Skip to content

feat(datadog-ffe): server-side EVP flagevaluation payload + bincode-safe sidecar delivery#2117

Open
leoromanovsky wants to merge 35 commits into
mainfrom
leo.romanovsky/ffl-2446-ffe-flagevaluation-evp
Open

feat(datadog-ffe): server-side EVP flagevaluation payload + bincode-safe sidecar delivery#2117
leoromanovsky wants to merge 35 commits into
mainfrom
leo.romanovsky/ffl-2446-ffe-flagevaluation-evp

Conversation

@leoromanovsky

@leoromanovsky leoromanovsky commented Jun 14, 2026

Copy link
Copy Markdown
Contributor

Motivation

PHP relies on libdatadog and the sidecar for server-side flag-evaluation delivery, so the shared sidecar path must preserve the same worker-facing EVP contract as the direct SDK implementations. This contribution gives PHP a reusable, backend-verifiable flagevaluation transport without adding a one-off EVP writer in the PHP extension, which keeps cross-SDK adoption smoother for SDK owners and APM review.

Changes

  • Keeps the sidecar action enum bincode-compatible by appending FfeFlagEvaluationBatch after existing variants.
  • Keeps flagevaluation IPC structs bincode-safe; outbound placeholder stripping happens only in the sidecar flusher before the EVP POST.
  • Shares the common Agent EVP proxy endpoint/header/request path between FFE exposures and flagevaluation delivery.
  • Carries context.evaluation over IPC as a JSON-object string and re-expands it to an object for outbound EVP JSON.
  • Preserves valid context values such as false, "", {}, and [] in user context.
  • Adds the flagevaluation C ABI path without a reason argument.
  • Supports optional real targeting_rule.key.
  • Retries reliable enqueue using retained encoded bytes so reconnect retry does not consume the payload.
  • Coalesces PHP flagevaluation batches in the sidecar by schema-visible dimensions and folds overflow into degraded buckets.
  • Splits sidecar EVP POST bodies by encoded uncompressed JSON bytes under the 5 MiB EVP limit, keeping the existing 512-event chunking as a secondary guard.
  • Degrades an oversized full-tier row by omitting targeting_key and context; drops and logs only if the degraded row still cannot fit.

Decisions

  • OpenFeature reason is not part of the native ABI, sidecar event, outbound EVP payload, or aggregation contract.
  • Bincode wire compatibility is part of the PHP product path because PHP reaches EVP through worker-to-sidecar IPC before HTTP.
  • FFE exposures and flagevaluation share Agent EVP proxy transport mechanics; schema-specific payload shaping remains in each flusher because exposure deduplication and flagevaluation coalescing have different contracts.
  • The flagevaluation sidecar flusher owns worker-facing JSON cleanup so shared wire structs remain plain enough for positional bincode serialization.
  • Degraded events omit targeting key and context while retaining visible flag, variant, allocation, error, runtime-default, and targeting-rule fields.
  • Payload splitting happens after sidecar JSON cleanup because that is where the final uncompressed POST body exists; count-based chunking alone is not sufficient for the EVP 5 MiB limit.
  • PHP consumes this flagevaluation endpoint through the C ABI; the companion PHP draft points its libdatadog submodule at this PR head.
flowchart TD
  A[sidecar receives/coalesces batches] --> B[clean and encode event JSON]
  B --> C{candidate POST <= 5 MiB?}
  C -- yes --> D[POST through Agent EVP proxy]
  C -- no --> E{single full row can degrade?}
  E -- yes --> F[omit targeting_key and context]
  F --> B
  E -- no --> G[drop and log/count]
Loading

Validation Evidence

Dogfooding App

  • Companion PHP draft: feat(openfeature): emit server-side EVP flagevaluation dd-trace-php#3984
  • ffe-dogfooding app-php7 and app-php8-openfeature were run with local PHP artifacts using this libdatadog sidecar path.
  • Dogfooding ran with the real-backend EVP override: Agent DD_EVP_PROXY_CONFIG_ADDITIONAL_ENDPOINTS={}, DD_SKIP_SSL_VALIDATION=false, and DD_REMOTE_CONFIGURATION_NO_TLS_VALIDATION=false.
  • Sent 12 identical evaluations per targeting key for ffe-dogfooding-string-flag:
    • libdd-php7-batch-20260623T020845Z-alpha
    • libdd-php7-batch-20260623T020845Z-bravo
    • libdd-php8of-batch-20260623T020845Z-alpha
    • libdd-php8of-batch-20260623T020845Z-bravo
  • App-side responses returned variant_2.

System Tests

Staging End-To-End

  • Retriever staging query used --datacenter us1.staging.dog --customer-auth=skip against the flagevaluation track for the exact targeting keys above.
  • Retriever returned one backend row per targeting key, each with flag.key=ffe-dogfooding-string-flag, variant.key=variant_2, allocation.key=allocation-override-392dd7c149f8, and evaluation_count=12:
    • libdd-php7-batch-20260623T020845Z-alpha: first_evaluation=1782180525878, last_evaluation=1782180525985, timestamp=1782180525985, evaluation_count=12
    • libdd-php7-batch-20260623T020845Z-bravo: first_evaluation=1782180525997, last_evaluation=1782180526103, timestamp=1782180526103, evaluation_count=12
    • libdd-php8of-batch-20260623T020845Z-alpha: first_evaluation=1782180526245, last_evaluation=1782180526344, timestamp=1782180526344, evaluation_count=12
    • libdd-php8of-batch-20260623T020845Z-bravo: first_evaluation=1782180526356, last_evaluation=1782180526451, timestamp=1782180526451, evaluation_count=12

…ure gate

- Add telemetry/flagevaluation.rs with FfeFlagEvaluationBatch and
  FfeFlagEvaluationEvent types modeled on exposures.rs
- Required fields: timestamp, flag.key, first_evaluation, last_evaluation,
  evaluation_count
- Optional fields use skip_serializing_if = Option::is_none for omitempty
  semantics (reviewer concern #2 review:4477935835)
- Context pruning helper prune_context() enforces 256 fields / 256 chars
  skip-not-truncate (reviewer concern #1 review:4477935835)
- New Cargo feature flagevaluation-evp gates the module (parallel to
  exposure-events)
- Gate telemetry module in lib.rs to include flagevaluation-evp feature
- 30 tests pass (25 existing + 5 new); OTel evaluation_metrics.rs and
  exposures.rs are byte-for-byte unchanged
…P flusher

- Add ffe_flagevaluation_flusher.rs: structural copy of ffe_exposures_flusher.rs
  with path constant EVP_FLAGEVALUATIONS_PATH = /evp_proxy/v2/api/v2/flagevaluations
  and batch type FfeFlagEvaluationBatch; fire-and-forget send_batch with
  non-2xx warn+drop and timeout via biased tokio::select!
- Add SidecarAction::FfeFlagEvaluationBatch variant to mod.rs enum; re-export
  FfeFlagEvaluationBatch from datadog-ffe telemetry module
- Route SidecarAction::FfeFlagEvaluationBatch in sidecar_server.rs to
  ffe_flagevaluation_flusher::send_batch (parallel to FfeExposureBatch arm)
- Add exhaust arm for new variant in telemetry.rs process_actions match
- Enable flagevaluation-evp feature on datadog-ffe dep in sidecar Cargo.toml
- 40 sidecar tests pass (3 new: posts_to_evp_proxy, non_2xx_does_not_panic,
  timeout_returns_without_waiting); OTel FfeEvaluationMetric path untouched
The worker->sidecar IPC serializes SidecarAction with bincode (non-self-describing). serde_json::Value (deserialize_any) and #[serde(skip_serializing_if)] both make bincode deserialize fail, so the sidecar silently dropped every FfeFlagEvaluationBatch ('IPC serve: failed to decode request') while the worker enqueue still returned ok.

- Carry pruned context as a JSON-object string (Option<String>); remove all skip_serializing_if from the wire types (keep #[serde(default)] for deserialize).

- Re-expand the context string into a JSON object and strip null/false/empty placeholders in ffe_flagevaluation_flusher::build_payload (POST shape unchanged; degraded tier carries no null placeholders).

- Add enqueue_actions_reliable (checked blocking send + reconnect-retry) for one-shot FFE batches; best-effort enqueue_actions left unchanged for high-volume telemetry.

- Add a bincode round-trip test for FfeFlagEvaluationBatch (mixed Some/None fields) to lock the wire-codec contract.
@datadog-prod-us1-3

datadog-prod-us1-3 Bot commented Jun 14, 2026

Copy link
Copy Markdown

Tests

🎉 All green!

🧪 All tests passed
❄️ No new flaky tests detected

🎯 Code Coverage (details)
Patch Coverage: 90.64%
Overall Coverage: 74.74% (+0.29%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: fd0f685 | Docs | Datadog PR Page | Give us feedback!

@github-actions

github-actions Bot commented Jun 14, 2026

Copy link
Copy Markdown
Contributor

📚 Documentation Check Results

⚠️ 6298 documentation warning(s) found

📦 datadog-ffe-test-suite - ✅ No warnings

📦 datadog-ffe - 344 warning(s)

📦 datadog-sidecar-ffi - 3119 warning(s)

📦 datadog-sidecar - 2835 warning(s)


Updated: 2026-07-14 23:25:14 UTC | Commit: ffd4800 | missing-docs job results

@github-actions

github-actions Bot commented Jun 14, 2026

Copy link
Copy Markdown
Contributor

🔒 Cargo Deny Results

⚠️ 16 issue(s) found, showing only errors (advisories, bans, sources)

📦 datadog-ffe-test-suite - 4 error(s)

Show output
error[unmaintained]: Bincode is unmaintained
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:24:1
   │
24 │ bincode 1.3.3 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
   │
   ├ ID: RUSTSEC-2025-0141
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2025-0141
   ├ Due to a doxxing and harassment incident, the bincode team has taken the decision to cease development permanently.
     
     The team considers version 1.3.3 a complete version of bincode that is not in need of any updates.
     
     ## Alternatives to consider
     
     * [wincode](https://crates.io/crates/wincode)
     * [postcard](https://crates.io/crates/postcard)
     * [bitcode](https://crates.io/crates/bitcode)
     * [rkyv](https://crates.io/crates/rkyv)
   ├ Announcement: https://git.sr.ht/~stygianentity/bincode/tree/v3.0/item/README.md
   ├ Solution: No safe upgrade is available!
   ├ bincode v1.3.3
     └── (dev) datadog-ffe v1.0.0
         └── (dev) datadog-ffe-test-suite v37.0.0

error[vulnerability]: Invalid pointer dereference in `fmt::Pointer` impl for `Atomic` and `Shared` when the underlying pointer is invalid
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:53:1
   │
53 │ crossbeam-epoch 0.9.18 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0204
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0204
   ├ Affected versions of `fmt::Display` dereference the underlying pointer. This causes a invalid pointer dereference e.g., when a pointer created with `Atomic::null` or `Shared::null`. `fmt::Debug` impls and pre-0.9 `fmt::Display` impls, which do not dereference pointers, are not affected by this issue.
   ├ Announcement: https://github.com/crossbeam-rs/crossbeam/pull/1276
   ├ Solution: Upgrade to >=0.9.20 (try `cargo update -p crossbeam-epoch`)
   ├ crossbeam-epoch v0.9.18
     └── crossbeam-deque v0.8.5
         └── rayon-core v1.12.1
             └── rayon v1.10.0
                 └── criterion v0.5.1
                     └── (dev) datadog-ffe-test-suite v37.0.0

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:181:1
    │
181 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      └── (dev) libdd-common v5.1.0
          ├── datadog-ffe v1.0.0
          │   └── (dev) datadog-ffe-test-suite v37.0.0
          ├── libdd-capabilities-impl v3.0.0
          │   └── (dev) datadog-ffe v1.0.0 (*)
          └── libdd-remote-config v2.0.0
              ├── datadog-ffe v1.0.0 (*)
              └── (dev) libdd-remote-config v2.0.0 (*)

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:243:1
    │
243 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      └── libdd-remote-config v2.0.0
          ├── datadog-ffe v1.0.0
          │   └── (dev) datadog-ffe-test-suite v37.0.0
          └── (dev) libdd-remote-config v2.0.0 (*)

advisories FAILED, bans ok, sources ok

📦 datadog-ffe - 3 error(s)

Show output
error[unmaintained]: Bincode is unmaintained
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:22:1
   │
22 │ bincode 1.3.3 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
   │
   ├ ID: RUSTSEC-2025-0141
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2025-0141
   ├ Due to a doxxing and harassment incident, the bincode team has taken the decision to cease development permanently.
     
     The team considers version 1.3.3 a complete version of bincode that is not in need of any updates.
     
     ## Alternatives to consider
     
     * [wincode](https://crates.io/crates/wincode)
     * [postcard](https://crates.io/crates/postcard)
     * [bitcode](https://crates.io/crates/bitcode)
     * [rkyv](https://crates.io/crates/rkyv)
   ├ Announcement: https://git.sr.ht/~stygianentity/bincode/tree/v3.0/item/README.md
   ├ Solution: No safe upgrade is available!
   ├ bincode v1.3.3
     └── (dev) datadog-ffe v1.0.0

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:160:1
    │
160 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      └── (dev) libdd-common v5.1.0
          ├── datadog-ffe v1.0.0
          ├── libdd-capabilities-impl v3.0.0
          │   └── (dev) datadog-ffe v1.0.0 (*)
          └── libdd-remote-config v2.0.0
              ├── datadog-ffe v1.0.0 (*)
              └── (dev) libdd-remote-config v2.0.0 (*)

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:219:1
    │
219 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      └── libdd-remote-config v2.0.0
          ├── datadog-ffe v1.0.0
          └── (dev) libdd-remote-config v2.0.0 (*)

advisories FAILED, bans ok, sources ok

📦 datadog-sidecar-ffi - 5 error(s)

Show output
error[unmaintained]: Bincode is unmaintained
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:37:1
   │
37 │ bincode 1.3.3 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
   │
   ├ ID: RUSTSEC-2025-0141
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2025-0141
   ├ Due to a doxxing and harassment incident, the bincode team has taken the decision to cease development permanently.
     
     The team considers version 1.3.3 a complete version of bincode that is not in need of any updates.
     
     ## Alternatives to consider
     
     * [wincode](https://crates.io/crates/wincode)
     * [postcard](https://crates.io/crates/postcard)
     * [bitcode](https://crates.io/crates/bitcode)
     * [rkyv](https://crates.io/crates/rkyv)
   ├ Announcement: https://git.sr.ht/~stygianentity/bincode/tree/v3.0/item/README.md
   ├ Solution: No safe upgrade is available!
   ├ bincode v1.3.3
     ├── (dev) datadog-ffe v1.0.0
     │   └── datadog-sidecar v0.0.1
     │       └── datadog-sidecar-ffi v0.0.1
     ├── datadog-ipc v0.1.0
     │   ├── datadog-sidecar v0.0.1 (*)
     │   └── datadog-sidecar-ffi v0.0.1 (*)
     └── datadog-sidecar v0.0.1 (*)

error[vulnerability]: Invalid pointer dereference in `fmt::Pointer` impl for `Atomic` and `Shared` when the underlying pointer is invalid
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:90:1
   │
90 │ crossbeam-epoch 0.9.18 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0204
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0204
   ├ Affected versions of `fmt::Display` dereference the underlying pointer. This causes a invalid pointer dereference e.g., when a pointer created with `Atomic::null` or `Shared::null`. `fmt::Debug` impls and pre-0.9 `fmt::Display` impls, which do not dereference pointers, are not affected by this issue.
   ├ Announcement: https://github.com/crossbeam-rs/crossbeam/pull/1276
   ├ Solution: Upgrade to >=0.9.20 (try `cargo update -p crossbeam-epoch`)
   ├ crossbeam-epoch v0.9.18
     └── crossbeam-deque v0.8.5
         └── rayon-core v1.12.1
             └── rayon v1.10.0
                 └── criterion v0.5.1
                     ├── (dev) datadog-ipc v0.1.0
                     │   ├── datadog-sidecar v0.0.1
                     │   │   └── datadog-sidecar-ffi v0.0.1
                     │   └── datadog-sidecar-ffi v0.0.1 (*)
                     ├── libdd-common v5.1.0
                     │   ├── datadog-ffe v1.0.0
                     │   │   └── datadog-sidecar v0.0.1 (*)
                     │   ├── datadog-ipc v0.1.0 (*)
                     │   ├── datadog-live-debugger v0.0.1
                     │   │   ├── datadog-sidecar v0.0.1 (*)
                     │   │   └── datadog-sidecar-ffi v0.0.1 (*)
                     │   ├── datadog-sidecar v0.0.1 (*)
                     │   ├── datadog-sidecar-ffi v0.0.1 (*)
                     │   ├── libdd-capabilities-impl v3.0.0
                     │   │   ├── (dev) datadog-ffe v1.0.0 (*)
                     │   │   ├── datadog-sidecar v0.0.1 (*)
                     │   │   ├── libdd-data-pipeline v7.0.0
                     │   │   │   ├── datadog-live-debugger v0.0.1 (*)
                     │   │   │   └── datadog-sidecar v0.0.1 (*)
                     │   │   ├── libdd-shared-runtime v2.0.0
                     │   │   │   ├── libdd-data-pipeline v7.0.0 (*)
                     │   │   │   ├── libdd-telemetry v6.0.0
                     │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
                     │   │   │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
                     │   │   │   │   ├── libdd-crashtracker v1.0.0
                     │   │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
                     │   │   │   │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
                     │   │   │   │   │   └── libdd-crashtracker-ffi v37.0.0
                     │   │   │   │   │       ├── datadog-sidecar v0.0.1 (*)
                     │   │   │   │   │       └── datadog-sidecar-ffi v0.0.1 (*)
                     │   │   │   │   ├── libdd-data-pipeline v7.0.0 (*)
                     │   │   │   │   ├── libdd-telemetry-ffi v37.0.0
                     │   │   │   │   │   └── datadog-sidecar-ffi v0.0.1 (*)
                     │   │   │   │   └── libdd-trace-stats v6.0.0
                     │   │   │   │       ├── datadog-ipc v0.1.0 (*)
                     │   │   │   │       ├── datadog-sidecar v0.0.1 (*)
                     │   │   │   │       └── libdd-data-pipeline v7.0.0 (*)
                     │   │   │   └── libdd-trace-stats v6.0.0 (*)
                     │   │   ├── libdd-trace-stats v6.0.0 (*)
                     │   │   └── libdd-trace-utils v9.0.0
                     │   │       ├── (dev) datadog-sidecar v0.0.1 (*)
                     │   │       ├── (dev) datadog-sidecar-ffi v0.0.1 (*)
                     │   │       ├── libdd-data-pipeline v7.0.0 (*)
                     │   │       ├── libdd-trace-obfuscation v5.0.0
                     │   │       │   └── libdd-trace-stats v6.0.0 (*)
                     │   │       ├── libdd-trace-stats v6.0.0 (*)
                     │   │       └── (dev) libdd-trace-utils v9.0.0 (*)
                     │   ├── libdd-common-ffi v37.0.0
                     │   │   ├── datadog-sidecar v0.0.1 (*)
                     │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
                     │   │   ├── libdd-crashtracker-ffi v37.0.0 (*)
                     │   │   └── libdd-telemetry-ffi v37.0.0 (*)
                     │   ├── (build) libdd-crashtracker v1.0.0 (*)
                     │   ├── libdd-crashtracker-ffi v37.0.0 (*)
                     │   ├── libdd-data-pipeline v7.0.0 (*)
                     │   ├── libdd-dogstatsd-client v4.0.0
                     │   │   ├── datadog-sidecar v0.0.1 (*)
                     │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
                     │   │   ├── libdd-data-pipeline v7.0.0 (*)
                     │   │   └── libdd-trace-stats v6.0.0 (*)
                     │   ├── libdd-remote-config v2.0.0
                     │   │   ├── datadog-ffe v1.0.0 (*)
                     │   │   ├── datadog-live-debugger v0.0.1 (*)
                     │   │   ├── (dev) datadog-sidecar v0.0.1 (*)
                     │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
                     │   │   └── (dev) libdd-remote-config v2.0.0 (*)
                     │   ├── libdd-shared-runtime v2.0.0 (*)
                     │   ├── libdd-telemetry v6.0.0 (*)
                     │   ├── libdd-telemetry-ffi v37.0.0 (*)
                     │   ├── libdd-trace-obfuscation v5.0.0 (*)
                     │   ├── libdd-trace-stats v6.0.0 (*)
                     │   └── libdd-trace-utils v9.0.0 (*)
                     ├── (dev) libdd-crashtracker v1.0.0 (*)
                     ├── (dev) libdd-data-pipeline v7.0.0 (*)
                     ├── (dev) libdd-ddsketch v1.1.0
                     │   ├── datadog-ipc v0.1.0 (*)
                     │   ├── libdd-data-pipeline v7.0.0 (*)
                     │   ├── libdd-telemetry v6.0.0 (*)
                     │   └── libdd-trace-stats v6.0.0 (*)
                     ├── (dev) libdd-trace-normalization v3.0.0
                     │   ├── libdd-data-pipeline v7.0.0 (*)
                     │   └── libdd-trace-utils v9.0.0 (*)
                     ├── (dev) libdd-trace-obfuscation v5.0.0 (*)
                     ├── (dev) libdd-trace-stats v6.0.0 (*)
                     └── (dev) libdd-trace-utils v9.0.0 (*)

error[unmaintained]: paste - no longer maintained
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:274:1
    │
274 │ paste 1.0.15 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
    │
    ├ ID: RUSTSEC-2024-0436
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0436
    ├ The creator of the crate `paste` has stated in the [`README.md`](https://github.com/dtolnay/paste/blob/master/README.md) 
      that this project is not longer maintained as well as archived the repository
      
      ## Possible Alternative(s)
      
      - [`pastey`]: a fork of paste and is aimed to be a drop-in replacement with additional features for paste crate
      - [`with_builtin_macros`]: crate providing a [superset of `paste`'s functionality including general `macro_rules!` eager expansions](https://docs.rs/with_builtin_macros/0.1.0/with_builtin_macros/macro.with_eager_expansions.html)  and `concat!`/`concat_idents!` macros
      
      [`pastey`]: https://crates.io/crates/pastey
      [`with_builtin_macros`]: https://crates.io/crates/with_builtin_macros
    ├ Announcement: https://github.com/dtolnay/paste
    ├ Solution: No safe upgrade is available!
    ├ paste v1.0.15
      ├── datadog-sidecar-ffi v0.0.1
      ├── libdd-libunwind-sys v1.0.2
      │   └── libdd-crashtracker v1.0.0
      │       ├── datadog-sidecar v0.0.1
      │       │   └── datadog-sidecar-ffi v0.0.1 (*)
      │       ├── datadog-sidecar-ffi v0.0.1 (*)
      │       └── libdd-crashtracker-ffi v37.0.0
      │           ├── datadog-sidecar v0.0.1 (*)
      │           └── datadog-sidecar-ffi v0.0.1 (*)
      ├── libdd-telemetry-ffi v37.0.0
      │   └── datadog-sidecar-ffi v0.0.1 (*)
      └── rmp v0.8.14
          ├── libdd-trace-utils v9.0.0
          │   ├── (dev) datadog-sidecar v0.0.1 (*)
          │   ├── (dev) datadog-sidecar-ffi v0.0.1 (*)
          │   ├── libdd-data-pipeline v7.0.0
          │   │   ├── datadog-live-debugger v0.0.1
          │   │   │   ├── datadog-sidecar v0.0.1 (*)
          │   │   │   └── datadog-sidecar-ffi v0.0.1 (*)
          │   │   └── datadog-sidecar v0.0.1 (*)
          │   ├── libdd-trace-obfuscation v5.0.0
          │   │   └── libdd-trace-stats v6.0.0
          │   │       ├── datadog-ipc v0.1.0
          │   │       │   ├── datadog-sidecar v0.0.1 (*)
          │   │       │   └── datadog-sidecar-ffi v0.0.1 (*)
          │   │       ├── datadog-sidecar v0.0.1 (*)
          │   │       └── libdd-data-pipeline v7.0.0 (*)
          │   ├── libdd-trace-stats v6.0.0 (*)
          │   └── (dev) libdd-trace-utils v9.0.0 (*)
          ├── rmp-serde v1.3.0
          │   ├── datadog-sidecar v0.0.1 (*)
          │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │   ├── libdd-data-pipeline v7.0.0 (*)
          │   ├── (dev) libdd-tinybytes v1.1.1
          │   │   ├── datadog-ipc v0.1.0 (*)
          │   │   ├── datadog-sidecar v0.0.1 (*)
          │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
          │   │   ├── libdd-data-pipeline v7.0.0 (*)
          │   │   ├── (dev) libdd-tinybytes v1.1.1 (*)
          │   │   └── libdd-trace-utils v9.0.0 (*)
          │   ├── libdd-trace-stats v6.0.0 (*)
          │   └── libdd-trace-utils v9.0.0 (*)
          └── rmpv v1.3.0
              └── libdd-trace-utils v9.0.0 (*)

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:304:1
    │
304 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── datadog-sidecar v0.0.1
      │   └── datadog-sidecar-ffi v0.0.1
      ├── libdd-common v5.1.0
      │   ├── datadog-ffe v1.0.0
      │   │   └── datadog-sidecar v0.0.1 (*)
      │   ├── datadog-ipc v0.1.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   └── datadog-sidecar-ffi v0.0.1 (*)
      │   ├── datadog-live-debugger v0.0.1
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   └── datadog-sidecar-ffi v0.0.1 (*)
      │   ├── datadog-sidecar v0.0.1 (*)
      │   ├── datadog-sidecar-ffi v0.0.1 (*)
      │   ├── libdd-capabilities-impl v3.0.0
      │   │   ├── (dev) datadog-ffe v1.0.0 (*)
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   ├── libdd-data-pipeline v7.0.0
      │   │   │   ├── datadog-live-debugger v0.0.1 (*)
      │   │   │   └── datadog-sidecar v0.0.1 (*)
      │   │   ├── libdd-shared-runtime v2.0.0
      │   │   │   ├── libdd-data-pipeline v7.0.0 (*)
      │   │   │   ├── libdd-telemetry v6.0.0
      │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
      │   │   │   │   ├── libdd-crashtracker v1.0.0
      │   │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
      │   │   │   │   │   └── libdd-crashtracker-ffi v37.0.0
      │   │   │   │   │       ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │   │       └── datadog-sidecar-ffi v0.0.1 (*)
      │   │   │   │   ├── libdd-data-pipeline v7.0.0 (*)
      │   │   │   │   ├── libdd-telemetry-ffi v37.0.0
      │   │   │   │   │   └── datadog-sidecar-ffi v0.0.1 (*)
      │   │   │   │   └── libdd-trace-stats v6.0.0
      │   │   │   │       ├── datadog-ipc v0.1.0 (*)
      │   │   │   │       ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │       └── libdd-data-pipeline v7.0.0 (*)
      │   │   │   └── libdd-trace-stats v6.0.0 (*)
      │   │   ├── libdd-trace-stats v6.0.0 (*)
      │   │   └── libdd-trace-utils v9.0.0
      │   │       ├── (dev) datadog-sidecar v0.0.1 (*)
      │   │       ├── (dev) datadog-sidecar-ffi v0.0.1 (*)
      │   │       ├── libdd-data-pipeline v7.0.0 (*)
      │   │       ├── libdd-trace-obfuscation v5.0.0
      │   │       │   └── libdd-trace-stats v6.0.0 (*)
      │   │       ├── libdd-trace-stats v6.0.0 (*)
      │   │       └── (dev) libdd-trace-utils v9.0.0 (*)
      │   ├── libdd-common-ffi v37.0.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
      │   │   ├── libdd-crashtracker-ffi v37.0.0 (*)
      │   │   └── libdd-telemetry-ffi v37.0.0 (*)
      │   ├── (build) libdd-crashtracker v1.0.0 (*)
      │   ├── libdd-crashtracker-ffi v37.0.0 (*)
      │   ├── libdd-data-pipeline v7.0.0 (*)
      │   ├── libdd-dogstatsd-client v4.0.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
      │   │   ├── libdd-data-pipeline v7.0.0 (*)
      │   │   └── libdd-trace-stats v6.0.0 (*)
      │   ├── libdd-remote-config v2.0.0
      │   │   ├── datadog-ffe v1.0.0 (*)
      │   │   ├── datadog-live-debugger v0.0.1 (*)
      │   │   ├── (dev) datadog-sidecar v0.0.1 (*)
      │   │   ├── datadog-sidecar-ffi v0.0.1 (*)
      │   │   └── (dev) libdd-remote-config v2.0.0 (*)
      │   ├── libdd-shared-runtime v2.0.0 (*)
      │   ├── libdd-telemetry v6.0.0 (*)
      │   ├── libdd-telemetry-ffi v37.0.0 (*)
      │   ├── libdd-trace-obfuscation v5.0.0 (*)
      │   ├── libdd-trace-stats v6.0.0 (*)
      │   └── libdd-trace-utils v9.0.0 (*)
      ├── libdd-crashtracker v1.0.0 (*)
      ├── (dev) libdd-data-pipeline v7.0.0 (*)
      ├── (dev) libdd-ddsketch v1.1.0
      │   ├── datadog-ipc v0.1.0 (*)
      │   ├── libdd-data-pipeline v7.0.0 (*)
      │   ├── libdd-telemetry v6.0.0 (*)
      │   └── libdd-trace-stats v6.0.0 (*)
      ├── (dev) libdd-trace-normalization v3.0.0
      │   ├── libdd-data-pipeline v7.0.0 (*)
      │   └── libdd-trace-utils v9.0.0 (*)
      ├── (dev) libdd-trace-stats v6.0.0 (*)
      ├── libdd-trace-utils v9.0.0 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.1
              ├── datadog-ipc v0.1.0 (*)
              ├── datadog-sidecar v0.0.1 (*)
              ├── datadog-sidecar-ffi v0.0.1 (*)
              ├── libdd-data-pipeline v7.0.0 (*)
              ├── (dev) libdd-tinybytes v1.1.1 (*)
              └── libdd-trace-utils v9.0.0 (*)

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:397:1
    │
397 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      ├── libdd-remote-config v2.0.0
      │   ├── datadog-ffe v1.0.0
      │   │   └── datadog-sidecar v0.0.1
      │   │       └── datadog-sidecar-ffi v0.0.1
      │   ├── datadog-live-debugger v0.0.1
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   └── datadog-sidecar-ffi v0.0.1 (*)
      │   ├── (dev) datadog-sidecar v0.0.1 (*)
      │   ├── datadog-sidecar-ffi v0.0.1 (*)
      │   └── (dev) libdd-remote-config v2.0.0 (*)
      └── tracing-appender v0.2.3
          └── libdd-log v1.0.0
              └── (dev) libdd-data-pipeline v7.0.0
                  ├── datadog-live-debugger v0.0.1 (*)
                  └── datadog-sidecar v0.0.1 (*)

advisories FAILED, bans ok, sources ok

📦 datadog-sidecar - 4 error(s)

Show output
error[unmaintained]: Bincode is unmaintained
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:37:1
   │
37 │ bincode 1.3.3 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unmaintained advisory detected
   │
   ├ ID: RUSTSEC-2025-0141
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2025-0141
   ├ Due to a doxxing and harassment incident, the bincode team has taken the decision to cease development permanently.
     
     The team considers version 1.3.3 a complete version of bincode that is not in need of any updates.
     
     ## Alternatives to consider
     
     * [wincode](https://crates.io/crates/wincode)
     * [postcard](https://crates.io/crates/postcard)
     * [bitcode](https://crates.io/crates/bitcode)
     * [rkyv](https://crates.io/crates/rkyv)
   ├ Announcement: https://git.sr.ht/~stygianentity/bincode/tree/v3.0/item/README.md
   ├ Solution: No safe upgrade is available!
   ├ bincode v1.3.3
     ├── (dev) datadog-ffe v1.0.0
     │   └── datadog-sidecar v0.0.1
     ├── datadog-ipc v0.1.0
     │   └── datadog-sidecar v0.0.1 (*)
     └── datadog-sidecar v0.0.1 (*)

error[vulnerability]: Invalid pointer dereference in `fmt::Pointer` impl for `Atomic` and `Shared` when the underlying pointer is invalid
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:90:1
   │
90 │ crossbeam-epoch 0.9.18 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0204
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0204
   ├ Affected versions of `fmt::Display` dereference the underlying pointer. This causes a invalid pointer dereference e.g., when a pointer created with `Atomic::null` or `Shared::null`. `fmt::Debug` impls and pre-0.9 `fmt::Display` impls, which do not dereference pointers, are not affected by this issue.
   ├ Announcement: https://github.com/crossbeam-rs/crossbeam/pull/1276
   ├ Solution: Upgrade to >=0.9.20 (try `cargo update -p crossbeam-epoch`)
   ├ crossbeam-epoch v0.9.18
     └── crossbeam-deque v0.8.5
         └── rayon-core v1.12.1
             └── rayon v1.10.0
                 └── criterion v0.5.1
                     ├── (dev) datadog-ipc v0.1.0
                     │   └── datadog-sidecar v0.0.1
                     ├── libdd-common v5.1.0
                     │   ├── datadog-ffe v1.0.0
                     │   │   └── datadog-sidecar v0.0.1 (*)
                     │   ├── datadog-ipc v0.1.0 (*)
                     │   ├── datadog-live-debugger v0.0.1
                     │   │   └── datadog-sidecar v0.0.1 (*)
                     │   ├── datadog-sidecar v0.0.1 (*)
                     │   ├── libdd-capabilities-impl v3.0.0
                     │   │   ├── (dev) datadog-ffe v1.0.0 (*)
                     │   │   ├── datadog-sidecar v0.0.1 (*)
                     │   │   ├── libdd-data-pipeline v7.0.0
                     │   │   │   ├── datadog-live-debugger v0.0.1 (*)
                     │   │   │   └── datadog-sidecar v0.0.1 (*)
                     │   │   ├── libdd-shared-runtime v2.0.0
                     │   │   │   ├── libdd-data-pipeline v7.0.0 (*)
                     │   │   │   ├── libdd-telemetry v6.0.0
                     │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
                     │   │   │   │   ├── libdd-crashtracker v1.0.0
                     │   │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
                     │   │   │   │   │   └── libdd-crashtracker-ffi v37.0.0
                     │   │   │   │   │       └── datadog-sidecar v0.0.1 (*)
                     │   │   │   │   ├── libdd-data-pipeline v7.0.0 (*)
                     │   │   │   │   └── libdd-trace-stats v6.0.0
                     │   │   │   │       ├── datadog-ipc v0.1.0 (*)
                     │   │   │   │       ├── datadog-sidecar v0.0.1 (*)
                     │   │   │   │       └── libdd-data-pipeline v7.0.0 (*)
                     │   │   │   └── libdd-trace-stats v6.0.0 (*)
                     │   │   ├── libdd-trace-stats v6.0.0 (*)
                     │   │   └── libdd-trace-utils v9.0.0
                     │   │       ├── (dev) datadog-sidecar v0.0.1 (*)
                     │   │       ├── libdd-data-pipeline v7.0.0 (*)
                     │   │       ├── libdd-trace-obfuscation v5.0.0
                     │   │       │   └── libdd-trace-stats v6.0.0 (*)
                     │   │       ├── libdd-trace-stats v6.0.0 (*)
                     │   │       └── (dev) libdd-trace-utils v9.0.0 (*)
                     │   ├── libdd-common-ffi v37.0.0
                     │   │   ├── datadog-sidecar v0.0.1 (*)
                     │   │   └── libdd-crashtracker-ffi v37.0.0 (*)
                     │   ├── (build) libdd-crashtracker v1.0.0 (*)
                     │   ├── libdd-crashtracker-ffi v37.0.0 (*)
                     │   ├── libdd-data-pipeline v7.0.0 (*)
                     │   ├── libdd-dogstatsd-client v4.0.0
                     │   │   ├── datadog-sidecar v0.0.1 (*)
                     │   │   ├── libdd-data-pipeline v7.0.0 (*)
                     │   │   └── libdd-trace-stats v6.0.0 (*)
                     │   ├── libdd-remote-config v2.0.0
                     │   │   ├── datadog-ffe v1.0.0 (*)
                     │   │   ├── datadog-live-debugger v0.0.1 (*)
                     │   │   ├── (dev) datadog-sidecar v0.0.1 (*)
                     │   │   └── (dev) libdd-remote-config v2.0.0 (*)
                     │   ├── libdd-shared-runtime v2.0.0 (*)
                     │   ├── libdd-telemetry v6.0.0 (*)
                     │   ├── libdd-trace-obfuscation v5.0.0 (*)
                     │   ├── libdd-trace-stats v6.0.0 (*)
                     │   └── libdd-trace-utils v9.0.0 (*)
                     ├── (dev) libdd-crashtracker v1.0.0 (*)
                     ├── (dev) libdd-data-pipeline v7.0.0 (*)
                     ├── (dev) libdd-ddsketch v1.1.0
                     │   ├── datadog-ipc v0.1.0 (*)
                     │   ├── libdd-data-pipeline v7.0.0 (*)
                     │   ├── libdd-telemetry v6.0.0 (*)
                     │   └── libdd-trace-stats v6.0.0 (*)
                     ├── (dev) libdd-trace-normalization v3.0.0
                     │   ├── libdd-data-pipeline v7.0.0 (*)
                     │   └── libdd-trace-utils v9.0.0 (*)
                     ├── (dev) libdd-trace-obfuscation v5.0.0 (*)
                     ├── (dev) libdd-trace-stats v6.0.0 (*)
                     └── (dev) libdd-trace-utils v9.0.0 (*)

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:302:1
    │
302 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── datadog-sidecar v0.0.1
      ├── libdd-common v5.1.0
      │   ├── datadog-ffe v1.0.0
      │   │   └── datadog-sidecar v0.0.1 (*)
      │   ├── datadog-ipc v0.1.0
      │   │   └── datadog-sidecar v0.0.1 (*)
      │   ├── datadog-live-debugger v0.0.1
      │   │   └── datadog-sidecar v0.0.1 (*)
      │   ├── datadog-sidecar v0.0.1 (*)
      │   ├── libdd-capabilities-impl v3.0.0
      │   │   ├── (dev) datadog-ffe v1.0.0 (*)
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   ├── libdd-data-pipeline v7.0.0
      │   │   │   ├── datadog-live-debugger v0.0.1 (*)
      │   │   │   └── datadog-sidecar v0.0.1 (*)
      │   │   ├── libdd-shared-runtime v2.0.0
      │   │   │   ├── libdd-data-pipeline v7.0.0 (*)
      │   │   │   ├── libdd-telemetry v6.0.0
      │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │   ├── libdd-crashtracker v1.0.0
      │   │   │   │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │   │   └── libdd-crashtracker-ffi v37.0.0
      │   │   │   │   │       └── datadog-sidecar v0.0.1 (*)
      │   │   │   │   ├── libdd-data-pipeline v7.0.0 (*)
      │   │   │   │   └── libdd-trace-stats v6.0.0
      │   │   │   │       ├── datadog-ipc v0.1.0 (*)
      │   │   │   │       ├── datadog-sidecar v0.0.1 (*)
      │   │   │   │       └── libdd-data-pipeline v7.0.0 (*)
      │   │   │   └── libdd-trace-stats v6.0.0 (*)
      │   │   ├── libdd-trace-stats v6.0.0 (*)
      │   │   └── libdd-trace-utils v9.0.0
      │   │       ├── (dev) datadog-sidecar v0.0.1 (*)
      │   │       ├── libdd-data-pipeline v7.0.0 (*)
      │   │       ├── libdd-trace-obfuscation v5.0.0
      │   │       │   └── libdd-trace-stats v6.0.0 (*)
      │   │       ├── libdd-trace-stats v6.0.0 (*)
      │   │       └── (dev) libdd-trace-utils v9.0.0 (*)
      │   ├── libdd-common-ffi v37.0.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   └── libdd-crashtracker-ffi v37.0.0 (*)
      │   ├── (build) libdd-crashtracker v1.0.0 (*)
      │   ├── libdd-crashtracker-ffi v37.0.0 (*)
      │   ├── libdd-data-pipeline v7.0.0 (*)
      │   ├── libdd-dogstatsd-client v4.0.0
      │   │   ├── datadog-sidecar v0.0.1 (*)
      │   │   ├── libdd-data-pipeline v7.0.0 (*)
      │   │   └── libdd-trace-stats v6.0.0 (*)
      │   ├── libdd-remote-config v2.0.0
      │   │   ├── datadog-ffe v1.0.0 (*)
      │   │   ├── datadog-live-debugger v0.0.1 (*)
      │   │   ├── (dev) datadog-sidecar v0.0.1 (*)
      │   │   └── (dev) libdd-remote-config v2.0.0 (*)
      │   ├── libdd-shared-runtime v2.0.0 (*)
      │   ├── libdd-telemetry v6.0.0 (*)
      │   ├── libdd-trace-obfuscation v5.0.0 (*)
      │   ├── libdd-trace-stats v6.0.0 (*)
      │   └── libdd-trace-utils v9.0.0 (*)
      ├── libdd-crashtracker v1.0.0 (*)
      ├── (dev) libdd-data-pipeline v7.0.0 (*)
      ├── (dev) libdd-ddsketch v1.1.0
      │   ├── datadog-ipc v0.1.0 (*)
      │   ├── libdd-data-pipeline v7.0.0 (*)
      │   ├── libdd-telemetry v6.0.0 (*)
      │   └── libdd-trace-stats v6.0.0 (*)
      ├── (dev) libdd-trace-normalization v3.0.0
      │   ├── libdd-data-pipeline v7.0.0 (*)
      │   └── libdd-trace-utils v9.0.0 (*)
      ├── (dev) libdd-trace-stats v6.0.0 (*)
      ├── libdd-trace-utils v9.0.0 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.1
              ├── datadog-ipc v0.1.0 (*)
              ├── datadog-sidecar v0.0.1 (*)
              ├── libdd-data-pipeline v7.0.0 (*)
              ├── (dev) libdd-tinybytes v1.1.1 (*)
              └── libdd-trace-utils v9.0.0 (*)

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:395:1
    │
395 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      ├── libdd-remote-config v2.0.0
      │   ├── datadog-ffe v1.0.0
      │   │   └── datadog-sidecar v0.0.1
      │   ├── datadog-live-debugger v0.0.1
      │   │   └── datadog-sidecar v0.0.1 (*)
      │   ├── (dev) datadog-sidecar v0.0.1 (*)
      │   └── (dev) libdd-remote-config v2.0.0 (*)
      └── tracing-appender v0.2.3
          └── libdd-log v1.0.0
              └── (dev) libdd-data-pipeline v7.0.0
                  ├── datadog-live-debugger v0.0.1 (*)
                  └── datadog-sidecar v0.0.1 (*)

advisories FAILED, bans ok, sources ok

Updated: 2026-07-14 23:26:06 UTC | Commit: ffd4800 | dependency-check job results

@dd-octo-sts

dd-octo-sts Bot commented Jun 14, 2026

Copy link
Copy Markdown
Contributor

Artifact Size Benchmark Report

aarch64-alpine-linux-musl
Artifact Baseline Commit Change
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.a 86.16 MB 86.16 MB 0% (0 B) 👌
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.so 7.88 MB 7.88 MB 0% (0 B) 👌
aarch64-unknown-linux-gnu
Artifact Baseline Commit Change
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.so 10.62 MB 10.62 MB 0% (0 B) 👌
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.a 97.41 MB 97.41 MB 0% (0 B) 👌
libdatadog-x64-windows
Artifact Baseline Commit Change
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.dll 25.55 MB 25.55 MB 0% (0 B) 👌
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.lib 88.85 KB 88.85 KB 0% (0 B) 👌
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.pdb 185.33 MB 185.33 MB 0% (0 B) 👌
/libdatadog-x64-windows/debug/static/datadog_profiling_ffi.lib 957.28 MB 957.28 MB +0% (+3.28 KB) 👌
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.dll 8.36 MB 8.36 MB 0% (0 B) 👌
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.lib 88.85 KB 88.85 KB 0% (0 B) 👌
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.pdb 24.73 MB 24.73 MB 0% (0 B) 👌
/libdatadog-x64-windows/release/static/datadog_profiling_ffi.lib 49.23 MB 49.23 MB 0% (0 B) 👌
libdatadog-x86-windows
Artifact Baseline Commit Change
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.dll 22.20 MB 22.20 MB 0% (0 B) 👌
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.lib 90.24 KB 90.24 KB 0% (0 B) 👌
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.pdb 189.78 MB 189.77 MB -0% (-8.00 KB) 👌
/libdatadog-x86-windows/debug/static/datadog_profiling_ffi.lib 945.96 MB 945.96 MB +0% (+3.28 KB) 👌
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.dll 6.46 MB 6.46 MB 0% (0 B) 👌
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.lib 90.24 KB 90.24 KB 0% (0 B) 👌
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.pdb 26.55 MB 26.55 MB 0% (0 B) 👌
/libdatadog-x86-windows/release/static/datadog_profiling_ffi.lib 46.84 MB 46.84 MB 0% (0 B) 👌
x86_64-alpine-linux-musl
Artifact Baseline Commit Change
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.a 76.98 MB 76.98 MB 0% (0 B) 👌
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.so 8.81 MB 8.81 MB 0% (0 B) 👌
x86_64-unknown-linux-gnu
Artifact Baseline Commit Change
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.a 92.39 MB 92.39 MB 0% (0 B) 👌
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.so 10.72 MB 10.72 MB 0% (0 B) 👌

@leoromanovsky
leoromanovsky marked this pull request as ready for review June 23, 2026 03:06
@leoromanovsky
leoromanovsky requested review from a team as code owners June 23, 2026 03:06
@leoromanovsky
leoromanovsky requested review from bwoebi, dd-oleksii and typotter and removed request for a team June 23, 2026 03:06

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 60fe825c39

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread datadog-sidecar/src/service/ffe_flagevaluation_flusher.rs Outdated
Comment thread datadog-ffe/src/telemetry/flagevaluation.rs
Comment thread datadog-ffe/src/telemetry/flagevaluation.rs
Comment thread datadog-ffe/src/telemetry/flagevaluation.rs Outdated
Comment thread datadog-ffe/src/telemetry/flagevaluation.rs
Comment thread datadog-sidecar/src/service/ffe_flagevaluation_flusher.rs
Comment thread datadog-sidecar/src/service/mod.rs
Comment thread datadog-sidecar/src/service/sidecar_server.rs Outdated
Comment thread datadog-sidecar/src/self_telemetry.rs Outdated
Comment thread datadog-sidecar/src/service/ffe_flagevaluation_flusher.rs
Comment thread datadog-sidecar/src/service/ffe_flagevaluation_flusher.rs Outdated
Comment thread datadog-ffe/src/telemetry/flagevaluation.rs
Comment thread datadog-sidecar-ffi/src/lib.rs
Comment thread datadog-ffe/src/telemetry/flagevaluation.rs
Comment thread datadog-sidecar/src/service/sidecar_server.rs Outdated
Comment thread datadog-sidecar/src/service/ffe_flagevaluation_flusher.rs Outdated
Comment thread datadog-ffe/src/telemetry/flagevaluation.rs Outdated
Comment thread datadog-sidecar/src/service/mod.rs
@leoromanovsky
leoromanovsky requested a review from bwoebi July 6, 2026 20:42
…46-ffe-flagevaluation-evp

# Conflicts:
#	datadog-sidecar/src/service/sidecar_server.rs
@leoromanovsky
leoromanovsky requested a review from a team as a code owner July 7, 2026 19:48
@leoromanovsky

Copy link
Copy Markdown
Contributor Author

Had a DM conversation with Bob that after this review's comments are addressed, it would be approved; merging.

@dd-octo-sts-09fbc5

Copy link
Copy Markdown

PR Shepherd is now watching this PR: fixing basic CI failures, rebasing when it falls behind, and re-queueing after transient merge-queue failures. To disable it, add the pr-shepherd:ignore label.

If you have any questions, reach the team in #ai-devx-flow.

@pr-commenter

pr-commenter Bot commented Jul 14, 2026

Copy link
Copy Markdown

Benchmarks

Comparison

Benchmark execution time: 2026-07-14 21:43:03

Comparing candidate commit fd0f685 in PR branch leo.romanovsky/ffl-2446-ffe-flagevaluation-evp with baseline commit a7ec21d in branch main.

Found 3 performance improvements and 7 performance regressions! Performance is the same for 167 metrics, 10 unstable metrics.

Explanation

This is an A/B test comparing a candidate commit's performance against that of a baseline commit. Performance changes are noted in the tables below as:

  • 🟩 = significantly better candidate vs. baseline
  • 🟥 = significantly worse candidate vs. baseline

We compute a confidence interval (CI) over the relative difference of means between metrics from the candidate and baseline commits, considering the baseline as the reference.

If the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD), the change is considered significant.

Feel free to reach out to #apm-benchmarking-platform on Slack if you have any questions.

More details about the CI and significant changes

You can imagine this CI as a range of values that is likely to contain the true difference of means between the candidate and baseline commits.

CIs of the difference of means are often centered around 0%, because often changes are not that big:

---------------------------------(------|---^--------)-------------------------------->
                              -0.6%    0%  0.3%     +1.2%
                                 |          |        |
         lower bound of the CI --'          |        |
sample mean (center of the CI) -------------'        |
         upper bound of the CI ----------------------'

As described above, a change is considered significant if the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD).

For instance, for an execution time metric, this confidence interval indicates a significantly worse performance:

----------------------------------------|---------|---(---------^---------)---------->
                                       0%        1%  1.3%      2.2%      3.1%
                                                  |   |         |         |
       significant impact threshold --------------'   |         |         |
                      lower bound of CI --------------'         |         |
       sample mean (center of the CI) --------------------------'         |
                      upper bound of CI ----------------------------------'

scenario:alloc_free/sampled_system_slow_path/16

  • 🟥 execution_time [+17.534ns; +17.683ns] or [+20.285%; +20.457%]

scenario:alloc_free/sampled_system_slow_path/256

  • 🟥 execution_time [+17.347ns; +17.500ns] or [+20.067%; +20.244%]

scenario:alloc_free/sampled_system_slow_path/4096

  • 🟥 execution_time [+15.381ns; +15.495ns] or [+9.776%; +9.848%]

scenario:alloc_free/sampled_system_slow_path/64

  • 🟥 execution_time [+17.320ns; +17.519ns] or [+20.021%; +20.250%]

scenario:alloc_free/sampled_system_slow_path/65536

  • 🟥 execution_time [+19.943ns; +20.060ns] or [+12.450%; +12.523%]

scenario:alloc_free/system/4096

  • 🟩 execution_time [-13.553ns; -13.435ns] or [-14.264%; -14.141%]

scenario:glob_matcher/ascii_wildcard_question_match/wall_time

  • 🟩 execution_time [-21.291ns; -21.273ns] or [-36.601%; -36.570%]

scenario:glob_matcher/ascii_wildcard_star_match/wall_time

  • 🟩 execution_time [-23.722ns; -23.696ns] or [-39.209%; -39.166%]

scenario:trace_buffer/4_senders/no_delay

  • 🟥 execution_time [+150.602µs; +179.345µs] or [+6.496%; +7.735%]
  • 🟥 throughput [-113886.640op/s; -95109.435op/s] or [-7.324%; -6.117%]

Candidate

Omitted due to size.

Baseline

Omitted due to size.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants