dd-trace 5.52.0 → 5.53.0

package/packages/dd-trace/src/appsec/rasp/index.js

@@ -85,10 +85,12 @@ function blockOnDatadogRaspAbortError ({ error }) {
   const abortError = findDatadogRaspAbortError(error)
   if (!abortError) return false
 
-  const { req, res, blockingAction, raspRule } = abortError
+  const { req, res, blockingAction, raspRule, ruleTriggered } = abortError
   if (!isBlocked(res)) {
     const blocked = block(req, res, web.root(req), null, blockingAction)
-    updateRaspRuleMatchMetricTags(req, raspRule, true, blocked)
+    if (ruleTriggered) {
+      updateRaspRuleMatchMetricTags(req, raspRule, true, blocked)
+    }
   }
 
   return true

package/packages/dd-trace/src/appsec/rasp/utils.js

@@ -20,23 +20,26 @@ const RULE_TYPES = {
 }
 
 class DatadogRaspAbortError extends Error {
-  constructor (req, res, blockingAction, raspRule) {
+  constructor (req, res, blockingAction, raspRule, ruleTriggered) {
     super('DatadogRaspAbortError')
     this.name = 'DatadogRaspAbortError'
     this.req = req
     this.res = res
     this.blockingAction = blockingAction
     this.raspRule = raspRule
+    this.ruleTriggered = ruleTriggered
   }
 }
 
-function handleResult (actions, req, res, abortController, config, raspRule) {
-  const generateStackTraceAction = actions?.generate_stack
+function handleResult (result, req, res, abortController, config, raspRule) {
+  const generateStackTraceAction = result?.actions?.generate_stack
 
   const { enabled, maxDepth, maxStackTraces } = config.appsec.stackTrace
 
   const rootSpan = web.root(req)
 
+  const ruleTriggered = !!result?.events?.length
+
   if (generateStackTraceAction && enabled && canReportStackTrace(rootSpan, maxStackTraces)) {
     const frames = getCallsiteFrames(maxDepth)
 
@@ -48,11 +51,11 @@ function handleResult (actions, req, res, abortController, config, raspRule) {
   }
 
   if (abortController && !abortOnUncaughtException) {
-    const blockingAction = getBlockingAction(actions)
+    const blockingAction = getBlockingAction(result?.actions)
 
     // Should block only in express
     if (blockingAction && rootSpan?.context()._name === 'express.request') {
-      const abortError = new DatadogRaspAbortError(req, res, blockingAction, raspRule)
+      const abortError = new DatadogRaspAbortError(req, res, blockingAction, raspRule, ruleTriggered)
       abortController.abort(abortError)
 
       // TODO Delete this when support for node 16 is removed
@@ -64,7 +67,9 @@ function handleResult (actions, req, res, abortController, config, raspRule) {
     }
   }
 
-  updateRaspRuleMatchMetricTags(req, raspRule, false, false)
+  if (ruleTriggered) {
+    updateRaspRuleMatchMetricTags(req, raspRule, false, false)
+  }
 }
 
 module.exports = {

package/packages/dd-trace/src/appsec/sdk/user_blocking.js

@@ -9,8 +9,8 @@ const { setUserTags } = require('./set_user')
 const log = require('../../log')
 
 function isUserBlocked (user) {
-  const actions = waf.run({ persistent: { [USER_ID]: user.id } })
-  return !!getBlockingAction(actions)
+  const results = waf.run({ persistent: { [USER_ID]: user.id } })
+  return !!getBlockingAction(results?.actions)
 }
 
 function checkUserAndSetUser (tracer, user) {

package/packages/dd-trace/src/appsec/telemetry/index.js

@@ -41,8 +41,7 @@ function newStore () {
       wafErrorCode: null,
       raspErrorCode: null,
       wafVersion: null,
-      rulesVersion: null,
-      ruleTriggered: null
+      rulesVersion: null
     }
   }
 }

package/packages/dd-trace/src/appsec/telemetry/rasp.js

@@ -49,10 +49,6 @@ function trackRaspMetrics (store, metrics, raspRule) {
     telemetryMetrics.rulesVersion = metrics.rulesVersion
   }
 
-  if (metrics.ruleTriggered) {
-    telemetryMetrics.ruleTriggered = true
-  }
-
   appsecMetrics.count('rasp.rule.eval', tags).inc(1)
 
   if (metrics.errorCode) {
@@ -68,7 +64,6 @@ function trackRaspMetrics (store, metrics, raspRule) {
 
 function trackRaspRuleMatch (store, raspRule, blockTriggered, blocked) {
   const telemetryMetrics = store[DD_TELEMETRY_REQUEST_METRICS]
-  if (!telemetryMetrics.ruleTriggered) return
 
   const tags = {
     waf_version: telemetryMetrics.wafVersion,
@@ -82,10 +77,6 @@ function trackRaspRuleMatch (store, raspRule, blockTriggered, blocked) {
   }
 
   appsecMetrics.count('rasp.rule.match', tags).inc(1)
-
-  // this is needed to not count it twice for the same match
-  // but it also means it can only be called once per waf call even if there are multiple rasp match
-  telemetryMetrics.ruleTriggered = null
 }
 
 function trackRaspRuleSkipped (raspRule, reason) {

package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js

@@ -19,7 +19,7 @@ class WAFContextWrapper {
     this.rulesVersion = rulesVersion
     this.knownAddresses = knownAddresses
     this.addressesToSkip = new Set()
-    this.cachedUserIdActions = new Map()
+    this.cachedUserIdResults = new Map()
   }
 
   run ({ persistent, ephemeral }, raspRule) {
@@ -36,9 +36,9 @@ class WAFContextWrapper {
     // TODO: make this universal
     const userId = persistent?.[addresses.USER_ID] || ephemeral?.[addresses.USER_ID]
     if (userId) {
-      const cachedAction = this.cachedUserIdActions.get(userId)
-      if (cachedAction) {
-        return cachedAction
+      const cachedResults = this.cachedUserIdResults.get(userId)
+      if (cachedResults) {
+        return cachedResults
       }
     }
 
@@ -142,7 +142,7 @@ class WAFContextWrapper {
 
       Reporter.reportDerivatives(result.derivatives)
 
-      return result.actions
+      return result
     } catch (err) {
       log.error('[ASM] Error while running the AppSec WAF', err)
 
@@ -168,7 +168,7 @@ class WAFContextWrapper {
           const parameter = match.parameters[k]
 
           if (parameter?.address === addresses.USER_ID) {
-            this.cachedUserIdActions.set(userId, result.actions)
+            this.cachedUserIdResults.set(userId, result)
             return
           }
         }

package/packages/dd-trace/src/config.js

@@ -139,7 +139,7 @@ const qsRegex = '(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private
 // eslint-disable-next-line @stylistic/js/max-len
 const defaultWafObfuscatorKeyRegex = '(?i)pass|pw(?:or)?d|secret|(?:api|private|public|access)[_-]?key|token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization|jsessionid|phpsessid|asp\\.net[_-]sessionid|sid|jwt'
 // eslint-disable-next-line @stylistic/js/max-len
-const defaultWafObfuscatorValueRegex = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:[_-]?phrase)?|secret(?:[_-]?key)?|(?:(?:api|private|public|access)[_-]?)key(?:[_-]?id)?|(?:(?:auth|access|id|refresh)[_-]?)?token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?|jsessionid|phpsessid|asp\\.net(?:[_-]|-)sessionid|sid|jwt)(?:\\s*=[^;]|"\\s*:\\s*"[^"]+")|bearer\\s+[a-z0-9\\._\\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\\w=-]+\\.ey[I-L][\\w=-]+(?:\\.[\\w.+\\/=-]+)?|[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY|ssh-rsa\\s*[a-z0-9\\/\\.+]{100,}'
+const defaultWafObfuscatorValueRegex = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:[_-]?phrase)?|secret(?:[_-]?key)?|(?:(?:api|private|public|access)[_-]?)key(?:[_-]?id)?|(?:(?:auth|access|id|refresh)[_-]?)?token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?|jsessionid|phpsessid|asp\\.net(?:[_-]|-)sessionid|sid|jwt)(?:\\s*=([^;&]+)|"\\s*:\\s*("[^"]+"|\\d+))|bearer\\s+([a-z0-9\\._\\-]+)|token\\s*:\\s*([a-z0-9]{13})|gh[opsu]_([0-9a-zA-Z]{36})|ey[I-L][\\w=-]+\\.(ey[I-L][\\w=-]+(?:\\.[\\w.+\\/=-]+)?)|[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}([^\\-]+)[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY|ssh-rsa\\s*([a-z0-9\\/\\.+]{100,})'
 const runtimeId = uuid()
 
 function maybeFile (filepath) {

package/packages/dd-trace/src/debugger/devtools_client/breakpoints.js

@@ -5,10 +5,35 @@ const { getGeneratedPosition } = require('./source-maps')
 const session = require('./session')
 const { compile: compileCondition, compileSegments, templateRequiresEvaluation } = require('./condition')
 const { MAX_SNAPSHOTS_PER_SECOND_PER_PROBE, MAX_NON_SNAPSHOTS_PER_SECOND_PER_PROBE } = require('./defaults')
-const { findScriptFromPartialPath, locationToBreakpoint, breakpointToProbes, probeToLocation } = require('./state')
+const {
+  findScriptFromPartialPath,
+  clearState,
+  locationToBreakpoint,
+  breakpointToProbes,
+  probeToLocation
+} = require('./state')
 const log = require('../../log')
 
 let sessionStarted = false
+const probes = new Map()
+let scriptLoadingStabilizedResolve
+const scriptLoadingStabilized = new Promise((resolve) => { scriptLoadingStabilizedResolve = resolve })
+
+// There's a race condition when a probe is first added, where the actual script that the probe is supposed to match
+// hasn't been loaded yet. This will result in either the probe not being added at all, or an incorrect script being
+// matched as the probe target.
+//
+// Therefore, once new scripts has been loaded, all probes are re-evaluated. If the matched `scriptId` has changed, we
+// simply remove the old probe (if it was added to the wrong script) and apply it again.
+session.on('scriptLoadingStabilized', () => {
+  log.debug('[debugger:devtools_client] Re-evaluating probes')
+  scriptLoadingStabilizedResolve()
+  for (const probe of probes.values()) {
+    reEvaluateProbe(probe).catch(err => {
+      log.error('[debugger:devtools_client] Error re-evaluating probe %s', probe.id, err)
+    })
+  }
+})
 
 module.exports = {
   addBreakpoint,
@@ -18,13 +43,14 @@ module.exports = {
 async function addBreakpoint (probe) {
   if (!sessionStarted) await start()
 
+  probes.set(probe.id, probe)
+
   const file = probe.where.sourceFile
   let lineNumber = Number(probe.where.lines[0]) // Tracer doesn't support multiple-line breakpoints
   let columnNumber = 0 // Probes do not contain/support column information
 
   // Optimize for sending data to /debugger/v1/input endpoint
   probe.location = { file, lines: [String(lineNumber)] }
-  delete probe.where
 
   // Optimize for fast calculations when probe is hit
   probe.templateRequiresEvaluation = templateRequiresEvaluation(probe.segments)
@@ -47,6 +73,8 @@ async function addBreakpoint (probe) {
   if (!script) throw new Error(`No loaded script found for ${file} (probe: ${probe.id}, version: ${probe.version})`)
   const { url, scriptId, sourceMapURL, source } = script
 
+  probe.scriptId = scriptId // Needed for detecting script changes during re-evaluation
+
   if (sourceMapURL) {
     log.debug(
       '[debugger:devtools_client] Translating location using source map for %s:%d:%d (probe: %s, version: %d)',
@@ -109,6 +137,8 @@ async function removeBreakpoint ({ id }) {
     throw Error(`Unknown probe id: ${id}`)
   }
 
+  probes.delete(id)
+
   const release = await lock()
 
   try {
@@ -173,25 +203,47 @@ async function updateBreakpoint (breakpoint, probe) {
   }
 }
 
-function start () {
+async function reEvaluateProbe (probe) {
+  const script = findScriptFromPartialPath(probe.where.sourceFile)
+  log.debug('[debugger:devtools_client] re-evaluating probe %s: %s => %s', probe.id, probe.scriptId, script?.scriptId)
+
+  if (probe.scriptId !== script?.scriptId) {
+    log.debug('[debugger:devtools_client] Better match found for probe %s, re-evaluating', probe.id)
+    if (probeToLocation.has(probe.id)) {
+      await removeBreakpoint(probe)
+    }
+    await addBreakpoint(probe)
+  }
+}
+
+async function start () {
   sessionStarted = true
   log.debug('[debugger:devtools_client] Starting debugger')
-  return session.post('Debugger.enable')
+  await session.post('Debugger.enable')
+
+  // Wait until there's a pause in script-loading to avoid accidentally adding probes to incorrect scripts. This is not
+  // a guarantee, but best effort.
+  log.debug('[debugger:devtools_client] Waiting for script-loading to stabilize')
+  await scriptLoadingStabilized
+  log.debug('[debugger:devtools_client] Script loading stabilized')
 }
 
 function stop () {
   sessionStarted = false
+  clearState()
   log.debug('[debugger:devtools_client] Stopping debugger')
   return session.post('Debugger.disable')
 }
 
 // Only if all probes have a condition can we use a compound condition.
 // Otherwise, we need to evaluate each probe individually once the breakpoint is hit.
-// TODO: Handle errors - if there's 2 conditons, and one fails but the other returns true, we should still pause the
-// breakpoint
 function compileCompoundCondition (probes) {
+  if (probes.length === 1) return probes[0].condition
+
   return probes.every(p => p.condition)
-    ? probes.map(p => p.condition).filter(Boolean).join(' || ')
+    ? probes
+      .map((p) => `(() => { try { return ${p.condition} } catch { return false } })()`)
+      .join(' || ')
     : undefined
 }
 

package/packages/dd-trace/src/debugger/devtools_client/index.js

@@ -6,7 +6,7 @@ const session = require('./session')
 const { getLocalStateForCallFrame } = require('./snapshot')
 const send = require('./send')
 const { getStackFromCallFrames } = require('./state')
-const { ackEmitting, ackError } = require('./status')
+const { ackEmitting } = require('./status')
 const { parentThreadId } = require('./config')
 const { MAX_SNAPSHOTS_PER_SECOND_GLOBALLY } = require('./defaults')
 const log = require('../../log')
@@ -36,7 +36,6 @@ const getDDTagsExpression = `(() => {
 const threadId = parentThreadId === 0 ? `pid:${process.pid}` : `pid:${process.pid};tid:${parentThreadId}`
 const threadName = parentThreadId === 0 ? 'MainThread' : `WorkerThread:${parentThreadId}`
 
-const SUPPORT_ITERATOR_METHODS = NODE_MAJOR >= 22
 const SUPPORT_ARRAY_BUFFER_RESIZE = NODE_MAJOR >= 20
 const oneSecondNs = 1_000_000_000n
 let globalSnapshotSamplingRateWindowStart = 0n
@@ -77,14 +76,6 @@ session.on('Debugger.paused', async ({ params }) => {
       }
     }
 
-    // If all the probes have a condition, we know that it triggered. If at least one probe doesn't have a condition, we
-    // need to verify which conditions are met.
-    const shouldVerifyConditions = (
-      SUPPORT_ITERATOR_METHODS
-        ? probesAtLocation.values()
-        : Array.from(probesAtLocation.values())
-    ).some((probe) => probe.condition === undefined)
-
     for (const probe of probesAtLocation.values()) {
       if (start - probe.lastCaptureNs < probe.nsBetweenSampling) {
         continue
@@ -109,7 +100,7 @@ session.on('Debugger.paused', async ({ params }) => {
         maxLength = highestOrUndefined(probe.capture.maxLength, maxLength)
       }
 
-      if (shouldVerifyConditions && probe.condition !== undefined) {
+      if (probe.condition !== undefined) {
         // TODO: Bundle all conditions and evaluate them in a single call
         // TODO: Handle errors
         const { result } = await session.post('Debugger.evaluateOnCallFrame', {
@@ -153,20 +144,11 @@ session.on('Debugger.paused', async ({ params }) => {
     evalResults = result?.value ?? []
   }
 
-  let processLocalState
-  if (numberOfProbesWithSnapshots !== 0) {
-    try {
-      // TODO: Create unique states for each affected probe based on that probes unique `capture` settings (DEBUG-2863)
-      processLocalState = await getLocalStateForCallFrame(
-        params.callFrames[0],
-        { maxReferenceDepth, maxCollectionSize, maxFieldCount, maxLength }
-      )
-    } catch (err) {
-      for (let i = 0; i < numberOfProbesWithSnapshots; i++) {
-        ackError(err, probes[snapshotProbeIndex[i]]) // TODO: Ok to continue after sending ackError?
-      }
-    }
-  }
+  // TODO: Create unique states for each affected probe based on that probes unique `capture` settings (DEBUG-2863)
+  const processLocalState = numberOfProbesWithSnapshots !== 0 && await getLocalStateForCallFrame(
+    params.callFrames[0],
+    { maxReferenceDepth, maxCollectionSize, maxFieldCount, maxLength }
+  )
 
   await session.post('Debugger.resume')
   const diff = process.hrtime.bigint() - start // TODO: Recored as telemetry (DEBUG-2858)
@@ -206,7 +188,9 @@ session.on('Debugger.paused', async ({ params }) => {
 
     if (probe.captureSnapshot) {
       const state = processLocalState()
-      if (state) {
+      if (state instanceof Error) {
+        snapshot.captureError = state.message
+      } else if (state) {
         snapshot.captures = {
           lines: { [probe.location.lines[0]]: { locals: state } }
         }

package/packages/dd-trace/src/debugger/devtools_client/send.js

@@ -13,7 +13,8 @@ const { version } = require('../../../../../package.json')
 module.exports = send
 
 const MAX_MESSAGE_LENGTH = 8 * 1024 // 8KB
-const MAX_LOG_PAYLOAD_SIZE = 1024 * 1024 // 1MB
+const MAX_LOG_PAYLOAD_SIZE_MB = 1
+const MAX_LOG_PAYLOAD_SIZE_BYTES = MAX_LOG_PAYLOAD_SIZE_MB * 1024 * 1024
 
 const ddsource = 'dd_debugger'
 const hostname = getHostname()
@@ -48,13 +49,13 @@ function send (message, logger, dd, snapshot) {
   let json = JSON.stringify(payload)
   let size = Buffer.byteLength(json)
 
-  if (size > MAX_LOG_PAYLOAD_SIZE) {
+  if (size > MAX_LOG_PAYLOAD_SIZE_BYTES) {
     // TODO: This is a very crude way to handle large payloads. Proper pruning will be implemented later (DEBUG-2624)
-    const line = Object.values(payload.debugger.snapshot.captures.lines)[0]
-    line.locals = {
-      notCapturedReason: 'Snapshot was too large',
-      size: Object.keys(line.locals).length
-    }
+    delete payload.debugger.snapshot.captures
+    payload.debugger.snapshot.captureError =
+      `Snapshot was too large (max allowed size is ${MAX_LOG_PAYLOAD_SIZE_MB} MiB). ` +
+      'Consider reducing the capture depth or turn off "Capture Variables" completely, ' +
+      'and instead include the variables of interest directly in the message template.'
     json = JSON.stringify(payload)
     size = Buffer.byteLength(json)
   }

package/packages/dd-trace/src/debugger/devtools_client/snapshot/index.js

@@ -2,6 +2,7 @@
 
 const { getRuntimeObject } = require('./collector')
 const { processRawState } = require('./processor')
+const log = require('../../../log')
 
 const DEFAULT_MAX_REFERENCE_DEPTH = 3
 const DEFAULT_MAX_COLLECTION_SIZE = 100
@@ -24,13 +25,20 @@ async function getLocalStateForCallFrame (
   const rawState = []
   let processedState = null
 
-  await Promise.all(callFrame.scopeChain.map(async (scope) => {
-    if (scope.type === 'global') return // The global scope is too noisy
-    rawState.push(...await getRuntimeObject(
-      scope.object.objectId,
-      { maxReferenceDepth, maxCollectionSize, maxFieldCount }
-    ))
-  }))
+  try {
+    await Promise.all(callFrame.scopeChain.map(async (scope) => {
+      if (scope.type === 'global') return // The global scope is too noisy
+      rawState.push(...await getRuntimeObject(
+        scope.object.objectId,
+        { maxReferenceDepth, maxCollectionSize, maxFieldCount }
+      ))
+    }))
+  } catch (err) {
+    // TODO: We might be able to get part of the scope chain.
+    // Consider if we could set errors just for the part of the scope chain that throws during collection.
+    log.error('[debugger:devtools_client] Error getting local state for call frame', err)
+    return () => new Error('Error getting local state')
+  }
 
   // Deplay calling `processRawState` so the caller gets a chance to resume the main thread before processing `rawState`
   return () => {

package/packages/dd-trace/src/debugger/devtools_client/state.js

@@ -9,12 +9,16 @@ const WINDOWS_DRIVE_LETTER_REGEX = /[a-zA-Z]/
 
 const loadedScripts = []
 const scriptUrls = new Map()
+let reEvaluateProbesTimer = null
 
 module.exports = {
   locationToBreakpoint: new Map(),
   breakpointToProbes: new Map(),
   probeToLocation: new Map(),
 
+  _loadedScripts: loadedScripts, // Only exposed for testing
+  _scriptUrls: scriptUrls, // Only exposed for testing
+
   /**
    * Find the script to inspect based on a partial or absolute path. Handles both Windows and POSIX paths.
    *
@@ -93,6 +97,10 @@ module.exports = {
 
   getStackFromCallFrames (callFrames) {
     return callFrames.map((frame) => {
+      // TODO: Possible race condition: If the breakpoint is in the process of being removed, and this is the last
+      // breakpoint, it will also stop the debugging session, which in turn will clear the state, which means clearing
+      // the `scriptUrls` map. That might result in this the `scriptUrls.get` call above returning `undefined`, which
+      // will throw when `startsWith` is called on it.
       let fileName = scriptUrls.get(frame.location.scriptId)
       if (fileName.startsWith('file://')) fileName = fileName.substr(7) // TODO: This might not be required
       return {
@@ -102,6 +110,14 @@ module.exports = {
         columnNumber: frame.location.columnNumber + 1 // Beware! columnNumber is zero-indexed
       }
     })
+  },
+
+  // The maps locationToBreakpoint, breakpointToProbes, and probeToLocation are always updated when breakpoints are
+  // removed. Therefore they do not need to get manually cleared. Only the state internal to this file needs to be
+  // cleared.
+  clearState () {
+    loadedScripts.length = 0
+    scriptUrls.clear()
   }
 }
 
@@ -112,7 +128,6 @@ module.exports = {
 // Unknown params.url values:
 // - `structured-stack` - Not sure what this is, but should just be ignored
 // - `` - Not sure what this is, but should just be ignored
-// TODO: Event fired for all files, every time debugger is enabled. So when we disable it, we need to reset the state
 session.on('Debugger.scriptParsed', ({ params }) => {
   scriptUrls.set(params.scriptId, params.url)
   if (params.url.startsWith('file:')) {
@@ -142,5 +157,10 @@ session.on('Debugger.scriptParsed', ({ params }) => {
     } else {
       loadedScripts.push(params)
     }
+
+    clearTimeout(reEvaluateProbesTimer)
+    reEvaluateProbesTimer = setTimeout(() => {
+      session.emit('scriptLoadingStabilized')
+    }, 500)
   }
 })

package/packages/dd-trace/src/dogstatsd.js

@@ -392,6 +392,8 @@ class CustomMetrics {
    * These are translated into [ 'tagName:tagValue' ] for internal use
    */
   static tagTranslator (objTags) {
+    if (Array.isArray(objTags)) return objTags
+
     const arrTags = []
 
     if (!objTags) return arrTags

package/packages/dd-trace/src/llmobs/tagger.js

@@ -148,12 +148,12 @@ class LLMObsTagger {
   }
 
   tagSpanTags (span, tags) {
-    // new tags will be merged with existing tags
     const currentTags = registry.get(span)?.[TAGS]
     if (currentTags) {
-      Object.assign(tags, currentTags)
+      Object.assign(currentTags, tags)
+    } else {
+      this._setTag(span, TAGS, tags)
     }
-    this._setTag(span, TAGS, tags)
   }
 
   changeKind (span, newKind) {

package/packages/dd-trace/src/plugins/index.js

@@ -48,6 +48,7 @@ module.exports = {
   get http2 () { return require('../../../datadog-plugin-http2/src') },
   get https () { return require('../../../datadog-plugin-http/src') },
   get ioredis () { return require('../../../datadog-plugin-ioredis/src') },
+  get iovalkey () { return require('../../../datadog-plugin-iovalkey/src') },
   get 'jest-circus' () { return require('../../../datadog-plugin-jest/src') },
   get 'jest-config' () { return require('../../../datadog-plugin-jest/src') },
   get 'jest-environment-node' () { return require('../../../datadog-plugin-jest/src') },

package/packages/dd-trace/src/proxy.js

@@ -152,10 +152,6 @@ class Tracer extends NoopProxy {
         }
       }
 
-      if (config.isGCPFunction || config.isAzureFunction) {
-        require('./serverless').maybeStartServerlessMiniAgent(config)
-      }
-
       if (config.profiling.enabled !== 'false') {
         const { SSIHeuristics } = require('./profiling/ssi-heuristics')
         const ssiHeuristics = new SSIHeuristics(config)

package/packages/dd-trace/src/serverless.js

@@ -1,51 +1,5 @@
 'use strict'
 
-const log = require('./log')
-
-function maybeStartServerlessMiniAgent (config) {
-  if (process.platform !== 'win32' && process.platform !== 'linux') {
-    log.error('Serverless Mini Agent is only supported on Windows and Linux.')
-    return
-  }
-
-  const rustBinaryPath = getRustBinaryPath(config)
-
-  const fs = require('fs')
-
-  log.debug(`Trying to spawn the Serverless Mini Agent at path: ${rustBinaryPath}`)
-
-  // trying to spawn with an invalid path will return a non-descriptive error, so we want to catch
-  // invalid paths and log our own error.
-  if (!fs.existsSync(rustBinaryPath)) {
-    log.error('Serverless Mini Agent did not start. Could not find mini agent binary.')
-    return
-  }
-  try {
-    require('child_process').spawn(rustBinaryPath, { stdio: 'inherit' })
-  } catch (err) {
-    log.error('Error spawning mini agent process: %s', err.message)
-  }
-}
-
-function getRustBinaryPath (config) {
-  if (process.env.DD_MINI_AGENT_PATH !== undefined) {
-    return process.env.DD_MINI_AGENT_PATH
-  }
-
-  const rustBinaryPathRoot = config.isGCPFunction ? '/workspace' : '/home/site/wwwroot'
-  const rustBinaryPathOsFolder = process.platform === 'win32'
-    ? 'datadog-serverless-agent-windows-amd64'
-    : 'datadog-serverless-agent-linux-amd64'
-
-  const rustBinaryExtension = process.platform === 'win32' ? '.exe' : ''
-
-  const rustBinaryPath =
-    `${rustBinaryPathRoot}/node_modules/@datadog/sma/${rustBinaryPathOsFolder}/\
-datadog-serverless-trace-mini-agent${rustBinaryExtension}`
-
-  return rustBinaryPath
-}
-
 function getIsGCPFunction () {
   const isDeprecatedGCPFunction = process.env.FUNCTION_NAME !== undefined && process.env.GCP_PROJECT !== undefined
   const isNewerGCPFunction = process.env.K_SERVICE !== undefined && process.env.FUNCTION_TARGET !== undefined
@@ -69,9 +23,7 @@ function isInServerlessEnvironment () {
 }
 
 module.exports = {
-  maybeStartServerlessMiniAgent,
   getIsGCPFunction,
   getIsAzureFunction,
-  getRustBinaryPath,
   isInServerlessEnvironment
 }

package/packages/dd-trace/src/service-naming/schemas/v0/storage.js

@@ -35,6 +35,13 @@ const redisConfig = {
   }
 }
 
+const valkeyConfig = {
+  opName: () => 'valkey.command',
+  serviceName: ({ tracerService, pluginConfig, system, connectionName }) => {
+    return getRedisService(pluginConfig, connectionName) || fromSystem(tracerService, system)
+  }
+}
+
 const storage = {
   client: {
     aerospike: {
@@ -57,6 +64,7 @@ const storage = {
         pluginConfig.service || `${tracerService}-elasticsearch`
     },
     ioredis: redisConfig,
+    iovalkey: valkeyConfig,
     mariadb: {
       opName: () => 'mariadb.query',
       serviceName: mysqlServiceName

package/packages/dd-trace/src/service-naming/schemas/v1/storage.js

@@ -38,6 +38,10 @@ const storage = {
       serviceName: configWithFallback
     },
     ioredis: redisNaming,
+    iovalkey: {
+      opName: () => 'valkey.command',
+      serviceName: configWithFallback
+    },
     mariadb: {
       opName: () => 'mariadb.query',
       serviceName: withFunction