refactor(config): generate runtime config from supported metadata

[BridgeAR]

Config model:
Build the tracer runtime config from supported-configurations.json.
The metadata now defines defaults, aliases, transforms, allowed values,
and internal property mapping. Env vars, stable config, code options,
remote config, and telemetry now go through the same parsing and
normalization path instead of separate logic.

Remote config and fallback:
Normalize remote config into the same local option names before apply.
When a remote value is removed, restore the earlier code value or the
default for that one option, instead of keeping an old remote value.
This also keeps config source tracking correct when remote config
changes over time.

Telemetry:
Report the same normalized config view that the tracer really uses.
Telemetry now keeps the source of each value, sends standard config
names such as DD_* and OTEL_*, and serializes URLs, arrays,
objects, functions, and rule sets in one consistent format for config
change events and extended heartbeats.

DD and OTEL precedence:
Use one precedence model for Datadog and OpenTelemetry settings.
Datadog config still wins when both are set. Generic
OTEL_EXPORTER_OTLP_* endpoint, header, protocol, and timeout values
now fill in logs and metrics config when the specific setting is not
set. b3 extraction keeps Datadog multi-header behavior when it comes
from DD_TRACE_PROPAGATION_STYLE, and keeps single-header behavior
when it comes from OTEL_PROPAGATORS.

Config-specific updates:
Parse and validate more individual settings through shared parsers.
This now covers sample rates, propagation styles and behavior,
OTEL_RESOURCE_ATTRIBUTES, DD_TRACE_HEADER_TAGS spacing,
JSON sampling rules, AppSec blocked template file paths, and
DD_GRPC_CLIENT_ERROR_STATUSES / DD_GRPC_SERVER_ERROR_STATUSES
range values. Invalid values now warn the same way and fall back more
predictably.

Calculated behavior:
Recalculate derived settings from the remembered source of each value.
This keeps service and tag inference, socket and DogStatsD defaults,
OTEL logs vs log injection, runtime metrics vs
OTEL_METRICS_EXPORTER=none, AppSec-driven resource renaming, CI and
serverless toggles, Lambda flush behavior, and agentless tracing
overrides consistent when inputs change.

Runtime consumers:
Move profiling, logging, agent URL selection, session propagation, and
other runtime code to read the resolved config instead of reparsing env
vars. This also keeps proxy startup working when tracing is off but
dynamic instrumentation or AppSec standalone still need runtime hooks,
and makes profiling exporter and profiler settings follow the same
config resolution path.

---

This depends on another branch.

[codecov]

Codecov Report

❌ Patch coverage is 95.13991% with 33 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.17%. Comparing base (f94162c) to head (8aeef8d).

Files with missing lines	Patch %	Lines
packages/dd-trace/src/config/remote_config.js	47.82%	12 Missing ⚠️
packages/dd-trace/src/config/parsers.js	95.27%	6 Missing ⚠️
packages/dd-trace/src/config/defaults.js	96.74%	4 Missing ⚠️
packages/dd-trace/src/config/index.js	98.49%	4 Missing ⚠️
packages/dd-trace/src/llmobs/sdk.js	25.00%	3 Missing ⚠️
packages/dd-trace/src/profiling/config.js	94.82%	3 Missing ⚠️
packages/datadog-plugin-aws-sdk/src/base.js	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #7916      +/-   ##
==========================================
- Coverage   74.26%   74.17%   -0.09%     
==========================================
  Files         765      768       +3     
  Lines       35786    35458     -328     
==========================================
- Hits        26575    26301     -274     
+ Misses       9211     9157      -54     

Flag	Coverage Δ
aiguard-macos	36.44% <62.05%> (-3.08%)	⬇️
aiguard-ubuntu	36.54% <62.05%> (-3.09%)	⬇️
aiguard-windows	36.34% <63.74%> (-2.96%)	⬇️
apm-capabilities-tracing-macos	48.56% <84.83%> (-0.60%)	⬇️
apm-capabilities-tracing-ubuntu	48.60% <84.83%> (-0.51%)	⬇️
apm-capabilities-tracing-windows	48.32% <86.15%> (-0.66%)	⬇️
apm-integrations-child-process	36.11% <59.86%> (-2.76%)	⬇️
apm-integrations-couchbase-18	35.05% <59.86%> (-2.57%)	⬇️
apm-integrations-couchbase-eol	35.13% <59.86%> (-3.01%)	⬇️
apm-integrations-oracledb	35.10% <59.86%> (-2.86%)	⬇️
appsec-express	52.97% <63.19%> (-2.50%)	⬇️
appsec-fastify	49.42% <63.69%> (-2.37%)	⬇️
appsec-graphql	49.66% <63.69%> (-2.29%)	⬇️
appsec-kafka	42.21% <63.19%> (-2.37%)	⬇️
appsec-ldapjs	41.49% <63.02%> (-2.70%)	⬇️
appsec-lodash	41.52% <63.02%> (-2.27%)	⬇️
appsec-macos	56.88% <64.28%> (-1.33%)	⬇️
appsec-mongodb-core	46.14% <63.02%> (-2.84%)	⬇️
appsec-mongoose	46.75% <63.02%> (-2.89%)	⬇️
appsec-mysql	48.88% <63.52%> (-2.27%)	⬇️
appsec-node-serialize	40.68% <63.02%> (-2.69%)	⬇️
appsec-passport	44.72% <62.05%> (-3.13%)	⬇️
appsec-postgres	48.46% <63.02%> (-2.32%)	⬇️
appsec-sourcing	40.14% <63.02%> (-2.48%)	⬇️
appsec-stripe	42.41% <62.73%> (-2.41%)	⬇️
appsec-template	40.85% <63.02%> (-2.69%)	⬇️
appsec-ubuntu	56.97% <64.28%> (-1.33%)	⬇️
appsec-windows	56.76% <65.90%> (-1.28%)	⬇️
instrumentations-instrumentation-bluebird	29.96% <59.86%> (-2.47%)	⬇️
instrumentations-instrumentation-body-parser	37.72% <59.86%> (-3.00%)	⬇️
instrumentations-instrumentation-child_process	35.49% <59.86%> (-2.69%)	⬇️
instrumentations-instrumentation-cookie-parser	31.90% <59.86%> (-2.55%)	⬇️
instrumentations-instrumentation-express	32.20% <59.86%> (-2.57%)	⬇️
instrumentations-instrumentation-express-mongo-sanitize	32.02% <59.86%> (-2.55%)	⬇️
instrumentations-instrumentation-express-session	37.39% <59.86%> (-2.97%)	⬇️
instrumentations-instrumentation-fs	29.60% <59.86%> (-2.51%)	⬇️
instrumentations-instrumentation-generic-pool	31.52% <66.08%> (+2.06%)	⬆️
instrumentations-instrumentation-http	36.94% <59.86%> (-3.15%)	⬇️
instrumentations-instrumentation-knex	29.97% <59.86%> (-2.52%)	⬇️
instrumentations-instrumentation-mongoose	31.09% <59.86%> (-2.52%)	⬇️
instrumentations-instrumentation-multer	37.50% <59.86%> (-2.98%)	⬇️
instrumentations-instrumentation-mysql2	35.46% <59.69%> (-3.04%)	⬇️
instrumentations-instrumentation-passport	41.33% <61.38%> (-2.92%)	⬇️
instrumentations-instrumentation-passport-http	41.02% <61.38%> (-2.91%)	⬇️
instrumentations-instrumentation-passport-local	41.52% <61.38%> (-2.94%)	⬇️
instrumentations-instrumentation-pg	34.97% <59.69%> (-2.98%)	⬇️
instrumentations-instrumentation-promise	29.89% <59.86%> (-2.46%)	⬇️
instrumentations-instrumentation-promise-js	29.90% <59.86%> (-2.46%)	⬇️
instrumentations-instrumentation-q	29.94% <59.86%> (-2.47%)	⬇️
instrumentations-instrumentation-url	29.86% <59.86%> (-2.46%)	⬇️
instrumentations-instrumentation-when	29.91% <59.86%> (-2.46%)	⬇️
llmobs-ai	38.53% <61.88%> (-3.17%)	⬇️
llmobs-anthropic	37.68% <61.88%> (-2.97%)	⬇️
llmobs-bedrock	37.22% <61.91%> (-2.18%)	⬇️
llmobs-google-genai	37.62% <61.88%> (-2.34%)	⬇️
llmobs-langchain	37.13% <61.57%> (-2.41%)	⬇️
llmobs-openai	41.28% <62.39%> (-2.89%)	⬇️
llmobs-vertex-ai	37.79% <61.88%> (-2.43%)	⬇️
platform-core	30.82% <8.69%> (-0.65%)	⬇️
platform-esbuild	33.74% <8.69%> (-0.68%)	⬇️
platform-instrumentations-misc	41.10% <66.55%> (+6.98%)	⬆️
platform-shimmer	36.80% <8.69%> (-0.77%)	⬇️
platform-unit-guardrails	32.24% <8.69%> (-0.66%)	⬇️
platform-webpack	21.20% <36.63%> (+1.23%)	⬆️
plugins-azure-durable-functions	25.38% <8.69%> (-0.37%)	⬇️
plugins-azure-event-hubs	25.53% <8.69%> (-0.37%)	⬇️
plugins-azure-service-bus	24.92% <8.69%> (-0.35%)	⬇️
plugins-bullmq	40.81% <59.86%> (-2.90%)	⬇️
plugins-cassandra	35.25% <59.86%> (-2.86%)	⬇️
plugins-cookie	26.56% <8.69%> (-0.41%)	⬇️
plugins-cookie-parser	26.35% <8.69%> (-0.40%)	⬇️
plugins-crypto	26.21% <8.69%> (-0.52%)	⬇️
plugins-dd-trace-api	35.46% <59.86%> (-3.07%)	⬇️
plugins-express-mongo-sanitize	26.50% <8.69%> (-0.40%)	⬇️
plugins-express-session	26.31% <8.69%> (-0.40%)	⬇️
plugins-fastify	39.52% <62.90%> (-2.94%)	⬇️
plugins-fetch	35.76% <60.03%> (-2.84%)	⬇️
plugins-fs	35.71% <59.86%> (-3.14%)	⬇️
plugins-generic-pool	25.57% <8.69%> (-0.38%)	⬇️
plugins-google-cloud-pubsub	43.11% <60.03%> (-2.66%)	⬇️
plugins-grpc	38.12% <59.86%> (-2.99%)	⬇️
plugins-handlebars	26.54% <8.69%> (-0.40%)	⬇️
plugins-hapi	37.31% <59.86%> (-3.05%)	⬇️
plugins-hono	37.60% <59.86%> (-3.11%)	⬇️
plugins-ioredis	35.68% <59.86%> (-3.02%)	⬇️
plugins-knex	26.20% <8.69%> (-0.37%)	⬇️
plugins-langgraph	35.15% <59.86%> (-2.94%)	⬇️
plugins-ldapjs	24.12% <8.69%> (-0.32%)	⬇️
plugins-light-my-request	25.93% <8.69%> (-0.38%)	⬇️
plugins-limitd-client	30.22% <59.86%> (-2.49%)	⬇️
plugins-lodash	25.66% <8.69%> (-0.38%)	⬇️
plugins-mariadb	36.58% <59.86%> (-3.14%)	⬇️
plugins-memcached	35.33% <59.86%> (-3.11%)	⬇️
plugins-microgateway-core	36.44% <59.86%> (-3.00%)	⬇️
plugins-moleculer	38.11% <59.86%> (-2.62%)	⬇️
plugins-mongodb	36.56% <60.03%> (-2.81%)	⬇️
plugins-mongodb-core	36.17% <59.86%> (-3.04%)	⬇️
plugins-mongoose	36.12% <59.86%> (-2.90%)	⬇️
plugins-multer	26.31% <8.69%> (-0.40%)	⬇️
plugins-mysql	36.42% <59.86%> (-3.14%)	⬇️
plugins-mysql2	36.41% <59.86%> (-3.09%)	⬇️
plugins-node-serialize	26.60% <8.69%> (-0.41%)	⬇️
plugins-opensearch	35.00% <59.86%> (-2.84%)	⬇️
plugins-passport-http	26.37% <8.69%> (-0.39%)	⬇️
plugins-postgres	34.40% <59.86%> (-1.28%)	⬇️
plugins-process	26.21% <8.69%> (-0.52%)	⬇️
plugins-pug	26.56% <8.69%> (-0.41%)	⬇️
plugins-redis	35.99% <59.86%> (-3.15%)	⬇️
plugins-router	40.09% <59.86%> (-3.37%)	⬇️
plugins-sequelize	25.19% <8.69%> (-0.37%)	⬇️
plugins-test-and-upstream-amqp10	35.70% <59.86%> (-3.02%)	⬇️
plugins-test-and-upstream-amqplib	40.92% <59.86%> (-3.55%)	⬇️
plugins-test-and-upstream-apollo	36.60% <59.86%> (-2.73%)	⬇️
plugins-test-and-upstream-avsc	35.70% <60.03%> (-3.09%)	⬇️
plugins-test-and-upstream-bunyan	31.34% <59.86%> (-2.70%)	⬇️
plugins-test-and-upstream-connect	37.92% <59.86%> (-3.11%)	⬇️
plugins-test-and-upstream-graphql	37.25% <59.86%> (-3.12%)	⬇️
plugins-test-and-upstream-koa	37.57% <59.86%> (-3.05%)	⬇️
plugins-test-and-upstream-protobufjs	35.92% <60.03%> (-3.10%)	⬇️
plugins-test-and-upstream-rhea	41.00% <59.86%> (-3.50%)	⬇️
plugins-undici	36.66% <59.86%> (-2.79%)	⬇️
plugins-url	26.21% <8.69%> (-0.52%)	⬇️
plugins-valkey	35.36% <59.86%> (-3.05%)	⬇️
plugins-vm	26.21% <8.69%> (-0.52%)	⬇️
plugins-winston	31.78% <59.86%> (-2.58%)	⬇️
plugins-ws	39.01% <59.86%> (-3.20%)	⬇️
profiling-macos	38.01% <61.86%> (-2.74%)	⬇️
profiling-ubuntu	38.18% <62.02%> (-2.70%)	⬇️
profiling-windows	39.47% <66.91%> (-2.92%)	⬇️
serverless-azure-functions-client	25.26% <8.69%> (-0.36%)	⬇️
serverless-azure-functions-eventhubs	25.26% <8.69%> (-0.36%)	⬇️
serverless-azure-functions-servicebus	25.26% <8.69%> (-0.36%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Overall package size

Self size: 5.41 MB
Deduped: 6.25 MB
No deduping: 6.25 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 3.0.0 | 81.15 kB | 815.98 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[datadog-official]

⚠️ Tests

✨ Fix all issues with BitsAI or with Cursor

⚠️ Warnings

🧪 1 Test failed

package guardrails when package errors out with logging enabled should not instrument the package from with logging enabled     (Fix with Cursor)

The input did not match the regular expression /\nError during ddtrace instrumentation of application, aborting.\nReferenceError: this is a test error\n {4}at /m. Input:  'Application instrumentation bootstrapping complete\n' +   'false\n' +   'instrumentation source: manual\n'

AssertionError [ERR_ASSERTION]: The input did not match the regular expression /\nError during ddtrace instrumentation of application, aborting.\nReferenceError: this is a test error\n {4}at /m. Input:

'Application instrumentation bootstrapping complete\n' +
  'false\n' +
  'instrumentation source: manual\n'

    at /home/runner/work/dd-trace-js/dd-trace-js/integration-tests/package-guardrails.spec.js:124:20
    at runAndCheckOutput (integration-tests/helpers/index.js:58:5)
...

ℹ️ Info

No other issues found (see more)

❄️ No new flaky tests detected

🎯 Code Coverage (details)
• Patch Coverage: 88.71%
• Overall Coverage: 68.57% (-0.13%)

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 8aeef8d | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!}