dd-trace 4.3.0 → 4.5.0

package/packages/datadog-plugin-openai/src/services.js

@@ -0,0 +1,43 @@
+'use strict'
+
+const DogStatsDClient = require('../../dd-trace/src/dogstatsd')
+const ExternalLogger = require('../../dd-trace/src/external-logger/src')
+
+const FLUSH_INTERVAL = 10 * 1000
+
+let metrics = null
+let logger = null
+let interval = null
+
+module.exports.init = function (tracerConfig) {
+  metrics = new DogStatsDClient({
+    host: tracerConfig.dogstatsd.hostname,
+    port: tracerConfig.dogstatsd.port,
+    tags: [
+      `service:${tracerConfig.tags.service}`,
+      `env:${tracerConfig.tags.env}`,
+      `version:${tracerConfig.tags.version}`
+    ]
+  })
+
+  logger = new ExternalLogger({
+    ddsource: 'openai',
+    hostname: tracerConfig.hostname,
+    service: tracerConfig.service,
+    apiKey: tracerConfig.apiKey,
+    interval: FLUSH_INTERVAL
+  })
+
+  interval = setInterval(() => {
+    metrics.flush()
+  }, FLUSH_INTERVAL).unref()
+
+  return { metrics, logger }
+}
+
+module.exports.shutdown = function () {
+  clearInterval(interval)
+  metrics = null
+  logger = null
+  interval = null
+}

package/packages/datadog-plugin-oracledb/src/index.js

@@ -7,12 +7,13 @@ const log = require('../../dd-trace/src/log')
 class OracledbPlugin extends DatabasePlugin {
   static get id () { return 'oracledb' }
   static get system () { return 'oracle' }
+  static get peerServicePrecursors () { return ['db.instance', 'db.hostname'] }
 
   start ({ query, connAttrs }) {
-    const service = getServiceName(this.config, connAttrs)
+    const service = this.serviceName(this.config, connAttrs)
     const url = getUrl(connAttrs.connectString)
 
-    this.startSpan('oracle.query', {
+    this.startSpan(this.operationName(), {
       service,
       resource: query,
       type: 'sql',
@@ -27,14 +28,6 @@ class OracledbPlugin extends DatabasePlugin {
   }
 }
 
-function getServiceName (config, connAttrs) {
-  if (typeof config.service === 'function') {
-    return config.service(connAttrs)
-  }
-
-  return config.service
-}
-
 // TODO: Avoid creating an error since it's a heavy operation.
 function getUrl (connectString) {
   try {

package/packages/datadog-plugin-pg/src/index.js

@@ -9,10 +9,10 @@ class PGPlugin extends DatabasePlugin {
   static get system () { return 'postgres' }
 
   start ({ params = {}, query, processId }) {
-    const service = getServiceName(this, params)
+    const service = this.serviceName(this.config, params)
     const originalStatement = query.text
 
-    this.startSpan('pg.query', {
+    this.startSpan(this.operationName(), {
       service,
       resource: originalStatement,
       type: 'sql',
@@ -27,16 +27,8 @@ class PGPlugin extends DatabasePlugin {
       }
     })
 
-    query.text = this.injectDbmQuery(query.text, service, !!query.name)
+    query.__ddInjectableQuery = this.injectDbmQuery(query.text, service, !!query.name)
   }
 }
 
-function getServiceName (tracer, params) {
-  if (typeof tracer.config.service === 'function') {
-    return tracer.config.service(params)
-  }
-
-  return tracer.config.service || `${tracer._tracer._tracer._service}-postgres`
-}
-
 module.exports = PGPlugin

package/packages/datadog-plugin-sharedb/src/index.js

@@ -25,7 +25,7 @@ class SharedbPlugin extends ServerPlugin {
     if (this.config.hooks && this.config.hooks.reply) {
       this.config.hooks.reply(span, request, res)
     }
-    span.finish()
+    super.finish()
   }
 }
 

package/packages/dd-trace/src/appsec/channels.js

@@ -7,6 +7,7 @@ module.exports = {
   bodyParser: dc.channel('datadog:body-parser:read:finish'),
   incomingHttpRequestStart: dc.channel('dd-trace:incomingHttpRequestStart'),
   incomingHttpRequestEnd: dc.channel('dd-trace:incomingHttpRequestEnd'),
+  passportVerify: dc.channel('datadog:passport:verify:finish'),
   queryParser: dc.channel('datadog:query:read:finish'),
   setCookieChannel: dc.channel('datadog:iast:set-cookie')
 }

package/packages/dd-trace/src/appsec/iast/taint-tracking/origin-types.js

@@ -2,9 +2,10 @@
 
 module.exports = {
   HTTP_REQUEST_BODY: 'http.request.body',
-  HTTP_REQUEST_PARAMETER: 'http.request.parameter',
   HTTP_REQUEST_COOKIE_VALUE: 'http.request.cookie.value',
   HTTP_REQUEST_COOKIE_NAME: 'http.request.cookie.name',
   HTTP_REQUEST_HEADER_NAME: 'http.request.header.name',
-  HTTP_REQUEST_HEADER_VALUE: 'http.request.header'
+  HTTP_REQUEST_HEADER_VALUE: 'http.request.header',
+  HTTP_REQUEST_PARAMETER: 'http.request.parameter',
+  HTTP_REQUEST_PATH_PARAM: 'http.request.path.parameter'
 }

package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js

@@ -5,12 +5,14 @@ const { getIastContext } = require('../iast-context')
 const { storage } = require('../../../../../datadog-core')
 const { taintObject } = require('./operations')
 const {
-  HTTP_REQUEST_PARAMETER,
   HTTP_REQUEST_BODY,
   HTTP_REQUEST_COOKIE_VALUE,
   HTTP_REQUEST_COOKIE_NAME,
   HTTP_REQUEST_HEADER_VALUE,
-  HTTP_REQUEST_HEADER_NAME
+  HTTP_REQUEST_HEADER_NAME,
+  HTTP_REQUEST_PARAMETER,
+  HTTP_REQUEST_PATH_PARAM
+
 } = require('./origin-types')
 
 class TaintTrackingPlugin extends Plugin {
@@ -44,6 +46,14 @@ class TaintTrackingPlugin extends Plugin {
       'datadog:cookie:parse:finish',
       ({ cookies }) => this._cookiesTaintTrackingHandler(cookies)
     )
+    this.addSub(
+      'datadog:express:process_params:start',
+      ({ req }) => {
+        if (req && req.params && typeof req.params === 'object') {
+          this._taintTrackingHandler(HTTP_REQUEST_PATH_PARAM, req, 'params')
+        }
+      }
+    )
   }
 
   _taintTrackingHandler (type, target, property, iastContext = getIastContext(storage.getStore())) {

package/packages/dd-trace/src/appsec/index.js

@@ -7,6 +7,7 @@ const {
   incomingHttpRequestStart,
   incomingHttpRequestEnd,
   bodyParser,
+  passportVerify,
   queryParser
 } = require('./channels')
 const waf = require('./waf')
@@ -16,6 +17,8 @@ const web = require('../plugins/util/web')
 const { extractIp } = require('../plugins/util/ip_extractor')
 const { HTTP_CLIENT_IP } = require('../../../../ext/tags')
 const { block, setTemplates } = require('./blocking')
+const { passportTrackEvent } = require('./passport')
+const { storage } = require('../../../datadog-core')
 
 let isEnabled = false
 let config
@@ -37,6 +40,10 @@ function enable (_config) {
     bodyParser.subscribe(onRequestBodyParsed)
     queryParser.subscribe(onRequestQueryParsed)
 
+    if (_config.appsec.eventTracking.enabled) {
+      passportVerify.subscribe(onPassportVerify)
+    }
+
     isEnabled = true
     config = _config
   } catch (err) {
@@ -139,6 +146,18 @@ function onRequestQueryParsed ({ req, res, abortController }) {
   handleResults(results, req, res, rootSpan, abortController)
 }
 
+function onPassportVerify ({ credentials, user }) {
+  const store = storage.getStore()
+  const rootSpan = store && store.req && web.root(store.req)
+
+  if (!rootSpan) {
+    log.warn('No rootSpan found in onPassportVerify')
+    return
+  }
+
+  passportTrackEvent(credentials, user, rootSpan, config.appsec.eventTracking.mode)
+}
+
 function handleResults (actions, req, res, rootSpan, abortController) {
   if (!actions || !req || !res || !rootSpan || !abortController) return
 
@@ -160,6 +179,7 @@ function disable () {
   if (incomingHttpRequestEnd.hasSubscribers) incomingHttpRequestEnd.unsubscribe(incomingHttpEndTranslator)
   if (bodyParser.hasSubscribers) bodyParser.unsubscribe(onRequestBodyParsed)
   if (queryParser.hasSubscribers) queryParser.unsubscribe(onRequestQueryParsed)
+  if (passportVerify.hasSubscribers) passportVerify.unsubscribe(onPassportVerify)
 }
 
 module.exports = {

package/packages/dd-trace/src/appsec/passport.js

@@ -0,0 +1,110 @@
+'use strict'
+
+const log = require('../log')
+const { trackEvent } = require('./sdk/track_event')
+const { setUserTags } = require('./sdk/set_user')
+
+const UUID_PATTERN = '^[0-9A-F]{8}-[0-9A-F]{4}-[1-5][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$'
+const regexUsername = new RegExp(UUID_PATTERN, 'i')
+
+const SDK_USER_EVENT_PATTERN = '^_dd\\.appsec\\.events\\.users\\.[\\W\\w+]+\\.sdk$'
+const regexSdkEvent = new RegExp(SDK_USER_EVENT_PATTERN, 'i')
+
+function isSdkCalled (tags) {
+  let called = false
+
+  if (tags && typeof tags === 'object') {
+    called = Object.entries(tags).some(([key, value]) => regexSdkEvent.test(key) && value === 'true')
+  }
+
+  return called
+}
+
+// delete this function later if we know it's always credential.username
+function getLogin (credentials) {
+  const type = credentials && credentials.type
+  let login
+  if (type === 'local' || type === 'http') {
+    login = credentials.username
+  }
+
+  return login
+}
+
+function parseUser (login, passportUser, mode) {
+  const user = {
+    'usr.id': login
+  }
+
+  if (!user['usr.id']) {
+    return user
+  }
+
+  if (passportUser) {
+    // Guess id
+    if (passportUser.id) {
+      user['usr.id'] = passportUser.id
+    } else if (passportUser._id) {
+      user['usr.id'] = passportUser._id
+    }
+
+    if (mode === 'extended') {
+      if (login) {
+        user['usr.login'] = login
+      }
+
+      if (passportUser.email) {
+        user['usr.email'] = passportUser.email
+      }
+
+      // Guess username
+      if (passportUser.username) {
+        user['usr.username'] = passportUser.username
+      } else if (passportUser.name) {
+        user['usr.username'] = passportUser.name
+      }
+    }
+  }
+
+  if (mode === 'safe') {
+    // Remove PII in safe mode
+    if (!regexUsername.test(user['usr.id'])) {
+      user['usr.id'] = ' '
+    }
+  }
+
+  return user
+}
+
+function passportTrackEvent (credentials, passportUser, rootSpan, mode) {
+  const tags = rootSpan && rootSpan.context() && rootSpan.context()._tags
+
+  if (isSdkCalled(tags)) {
+    // Don't overwrite tags set by SDK callings
+    return
+  }
+  const user = parseUser(getLogin(credentials), passportUser, mode)
+
+  if (user['usr.id'] === undefined) {
+    log.warn('No user ID found in authentication instrumentation')
+    return
+  }
+
+  if (passportUser) {
+    // If a passportUser object is published then the login succeded
+    const userTags = {}
+    Object.entries(user).forEach(([k, v]) => {
+      const attr = k.split('.', 2)[1]
+      userTags[attr] = v
+    })
+
+    setUserTags(userTags, rootSpan)
+    trackEvent('users.login.success', null, 'passportTrackEvent', rootSpan, mode)
+  } else {
+    trackEvent('users.login.failure', user, 'passportTrackEvent', rootSpan, mode)
+  }
+}
+
+module.exports = {
+  passportTrackEvent
+}

package/packages/dd-trace/src/appsec/sdk/track_event.js

@@ -20,7 +20,7 @@ function trackUserLoginSuccessEvent (tracer, user, metadata) {
 
   setUserTags(user, rootSpan)
 
-  trackEvent(tracer, 'users.login.success', metadata, 'trackUserLoginSuccessEvent', rootSpan)
+  trackEvent('users.login.success', metadata, 'trackUserLoginSuccessEvent', rootSpan, 'sdk')
 }
 
 function trackUserLoginFailureEvent (tracer, userId, exists, metadata) {
@@ -35,7 +35,7 @@ function trackUserLoginFailureEvent (tracer, userId, exists, metadata) {
     ...metadata
   }
 
-  trackEvent(tracer, 'users.login.failure', fields, 'trackUserLoginFailureEvent')
+  trackEvent('users.login.failure', fields, 'trackUserLoginFailureEvent', getRootSpan(tracer), 'sdk')
 }
 
 function trackCustomEvent (tracer, eventName, metadata) {
@@ -44,10 +44,10 @@ function trackCustomEvent (tracer, eventName, metadata) {
     return
   }
 
-  trackEvent(tracer, eventName, metadata, 'trackCustomEvent')
+  trackEvent(eventName, metadata, 'trackCustomEvent', getRootSpan(tracer), 'sdk')
 }
 
-function trackEvent (tracer, eventName, fields, sdkMethodName, rootSpan = getRootSpan(tracer)) {
+function trackEvent (eventName, fields, sdkMethodName, rootSpan, mode) {
   if (!rootSpan) {
     log.warn(`Root span not available in ${sdkMethodName}`)
     return
@@ -58,6 +58,14 @@ function trackEvent (tracer, eventName, fields, sdkMethodName, rootSpan = getRoo
     [MANUAL_KEEP]: 'true'
   }
 
+  if (mode === 'sdk') {
+    tags[`_dd.appsec.events.${eventName}.sdk`] = 'true'
+  }
+
+  if (mode === 'safe' || mode === 'extended') {
+    tags[`_dd.appsec.events.${eventName}.auto.mode`] = mode
+  }
+
   if (fields) {
     for (const metadataKey of Object.keys(fields)) {
       tags[`appsec.events.${eventName}.${metadataKey}`] = '' + fields[metadataKey]
@@ -70,5 +78,6 @@ function trackEvent (tracer, eventName, fields, sdkMethodName, rootSpan = getRoo
 module.exports = {
   trackUserLoginSuccessEvent,
   trackUserLoginFailureEvent,
-  trackCustomEvent
+  trackCustomEvent,
+  trackEvent
 }

package/packages/dd-trace/src/ci-visibility/exporters/git/git_metadata.js

@@ -48,7 +48,8 @@ function getCommonRequestOptions (url) {
  */
 function getCommitsToExclude ({ url, isEvpProxy, repositoryUrl }, callback) {
   const latestCommits = getLatestCommits()
-  const [headCommit] = latestCommits
+
+  log.debug(`There were ${latestCommits.length} commits since last month.`)
 
   const commonOptions = getCommonRequestOptions(url)
 
@@ -88,7 +89,7 @@ function getCommitsToExclude ({ url, isEvpProxy, repositoryUrl }, callback) {
     } catch (e) {
       return callback(new Error(`Can't parse commits to exclude response: ${e.message}`))
     }
-    callback(null, commitsToExclude, headCommit)
+    callback(null, commitsToExclude, latestCommits)
   })
 }
 
@@ -158,26 +159,38 @@ function sendGitMetadata (url, isEvpProxy, configRepositoryUrl, callback) {
     repositoryUrl = getRepositoryUrl()
   }
 
+  log.debug(`Uploading git history for repository ${repositoryUrl}`)
+
   if (!repositoryUrl) {
     return callback(new Error('Repository URL is empty'))
   }
 
   if (isShallowRepository()) {
+    log.debug('It is shallow clone, unshallowing...')
     unshallowRepository()
   }
 
-  getCommitsToExclude({ url, repositoryUrl, isEvpProxy }, (err, commitsToExclude, headCommit) => {
+  getCommitsToExclude({ url, repositoryUrl, isEvpProxy }, (err, commitsToExclude, latestCommits) => {
     if (err) {
       return callback(err)
     }
-    const commitsToUpload = getCommitsToUpload(commitsToExclude)
+    log.debug(`There are ${commitsToExclude.length} commits to exclude.`)
+    const [headCommit] = latestCommits
+    const commitsToInclude = latestCommits.filter((commit) => !commitsToExclude.includes(commit))
+    log.debug(`There are ${commitsToInclude.length} commits to include.`)
+
+    const commitsToUpload = getCommitsToUpload(commitsToExclude, commitsToInclude)
 
     if (!commitsToUpload.length) {
       log.debug('No commits to upload')
       return callback(null)
     }
+    log.debug(`There are ${commitsToUpload.length} commits to upload`)
+
     const packFilesToUpload = generatePackFilesForCommits(commitsToUpload)
 
+    log.debug(`Uploading ${packFilesToUpload.length} packfiles.`)
+
     if (!packFilesToUpload.length) {
       return callback(new Error('Failed to generate packfiles'))
     }

package/packages/dd-trace/src/ci-visibility/test-api-manual/test-api-manual-plugin.js

@@ -0,0 +1,45 @@
+const CiPlugin = require('../../plugins/ci_plugin')
+const {
+  TEST_STATUS,
+  finishAllTraceSpans,
+  getTestSuitePath
+} = require('../../plugins/util/test')
+const { storage } = require('../../../../datadog-core')
+
+class TestApiManualPlugin extends CiPlugin {
+  static get id () {
+    return 'test-api-manual'
+  }
+  constructor (...args) {
+    super(...args)
+    this.sourceRoot = process.cwd()
+
+    this.addSub('dd-trace:ci:manual:test:start', ({ testName, testSuite }) => {
+      const store = storage.getStore()
+      const testSuiteRelative = getTestSuitePath(testSuite, this.sourceRoot)
+      const testSpan = this.startTestSpan(testName, testSuiteRelative)
+      this.enter(testSpan, store)
+    })
+    this.addSub('dd-trace:ci:manual:test:finish', ({ status, error }) => {
+      const store = storage.getStore()
+      const testSpan = store && store.span
+      if (testSpan) {
+        testSpan.setTag(TEST_STATUS, status)
+        if (error) {
+          testSpan.setTag('error', error)
+        }
+        testSpan.finish()
+        finishAllTraceSpans(testSpan)
+      }
+    })
+    this.addSub('dd-trace:ci:manual:test:addTags', (tags) => {
+      const store = storage.getStore()
+      const testSpan = store && store.span
+      if (testSpan) {
+        testSpan.addTags(tags)
+      }
+    })
+  }
+}
+
+module.exports = TestApiManualPlugin

package/packages/dd-trace/src/config.js

@@ -144,6 +144,11 @@ class Config {
       process.env.DD_DBM_PROPAGATION_MODE,
       'disabled'
     )
+    const DD_DATA_STREAMS_ENABLED = coalesce(
+      options.dsmEnabled,
+      process.env.DD_DATA_STREAMS_ENABLED,
+      false
+    )
     const DD_AGENT_HOST = coalesce(
       options.hostname,
       process.env.DD_AGENT_HOST,
@@ -172,6 +177,11 @@ class Config {
       true
     )
 
+    const DD_CIVISIBILITY_MANUAL_API_ENABLED = coalesce(
+      process.env.DD_CIVISIBILITY_MANUAL_API_ENABLED,
+      false
+    )
+
     const DD_SERVICE = options.service ||
       process.env.DD_SERVICE ||
       process.env.DD_SERVICE_NAME ||
@@ -230,6 +240,9 @@ class Config {
     const DD_TELEMETRY_HEARTBEAT_INTERVAL = process.env.DD_TELEMETRY_HEARTBEAT_INTERVAL
       ? parseInt(process.env.DD_TELEMETRY_HEARTBEAT_INTERVAL) * 1000
       : 60000
+    const DD_OPENAI_SPAN_CHAR_LIMIT = process.env.DD_OPENAI_SPAN_CHAR_LIMIT
+      ? parseInt(process.env.DD_OPENAI_SPAN_CHAR_LIMIT)
+      : 128
     const DD_TELEMETRY_DEBUG = coalesce(
       process.env.DD_TELEMETRY_DEBUG,
       false
@@ -306,6 +319,12 @@ class Config {
     const DD_TRACE_SPAN_ATTRIBUTE_SCHEMA = validateNamingVersion(
       process.env.DD_TRACE_SPAN_ATTRIBUTE_SCHEMA
     )
+    const DD_TRACE_PEER_SERVICE_DEFAULTS_ENABLED = process.env.DD_TRACE_PEER_SERVICE_DEFAULTS_ENABLED
+
+    const DD_TRACE_REMOVE_INTEGRATION_SERVICE_NAMES_ENABLED = coalesce(
+      isTrue(process.env.DD_TRACE_REMOVE_INTEGRATION_SERVICE_NAMES_ENABLED),
+      false
+    )
     const DD_TRACE_X_DATADOG_TAGS_MAX_LENGTH = coalesce(
       process.env.DD_TRACE_X_DATADOG_TAGS_MAX_LENGTH,
       '512'
@@ -380,6 +399,11 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
       maybeFile(appsec.blockedTemplateJson),
       maybeFile(process.env.DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON)
     )
+    const DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING = coalesce(
+      appsec.eventTracking && appsec.eventTracking.mode,
+      process.env.DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING,
+      'safe'
+    ).toLowerCase()
 
     const remoteConfigOptions = options.remoteConfig || {}
     const DD_REMOTE_CONFIGURATION_ENABLED = coalesce(
@@ -482,6 +506,7 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
 
     this.tracing = !isFalse(DD_TRACING_ENABLED)
     this.dbmPropagationMode = DD_DBM_PROPAGATION_MODE
+    this.dsmEnabled = isTrue(DD_DATA_STREAMS_ENABLED)
     this.openAiLogsEnabled = DD_OPENAI_LOGS_ENABLED
     this.apiKey = DD_API_KEY
     this.logInjection = isTrue(DD_LOGS_INJECTION)
@@ -524,6 +549,11 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
       exporters: DD_PROFILING_EXPORTERS
     }
     this.spanAttributeSchema = DD_TRACE_SPAN_ATTRIBUTE_SCHEMA
+    this.spanComputePeerService = (this.spanAttributeSchema === 'v0'
+      ? isTrue(DD_TRACE_PEER_SERVICE_DEFAULTS_ENABLED)
+      : true
+    )
+    this.traceRemoveIntegrationServiceNamesEnabled = DD_TRACE_REMOVE_INTEGRATION_SERVICE_NAMES_ENABLED
     this.lookup = options.lookup
     this.startupLogs = isTrue(DD_TRACE_STARTUP_LOGS)
     // Disabled for CI Visibility's agentless
@@ -544,7 +574,11 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
       obfuscatorKeyRegex: DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP,
       obfuscatorValueRegex: DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP,
       blockedTemplateHtml: DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML,
-      blockedTemplateJson: DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON
+      blockedTemplateJson: DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON,
+      eventTracking: {
+        enabled: ['extended', 'safe'].includes(DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING),
+        mode: DD_APPSEC_AUTOMATED_USER_EVENTS_TRACKING
+      }
     }
     this.remoteConfig = {
       enabled: DD_REMOTE_CONFIGURATION_ENABLED,
@@ -566,6 +600,9 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
       (this.isIntelligentTestRunnerEnabled && !isFalse(DD_CIVISIBILITY_GIT_UPLOAD_ENABLED))
 
     this.gitMetadataEnabled = isTrue(DD_TRACE_GIT_METADATA_ENABLED)
+    this.isManualApiEnabled = this.isCiVisibility && isTrue(DD_CIVISIBILITY_MANUAL_API_ENABLED)
+
+    this.openaiSpanCharLimit = DD_OPENAI_SPAN_CHAR_LIMIT
 
     if (this.gitMetadataEnabled) {
       this.repositoryUrl = coalesce(

package/packages/dd-trace/src/constants.js

@@ -26,6 +26,8 @@ module.exports = {
   ERROR_STACK: 'error.stack',
   COMPONENT: 'component',
   CLIENT_PORT_KEY: 'network.destination.port',
+  PEER_SERVICE_KEY: 'peer.service',
+  PEER_SERVICE_SOURCE_KEY: '_dd.peer.service.source',
   SCI_REPOSITORY_URL: '_dd.git.repository_url',
   SCI_COMMIT_SHA: '_dd.git.commit.sha'
 }

package/packages/dd-trace/src/data_streams_context.js

@@ -0,0 +1,15 @@
+const { storage } = require('../../datadog-core')
+
+function getDataStreamsContext () {
+  const store = storage.getStore()
+  return (store && store.dataStreamsContext) || null
+}
+
+function setDataStreamsContext (dataStreamsContext) {
+  storage.enterWith({ ...(storage.getStore()), dataStreamsContext })
+}
+
+module.exports = {
+  getDataStreamsContext,
+  setDataStreamsContext
+}

package/packages/dd-trace/src/datastreams/pathway.js

@@ -0,0 +1,58 @@
+// encoding used here is sha256
+// other languages use FNV1
+// this inconsistency is ok because hashes do not need to be consistent across services
+const crypto = require('crypto')
+const { encodeVarint, decodeVarint } = require('./encoding')
+const LRUCache = require('lru-cache')
+
+const options = { max: 500 }
+const cache = new LRUCache(options)
+
+function shaHash (checkpointString) {
+  const hash = crypto.createHash('md5').update(checkpointString).digest('hex').slice(0, 16)
+  return Buffer.from(hash, 'hex')
+}
+
+function computeHash (service, env, edgeTags, parentHash) {
+  const key = `${service}${env}` + edgeTags.join('') + parentHash.toString()
+  if (cache.get(key)) {
+    return cache.get(key)
+  }
+  const currentHash = shaHash(`${service}${env}` + edgeTags.join(''))
+  const buf = Buffer.concat([ currentHash, parentHash ], 16)
+  const val = shaHash(buf.toString())
+  cache.set(key, val)
+  return val
+}
+
+function encodePathwayContext (dataStreamsContext) {
+  return Buffer.concat([
+    dataStreamsContext.hash,
+    Buffer.from(encodeVarint(Math.round(dataStreamsContext.pathwayStartNs / 1e6))),
+    Buffer.from(encodeVarint(Math.round(dataStreamsContext.edgeStartNs / 1e6)))
+  ], 20)
+}
+
+function decodePathwayContext (pathwayContext) {
+  if (pathwayContext == null || pathwayContext.length < 8) {
+    return null
+  }
+  // hash and parent hash are in LE
+  const pathwayHash = pathwayContext.subarray(0, 8)
+  const encodedTimestamps = pathwayContext.subarray(8)
+  const [pathwayStartMs, encodedTimeSincePrev] = decodeVarint(encodedTimestamps)
+  if (pathwayStartMs === undefined) {
+    return null
+  }
+  const [edgeStartMs] = decodeVarint(encodedTimeSincePrev)
+  if (edgeStartMs === undefined) {
+    return null
+  }
+  return { hash: pathwayHash, pathwayStartNs: pathwayStartMs * 1e6, edgeStartNs: edgeStartMs * 1e6 }
+}
+
+module.exports = {
+  computePathwayHash: computeHash,
+  encodePathwayContext,
+  decodePathwayContext
+}