe.user_data.include: []
 
   # When set to true, forces a synchronous connection to the New Relic collector
-  # during application startup. For very short-lived processes, this helps ensure # the New Relic agent has time to report.
+  # during application startup. For very short-lived processes, this helps ensure
+  # the New Relic agent has time to report.
   # sync_startup: false
 
+  # If true, tracer state storage is thread-local, otherwise, fiber-local
+  # thread_local_tracer_state: false
+
   # If true, enables use of the thread profiler.
   # thread_profiler.enabled: false
 
@@ -603,50 +876,57 @@ common: &default_settings
   # timeout: 120
 
   # If true, the agent captures attributes from transaction events.
-  # transaction_events_attributes.enabled: false
+  # transaction_events.attributes.enabled: true
 
-  # Prefix of attributes to exclude from transaction events.
-  # Allows * as wildcard at end.
+  # Prefix of attributes to exclude from transaction events. Allows * as wildcard
+  # at end.
   # transaction_events.attributes.exclude: []
 
-  # Prefix of attributes to include in transaction events.
-  # Allows * as wildcard at end.
+  # Prefix of attributes to include in transaction events. Allows * as wildcard at
+  # end.
   # transaction_events.attributes.include: []
 
+  # If true, enables transaction event sampling.
+  # transaction_events.enabled: true
+
+  # Defines the maximum number of transaction events reported from a single
+  # harvest.
+  # transaction_events.max_samples_stored: 1200
+
   # If true, the agent captures attributes on transaction segments.
-  # transaction_segments_attributes.enabled: true
+  # transaction_segments.attributes.enabled: true
 
-  # Prefix of attributes to exclude from transaction segments.
-  # Allows * as wildcard at end.
+  # Prefix of attributes to exclude from transaction segments. Allows * as
+  # wildcard at end.
   # transaction_segments.attributes.exclude: []
 
-  # Prefix of attributes to include on transaction segments.
-  # Allows * as wildcard at end.
+  # Prefix of attributes to include on transaction segments. Allows * as wildcard
+  # at end.
   # transaction_segments.attributes.include: []
 
   # If true, the agent captures attributes from transaction traces.
-  # transaction_tracer.attributes.enabled: false
+  # transaction_tracer.attributes.enabled: true
 
-  # Prefix of attributes to exclude from transaction traces.
-  # Allows * as wildcard at end.
+  # Prefix of attributes to exclude from transaction traces. Allows * as wildcard
+  # at end.
   # transaction_tracer.attributes.exclude: []
 
-  # Prefix of attributes to include in transaction traces.
-  # Allows * as wildcard at end.
+  # Prefix of attributes to include in transaction traces. Allows * as wildcard at
+  # end.
   # transaction_tracer.attributes.include: []
 
   # If true, enables collection of transaction traces.
   # transaction_tracer.enabled: true
 
+  # If true, enables the collection of explain plans in transaction traces. This
+  # setting will also apply to explain plans in slow SQL traces if
+  # slow_sql.explain_enabled isn't set separately.
+  # transaction_tracer.explain_enabled: true
+
   # Threshold (in seconds) above which the agent will collect explain plans.
-  # Relevant only when explain.enabled is true.
+  # Relevant only when explain_enabled is true.
   # transaction_tracer.explain_threshold: 0.5
 
-  # If true, enables the collection of explain plans in transaction traces.
-  # This setting will also apply to explain plans in slow SQL traces if
-  # slow_sql.explain enabled is not set separately.
-  # transaction_tracer.explain.enabled:  true
-
   # Maximum number of transaction trace nodes to record in a single transaction
   # trace.
   # transaction_tracer.limit_segments: 4000
@@ -656,11 +936,12 @@ common: &default_settings
 
   # Obfuscation level for SQL queries reported in transaction trace nodes.
   # By default, this is set to obfuscated, which strips out the numeric and string
-  # literals. If you do not want the agent to capture query information, set this
-  # to 'none'. If you want the agent to capture all query information in its
-  # original form, set this to 'raw'. When you enable high security mode this is
-  # automatically set to 'obfuscated'
-  # transaction_tracer.record_sql: 'obfuscated'
+  # literals.
+  # - If you do not want the agent to capture query information, set this to none.
+  # - If you want the agent to capture all query information in its original form,
+  # set this to raw.
+  # - When you enable high security mode, this is automatically set to obfuscated.
+  # transaction_tracer.record_sql: obfuscated
 
   # Specify a threshold in seconds. The agent includes stack traces in transaction
   # trace nodes when the stack trace duration exceeds this threshold.
@@ -689,9 +970,134 @@ common: &default_settings
   # If true, the agent automatically detects that it is running in Kubernetes.
   # utilization.detect_kubernetes: true
 
-  # If true, the agent automatically detects that it is running in a Pivotal Cloud Foundry environment.
+  # If true, the agent automatically detects that it is running in a Pivotal Cloud
+  # Foundry environment.
   # utilization.detect_pcf: true
 
+  # BEGIN security agent
+  #
+  #   NOTE: At this time, the security agent is intended for use only within
+  #         a dedicated security testing environment with data that can tolerate
+  #         modification or deletion. The security agent is available as a
+  #         separate Ruby gem, newrelic_security. It is recommended that this
+  #         separate gem only be introduced to a security testing environment
+  #         by leveraging Bundler grouping like so:
+  #
+  #         # Gemfile
+  #         gem 'newrelic_rpm'               # New Relic APM observability agent
+  #         gem 'newrelic-infinite_tracing'  # New Relic Infinite Tracing
+  #
+  #         group :security do
+  #           gem 'newrelic_security', require: false # New Relic security agent
+  #         end
+  #
+  #   NOTE: All "security.*" configuration parameters are related only to the
+  #         security agent, and all other configuration parameters that may
+  #         have "security" in the name somewhere are related to the APM agent.
+  
+  # If true, the security agent is loaded (a Ruby 'require' is performed)
+  # security.agent.enabled: false
+
+  # The port the application is listening on. This setting is mandatory for
+  # Passenger servers. The agent detects other servers by default.
+  # security.application_info.port: nil
+
+  # If true, the security agent is started (the agent runs in its event loop)
+  # security.enabled: false
+
+  # Defines API paths the security agent should ignore in IAST scans. Accepts an
+  # array of regex patterns matching the URI to ignore. The regex pattern should
+  # find a complete match for the URL without the endpoint. For example,
+  # [".*account.*"], [".*/\api\/v1\/.*?\/login"]
+  # security.exclude_from_iast_scan.api: []
+
+  # An array of HTTP request body keys the security agent should ignore in IAST
+  # scans.
+  # security.exclude_from_iast_scan.http_request_parameters.body: []
+
+  # An array of HTTP request headers the security agent should ignore in IAST
+  # scans. The array should specify a list of patterns matching the headers to
+  # ignore.
+  # security.exclude_from_iast_scan.http_request_parameters.header: []
+
+  # An array of HTTP request query parameters the security agent should ignore in
+  # IAST scans. The array should specify a list of patterns matching the HTTP
+  # request query parameters to ignore.
+  # security.exclude_from_iast_scan.http_request_parameters.query: []
+
+  # If true, disables system command injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.command_injection: false
+
+  # If true, disables the detection of low-severity insecure settings. For
+  # example, hash, crypto, cookie, random generators, trust boundary).
+  # security.exclude_from_iast_scan.iast_detection_category.insecure_settings: false
+
+  # If true, disables file operation-related IAST detections (File Access &
+  # Application integrity violation)
+  # security.exclude_from_iast_scan.iast_detection_category.invalid_file_access: false
+
+  # If true, disables Javascript injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.javascript_injection: false
+
+  # If true, disables LDAP injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.ldap_injection: false
+
+  # If true, disables NOSQL injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.nosql_injection: false
+
+  # If true, disables Reflected Cross-Site Scripting (RXSS) detection in IAST
+  # scans.
+  # security.exclude_from_iast_scan.iast_detection_category.rxss: false
+
+  # If true, disables SQL injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.sql_injection: false
+
+  # If true, disables Sever-Side Request Forgery (SSRF) detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.ssrf: false
+
+  # If true, disables XPATH injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.xpath_injection: false
+
+  # A unique test identifier when runnning IAST in a CI/CD environment to
+  # differentiate between different test runs. For example, a build number.
+  # security.iast_test_identifier: nil
+
+  # Defines the mode for the security agent to operate in. Currently only IAST is
+  # supported
+  # security.mode: IAST
+
+  # Sets the maximum number of HTTP requests allowed for the IAST scan per minute.
+  # Any Integer between 12 and 3600 is valid. The default value is 3600.
+  # security.scan_controllers.iast_scan_request_rate_limit: 3600
+
+  # If true, enables the sending of HTTP responses bodies. Disabling this also
+  # disables Reflected Cross-Site Scripting (RXSS) vulnerability detection.
+  # security.scan_controllers.report_http_response_body: true
+
+  # The number of application instances for a specific entity to perform IAST
+  # analysis on.
+  # security.scan_controllers.scan_instance_count: 0
+
+  # If true, allows IAST to continuously gather trace data in the background. The
+  # security agent uses collected data to perform an IAST scan at the scheduled
+  # time.
+  # security.scan_schedule.always_sample_traces: false
+
+  # Specifies the delay time (in minutes) before the IAST scan begins after the
+  # application starts.
+  # security.scan_schedule.delay: 0
+
+  # Indicates the duration (in minutes) for which the IAST scan will be performed.
+  # security.scan_schedule.duration: 0
+
+  # Specifies a cron expression that sets when the IAST scan should run.
+  # security.scan_schedule.schedule: ""
+
+  # Defines the endpoint URL for posting security-related data
+  # security.validator_service_url: wss://csec.nr-data.net
+
+  # END security agent
+
 # Environment-specific settings are in this section.
 # RAILS_ENV or RACK_ENV (as appropriate) is used to determine the environment.
 # If your application has other named environments, configure them here.