refactor(config): generate runtime config from supported metadata

[BridgeAR]

Config model:
Build the tracer runtime config from supported-configurations.json.
The metadata now defines defaults, aliases, transforms, allowed values,
and internal property mapping. Env vars, stable config, code options,
remote config, and telemetry now go through the same parsing and
normalization path instead of separate logic.

Remote config and fallback:
Normalize remote config into the same local option names before apply.
When a remote value is removed, restore the earlier code value or the
default for that one option, instead of keeping an old remote value.
This also keeps config source tracking correct when remote config
changes over time.

Telemetry:
Report the same normalized config view that the tracer really uses.
Telemetry now keeps the source of each value, sends standard config
names such as DD_* and OTEL_*, and serializes URLs, arrays,
objects, functions, and rule sets in one consistent format for config
change events and extended heartbeats.

DD and OTEL precedence:
Use one precedence model for Datadog and OpenTelemetry settings.
Datadog config still wins when both are set. Generic
OTEL_EXPORTER_OTLP_* endpoint, header, protocol, and timeout values
now fill in logs and metrics config when the specific setting is not
set. b3 extraction keeps Datadog multi-header behavior when it comes
from DD_TRACE_PROPAGATION_STYLE, and keeps single-header behavior
when it comes from OTEL_PROPAGATORS.

Config-specific updates:
Parse and validate more individual settings through shared parsers.
This now covers sample rates, propagation styles and behavior,
OTEL_RESOURCE_ATTRIBUTES, DD_TRACE_HEADER_TAGS spacing,
JSON sampling rules, AppSec blocked template file paths, and
DD_GRPC_CLIENT_ERROR_STATUSES / DD_GRPC_SERVER_ERROR_STATUSES
range values. Invalid values now warn the same way and fall back more
predictably.

Calculated behavior:
Recalculate derived settings from the remembered source of each value.
This keeps service and tag inference, socket and DogStatsD defaults,
OTEL logs vs log injection, runtime metrics vs
OTEL_METRICS_EXPORTER=none, AppSec-driven resource renaming, CI and
serverless toggles, Lambda flush behavior, and agentless tracing
overrides consistent when inputs change.

Runtime consumers:
Move profiling, logging, agent URL selection, session propagation, and
other runtime code to read the resolved config instead of reparsing env
vars. This also keeps proxy startup working when tracing is off but
dynamic instrumentation or AppSec standalone still need runtime hooks,
and makes profiling exporter and profiler settings follow the same
config resolution path.

[codecov]

Codecov Report

❌ Patch coverage is 94.77504% with 36 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.16%. Comparing base (efc9681) to head (22b7138).

Files with missing lines	Patch %	Lines
packages/dd-trace/src/config/remote_config.js	47.82%	12 Missing ⚠️
packages/dd-trace/src/config/defaults.js	94.69%	7 Missing ⚠️
packages/dd-trace/src/config/parsers.js	95.34%	6 Missing ⚠️
packages/dd-trace/src/config/index.js	98.49%	4 Missing ⚠️
packages/dd-trace/src/llmobs/sdk.js	25.00%	3 Missing ⚠️
packages/dd-trace/src/profiling/config.js	94.82%	3 Missing ⚠️
packages/datadog-plugin-aws-sdk/src/base.js	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #7916      +/-   ##
==========================================
- Coverage   74.25%   74.16%   -0.09%     
==========================================
  Files         769      772       +3     
  Lines       36068    35749     -319     
==========================================
- Hits        26783    26515     -268     
+ Misses       9285     9234      -51     

Flag	Coverage Δ
aiguard-macos	36.43% <61.19%> (-3.12%)	⬇️
aiguard-ubuntu	36.53% <61.19%> (-3.13%)	⬇️
aiguard-windows	36.33% <62.85%> (-3.00%)	⬇️
apm-capabilities-tracing-macos	48.89% <84.61%> (-0.67%)	⬇️
apm-capabilities-tracing-ubuntu	48.97% <84.61%> (-0.50%)	⬇️
apm-capabilities-tracing-windows	48.76% <85.92%> (-0.54%)	⬇️
apm-integrations-child-process	36.06% <59.03%> (-2.78%)	⬇️
apm-integrations-couchbase-18	35.01% <59.03%> (-2.61%)	⬇️
apm-integrations-couchbase-eol	35.06% <59.03%> (-3.08%)	⬇️
apm-integrations-oracledb	35.06% <59.03%> (-2.90%)	⬇️
appsec-express	52.92% <62.31%> (-2.54%)	⬇️
appsec-fastify	49.37% <62.80%> (-2.42%)	⬇️
appsec-graphql	49.61% <62.80%> (-2.34%)	⬇️
appsec-kafka	42.15% <62.31%> (-2.42%)	⬇️
appsec-ldapjs	41.44% <62.14%> (-2.75%)	⬇️
appsec-lodash	41.47% <62.14%> (-2.32%)	⬇️
appsec-macos	56.80% <63.41%> (-1.36%)	⬇️
appsec-mongodb-core	46.09% <62.14%> (-2.88%)	⬇️
appsec-mongoose	46.69% <62.14%> (-2.94%)	⬇️
appsec-mysql	48.82% <62.64%> (-2.33%)	⬇️
appsec-node-serialize	40.64% <62.14%> (-2.74%)	⬇️
appsec-passport	44.66% <61.19%> (-3.18%)	⬇️
appsec-postgres	48.51% <62.14%> (-2.26%)	⬇️
appsec-sourcing	40.10% <62.14%> (-2.53%)	⬇️
appsec-stripe	42.36% <61.85%> (-2.46%)	⬇️
appsec-template	40.80% <62.14%> (-2.74%)	⬇️
appsec-ubuntu	56.88% <63.41%> (-1.36%)	⬇️
appsec-windows	56.67% <65.01%> (-1.29%)	⬇️
instrumentations-instrumentation-bluebird	29.93% <59.03%> (-2.50%)	⬇️
instrumentations-instrumentation-body-parser	37.68% <59.03%> (-3.05%)	⬇️
instrumentations-instrumentation-child_process	35.45% <59.03%> (-2.73%)	⬇️
instrumentations-instrumentation-cookie-parser	31.87% <59.03%> (-2.58%)	⬇️
instrumentations-instrumentation-express	32.16% <59.03%> (-2.60%)	⬇️
instrumentations-instrumentation-express-mongo-sanitize	31.99% <59.03%> (-2.59%)	⬇️
instrumentations-instrumentation-express-session	37.34% <59.03%> (-3.02%)	⬇️
instrumentations-instrumentation-fs	29.57% <59.03%> (-2.54%)	⬇️
instrumentations-instrumentation-generic-pool	31.44% <64.33%> (+2.03%)	⬆️
instrumentations-instrumentation-http	36.89% <59.03%> (-3.19%)	⬇️
instrumentations-instrumentation-knex	29.95% <59.03%> (-2.55%)	⬇️
instrumentations-instrumentation-mongoose	31.06% <59.03%> (-2.55%)	⬇️
instrumentations-instrumentation-multer	37.45% <59.03%> (-3.03%)	⬇️
instrumentations-instrumentation-mysql2	35.42% <58.87%> (-3.09%)	⬇️
instrumentations-instrumentation-passport	41.28% <60.53%> (-2.97%)	⬇️
instrumentations-instrumentation-passport-http	40.97% <60.53%> (-2.95%)	⬇️
instrumentations-instrumentation-passport-local	41.47% <60.53%> (-2.99%)	⬇️
instrumentations-instrumentation-pg	34.93% <58.87%> (-3.02%)	⬇️
instrumentations-instrumentation-promise	29.87% <59.03%> (-2.49%)	⬇️
instrumentations-instrumentation-promise-js	29.87% <59.03%> (-2.49%)	⬇️
instrumentations-instrumentation-q	29.91% <59.03%> (-2.50%)	⬇️
instrumentations-instrumentation-url	29.84% <59.03%> (-2.50%)	⬇️
instrumentations-instrumentation-when	29.88% <59.03%> (-2.50%)	⬇️
llmobs-ai	38.30% <61.02%> (-3.16%)	⬇️
llmobs-anthropic	37.90% <61.02%> (-3.04%)	⬇️
llmobs-bedrock	37.18% <61.05%> (-2.22%)	⬇️
llmobs-google-genai	37.70% <61.02%> (-2.26%)	⬇️
llmobs-langchain	37.08% <60.72%> (-2.33%)	⬇️
llmobs-openai	41.26% <61.52%> (-2.94%)	⬇️
llmobs-vertex-ai	37.75% <61.02%> (-2.48%)	⬇️
platform-core	30.82% <8.69%> (-0.65%)	⬇️
platform-esbuild	33.74% <8.69%> (-0.68%)	⬇️
platform-instrumentations-misc	40.89% <64.76%> (+6.77%)	⬆️
platform-shimmer	36.80% <8.69%> (-0.77%)	⬇️
platform-unit-guardrails	32.24% <8.69%> (-0.66%)	⬇️
platform-webpack	21.08% <36.17%> (+1.22%)	⬆️
plugins-azure-durable-functions	25.38% <8.69%> (-0.37%)	⬇️
plugins-azure-event-hubs	25.53% <8.69%> (-0.37%)	⬇️
plugins-azure-service-bus	24.92% <8.69%> (-0.35%)	⬇️
plugins-bullmq	40.75% <59.03%> (-2.95%)	⬇️
plugins-cassandra	35.21% <59.03%> (-2.90%)	⬇️
plugins-cookie	26.56% <8.69%> (-0.41%)	⬇️
plugins-cookie-parser	26.35% <8.69%> (-0.40%)	⬇️
plugins-crypto	26.21% <8.69%> (-0.52%)	⬇️
plugins-dd-trace-api	35.42% <59.03%> (-3.11%)	⬇️
plugins-express-mongo-sanitize	26.50% <8.69%> (-0.40%)	⬇️
plugins-express-session	26.31% <8.69%> (-0.40%)	⬇️
plugins-fastify	39.47% <62.02%> (-2.98%)	⬇️
plugins-fetch	35.72% <59.20%> (-2.91%)	⬇️
plugins-fs	35.67% <59.03%> (-3.19%)	⬇️
plugins-generic-pool	25.57% <8.69%> (-0.38%)	⬇️
plugins-google-cloud-pubsub	43.06% <59.20%> (-2.71%)	⬇️
plugins-grpc	38.07% <59.03%> (-3.03%)	⬇️
plugins-handlebars	26.54% <8.69%> (-0.40%)	⬇️
plugins-hapi	37.27% <59.03%> (-3.10%)	⬇️
plugins-hono	37.68% <59.03%> (-3.16%)	⬇️
plugins-ioredis	35.63% <59.03%> (-3.06%)	⬇️
plugins-knex	26.20% <8.69%> (-0.37%)	⬇️
plugins-langgraph	35.11% <59.03%> (-2.98%)	⬇️
plugins-ldapjs	24.12% <8.69%> (-0.32%)	⬇️
plugins-light-my-request	25.93% <8.69%> (-0.38%)	⬇️
plugins-limitd-client	30.19% <59.03%> (-2.52%)	⬇️
plugins-lodash	25.66% <8.69%> (-0.38%)	⬇️
plugins-mariadb	36.53% <59.03%> (-3.18%)	⬇️
plugins-memcached	35.29% <59.03%> (-3.15%)	⬇️
plugins-microgateway-core	36.39% <59.03%> (-3.04%)	⬇️
plugins-moleculer	38.07% <59.03%> (-2.66%)	⬇️
plugins-mongodb	36.41% <59.20%> (-2.96%)	⬇️
plugins-mongodb-core	36.13% <59.03%> (-3.09%)	⬇️
plugins-mongoose	36.08% <59.03%> (-2.94%)	⬇️
plugins-multer	26.31% <8.69%> (-0.40%)	⬇️
plugins-mysql	36.37% <59.03%> (-3.18%)	⬇️
plugins-mysql2	36.37% <59.03%> (-3.13%)	⬇️
plugins-node-serialize	26.60% <8.69%> (-0.41%)	⬇️
plugins-opensearch	35.09% <59.03%> (-2.75%)	⬇️
plugins-passport-http	26.37% <8.69%> (-0.39%)	⬇️
plugins-postgres	34.35% <59.03%> (-1.28%)	⬇️
plugins-process	26.21% <8.69%> (-0.52%)	⬇️
plugins-pug	26.56% <8.69%> (-0.41%)	⬇️
plugins-redis	35.94% <59.03%> (-3.20%)	⬇️
plugins-router	40.04% <59.03%> (-3.42%)	⬇️
plugins-sequelize	25.19% <8.69%> (-0.37%)	⬇️
plugins-test-and-upstream-amqp10	35.66% <59.03%> (-3.06%)	⬇️
plugins-test-and-upstream-amqplib	40.86% <59.03%> (-3.61%)	⬇️
plugins-test-and-upstream-apollo	36.56% <59.03%> (-2.77%)	⬇️
plugins-test-and-upstream-avsc	35.66% <59.20%> (-3.14%)	⬇️
plugins-test-and-upstream-bunyan	31.44% <59.03%> (-2.60%)	⬇️
plugins-test-and-upstream-connect	37.87% <59.03%> (-3.16%)	⬇️
plugins-test-and-upstream-graphql	37.21% <59.03%> (-3.17%)	⬇️
plugins-test-and-upstream-koa	37.65% <59.03%> (-2.97%)	⬇️
plugins-test-and-upstream-protobufjs	35.88% <59.20%> (-3.14%)	⬇️
plugins-test-and-upstream-rhea	40.97% <59.03%> (-3.50%)	⬇️
plugins-undici	36.62% <59.03%> (-2.83%)	⬇️
plugins-url	26.21% <8.69%> (-0.52%)	⬇️
plugins-valkey	35.19% <59.03%> (-3.22%)	⬇️
plugins-vm	26.21% <8.69%> (-0.52%)	⬇️
plugins-winston	31.75% <59.03%> (-2.61%)	⬇️
plugins-ws	38.97% <59.03%> (-3.25%)	⬇️
profiling-macos	37.97% <61.08%> (-2.79%)	⬇️
profiling-ubuntu	38.13% <61.23%> (-2.75%)	⬇️
profiling-windows	39.47% <66.95%> (-2.92%)	⬇️
serverless-azure-functions-client	25.26% <8.69%> (-0.36%)	⬇️
serverless-azure-functions-eventhubs	25.26% <8.69%> (-0.36%)	⬇️
serverless-azure-functions-servicebus	25.26% <8.69%> (-0.36%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Overall package size

Self size: 5.43 MB
Deduped: 6.28 MB
No deduping: 6.28 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 3.0.1 | 82.56 kB | 817.39 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[datadog-official]

⚠️ Tests

✨ Fix all issues with BitsAI or with Cursor

⚠️ Other Violations

🧪 1 Test failed

AIGuard SDK "before each" hook for "test evaluate 'tool call' with ALLOW action (blocking: true)" from AIGuard SDK     (Fix with Cursor)

Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/aiguard/index.spec.js)

Error: Timeout of 5000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/runner/work/dd-trace-js/dd-trace-js/packages/dd-trace/test/aiguard/index.spec.js)
    at process.processTicksAndRejections (node:internal/process/task_queues:104:5)

ℹ️ Info

No other issues found (see more)

❄️ No new flaky tests detected

🎯 Code Coverage (details)
• Patch Coverage: 88.16%
• Overall Coverage: 68.56% (-0.14%)

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 22b7138 | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!}

[bengl]

Let's explain (broadly/generally, not specifically for each such change) that this is a simplification, etc.

[BridgeAR]

After looking in the code again, the usage of it now seems very straight forward. Before, two properties were used to check one thing. Now if the property exists, it is enabled. Thus, it should hopefully be understandable without a comment?

[BridgeAR]

Add to commit message

[bengl]

Add a TODO to check for specific function names.

[BridgeAR]

I implemented a validation that checks for known names instead

[pr-commenter]

Benchmarks

Benchmark execution time: 2026-04-07 21:14:18

Comparing candidate commit 22b7138 in PR branch BridgeAR/2026-03-31-generated-config-runtime with baseline commit efc9681 in branch master.

Found 0 performance improvements and 17 performance regressions! Performance is the same for 211 metrics, 32 unstable metrics.

scenario:appsec-iast-no-vulnerability-iast-enabled-always-active-18

• 🟥 cpu_user_time [+109.189ms; +126.335ms] or [+7.097%; +8.212%]
• 🟥 execution_time [+102.101ms; +116.259ms] or [+5.995%; +6.826%]

scenario:appsec-iast-no-vulnerability-iast-enabled-always-active-20

• 🟥 cpu_user_time [+128.164ms; +142.634ms] or [+8.774%; +9.765%]
• 🟥 execution_time [+126.691ms; +140.461ms] or [+7.907%; +8.767%]

scenario:appsec-iast-no-vulnerability-iast-enabled-always-active-22

• 🟥 cpu_user_time [+66.025ms; +80.222ms] or [+5.842%; +7.098%]
• 🟥 execution_time [+77.573ms; +86.460ms] or [+6.144%; +6.848%]

scenario:appsec-iast-no-vulnerability-iast-enabled-always-active-24

• 🟥 cpu_user_time [+70.400ms; +85.388ms] or [+7.180%; +8.708%]
• 🟥 execution_time [+83.145ms; +90.519ms] or [+7.566%; +8.237%]

scenario:appsec-iast-no-vulnerability-iast-enabled-default-config-18

• 🟥 cpu_user_time [+92.535ms; +113.440ms] or [+6.223%; +7.629%]
• 🟥 execution_time [+99.085ms; +115.862ms] or [+6.026%; +7.046%]

scenario:appsec-iast-no-vulnerability-iast-enabled-default-config-20

• 🟥 cpu_user_time [+122.558ms; +140.633ms] or [+8.771%; +10.064%]
• 🟥 execution_time [+132.703ms; +147.183ms] or [+8.650%; +9.594%]

scenario:appsec-iast-no-vulnerability-iast-enabled-default-config-22

• 🟥 cpu_user_time [+62.067ms; +78.441ms] or [+5.779%; +7.304%]
• 🟥 execution_time [+67.157ms; +79.151ms] or [+5.565%; +6.559%]

scenario:appsec-iast-no-vulnerability-iast-enabled-default-config-24

• 🟥 cpu_user_time [+61.351ms; +76.742ms] or [+6.616%; +8.276%]
• 🟥 execution_time [+76.483ms; +84.490ms] or [+7.331%; +8.098%]

scenario:net-with-tracer-22

• 🟥 instructions [+49.5M instructions; +52.6M instructions] or [+5.113%; +5.429%]

[bengl]

Comment that this is only for grpc

[BridgeAR]

Renamed the method to setGRPCRange