dd-trace 5.105.0 → 5.107.0

package/packages/datadog-plugin-aws-sdk/src/services/sqs.js

@@ -5,6 +5,43 @@ const BaseAwsSdkPlugin = require('../base')
 const { DsmPathwayCodec, getHeadersSize } = require('../../../dd-trace/src/datastreams')
 const { extractQueueMetadata, isEmpty } = require('../util')
 
+/**
+ * @typedef {{
+ *   'detail-type'?: string,
+ *   detail?: { _datadog?: Record<string, string> },
+ *   Type?: string,
+ *   Message?: string
+ * }} ParsedSqsBody
+ */
+
+/**
+ * Resolve the EventBridge `_datadog` text map from a parsed SQS body — for both
+ * EventBridge -> SQS (`body.detail._datadog`) and EventBridge -> SNS -> SQS (the
+ * envelope is the SNS `Notification`'s stringified `Message`). Keyed off
+ * `detail-type`, the marker AWS sets on every PutEvents delivery. Relies on the
+ * default SQS-target shape; a target InputTransformer can drop `detail`.
+ *
+ * @param {ParsedSqsBody} [parsedBody]
+ * @returns {Record<string, string> | undefined}
+ */
+function getEventBridgeContext (parsedBody) {
+  let envelope
+  if (parsedBody?.['detail-type'] !== undefined) {
+    envelope = parsedBody // EventBridge -> SQS
+  } else if (parsedBody?.Type === 'Notification' && typeof parsedBody.Message === 'string') {
+    // EventBridge -> SNS -> SQS
+    try {
+      const innerEnvelope = JSON.parse(parsedBody.Message)
+      if (innerEnvelope?.['detail-type'] !== undefined) {
+        envelope = innerEnvelope
+      }
+    } catch {
+      // SNS `Message` not JSON
+    }
+  }
+  return envelope?.detail?._datadog
+}
+
 class Sqs extends BaseAwsSdkPlugin {
   static id = 'sqs'
   static peerServicePrecursors = ['queuename']
@@ -149,17 +186,28 @@ class Sqs extends BaseAwsSdkPlugin {
       }
     }
 
-    if (!message.MessageAttributes || !message.MessageAttributes._datadog) {
-      return { parsedBody, bodyChecked: true }
+    // Check MessageAttributes first (common direct-SQS/SNS path): avoids parsing
+    // the body (e.g. a large SNS `Message`) just to rule out an EventBridge
+    // envelope. Precedence matches responseExtractDSMContext.
+    const datadogAttribute = message.MessageAttributes?._datadog
+    if (datadogAttribute) {
+      const parsedAttributes = this.parseDatadogAttributes(datadogAttribute)
+      if (parsedAttributes) {
+        return {
+          datadogContext: this.tracer.extract('text_map', parsedAttributes),
+          parsedAttributes,
+          parsedBody,
+          bodyChecked: true,
+        }
+      }
     }
 
-    const datadogAttribute = message.MessageAttributes._datadog
-
-    const parsedAttributes = this.parseDatadogAttributes(datadogAttribute)
-    if (parsedAttributes) {
+    // Then the EventBridge envelope (optionally via SNS); see getEventBridgeContext.
+    const eventBridgeContext = getEventBridgeContext(parsedBody)
+    if (eventBridgeContext) {
       return {
-        datadogContext: this.tracer.extract('text_map', parsedAttributes),
-        parsedAttributes,
+        datadogContext: this.tracer.extract('text_map', eventBridgeContext),
+        parsedAttributes: eventBridgeContext,
         parsedBody,
         bodyChecked: true,
       }
@@ -213,15 +261,18 @@ class Sqs extends BaseAwsSdkPlugin {
         if (body?.Type === 'Notification') {
           message = body
         }
-        if (message.MessageAttributes && message.MessageAttributes._datadog) {
-          parsedAttributes = this.parseDatadogAttributes(message.MessageAttributes._datadog)
-        }
+        // MessageAttributes for direct SQS/SNS; else the EventBridge envelope.
+        parsedAttributes = message.MessageAttributes?._datadog
+          ? this.parseDatadogAttributes(message.MessageAttributes._datadog)
+          : getEventBridgeContext(body)
       }
       const payloadSize = getHeadersSize({
         Body: message.Body,
         MessageAttributes: message.MessageAttributes,
       })
       if (parsedAttributes) {
+        // Inert for EventBridge until its producer emits a pathway (separate
+        // change) — no `dd-pathway-ctx-base64` to decode yet; SQS/SNS decode now.
         this.tracer.decodeDataStreamsContext(parsedAttributes)
       }
       this.tracer

package/packages/datadog-plugin-cucumber/src/index.js

@@ -80,6 +80,7 @@ class CucumberPlugin extends CiPlugin {
       isTestManagementTestsEnabled,
       isParallel,
     }) => {
+      this._exportPendingWorkerTraces()
       const {
         isSuitesSkippingEnabled,
         isCodeCoverageEnabled,
@@ -186,6 +187,7 @@ class CucumberPlugin extends CiPlugin {
         integrationName: this.constructor.id,
       })
       this._testSuiteSpansByTestSuite.set(testSuitePath, testSuiteSpan)
+      this._exportPendingWorkerTracesForTestSuite(testSuitePath)
 
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_CREATED, 'suite')
       if (this.libraryConfig?.isCodeCoverageEnabled) {

package/packages/datadog-plugin-cypress/src/support.js

@@ -136,6 +136,7 @@ function getRetriedTests (test, numRetries, tags) {
     // TODO: signal in framework logs that this is a retry.
     // TODO: Change it so these tests are allowed to fail.
     const clonedTest = test.clone()
+    disableFrameworkRetries(clonedTest)
     if (tags.includes('_ddIsEfdRetry')) {
       clonedTest._ddEfdRetryIndex = retryIndex + 1
     }
@@ -149,6 +150,19 @@ function getRetriedTests (test, numRetries, tags) {
   return retriedTests
 }
 
+function disableFrameworkRetries (test) {
+  test._retries = 0
+}
+
+function shouldDisableFrameworkRetries (test) {
+  return test && (
+    test._ddIsAttemptToFix ||
+    (isTestIsolationEnabled &&
+      isEarlyFlakeDetectionEnabled &&
+      (test._ddIsNew || test._ddIsModified))
+  )
+}
+
 const oldRunTests = Cypress.mocha.getRunner().runTests
 Cypress.mocha.getRunner().runTests = function (suite, fn) {
   if (!isKnownTestsEnabled && !isTestManagementEnabled && !isImpactedTestsEnabled) {
@@ -188,9 +202,11 @@ Cypress.mocha.getRunner().runTests = function (suite, fn) {
     let retryMessage = ''
     if (isAtemptToFix) {
       test._ddIsAttemptToFix = true
+      disableFrameworkRetries(test)
       retryMessage = 'because it is an attempt to fix'
       retriedTests = getRetriedTests(test, testManagementAttemptToFixRetries, ['_ddIsAttemptToFix'])
     } else if (isModified && isEarlyFlakeDetectionEnabled) {
+      disableFrameworkRetries(test)
       retryMessage = 'to detect flakes because it is modified'
       retriedTests = getRetriedTests(test, earlyFlakeDetectionNumRetries, [
         '_ddIsModified',
@@ -198,6 +214,7 @@ Cypress.mocha.getRunner().runTests = function (suite, fn) {
         isKnownTestsEnabled && isNewTest(test) && '_ddIsNew',
       ])
     } else if (isNew && isEarlyFlakeDetectionEnabled) {
+      disableFrameworkRetries(test)
       retryMessage = 'to detect flakes because it is new'
       retriedTests = getRetriedTests(test, earlyFlakeDetectionNumRetries, ['_ddIsNew', '_ddIsEfdRetry'])
     }
@@ -214,8 +231,21 @@ Cypress.mocha.getRunner().runTests = function (suite, fn) {
   return oldRunTests.apply(this, [suite, fn])
 }
 
+Cypress.on('test:before:run', (attributes, test) => {
+  if (shouldDisableFrameworkRetries(test)) {
+    disableFrameworkRetries(test)
+  }
+})
+
+Cypress.on('test:before:run:async', (attributes, test) => {
+  if (shouldDisableFrameworkRetries(test)) {
+    disableFrameworkRetries(test)
+  }
+})
+
 beforeEach(function () {
-  const testName = Cypress.mocha.getRunner().suite.ctx.currentTest.fullTitle()
+  const currentTest = Cypress.mocha.getRunner().suite.ctx.currentTest
+  const testName = currentTest.fullTitle()
 
   const retryMessage = retryReasonsByTestName.get(testName)
   if (retryMessage) {

package/packages/datadog-plugin-http/src/client.js

@@ -5,7 +5,6 @@ const { URL } = require('url')
 const ClientPlugin = require('../../dd-trace/src/plugins/client')
 const { storage } = require('../../datadog-core')
 const tags = require('../../../ext/tags')
-const analyticsSampler = require('../../dd-trace/src/analytics_sampler')
 const formats = require('../../../ext/formats')
 const HTTP_HEADERS = formats.HTTP_HEADERS
 const urlFilter = require('../../dd-trace/src/plugins/util/urlfilter')
@@ -69,8 +68,6 @@ class HttpClientPlugin extends ClientPlugin {
       this.tracer.inject(span, HTTP_HEADERS, options.headers)
     }
 
-    analyticsSampler.sample(span, this.config.measured)
-
     message.span = span
     message.parentStore = store
     message.currentStore = { ...store, span }

package/packages/datadog-plugin-http/src/server.js

@@ -34,6 +34,11 @@ class HttpServerPlugin extends ServerPlugin {
     if (this.#startConfig === undefined) {
       this.#refreshStartCache()
     }
+    // A fresh request has no span yet; web.startSpan creates and enters one.
+    // A reused context (HTTP/2 stream, serverless re-entry) returns the
+    // existing span without entering, so the explicit enter below is the only
+    // one in that case.
+    const spanCreated = !web.getContext(req)?.span
     const span = web.startSpan(
       this.tracer,
       this.#startConfig,
@@ -57,7 +62,12 @@ class HttpServerPlugin extends ServerPlugin {
       store = withRequest(store, req)
     }
 
-    this.enter(span, store)
+    // Skip the re-enter when web.startSpan already entered { ...store, span }
+    // and AppSec did not rebuild the store with req: the bind would be
+    // identical to the one startSpan just made.
+    if (!spanCreated || appsecActive) {
+      this.enter(span, store)
+    }
 
     if (!context.instrumented) {
       context.res.writeHead = web.wrapWriteHead(context)

package/packages/datadog-plugin-mocha/src/index.js

@@ -150,6 +150,7 @@ class MochaPlugin extends CiPlugin {
       ctx.parentStore = store
       ctx.currentStore = { ...store, testSuiteSpan }
       this._testSuiteSpansByTestSuite.set(testSuite, testSuiteSpan)
+      this._exportPendingWorkerTracesForTestSuite(testSuite)
     })
 
     this.addSub('ci:mocha:test-suite:finish', ({ testSuiteSpan, status }) => {
@@ -365,6 +366,7 @@ class MochaPlugin extends CiPlugin {
       isTestManagementEnabled,
       isParallel,
     }) => {
+      this._exportPendingWorkerTraces()
       if (this.testSessionSpan) {
         const {
           isSuitesSkippingEnabled,

package/packages/datadog-plugin-pg/src/index.js

@@ -1,5 +1,6 @@
 'use strict'
 
+const { storage } = require('../../datadog-core')
 const { CLIENT_PORT_KEY } = require('../../dd-trace/src/constants')
 const DatabasePlugin = require('../../dd-trace/src/plugins/database')
 
@@ -8,6 +9,15 @@ class PGPlugin extends DatabasePlugin {
   static operation = 'query'
   static system = 'postgres'
 
+  constructor () {
+    super(...arguments)
+
+    this.addSub('apm:pg:pool:connect:start', ctx => {
+      ctx.parentStore = storage('legacy').getStore()
+    })
+    this.addBind('apm:pg:pool:connect:finish', ctx => ctx.parentStore)
+  }
+
   bindStart (ctx) {
     const { params = {}, query, originalText, processId, stream } = ctx
     const service = this.serviceName({ pluginConfig: this.config, params })

package/packages/dd-trace/src/aiguard/index.js

@@ -44,27 +44,46 @@ function disable () {
 /**
  * Handles channel messages with pre-converted messages.
  *
- * @param {{messages: Array<object>, integration?: string, resolve: Function, reject: Function}} ctx
+ * @param {object} ctx
+ * @param {Array<object>} ctx.messages
+ * @param {string} [ctx.integration]
+ * @param {object} [ctx.parentSpan] - LLM span to parent the `ai_guard` span under.
+ * @param {AbortController} ctx.abortController
+ * @param {Array<Promise<void>>} ctx.pending - Subscribers push only when they evaluate.
  */
 function onEvaluate (ctx) {
+  // Decline to evaluate empty payloads by not pushing to pending.
   if (!ctx.messages?.length) {
-    ctx.resolve()
     return
   }
 
-  const opts = { block, source: SOURCE_AUTO, integration: ctx.integration || INTEGRATION_NONE }
-  aiguard.evaluate(ctx.messages, opts)
-    .then(() => {
-      ctx.resolve()
-    })
-    .catch(err => {
-      if (err.name === 'AIGuardAbortError') {
-        ctx.reject(err)
-      } else {
-        log.error('AIGuard: unexpected error during evaluation: %s', err.message)
-        ctx.resolve()
-      }
-    })
+  const opts = {
+    block,
+    source: SOURCE_AUTO,
+    integration: ctx.integration || INTEGRATION_NONE,
+    childOf: ctx.parentSpan,
+  }
+
+  try {
+    ctx.pending.push(aiguard.evaluate(ctx.messages, opts).catch(handleEvaluationError.bind(null, ctx)))
+  } catch (err) {
+    ctx.pending.push(Promise.resolve().then(() => handleEvaluationError(ctx, err)))
+  }
+}
+
+/**
+ * Handles an AI Guard evaluation failure.
+ *
+ * @param {object} ctx
+ * @param {AbortController} ctx.abortController
+ * @param {Error} err
+ */
+function handleEvaluationError (ctx, err) {
+  if (err.name === 'AIGuardAbortError') {
+    ctx.abortController.abort(err)
+  } else {
+    log.error('AIGuard: unexpected error during evaluation: %s', err.message)
+  }
 }
 
 module.exports = { enable, disable }

package/packages/dd-trace/src/aiguard/sdk.js

@@ -1,7 +1,8 @@
 'use strict'
 
 const rfdc = require('../../../../vendor/dist/rfdc')({ proto: false, circles: false })
-const { HTTP_CLIENT_IP, NETWORK_CLIENT_IP } = require('../../../../ext/tags')
+const { HTTP_CLIENT_IP, NETWORK_CLIENT_IP, HTTP_USERAGENT } = require('../../../../ext/tags')
+const { USER_ID, USER_SESSION_ID } = require('../appsec/addresses')
 const { getActiveRequest } = require('../appsec/store')
 const log = require('../log')
 const { extractIp } = require('../plugins/util/ip_extractor')
@@ -17,6 +18,16 @@ const aiguardMetrics = telemetryMetrics.manager.namespace('ai_guard')
 
 const ALLOW = 'ALLOW'
 
+// Tags from the service entry span that must be mirrored onto every AI Guard span
+// so anomaly detection pipelines can process each span independently.
+const SERVICE_ENTRY_TAG_MAPPINGS = [
+  [HTTP_USERAGENT, TAGS.HTTP_USERAGENT_TAG_KEY],
+  [HTTP_CLIENT_IP, TAGS.HTTP_CLIENT_IP_TAG_KEY],
+  [NETWORK_CLIENT_IP, TAGS.NETWORK_CLIENT_IP_TAG_KEY],
+  [USER_ID, TAGS.USR_ID_TAG_KEY],
+  [USER_SESSION_ID, TAGS.USR_SESSION_ID_TAG_KEY],
+]
+
 /**
  * Reports a telemetry error
  *
@@ -181,13 +192,32 @@ class AIGuard extends NoopAIGuard {
     }
   }
 
+  /**
+   * Copies service entry span tags needed by anomaly detection to the AI Guard span.
+   *
+   * @param {import('../opentracing/span')} guardSpan
+   * @param {import('../opentracing/span')} rootSpan
+   */
+  #copyServiceEntryTagsToGuardSpan (guardSpan, rootSpan) {
+    const rootTags = rootSpan.context().getTags()
+    for (const [sourceTag, destTag] of SERVICE_ENTRY_TAG_MAPPINGS) {
+      const value = rootTags[sourceTag]
+      if (value !== undefined && value !== null) {
+        guardSpan.setTag(destTag, value)
+      }
+    }
+  }
+
   evaluate (messages, opts) {
     if (!this.#initialized) {
       return super.evaluate(messages, opts)
     }
-    const { block = true, source = TAGS.SOURCE_SDK, integration = TAGS.INTEGRATION_NONE } = opts ?? {}
+    const { block = true, source = TAGS.SOURCE_SDK, integration = TAGS.INTEGRATION_NONE, childOf } = opts ?? {}
     const telemetryTags = { source, integration }
-    return this.#tracer.trace(TAGS.RESOURCE, {}, async (span) => {
+    // Only pass `childOf` when truthy so `tracer.trace`'s default (`scope().active()`)
+    // still applies for SDK callers that don't supply an explicit parent.
+    const traceOpts = childOf ? { childOf } : {}
+    return this.#tracer.trace(TAGS.RESOURCE, traceOpts, async (span) => {
       const last = messages[messages.length - 1]
       const target = this.#isToolCall(last) ? 'tool' : 'prompt'
       span.setTag(TAGS.TARGET_TAG_KEY, target)
@@ -206,6 +236,7 @@ class AIGuard extends NoopAIGuard {
       const rootSpan = span.context()?._trace?.started?.[0]
       if (rootSpan) {
         this.#setRootSpanClientIpTags(rootSpan)
+        this.#copyServiceEntryTagsToGuardSpan(span, rootSpan)
         // keepTrace must be called before executeRequest so the sampling decision
         // is propagated correctly to outgoing HTTP client calls.
         keepTrace(rootSpan, AI_GUARD)

package/packages/dd-trace/src/aiguard/tags.js

@@ -10,6 +10,12 @@ module.exports = {
   EVENT_TAG_KEY: 'ai_guard.event',
   META_STRUCT_KEY: 'ai_guard',
 
+  HTTP_USERAGENT_TAG_KEY: 'ai_guard.http.useragent',
+  HTTP_CLIENT_IP_TAG_KEY: 'ai_guard.http.client_ip',
+  NETWORK_CLIENT_IP_TAG_KEY: 'ai_guard.network.client.ip',
+  USR_ID_TAG_KEY: 'ai_guard.usr.id',
+  USR_SESSION_ID_TAG_KEY: 'ai_guard.usr.session_id',
+
   TELEMETRY_REQUESTS: 'requests',
   TELEMETRY_TRUNCATED: 'truncated',
   TELEMETRY_ERROR: 'error',

package/packages/dd-trace/src/ci-visibility/exporters/agentless/index.js

@@ -9,7 +9,7 @@ const CoverageWriter = require('./coverage-writer')
 class AgentlessCiVisibilityExporter extends CiVisibilityExporter {
   constructor (config) {
     super(config)
-    const { tags, site, url, isTestDynamicInstrumentationEnabled } = config
+    const { tags, site, DD_CIVISIBILITY_AGENTLESS_URL: url, isTestDynamicInstrumentationEnabled } = config
     // we don't need to request /info because we are using agentless by configuration
     this._isInitialized = true
     this._resolveCanUseCiVisProtocol(true)

package/packages/dd-trace/src/config/defaults.js

@@ -72,6 +72,12 @@ for (const [name, value] of Object.entries(defaults)) {
 function generateTelemetry (value = null, origin, optionName) {
   const tableEntry = configurationsTable[optionName]
   const { type, canonicalName = optionName } = tableEntry ?? { type: typeof value }
+  // Sensitive configurations are excluded from configuration telemetry: their
+  // entry is never added to `configWithOrigin`, the single source for every
+  // telemetry path (app-started and app-client-configuration-change).
+  if (sensitiveConfigurations.has(canonicalName)) {
+    return
+  }
   // TODO: Should we not send defaults to telemetry to reduce size?
   // TODO: How to handle aliases/actual names in the future? Optional fields? Normalize the name at intake?
   // TODO: Validate that space separated tags are parsed by the backend. Optimizations would be possible with that.
@@ -196,6 +202,11 @@ const fallbackConfigurations = new Map()
 
 const regExps = {}
 
+// Canonical names of configurations whose value is excluded from configuration
+// telemetry. Driven by the `sensitive: true` attribute in
+// `supported-configurations.json` so new entries opt in without code changes.
+const sensitiveConfigurations = new Set()
+
 for (const [canonicalName, entries] of Object.entries(supportedConfigurations)) {
   if (entries.length !== 1) {
     // TODO: Determine if we really want to support multiple entries for a canonical name.
@@ -207,6 +218,9 @@ for (const [canonicalName, entries] of Object.entries(supportedConfigurations))
     )
   }
   for (const entry of entries) {
+    if (entry.sensitive) {
+      sensitiveConfigurations.add(canonicalName)
+    }
     const configurationNames = entry.internalPropertyName ? [entry.internalPropertyName] : entry.configurationNames
     const fullPropertyName = configurationNames?.[0] ?? canonicalName
     const type = entry.type.toUpperCase()

package/packages/dd-trace/src/config/generated-config-types.d.ts

@@ -73,7 +73,7 @@ export interface GeneratedConfig {
   DD_APP_KEY: string | undefined;
   DD_AZURE_RESOURCE_GROUP: string | undefined;
   DD_CIVISIBILITY_AGENTLESS_ENABLED: boolean;
-  DD_CIVISIBILITY_AGENTLESS_URL: string | undefined;
+  DD_CIVISIBILITY_AGENTLESS_URL: URL | undefined;
   DD_CIVISIBILITY_AUTO_INSTRUMENTATION_PROVIDER: string | undefined;
   DD_CIVISIBILITY_DANGEROUSLY_FORCE_COVERAGE: boolean;
   DD_CIVISIBILITY_DANGEROUSLY_FORCE_TEST_SKIPPING: boolean;

package/packages/dd-trace/src/config/helper.js

@@ -13,6 +13,7 @@
  * @property {string} [transform]
  * @property {string} [allowed]
  * @property {string|boolean} [deprecated]
+ * @property {boolean} [sensitive] Excludes the configuration value from configuration telemetry.
  */
 
 /**

package/packages/dd-trace/src/config/index.js

@@ -2,7 +2,7 @@
 
 const fs = require('node:fs')
 const os = require('node:os')
-const { URL } = require('node:url')
+const { URL, format } = require('node:url')
 
 const rfdc = require('../../../../vendor/dist/rfdc')({ proto: false, circles: false })
 const uuid = require('../../../../vendor/dist/crypto-randomuuid') // we need to keep the old uuid dep because of cypress
@@ -322,18 +322,14 @@ class Config extends ConfigBase {
   #applyCalculated () {
     undo(this, 'calculated')
 
-    if (this.DD_CIVISIBILITY_AGENTLESS_URL ||
-        this.url ||
+    if (this.url ||
         os.type() !== 'Windows_NT' &&
         !trackedConfigOrigins.has('hostname') &&
         !trackedConfigOrigins.has('port') &&
-        !this.DD_CIVISIBILITY_AGENTLESS_ENABLED &&
         fs.existsSync('/var/run/datadog/apm.socket')) {
-      setAndTrack(
-        this,
-        'url',
-        new URL(this.DD_CIVISIBILITY_AGENTLESS_URL || this.url || 'unix:///var/run/datadog/apm.socket')
-      )
+      setAndTrack(this, 'url', new URL(this.url || 'unix:///var/run/datadog/apm.socket'))
+    } else {
+      setAndTrack(this, 'url', new URL(format({ protocol: 'http:', hostname: this.hostname, port: this.port })))
     }
 
     if (this.isCiVisibility) {

package/packages/dd-trace/src/config/parsers.js

@@ -145,6 +145,14 @@ const transformers = {
     }
     return value.replaceAll(/\s*:\s*/g, ':')
   },
+  /**
+   * @param {string} value
+   */
+  toURL (value) {
+    try {
+      return new URL(value)
+    } catch {}
+  },
   validatePropagationStyles (value, optionName) {
     value = transformers.toLowerCase(value)
     for (let index = 0; index < value.length; index++) {

package/packages/dd-trace/src/config/supported-configurations.json

@@ -111,7 +111,8 @@
         "aliases": [
           "DATADOG_API_KEY"
         ],
-        "internalPropertyName": "apiKey"
+        "internalPropertyName": "apiKey",
+        "sensitive": true
       }
     ],
     "DD_API_SECURITY_ENABLED": [
@@ -423,7 +424,8 @@
       {
         "implementation": "A",
         "type": "string",
-        "default": null
+        "default": null,
+        "sensitive": true
       }
     ],
     "DD_AZURE_RESOURCE_GROUP": [
@@ -444,6 +446,7 @@
       {
         "implementation": "A",
         "type": "string",
+        "transform": "toURL",
         "default": null
       }
     ],
@@ -3913,7 +3916,8 @@
       {
         "implementation": "B",
         "type": "map",
-        "default": null
+        "default": null,
+        "sensitive": true
       }
     ],
     "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT": [
@@ -3930,7 +3934,8 @@
         "default": null,
         "aliases": [
           "OTEL_EXPORTER_OTLP_HEADERS"
-        ]
+        ],
+        "sensitive": true
       }
     ],
     "OTEL_EXPORTER_OTLP_TRACES_PROTOCOL": [
@@ -3968,7 +3973,8 @@
         "default": null,
         "aliases": [
           "OTEL_EXPORTER_OTLP_HEADERS"
-        ]
+        ],
+        "sensitive": true
       }
     ],
     "OTEL_EXPORTER_OTLP_LOGS_PROTOCOL": [
@@ -4006,7 +4012,8 @@
         "default": null,
         "aliases": [
           "OTEL_EXPORTER_OTLP_HEADERS"
-        ]
+        ],
+        "sensitive": true
       }
     ],
     "OTEL_EXPORTER_OTLP_METRICS_PROTOCOL": [

package/packages/dd-trace/src/crashtracking/crashtracker.js

@@ -7,7 +7,6 @@ const libdatadog = require('@datadog/libdatadog')
 const binding = libdatadog.load('crashtracker')
 
 const log = require('../log')
-const { getAgentUrl } = require('../agent/url')
 const pkg = require('../../../../package.json')
 const processTags = require('../process-tags')
 
@@ -68,7 +67,7 @@ class Crashtracker {
    * @param {import('../config/config-base')} config - Tracer configuration
    */
   #getConfig (config) {
-    const url = getAgentUrl(config)
+    const url = config.url
 
     // Out-of-process symbolication currently works on
     // Linux only, does not work on Mac.
@@ -78,6 +77,7 @@ class Crashtracker {
 
     return {
       additional_files: [],
+      collect_all_threads: true,
       create_alt_stack: true,
       use_alt_stack: true,
       endpoint: {

package/packages/dd-trace/src/datastreams/writer.js

@@ -5,7 +5,6 @@ const pkg = require('../../../../package.json')
 const log = require('../log')
 const request = require('../exporters/common/request')
 const { encode: encodeMsgpack } = require('../msgpack')
-const { getAgentUrl } = require('../agent/url')
 
 function makeRequest (data, url, cb) {
   const options = {
@@ -29,7 +28,7 @@ function makeRequest (data, url, cb) {
 
 class DataStreamsWriter {
   constructor (config) {
-    this._url = getAgentUrl(config)
+    this._url = config.url
   }
 
   flush (payload) {

package/packages/dd-trace/src/debugger/config.js

@@ -16,7 +16,7 @@ module.exports = function getDebuggerConfig (config, inputPath) {
     repositoryUrl,
     runtimeId: config.tags['runtime-id'],
     service: config.service,
-    url: config.url?.toString(),
+    url: config.url.toString(),
     version: config.version,
     inputPath,
   }