dd-trace 2.14.0 → 2.15.0

package/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js

@@ -0,0 +1,113 @@
+const { MANUAL_KEEP } = require('../../../../../ext/tags')
+const VULNERABILITIES_KEY = 'vulnerabilities'
+const IAST_JSON_TAG_KEY = '_dd.iast.json'
+
+function createVulnerability (type, evidence, spanId, location) {
+  if (type && evidence && spanId) {
+    return {
+      type,
+      evidence,
+      location: {
+        spanId,
+        ...location
+      },
+      hash: createHash(type, location)
+    }
+  }
+  return null
+}
+
+function createHash (type, location) {
+  let hashSource
+  if (location) {
+    hashSource = `${type}:${location.path}:${location.line}`
+  } else {
+    hashSource = type
+  }
+  let hash = 0
+  let offset = 0
+  const size = hashSource.length
+  for (let i = 0; i < size; i++) {
+    hash = ((hash << 5) - hash) + hashSource.charCodeAt(offset++)
+  }
+  return hash
+}
+
+function addVulnerability (iastContext, vulnerability) {
+  if (iastContext && vulnerability && vulnerability.evidence && vulnerability.type &&
+    vulnerability.location && vulnerability.location.spanId) {
+    iastContext[VULNERABILITIES_KEY] = iastContext[VULNERABILITIES_KEY] || []
+    iastContext[VULNERABILITIES_KEY].push(vulnerability)
+  }
+}
+
+function isValidVulnerability (vulnerability) {
+  return vulnerability && vulnerability.type &&
+    vulnerability.evidence && vulnerability.evidence.value &&
+    vulnerability.location && vulnerability.location.spanId
+}
+
+function jsonVulnerabilityFromVulnerability (vulnerability) {
+  const jsonVulnerability = {
+    type: vulnerability.type,
+    hash: vulnerability.hash,
+    evidence: {
+      value: vulnerability.evidence.value
+    },
+    location: {
+      spanId: vulnerability.location.spanId
+    }
+  }
+  if (vulnerability.location.path) {
+    jsonVulnerability.location.path = vulnerability.location.path
+  }
+  if (vulnerability.location.line) {
+    jsonVulnerability.location.line = vulnerability.location.line
+  }
+  return jsonVulnerability
+}
+
+function sendVulnerabilities (iastContext) {
+  if (iastContext && iastContext.rootSpan && iastContext[VULNERABILITIES_KEY] &&
+    iastContext[VULNERABILITIES_KEY].length && iastContext.rootSpan.addTags) {
+    const span = iastContext.rootSpan
+    const allVulnerabilities = iastContext[VULNERABILITIES_KEY]
+    // TODO support sources and ranges
+    const jsonToSend = {
+      vulnerabilities: []
+    }
+
+    deduplicateVulnerabilities(allVulnerabilities).forEach((vulnerability) => {
+      if (isValidVulnerability(vulnerability)) {
+        jsonToSend.vulnerabilities.push(jsonVulnerabilityFromVulnerability(vulnerability))
+      }
+    })
+
+    if (jsonToSend.vulnerabilities.length > 0) {
+      const tags = {}
+      // TODO: Store this outside of the span and set the tag in the exporter.
+      tags[IAST_JSON_TAG_KEY] = JSON.stringify(jsonToSend)
+      tags[MANUAL_KEEP] = 'true'
+      span.addTags(tags)
+    }
+  }
+  return IAST_JSON_TAG_KEY
+}
+
+function deduplicateVulnerabilities (vulnerabilities) {
+  const uniqueVulnerabilities = new Set()
+  return vulnerabilities.filter((vulnerability) => {
+    const key = `${vulnerability.type}${vulnerability.hash}`
+    if (!uniqueVulnerabilities.has(key)) {
+      uniqueVulnerabilities.add(key)
+      return true
+    }
+    return false
+  })
+}
+
+module.exports = {
+  createVulnerability,
+  addVulnerability,
+  sendVulnerabilities
+}

package/packages/dd-trace/src/config.js

@@ -13,6 +13,14 @@ const uuid = require('crypto-randomuuid')
 const fromEntries = Object.fromEntries || (entries =>
   entries.reduce((obj, [k, v]) => Object.assign(obj, { [k]: v }), {}))
 
+function safeJsonParse (input) {
+  try {
+    return JSON.parse(input)
+  } catch (err) {
+    return undefined
+  }
+}
+
 class Config {
   constructor (options) {
     options = options || {}
@@ -115,6 +123,14 @@ class Config {
       parseInt(process.env.DD_TRACE_PARTIAL_FLUSH_MIN_SPANS),
       1000
     )
+    const DD_TRACE_CLIENT_IP_HEADER_DISABLED = coalesce(
+      process.env.DD_TRACE_CLIENT_IP_HEADER_DISABLED,
+      false
+    )
+    const DD_TRACE_CLIENT_IP_HEADER = coalesce(
+      process.env.DD_TRACE_CLIENT_IP_HEADER,
+      null
+    )
     const DD_TRACE_B3_ENABLED = coalesce(
       options.experimental && options.experimental.b3,
       process.env.DD_TRACE_EXPERIMENTAL_B3_ENABLED,
@@ -140,6 +156,17 @@ class Config {
       false
     )
 
+    const DD_TRACE_X_DATADOG_TAGS_MAX_LENGTH = coalesce(
+      process.env.DD_TRACE_X_DATADOG_TAGS_MAX_LENGTH,
+      '512'
+    )
+
+    const DD_TRACE_STATS_COMPUTATION_ENABLED = coalesce(
+      options.stats,
+      process.env.DD_TRACE_STATS_COMPUTATION_ENABLED,
+      false
+    )
+
     let appsec = options.appsec || (options.experimental && options.experimental.appsec)
 
     const DD_APPSEC_ENABLED = coalesce(
@@ -180,24 +207,51 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
 |[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY|ssh-rsa\\s*[a-z0-9\\/\\.+]{100,}`
     )
 
+    const iastOptions = options.experimental && options.experimental.iast
+    const DD_IAST_ENABLED = coalesce(
+      iastOptions &&
+      (iastOptions === true || iastOptions.enabled === true),
+      process.env.DD_IAST_ENABLED,
+      false
+    )
+
+    const defaultIastRequestSampling = 30
+    const iastRequestSampling = coalesce(
+      parseInt(iastOptions && iastOptions.requestSampling),
+      parseInt(process.env.DD_IAST_REQUEST_SAMPLING),
+      defaultIastRequestSampling
+    )
+    const DD_IAST_REQUEST_SAMPLING = iastRequestSampling < 0 ||
+      iastRequestSampling > 100 ? defaultIastRequestSampling : iastRequestSampling
+
+    const DD_IAST_MAX_CONCURRENT_REQUESTS = coalesce(
+      parseInt(iastOptions && iastOptions.maxConcurrentRequests),
+      parseInt(process.env.DD_IAST_MAX_CONCURRENT_REQUESTS),
+      2
+    )
+
+    const DD_IAST_MAX_CONTEXT_OPERATIONS = coalesce(
+      parseInt(iastOptions && iastOptions.maxContextOperations),
+      parseInt(process.env.DD_IAST_MAX_CONTEXT_OPERATIONS),
+      2
+    )
+
     const DD_CIVISIBILITY_GIT_UPLOAD_ENABLED = coalesce(
       process.env.DD_CIVISIBILITY_GIT_UPLOAD_ENABLED,
       false
     )
 
-    const sampler = (options.experimental && options.experimental.sampler) || {}
     const ingestion = options.ingestion || {}
     const dogstatsd = coalesce(options.dogstatsd, {})
-
-    Object.assign(sampler, {
+    const sampler = {
       sampleRate: coalesce(
         options.sampleRate,
-        ingestion.sampleRate,
-        sampler.sampleRate,
-        process.env.DD_TRACE_SAMPLE_RATE
+        process.env.DD_TRACE_SAMPLE_RATE,
+        ingestion.sampleRate
       ),
-      rateLimit: coalesce(ingestion.rateLimit, sampler.rateLimit, process.env.DD_TRACE_RATE_LIMIT)
-    })
+      rateLimit: coalesce(options.rateLimit, process.env.DD_TRACE_RATE_LIMIT, ingestion.rateLimit),
+      rules: coalesce(options.samplingRules, safeJsonParse(process.env.DD_TRACE_SAMPLING_RULES), [])
+    }
 
     const inAWSLambda = process.env.AWS_LAMBDA_FUNCTION_NAME !== undefined
     const defaultFlushInterval = inAWSLambda ? 0 : 2000
@@ -214,6 +268,8 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
     this.flushInterval = coalesce(parseInt(options.flushInterval, 10), defaultFlushInterval)
     this.flushMinSpans = DD_TRACE_PARTIAL_FLUSH_MIN_SPANS
     this.sampleRate = coalesce(Math.min(Math.max(sampler.sampleRate, 0), 1), 1)
+    this.clientIpHeaderDisabled = isTrue(DD_TRACE_CLIENT_IP_HEADER_DISABLED)
+    this.clientIpHeader = DD_TRACE_CLIENT_IP_HEADER
     this.logger = options.logger
     this.plugins = !!coalesce(options.plugins, true)
     this.service = DD_SERVICE
@@ -231,9 +287,9 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
       traceparent: isTrue(DD_TRACE_TRACEPARENT_ENABLED),
       runtimeId: isTrue(DD_TRACE_RUNTIME_ID_ENABLED),
       exporter: DD_TRACE_EXPORTER,
-      enableGetRumData: isTrue(DD_TRACE_GET_RUM_DATA_ENABLED),
-      sampler
+      enableGetRumData: isTrue(DD_TRACE_GET_RUM_DATA_ENABLED)
     }
+    this.sampler = sampler
     this.reportHostname = isTrue(coalesce(options.reportHostname, process.env.DD_TRACE_REPORT_HOSTNAME, false))
     this.scope = process.env.DD_TRACE_SCOPE
     this.logLevel = coalesce(
@@ -251,6 +307,7 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
     // Disabled for CI Visibility's agentless
     this.telemetryEnabled = DD_TRACE_EXPORTER !== 'datadog' && isTrue(DD_TRACE_TELEMETRY_ENABLED)
     this.protocolVersion = DD_TRACE_AGENT_PROTOCOL_VERSION
+    this.tagsHeaderMaxLength = parseInt(DD_TRACE_X_DATADOG_TAGS_MAX_LENGTH)
     this.appsec = {
       enabled: isTrue(DD_APPSEC_ENABLED),
       rules: DD_APPSEC_RULES,
@@ -259,8 +316,17 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
       obfuscatorKeyRegex: DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP,
       obfuscatorValueRegex: DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP
     }
+    this.iast = {
+      enabled: isTrue(DD_IAST_ENABLED),
+      requestSampling: DD_IAST_REQUEST_SAMPLING,
+      maxConcurrentRequests: DD_IAST_MAX_CONCURRENT_REQUESTS,
+      maxContextOperations: DD_IAST_MAX_CONTEXT_OPERATIONS
+    }
     this.isGitUploadEnabled = isTrue(DD_CIVISIBILITY_GIT_UPLOAD_ENABLED)
     this.isIntelligentTestRunnerEnabled = isTrue(DD_CIVISIBILITY_ITR_ENABLED)
+    this.stats = {
+      enabled: isTrue(DD_TRACE_STATS_COMPUTATION_ENABLED)
+    }
 
     tagger.add(this.tags, {
       service: this.service,

package/packages/dd-trace/src/constants.js

@@ -5,8 +5,16 @@ module.exports = {
   ANALYTICS_KEY: '_dd1.sr.eausr',
   ORIGIN_KEY: '_dd.origin',
   HOSTNAME_KEY: '_dd.hostname',
+  TOP_LEVEL_KEY: '_dd.top_level',
   SAMPLING_RULE_DECISION: '_dd.rule_psr',
   SAMPLING_LIMIT_DECISION: '_dd.limit_psr',
   SAMPLING_AGENT_DECISION: '_dd.agent_psr',
-  DATADOG_LAMBDA_EXTENSION_PATH: '/opt/extensions/datadog-agent'
+  SAMPLING_MECHANISM_DEFAULT: 0,
+  SAMPLING_MECHANISM_AGENT: 1,
+  SAMPLING_MECHANISM_RULE: 3,
+  SAMPLING_MECHANISM_MANUAL: 4,
+  SAMPLING_MECHANISM_APPSEC: 5,
+  SAMPLING_MECHANISM_SPAN: 8,
+  DATADOG_LAMBDA_EXTENSION_PATH: '/opt/extensions/datadog-agent',
+  DECISION_MAKER_KEY: '_dd.p.dm'
 }

package/packages/dd-trace/src/encode/span-stats.js

@@ -0,0 +1,155 @@
+'use strict'
+
+const { AgentEncoder } = require('./0.4')
+
+const {
+  MAX_NAME_LENGTH,
+  MAX_SERVICE_LENGTH,
+  MAX_RESOURCE_NAME_LENGTH,
+  MAX_TYPE_LENGTH,
+  DEFAULT_SPAN_NAME,
+  DEFAULT_SERVICE_NAME
+} = require('./tags-processors')
+
+function truncate (value, maxLength, suffix = '') {
+  if (!value) {
+    return value
+  }
+  if (value.length > maxLength) {
+    return `${value.slice(0, maxLength)}${suffix}`
+  }
+  return value
+}
+
+class SpanStatsEncoder extends AgentEncoder {
+  _encodeBool (bytes, value) {
+    this._encodeByte(bytes, value ? 0xc3 : 0xc2)
+  }
+
+  makePayload () {
+    const traceSize = this._traceBytes.length
+    const buffer = Buffer.allocUnsafe(traceSize)
+    this._traceBytes.copy(buffer, 0, traceSize)
+    this._reset()
+    return buffer
+  }
+
+  _encodeMapPrefix (bytes, length) {
+    const offset = bytes.length
+
+    bytes.reserve(1)
+    bytes.length += 1
+
+    bytes.buffer[offset] = 0x80 + length
+  }
+
+  _encodeBuffer (bytes, buffer) {
+    const length = buffer.length
+    const offset = bytes.length
+
+    bytes.reserve(5)
+    bytes.length += 5
+
+    bytes.buffer[offset] = 0xc6
+    bytes.buffer[offset + 1] = length >> 24
+    bytes.buffer[offset + 2] = length >> 16
+    bytes.buffer[offset + 3] = length >> 8
+    bytes.buffer[offset + 4] = length
+
+    buffer.copy(bytes.buffer, offset + 5)
+    bytes.length += length
+  }
+
+  _encodeStat (bytes, stat) {
+    this._encodeMapPrefix(bytes, 12)
+
+    this._encodeString(bytes, 'Service')
+    const service = stat.Service || DEFAULT_SERVICE_NAME
+    this._encodeString(bytes, truncate(service, MAX_SERVICE_LENGTH))
+
+    this._encodeString(bytes, 'Name')
+    const name = stat.Name || DEFAULT_SPAN_NAME
+    this._encodeString(bytes, truncate(name, MAX_NAME_LENGTH))
+
+    this._encodeString(bytes, 'Resource')
+    this._encodeString(bytes, truncate(stat.Resource, MAX_RESOURCE_NAME_LENGTH, '...'))
+
+    this._encodeString(bytes, 'HTTPStatusCode')
+    this._encodeInteger(bytes, stat.HTTPStatusCode)
+
+    this._encodeString(bytes, 'Type')
+    this._encodeString(bytes, truncate(stat.Type, MAX_TYPE_LENGTH))
+
+    this._encodeString(bytes, 'Hits')
+    this._encodeLong(bytes, stat.Hits)
+
+    this._encodeString(bytes, 'Errors')
+    this._encodeLong(bytes, stat.Errors)
+
+    this._encodeString(bytes, 'Duration')
+    this._encodeLong(bytes, stat.Duration)
+
+    this._encodeString(bytes, 'OkSummary')
+    this._encodeBuffer(bytes, stat.OkSummary)
+
+    this._encodeString(bytes, 'ErrorSummary')
+    this._encodeBuffer(bytes, stat.ErrorSummary)
+
+    this._encodeString(bytes, 'Synthetics')
+    this._encodeBool(bytes, stat.Synthetics)
+
+    this._encodeString(bytes, 'TopLevelHits')
+    this._encodeLong(bytes, stat.TopLevelHits)
+  }
+
+  _encodeBucket (bytes, bucket) {
+    this._encodeMapPrefix(bytes, 3)
+
+    this._encodeString(bytes, 'Start')
+    this._encodeLong(bytes, bucket.Start)
+
+    this._encodeString(bytes, 'Duration')
+    this._encodeLong(bytes, bucket.Duration)
+
+    this._encodeString(bytes, 'Stats')
+    this._encodeArrayPrefix(bytes, bucket.Stats)
+    for (const stat of bucket.Stats) {
+      this._encodeStat(bytes, stat)
+    }
+  }
+
+  _encode (bytes, stats) {
+    this._encodeMapPrefix(bytes, 8)
+
+    this._encodeString(bytes, 'Hostname')
+    this._encodeString(bytes, stats.Hostname)
+
+    this._encodeString(bytes, 'Env')
+    this._encodeString(bytes, stats.Env)
+
+    this._encodeString(bytes, 'Version')
+    this._encodeString(bytes, stats.Version)
+
+    this._encodeString(bytes, 'Stats')
+    this._encodeArrayPrefix(bytes, stats.Stats)
+    for (const bucket of stats.Stats) {
+      this._encodeBucket(bytes, bucket)
+    }
+
+    this._encodeString(bytes, 'Lang')
+    this._encodeString(bytes, stats.Lang)
+
+    this._encodeString(bytes, 'TracerVersion')
+    this._encodeString(bytes, stats.TracerVersion)
+
+    this._encodeString(bytes, 'RuntimeID')
+    this._encodeString(bytes, stats.RuntimeID)
+
+    this._encodeString(bytes, 'Sequence')
+    this._encodeLong(bytes, stats.Sequence)
+  }
+}
+
+module.exports = {
+  SpanStatsEncoder
+}

package/packages/dd-trace/src/exporters/agent/index.js

@@ -7,9 +7,21 @@ const Writer = require('./writer')
 class AgentExporter {
   constructor (config, prioritySampler) {
     this._config = config
-    const { url, hostname, port, lookup, protocolVersion } = config
+    const { url, hostname, port, lookup, protocolVersion, stats = {} } = config
     this._url = url || new URL(`http://${hostname || 'localhost'}:${port}`)
-    this._writer = new Writer({ url: this._url, prioritySampler, lookup, protocolVersion })
+
+    const headers = {}
+    if (stats.enabled) {
+      headers['Datadog-Client-Computed-Stats'] = 'yes'
+    }
+
+    this._writer = new Writer({
+      url: this._url,
+      prioritySampler,
+      lookup,
+      protocolVersion,
+      headers
+    })
 
     this._timer = undefined
     process.once('beforeExit', () => this._writer.flush())

package/packages/dd-trace/src/exporters/agent/writer.js

@@ -10,7 +10,7 @@ const BaseWriter = require('../common/writer')
 const METRIC_PREFIX = 'datadog.tracer.node.exporter.agent'
 
 class Writer extends BaseWriter {
-  constructor ({ prioritySampler, lookup, protocolVersion }) {
+  constructor ({ prioritySampler, lookup, protocolVersion, headers }) {
     super(...arguments)
     const AgentEncoder = getEncoder(protocolVersion)
 
@@ -18,12 +18,14 @@ class Writer extends BaseWriter {
     this._lookup = lookup
     this._protocolVersion = protocolVersion
     this._encoder = new AgentEncoder(this)
+    this._headers = headers
   }
 
   _sendPayload (data, count, done) {
     metrics.increment(`${METRIC_PREFIX}.requests`, true)
 
-    makeRequest(this._protocolVersion, data, count, this._url, this._lookup, true, (err, res, status) => {
+    const { _headers, _lookup, _protocolVersion, _url } = this
+    makeRequest(_protocolVersion, data, count, _url, _headers, _lookup, true, (err, res, status) => {
       if (status) {
         metrics.increment(`${METRIC_PREFIX}.responses`, true)
         metrics.increment(`${METRIC_PREFIX}.responses.by.status`, `status:${status}`, true)
@@ -73,11 +75,12 @@ function getEncoder (protocolVersion) {
   }
 }
 
-function makeRequest (version, data, count, url, lookup, needsStartupLog, cb) {
+function makeRequest (version, data, count, url, headers, lookup, needsStartupLog, cb) {
   const options = {
     path: `/v${version}/traces`,
     method: 'PUT',
     headers: {
+      ...headers,
       'Content-Type': 'application/msgpack',
       'Datadog-Meta-Tracer-Version': tracerVersion,
       'X-Datadog-Trace-Count': String(count)

package/packages/dd-trace/src/exporters/common/request.js

@@ -84,7 +84,7 @@ function request (data, options, callback) {
     req.setTimeout(timeout, req.abort)
 
     if (isReadable) {
-      data.pipe(req)
+      data.pipe(req) // TODO: Validate whether this is actually retriable.
     } else {
       dataArray.forEach(buffer => req.write(buffer))
       req.end()
@@ -93,7 +93,11 @@ function request (data, options, callback) {
     storage.enterWith(store)
   }
 
-  makeRequest(() => makeRequest(callback))
+  // TODO: Figure out why setTimeout is needed to avoid losing the async context
+  // in the retry request before socket.connect() is called.
+  // TODO: Test that this doesn't trace itself on retry when the diagnostics
+  // channel events are available in the agent exporter.
+  makeRequest(() => setTimeout(() => makeRequest(callback)))
 }
 
 function byteLength (data) {

package/packages/dd-trace/src/exporters/span-stats/index.js

@@ -0,0 +1,20 @@
+const { URL } = require('url')
+
+const { Writer } = require('./writer')
+
+class SpanStatsExporter {
+  constructor (config) {
+    const { hostname = '127.0.0.1', port = 8126, tags, url } = config
+    this._url = url || new URL(`http://${hostname || 'localhost'}:${port}`)
+    this._writer = new Writer({ url: this._url, tags })
+  }
+
+  export (payload) {
+    this._writer.append(payload)
+    this._writer.flush()
+  }
+}
+
+module.exports = {
+  SpanStatsExporter
+}

package/packages/dd-trace/src/exporters/span-stats/writer.js

@@ -0,0 +1,54 @@
+
+const { SpanStatsEncoder } = require('../../encode/span-stats')
+
+const pkg = require('../../../../../package.json')
+
+const BaseWriter = require('../common/writer')
+const request = require('../common/request')
+const log = require('../../log')
+
+class Writer extends BaseWriter {
+  constructor ({ url }) {
+    super(...arguments)
+    this._url = url
+    this._encoder = new SpanStatsEncoder(this)
+  }
+
+  _sendPayload (data, _, done) {
+    makeRequest(data, this._url, (err, res) => {
+      if (err) {
+        log.error(err)
+        done()
+        return
+      }
+      log.debug(`Response from the intake: ${res}`)
+      done()
+    })
+  }
+}
+
+function makeRequest (data, url, cb) {
+  const options = {
+    path: '/v0.6/stats',
+    method: 'PUT',
+    headers: {
+      'Datadog-Meta-Lang': 'javascript',
+      'Datadog-Meta-Tracer-Version': pkg.version,
+      'Content-Type': 'application/msgpack'
+    }
+  }
+
+  options.protocol = url.protocol
+  options.hostname = url.hostname
+  options.port = url.port
+
+  log.debug(() => `Request to the intake: ${JSON.stringify(options)}`)
+
+  request(data, options, (err, res) => {
+    cb(err, res)
+  })
+}
+
+module.exports = {
+  Writer
+}

package/packages/dd-trace/src/format.js

@@ -12,6 +12,7 @@ const SAMPLING_AGENT_DECISION = constants.SAMPLING_AGENT_DECISION
 const MEASURED = tags.MEASURED
 const ORIGIN_KEY = constants.ORIGIN_KEY
 const HOSTNAME_KEY = constants.HOSTNAME_KEY
+const TOP_LEVEL_KEY = constants.TOP_LEVEL_KEY
 
 const map = {
   'service.name': 'service',
@@ -110,6 +111,7 @@ function extractRootTags (trace, span) {
   addTag({}, trace.metrics, SAMPLING_RULE_DECISION, context._trace[SAMPLING_RULE_DECISION])
   addTag({}, trace.metrics, SAMPLING_LIMIT_DECISION, context._trace[SAMPLING_LIMIT_DECISION])
   addTag({}, trace.metrics, SAMPLING_AGENT_DECISION, context._trace[SAMPLING_AGENT_DECISION])
+  addTag({}, trace.metrics, TOP_LEVEL_KEY, 1)
 }
 
 function extractChunkTags (trace, span) {

package/packages/dd-trace/src/iitm.js

@@ -2,8 +2,19 @@
 
 const semver = require('semver')
 const logger = require('./log')
+const { addHook } = require('import-in-the-middle')
+const dc = require('diagnostics_channel')
 
 if (semver.satisfies(process.versions.node, '^12.20.0 || >=14.13.1')) {
+  const moduleLoadStartChannel = dc.channel('dd-trace:moduleLoadStart')
+  addHook((name, namespace) => {
+    if (moduleLoadStartChannel.hasSubscribers) {
+      moduleLoadStartChannel.publish({
+        filename: name,
+        module: namespace
+      })
+    }
+  })
   module.exports = require('import-in-the-middle')
 } else {
   logger.warn('ESM is not fully supported by this version of Node.js, ' +