newrelic_rpm 9.9.0 → 9.10.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ad2c3da566c3fda3369af14dd1d25b82a582c3db88c910474634b1b8169648fc
-  data.tar.gz: 1ebe2637f6cef4b3b3e70afb157b91516cc6bf37511f1acb1f3ec5e1caf917e5
+  metadata.gz: cef71bbfaac5e07f6d5b0862fccb3bf35e4c99251ce5fec00143036c89c964f8
+  data.tar.gz: e5521d0958408d97494625b155f2dcb97736d02994f7b7dfdc58143dabc73dee
 SHA512:
-  metadata.gz: d86c1de9e30e3952b7d5dbec62845693795e6c3b0273b5f34a19a0a550e208314774d3da08246c26c8e903657c36b71b91ae170911869f3e801879e8c8ee4e05
-  data.tar.gz: bb5732481d984d24366be27b1186e35b753b7dff7613774b8f4f50749e516db6556edd93b1017e656535cf83ef306e31199e44b03d677ea8c249f472f7f30222
+  metadata.gz: 28a45e748a241b3bfb2c93bb19500cda6bc433c9c428e56f4cbcc92ff5c12d8f6d0198ab87d3a910f11539695fc8d0a4935c65ea5869d6bf36b66ae2b012c3a7
+  data.tar.gz: 35426f77a90e9f10b2be825538482a5bda1d074cc4d3c22acd1df007774f21a190b10696ad962fe34e30db0dd57d0a5bcadb3db6d5bc97edad0dcfba88db9a19

data/CHANGELOG.md

@@ -1,5 +1,55 @@
 # New Relic Ruby Agent Release Notes
 
+## v9.10.2
+
+Version 9.10.2 fixes a bug related to the new DynamoDB instrumentation and removes `Rails::Command::RakeCommand` from the default list of denylisted constants.
+
+- **Bugfix: DynamoDB instrumentation logging errors when trying to get account_id**
+
+    When trying to access data needed to add the `account_id` to the DynamoDB span, the agent encountered an error when certain credentials classes were used. This has been fixed. Thanks to [@kichik](https://github.com/kichik) for bringing this to our attention. [PR#2864](https://github.com/newrelic/newrelic-ruby-agent/pull/2684)
+
+- **Bugfix: Remove Rails::Command::RakeCommand from the default list of autostart.denylisted_constants**
+
+  The default value for the `autostart.denylisted_constants` configuration was changed in 9.10.0 to include `Rails::Command::RunnerCommand` and `Rails::Command::RakeCommand`. The inclusion of `Rails::Command::RakeCommand` prevented the agent from starting automatically when Solid Queue was started using `bin/rails solid_queue:start`. We recognize there are many commands nested within `Rails::Command::RakeCommand` and have decided to remove it from the default list. We encourage users who do not want the agent to run on `Rails::Command::RakeCommand` to add the constant to their configuration. This can be accomplished by adding the following to your `newrelic.yml` file:
+
+  ```yaml
+    autostart.denylisted_constants: "Rails::Command::ConsoleCommand,Rails::Command::CredentialsCommand,Rails::Command::Db::System::ChangeCommand,Rails::Command::DbConsoleCommand,Rails::Command::DestroyCommand,Rails::Command::DevCommand,Rails::Command::EncryptedCommand,Rails::Command::GenerateCommand,Rails::Command::InitializersCommand,Rails::Command::NotesCommand,Rails::Command::RakeCommand,Rails::Command::RoutesCommand,Rails::Command::RunnerCommand,Rails::Command::SecretsCommand,Rails::Console,Rails::DBConsole"
+  ```
+
+  Thank you, [@edariedl](https://github.com/edariedl), for reporting this issue. [Issue#2677](https://github.com/newrelic/newrelic-ruby-agent/issues/2677) [PR#2694](https://github.com/newrelic/newrelic-ruby-agent/pull/2694)
+
+## v9.10.1
+
+- **Bugfix: Incompatibility with Bootstrap**
+
+Version 9.10.1 fixes an incompatibility between the agent and the [Bootstrap](https://github.com/twbs/bootstrap-rubygem) gem caused by agent v9.10.0's introduction of a `lib/bootstrap.rb` file. Thank you to [@dorner](https://github.com/dorner) for reporting the bug and identifying the 'bootstrap' name collision as the root cause. [BUG#2675](https://github.com/newrelic/newrelic-ruby-agent/issues/2675) [PR#2676](https://github.com/newrelic/newrelic-ruby-agent/pull/2676)
+
+## v9.10.0
+
+Version 9.10.0 introduces instrumentation for DynamoDB, adds a new feature to automatically apply nonces from the Rails content security policy, fixes a bug that would cause an expected error to negatively impact a transaction's Apdex, and fixes the agent's autostart logic so that by default `rails runner` and `rails db` commands will not cause the agent to start.
+
+- **Feature: Add instrumentation for DynamoDB**
+
+    The agent has added instrumentation for the aws-sdk-dynamodb gem. The agent will now record datastore spans for DynamoDB client calls made with the aws-sdk-dynamodb gem.  [PR#2642](https://github.com/newrelic/newrelic-ruby-agent/pull/2642)
+
+- **Feature: Automatically apply nonces from the Rails content security policy**
+
+  To auto-inject browser monitoring with the New Relic Ruby agent, you either need to set your content security policy to 'unsafe-inline' or provide a nonce. Previously, the only way to provide a nonce was by using the [`NewRelic::Agent.browser_timing_header`](https://rubydoc.info/gems/newrelic_rpm/NewRelic/Agent#browser_timing_header-instance_method) API. Now, when a Rails application uses [the content security policy configuration to add a nonce](https://guides.rubyonrails.org/security.html#adding-a-nonce), the nonce will be automatically applied to the browser agent. A new configuration option, [`browser_monitoring.content_security_policy_nonce`](https://docs.newrelic.com/docs/apm/agents/ruby-agent/configuration/ruby-agent-configuration/#browser_monitoring-content_security_policy_nonce), toggles this feature. It is on by default. Thank you [@baldarn](https://github.com/baldarn) for submitting this feature! [PR#2544](https://github.com/newrelic/newrelic-ruby-agent/pull/2544)
+
+- **Bugfix: Expected errors related to HTTP status code, class, and message won't impact Apdex**
+
+  The agent is supposed to prevent observed application errors from negatively impacting Apdex if the errors are either ignored or expected. There are two ways for the agent to expect an error: via the `notice_error` API receiving an `expected: true` argument or via matches made against user-configured lists for expected HTTP status codes (`:'error_collector.expected_status_codes'`), expected error classes (`:'error_collector.expected_classes'`), or expected error messages (`:'error_collector.expected_messages'`). Previously, only errors expected via the `notice_error` API were correctly prevented from impacting Apdex. Expected errors set by configuration incorrectly impacted Apdex. This behavior has been fixed and now both types of expected errors will correctly not impact Apdex. Thanks very much to [@florianpilz](https://github.com/florianpilz) for bringing this issue to our attention. [PR#2619](https://github.com/newrelic/newrelic-ruby-agent/pull/2619)
+
+- **Bugfix: Do not start the agent automatically when `rails runner` or `rails db` commands are ran**
+
+  [PR#2239](https://github.com/newrelic/newrelic-ruby-agent/pull/2239) taught the agent how to recognize `bin/rails` based contexts that it should not automatically start up in. But `bin/rails runner` and `bin/rails db` commands would still see the agent start automatically. Those 2 contexts will now no longer see the agent start automatically. Thank you to [@jdelStrother](https://github.com/jdelStrother) for both bringing the `bin/rails` context to our attention and for letting us know about the `bin/rails runner` and `bin/rails db` outliers that still needed fixing. [PR#2623](https://github.com/newrelic/newrelic-ruby-agent/pull/2623)
+
+  Older agent versions that are still supported by New Relic can update to the new list of denylisted constants by having the following line added to the `newrelic.yml` configuration file:
+
+  ```yaml
+    autostart.denylisted_constants: "Rails::Command::ConsoleCommand,Rails::Command::CredentialsCommand,Rails::Command::Db::System::ChangeCommand,Rails::Command::DbConsoleCommand,Rails::Command::DestroyCommand,Rails::Command::DevCommand,Rails::Command::EncryptedCommand,Rails::Command::GenerateCommand,Rails::Command::InitializersCommand,Rails::Command::NotesCommand,Rails::Command::RakeCommand,Rails::Command::RoutesCommand,Rails::Command::RunnerCommand,Rails::Command::SecretsCommand,Rails::Console,Rails::DBConsole"
+  ```
+
 ## v9.9.0
 
 Version 9.9.0 introduces support for AWS Lambda serverless function observability, adds support for Elasticsearch 8.13.0, and adds the 'request.temperature' attribute to chat completion summaries in ruby-openai instrumentation.
@@ -8,6 +58,8 @@ Version 9.9.0 introduces support for AWS Lambda serverless function observabilit
 
   The Ruby agent is now capable of operating in a quick and light serverless mode suitable for observing AWS Lambda function invocations. For serverless use, the agent is delivered by a New Relic Lambda [layer](https://github.com/newrelic/newrelic-lambda-layers) that can be associated with a Lambda function. All reported data will appear in New Relic's dedicated serverless UI views. Only AWS based Lambda functions are supported for now, though support for other cloud hosted serverless offerings may be added in future depending on Ruby customer demand. The serverless functionality is only intended for use with the official New Relic Ruby layers for Lambda. Any existing workflows that involve the manual use of the Ruby agent in an AWS Lambda context without a New Relic layer should not be impacted.
 
+  For more details, see our [getting started guide](https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/get-started/monitoring-aws-lambda-serverless-monitoring/).
+
 - **Feature: Add support for Elasticsearch 8.13.0**
 
   Elasticsearch 8.13.0 increased the number of arguments used in the method the agent instruments, `Elastic::Transport::Client#perform_request`. Now, the agent supports a variable number of arguments for the instrumented method to prevent future `ArgumentError`s.

data/README.md

@@ -23,6 +23,9 @@ can be found on [our docs site](http://docs.newrelic.com/docs/ruby/supported-fra
 You can also monitor non-web applications. Refer to the "Other
 Environments" section below.
 
+We offer an AWS Lambda layer for instrumenting your serverless Ruby functions.
+Details can be found on our [getting started guide](https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/get-started/monitoring-aws-lambda-serverless-monitoring/).
+
 ## Installing and Using
 
 The latest released gem for the Ruby agent can be found at [RubyGems.org](https://rubygems.org/gems/newrelic_rpm)

data/Rakefile

@@ -134,5 +134,5 @@ task :console do
   require 'pry' if ENV['ENABLE_PRY']
   require 'newrelic_rpm'
   ARGV.clear
-  Pry.start
+  ENV['ENABLE_PRY'] ? Pry.start : binding.irb # rubocop:disable Lint/Debugger
 end

data/lib/boot/strap.rb

@@ -0,0 +1,101 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+# This file is designed to bootstrap a `Bundler.require`-based Ruby app (such as
+# a Ruby on Rails app) so the app can be instrumented and observed by the
+# New Relic Ruby agent without the agent being added to the app as a dependency.
+# NOTE: introducing the agent into your application via bootstrap is in beta.
+# Use at your own risk.
+#
+# Given a production-ready Ruby app that optionally has a pre-packaged "frozen"
+# or "deployment"–gem bundle, the New Relic Ruby agent can be introduced
+# to the app without modifying the app and keeping all of the app's content
+# read-only.
+#
+# Prerequisites:
+#   - Ruby (tested v2.4+)
+#   - Bundler (included with Ruby, tested v1.17+)
+#
+# Instructions:
+#   - First, make sure the New Relic Ruby agent exists on disk. For these
+#     instructions, we'll assume the agent exists at `/newrelic`.
+#     - The agent can be downloaded as the "newrelic_rpm" gem from RubyGems.org
+#       and unpacked with "gem unpack"
+#     - The agent can be cloned from the New Relic public GitHub repo:
+#       https://github.com/newrelic/newrelic-ruby-agent
+#   - Next, use the "RUBYOPT" environment variable to require ("-r") this
+#     file (note that the ".rb" extension is dropped):
+#       ```
+#       export RUBYOPT="-r /newrelic/lib/boot/strap"
+#       ```
+#    - Add your New Relic license key as an environment variable.
+#       ```
+#       export NEW_RELIC_LICENSE_KEY=1a2b3c4d5e67f8g9h0i
+#       ```
+#   - Launch an existing Ruby app as usual. For a Ruby on Rails app, this might
+#     involve running `bin/rails server`.
+#   - In the Ruby app's directory, look for and inspect
+#     `log/newrelic_agent.log`. If this file exists and there are no "WARN" or
+#     "ERROR" entries within it, then the agent was successfully introduced to
+#     the Ruby application.
+
+module NRBundlerPatch
+  NR_AGENT_GEM = 'newrelic_rpm'
+
+  def require(*_groups)
+    super
+
+    require_newrelic
+  end
+
+  def require_newrelic
+    lib = File.expand_path('../..', __FILE__)
+    $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+    Kernel.require NR_AGENT_GEM
+  end
+end
+
+class NRBundlerPatcher
+  BUNDLER = 'bundler'
+  RUBYOPT = 'RUBYOPT'
+
+  def self.patch
+    check_for_require
+    check_for_rubyopt
+    check_for_bundler
+    Bundler::Runtime.prepend(NRBundlerPatch)
+  rescue StandardError => e
+    Kernel.warn "New Relic entrypoint at #{__FILE__} encountered an issue:\n  #{e.message}"
+  end
+
+  private
+
+  def self.check_for_require
+    raise "#{__FILE__} is meant to be required, not invoked directly" if $PROGRAM_NAME == __FILE__
+  end
+
+  def self.check_for_rubyopt
+    unless ENV[RUBYOPT].to_s.match?("-r #{__FILE__.rpartition('.').first}")
+      raise "#{__FILE__} is meant to be required via the RUBYOPT env var"
+    end
+  end
+
+  def self.check_for_bundler
+    require_bundler
+
+    raise 'Required Ruby Bundler class Bundler::Runtime not defined!' unless defined?(Bundler::Runtime)
+
+    unless Bundler::Runtime.method_defined?(:require)
+      raise "The active Ruby Bundler instance doesn't offer Bundler::Runtime#require"
+    end
+  end
+
+  def self.require_bundler
+    require BUNDLER
+  rescue LoadError => e
+    raise "Required Ruby library '#{BUNDLER}' could not be required - #{e}"
+  end
+end
+
+NRBundlerPatcher.patch

data/lib/new_relic/agent/aws.rb

@@ -0,0 +1,62 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic
+  module Agent
+    module Aws
+      CHARACTERS = %w[A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 2 3 4 5 6 7].freeze
+      HEX_MASK = '7fffffffff80'
+
+      def self.create_arn(service, resource, region, account_id)
+        "arn:aws:#{service}:#{region}:#{account_id}:#{resource}"
+      rescue => e
+        NewRelic::Agent.logger.warn("Failed to create ARN: #{e}")
+      end
+
+      def self.get_account_id(config)
+        access_key_id = config.credentials.credentials.access_key_id if config&.credentials&.credentials&.respond_to?(:access_key_id)
+        return unless access_key_id
+
+        NewRelic::Agent::Aws.convert_access_key_to_account_id(access_key_id)
+      rescue => e
+        NewRelic::Agent.logger.debug("Failed to create account id: #{e}")
+      end
+
+      def self.convert_access_key_to_account_id(access_key)
+        decoded_key = Integer(decode_to_hex(access_key[4..-1]), 16)
+        mask = Integer(HEX_MASK, 16)
+        (decoded_key & mask) >> 7
+      end
+
+      def self.decode_to_hex(access_key)
+        bytes = access_key.delete('=').each_char.map { |c| CHARACTERS.index(c) }
+
+        bytes.each_slice(8).map do |section|
+          convert_section(section)
+        end.flatten[0...6].join
+      end
+
+      def self.convert_section(section)
+        buffer = 0
+        section.each do |chunk|
+          buffer = (buffer << 5) + chunk
+        end
+
+        chunk_count = (section.length * 5.0 / 8.0).floor
+
+        if section.length < 8
+          buffer >>= (5 - (chunk_count * 8)) % 5
+        end
+
+        decoded = []
+        chunk_count.times do |i|
+          shift = 8 * (chunk_count - 1 - i)
+          decoded << ((buffer >> shift) & 255).to_s(16)
+        end
+
+        decoded
+      end
+    end
+  end
+end

data/lib/new_relic/agent/configuration/default_source.rb

@@ -390,9 +390,11 @@ module NewRelic
           :description => <<~DESCRIPTION
             If `false`, LLM instrumentation (OpenAI only for now) will not capture input and output content on specific LLM events.
 
-            The excluded attributes include:
-              * `content` from LlmChatCompletionMessage events
-              * `input` from LlmEmbedding events
+              The excluded attributes include:
+                * `content` from LlmChatCompletionMessage events
+                * `input` from LlmEmbedding events
+
+              This is an optional security setting to prevent recording sensitive data sent to and received from your LLMs.
           DESCRIPTION
         },
         # this is only set via server side config
@@ -477,12 +479,14 @@ module NewRelic
           :public => true,
           :type => Boolean,
           :allowed_from_server => false,
-          :description => 'Forces the exit handler that sends all cached data to collector ' \
-            'before shutting down to be installed regardless of detecting scenarios where it generally should not be. ' \
-            'Known use-case for this option is where Sinatra is running as an embedded service within another framework ' \
-            'and the agent is detecting the Sinatra app and skipping the `at_exit` handler as a result. Sinatra classically ' \
-            'runs the entire application in an `at_exit` block and would otherwise misbehave if the agent\'s `at_exit` handler ' \
-            'was also installed in those circumstances. Note: `send_data_on_exit` should also be set to `true` in  tandem with this setting.'
+          :description => <<~DESC
+            The exit handler that sends all cached data to the collector before shutting down is forcibly installed. \
+            This is true even when it detects scenarios where it generally should not be. The known use case for this \
+            option is when Sinatra runs as an embedded service within another framework. The agent detects the Sinatra \
+            app and skips the `at_exit` handler as a result. Sinatra classically runs the entire application in an \
+            `at_exit` block and would otherwise misbehave if the agent's `at_exit` handler was also installed in those \
+            circumstances. Note: `send_data_on_exit` should also be set to `true` in tandem with this setting.
+          DESC
         },
         :high_security => {
           :default => false,
@@ -780,6 +784,15 @@ module NewRelic
           :allowed_from_server => true,
           :description => 'If `true`, enables [auto-injection](/docs/browser/new-relic-browser/installation-configuration/adding-apps-new-relic-browser#select-apm-app) of the JavaScript header for page load timing (sometimes referred to as real user monitoring or RUM).'
         },
+        # CSP nonce
+        :'browser_monitoring.content_security_policy_nonce' => {
+          :default => value_of(:'rum.enabled'),
+          :documentation_default => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, enables auto-injection of [Content Security Policy Nonce](https://content-security-policy.com/nonce/) in browser monitoring scripts. For now, auto-injection only works with Rails 5.2+.'
+        },
         # Transaction events
         :'transaction_events.enabled' => {
           :default => true,
@@ -1070,6 +1083,7 @@ module NewRelic
             Rails::Command::InitializersCommand
             Rails::Command::NotesCommand
             Rails::Command::RoutesCommand
+            Rails::Command::RunnerCommand
             Rails::Command::SecretsCommand
             Rails::Console
             Rails::DBConsole].join(','),
@@ -1134,8 +1148,12 @@ module NewRelic
           :public => true,
           :type => Integer,
           :allowed_from_server => true,
-          :description => 'Specify a maximum number of custom events to buffer in memory at a time.',
-          :dynamic_name => true
+          :dynamic_name => true,
+          :description => <<~DESC
+            * Specify a maximum number of custom events to buffer in memory at a time.'
+            * When configuring the agent for [AI monitoring](/docs/ai-monitoring/intro-to-ai-monitoring), \
+            set to max value `100000`. This ensures the agent captures the maximum amount of LLM events.
+          DESC
         },
         # Datastore tracer
         :'datastore_tracer.database_name_reporting.enabled' => {
@@ -1440,6 +1458,14 @@ module NewRelic
           :allowed_from_server => false,
           :description => 'Controls auto-instrumentation of bunny at start-up. May be one of: `auto`, `prepend`, `chain`, `disabled`.'
         },
+        :'instrumentation.dynamodb' => {
+          :default => 'auto',
+          :public => true,
+          :type => String,
+          :dynamic_name => true,
+          :allowed_from_server => false,
+          :description => 'Controls auto-instrumentation of the aws-sdk-dynamodb library at start-up. May be one of `auto`, `prepend`, `chain`, `disabled`.'
+        },
         :'instrumentation.fiber' => {
           :default => 'auto',
           :public => true,
@@ -1488,7 +1514,7 @@ module NewRelic
           :type => String,
           :dynamic_name => true,
           :allowed_from_server => false,
-          :description => 'Controls auto-instrumentation of ethon at start up. May be one of [auto|prepend|chain|disabled]'
+          :description => 'Controls auto-instrumentation of ethon at start up. May be one of `auto`, `prepend`, `chain`, `disabled`'
         },
         :'instrumentation.excon' => {
           :default => 'enabled',
@@ -1558,7 +1584,7 @@ module NewRelic
           :type => String,
           :dynamic_name => true,
           :allowed_from_server => false,
-          :description => 'Controls auto-instrumentation of httpx at start up. May be one of [auto|prepend|chain|disabled]'
+          :description => 'Controls auto-instrumentation of httpx at start up. May be one of `auto`, `prepend`, `chain`, `disabled`'
         },
         :'instrumentation.logger' => {
           :default => instrumentation_value_from_boolean(:'application_logging.enabled'),
@@ -1620,7 +1646,7 @@ module NewRelic
           :type => String,
           :dynamic_name => true,
           :allowed_from_server => false,
-          :description => 'Controls auto-instrumentation of the ruby-openai gem at start-up. May be one of: `auto`, `prepend`, `chain`, `disabled`.'
+          :description => 'Controls auto-instrumentation of the ruby-openai gem at start-up. May be one of: `auto`, `prepend`, `chain`, `disabled`. Defaults to `disabled` in high security mode.'
         },
         :'instrumentation.puma_rack' => {
           :default => value_of(:'instrumentation.rack'),
@@ -1963,7 +1989,11 @@ module NewRelic
           :public => true,
           :type => Integer,
           :allowed_from_server => true,
-          :description => 'Defines the maximum number of span events reported from a single harvest. Any Integer between `1` and `10000` is valid.'
+          :description => <<~DESC
+            * Defines the maximum number of span events reported from a single harvest. Any Integer between `1` and `10000` is valid.'
+            * When configuring the agent for [AI monitoring](/docs/ai-monitoring/intro-to-ai-monitoring), set to max value `10000`.\
+            This ensures the agent captures the maximum amount of distributed traces.
+          DESC
         },
         # Strip exception messages
         :'strip_exception_messages.enabled' => {

data/lib/new_relic/agent/error_collector.rb

@@ -110,6 +110,29 @@ module NewRelic
         false
       end
 
+      # Neither ignored nor expected errors impact apdex.
+      #
+      # Ignored errors are checked via `#error_is_ignored?`
+      # Expected errors are checked in 2 separate ways:
+      #   1. The presence of an `expected: true` attribute key/value pair in the
+      #      options hash, which will be set if that key/value pair was used in
+      #      the `notice_error` public API.
+      #   2. By calling `#expected?` which in turn calls `ErrorFilter#expected?`
+      #      which checks for 3 things:
+      #        - A match for user-defined HTTP status codes to expect
+      #        - A match for user-defined error classes to expect
+      #        - A match for user-defined error messages to expect
+      def error_affects_apdex?(error, options)
+        return false if error_is_ignored?(error)
+        return false if options[:expected]
+
+        !expected?(error, ::NewRelic::Agent::Tracer.state.current_transaction&.http_response_code)
+      rescue => e
+        NewRelic::Agent.logger.error("Could not determine if error '#{error}' should impact Apdex - " \
+                                     "#{e.class}: #{e.message}. Defaulting to 'true' (it should impact Apdex).")
+        true
+      end
+
       # Calling instance_variable_set on a wrapped Java object in JRuby will
       # generate a warning unless that object's class has already been marked
       # as persistent, so we skip tagging of exception objects that are actually

data/lib/new_relic/agent/instrumentation/dynamodb/chain.rb

@@ -0,0 +1,27 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module DynamoDB::Chain
+    def self.instrument!
+      ::Aws::DynamoDB::Client.class_eval do
+        include NewRelic::Agent::Instrumentation::DynamoDB
+
+        NewRelic::Agent::Instrumentation::DynamoDB::INSTRUMENTED_METHODS.each do |method_name|
+          alias_method("#{method_name}_without_new_relic".to_sym, method_name.to_sym)
+
+          define_method(method_name) do |*args|
+            instrument_method_with_new_relic(method_name, *args) { send("#{method_name}_without_new_relic".to_sym, *args) }
+          end
+        end
+
+        alias_method(:build_request_without_new_relic, :build_request)
+
+        def build_request(*args)
+          build_request_with_new_relic(*args) { build_request_without_new_relic(*args) }
+        end
+      end
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/dynamodb/instrumentation.rb

@@ -0,0 +1,64 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module DynamoDB
+    INSTRUMENTED_METHODS = %w[
+      create_table
+      delete_item
+      delete_table
+      get_item
+      put_item
+      query
+      scan
+      update_item
+    ].freeze
+
+    PRODUCT = 'DynamoDB'
+    DEFAULT_HOST = 'dynamodb.amazonaws.com'
+
+    def instrument_method_with_new_relic(method_name, *args)
+      return yield unless NewRelic::Agent::Tracer.tracing_enabled?
+
+      NewRelic::Agent.record_instrumentation_invocation(PRODUCT)
+
+      segment = NewRelic::Agent::Tracer.start_datastore_segment(
+        product: PRODUCT,
+        operation: method_name,
+        host: config&.endpoint&.host || DEFAULT_HOST,
+        port_path_or_id: config&.endpoint&.port,
+        collection: args[0][:table_name]
+      )
+
+      arn = get_arn(args[0])
+      segment&.add_agent_attribute('cloud.resource_id', arn) if arn
+
+      @nr_captured_request = nil # clear request just in case
+      begin
+        NewRelic::Agent::Tracer.capture_segment_error(segment) { yield }
+      ensure
+        segment&.add_agent_attribute('aws.operation', method_name)
+        segment&.add_agent_attribute('aws.requestId', @nr_captured_request&.context&.http_response&.headers&.[]('x-amzn-requestid'))
+        segment&.add_agent_attribute('aws.region', config&.region)
+        segment&.finish
+      end
+    end
+
+    def build_request_with_new_relic(*args)
+      @nr_captured_request = yield
+    end
+
+    def nr_account_id
+      return @nr_account_id if defined?(@nr_account_id)
+
+      @nr_account_id = NewRelic::Agent::Aws.get_account_id(config)
+    end
+
+    def get_arn(params)
+      return unless params[:table_name] && nr_account_id
+
+      NewRelic::Agent::Aws.create_arn(PRODUCT.downcase, "table/#{params[:table_name]}", config&.region, nr_account_id)
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/dynamodb/prepend.rb

@@ -0,0 +1,19 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module DynamoDB::Prepend
+    include NewRelic::Agent::Instrumentation::DynamoDB
+
+    INSTRUMENTED_METHODS.each do |method_name|
+      define_method(method_name) do |*args|
+        instrument_method_with_new_relic(method_name, *args) { super(*args) }
+      end
+    end
+
+    def build_request(*args)
+      build_request_with_new_relic(*args) { super }
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/dynamodb.rb

@@ -0,0 +1,25 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+require_relative 'dynamodb/instrumentation'
+require_relative 'dynamodb/chain'
+require_relative 'dynamodb/prepend'
+
+DependencyDetection.defer do
+  named :dynamodb
+
+  depends_on do
+    defined?(Aws::DynamoDB::Client)
+  end
+
+  executes do
+    NewRelic::Agent.logger.info('Installing DynamoDB instrumentation')
+
+    if use_prepend?
+      prepend_instrument Aws::DynamoDB::Client, NewRelic::Agent::Instrumentation::DynamoDB::Prepend
+    else
+      chain_instrument NewRelic::Agent::Instrumentation::DynamoDB::Chain
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/elasticsearch/instrumentation.rb

@@ -8,6 +8,54 @@ module NewRelic::Agent::Instrumentation
   module Elasticsearch
     PRODUCT_NAME = 'Elasticsearch'
     OPERATION = 'perform_request'
+
+    # Pattern to use with client caller location strings. Look for a location
+    # that contains '/lib/elasticsearch/api/' and is NOT followed by the
+    # string held in the OPERATION constant
+    OPERATION_PATTERN = %r{/lib/elasticsearch/api/(?!.+#{OPERATION})}.freeze
+
+    # Use the OPERATION_PATTERN pattern to find the appropriate caller location
+    # that will contain the client instance method (example: 'search') and
+    # return that method name.
+    #
+    # A Ruby caller location matching the OPERATION_PATTERN will contain an
+    # elasticsearch client instance method name (such as "search"), and that
+    # method name will be used as the operation name.
+    #
+    # With Ruby < 3.4 the method name is listed as:
+    #
+    #   `search'
+    #
+    # with an opening backtick and a closing single tick. And only the
+    # method name itself is listed.
+    #
+    # With Ruby 3.4+ the method name is listed as:
+    #
+    #   'Elasticsearch::API::Actions#search'
+    #
+    # with opening and closing single ticks and the class defining the
+    # instance method listed.
+    #
+    # (?:) = ?: prevents capturing
+    # (?:`|') = allow ` or '
+    # (?:.+#) = allow the class name and '#' prefix to exist but ignore it
+    # ([^']+)' = after the opening ` or ', capturing everything up to the
+    #            closing '.  [^']+ = one or more characters that are not '
+    #
+    # Example Ruby 3.3.1 input:
+    #
+    #   /Users/fallwith/.rubies/ruby-3.3.1/lib/ruby/gems/3.3.0/gems/elasticsearch-api-7.17.10/lib/elasticsearch/api/actions/index.rb:74:in `index'
+    #
+    # Example Ruby 3.4.0-preview1 input:
+    #
+    #   /Users/fallwith/.rubies/ruby-3.4.0-preview1/lib/ruby/gems/3.4.0+0/gems/elasticsearch-api-7.17.10/lib/elasticsearch/api/actions/index.rb:74:in 'Elasticsearch::API::Actions#index'
+    #
+    # Example output for both Rubies:
+    #
+    #   index
+
+    INSTANCE_METHOD_PATTERN = /:in (?:`|')(?:.+#)?([^']+)'\z/.freeze
+
     INSTRUMENTATION_NAME = NewRelic::Agent.base_name(name)
 
     # We need the positional arguments `params` and `body`
@@ -40,13 +88,10 @@ module NewRelic::Agent::Instrumentation
     private
 
     def nr_operation
-      operation_index = caller_locations.index do |line|
-        string = line.to_s
-        string.include?('lib/elasticsearch/api') && !string.include?(OPERATION)
-      end
-      return nil unless operation_index
+      location = caller_locations.detect { |loc| loc.to_s.match?(OPERATION_PATTERN) }
+      return unless location && location.to_s =~ INSTANCE_METHOD_PATTERN
 
-      caller_locations[operation_index].to_s.split('`')[-1].gsub(/\W/, '')
+      Regexp.last_match(1)
     end
 
     def nr_reported_query(query)

data/lib/new_relic/agent/instrumentation/grpc/client/instrumentation.rb

@@ -50,7 +50,6 @@ module NewRelic
             attributes_hash.each do |attr, value|
               segment.add_agent_attribute(attr, value)
             end
-            segment.record_agent_attributes = true
           end
 
           def grpc_status_and_message_from_exception(exception)

data/lib/new_relic/agent/span_event_primitive.rb

@@ -79,17 +79,13 @@ module NewRelic
         intrinsics[SPAN_KIND_KEY] = CLIENT
         intrinsics[SERVER_ADDRESS_KEY] = segment.uri.host
         intrinsics[SERVER_PORT_KEY] = segment.uri.port
-        agent_attributes = error_attributes(segment) || {}
+        agent_attributes = {}
 
         if allowed?(HTTP_URL_KEY)
           agent_attributes[HTTP_URL_KEY] = truncate(segment.uri)
         end
 
-        if segment.respond_to?(:record_agent_attributes?) && segment.record_agent_attributes?
-          agent_attributes.merge!(agent_attributes(segment))
-        end
-
-        [intrinsics, custom_attributes(segment), agent_attributes]
+        [intrinsics, custom_attributes(segment), agent_attributes.merge(agent_attributes(segment))]
       end
 
       def for_datastore_segment(segment) # rubocop:disable Metrics/AbcSize
@@ -99,7 +95,7 @@ module NewRelic
         intrinsics[SPAN_KIND_KEY] = CLIENT
         intrinsics[CATEGORY_KEY] = DATASTORE_CATEGORY
 
-        agent_attributes = error_attributes(segment) || {}
+        agent_attributes = {}
 
         if segment.database_name && allowed?(DB_INSTANCE_KEY)
           agent_attributes[DB_INSTANCE_KEY] = truncate(segment.database_name)
@@ -123,7 +119,7 @@ module NewRelic
           agent_attributes[DB_STATEMENT_KEY] = truncate(segment.nosql_statement, 2000)
         end
 
-        [intrinsics, custom_attributes(segment), agent_attributes]
+        [intrinsics, custom_attributes(segment), agent_attributes.merge(agent_attributes(segment))]
       end
 
       private

data/lib/new_relic/agent/transaction/external_request_segment.rb

@@ -23,7 +23,6 @@ module NewRelic
         MISSING_STATUS_CODE = 'MissingHTTPStatusCode'
 
         attr_reader :library, :uri, :procedure, :http_status_code
-        attr_writer :record_agent_attributes
 
         def initialize(library, uri, procedure, start_time = nil) # :nodoc:
           @library = library
@@ -32,7 +31,6 @@ module NewRelic
           @host_header = nil
           @app_data = nil
           @http_status_code = nil
-          @record_agent_attributes = false
           super(nil, nil, start_time)
         end
 
@@ -44,14 +42,6 @@ module NewRelic
           @host_header || uri.host
         end
 
-        # By default external request segments only have errors and the http
-        # url recorded as agent attributes. To have all the agent attributes
-        # recorded, use the attr_writer like so `segment.record_agent_attributes = true`
-        # See: SpanEventPrimitive#for_external_request_segment
-        def record_agent_attributes?
-          @record_agent_attributes
-        end
-
         # This method adds New Relic request headers to a given request made to an
         # external API and checks to see if a host header is used for the request.
         # If a host header is used, it updates the segment name to match the host

data/lib/new_relic/agent/transaction.rb

@@ -816,13 +816,9 @@ module NewRelic
       end
 
       def had_error_affecting_apdex?
-        @exceptions.each do |exception, options|
-          ignored = NewRelic::Agent.instance.error_collector.error_is_ignored?(exception)
-          expected = options[:expected]
-
-          return true unless ignored || expected
+        @exceptions.each.any? do |exception, options|
+          NewRelic::Agent.instance.error_collector.error_affects_apdex?(exception, options)
         end
-        false
       end
 
       def apdex_bucket(duration, current_apdex_t)

data/lib/new_relic/agent.rb

@@ -64,6 +64,7 @@ module NewRelic
     require 'new_relic/agent/linking_metadata'
     require 'new_relic/agent/local_log_decorator'
     require 'new_relic/agent/llm'
+    require 'new_relic/agent/aws'
 
     require 'new_relic/agent/instrumentation/controller_instrumentation'
 

data/lib/new_relic/rack/browser_monitoring.rb

@@ -38,7 +38,7 @@ module NewRelic
         result = @app.call(env)
         (status, headers, response) = result
 
-        js_to_inject = NewRelic::Agent.browser_timing_header
+        js_to_inject = NewRelic::Agent.browser_timing_header(nonce(env))
         if (js_to_inject != NewRelic::EMPTY_STR) && should_instrument?(env, status, headers)
           response_string = autoinstrument_source(response, js_to_inject)
           if headers.key?(CONTENT_LENGTH)
@@ -58,6 +58,14 @@ module NewRelic
         end
       end
 
+      def nonce(env)
+        return unless NewRelic::Agent.config[:'browser_monitoring.content_security_policy_nonce']
+        return unless NewRelic::Agent.config[:framework] == :rails_notifications
+        return unless defined?(ActionDispatch::ContentSecurityPolicy::Request)
+
+        env[ActionDispatch::ContentSecurityPolicy::Request::NONCE]
+      end
+
       def should_instrument?(env, status, headers)
         NewRelic::Agent.config[:'browser_monitoring.auto_instrument'] &&
           status == 200 &&

data/lib/new_relic/version.rb

@@ -6,8 +6,8 @@
 module NewRelic
   module VERSION # :nodoc:
     MAJOR = 9
-    MINOR = 9
-    TINY = 0
+    MINOR = 10
+    TINY = 2
 
     STRING = "#{MAJOR}.#{MINOR}.#{TINY}"
   end

data/lib/sequel/extensions/new_relic_instrumentation.rb

@@ -78,8 +78,9 @@ module Sequel
     end
 
     THREAD_SAFE_CONNECTION_POOL_CLASSES = [
-      (defined?(::Sequel::ThreadedConnectionPool) && ::Sequel::ThreadedConnectionPool)
-    ].freeze
+      (defined?(::Sequel::ThreadedConnectionPool) && ::Sequel::ThreadedConnectionPool),
+      (defined?(::Sequel::TimedQueueConnectionPool) && RUBY_VERSION >= '3.4' && ::Sequel::TimedQueueConnectionPool)
+    ].compact.freeze
 
     def explainer_for(sql)
       proc do |*|

data/lib/tasks/config.rake

@@ -20,7 +20,7 @@ namespace :newrelic do
       ATTRIBUTES => '[Attributes](/docs/features/agent-attributes) are key-value pairs containing information that determines the properties of an event or transaction. These key-value pairs can be viewed within transaction traces in APM, traced errors in APM, transaction events in dashboards, and page views in dashboards. You can customize exactly which attributes will be sent to each of these destinations',
       'transaction_tracer' => 'The [transaction traces](/docs/apm/traces/transaction-traces/transaction-traces) feature collects detailed information from a selection of transactions, including a summary of the calling sequence, a breakdown of time spent, and a list of SQL queries and their query plans (on mysql and postgresql). Available features depend on your New Relic subscription level.',
       'error_collector' => "The agent collects and reports all uncaught exceptions by default. These configuration options allow you to customize the error collection.\n\nFor information on ignored and expected errors, [see this page on Error Analytics in APM](/docs/agents/manage-apm-agents/agent-data/manage-errors-apm-collect-ignore-or-mark-expected/). To set expected errors via the `NewRelic::Agent.notice_error` Ruby method, [consult the Ruby agent API](/docs/agents/ruby-agent/api-guides/sending-handled-errors-new-relic/).",
-      'browser_monitoring' => "The browser monitoring [page load timing](/docs/browser/new-relic-browser/page-load-timing/page-load-timing-process) feature (sometimes referred to as real user monitoring or RUM) gives you insight into the performance real users are experiencing with your website. This is accomplished by measuring the time it takes for your users' browsers to download and render your web pages by injecting a small amount of JavaScript code into the header and footer of each page.",
+      'browser_monitoring' => "The <InlinePopover type='browser' /> [page load timing](/docs/browser/new-relic-browser/page-load-timing/page-load-timing-process) feature (sometimes referred to as real user monitoring or RUM) gives you insight into the performance real users are experiencing with your website. This is accomplished by measuring the time it takes for your users' browsers to download and render your web pages by injecting a small amount of JavaScript code into the header and footer of each page.",
       'application_logging' => "The Ruby agent supports [APM logs in context](/docs/apm/new-relic-apm/getting-started/get-started-logs-context). For some tips on configuring logs for the Ruby agent, see [Configure Ruby logs in context](/docs/logs/logs-context/configure-logs-context-ruby).\n\nAvailable logging-related config options include:",
       'analytics_events' => '[New Relic dashboards](/docs/query-your-data/explore-query-data/dashboards/introduction-new-relic-one-dashboards) is a resource to gather and visualize data about your software and what it says about your business. With it you can quickly and easily create real-time dashboards to get immediate answers about end-user experiences, clickstreams, mobile activities, and server transactions.',
       'ai_monitoring' => "This section includes Ruby agent configurations for setting up AI monitoring.\n\n<Callout variant='important'>You need to enable distributed tracing to capture trace and feedback data. It is turned on by default in Ruby agents 8.0.0 and higher.</Callout>"
@@ -28,7 +28,8 @@ namespace :newrelic do
 
     NAME_OVERRIDES = {
       'slow_sql' => 'Slow SQL [#slow-sql]',
-      'custom_insights_events' => 'Custom Events [#custom-events]'
+      'custom_insights_events' => 'Custom Events [#custom-events]',
+      'ai_monitoring' => 'AI Monitoring [#ai-monitoring]'
     }
 
     desc 'Describe available New Relic configuration settings'

data/lib/tasks/helpers/config.html.erb

@@ -10,6 +10,7 @@ redirects:
   - /docs/ruby/ruby-agent-configuration
   - /docs/agents/ruby-agent/installation-and-configuration/ruby-agent-configuration
   - /docs/agents/ruby-agent/installation-configuration/ruby-agent-configuration
+freshnessValidatedDate: never
 ---
 
 <CONTRIBUTOR_NOTE>
@@ -70,12 +71,12 @@ The Ruby agent looks for the following environment variables, in this order, to
 
 If the Ruby agent doesn't detect values for any of those environment variables, it will default the application environment to `development` and read from the `development` section of the `newrelic.yml` config file.
 
-When running the Ruby agent in a Rails app, the agent first looks for the `NEW_RELIC_ENV` environment variable to determine the application environment and which section of the `newrelic.yml` to use. If `NEW_RELIC_ENV` is not present, the agent uses the Rails environment (`RAILS_ENV`).
+When running the Ruby agent in a Rails app, the agent first looks for the `NEW_RELIC_ENV` environment variable to find the application environment and which section of the `newrelic.yml` to use. If `NEW_RELIC_ENV` is not present, the agent uses the Rails environment (`RAILS_ENV`).
 
 When you edit the config file, be sure to:
 
 * Indent only with two spaces.
-* Indent only where relevant, in stanzas such as **`error_collector`**.
+* Indent only where relevant, in sections such as <DoNotTranslate>**`error_collector`**</DoNotTranslate>.
 
 If you do not indent correctly, the agent may throw an `Unable to parse configuration file` error on startup.
 

data/lib/tasks/helpers/format.rb

@@ -69,7 +69,7 @@ module Format
 
   def format_description(value)
     description = ''
-    description += '**DEPRECATED** ' if value[:deprecated]
+    description += '<DoNotTranslate>**DEPRECATED**</DoNotTranslate>' if value[:deprecated]
     description += value[:description]
     description
   end

data/lib/tasks/instrumentation_generator/instrumentation.thor

@@ -31,15 +31,16 @@ class Instrumentation < Thor
 
   def scaffold(name)
     @name = name
+    @snake_name = snake_name(@name)
     @method = options[:method] if options[:method]
     @args = options[:args] if options[:args]
     @class_name = ::NewRelic::LanguageSupport.camelize(name)
-    base_path = "#{INSTRUMENTATION_ROOT}#{name.downcase}"
+    base_path = "#{INSTRUMENTATION_ROOT}#{@snake_name}"
 
     empty_directory(base_path)
     create_instrumentation_files(base_path)
-    append_to_default_source(name)
-    append_to_newrelic_yml(name)
+    append_to_default_source(@name, @snake_name)
+    # append_to_newrelic_yml(@name, @snake_name) # This is now done on release, we don't need it anymore, but leaving it to be sure.
     create_tests(name)
   end
 
@@ -69,53 +70,60 @@ class Instrumentation < Thor
   def create_tests(name)
     @name = name
     @instrumentation_method_global_erb_snippet = '<%= $instrumentation_method %>'
-    base_path = "#{MULTIVERSE_SUITE_ROOT}#{@name.downcase}"
+    @snake_name = snake_name(@name)
+    base_path = "#{MULTIVERSE_SUITE_ROOT}#{@snake_name}"
     empty_directory(base_path)
     template('templates/Envfile.tt', "#{base_path}/Envfile")
-    template('templates/test.tt', "#{base_path}/#{@name.downcase}_instrumentation_test.rb")
+    template('templates/test.tt', "#{base_path}/#{@snake_name}_instrumentation_test.rb")
 
     empty_directory("#{base_path}/config")
     template('templates/newrelic.yml.tt', "#{base_path}/config/newrelic.yml")
   end
 
-  def append_to_default_source(name)
+  def append_to_default_source(name, snake_name)
     insert_into_file(
       DEFAULT_SOURCE_LOCATION,
-      config_block(name.downcase),
+      config_block(name, snake_name),
       after: ":description => 'Controls auto-instrumentation of bunny at start-up. May be one of: `auto`, `prepend`, `chain`, `disabled`.'
         },\n"
     )
   end
 
-  def append_to_newrelic_yml(name)
+  def append_to_newrelic_yml(name, snake_name)
     insert_into_file(
       NEWRELIC_YML_LOCATION,
-      yaml_block(name),
+      yaml_block(name, snake_name),
       after: "# instrumentation.bunny: auto\n"
     )
   end
 
-  def config_block(name)
-    <<~CONFIG
-      :'instrumentation.#{name.downcase}' => {
-        :default => 'auto',
-        :public => true,
-        :type => String,
-        :dynamic_name => true,
-        :allowed_from_server => false,
-        :description => 'Controls auto-instrumentation of the #{name} library at start-up. May be one of [auto|prepend|chain|disabled].'
-      },
+  def config_block(name, snake_name)
+    # Don't change to <<~
+    # We want to preserve the whitespace so the config is correctly indented
+    <<-CONFIG
+        :'instrumentation.#{snake_name}' => {
+          :default => 'auto',
+          :public => true,
+          :type => String,
+          :dynamic_name => true,
+          :allowed_from_server => false,
+          :description => 'Controls auto-instrumentation of the #{name} library at start-up. May be one of `auto`, `prepend`, `chain`, `disabled`.'
+        },
     CONFIG
   end
 
-  def yaml_block(name)
+  def yaml_block(name, snake_name)
     <<~HEREDOC
 
       # Controls auto-instrumentation of #{name} at start-up.
       # May be one of [auto|prepend|chain|disabled]
-      # instrumentation.#{name.downcase}: auto
+      # instrumentation.#{snake_name}: auto
     HEREDOC
   end
+
+  def snake_name(name)
+    name.downcase.tr('-', '_')
+  end
 end
 
 Instrumentation.start(ARGV)

data/lib/tasks/instrumentation_generator/templates/dependency_detection.tt

@@ -2,12 +2,12 @@
 # See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
 # frozen_string_literal: true
 
-require_relative '<%= @name.downcase %>/instrumentation'
-require_relative '<%= @name.downcase %>/chain'
-require_relative '<%= @name.downcase %>/prepend'
+require_relative '<%= @snake_name.downcase %>/instrumentation'
+require_relative '<%= @snake_name.downcase %>/chain'
+require_relative '<%= @snake_name.downcase %>/prepend'
 
 DependencyDetection.defer do
-  named :<%= @name.match?(/\-|\_/) ? "'#{@name.downcase}'" : @name.downcase %>
+  named :<%= @name.match?(/\-|\_/) ? "'#{@snake_name}'" : @name.downcase %>
 
   depends_on do
     # The class that needs to be defined to prepend/chain onto. This can be used

data/lib/tasks/instrumentation_generator/templates/newrelic.yml.tt

@@ -6,7 +6,7 @@ development:
   monitor_mode: true
   license_key: bootstrap_newrelic_admin_license_key_000
   instrumentation:
-    <%= @name.downcase %>: <%= @instrumentation_method_global_erb_snippet %>
+    <%= @snake_name %>: <%= @instrumentation_method_global_erb_snippet %>
   app_name: test
   log_level: debug
   host: 127.0.0.1

data/newrelic.yml

@@ -43,6 +43,8 @@ common: &default_settings
   # The excluded attributes include:
   # * content from LlmChatCompletionMessage events
   # * input from LlmEmbedding events
+  # This is an optional security setting to prevent recording sensitive data sent to
+  # and received from your LLMs.
   # ai_monitoring.record_content.enabled: true
 
   # If true, enables capture of all HTTP request headers for all destinations.
@@ -114,7 +116,7 @@ common: &default_settings
   # Specify a list of constants that should prevent the agent from starting
   # automatically. Separate individual constants with a comma ,. For example,
   # "Rails::Console,UninstrumentedBackgroundJob".
-  # autostart.denylisted_constants: Rails::Command::ConsoleCommand,Rails::Command::CredentialsCommand,Rails::Command::Db::System::ChangeCommand,Rails::Command::DbConsoleCommand,Rails::Command::DestroyCommand,Rails::Command::DevCommand,Rails::Command::EncryptedCommand,Rails::Command::GenerateCommand,Rails::Command::InitializersCommand,Rails::Command::NotesCommand,Rails::Command::RoutesCommand,Rails::Command::SecretsCommand,Rails::Console,Rails::DBConsole
+  # autostart.denylisted_constants: Rails::Command::ConsoleCommand,Rails::Command::CredentialsCommand,Rails::Command::Db::System::ChangeCommand,Rails::Command::DbConsoleCommand,Rails::Command::DestroyCommand,Rails::Command::DevCommand,Rails::Command::EncryptedCommand,Rails::Command::GenerateCommand,Rails::Command::InitializersCommand,Rails::Command::NotesCommand,Rails::Command::RoutesCommand,Rails::Command::RunnerCommand,Rails::Command::SecretsCommand,Rails::Console,Rails::DBConsole
 
   # Defines a comma-delimited list of executables that the agent should not
   # instrument. For example, "rake,my_ruby_script.rb".
@@ -144,6 +146,10 @@ common: &default_settings
   # (sometimes referred to as real user monitoring or RUM).
   # browser_monitoring.auto_instrument: true
 
+  # If true, enables auto-injection of Content Security Policy Nonce in browser
+  # monitoring scripts. For now, auto-injection only works with Rails 5.2+.
+  # browser_monitoring.content_security_policy_nonce: true
+
   # Manual override for the path to your local CA bundle. This CA bundle will be
   # used to validate the SSL certificate presented by New Relic's data collection
   # service.
@@ -182,7 +188,9 @@ common: &default_settings
   # If true, the agent captures custom events.
   # custom_insights_events.enabled: true
 
-  # Specify a maximum number of custom events to buffer in memory at a time.
+  # * Specify a maximum number of custom events to buffer in memory at a time.'
+  # * When configuring the agent for AI monitoring, set to max value 100000. This
+  # ensures the agent captures the maximum amount of LLM events.
   # custom_insights_events.max_samples_stored: 3000
 
   # If false, the agent will not add database_name parameter to transaction or slow
@@ -348,14 +356,14 @@ common: &default_settings
   # requests.
   # exclude_newrelic_header: false
 
-  # Forces the exit handler that sends all cached data to collector before shutting
-  # down to be installed regardless of detecting scenarios where it generally should
-  # not be. Known use-case for this option is where Sinatra is running as an
-  # embedded service within another framework and the agent is detecting the Sinatra
-  # app and skipping the at_exit handler as a result. Sinatra classically runs the
+  # The exit handler that sends all cached data to the collector before shutting
+  # down is forcibly installed. This is true even when it detects scenarios where it
+  # generally should not be. The known use case for this option is when Sinatra runs
+  # as an embedded service within another framework. The agent detects the Sinatra
+  # app and skips the at_exit handler as a result. Sinatra classically runs the
   # entire application in an at_exit block and would otherwise misbehave if the
   # agent's at_exit handler was also installed in those circumstances. Note:
-  # send_data_on_exit should also be set to true in  tandem with this setting.
+  # send_data_on_exit should also be set to true in tandem with this setting.
   # force_install_exit_handler: false
 
   # Ordinarily the agent reports dyno names with a trailing dot and process ID (for
@@ -415,12 +423,16 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.delayed_job: auto
 
+  # Controls auto-instrumentation of the aws-sdk-dynamodb library at start-up. May
+  # be one of auto, prepend, chain, disabled.
+  # instrumentation.dynamodb: auto
+
   # Controls auto-instrumentation of the elasticsearch library at start-up. May be
   # one of: auto, prepend, chain, disabled.
   # instrumentation.elasticsearch: auto
 
-  # Controls auto-instrumentation of ethon at start up. May be one of
-  # [auto|prepend|chain|disabled]
+  # Controls auto-instrumentation of ethon at start up. May be one of auto, prepend,
+  # chain, disabled
   # instrumentation.ethon: auto
 
   # Controls auto-instrumentation of Excon at start-up. May be one of: enabled,
@@ -460,8 +472,8 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.httprb: auto
 
-  # Controls auto-instrumentation of httpx at start up. May be one of
-  # [auto|prepend|chain|disabled]
+  # Controls auto-instrumentation of httpx at start up. May be one of auto, prepend,
+  # chain, disabled
   # instrumentation.httpx: auto
 
   # Controls auto-instrumentation of Ruby standard library Logger at start-up. May
@@ -523,7 +535,7 @@ common: &default_settings
   # instrumentation.roda: auto
 
   # Controls auto-instrumentation of the ruby-openai gem at start-up. May be one of:
-  # auto, prepend, chain, disabled.
+  # auto, prepend, chain, disabled. Defaults to disabled in high security mode.
   # instrumentation.ruby_openai: auto
 
   # Controls auto-instrumentation of Sinatra at start-up. May be one of: auto,
@@ -687,8 +699,10 @@ common: &default_settings
   # If true, enables span event sampling.
   # span_events.enabled: true
 
-  # Defines the maximum number of span events reported from a single harvest. Any
-  # Integer between 1 and 10000 is valid.
+  # * Defines the maximum number of span events reported from a single harvest. Any
+  # Integer between 1 and 10000 is valid.'
+  # * When configuring the agent for AI monitoring, set to max value 10000.This
+  # ensures the agent captures the maximum amount of distributed traces.
   # span_events.max_samples_stored: 2000
 
   # Sets the maximum number of span events to buffer when streaming to the trace

data/test/agent_helper.rb

@@ -228,7 +228,9 @@ def assert_metrics_recorded(expected)
   expected.each do |specish, expected_attrs|
     expected_spec = metric_spec_from_specish(specish)
     actual_stats = NewRelic::Agent.instance.stats_engine.to_h[expected_spec]
-    if !actual_stats
+    if actual_stats
+      assert(actual_stats)
+    else
       all_specs = NewRelic::Agent.instance.stats_engine.to_h.keys.sort
       matches = all_specs.select { |spec| spec.name == expected_spec.name }
       matches.map! { |m| "  #{m.inspect}" }
@@ -1037,3 +1039,7 @@ def first_call_for(subject)
 
   items.first
 end
+
+def ruby_version_float
+  RUBY_VERSION.split('.')[0..1].join('.').to_f
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: newrelic_rpm
 version: !ruby/object:Gem::Version
-  version: 9.9.0
+  version: 9.10.2
 platform: ruby
 authors:
 - Tanna McClure
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-04-17 00:00:00.000000000 Z
+date: 2024-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -243,6 +243,7 @@ files:
 - bin/nrdebug
 - init.rb
 - install.rb
+- lib/boot/strap.rb
 - lib/new_relic/agent.rb
 - lib/new_relic/agent/adaptive_sampler.rb
 - lib/new_relic/agent/agent.rb
@@ -260,6 +261,7 @@ files:
 - lib/new_relic/agent/attributes.rb
 - lib/new_relic/agent/audit_logger.rb
 - lib/new_relic/agent/autostart.rb
+- lib/new_relic/agent/aws.rb
 - lib/new_relic/agent/chained_call.rb
 - lib/new_relic/agent/commands/agent_command.rb
 - lib/new_relic/agent/commands/agent_command_router.rb
@@ -381,6 +383,10 @@ files:
 - lib/new_relic/agent/instrumentation/delayed_job/instrumentation.rb
 - lib/new_relic/agent/instrumentation/delayed_job/prepend.rb
 - lib/new_relic/agent/instrumentation/delayed_job_instrumentation.rb
+- lib/new_relic/agent/instrumentation/dynamodb.rb
+- lib/new_relic/agent/instrumentation/dynamodb/chain.rb
+- lib/new_relic/agent/instrumentation/dynamodb/instrumentation.rb
+- lib/new_relic/agent/instrumentation/dynamodb/prepend.rb
 - lib/new_relic/agent/instrumentation/elasticsearch.rb
 - lib/new_relic/agent/instrumentation/elasticsearch/chain.rb
 - lib/new_relic/agent/instrumentation/elasticsearch/instrumentation.rb
@@ -717,7 +723,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.5.9
 signing_key: 
 specification_version: 4
 summary: New Relic Ruby Agent