feat(live-debugger): agentless intake forwarding#2075
feat(live-debugger): agentless intake forwarding#2075gh-worker-dd-mergequeue-cf854d[bot] merged 4 commits into
Conversation
Clippy Allow Annotation ReportComparing clippy allow annotations between branches:
Summary by Rule
Annotation Counts by File
Annotation Stats by Crate
About This ReportThis report tracks Clippy allow annotations for specific rules, showing how they've changed in this PR. Decreasing the number of these annotations generally improves code quality. |
🎉 All green!🧪 All tests passed 🎯 Code Coverage (details) 🔗 Commit SHA: a38ce35 | Docs | Datadog PR Page | Give us feedback! |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #2075 +/- ##
==========================================
- Coverage 73.49% 73.32% -0.17%
==========================================
Files 475 475
Lines 78839 79085 +246
==========================================
+ Hits 57944 57993 +49
- Misses 20895 21092 +197
🚀 New features to boost your workflow:
|
Artifact Size Benchmark Reportaarch64-alpine-linux-musl
aarch64-unknown-linux-gnu
libdatadog-x64-windows
libdatadog-x86-windows
x86_64-alpine-linux-musl
x86_64-unknown-linux-gnu
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7f3440d544
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Add a transparent path for tracers to send Live Debugger and Symbol
Database (SymDB) data directly to the Datadog intake when no agent is
present, matching what the agent's debugger proxy routes do.
- Build agentless intake endpoints from a site and API key, targeting
debugger-intake.{site} for diagnostics, snapshots and SymDB uploads.
- Forward SymDB payloads with the appropriate origin and tags, mirroring
the agent's /symdb/v1/input route.
- Dual-ship payloads to additional intake endpoints when configured.
- Expose a sender config builder and SymDB send entry point over the FFI;
the existing sender entry point is unchanged.
Set DD-EVP-ORIGIN on the SymDB request only when an API key is present, matching the debugger tracks. The origin is only meaningful on the direct intake; in agent mode the agent sets it while proxying. No behavior change in agentless mode.
Send the primary debugger and SymDB endpoints before fanning out to best-effort additional endpoints so a slow or stalled extra endpoint no longer delays the intake the caller depends on. Drop a per-send string allocation on the FFI send path.
7f3440d to
e29975a
Compare
bwoebi
left a comment
There was a problem hiding this comment.
Aside from the sequential await, looks good to me.
Send the primary and additional dual-ship endpoints concurrently in send() and send_symdb() instead of awaiting them sequentially, so a slow extra endpoint no longer delays the others. Keep the primary's result as the returned one. Avoid a per-send heap allocation by collecting endpoints into a stack-inlined SmallVec, and derive the agentless SymDB route from the diagnostics constant so the intentional path reuse stays in lockstep.
# Release v36.0.0 This release bumps the workspace version `35.0.0 → 36.0.0`. Below are the commits in `v35.0.0..HEAD` that directly modify the C ABI surface consumed by downstream SDKs. ## Major | Commit | FFI crate(s) affected | |---|---| | `refactor(shm)!: Extract one_way_shared_memory to IPC and prepare libdd-remote-config for python` (#2121) | `datadog-sidecar-ffi` | | `refactor(span)!: use VecMap for meta, metrics and meta_struct for v04 spans` (#2043) | `datadog-sidecar-ffi`, `libdd-data-pipeline-ffi` | | `feat(data-pipeline)!: add fork safety hooks and cancellation token for trace exporter FFI` (#2051) | `libdd-data-pipeline-ffi`, `libdd-profiling-ffi` | ## Minor | Commit | FFI crate(s) affected | |---|---| | `feat(sidecar): add retry interval configuration` (#2106) | `datadog-sidecar-ffi` | | `feat(profiling): Add setting to omit local root span id from serialized pprof` (#2104) | `libdd-profiling-ffi` | | `feat(live-debugger): agentless intake forwarding` (#2075) | `datadog-live-debugger-ffi` | | `feat(sidecar): forward FFE exposures to EVP proxy` (#2026) | `datadog-sidecar-ffi` | | `feat(sidecar): forward FFE evaluation metrics to OTLP intake` (#2052) | `datadog-sidecar-ffi` | | `feat: cross-language LTO to inline C TLS shim into Rust FFI` (#1982) | `libdd-otel-thread-ctx-ffi` (build-only: build.rs / scripts / README) | ## Patch | Commit | FFI crate(s) affected | |---|---| | `fix(ffe): honor shared fixture result metadata` (#2109) | `datadog-ffe-ffi` | | `fix(sidecar): Dedup VecMap spans before serialization` (#2107) | `datadog-sidecar-ffi` | | `fix(crashtracking): authenticate peer granted socket ptrace access` (#2098) | `libdd-crashtracker-ffi`, `datadog-sidecar-ffi` | | `fix(remote-config): notification of multi-processing and runtime deduplication` (#2082) | `datadog-sidecar-ffi` | | `fix(sidecar): configure OTLP endpoint for FFE metrics` (#2076) | `datadog-sidecar-ffi` | | `refactor(datadog-remote-config): rename as libdd-remote-config` (#2085) | `datadog-sidecar-ffi` (incl. `cbindgen.toml`) | Co-authored-by: julio.gonzalez <julio.gonzalez@datadoghq.com>
What
Adds a transparent path for tracers to send Live Debugger and Symbol Database (SymDB) data directly to the Datadog intake when no agent is present, matching the behavior of the agent's debugger proxy routes (
/debugger/v1/diagnostics,/debugger/v2/input,/symdb/v1/input). This extends the existingdatadog-live-debuggercrate and its FFI rather than adding a new crate.Why
In agentless mode the tracer has no local agent to enrich and forward debugger/SymDB payloads to intake. This gives
libdatadogthe agent's forwarding behavior so tracers (e.g. dd-trace) can ship the same payloads transparently, choosing agent vs. agentless based on whether an API key is present.Changes
Core (
datadog-live-debugger/src/sender.rs)debugger_intake_endpoint(site, api_key)builds an agentless endpoint targetingdebugger-intake.{site}(mirrors profiling'sagentless()).derive_endpoint_path(); agentless requests use/api/v2/debugger, agent requests use the proxy paths.file://endpoints (tests) are left untouched.Configgainedsymdb_endpointplus dual-ship endpoint vectors, withset_symdb_endpoint,add_additional_debugger_endpoint, andadd_additional_symdb_endpoint.send()andsend_symdb()send the primary endpoint first, then fan out best-effort to any additional endpoints (mirroring the agent's*_additional_endpoints, where non-primary responses are discarded). Sending the primary first keeps a slow or stalled additional endpoint from delaying the intake the caller depends on.send_symdb()forwards raw bytes verbatim withDD-EVP-ORIGIN: agent-symdband tags carried in theX-Datadog-Additional-Tagsheader (matchingsymdb.go).PayloadSender::newsplit intonew/new_to_endpoint; existing callers (e.g.datadog-sidecar) are unaffected.FFI (
datadog-live-debugger-ffi/src/sender.rs)ddog_live_debugger_endpoint_from_site_and_api_keyfor the agentless endpoint (freed via the existingddog_endpoint_drop)...._sender_config_new/..._set_endpoint/..._set_symdb_endpoint/..._add_additional_endpoint/..._add_additional_symdb_endpoint/..._drop) andddog_live_debugger_spawn_sender_with_config. The existingddog_live_debugger_spawn_senderis unchanged.ddog_live_debugger_send_symdb_datato enqueue a raw SymDB body (zero-copy across the boundary viaOwnedCharSlice).&strinstead of formatting one per send, dropping an allocation on the hot path.DebuggerTypeis intentionally left unchanged (SymDB is handled as a separate path) becausedatadog-sidecardoes an exhaustive match on it.Testing
cargo checkon both crates anddatadog-sidecarcargo +nightly-2026-02-08 fmt --check,cargo clippy --all-targets --all-features -D warningscargo test -p datadog-live-debugger -p datadog-live-debugger-ffi(14 pass, 4 new)cargo ffi-test(only pre-existingcrashtracking/ffeenv failures, unrelated to this change)Cargo.lockuntouched.