newrelic_rpm 9.9.0 → 9.21.0

data/newrelic.yml

@@ -26,58 +26,72 @@ common: &default_settings
   # All of the following configuration options are optional. Review them, and
   # uncomment or edit them if they appear relevant to your application needs.
 
-  # An array of ActiveSupport custom event names to subscribe to and instrument. For
-  # example,
+  # An array of ActiveSupport custom event names to subscribe to and instrument.
+  # For example,
   # - one.custom.event
   # - another.event
   # - a.third.event
   # active_support_custom_events_names: []
 
-  # If false, all LLM instrumentation (OpenAI only for now) will be disabled and no
-  # metrics, events, or spans will be sent. AI Monitoring is automatically disabled
-  # if high_security mode is enabled.
+  # If false, all LLM instrumentation (OpenAI only for now) will be disabled and
+  # no metrics, events, or spans will be sent. AI Monitoring is automatically
+  # disabled if high_security mode is enabled.
   # ai_monitoring.enabled: false
 
   # If false, LLM instrumentation (OpenAI only for now) will not capture input and
   # output content on specific LLM events.
+  # 
   # The excluded attributes include:
-  # * content from LlmChatCompletionMessage events
-  # * input from LlmEmbedding events
+  # - content from LlmChatCompletionMessage events
+  # - input from LlmEmbedding events
+  # 
+  # This is an optional security setting to prevent recording sensitive data sent
+  # to and received from your LLMs.
   # ai_monitoring.record_content.enabled: true
 
   # If true, enables capture of all HTTP request headers for all destinations.
   # allow_all_headers: false
 
-  # Your New Relic userKey. Required when using the New Relic REST API v2 to record
-  # deployments using the newrelic deployments command.
+  # Your New Relic userKey. Required when using the New Relic REST API v2 to
+  # record deployments using the newrelic deployments command.
   # api_key: ""
 
   # If true, enables log decoration and the collection of log events and metrics.
   # application_logging.enabled: true
 
   # A hash with key/value pairs to add as custom attributes to all log events
-  # forwarded to New Relic. If sending using an environment variable, the value must
-  # be formatted like: "key1=value1,key2=value2"
+  # forwarded to New Relic. If sending using an environment variable, the value
+  # must be formatted like: "key1=value1,key2=value2"
   # application_logging.forwarding.custom_attributes: {}
 
   # If true, the agent captures log records emitted by your application.
   # application_logging.forwarding.enabled: true
 
+  # If true, the agent attaches labels to log records.
+  # application_logging.forwarding.labels.enabled: false
+
+  # A case-insensitive array or comma-delimited string containing the labels to
+  # exclude from log records.
+  # application_logging.forwarding.labels.exclude: []
+
   # Sets the minimum level a log event must have to be forwarded to New Relic.
-  # This is based on the integer values of Ruby's Logger::Severity constants:
-  # https://github.com/ruby/ruby/blob/master/lib/logger/severity.rb
+  # 
+  # This is based on the integer values of Ruby's Logger::Severity constants.
+  # 
   # The intention is to forward logs with the level given to the configuration, as
   # well as any logs with a higher level of severity.
+  # 
   # For example, setting this value to "debug" will forward all log events to New
   # Relic. Setting this value to "error" will only forward log events with the
   # levels "error", "fatal", and "unknown".
+  # 
   # Valid values (ordered lowest to highest):
-  # * "debug"
-  # * "info"
-  # * "warn"
-  # * "error"
-  # * "fatal"
-  # * "unknown"
+  # - "debug"
+  # - "info"
+  # - "warn"
+  # - "error"
+  # - "fatal"
+  # - "unknown"
   # application_logging.forwarding.log_level: debug
 
   # Defines the maximum number of log records to buffer in memory at a time.
@@ -111,10 +125,62 @@ common: &default_settings
   # Specifies a path to the audit log file (including the filename).
   # audit_log.path: log/newrelic_audit.log
 
+  # An array of CLASS#METHOD (for instance methods) and/or CLASS.METHOD (for class
+  # methods) strings representing Ruby methods that the agent can automatically
+  # add custom instrumentation to. This doesn't require any modifications of the
+  # source code that defines the methods.
+  # 
+  # Use fully qualified class names (using the :: delimiter) that include any
+  # module or class namespacing.
+  # 
+  # Here is some Ruby source code that defines a render_png instance method for an
+  # Image class and a notify class method for a User class, both within a
+  # MyCompany module namespace:
+  # 
+  # module MyCompany
+  # class Image
+  # def render_png
+  # # code to render a PNG
+  # end
+  # end
+  # 
+  # class User
+  # def self.notify
+  # # code to notify users
+  # end
+  # end
+  # end
+  # 
+  # 
+  # Given that source code, the newrelic.yml config file might request
+  # instrumentation for both of these methods like so:
+  # 
+  # automatic_custom_instrumentation_method_list:
+  # - MyCompany::Image#render_png
+  # - MyCompany::User.notify
+  # 
+  # 
+  # That configuration example uses YAML array syntax to specify both methods.
+  # Alternatively, you can use a comma-delimited string:
+  # 
+  # automatic_custom_instrumentation_method_list: 'MyCompany::Image#render_png,
+  # MyCompany::User.notify'
+  # 
+  # 
+  # Whitespace around the comma(s) in the list is optional. When configuring the
+  # agent with a list of methods via the
+  # NEW_RELIC_AUTOMATIC_CUSTOM_INSTRUMENTATION_METHOD_LIST environment variable,
+  # use this comma-delimited string format:
+  # 
+  # export
+  # NEW_RELIC_AUTOMATIC_CUSTOM_INSTRUMENTATION_METHOD_LIST='MyCompany::Image#render_png,
+  # MyCompany::User.notify'
+  # automatic_custom_instrumentation_method_list: []
+
   # Specify a list of constants that should prevent the agent from starting
   # automatically. Separate individual constants with a comma ,. For example,
   # "Rails::Console,UninstrumentedBackgroundJob".
-  # autostart.denylisted_constants: Rails::Command::ConsoleCommand,Rails::Command::CredentialsCommand,Rails::Command::Db::System::ChangeCommand,Rails::Command::DbConsoleCommand,Rails::Command::DestroyCommand,Rails::Command::DevCommand,Rails::Command::EncryptedCommand,Rails::Command::GenerateCommand,Rails::Command::InitializersCommand,Rails::Command::NotesCommand,Rails::Command::RoutesCommand,Rails::Command::SecretsCommand,Rails::Console,Rails::DBConsole
+  # autostart.denylisted_constants: Rails::Command::ConsoleCommand,Rails::Command::CredentialsCommand,Rails::Command::Db::System::ChangeCommand,Rails::Command::DbConsoleCommand,Rails::Command::DestroyCommand,Rails::Command::DevCommand,Rails::Command::EncryptedCommand,Rails::Command::GenerateCommand,Rails::Command::InitializersCommand,Rails::Command::NotesCommand,Rails::Command::RoutesCommand,Rails::Command::RunnerCommand,Rails::Command::SecretsCommand,Rails::Console,Rails::DBConsole
 
   # Defines a comma-delimited list of executables that the agent should not
   # instrument. For example, "rake,my_ruby_script.rb".
@@ -124,16 +190,16 @@ common: &default_settings
   # instrument. For example, "assets:precompile,db:migrate".
   # autostart.denylisted_rake_tasks: about,assets:clean,assets:clobber,assets:environment,assets:precompile,assets:precompile:all,db:create,db:drop,db:fixtures:load,db:migrate,db:migrate:status,db:rollback,db:schema:cache:clear,db:schema:cache:dump,db:schema:dump,db:schema:load,db:seed,db:setup,db:structure:dump,db:version,doc:app,log:clear,middleware,notes,notes:custom,rails:template,rails:update,routes,secret,spec,spec:features,spec:requests,spec:controllers,spec:helpers,spec:models,spec:views,spec:routing,spec:rcov,stats,test,test:all,test:all:db,test:recent,test:single,test:uncommitted,time:zones:all,tmp:clear,tmp:create,webpacker:compile
 
-  # Backports the faster ActiveRecord connection lookup introduced in Rails 6, which
-  # improves agent performance when instrumenting ActiveRecord. Note that this
-  # setting may not be compatible with other gems that patch ActiveRecord.
+  # Backports the faster ActiveRecord connection lookup introduced in Rails 6,
+  # which improves agent performance when instrumenting ActiveRecord. Note that
+  # this setting may not be compatible with other gems that patch ActiveRecord.
   # backport_fast_active_record_connection_lookup: false
 
   # If true, the agent captures attributes from browser monitoring.
   # browser_monitoring.attributes.enabled: false
 
-  # Prefix of attributes to exclude from browser monitoring. Allows * as wildcard at
-  # end.
+  # Prefix of attributes to exclude from browser monitoring. Allows * as wildcard
+  # at end.
   # browser_monitoring.attributes.exclude: []
 
   # Prefix of attributes to include in browser monitoring. Allows * as wildcard at
@@ -144,9 +210,12 @@ common: &default_settings
   # (sometimes referred to as real user monitoring or RUM).
   # browser_monitoring.auto_instrument: true
 
-  # Manual override for the path to your local CA bundle. This CA bundle will be
-  # used to validate the SSL certificate presented by New Relic's data collection
-  # service.
+  # If true, enables auto-injection of Content Security Policy Nonce in browser
+  # monitoring scripts. For now, auto-injection only works with Rails 5.2+.
+  # browser_monitoring.content_security_policy_nonce: true
+
+  # Manual override for the path to your local CA bundle. This CA bundle validates
+  # the SSL certificate presented by New Relic's data collection service.
   # ca_bundle_path: nil
 
   # Enable or disable the capture of memcache keys from transaction traces.
@@ -154,26 +223,30 @@ common: &default_settings
 
   # When true, the agent captures HTTP request parameters and attaches them to
   # transaction traces, traced errors, and TransactionError events.
-  # When using the capture_params setting, the Ruby agent will not attempt to filter
-  # secret information. Recommendation: To filter secret information from request
-  # parameters, use the attributes.include setting instead. For more information,
-  # see the Ruby attribute examples.
+  # 
+  # When using the capture_params setting, the Ruby agent will not attempt to
+  # filter secret information. Recommendation: To filter secret information from
+  # request parameters, use the attributes.include setting instead. For more
+  # information, see the Ruby attribute examples.
   # capture_params: false
 
   # If true, the agent will clear Tracer::State in Agent.drop_buffered_data.
   # clear_transaction_state_after_fork: false
 
+  # The AWS account ID for the AWS account associated with this app
+  # cloud.aws.account_id: nil
+
   # If true, the agent will report source code level metrics for traced methods.
-  # see:
+  # See:
   # https://docs.newrelic.com/docs/apm/agents/ruby-agent/features/ruby-codestream-integration/
   # code_level_metrics.enabled: true
 
   # Path to newrelic.yml. If undefined, the agent checks the following directories
   # (in order):
-  # * config/newrelic.yml
-  # * newrelic.yml
-  # * $HOME/.newrelic/newrelic.yml
-  # * $HOME/newrelic.yml
+  # - config/newrelic.yml
+  # - newrelic.yml
+  # - $HOME/.newrelic/newrelic.yml
+  # - $HOME/newrelic.yml
   # config_path: newrelic.yml
 
   # If false, custom attributes will not be sent on events.
@@ -182,15 +255,17 @@ common: &default_settings
   # If true, the agent captures custom events.
   # custom_insights_events.enabled: true
 
-  # Specify a maximum number of custom events to buffer in memory at a time.
+  # - Specify a maximum number of custom events to buffer in memory at a time.
+  #   - When configuring the agent for AI monitoring, set to max value 100000.
+  # This ensures the agent captures the maximum amount of LLM events.
   # custom_insights_events.max_samples_stored: 3000
 
-  # If false, the agent will not add database_name parameter to transaction or slow
-  # sql traces.
+  # If false, the agent will not add database_name parameter to transaction or
+  # slow sql traces.
   # datastore_tracer.database_name_reporting.enabled: true
 
-  # If false, the agent will not report datastore instance metrics, nor add host or
-  # port_path_or_id parameters to transaction or slow SQL traces.
+  # If false, the agent will not report datastore instance metrics, nor add host
+  # or port_path_or_id parameters to transaction or slow SQL traces.
   # datastore_tracer.instance_reporting.enabled: true
 
   # If true, disables Action Cable instrumentation.
@@ -235,17 +310,18 @@ common: &default_settings
 
   # If true, the agent won't wrap third-party middlewares in instrumentation
   # (regardless of whether they are installed via Rack::Builder or Rails).
+  # 
   # When middleware instrumentation is disabled, if an application is using
-  # middleware that could alter the response code, the HTTP status code reported on
-  # the transaction may not reflect the altered value.
+  # middleware that could alter the response code, the HTTP status code reported
+  # on the transaction may not reflect the altered value.
   # disable_middleware_instrumentation: false
 
-  # If true, disables agent middleware for Roda. This middleware is responsible for
-  # advanced feature support such as page load timing and error collection.
+  # If true, disables agent middleware for Roda. This middleware is responsible
+  # for advanced feature support such as page load timing and error collection.
   # disable_roda_auto_middleware: false
 
-  # If true, disables the collection of sampler metrics. Sampler metrics are metrics
-  # that are not event-based (such as CPU time or memory usage).
+  # If true, disables the collection of sampler metrics. Sampler metrics are
+  # metrics that are not event-based (such as CPU time or memory usage).
   # disable_samplers: false
 
   # If true, disables Sequel instrumentation.
@@ -257,18 +333,18 @@ common: &default_settings
   # If true, disables agent middleware for Sinatra. This middleware is responsible
   # for advanced feature support such as cross application tracing, page load
   # timing, and error collection.
+  # 
   # Cross application tracing is deprecated in favor of distributed tracing.
   # Distributed tracing is on by default for Ruby agent versions 8.0.0 and above.
   # Middlewares are not required to support distributed tracing.
+  # 
   # To continue using cross application tracing, update the following options in
   # your newrelic.yml configuration file:
-  # ``yaml
-  # # newrelic.yml
+  # 
   # cross_application_tracer:
   # enabled: true
   # distributed_tracing:
   # enabled: false
-  # ``
   # disable_sinatra_auto_middleware: false
 
   # If true, disables view instrumentation.
@@ -279,10 +355,24 @@ common: &default_settings
 
   # Distributed tracing lets you see the path that a request takes through your
   # distributed system. Enabling distributed tracing changes the behavior of some
-  # New Relic features, so carefully consult the transition guide before you enable
-  # this feature.
+  # New Relic features, so carefully consult the transition guide before you
+  # enable this feature.
   # distributed_tracing.enabled: true
 
+  # This setting controls the behavior of transaction sampling when a remote
+  # parent is not sampled and the trace flag is not set in the traceparent.
+  # Available values are default, always_on, and always_off.
+  # distributed_tracing.sampler.remote_parent_not_sampled: default
+
+  # This setting controls the behavior of transaction sampling when a remote
+  # parent is sampled and the trace flag is set in the traceparent. Available
+  # values are default, always_on, and always_off.
+  # distributed_tracing.sampler.remote_parent_sampled: default
+
+  # If true, the agent captures the Elasticsearch cluster name in transaction
+  # traces.
+  # elasticsearch.capture_cluster_name: true
+
   # If true, the agent captures Elasticsearch queries in transaction traces.
   # elasticsearch.capture_queries: true
 
@@ -311,8 +401,8 @@ common: &default_settings
   # error_collector.expected_classes: []
 
   # A map of error classes to a list of messages. When an error of one of the
-  # classes specified here occurs, if its error message contains one of the strings
-  # corresponding to it here, that error will be treated as expected.
+  # classes specified here occurs, if its error message contains one of the
+  # strings corresponding to it here, that error will be treated as expected.
   # This option can't be set via environment variable.
   # error_collector.expected_messages: {}
 
@@ -326,18 +416,18 @@ common: &default_settings
   # error_collector.ignore_classes: ["ActionController::RoutingError", "Sinatra::NotFound"]
 
   # A map of error classes to a list of messages. When an error of one of the
-  # classes specified here occurs, if its error message contains one of the strings
-  # corresponding to it here, that error will be ignored.
+  # classes specified here occurs, if its error message contains one of the
+  # strings corresponding to it here, that error will be ignored.
   # This option can't be set via environment variable.
-  # error_collector.ignore_messages: {}
+  # error_collector.ignore_messages: {ThreadError: ["queue empty"]}
 
   # A comma separated list of status codes, possibly including ranges. Errors
   # associated with these status codes, where applicable, will be ignored.
   # error_collector.ignore_status_codes: ""
 
-  # Defines the maximum number of frames in an error backtrace. Backtraces over this
-  # amount are truncated in the middle, preserving the beginning and the end of the
-  # stack trace.
+  # Defines the maximum number of frames in an error backtrace. Backtraces over
+  # this amount are truncated in the middle, preserving the beginning and the end
+  # of the stack trace.
   # error_collector.max_backtrace_frames: 50
 
   # Defines the maximum number of TransactionError events reported per harvest
@@ -348,19 +438,20 @@ common: &default_settings
   # requests.
   # exclude_newrelic_header: false
 
-  # Forces the exit handler that sends all cached data to collector before shutting
-  # down to be installed regardless of detecting scenarios where it generally should
-  # not be. Known use-case for this option is where Sinatra is running as an
-  # embedded service within another framework and the agent is detecting the Sinatra
-  # app and skipping the at_exit handler as a result. Sinatra classically runs the
-  # entire application in an at_exit block and would otherwise misbehave if the
-  # agent's at_exit handler was also installed in those circumstances. Note:
-  # send_data_on_exit should also be set to true in  tandem with this setting.
+  # The exit handler that sends all cached data to the collector before shutting
+  # down is forcibly installed. This is true even when it detects scenarios where
+  # it generally should not be. The known use case for this option is when Sinatra
+  # runs as an embedded service within another framework. The agent detects the
+  # Sinatra app and skips the at_exit handler as a result. Sinatra classically
+  # runs the entire application in an at_exit block and would otherwise misbehave
+  # if the agent's at_exit handler was also installed in those circumstances.
+  # Note: send_data_on_exit should also be set to true in tandem with this
+  # setting.
   # force_install_exit_handler: false
 
-  # Ordinarily the agent reports dyno names with a trailing dot and process ID (for
-  # example, worker.3). You can remove this trailing data by specifying the prefixes
-  # you want to report without trailing data (for example, worker).
+  # Ordinarily the agent reports dyno names with a trailing dot and process ID
+  # (for example, worker.3). You can remove this trailing data by specifying the
+  # prefixes you want to report without trailing data (for example, worker).
   # heroku.dyno_name_prefixes_to_shorten: ["scheduler", "run"]
 
   # If true, the agent uses Heroku dyno names as the hostname.
@@ -374,9 +465,9 @@ common: &default_settings
   # sending each span individually.
   # infinite_tracing.batching: true
 
-  # Configure the compression level for data sent to the trace observer.
-  # May be one of: :none, :low, :medium, :high.
-  # Set the level to :none to disable compression.
+  # Configure the compression level for data sent to the trace observer. May be
+  # one of: :none, :low, :medium, :high. Set the level to :none to disable
+  # compression.
   # infinite_tracing.compression_level: high
 
   # Configures the hostname for the trace observer Host. When configured, enables
@@ -387,8 +478,8 @@ common: &default_settings
   # Configures the TCP/IP port for the trace observer Host
   # infinite_tracing.trace_observer.port: 443
 
-  # Controls auto-instrumentation of ActiveSupport::BroadcastLogger at start up. May
-  # be one of: auto, prepend, chain, disabled. Used in Rails versions >= 7.1.
+  # Controls auto-instrumentation of ActiveSupport::BroadcastLogger at start up.
+  # May be one of: auto, prepend, chain, disabled. Used in Rails versions >= 7.1.
   # instrumentation.active_support_broadcast_logger: auto
 
   # Controls auto-instrumentation of ActiveSupport::Logger at start up. May be one
@@ -399,28 +490,48 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.async_http: auto
 
+  # Controls auto-instrumentation of the aws-sdk-firehose library at start-up. May
+  # be one of auto, prepend, chain, disabled.
+  # instrumentation.aws_sdk_firehose: auto
+
+  # Controls auto-instrumentation of the aws-sdk-kinesis library at start-up. May
+  # be one of auto, prepend, chain, disabled.
+  # instrumentation.aws_sdk_kinesis: auto
+
+  # Controls auto-instrumentation of the aws_sdk_lambda library at start-up. May
+  # be one of auto, prepend, chain, disabled.
+  # instrumentation.aws_sdk_lambda: auto
+
+  # Controls auto-instrumentation of the aws-sdk-sqs library at start-up. May be
+  # one of: auto, prepend, chain, disabled.
+  # instrumentation.aws_sqs: auto
+
   # Controls auto-instrumentation of bunny at start-up. May be one of: auto,
   # prepend, chain, disabled.
   # instrumentation.bunny: auto
 
-  # Controls auto-instrumentation of the concurrent-ruby library at start-up. May be
-  # one of: auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of the concurrent-ruby library at start-up. May
+  # be one of: auto, prepend, chain, disabled.
   # instrumentation.concurrent_ruby: auto
 
-  # Controls auto-instrumentation of Curb at start-up. May be one of: auto, prepend,
-  # chain, disabled.
+  # Controls auto-instrumentation of Curb at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.curb: auto
 
   # Controls auto-instrumentation of Delayed Job at start-up. May be one of: auto,
   # prepend, chain, disabled.
   # instrumentation.delayed_job: auto
 
+  # Controls auto-instrumentation of the aws-sdk-dynamodb library at start-up. May
+  # be one of auto, prepend, chain, disabled.
+  # instrumentation.dynamodb: auto
+
   # Controls auto-instrumentation of the elasticsearch library at start-up. May be
   # one of: auto, prepend, chain, disabled.
   # instrumentation.elasticsearch: auto
 
-  # Controls auto-instrumentation of ethon at start up. May be one of
-  # [auto|prepend|chain|disabled]
+  # Controls auto-instrumentation of ethon at start up. May be one of auto,
+  # prepend, chain, disabled
   # instrumentation.ethon: auto
 
   # Controls auto-instrumentation of Excon at start-up. May be one of: enabled,
@@ -438,18 +549,18 @@ common: &default_settings
   # Specifies a list of hostname patterns separated by commas that will match gRPC
   # hostnames that traffic is to be ignored by New Relic for. New Relic's gRPC
   # client instrumentation will ignore traffic streamed to a host matching any of
-  # these patterns, and New Relic's gRPC server instrumentation will ignore traffic
-  # for a server running on a host whose hostname matches any of these patterns. By
-  # default, no traffic is ignored when gRPC instrumentation is itself enabled. For
-  # example, "private.com$,exception.*"
+  # these patterns, and New Relic's gRPC server instrumentation will ignore
+  # traffic for a server running on a host whose hostname matches any of these
+  # patterns. By default, no traffic is ignored when gRPC instrumentation is
+  # itself enabled. For example, "private.com$,exception.*"
   # instrumentation.grpc.host_denylist: []
 
-  # Controls auto-instrumentation of gRPC clients at start-up. May be one of: auto,
-  # prepend, chain, disabled.
+  # Controls auto-instrumentation of gRPC clients at start-up. May be one of:
+  # auto, prepend, chain, disabled.
   # instrumentation.grpc_client: auto
 
-  # Controls auto-instrumentation of gRPC servers at start-up. May be one of: auto,
-  # prepend, chain, disabled.
+  # Controls auto-instrumentation of gRPC servers at start-up. May be one of:
+  # auto, prepend, chain, disabled.
   # instrumentation.grpc_server: auto
 
   # Controls auto-instrumentation of HTTPClient at start-up. May be one of: auto,
@@ -460,24 +571,28 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.httprb: auto
 
-  # Controls auto-instrumentation of httpx at start up. May be one of
-  # [auto|prepend|chain|disabled]
+  # Controls auto-instrumentation of httpx at start up. May be one of auto,
+  # prepend, chain, disabled
   # instrumentation.httpx: auto
 
   # Controls auto-instrumentation of Ruby standard library Logger at start-up. May
   # be one of: auto, prepend, chain, disabled.
   # instrumentation.logger: auto
 
-  # Controls auto-instrumentation of dalli gem for Memcache at start-up. May be one
-  # of: auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of the LogStasher library at start-up. May be
+  # one of: auto, prepend, chain, disabled.
+  # instrumentation.logstasher: auto
+
+  # Controls auto-instrumentation of dalli gem for Memcache at start-up. May be
+  # one of: auto, prepend, chain, disabled.
   # instrumentation.memcache: auto
 
   # Controls auto-instrumentation of memcache-client gem for Memcache at start-up.
   # May be one of: auto, prepend, chain, disabled.
   # instrumentation.memcache_client: auto
 
-  # Controls auto-instrumentation of memcached gem for Memcache at start-up. May be
-  # one of: auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of memcached gem for Memcache at start-up. May
+  # be one of: auto, prepend, chain, disabled.
   # instrumentation.memcached: auto
 
   # Controls auto-instrumentation of Mongo at start-up. May be one of: enabled,
@@ -488,13 +603,17 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.net_http: auto
 
-  # Controls auto-instrumentation of Puma::Rack. When enabled, the agent hooks into
-  # the to_app method in Puma::Rack::Builder to find gems to instrument during
-  # application startup. May be one of: auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of the opensearch-ruby library at start-up. May
+  # be one of auto, prepend, chain, disabled.
+  # instrumentation.opensearch: auto
+
+  # Controls auto-instrumentation of Puma::Rack. When enabled, the agent hooks
+  # into the to_app method in Puma::Rack::Builder to find gems to instrument
+  # during application startup. May be one of: auto, prepend, chain, disabled.
   # instrumentation.puma_rack: auto
 
-  # Controls auto-instrumentation of Puma::Rack::URLMap at start-up. May be one of:
-  # auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of Puma::Rack::URLMap at start-up. May be one
+  # of: auto, prepend, chain, disabled.
   # instrumentation.puma_rack_urlmap: auto
 
   # Controls auto-instrumentation of Rack. When enabled, the agent hooks into the
@@ -502,14 +621,18 @@ common: &default_settings
   # startup. May be one of: auto, prepend, chain, disabled.
   # instrumentation.rack: auto
 
-  # Controls auto-instrumentation of Rack::URLMap at start-up. May be one of: auto,
-  # prepend, chain, disabled.
+  # Controls auto-instrumentation of Rack::URLMap at start-up. May be one of:
+  # auto, prepend, chain, disabled.
   # instrumentation.rack_urlmap: auto
 
-  # Controls auto-instrumentation of rake at start-up. May be one of: auto, prepend,
-  # chain, disabled.
+  # Controls auto-instrumentation of rake at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.rake: auto
 
+  # Controls auto-instrumentation of the rdkafka library at start-up. May be one
+  # of auto, prepend, chain, disabled.
+  # instrumentation.rdkafka: auto
+
   # Controls auto-instrumentation of Redis at start-up. May be one of: auto,
   # prepend, chain, disabled.
   # instrumentation.redis: auto
@@ -518,12 +641,17 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.resque: auto
 
-  # Controls auto-instrumentation of Roda at start-up. May be one of: auto, prepend,
-  # chain, disabled.
+  # Controls auto-instrumentation of Roda at start-up. May be one of: auto,
+  # prepend, chain, disabled.
   # instrumentation.roda: auto
 
-  # Controls auto-instrumentation of the ruby-openai gem at start-up. May be one of:
-  # auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of the ruby-kafka library at start-up. May be
+  # one of auto, prepend, chain, disabled.
+  # instrumentation.ruby_kafka: auto
+
+  # Controls auto-instrumentation of the ruby-openai gem at start-up. May be one
+  # of: auto, prepend, chain, disabled. Defaults to disabled in high security
+  # mode.
   # instrumentation.ruby_openai: auto
 
   # Controls auto-instrumentation of Sinatra at start-up. May be one of: auto,
@@ -534,10 +662,11 @@ common: &default_settings
   # disabled.
   # instrumentation.stripe: enabled
 
-  # Controls auto-instrumentation of the Thread class at start-up to allow the agent
-  # to correctly nest spans inside of an asynchronous transaction. This does not
-  # enable the agent to automatically trace all threads created (see
-  # instrumentation.thread.tracing). May be one of: auto, prepend, chain, disabled.
+  # Controls auto-instrumentation of the Thread class at start-up to allow the
+  # agent to correctly nest spans inside of an asynchronous transaction. This does
+  # not enable the agent to automatically trace all threads created (see
+  # instrumentation.thread.tracing). May be one of: auto, prepend, chain,
+  # disabled.
   # instrumentation.thread: auto
 
   # Controls auto-instrumentation of the Thread class at start-up to automatically
@@ -552,8 +681,8 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.typhoeus: auto
 
-  # Controls auto-instrumentation of ViewComponent at startup. May be one of: auto,
-  # prepend, chain, disabled.
+  # Controls auto-instrumentation of ViewComponent at startup. May be one of:
+  # auto, prepend, chain, disabled.
   # instrumentation.view_component: auto
 
   # A dictionary of label names and values that will be applied to the data sent
@@ -584,6 +713,12 @@ common: &default_settings
   # When true, the agent transmits data about your app to the New Relic collector.
   # monitor_mode: true
 
+  # If true, the agent captures OpenSearch queries in transaction traces.
+  # opensearch.capture_queries: true
+
+  # If true, the agent obfuscates OpenSearch queries in transaction traces.
+  # opensearch.obfuscate_queries: true
+
   # If true, uses Module#prepend rather than alias_method for ActiveRecord
   # instrumentation.
   # prepend_active_record_instrumentation: false
@@ -612,8 +747,8 @@ common: &default_settings
 
   # Specify an Array of Rake tasks to automatically instrument. This configuration
   # option converts the Array to a RegEx list. If you'd like to allow all tasks by
-  # default, use rake.tasks: [.+]. No rake tasks will be instrumented unless they're
-  # added to this list. For more information, visit the New Relic Rake
+  # default, use rake.tasks: [.+]. No rake tasks will be instrumented unless
+  # they're added to this list. For more information, visit the New Relic Rake
   # Instrumentation docs.
   # rake.tasks: []
 
@@ -630,29 +765,29 @@ common: &default_settings
   # send_data_on_exit: true
 
   # If true, the agent will operate in a streamlined mode suitable for use with
-  # short-lived serverless functions. NOTE: Only AWS Lambda functions are supported
-  # currently and this option is not intended for use without New Relic's Ruby
-  # Lambda layer offering.
+  # short-lived serverless functions. NOTE: Only AWS Lambda functions are
+  # supported currently and this option isn't intended for use without New Relic's
+  # Ruby Lambda layer offering.
   # serverless_mode.enabled: false
 
   # An array of strings that will collectively serve as a denylist for filtering
   # which Sidekiq job arguments get reported to New Relic. To capture any Sidekiq
   # arguments, 'job.sidekiq.args.*' must be added to the separate
   # :'attributes.include' configuration option. Each string in this array will be
-  # turned into a regular expression via Regexp.new to permit advanced matching. For
-  # job argument hashes, if either a key or value matches the pair will be excluded.
-  # All matching job argument array elements and job argument scalars will be
-  # excluded.
+  # turned into a regular expression via Regexp.new to permit advanced matching.
+  # For job argument hashes, if either a key or value matches the pair will be
+  # excluded. All matching job argument array elements and job argument scalars
+  # will be excluded.
   # sidekiq.args.exclude: []
 
   # An array of strings that will collectively serve as an allowlist for filtering
   # which Sidekiq job arguments get reported to New Relic. To capture any Sidekiq
   # arguments, 'job.sidekiq.args.*' must be added to the separate
   # :'attributes.include' configuration option. Each string in this array will be
-  # turned into a regular expression via Regexp.new to permit advanced matching. For
-  # job argument hashes, if either a key or value matches the pair will be included.
-  # All matching job argument array elements and job argument scalars will be
-  # included.
+  # turned into a regular expression via Regexp.new to permit advanced matching.
+  # For job argument hashes, if either a key or value matches the pair will be
+  # included. All matching job argument array elements and job argument scalars
+  # will be included.
   # sidekiq.args.include: []
 
   # If true, the agent collects slow SQL queries.
@@ -663,16 +798,16 @@ common: &default_settings
   # the default setting for explain plans in slow SQL as well.
   # slow_sql.explain_enabled: true
 
-  # Specify a threshold in seconds. The agent collects slow SQL queries and explain
-  # plans that exceed this threshold.
+  # Specify a threshold in seconds. The agent collects slow SQL queries and
+  # explain plans that exceed this threshold.
   # slow_sql.explain_threshold: 0.5
 
-  # Defines an obfuscation level for slow SQL queries. Valid options are obfuscated,
-  # raw, or none.
+  # Defines an obfuscation level for slow SQL queries. Valid options are
+  # obfuscated, raw, or none.
   # slow_sql.record_sql: obfuscated
 
-  # Generate a longer sql_id for slow SQL traces. sql_id is used for aggregation of
-  # similar queries.
+  # Generate a longer sql_id for slow SQL traces. sql_id is used for aggregation
+  # of similar queries.
   # slow_sql.use_longer_sql_id: false
 
   # If true, the agent captures attributes on span events.
@@ -687,8 +822,10 @@ common: &default_settings
   # If true, enables span event sampling.
   # span_events.enabled: true
 
-  # Defines the maximum number of span events reported from a single harvest. Any
-  # Integer between 1 and 10000 is valid.
+  # - Defines the maximum number of span events reported from a single harvest.
+  # Any Integer between 1 and 10000 is valid.'
+  #   - When configuring the agent for AI monitoring, set to max value 10000.This
+  # ensures the agent captures the maximum amount of distributed traces.
   # span_events.max_samples_stored: 2000
 
   # Sets the maximum number of span events to buffer when streaming to the trace
@@ -696,30 +833,31 @@ common: &default_settings
   # span_events.queue_size: 10000
 
   # Specify a list of exceptions you do not want the agent to strip when
-  # strip_exception_messages is true. Separate exceptions with a comma. For example,
-  # "ImportantException,PreserveMessageException".
+  # strip_exception_messages is true. Separate exceptions with a comma. For
+  # example, "ImportantException,PreserveMessageException".
   # strip_exception_messages.allowed_classes: ""
 
   # If true, the agent strips messages from all exceptions except those in the
-  # allowlist. Enabled automatically in high security mode.
+  # allowed classes list. Enabled automatically in high security mode.
   # strip_exception_messages.enabled: false
 
-  # An array of strings to specify which keys and/or values inside a Stripe event's
-  # user_data hash should
+  # An array of strings to specify which keys and/or values inside a Stripe
+  # event's user_data hash should
   # not be reported to New Relic. Each string in this array will be turned into a
   # regular expression via
-  # Regexp.new to permit advanced matching. For each hash pair, if either the key or
-  # value is matched the
-  # pair will not be reported. By default, no user_data is reported, so this option
-  # should only be used if
-  # the stripe.user_data.include option is being used.
+  # Regexp.new to permit advanced matching. For each hash pair, if either the key
+  # or value is matched the pair
+  # isn't reported. By default, no user_data is reported. Use this option only if
+  # the
+  # stripe.user_data.include option is also used.
   # stripe.user_data.exclude: []
 
-  # An array of strings to specify which keys inside a Stripe event's user_data hash
-  # should be reported
-  # to New Relic. Each string in this array will be turned into a regular expression
-  # via Regexp.new to
-  # permit advanced matching. Setting the value to ["."] will report all user_data.
+  # An array of strings to specify which keys inside a Stripe event's user_data
+  # hash should be reported
+  # to New Relic. Each string in this array will be turned into a regular
+  # expression via Regexp.new to
+  # enable advanced matching. Setting the value to ["."] will report all
+  # user_data.
   # stripe.user_data.include: []
 
   # When set to true, forces a synchronous connection to the New Relic collector
@@ -740,8 +878,8 @@ common: &default_settings
   # If true, the agent captures attributes from transaction events.
   # transaction_events.attributes.enabled: true
 
-  # Prefix of attributes to exclude from transaction events. Allows * as wildcard at
-  # end.
+  # Prefix of attributes to exclude from transaction events. Allows * as wildcard
+  # at end.
   # transaction_events.attributes.exclude: []
 
   # Prefix of attributes to include in transaction events. Allows * as wildcard at
@@ -751,25 +889,26 @@ common: &default_settings
   # If true, enables transaction event sampling.
   # transaction_events.enabled: true
 
-  # Defines the maximum number of transaction events reported from a single harvest.
+  # Defines the maximum number of transaction events reported from a single
+  # harvest.
   # transaction_events.max_samples_stored: 1200
 
   # If true, the agent captures attributes on transaction segments.
   # transaction_segments.attributes.enabled: true
 
-  # Prefix of attributes to exclude from transaction segments. Allows * as wildcard
-  # at end.
+  # Prefix of attributes to exclude from transaction segments. Allows * as
+  # wildcard at end.
   # transaction_segments.attributes.exclude: []
 
-  # Prefix of attributes to include on transaction segments. Allows * as wildcard at
-  # end.
+  # Prefix of attributes to include on transaction segments. Allows * as wildcard
+  # at end.
   # transaction_segments.attributes.include: []
 
   # If true, the agent captures attributes from transaction traces.
   # transaction_tracer.attributes.enabled: true
 
-  # Prefix of attributes to exclude from transaction traces. Allows * as wildcard at
-  # end.
+  # Prefix of attributes to exclude from transaction traces. Allows * as wildcard
+  # at end.
   # transaction_tracer.attributes.exclude: []
 
   # Prefix of attributes to include in transaction traces. Allows * as wildcard at
@@ -781,7 +920,7 @@ common: &default_settings
 
   # If true, enables the collection of explain plans in transaction traces. This
   # setting will also apply to explain plans in slow SQL traces if
-  # slow_sql.explain_enabled is not set separately.
+  # slow_sql.explain_enabled isn't set separately.
   # transaction_tracer.explain_enabled: true
 
   # Threshold (in seconds) above which the agent will collect explain plans.
@@ -835,6 +974,130 @@ common: &default_settings
   # Foundry environment.
   # utilization.detect_pcf: true
 
+  # BEGIN security agent
+  #
+  #   NOTE: At this time, the security agent is intended for use only within
+  #         a dedicated security testing environment with data that can tolerate
+  #         modification or deletion. The security agent is available as a
+  #         separate Ruby gem, newrelic_security. It is recommended that this
+  #         separate gem only be introduced to a security testing environment
+  #         by leveraging Bundler grouping like so:
+  #
+  #         # Gemfile
+  #         gem 'newrelic_rpm'               # New Relic APM observability agent
+  #         gem 'newrelic-infinite_tracing'  # New Relic Infinite Tracing
+  #
+  #         group :security do
+  #           gem 'newrelic_security', require: false # New Relic security agent
+  #         end
+  #
+  #   NOTE: All "security.*" configuration parameters are related only to the
+  #         security agent, and all other configuration parameters that may
+  #         have "security" in the name somewhere are related to the APM agent.
+  
+  # If true, the security agent is loaded (a Ruby 'require' is performed)
+  # security.agent.enabled: false
+
+  # The port the application is listening on. This setting is mandatory for
+  # Passenger servers. The agent detects other servers by default.
+  # security.application_info.port: nil
+
+  # If true, the security agent is started (the agent runs in its event loop)
+  # security.enabled: false
+
+  # Defines API paths the security agent should ignore in IAST scans. Accepts an
+  # array of regex patterns matching the URI to ignore. The regex pattern should
+  # find a complete match for the URL without the endpoint. For example,
+  # [".*account.*"], [".*/\api\/v1\/.*?\/login"]
+  # security.exclude_from_iast_scan.api: []
+
+  # An array of HTTP request body keys the security agent should ignore in IAST
+  # scans.
+  # security.exclude_from_iast_scan.http_request_parameters.body: []
+
+  # An array of HTTP request headers the security agent should ignore in IAST
+  # scans. The array should specify a list of patterns matching the headers to
+  # ignore.
+  # security.exclude_from_iast_scan.http_request_parameters.header: []
+
+  # An array of HTTP request query parameters the security agent should ignore in
+  # IAST scans. The array should specify a list of patterns matching the HTTP
+  # request query parameters to ignore.
+  # security.exclude_from_iast_scan.http_request_parameters.query: []
+
+  # If true, disables system command injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.command_injection: false
+
+  # If true, disables the detection of low-severity insecure settings. For
+  # example, hash, crypto, cookie, random generators, trust boundary).
+  # security.exclude_from_iast_scan.iast_detection_category.insecure_settings: false
+
+  # If true, disables file operation-related IAST detections (File Access &
+  # Application integrity violation)
+  # security.exclude_from_iast_scan.iast_detection_category.invalid_file_access: false
+
+  # If true, disables Javascript injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.javascript_injection: false
+
+  # If true, disables LDAP injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.ldap_injection: false
+
+  # If true, disables NOSQL injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.nosql_injection: false
+
+  # If true, disables Reflected Cross-Site Scripting (RXSS) detection in IAST
+  # scans.
+  # security.exclude_from_iast_scan.iast_detection_category.rxss: false
+
+  # If true, disables SQL injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.sql_injection: false
+
+  # If true, disables Sever-Side Request Forgery (SSRF) detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.ssrf: false
+
+  # If true, disables XPATH injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.xpath_injection: false
+
+  # A unique test identifier when runnning IAST in a CI/CD environment to
+  # differentiate between different test runs. For example, a build number.
+  # security.iast_test_identifier: nil
+
+  # Defines the mode for the security agent to operate in. Currently only IAST is
+  # supported
+  # security.mode: IAST
+
+  # Sets the maximum number of HTTP requests allowed for the IAST scan per minute.
+  # Any Integer between 12 and 3600 is valid. The default value is 3600.
+  # security.scan_controllers.iast_scan_request_rate_limit: 3600
+
+  # If true, enables the sending of HTTP responses bodies. Disabling this also
+  # disables Reflected Cross-Site Scripting (RXSS) vulnerability detection.
+  # security.scan_controllers.report_http_response_body: true
+
+  # The number of application instances for a specific entity to perform IAST
+  # analysis on.
+  # security.scan_controllers.scan_instance_count: 0
+
+  # If true, allows IAST to continuously gather trace data in the background. The
+  # security agent uses collected data to perform an IAST scan at the scheduled
+  # time.
+  # security.scan_schedule.always_sample_traces: false
+
+  # Specifies the delay time (in minutes) before the IAST scan begins after the
+  # application starts.
+  # security.scan_schedule.delay: 0
+
+  # Indicates the duration (in minutes) for which the IAST scan will be performed.
+  # security.scan_schedule.duration: 0
+
+  # Specifies a cron expression that sets when the IAST scan should run.
+  # security.scan_schedule.schedule: ""
+
+  # Defines the endpoint URL for posting security-related data
+  # security.validator_service_url: wss://csec.nr-data.net
+
+  # END security agent
+
 # Environment-specific settings are in this section.
 # RAILS_ENV or RACK_ENV (as appropriate) is used to determine the environment.
 # If your application has other named environments, configure them here.