Skip to content

Move appsec communication to sidecar#3725

Draft
cataphract wants to merge 4 commits into
masterfrom
glopes/sidecar-comm
Draft

Move appsec communication to sidecar#3725
cataphract wants to merge 4 commits into
masterfrom
glopes/sidecar-comm

Conversation

@cataphract
Copy link
Copy Markdown
Contributor

@cataphract cataphract commented Mar 24, 2026

Description

wip

Reviewer checklist

  • Test coverage seems ok.
  • Appropriate labels assigned.

@cataphract cataphract force-pushed the glopes/sidecar-comm branch 3 times, most recently from d9cd53f to 373c569 Compare March 24, 2026 20:29
@datadog-datadog-prod-us1
Copy link
Copy Markdown

datadog-datadog-prod-us1 Bot commented Mar 24, 2026
edited by datadog-datadog-prod-us1-2 Bot
Loading

Pipelines  Tests

Fix all issues with BitsAI

⚠️ Warnings

🚦 103 Pipeline jobs failed

DataDog/apm-reliability/dd-trace-php | appsec integration tests (ssi): [test8.3-release-ssi]   View in Datadog   GitLab

🔄 Retry job. This looks flaky and may succeed on retry. Multiple tests failed due to connection errors with the sidecar transport, likely caused by the sidecar crashing.

🧪 1 Test failed

initializationError from com.datadog.appsec.php.integration.RemoteConfigTests   View in Datadog (Fix with Cursor) 
java.lang.AssertionError: No request with version 0 gotten within 12000 ms for com.datadog.appsec.php.mock_agent.rem_cfg.Target(some-name, none, )

java.lang.AssertionError: No request with version 0 gotten within 12000 ms for com.datadog.appsec.php.mock_agent.rem_cfg.Target(some-name, none, )
	at com.datadog.appsec.php.mock_agent.ConfigV07Handler.waitForVersion(ConfigV07Handler.groovy:72)
	at com.datadog.appsec.php.mock_agent.MockDatadogAgent.waitForRCVersion(MockDatadogAgent.groovy:80)
	at com.datadog.appsec.php.docker.AppSecContainer.waitForRCVersion(AppSecContainer.groovy:186)
	at org.codehaus.groovy.vmplugin.v8.IndyInterface.fromCache(IndyInterface.java:321)
	at com.datadog.appsec.php.integration.RemoteConfigTests.beforeAll(RemoteConfigTests.groovy:58)
	at java.base/java.lang.reflect.Method.invoke(Method.java:569)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)

DataDog/apm-reliability/dd-trace-php | appsec code coverage   View in Datadog   GitLab

🔧 Fix in code (Fix with Cursor). Multiple test failures, mainly due to helper not responding with a valid client_id. Most tests fail in the appsec context related to user requests.

DataDog/apm-reliability/dd-trace-php | appsec integration tests: [test7.0-release-zts]   View in Datadog   GitLab

🔧 Fix in code (Fix with Cursor). Compilation error: macro 'ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX' requires 6 arguments, but only 5 given in /project/appsec/src/extension/ddappsec_arginfo.h:4.

View all 103 failed jobs.

ℹ️ Info

No other issues found (see more)

❄️ No new flaky tests detected

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 2698d89 | Docs | Datadog PR Page | Give us feedback!

@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Mar 24, 2026
edited
Loading

Benchmarks [ tracer ]

Benchmark execution time: 2026-05-20 15:56:18

Comparing candidate commit 2698d89 in PR branch glopes/sidecar-comm with baseline commit a52b578 in branch master.

Found 0 performance improvements and 20 performance regressions! Performance is the same for 161 metrics, 13 unstable metrics.

scenario:PDOBench/benchPDOOverhead

  • 🟥 execution_time [+10.176µs; +12.746µs] or [+4.160%; +5.211%]

scenario:PDOBench/benchPDOOverhead-opcache

  • 🟥 execution_time [+9.512µs; +11.302µs] or [+3.917%; +4.654%]

scenario:PDOBench/benchPDOOverheadWithDBM

  • 🟥 execution_time [+9.182µs; +12.595µs] or [+3.741%; +5.132%]

scenario:PDOBench/benchPDOOverheadWithDBM-opcache

  • 🟥 execution_time [+9.378µs; +12.039µs] or [+3.863%; +4.960%]

scenario:PHPRedisBench/benchRedisOverhead

  • 🟥 execution_time [+54.643µs; +66.379µs] or [+5.738%; +6.970%]

scenario:PHPRedisBench/benchRedisOverhead-opcache

  • 🟥 execution_time [+47.234µs; +60.807µs] or [+4.783%; +6.158%]

scenario:SamplingRuleMatchingBench/benchGlobMatching1

  • 🟥 execution_time [+10.218µs; +10.441µs] or [+407.607%; +416.487%]

scenario:SamplingRuleMatchingBench/benchGlobMatching2

  • 🟥 execution_time [+10.034µs; +10.186µs] or [+385.627%; +391.483%]

scenario:SamplingRuleMatchingBench/benchGlobMatching3-opcache

  • 🟥 execution_time [+9.895µs; +10.153µs] or [+358.981%; +368.350%]

scenario:SamplingRuleMatchingBench/benchGlobMatching4

  • 🟥 execution_time [+10.130µs; +10.329µs] or [+384.765%; +392.339%]

scenario:SamplingRuleMatchingBench/benchGlobMatching4-opcache

  • 🟥 execution_time [+9.974µs; +10.180µs] or [+348.974%; +356.166%]

scenario:SamplingRuleMatchingBench/benchRegexMatching1-opcache

  • 🟥 execution_time [+18.702µs; +18.858µs] or [+1122.893%; +1132.298%]

scenario:SamplingRuleMatchingBench/benchRegexMatching4-opcache

  • 🟥 execution_time [+8.424µs; +8.884µs] or [+72.086%; +76.021%]

scenario:SpanBench/benchDatadogAPI

  • 🟥 execution_time [+12.181µs; +14.144µs] or [+18.711%; +21.727%]

scenario:SpanBench/benchDatadogAPI-opcache

  • 🟥 execution_time [+12.686µs; +13.343µs] or [+19.632%; +20.649%]

scenario:SpanBench/benchOpenTelemetryAPI

  • 🟥 execution_time [+24.739µs; +40.663µs] or [+3.408%; +5.601%]

scenario:SpanBench/benchOpenTelemetryAPI-opcache

  • 🟥 execution_time [+29.490µs; +36.477µs] or [+4.391%; +5.432%]

scenario:SpanBench/benchOpenTelemetryInteroperability

  • 🟥 execution_time [+106.521µs; +109.589µs] or [+56.301%; +57.923%]

scenario:SpanBench/benchOpenTelemetryInteroperability-opcache

  • 🟥 execution_time [+105.900µs; +110.670µs] or [+60.517%; +63.243%]

scenario:TraceAnnotationsBench/benchTraceAnnotationOverhead-opcache

  • 🟥 execution_time [+3.675µs; +7.466µs] or [+2.066%; +4.197%]

@cataphract cataphract force-pushed the glopes/sidecar-comm branch from 373c569 to 121733e Compare March 24, 2026 21:54
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Mar 24, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 59.67213% with 492 lines in your changes missing coverage. Please review.
✅ Project coverage is 75.84%. Comparing base (a1bb038) to head (366de49).

Files with missing lines Patch % Lines
appsec/helper-rust/src/client.rs 44.40% 144 Missing ⚠️
appsec/helper-rust/src/client/sidecar_msg.rs 81.47% 88 Missing ⚠️
appsec/helper-rust/src/server.rs 0.00% 77 Missing ⚠️
appsec/src/extension/test_mock_transport.c 58.76% 30 Missing and 10 partials ⚠️
appsec/src/extension/commands_helpers.c 66.96% 30 Missing and 7 partials ⚠️
appsec/src/extension/ddtrace.c 45.45% 30 Missing and 6 partials ⚠️
appsec/src/extension/network.c 58.82% 20 Missing and 8 partials ⚠️
appsec/helper-rust/src/lib.rs 0.00% 26 Missing ⚠️
appsec/src/extension/logging.h 0.00% 12 Missing ⚠️
appsec/src/extension/helper_process.c 66.66% 2 Missing ⚠️
... and 1 more
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #3725      +/-   ##
==========================================
+ Coverage   68.81%   75.84%   +7.02%     
==========================================
  Files         166       66     -100     
  Lines       19030    13366    -5664     
  Branches     1797     1189     -608     
==========================================
- Hits        13095    10137    -2958     
+ Misses       5121     2662    -2459     
+ Partials      814      567     -247
Flag Coverage Δ
helper-rust-unit 52.54% <60.16%> (+3.17%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
appsec/helper-rust/src/client/protocol.rs 95.07% <100.00%> (+0.01%) ⬆️
appsec/helper-rust/src/config.rs 97.77% <ø> (+0.21%) ⬆️
appsec/helper-rust/src/ffi.rs 74.48% <ø> (ø)
appsec/helper-rust/src/service/updateable_waf.rs 96.37% <100.00%> (+0.03%) ⬆️
appsec/helper-rust/src/service/waf_ruleset.rs 66.23% <ø> (ø)
appsec/helper-rust/src/telemetry.rs 74.07% <ø> (ø)
appsec/helper-rust/src/telemetry/sidecar.rs 82.60% <ø> (+3.50%) ⬆️
appsec/src/extension/commands/client_init.c 79.51% <100.00%> (+1.46%) ⬆️
appsec/src/extension/commands/request_exec.c 81.81% <100.00%> (ø)
appsec/src/extension/configuration.h 100.00% <ø> (ø)
... and 14 more

... and 34 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a1bb038...366de49. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@cataphract cataphract force-pushed the glopes/sidecar-comm branch 4 times, most recently from af7f0bc to 366de49 Compare March 25, 2026 02:04
@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Mar 25, 2026
edited
Loading

Benchmarks [ appsec ]

Benchmark execution time: 2026-05-20 15:12:42

Comparing candidate commit 2698d89 in PR branch glopes/sidecar-comm with baseline commit a52b578 in branch master.

Found 3 performance improvements and 0 performance regressions! Performance is the same for 9 metrics, 0 unstable metrics.

scenario:LaravelBench/benchLaravelOverhead-appsec

  • 🟩 execution_time [-2.038ms; -1.812ms] or [-13.713%; -12.193%]

scenario:SymfonyBench/benchSymfonyOverhead-appsec

  • 🟩 execution_time [-2.088ms; -1.947ms] or [-18.068%; -16.853%]

scenario:WordPressBench/benchWordPressOverhead-appsec

  • 🟩 execution_time [-7.435ms; -7.114ms] or [-17.146%; -16.406%]

@estringana estringana assigned estringana and unassigned estringana Mar 25, 2026
estringana
estringana reviewed Mar 25, 2026
View reviewed changes
Comment thread appsec/src/extension/commands_helpers.c Outdated
mlog(dd_log_debug, "Will exchange message with helper");

dd_result res = dd_conn_recv(conn, &imsg->_data, &imsg->_size);
// dd_result res = dd_conn_roundtripv(conn, iovecs, &imsg->_data,
Copy link
Copy Markdown
Contributor

@estringana estringana Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this comment go?

@cataphract cataphract force-pushed the glopes/sidecar-comm branch 3 times, most recently from 8d09873 to 1238aea Compare May 13, 2026 12:53
@cataphract cataphract force-pushed the glopes/sidecar-comm branch from 1238aea to 2b4a1c0 Compare May 20, 2026 13:24
cataphract and others added 2 commits May 20, 2026 14:26
@cataphract @claude
Remove stale msgpack-c submodule gitlink
2c022b2 
The .gitmodules entry was removed in an earlier WIP commit but the
gitlink remained in the tree, causing CI checkout to fail.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@cataphract
fix build
2698d89
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@estringana estringana estringana approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cataphract @codecov-commenter @estringana