Skip to content

Support DD_APM_TRACING_ENABLED=false for AI Guard traces#11885

Open
claponcet wants to merge 3 commits into
masterfrom
clara.poncet/ai-guard-standalone
Open

Support DD_APM_TRACING_ENABLED=false for AI Guard traces#11885
claponcet wants to merge 3 commits into
masterfrom
clara.poncet/ai-guard-standalone

Conversation

@claponcet

@claponcet claponcet commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

What Does This Do

When DD_APM_TRACING_ENABLED=false, AI Guard traces are now preserved and sent
to the backend. The tracer no longer lets the sampler override the USER_KEEP
priority that AI Guard sets via ai_guard.keep.

Concretely, TraceCollector.setSamplingPriorityIfNecessary gains a guard: if a
span carries ai_guard.event=true, the sampler is skipped (whether that sampler
is the regular priority sampler or the AsmStandaloneSampler rate-limiter used
in ASM standalone mode).

The ai_guard.event tag is also promoted from a local string constant in
AIGuardInternal to a canonical constant in Tags, alongside ai_guard.keep.

Root spans for AI Guard evaluations carry:

  • _sampling_priority_v1:2 (USER_KEEP) — set by forceKeep(SamplingMechanism.AI_GUARD)
  • _dd.p.dm:-13 (decision maker: AI Guard) — set by the same mechanism
  • ai_guard.event:true

Motivation

Part of APPSEC-61460 (AI Guard without APM billing). AI Guard customers should
not require APM host billing. Unlike ASM standalone mode, AI Guard does not need
the "1 trace per minute" allowance — every AI Guard trace must go through.

Additional Notes

The AsmStandaloneSampler (used when APM is disabled and AppSec is enabled)
has a rate limiter that allows only 1 trace/minute for regular APM traces. The
new bypass ensures AI Guard traces are never dropped by this limiter, while
regular traces remain subject to it.

Contributor Checklist

  • Format the title according to the contribution guidelines
  • Assign the type: and (comp: or inst:) labels in addition to any other useful labels
  • Avoid using close, fix, or any linking keywords when referencing an issue
    Use solves instead, and assign the PR milestone to the issue
  • Update the CODEOWNERS file on source file addition, migration, or deletion
  • Update public documentation with any new configuration flags or behaviors
  • Add your completed PR to the merge queue by commenting /merge. You can also:
    • Customize the commit message associated with the merge with /merge --commit-message "..."
    • Remove your PR from the merge queue with /merge -c
    • Skip all merge queue checks with /merge -f --reason "reason"; please use this judiciously, as some checks do not run at the PR-level (note: the PR still needs to be mergeable, this will only skip the pre-merge build)
    • Get more information in this doc

Jira ticket: APPSEC-68487

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claponcet claponcet added type: feature Enhancements and improvements comp: ai-guard AI Guard labels Jul 8, 2026
@claponcet

Copy link
Copy Markdown
Contributor Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 42d77deb22

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

@claponcet claponcet marked this pull request as ready for review July 8, 2026 12:41
@claponcet claponcet requested review from a team as code owners July 8, 2026 12:41
@claponcet claponcet requested review from daniel-romano-DD, manuel-alvarez-alvarez and mcculls and removed request for a team July 8, 2026 12:41
@dd-octo-sts dd-octo-sts Bot added the tag: ai generated Largely based on code generated by an AI or LLM label Jul 8, 2026
@datadog-prod-us1-5

datadog-prod-us1-5 Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🎯 Code Coverage (details)
Patch Coverage: 100.00%
Overall Coverage: 56.47% (-0.49%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 40cce9e | Docs | Datadog PR Page | Give us feedback!

rootSpan.spanContext().getPropagationTags().getTraceSource(),
ProductTraceSource.ASM))
ProductTraceSource.ASM)
&& !Boolean.TRUE.equals(rootSpan.getTag(Tags.AI_GUARD_EVENT)))

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should add further product-specific tags to this code.

Have you considered using Tags.PROPAGATED_TRACE_SOURCE to mark the root span as coming from the AI/LLM product like ASM does?

.setTag(Tags.PROPAGATED_TRACE_SOURCE, ProductTraceSource.ASM);

You'd just need to add your product to ProductTraceSource - and maybe introduce a new method that lets you check if one of several products are marked here, rather than calling isProductMarked multiple times.

For example it could then become:

!ProductTraceSource.isProductMarked(
                  rootSpan.spanContext().getPropagationTags().getTraceSource(),
                  ProductTraceSource.ASM, ProductTraceSource.LLM)

cc @PerfectSlayer

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have considered this but I don't think ProductTraceSource is used in other tracers for AI Guard so I opted for consistency. @smola what do you think?

@dd-octo-sts

dd-octo-sts Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

🟢 Java Benchmark SLOs — All performance SLOs passed

Suite Status
Startup 🟢 pass

SLO thresholds are defined here based on automatically generated metrics. A warning is raised when results are within 5% of the threshold.

PR vs. master results
Scenario Candidate master Δ (95% CI of mean)
startup:insecure-bank:iast:Agent 14.01 s 13.91 s [-0.1%; +1.5%] (no difference)
startup:insecure-bank:tracing:Agent 12.95 s 13.03 s [-1.5%; +0.3%] (no difference)
startup:petclinic:appsec:Agent 16.86 s 16.69 s [+0.1%; +1.9%] (maybe worse)
startup:petclinic:iast:Agent 16.86 s 16.85 s [-0.8%; +1.0%] (no difference)
startup:petclinic:profiling:Agent 16.65 s 16.85 s [-2.4%; +0.0%] (no difference)
startup:petclinic:sca:Agent 16.26 s 16.64 s [-6.7%; +2.1%] (no difference)
startup:petclinic:tracing:Agent 16.08 s 16.02 s [-0.8%; +1.5%] (no difference)

Commit: 40cce9e7 · CI Pipeline · Benchmarking Platform UI


Load and DaCapo benchmarks can be triggered manually in the GitLab pipeline. Results will appear in the Benchmarking Platform UI after completion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

comp: ai-guard AI Guard tag: ai generated Largely based on code generated by an AI or LLM type: feature Enhancements and improvements

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants