dd-trace 5.87.0 → 5.88.0

package/packages/dd-trace/src/config/defaults.js

@@ -1,15 +1,12 @@
 'use strict'
 
 const pkg = require('../pkg')
-const { GRPC_CLIENT_ERROR_STATUSES, GRPC_SERVER_ERROR_STATUSES } = require('../constants')
+const { isFalse, isTrue } = require('../util')
 const { getEnvironmentVariable: getEnv } = require('./helper')
 
-// eslint-disable-next-line @stylistic/max-len
-const qsRegex = String.raw`(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:(?:\s|%20)*(?:=|%3D)[^&]+|(?:"|%22)(?:\s|%20)*(?::|%3A)(?:\s|%20)*(?:"|%22)(?:%2[^2]|%[^2]|[^"%])+(?:"|%22))|bearer(?:\s|%20)+[a-z0-9\._\-]+|token(?::|%3A)[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L](?:[\w=-]|%3D)+\.ey[I-L](?:[\w=-]|%3D)+(?:\.(?:[\w.+\/=-]|%3D|%2F|%2B)+)?|[\-]{5}BEGIN(?:[a-z\s]|%20)+PRIVATE(?:\s|%20)KEY[\-]{5}[^\-]+[\-]{5}END(?:[a-z\s]|%20)+PRIVATE(?:\s|%20)KEY|ssh-rsa(?:\s|%20)*(?:[a-z0-9\/\.+]|%2F|%5C|%2B){100,}`
-// eslint-disable-next-line @stylistic/max-len
-const defaultWafObfuscatorKeyRegex = String.raw`(?i)pass|pw(?:or)?d|secret|(?:api|private|public|access)[_-]?key|token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization|jsessionid|phpsessid|asp\.net[_-]sessionid|sid|jwt`
-// eslint-disable-next-line @stylistic/max-len
-const defaultWafObfuscatorValueRegex = String.raw`(?i)(?:p(?:ass)?w(?:or)?d|pass(?:[_-]?phrase)?|secret(?:[_-]?key)?|(?:(?:api|private|public|access)[_-]?)key(?:[_-]?id)?|(?:(?:auth|access|id|refresh)[_-]?)?token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?|jsessionid|phpsessid|asp\.net(?:[_-]|-)sessionid|sid|jwt)(?:\s*=([^;&]+)|"\s*:\s*("[^"]+"|\d+))|bearer\s+([a-z0-9\._\-]+)|token\s*:\s*([a-z0-9]{13})|gh[opsu]_([0-9a-zA-Z]{36})|ey[I-L][\w=-]+\.(ey[I-L][\w=-]+(?:\.[\w.+\/=-]+)?)|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}([^\-]+)[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*([a-z0-9\/\.+]{100,})`
+const {
+  supportedConfigurations,
+} = /** @type {import('./helper').SupportedConfigurationsJson} */ (require('./supported-configurations.json'))
 
 const service = getEnv('AWS_LAMBDA_FUNCTION_NAME') ||
   getEnv('FUNCTION_NAME') || // Google Cloud Function Name set by deprecated runtimes
@@ -18,206 +15,160 @@ const service = getEnv('AWS_LAMBDA_FUNCTION_NAME') ||
   pkg.name ||
   'node'
 
-module.exports = {
-  apiKey: undefined,
-  appKey: undefined,
-  apmTracingEnabled: true,
-  'appsec.apiSecurity.enabled': true,
-  'appsec.apiSecurity.sampleDelay': 30,
-  'appsec.apiSecurity.endpointCollectionEnabled': true,
-  'appsec.apiSecurity.endpointCollectionMessageLimit': 300,
-  'appsec.apiSecurity.downstreamBodyAnalysisSampleRate': 0.5,
-  'appsec.apiSecurity.maxDownstreamRequestBodyAnalysis': 1,
-  'appsec.blockedTemplateGraphql': undefined,
-  'appsec.blockedTemplateHtml': undefined,
-  'appsec.blockedTemplateJson': undefined,
-  'appsec.enabled': undefined,
-  'appsec.eventTracking.mode': 'identification',
-  // TODO appsec.extendedHeadersCollection is deprecated, to delete in a major
-  'appsec.extendedHeadersCollection.enabled': false,
-  'appsec.extendedHeadersCollection.redaction': true,
-  'appsec.extendedHeadersCollection.maxHeaders': 50,
-  'appsec.obfuscatorKeyRegex': defaultWafObfuscatorKeyRegex,
-  'appsec.obfuscatorValueRegex': defaultWafObfuscatorValueRegex,
-  'appsec.rasp.enabled': true,
-  // TODO Deprecated, to delete in a major
-  'appsec.rasp.bodyCollection': false,
-  'appsec.rateLimit': 100,
-  'appsec.rules': undefined,
-  'appsec.sca.enabled': null,
-  'appsec.stackTrace.enabled': true,
-  'appsec.stackTrace.maxDepth': 32,
-  'appsec.stackTrace.maxStackTraces': 2,
-  'appsec.wafTimeout': 5e3, // µs
-  baggageMaxBytes: 8192,
-  baggageMaxItems: 64,
-  baggageTagKeys: 'user.id,session.id,account.id',
-  clientIpEnabled: false,
-  clientIpHeader: null,
+/**
+ * @param {string|null} raw
+ * @param {string} type
+ * @returns {string|number|boolean|Record<string, string>|unknown[]|undefined}
+ */
+function parseDefaultByType (raw, type) {
+  if (raw === null) {
+    return
+  }
+
+  switch (type) {
+    case 'boolean':
+      if (isTrue(raw)) return true
+      if (isFalse(raw)) return false
+      // TODO: What should we do with these?
+      return
+    case 'int':
+    case 'decimal': {
+      return Number(raw)
+    }
+    case 'array': {
+      if (!raw || raw.length === 0) return []
+      // TODO: Make the parsing a helper that is reused.
+      return raw.split(',').map(item => {
+        const colonIndex = item.indexOf(':')
+        if (colonIndex === -1) {
+          return item.trim()
+        }
+        const key = item.slice(0, colonIndex).trim()
+        const value = item.slice(colonIndex + 1).trim()
+        return `${key}:${value}`
+      })
+    }
+    case 'map': {
+      if (!raw || raw.length === 0) return {}
+      // TODO: Make the parsing a helper that is reused.
+      /** @type {Record<string, string>} */
+      const entries = {}
+      for (const item of raw.split(',')) {
+        const colonIndex = item.indexOf(':')
+        if (colonIndex === -1) {
+          const key = item.trim()
+          if (key.length > 0) {
+            entries[key] = ''
+          }
+          continue
+        }
+        const key = item.slice(0, colonIndex).trim()
+        const value = item.slice(colonIndex + 1).trim()
+        if (key.length > 0) {
+          entries[key] = value
+        }
+      }
+      return entries
+    }
+    default:
+      return raw
+  }
+}
+
+/** @type {Record<string, unknown>} */
+const metadataDefaults = {}
+for (const entries of Object.values(supportedConfigurations)) {
+  for (const entry of entries) {
+    // TODO: Replace $dynamic with method names that would be called and that
+    // are also called when the user passes through the value. That way the
+    // handling is unified and methods can be declared as default.
+    // The name of that method should be expressive for users.
+    // TODO: Add handling for all environment variable names. They should not
+    // need a configuration name for being listed with their default.
+    if (!Array.isArray(entry.configurationNames)) {
+      continue
+    }
+
+    const parsedValue = parseDefaultByType(entry.default, entry.type)
+    for (const configurationName of entry.configurationNames) {
+      metadataDefaults[configurationName] = entry.default === null ? undefined : parsedValue
+    }
+  }
+}
+
+// Defaults required by JS config merge/applyCalculated that are not represented in supported-configurations.
+const defaultsWithoutSupportedConfigurationEntry = {
+  'cloudPayloadTagging.rules': [],
   'cloudPayloadTagging.requestsEnabled': false,
   'cloudPayloadTagging.responsesEnabled': false,
-  'cloudPayloadTagging.maxDepth': 10,
-  'cloudPayloadTagging.rules': [],
-  'crashtracking.enabled': true,
-  'codeOriginForSpans.enabled': true,
-  'codeOriginForSpans.experimental.exit_spans.enabled': false,
-  dbmPropagationMode: 'disabled',
-  'dogstatsd.hostname': '127.0.0.1',
-  'dogstatsd.port': '8125',
-  dsmEnabled: false,
-  'dynamicInstrumentation.captureTimeoutMs': 15,
-  'dynamicInstrumentation.enabled': false,
-  'dynamicInstrumentation.probeFile': undefined,
-  'dynamicInstrumentation.redactedIdentifiers': [],
-  'dynamicInstrumentation.redactionExcludedIdentifiers': [],
-  'dynamicInstrumentation.uploadIntervalSeconds': 1,
-  env: undefined,
-  'experimental.aiguard.enabled': false,
-  'experimental.aiguard.endpoint': undefined,
-  'experimental.aiguard.maxMessagesLength': 16,
-  'experimental.aiguard.maxContentSize': 512 * 1024,
-  'experimental.aiguard.timeout': 10_000, // ms
-  'experimental.enableGetRumData': false,
-  'experimental.exporter': undefined,
-  'experimental.flaggingProvider.enabled': false,
-  'experimental.flaggingProvider.initializationTimeoutMs': 30_000,
-  flushInterval: 2000,
-  flushMinSpans: 1000,
-  gitMetadataEnabled: true,
-  graphqlErrorExtensions: [],
-  'grpc.client.error.statuses': GRPC_CLIENT_ERROR_STATUSES,
-  'grpc.server.error.statuses': GRPC_SERVER_ERROR_STATUSES,
-  headerTags: [],
-  'heapSnapshot.count': 0,
-  'heapSnapshot.destination': '',
-  'heapSnapshot.interval': 3600,
-  hostname: '127.0.0.1',
-  'iast.dbRowsToTaint': 1,
-  'iast.deduplicationEnabled': true,
-  'iast.enabled': false,
-  'iast.maxConcurrentRequests': 2,
-  'iast.maxContextOperations': 2,
-  'iast.redactionEnabled': true,
-  'iast.redactionNamePattern': null,
-  'iast.redactionValuePattern': null,
-  'iast.requestSampling': 30,
-  'iast.securityControlsConfiguration': null,
-  'iast.telemetryVerbosity': 'INFORMATION',
-  'iast.stackTrace.enabled': true,
-  injectionEnabled: [],
-  'installSignature.id': null,
-  'installSignature.time': null,
-  'installSignature.type': null,
-  instrumentationSource: 'manual',
-  injectForce: null,
   isAzureFunction: false,
   isCiVisibility: false,
-  isEarlyFlakeDetectionEnabled: false,
-  isFlakyTestRetriesEnabled: false,
-  flakyTestRetriesCount: 5,
   isGCPFunction: false,
-  isGCPPubSubPushSubscriptionEnabled: true,
+  instrumentationSource: 'manual',
+  isServiceUserProvided: false,
+  lookup: undefined,
+  plugins: true,
+}
+
+// These values are documented in supported-configurations as CI Visibility
+// defaults. Keep startup baseline false and let #applyCalculated() switch them
+// when CI Visibility is active.
+// TODO: These entries should be removed. They are off by default
+// because they rely on other configs.
+const defaultsWithConditionalRuntimeBehavior = {
   isGitUploadEnabled: false,
+  isImpactedTestsEnabled: false,
   isIntelligentTestRunnerEnabled: false,
   isManualApiEnabled: false,
-  'langchain.spanCharLimit': 128,
-  'langchain.spanPromptCompletionSampleRate': 1,
-  'llmobs.agentlessEnabled': undefined,
-  'llmobs.enabled': false,
-  'llmobs.mlApp': undefined,
-  ciVisibilityTestSessionName: '',
-  ciVisAgentlessLogSubmissionEnabled: false,
-  legacyBaggageEnabled: true,
-  isTestDynamicInstrumentationEnabled: false,
-  isServiceUserProvided: false,
-  testManagementAttemptToFixRetries: 20,
   isTestManagementEnabled: false,
-  isImpactedTestsEnabled: false,
-  logInjection: true,
-  otelLogsEnabled: false,
-  otelUrl: undefined,
-  otelLogsUrl: undefined, // Will be computed using agent host
-  otelHeaders: undefined,
-  otelLogsHeaders: '',
-  otelProtocol: 'http/protobuf',
-  otelLogsProtocol: 'http/protobuf',
-  otelLogsTimeout: 10_000,
-  otelTimeout: 10_000,
-  otelBatchTimeout: 5000,
-  otelMaxExportBatchSize: 512,
-  otelMaxQueueSize: 2048,
-  otelMetricsEnabled: false,
-  otelMetricsUrl: undefined, // Will be computed using agent host
-  otelMetricsHeaders: '',
-  otelMetricsProtocol: 'http/protobuf',
-  otelMetricsTimeout: 10_000,
-  otelMetricsExportTimeout: 7500,
-  otelMetricsExportInterval: 10_000,
-  otelMetricsTemporalityPreference: 'DELTA', // DELTA, CUMULATIVE, or LOWMEMORY
-  lookup: undefined,
-  inferredProxyServicesEnabled: false,
-  memcachedCommandEnabled: false,
-  middlewareTracingEnabled: true,
-  openAiLogsEnabled: false,
-  'openai.spanCharLimit': 128,
-  peerServiceMapping: {},
-  plugins: true,
+  // TODO: These are not conditional, they would just be of type number.
+  'dogstatsd.port': '8125',
   port: '8126',
-  'profiling.enabled': undefined,
-  'propagateProcessTags.enabled': undefined,
-  'profiling.exporters': 'agent',
-  'profiling.sourceMap': true,
-  'profiling.longLivedThreshold': undefined,
-  protocolVersion: '0.4',
-  queryStringObfuscation: qsRegex,
-  'remoteConfig.enabled': true,
-  'remoteConfig.pollInterval': 5, // seconds
-  reportHostname: false,
-  resourceRenamingEnabled: false,
-  'runtimeMetrics.enabled': false,
-  'runtimeMetrics.eventLoop': true,
-  'runtimeMetrics.gc': true,
-  runtimeMetricsRuntimeId: false,
-  sampleRate: undefined,
-  'sampler.rateLimit': 100,
-  'sampler.rules': [],
-  'sampler.spanSamplingRules': [],
-  scope: undefined,
+  // Override due to expecting numbers, not strings. TODO: Replace later.
+  'grpc.client.error.statuses': [
+    1,
+    2,
+    3,
+    4,
+    5,
+    6,
+    7,
+    8,
+    9,
+    10,
+    11,
+    12,
+    13,
+    14,
+    15,
+    16,
+  ],
+  'grpc.server.error.statuses': [
+    2,
+    3,
+    4,
+    5,
+    6,
+    7,
+    8,
+    9,
+    10,
+    11,
+    12,
+    13,
+    14,
+    15,
+    16,
+  ],
+}
+
+/** @type {Record<string, unknown>} */
+const defaults = {
+  ...defaultsWithoutSupportedConfigurationEntry,
+  ...metadataDefaults,
+  ...defaultsWithConditionalRuntimeBehavior,
   service,
-  serviceMapping: {},
-  site: 'datadoghq.com',
-  spanAttributeSchema: 'v0',
-  spanComputePeerService: false,
-  spanLeakDebug: 0,
-  spanRemoveIntegrationFromService: false,
-  startupLogs: false,
-  'stats.enabled': false,
-  tags: {},
-  tagsHeaderMaxLength: 512,
-  'telemetry.debug': false,
-  'telemetry.dependencyCollection': true,
-  'telemetry.enabled': true,
-  'telemetry.heartbeatInterval': 60_000,
-  'telemetry.logCollection': true,
-  'telemetry.metrics': true,
-  traceEnabled: true,
-  traceId128BitGenerationEnabled: true,
-  traceId128BitLoggingEnabled: true,
-  tracePropagationExtractFirst: false,
-  tracePropagationBehaviorExtract: 'continue',
-  'tracePropagationStyle.inject': ['datadog', 'tracecontext', 'baggage'],
-  'tracePropagationStyle.extract': ['datadog', 'tracecontext', 'baggage'],
-  'tracePropagationStyle.otelPropagators': false,
-  traceWebsocketMessagesEnabled: true,
-  traceWebsocketMessagesInheritSampling: true,
-  traceWebsocketMessagesSeparateTraces: true,
-  tracing: true,
-  url: undefined,
   version: pkg.version,
-  instrumentation_config_id: undefined,
-  'vertexai.spanCharLimit': 128,
-  'vertexai.spanPromptCompletionSampleRate': 1,
-  'trace.aws.addSpanPointers': true,
-  'trace.dynamoDb.tablePrimaryKeys': undefined,
-  'trace.nativeSpanEvents': false,
 }
+
+module.exports = defaults

package/packages/dd-trace/src/config/helper.js

@@ -2,8 +2,25 @@
 
 /* eslint-disable eslint-rules/eslint-process-env */
 
+/**
+ * @typedef {object} SupportedConfigurationEntry
+ * @property {string} implementation
+ * @property {string} type
+ * @property {string|number|boolean|null|object|unknown[]} default
+ * @property {string[]} [aliases]
+ * @property {string[]} [configurationNames]
+ * @property {string|boolean} [deprecated]
+ */
+
+/**
+ * @typedef {object} SupportedConfigurationsJson
+ * @property {Record<`DD_${string}` | `OTEL_${string}`, SupportedConfigurationEntry[]>} supportedConfigurations
+ */
+
 const { deprecate } = require('util')
-const { supportedConfigurations, aliases, deprecations } = require('./supported-configurations.json')
+const {
+  supportedConfigurations,
+} = /** @type {SupportedConfigurationsJson} */ (require('./supported-configurations.json'))
 
 /**
  * Types for environment variable handling.
@@ -12,6 +29,31 @@ const { supportedConfigurations, aliases, deprecations } = require('./supported-
  * @typedef {Partial<typeof process.env> & Partial<Record<SupportedEnvKey, string|undefined>>} TracerEnv
  */
 
+// Backwards-compatible views for old helper logic:
+// - `aliases`: Record<canonicalEnvVar, string[]>
+// - `deprecations`: Record<deprecatedEnvVar, string> (message suffix)
+const aliases = {}
+const deprecations = {}
+
+for (const [canonical, configuration] of Object.entries(supportedConfigurations)) {
+  for (const implementation of configuration) {
+    if (implementation.deprecated) {
+      deprecations[canonical] = implementation.deprecated
+      // Deprecated entries with an alias may not be listed in the supported configurations map
+      if (implementation.aliases) {
+        delete supportedConfigurations[canonical]
+        continue
+      }
+    }
+    if (Array.isArray(implementation.aliases)) {
+      for (const alias of implementation.aliases) {
+        aliases[canonical] ??= new Set()
+        aliases[canonical].add(alias)
+      }
+    }
+  }
+}
+
 const aliasToCanonical = {}
 for (const canonical of Object.keys(aliases)) {
   for (const alias of aliases[canonical]) {

package/packages/dd-trace/src/config/index.js

@@ -62,7 +62,7 @@ module.exports = getConfig
 class Config {
   /**
    * parsed DD_TAGS, usable as a standalone tag set across products
-   * @type {Record<string, string> | undefined}
+   * @type {Record<string, string>}
    */
   #parsedDdTags = {}
   #envUnprocessed = {}
@@ -89,6 +89,8 @@ class Config {
 
     options = {
       ...options,
+      // TODO(BridgeAR): Remove the experimental prefix once we have a major version.
+      // That also applies to index.d.ts
       appsec: options.appsec == null ? options.experimental?.appsec : options.appsec,
       iast: options.iast == null ? options.experimental?.iast : options.iast,
     }
@@ -162,7 +164,7 @@ class Config {
    * Set the configuration with remote config settings.
    * Applies remote configuration, recalculates derived values, and merges all configuration sources.
    *
-   * @param {import('./config/remote_config').RemoteConfigOptions|null} options - Configurations received via Remote
+   * @param {import('./remote_config').RemoteConfigOptions|null} options - Configurations received via Remote
    *   Config or null to reset all remote configuration
    */
   setRemoteConfig (options) {
@@ -283,6 +285,7 @@ class Config {
       DD_CODE_ORIGIN_FOR_SPANS_EXPERIMENTAL_EXIT_SPANS_ENABLED,
       DD_DATA_STREAMS_ENABLED,
       DD_DBM_PROPAGATION_MODE,
+      DD_DBM_INJECT_SQL_BASEHASH,
       DD_DOGSTATSD_HOST,
       DD_DOGSTATSD_PORT,
       DD_DYNAMIC_INSTRUMENTATION_CAPTURE_TIMEOUT_MS,
@@ -368,7 +371,6 @@ class Config {
       DD_TRACE_EXPERIMENTAL_GET_RUM_DATA_ENABLED,
       DD_RUNTIME_METRICS_RUNTIME_ID_ENABLED,
       DD_TRACE_GIT_METADATA_ENABLED,
-      DD_TRACE_GLOBAL_TAGS,
       DD_TRACE_GRAPHQL_ERROR_EXTENSIONS,
       DD_TRACE_HEADER_TAGS,
       DD_TRACE_LEGACY_BAGGAGE_ENABLED,
@@ -435,13 +437,11 @@ class Config {
 
     const tags = {}
 
-    const parsedDdTags = parseSpaceSeparatedTags(DD_TAGS)
-    tagger.add(this.#parsedDdTags, parsedDdTags)
-
     tagger.add(tags, parseSpaceSeparatedTags(handleOtel(OTEL_RESOURCE_ATTRIBUTES)))
-    tagger.add(tags, parsedDdTags)
+    tagger.add(tags, parseSpaceSeparatedTags(DD_TAGS))
     tagger.add(tags, DD_TRACE_TAGS)
-    tagger.add(tags, DD_TRACE_GLOBAL_TAGS)
+
+    Object.assign(this.#parsedDdTags, tags)
 
     setString(target, 'apiKey', DD_API_KEY)
     setBoolean(target, 'otelLogsEnabled', DD_LOGS_OTEL_ENABLED)
@@ -548,7 +548,7 @@ class Config {
       maybeInt(DD_API_SECURITY_MAX_DOWNSTREAM_REQUEST_BODY_ANALYSIS)
     target.baggageMaxBytes = DD_TRACE_BAGGAGE_MAX_BYTES
     target.baggageMaxItems = DD_TRACE_BAGGAGE_MAX_ITEMS
-    target.baggageTagKeys = DD_TRACE_BAGGAGE_TAG_KEYS
+    setArray(target, 'baggageTagKeys', DD_TRACE_BAGGAGE_TAG_KEYS)
     setBoolean(target, 'clientIpEnabled', DD_TRACE_CLIENT_IP_ENABLED)
     setString(target, 'clientIpHeader', DD_TRACE_CLIENT_IP_HEADER?.toLowerCase())
     if (DD_TRACE_CLOUD_REQUEST_PAYLOAD_TAGGING || DD_TRACE_CLOUD_RESPONSE_PAYLOAD_TAGGING) {
@@ -574,6 +574,7 @@ class Config {
       DD_CODE_ORIGIN_FOR_SPANS_EXPERIMENTAL_EXIT_SPANS_ENABLED
     )
     setString(target, 'dbmPropagationMode', DD_DBM_PROPAGATION_MODE)
+    setBoolean(target, 'dbm.injectSqlBaseHash', DD_DBM_INJECT_SQL_BASEHASH)
     setString(target, 'dogstatsd.hostname', DD_DOGSTATSD_HOST)
     setString(target, 'dogstatsd.port', DD_DOGSTATSD_PORT)
     setBoolean(target, 'dsmEnabled', DD_DATA_STREAMS_ENABLED)
@@ -648,6 +649,7 @@ class Config {
     setString(target, 'installSignature.id', DD_INSTRUMENTATION_INSTALL_ID)
     setString(target, 'installSignature.time', DD_INSTRUMENTATION_INSTALL_TIME)
     setString(target, 'installSignature.type', DD_INSTRUMENTATION_INSTALL_TYPE)
+    // TODO: Why is DD_INJECTION_ENABLED a comma separated list?
     setArray(target, 'injectionEnabled', DD_INJECTION_ENABLED)
     if (DD_INJECTION_ENABLED !== undefined) {
       setString(target, 'instrumentationSource', DD_INJECTION_ENABLED ? 'ssi' : 'manual')
@@ -707,8 +709,11 @@ class Config {
       maybeJsonFile(DD_SPAN_SAMPLING_RULES_FILE) ??
       safeJsonParse(DD_SPAN_SAMPLING_RULES)
     ))
-    setUnit(target, 'sampleRate', DD_TRACE_SAMPLE_RATE ||
-    getFromOtelSamplerMap(OTEL_TRACES_SAMPLER, OTEL_TRACES_SAMPLER_ARG))
+    setUnit(
+      target,
+      'sampleRate',
+      DD_TRACE_SAMPLE_RATE || getFromOtelSamplerMap(OTEL_TRACES_SAMPLER, OTEL_TRACES_SAMPLER_ARG)
+    )
     target['sampler.rateLimit'] = DD_TRACE_RATE_LIMIT
     setSamplingRule(target, 'sampler.rules', safeJsonParse(DD_TRACE_SAMPLING_RULES))
     unprocessedTarget['sampler.rules'] = DD_TRACE_SAMPLING_RULES
@@ -749,7 +754,7 @@ class Config {
     setBoolean(target, 'telemetry.debug', DD_TELEMETRY_DEBUG)
     setBoolean(target, 'telemetry.dependencyCollection', DD_TELEMETRY_DEPENDENCY_COLLECTION_ENABLED)
     target['telemetry.heartbeatInterval'] = maybeInt(Math.floor(DD_TELEMETRY_HEARTBEAT_INTERVAL * 1000))
-    unprocessedTarget['telemetry.heartbeatInterval'] = DD_TELEMETRY_HEARTBEAT_INTERVAL * 1000
+    unprocessedTarget['telemetry.heartbeatInterval'] = DD_TELEMETRY_HEARTBEAT_INTERVAL
     setBoolean(target, 'telemetry.logCollection', DD_TELEMETRY_LOG_COLLECTION_ENABLED)
     setBoolean(target, 'telemetry.metrics', DD_TELEMETRY_METRICS_ENABLED)
     setBoolean(target, 'traceId128BitGenerationEnabled', DD_TRACE_128_BIT_TRACEID_GENERATION_ENABLED)
@@ -892,7 +897,7 @@ class Config {
     opts['cloudPayloadTagging.maxDepth'] = maybeInt(options.cloudPayloadTagging?.maxDepth)
     opts.baggageMaxBytes = options.baggageMaxBytes
     opts.baggageMaxItems = options.baggageMaxItems
-    opts.baggageTagKeys = options.baggageTagKeys
+    setArray(opts, 'baggageTagKeys', options.baggageTagKeys)
     setBoolean(opts, 'codeOriginForSpans.enabled', options.codeOriginForSpans?.enabled)
     setBoolean(
       opts,
@@ -900,6 +905,7 @@ class Config {
       options.codeOriginForSpans?.experimental?.exit_spans?.enabled
     )
     setString(opts, 'dbmPropagationMode', options.dbmPropagationMode)
+    setBoolean(opts, 'dbm.injectSqlBaseHash', options.dbm?.injectSqlBaseHash)
     if (options.dogstatsd) {
       setString(opts, 'dogstatsd.hostname', options.dogstatsd.hostname)
       setString(opts, 'dogstatsd.port', options.dogstatsd.port)
@@ -1097,6 +1103,21 @@ class Config {
       ? new URL(DD_CIVISIBILITY_AGENTLESS_URL)
       : getAgentUrl(this.#getTraceAgentUrl(), this.#optionsArg)
 
+    // Experimental agentless APM span intake
+    // When enabled, sends spans directly to Datadog intake without an agent
+    const agentlessEnabled = isTrue(getEnv('_DD_APM_TRACING_AGENTLESS_ENABLED'))
+    if (agentlessEnabled) {
+      setString(calc, 'experimental.exporter', 'agentless')
+      // Disable rate limiting - server-side sampling will be used
+      calc['sampler.rateLimit'] = -1
+      // Disable client-side stats computation
+      setBoolean(calc, 'stats.enabled', false)
+      // Enable hostname reporting
+      setBoolean(calc, 'reportHostname', true)
+      // Clear sampling rules - server-side sampling handles this
+      calc['sampler.rules'] = []
+    }
+
     if (this.#isCiVisibility()) {
       setBoolean(calc, 'isEarlyFlakeDetectionEnabled',
         getEnv('DD_CIVISIBILITY_EARLY_FLAKE_DETECTION_ENABLED') ?? true)
@@ -1129,6 +1150,7 @@ class Config {
     calc.otelLogsUrl = `http://${agentHostname}:${DEFAULT_OTLP_PORT}`
     calc.otelMetricsUrl = `http://${agentHostname}:${DEFAULT_OTLP_PORT}/v1/metrics`
     calc.otelUrl = `http://${agentHostname}:${DEFAULT_OTLP_PORT}`
+    calc['telemetry.heartbeatInterval'] = maybeInt(Math.floor(this.#defaults['telemetry.heartbeatInterval'] * 1000))
 
     setBoolean(calc, 'isGitUploadEnabled',
       calc.isIntelligentTestRunnerEnabled && !isFalse(getEnv('DD_CIVISIBILITY_GIT_UPLOAD_ENABLED')))
@@ -1156,7 +1178,7 @@ class Config {
   /**
    * Applies remote configuration options from APM_TRACING configs.
    *
-   * @param {import('./config/remote_config').RemoteConfigOptions} options - Configurations received via Remote Config
+   * @param {import('./remote_config').RemoteConfigOptions} options - Configurations received via Remote Config
    */
   #applyRemoteConfig (options) {
     const opts = this.#remote