newrelic_rpm 9.11.0 → 9.13.0

data/newrelic.yml

@@ -26,16 +26,16 @@ common: &default_settings
   # All of the following configuration options are optional. Review them, and
   # uncomment or edit them if they appear relevant to your application needs.
 
-  # An array of ActiveSupport custom event names to subscribe to and instrument. For
-  # example,
+  # An array of ActiveSupport custom event names to subscribe to and instrument.
+  # For example,
   # - one.custom.event
   # - another.event
   # - a.third.event
   # active_support_custom_events_names: []
 
-  # If false, all LLM instrumentation (OpenAI only for now) will be disabled and no
-  # metrics, events, or spans will be sent. AI Monitoring is automatically disabled
-  # if high_security mode is enabled.
+  # If false, all LLM instrumentation (OpenAI only for now) will be disabled and
+  # no metrics, events, or spans will be sent. AI Monitoring is automatically
+  # disabled if high_security mode is enabled.
   # ai_monitoring.enabled: false
 
   # If false, LLM instrumentation (OpenAI only for now) will not capture input and
@@ -43,23 +43,23 @@ common: &default_settings
   # The excluded attributes include:
   # * content from LlmChatCompletionMessage events
   # * input from LlmEmbedding events
-  # This is an optional security setting to prevent recording sensitive data sent to
-  # and received from your LLMs.
+  # This is an optional security setting to prevent recording sensitive data sent
+  # to and received from your LLMs.
   # ai_monitoring.record_content.enabled: true
 
   # If true, enables capture of all HTTP request headers for all destinations.
   # allow_all_headers: false
 
-  # Your New Relic userKey. Required when using the New Relic REST API v2 to record
-  # deployments using the newrelic deployments command.
+  # Your New Relic userKey. Required when using the New Relic REST API v2 to
+  # record deployments using the newrelic deployments command.
   # api_key: ""
 
   # If true, enables log decoration and the collection of log events and metrics.
   # application_logging.enabled: true
 
   # A hash with key/value pairs to add as custom attributes to all log events
-  # forwarded to New Relic. If sending using an environment variable, the value must
-  # be formatted like: "key1=value1,key2=value2"
+  # forwarded to New Relic. If sending using an environment variable, the value
+  # must be formatted like: "key1=value1,key2=value2"
   # application_logging.forwarding.custom_attributes: {}
 
   # If true, the agent captures log records emitted by your application.
@@ -126,16 +126,16 @@ common: &default_settings
   # instrument. For example, "assets:precompile,db:migrate".
   # autostart.denylisted_rake_tasks: about,assets:clean,assets:clobber,assets:environment,assets:precompile,assets:precompile:all,db:create,db:drop,db:fixtures:load,db:migrate,db:migrate:status,db:rollback,db:schema:cache:clear,db:schema:cache:dump,db:schema:dump,db:schema:load,db:seed,db:setup,db:structure:dump,db:version,doc:app,log:clear,middleware,notes,notes:custom,rails:template,rails:update,routes,secret,spec,spec:features,spec:requests,spec:controllers,spec:helpers,spec:models,spec:views,spec:routing,spec:rcov,stats,test,test:all,test:all:db,test:recent,test:single,test:uncommitted,time:zones:all,tmp:clear,tmp:create,webpacker:compile
 
-  # Backports the faster ActiveRecord connection lookup introduced in Rails 6, which
-  # improves agent performance when instrumenting ActiveRecord. Note that this
-  # setting may not be compatible with other gems that patch ActiveRecord.
+  # Backports the faster ActiveRecord connection lookup introduced in Rails 6,
+  # which improves agent performance when instrumenting ActiveRecord. Note that
+  # this setting may not be compatible with other gems that patch ActiveRecord.
   # backport_fast_active_record_connection_lookup: false
 
   # If true, the agent captures attributes from browser monitoring.
   # browser_monitoring.attributes.enabled: false
 
-  # Prefix of attributes to exclude from browser monitoring. Allows * as wildcard at
-  # end.
+  # Prefix of attributes to exclude from browser monitoring. Allows * as wildcard
+  # at end.
   # browser_monitoring.attributes.exclude: []
 
   # Prefix of attributes to include in browser monitoring. Allows * as wildcard at
@@ -160,17 +160,17 @@ common: &default_settings
 
   # When true, the agent captures HTTP request parameters and attaches them to
   # transaction traces, traced errors, and TransactionError events.
-  # When using the capture_params setting, the Ruby agent will not attempt to filter
-  # secret information. Recommendation: To filter secret information from request
-  # parameters, use the attributes.include setting instead. For more information,
-  # see the Ruby attribute examples.
+  # When using the capture_params setting, the Ruby agent will not attempt to
+  # filter secret information. Recommendation: To filter secret information from
+  # request parameters, use the attributes.include setting instead. For more
+  # information, see the Ruby attribute examples.
   # capture_params: false
 
   # If true, the agent will clear Tracer::State in Agent.drop_buffered_data.
   # clear_transaction_state_after_fork: false
 
   # If true, the agent will report source code level metrics for traced methods.
-  # see:
+  # See:
   # https://docs.newrelic.com/docs/apm/agents/ruby-agent/features/ruby-codestream-integration/
   # code_level_metrics.enabled: true
 
@@ -188,17 +188,17 @@ common: &default_settings
   # If true, the agent captures custom events.
   # custom_insights_events.enabled: true
 
-  # * Specify a maximum number of custom events to buffer in memory at a time.'
+  # * Specify a maximum number of custom events to buffer in memory at a time.
   # * When configuring the agent for AI monitoring, set to max value 100000. This
   # ensures the agent captures the maximum amount of LLM events.
   # custom_insights_events.max_samples_stored: 3000
 
-  # If false, the agent will not add database_name parameter to transaction or slow
-  # sql traces.
+  # If false, the agent will not add database_name parameter to transaction or
+  # slow sql traces.
   # datastore_tracer.database_name_reporting.enabled: true
 
-  # If false, the agent will not report datastore instance metrics, nor add host or
-  # port_path_or_id parameters to transaction or slow SQL traces.
+  # If false, the agent will not report datastore instance metrics, nor add host
+  # or port_path_or_id parameters to transaction or slow SQL traces.
   # datastore_tracer.instance_reporting.enabled: true
 
   # If true, disables Action Cable instrumentation.
@@ -244,16 +244,16 @@ common: &default_settings
   # If true, the agent won't wrap third-party middlewares in instrumentation
   # (regardless of whether they are installed via Rack::Builder or Rails).
   # When middleware instrumentation is disabled, if an application is using
-  # middleware that could alter the response code, the HTTP status code reported on
-  # the transaction may not reflect the altered value.
+  # middleware that could alter the response code, the HTTP status code reported
+  # on the transaction may not reflect the altered value.
   # disable_middleware_instrumentation: false
 
-  # If true, disables agent middleware for Roda. This middleware is responsible for
-  # advanced feature support such as page load timing and error collection.
+  # If true, disables agent middleware for Roda. This middleware is responsible
+  # for advanced feature support such as page load timing and error collection.
   # disable_roda_auto_middleware: false
 
-  # If true, disables the collection of sampler metrics. Sampler metrics are metrics
-  # that are not event-based (such as CPU time or memory usage).
+  # If true, disables the collection of sampler metrics. Sampler metrics are
+  # metrics that are not event-based (such as CPU time or memory usage).
   # disable_samplers: false
 
   # If true, disables Sequel instrumentation.
@@ -287,8 +287,8 @@ common: &default_settings
 
   # Distributed tracing lets you see the path that a request takes through your
   # distributed system. Enabling distributed tracing changes the behavior of some
-  # New Relic features, so carefully consult the transition guide before you enable
-  # this feature.
+  # New Relic features, so carefully consult the transition guide before you
+  # enable this feature.
   # distributed_tracing.enabled: true
 
   # If true, the agent captures Elasticsearch queries in transaction traces.
@@ -319,8 +319,8 @@ common: &default_settings
   # error_collector.expected_classes: []
 
   # A map of error classes to a list of messages. When an error of one of the
-  # classes specified here occurs, if its error message contains one of the strings
-  # corresponding to it here, that error will be treated as expected.
+  # classes specified here occurs, if its error message contains one of the
+  # strings corresponding to it here, that error will be treated as expected.
   # This option can't be set via environment variable.
   # error_collector.expected_messages: {}
 
@@ -334,8 +334,8 @@ common: &default_settings
   # error_collector.ignore_classes: ["ActionController::RoutingError", "Sinatra::NotFound"]
 
   # A map of error classes to a list of messages. When an error of one of the
-  # classes specified here occurs, if its error message contains one of the strings
-  # corresponding to it here, that error will be ignored.
+  # classes specified here occurs, if its error message contains one of the
+  # strings corresponding to it here, that error will be ignored.
   # This option can't be set via environment variable.
   # error_collector.ignore_messages: {}
 
@@ -343,9 +343,9 @@ common: &default_settings
   # associated with these status codes, where applicable, will be ignored.
   # error_collector.ignore_status_codes: ""
 
-  # Defines the maximum number of frames in an error backtrace. Backtraces over this
-  # amount are truncated in the middle, preserving the beginning and the end of the
-  # stack trace.
+  # Defines the maximum number of frames in an error backtrace. Backtraces over
+  # this amount are truncated in the middle, preserving the beginning and the end
+  # of the stack trace.
   # error_collector.max_backtrace_frames: 50
 
   # Defines the maximum number of TransactionError events reported per harvest
@@ -357,18 +357,19 @@ common: &default_settings
   # exclude_newrelic_header: false
 
   # The exit handler that sends all cached data to the collector before shutting
-  # down is forcibly installed. This is true even when it detects scenarios where it
-  # generally should not be. The known use case for this option is when Sinatra runs
-  # as an embedded service within another framework. The agent detects the Sinatra
-  # app and skips the at_exit handler as a result. Sinatra classically runs the
-  # entire application in an at_exit block and would otherwise misbehave if the
-  # agent's at_exit handler was also installed in those circumstances. Note:
-  # send_data_on_exit should also be set to true in tandem with this setting.
+  # down is forcibly installed. This is true even when it detects scenarios where
+  # it generally should not be. The known use case for this option is when Sinatra
+  # runs as an embedded service within another framework. The agent detects the
+  # Sinatra app and skips the at_exit handler as a result. Sinatra classically
+  # runs the entire application in an at_exit block and would otherwise misbehave
+  # if the agent's at_exit handler was also installed in those circumstances.
+  # Note: send_data_on_exit should also be set to true in tandem with this
+  # setting.
   # force_install_exit_handler: false
 
-  # Ordinarily the agent reports dyno names with a trailing dot and process ID (for
-  # example, worker.3). You can remove this trailing data by specifying the prefixes
-  # you want to report without trailing data (for example, worker).
+  # Ordinarily the agent reports dyno names with a trailing dot and process ID
+  # (for example, worker.3). You can remove this trailing data by specifying the
+  # prefixes you want to report without trailing data (for example, worker).
   # heroku.dyno_name_prefixes_to_shorten: ["scheduler", "run"]
 
   # If true, the agent uses Heroku dyno names as the hostname.
@@ -395,8 +396,8 @@ common: &default_settings
   # Configures the TCP/IP port for the trace observer Host
   # infinite_tracing.trace_observer.port: 443
 
-  # Controls auto-instrumentation of ActiveSupport::BroadcastLogger at start up. May
-  # be one of: auto, prepend, chain, disabled. Used in Rails versions >= 7.1.
+  # Controls auto-instrumentation of ActiveSupport::BroadcastLogger at start up.
+  # May be one of: auto, prepend, chain, disabled. Used in Rails versions >= 7.1.
   # instrumentation.active_support_broadcast_logger: auto
 
   # Controls auto-instrumentation of ActiveSupport::Logger at start up. May be one
@@ -407,20 +408,20 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.async_http: auto
 
-  # Controls auto-instrumentation of the aws-sdk-sqs library at start-up. May be one
-  # of: auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of the aws-sdk-sqs library at start-up. May be
+  # one of: auto, prepend, chain, disabled.
   # instrumentation.aws_sqs: auto
 
   # Controls auto-instrumentation of bunny at start-up. May be one of: auto,
   # prepend, chain, disabled.
   # instrumentation.bunny: auto
 
-  # Controls auto-instrumentation of the concurrent-ruby library at start-up. May be
-  # one of: auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of the concurrent-ruby library at start-up. May
+  # be one of: auto, prepend, chain, disabled.
   # instrumentation.concurrent_ruby: auto
 
-  # Controls auto-instrumentation of Curb at start-up. May be one of: auto, prepend,
-  # chain, disabled.
+  # Controls auto-instrumentation of Curb at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.curb: auto
 
   # Controls auto-instrumentation of Delayed Job at start-up. May be one of: auto,
@@ -435,8 +436,8 @@ common: &default_settings
   # one of: auto, prepend, chain, disabled.
   # instrumentation.elasticsearch: auto
 
-  # Controls auto-instrumentation of ethon at start up. May be one of auto, prepend,
-  # chain, disabled
+  # Controls auto-instrumentation of ethon at start up. May be one of auto,
+  # prepend, chain, disabled
   # instrumentation.ethon: auto
 
   # Controls auto-instrumentation of Excon at start-up. May be one of: enabled,
@@ -454,18 +455,18 @@ common: &default_settings
   # Specifies a list of hostname patterns separated by commas that will match gRPC
   # hostnames that traffic is to be ignored by New Relic for. New Relic's gRPC
   # client instrumentation will ignore traffic streamed to a host matching any of
-  # these patterns, and New Relic's gRPC server instrumentation will ignore traffic
-  # for a server running on a host whose hostname matches any of these patterns. By
-  # default, no traffic is ignored when gRPC instrumentation is itself enabled. For
-  # example, "private.com$,exception.*"
+  # these patterns, and New Relic's gRPC server instrumentation will ignore
+  # traffic for a server running on a host whose hostname matches any of these
+  # patterns. By default, no traffic is ignored when gRPC instrumentation is
+  # itself enabled. For example, "private.com$,exception.*"
   # instrumentation.grpc.host_denylist: []
 
-  # Controls auto-instrumentation of gRPC clients at start-up. May be one of: auto,
-  # prepend, chain, disabled.
+  # Controls auto-instrumentation of gRPC clients at start-up. May be one of:
+  # auto, prepend, chain, disabled.
   # instrumentation.grpc_client: auto
 
-  # Controls auto-instrumentation of gRPC servers at start-up. May be one of: auto,
-  # prepend, chain, disabled.
+  # Controls auto-instrumentation of gRPC servers at start-up. May be one of:
+  # auto, prepend, chain, disabled.
   # instrumentation.grpc_server: auto
 
   # Controls auto-instrumentation of HTTPClient at start-up. May be one of: auto,
@@ -476,24 +477,28 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.httprb: auto
 
-  # Controls auto-instrumentation of httpx at start up. May be one of auto, prepend,
-  # chain, disabled
+  # Controls auto-instrumentation of httpx at start up. May be one of auto,
+  # prepend, chain, disabled
   # instrumentation.httpx: auto
 
   # Controls auto-instrumentation of Ruby standard library Logger at start-up. May
   # be one of: auto, prepend, chain, disabled.
   # instrumentation.logger: auto
 
-  # Controls auto-instrumentation of dalli gem for Memcache at start-up. May be one
-  # of: auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of the LogStasher library at start-up. May be
+  # one of: auto, prepend, chain, disabled.
+  # instrumentation.logstasher: auto
+
+  # Controls auto-instrumentation of dalli gem for Memcache at start-up. May be
+  # one of: auto, prepend, chain, disabled.
   # instrumentation.memcache: auto
 
   # Controls auto-instrumentation of memcache-client gem for Memcache at start-up.
   # May be one of: auto, prepend, chain, disabled.
   # instrumentation.memcache_client: auto
 
-  # Controls auto-instrumentation of memcached gem for Memcache at start-up. May be
-  # one of: auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of memcached gem for Memcache at start-up. May
+  # be one of: auto, prepend, chain, disabled.
   # instrumentation.memcached: auto
 
   # Controls auto-instrumentation of Mongo at start-up. May be one of: enabled,
@@ -504,13 +509,17 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.net_http: auto
 
-  # Controls auto-instrumentation of Puma::Rack. When enabled, the agent hooks into
-  # the to_app method in Puma::Rack::Builder to find gems to instrument during
-  # application startup. May be one of: auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of the opensearch-ruby library at start-up. May
+  # be one of auto, prepend, chain, disabled.
+  # instrumentation.opensearch: auto
+
+  # Controls auto-instrumentation of Puma::Rack. When enabled, the agent hooks
+  # into the to_app method in Puma::Rack::Builder to find gems to instrument
+  # during application startup. May be one of: auto, prepend, chain, disabled.
   # instrumentation.puma_rack: auto
 
-  # Controls auto-instrumentation of Puma::Rack::URLMap at start-up. May be one of:
-  # auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of Puma::Rack::URLMap at start-up. May be one
+  # of: auto, prepend, chain, disabled.
   # instrumentation.puma_rack_urlmap: auto
 
   # Controls auto-instrumentation of Rack. When enabled, the agent hooks into the
@@ -518,12 +527,12 @@ common: &default_settings
   # startup. May be one of: auto, prepend, chain, disabled.
   # instrumentation.rack: auto
 
-  # Controls auto-instrumentation of Rack::URLMap at start-up. May be one of: auto,
-  # prepend, chain, disabled.
+  # Controls auto-instrumentation of Rack::URLMap at start-up. May be one of:
+  # auto, prepend, chain, disabled.
   # instrumentation.rack_urlmap: auto
 
-  # Controls auto-instrumentation of rake at start-up. May be one of: auto, prepend,
-  # chain, disabled.
+  # Controls auto-instrumentation of rake at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.rake: auto
 
   # Controls auto-instrumentation of Redis at start-up. May be one of: auto,
@@ -534,12 +543,13 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.resque: auto
 
-  # Controls auto-instrumentation of Roda at start-up. May be one of: auto, prepend,
-  # chain, disabled.
+  # Controls auto-instrumentation of Roda at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.roda: auto
 
-  # Controls auto-instrumentation of the ruby-openai gem at start-up. May be one of:
-  # auto, prepend, chain, disabled. Defaults to disabled in high security mode.
+  # Controls auto-instrumentation of the ruby-openai gem at start-up. May be one
+  # of: auto, prepend, chain, disabled. Defaults to disabled in high security
+  # mode.
   # instrumentation.ruby_openai: auto
 
   # Controls auto-instrumentation of Sinatra at start-up. May be one of: auto,
@@ -550,10 +560,11 @@ common: &default_settings
   # disabled.
   # instrumentation.stripe: enabled
 
-  # Controls auto-instrumentation of the Thread class at start-up to allow the agent
-  # to correctly nest spans inside of an asynchronous transaction. This does not
-  # enable the agent to automatically trace all threads created (see
-  # instrumentation.thread.tracing). May be one of: auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of the Thread class at start-up to allow the
+  # agent to correctly nest spans inside of an asynchronous transaction. This does
+  # not enable the agent to automatically trace all threads created (see
+  # instrumentation.thread.tracing). May be one of: auto, prepend, chain,
+  # disabled.
   # instrumentation.thread: auto
 
   # Controls auto-instrumentation of the Thread class at start-up to automatically
@@ -568,8 +579,8 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.typhoeus: auto
 
-  # Controls auto-instrumentation of ViewComponent at startup. May be one of: auto,
-  # prepend, chain, disabled.
+  # Controls auto-instrumentation of ViewComponent at startup. May be one of:
+  # auto, prepend, chain, disabled.
   # instrumentation.view_component: auto
 
   # A dictionary of label names and values that will be applied to the data sent
@@ -600,6 +611,12 @@ common: &default_settings
   # When true, the agent transmits data about your app to the New Relic collector.
   # monitor_mode: true
 
+  # If true, the agent captures OpenSearch queries in transaction traces.
+  # opensearch.capture_queries: true
+
+  # If true, the agent obfuscates OpenSearch queries in transaction traces.
+  # opensearch.obfuscate_queries: true
+
   # If true, uses Module#prepend rather than alias_method for ActiveRecord
   # instrumentation.
   # prepend_active_record_instrumentation: false
@@ -628,8 +645,8 @@ common: &default_settings
 
   # Specify an Array of Rake tasks to automatically instrument. This configuration
   # option converts the Array to a RegEx list. If you'd like to allow all tasks by
-  # default, use rake.tasks: [.+]. No rake tasks will be instrumented unless they're
-  # added to this list. For more information, visit the New Relic Rake
+  # default, use rake.tasks: [.+]. No rake tasks will be instrumented unless
+  # they're added to this list. For more information, visit the New Relic Rake
   # Instrumentation docs.
   # rake.tasks: []
 
@@ -646,29 +663,29 @@ common: &default_settings
   # send_data_on_exit: true
 
   # If true, the agent will operate in a streamlined mode suitable for use with
-  # short-lived serverless functions. NOTE: Only AWS Lambda functions are supported
-  # currently and this option is not intended for use without New Relic's Ruby
-  # Lambda layer offering.
+  # short-lived serverless functions. NOTE: Only AWS Lambda functions are
+  # supported currently and this option is not intended for use without New
+  # Relic's Ruby Lambda layer offering.
   # serverless_mode.enabled: false
 
   # An array of strings that will collectively serve as a denylist for filtering
   # which Sidekiq job arguments get reported to New Relic. To capture any Sidekiq
   # arguments, 'job.sidekiq.args.*' must be added to the separate
   # :'attributes.include' configuration option. Each string in this array will be
-  # turned into a regular expression via Regexp.new to permit advanced matching. For
-  # job argument hashes, if either a key or value matches the pair will be excluded.
-  # All matching job argument array elements and job argument scalars will be
-  # excluded.
+  # turned into a regular expression via Regexp.new to permit advanced matching.
+  # For job argument hashes, if either a key or value matches the pair will be
+  # excluded. All matching job argument array elements and job argument scalars
+  # will be excluded.
   # sidekiq.args.exclude: []
 
   # An array of strings that will collectively serve as an allowlist for filtering
   # which Sidekiq job arguments get reported to New Relic. To capture any Sidekiq
   # arguments, 'job.sidekiq.args.*' must be added to the separate
   # :'attributes.include' configuration option. Each string in this array will be
-  # turned into a regular expression via Regexp.new to permit advanced matching. For
-  # job argument hashes, if either a key or value matches the pair will be included.
-  # All matching job argument array elements and job argument scalars will be
-  # included.
+  # turned into a regular expression via Regexp.new to permit advanced matching.
+  # For job argument hashes, if either a key or value matches the pair will be
+  # included. All matching job argument array elements and job argument scalars
+  # will be included.
   # sidekiq.args.include: []
 
   # If true, the agent collects slow SQL queries.
@@ -679,16 +696,16 @@ common: &default_settings
   # the default setting for explain plans in slow SQL as well.
   # slow_sql.explain_enabled: true
 
-  # Specify a threshold in seconds. The agent collects slow SQL queries and explain
-  # plans that exceed this threshold.
+  # Specify a threshold in seconds. The agent collects slow SQL queries and
+  # explain plans that exceed this threshold.
   # slow_sql.explain_threshold: 0.5
 
-  # Defines an obfuscation level for slow SQL queries. Valid options are obfuscated,
-  # raw, or none.
+  # Defines an obfuscation level for slow SQL queries. Valid options are
+  # obfuscated, raw, or none.
   # slow_sql.record_sql: obfuscated
 
-  # Generate a longer sql_id for slow SQL traces. sql_id is used for aggregation of
-  # similar queries.
+  # Generate a longer sql_id for slow SQL traces. sql_id is used for aggregation
+  # of similar queries.
   # slow_sql.use_longer_sql_id: false
 
   # If true, the agent captures attributes on span events.
@@ -703,8 +720,8 @@ common: &default_settings
   # If true, enables span event sampling.
   # span_events.enabled: true
 
-  # * Defines the maximum number of span events reported from a single harvest. Any
-  # Integer between 1 and 10000 is valid.'
+  # * Defines the maximum number of span events reported from a single harvest.
+  # Any Integer between 1 and 10000 is valid.'
   # * When configuring the agent for AI monitoring, set to max value 10000.This
   # ensures the agent captures the maximum amount of distributed traces.
   # span_events.max_samples_stored: 2000
@@ -714,30 +731,31 @@ common: &default_settings
   # span_events.queue_size: 10000
 
   # Specify a list of exceptions you do not want the agent to strip when
-  # strip_exception_messages is true. Separate exceptions with a comma. For example,
-  # "ImportantException,PreserveMessageException".
+  # strip_exception_messages is true. Separate exceptions with a comma. For
+  # example, "ImportantException,PreserveMessageException".
   # strip_exception_messages.allowed_classes: ""
 
   # If true, the agent strips messages from all exceptions except those in the
   # allowlist. Enabled automatically in high security mode.
   # strip_exception_messages.enabled: false
 
-  # An array of strings to specify which keys and/or values inside a Stripe event's
-  # user_data hash should
+  # An array of strings to specify which keys and/or values inside a Stripe
+  # event's user_data hash should
   # not be reported to New Relic. Each string in this array will be turned into a
   # regular expression via
-  # Regexp.new to permit advanced matching. For each hash pair, if either the key or
-  # value is matched the
-  # pair will not be reported. By default, no user_data is reported, so this option
-  # should only be used if
+  # Regexp.new to permit advanced matching. For each hash pair, if either the key
+  # or value is matched the
+  # pair will not be reported. By default, no user_data is reported, so this
+  # option should only be used if
   # the stripe.user_data.include option is being used.
   # stripe.user_data.exclude: []
 
-  # An array of strings to specify which keys inside a Stripe event's user_data hash
-  # should be reported
-  # to New Relic. Each string in this array will be turned into a regular expression
-  # via Regexp.new to
-  # permit advanced matching. Setting the value to ["."] will report all user_data.
+  # An array of strings to specify which keys inside a Stripe event's user_data
+  # hash should be reported
+  # to New Relic. Each string in this array will be turned into a regular
+  # expression via Regexp.new to
+  # permit advanced matching. Setting the value to ["."] will report all
+  # user_data.
   # stripe.user_data.include: []
 
   # When set to true, forces a synchronous connection to the New Relic collector
@@ -758,8 +776,8 @@ common: &default_settings
   # If true, the agent captures attributes from transaction events.
   # transaction_events.attributes.enabled: true
 
-  # Prefix of attributes to exclude from transaction events. Allows * as wildcard at
-  # end.
+  # Prefix of attributes to exclude from transaction events. Allows * as wildcard
+  # at end.
   # transaction_events.attributes.exclude: []
 
   # Prefix of attributes to include in transaction events. Allows * as wildcard at
@@ -769,25 +787,26 @@ common: &default_settings
   # If true, enables transaction event sampling.
   # transaction_events.enabled: true
 
-  # Defines the maximum number of transaction events reported from a single harvest.
+  # Defines the maximum number of transaction events reported from a single
+  # harvest.
   # transaction_events.max_samples_stored: 1200
 
   # If true, the agent captures attributes on transaction segments.
   # transaction_segments.attributes.enabled: true
 
-  # Prefix of attributes to exclude from transaction segments. Allows * as wildcard
-  # at end.
+  # Prefix of attributes to exclude from transaction segments. Allows * as
+  # wildcard at end.
   # transaction_segments.attributes.exclude: []
 
-  # Prefix of attributes to include on transaction segments. Allows * as wildcard at
-  # end.
+  # Prefix of attributes to include on transaction segments. Allows * as wildcard
+  # at end.
   # transaction_segments.attributes.include: []
 
   # If true, the agent captures attributes from transaction traces.
   # transaction_tracer.attributes.enabled: true
 
-  # Prefix of attributes to exclude from transaction traces. Allows * as wildcard at
-  # end.
+  # Prefix of attributes to exclude from transaction traces. Allows * as wildcard
+  # at end.
   # transaction_tracer.attributes.exclude: []
 
   # Prefix of attributes to include in transaction traces. Allows * as wildcard at
@@ -853,6 +872,59 @@ common: &default_settings
   # Foundry environment.
   # utilization.detect_pcf: true
 
+  # BEGIN security agent
+  #
+  #   NOTE: At this time, the security agent is intended for use only within
+  #         a dedicated security testing environment with data that can tolerate
+  #         modification or deletion. The security agent is available as a
+  #         separate Ruby gem, newrelic_security. It is recommended that this
+  #         separate gem only be introduced to a security testing environment
+  #         by leveraging Bundler grouping like so:
+  #
+  #         # Gemfile
+  #         gem 'newrelic_rpm'               # New Relic APM observability agent
+  #         gem 'newrelic-infinite_tracing'  # New Relic Infinite Tracing
+  #
+  #         group :security do
+  #           gem 'newrelic_security', require: false # New Relic security agent
+  #         end
+  #
+  #   NOTE: All "security.*" configuration parameters are related only to the
+  #         security agent, and all other configuration parameters that may
+  #         have "security" in the name somewhere are related to the APM agent.
+  
+  # If true, the security agent is loaded (a Ruby 'require' is performed)
+  # security.agent.enabled: false
+
+  # The port the application is listening on. This setting is mandatory for
+  # Passenger servers. Other servers should be detected by default.
+  # security.application_info.port: nil
+
+  # If true, enables deserialization detection
+  # security.detection.deserialization.enabled: true
+
+  # If true, enables RCI (remote code injection) detection
+  # security.detection.rci.enabled: true
+
+  # If true, enables RXSS (reflected cross-site scripting) detection
+  # security.detection.rxss.enabled: true
+
+  # If true, the security agent is started (the agent runs in its event loop)
+  # security.enabled: false
+
+  # Defines the mode for the security agent to operate in. Currently only IAST is
+  # supported
+  # security.mode: IAST
+
+  # Defines the request body limit to process in security events (in KB). The
+  # default value is 300, for 300KB.
+  # security.request.body_limit: 300
+
+  # Defines the endpoint URL for posting security-related data
+  # security.validator_service_url: wss://csec.nr-data.net
+
+  # END security agent
+
 # Environment-specific settings are in this section.
 # RAILS_ENV or RACK_ENV (as appropriate) is used to determine the environment.
 # If your application has other named environments, configure them here.