Skip to content

Push llm event address#3664

Merged
estringana merged 18 commits intomasterfrom
estringana/add-openai-integration
Mar 2, 2026
Merged

Push llm event address#3664
estringana merged 18 commits intomasterfrom
estringana/add-openai-integration

Conversation

@estringana
Copy link
Copy Markdown
Contributor

@estringana estringana commented Feb 19, 2026
edited
Loading

Description

This PR enables appsec capabilities when using openai-php client. The implementation push appsec addresses to the waf and then eventually they are reported to the backend.

PHP implementation of the cross-AppSec LLM usage detection RFC for detecting and monitoring OpenAI SDK usage per endpoint.

The instrumentation wraps the OpenAI PHP SDK's request methods and captures LLM-related signals on each call: the model being used, input and output token counts, the request type (completion, chat, embedding, etc) and whether the call succeeded or failed. These are emitted as appsec events.

More info on RFC: API Endpoints: AI usage

Reviewer checklist

  • Test coverage seems ok.
  • Appropriate labels assigned.

@datadog-official
Copy link
Copy Markdown

datadog-official Bot commented Feb 19, 2026
edited by datadog-datadog-prod-us1 Bot
Loading

⚠️ Tests

Fix all issues with BitsAI or with Cursor

⚠️ Warnings

🧪 1028 Tests failed

testSearchPhpBinaries from integration.DDTrace\Tests\Integration\PHPInstallerTest (Datadog) (Fix with Cursor) 
DDTrace\Tests\Integration\PHPInstallerTest::testSearchPhpBinaries
Test code or tested code printed unexpected output: Searching for available php binaries, this operation might take a while.

phpvfscomposer://tests/vendor/phpunit/phpunit/phpunit:106
testSimplePushAndProcess from laravel-58-test.DDTrace\Tests\Integrations\Laravel\V5_8\QueueTest (Datadog) (Fix with Cursor) 
Risky Test
phpvfscomposer://tests/vendor/phpunit/phpunit/phpunit:97
testSimplePushAndProcess from laravel-8x-test.DDTrace\Tests\Integrations\Laravel\V8_x\QueueTest (Datadog) (Fix with Cursor) 
DDTrace\Tests\Integrations\Laravel\V8_x\QueueTest::testSimplePushAndProcess
Test code or tested code printed unexpected output: spanLinksTraceId: 69a56aef00000000be1ac22698f60f2a
tid: 69a56aef00000000
hexProcessTraceId: be1ac22698f60f2a
hexProcessSpanId: 097e709869854503
processTraceId: 13698474687631593258
processSpanId: 684107993314575619

phpvfscomposer://tests/vendor/phpunit/phpunit/phpunit:106
View all

ℹ️ Info

❄️ No new flaky tests detected

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: ba5e2ab | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Feb 19, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 62.08%. Comparing base (6733f8f) to head (ba5e2ab).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #3664      +/-   ##
==========================================
- Coverage   62.20%   62.08%   -0.12%     
==========================================
  Files         141      141              
  Lines       13352    13352              
  Branches     1746     1746              
==========================================
- Hits         8305     8290      -15     
- Misses       4256     4269      +13     
- Partials      791      793       +2

see 4 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6733f8f...ba5e2ab. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Feb 19, 2026
edited
Loading

Benchmarks [ tracer ]

Benchmark execution time: 2026-03-02 11:56:00

Comparing candidate commit ba5e2ab in PR branch estringana/add-openai-integration with baseline commit 6733f8f in branch master.

Found 3 performance improvements and 27 performance regressions! Performance is the same for 163 metrics, 1 unstable metrics.

scenario:ComposerTelemetryBench/benchTelemetryParsing

  • 🟥 mem_peak [+86.936KB; +86.936KB] or [+2.176%; +2.176%]

scenario:ContextPropagationBench/benchExtractHeaders128Bit

  • 🟥 mem_peak [+98.648KB; +98.648KB] or [+2.469%; +2.469%]

scenario:ContextPropagationBench/benchExtractHeaders64Bit

  • 🟥 mem_peak [+98.648KB; +98.648KB] or [+2.469%; +2.469%]

scenario:ContextPropagationBench/benchExtractTraceContext128Bit

  • 🟥 mem_peak [+98.648KB; +98.648KB] or [+2.469%; +2.469%]

scenario:ContextPropagationBench/benchExtractTraceContext64Bit

  • 🟥 mem_peak [+98.648KB; +98.648KB] or [+2.469%; +2.469%]

scenario:ContextPropagationBench/benchInject128Bit

  • 🟥 mem_peak [+98.656KB; +98.656KB] or [+2.469%; +2.469%]

scenario:ContextPropagationBench/benchInject64Bit

  • 🟥 mem_peak [+98.656KB; +98.656KB] or [+2.469%; +2.469%]

scenario:HookBench/benchHookOverheadInstallHookOnFunction

  • 🟥 mem_peak [+98.520KB; +98.520KB] or [+2.466%; +2.466%]

scenario:HookBench/benchHookOverheadInstallHookOnMethod

  • 🟥 mem_peak [+98.520KB; +98.520KB] or [+2.466%; +2.466%]

scenario:HookBench/benchHookOverheadTraceFunction

  • 🟥 mem_peak [+107.360KB; +107.360KB] or [+2.417%; +2.417%]

scenario:HookBench/benchHookOverheadTraceMethod

  • 🟥 mem_peak [+107.360KB; +107.360KB] or [+2.383%; +2.383%]

scenario:HookBench/benchWithoutHook

  • 🟥 mem_peak [+98.536KB; +98.536KB] or [+2.466%; +2.466%]

scenario:LogsInjectionBench/benchLogsInfoInjection-opcache

  • 🟩 execution_time [-525.508ns; -234.892ns] or [-5.965%; -2.666%]

scenario:MessagePackSerializationBench/benchMessagePackSerialization

  • 🟥 mem_peak [+107.360KB; +107.360KB] or [+2.524%; +2.524%]
  • 🟩 execution_time [-4.997µs; -3.843µs] or [-4.728%; -3.636%]

scenario:MessagePackSerializationBench/benchMessagePackSerialization-opcache

  • 🟩 execution_time [-6.778µs; -5.322µs] or [-6.083%; -4.777%]

scenario:PDOBench/benchPDOBaseline

  • 🟥 mem_peak [+107.360KB; +107.360KB] or [+2.662%; +2.662%]

scenario:PHPRedisBench/benchRedisBaseline

  • 🟥 mem_peak [+97.776KB; +97.776KB] or [+2.447%; +2.447%]

scenario:SamplingRuleMatchingBench/benchGlobMatching1

  • 🟥 mem_peak [+101.776KB; +101.776KB] or [+2.548%; +2.548%]

scenario:SamplingRuleMatchingBench/benchGlobMatching2

  • 🟥 mem_peak [+101.776KB; +101.776KB] or [+2.548%; +2.548%]

scenario:SamplingRuleMatchingBench/benchGlobMatching3

  • 🟥 mem_peak [+101.776KB; +101.776KB] or [+2.548%; +2.548%]

scenario:SamplingRuleMatchingBench/benchGlobMatching4

  • 🟥 mem_peak [+101.776KB; +101.776KB] or [+2.548%; +2.548%]

scenario:SamplingRuleMatchingBench/benchRegexMatching1

  • 🟥 mem_peak [+101.776KB; +101.776KB] or [+2.547%; +2.547%]

scenario:SamplingRuleMatchingBench/benchRegexMatching2

  • 🟥 mem_peak [+101.776KB; +101.776KB] or [+2.547%; +2.547%]

scenario:SamplingRuleMatchingBench/benchRegexMatching3

  • 🟥 mem_peak [+101.776KB; +101.776KB] or [+2.547%; +2.547%]

scenario:SamplingRuleMatchingBench/benchRegexMatching4

  • 🟥 mem_peak [+101.776KB; +101.776KB] or [+2.547%; +2.547%]

scenario:SpanBench/benchDatadogAPI

  • 🟥 mem_peak [+100.008KB; +100.008KB] or [+2.503%; +2.503%]

scenario:TraceAnnotationsBench/benchTraceAnnotationOverhead

  • 🟥 mem_peak [+107.360KB; +107.360KB] or [+2.378%; +2.378%]

scenario:TraceFlushBench/benchFlushTrace

  • 🟥 mem_peak [+107.360KB; +107.360KB] or [+2.633%; +2.633%]

scenario:TraceSerializationBench/benchSerializeTrace

  • 🟥 mem_peak [+107.360KB; +107.360KB] or [+2.573%; +2.573%]

@estringana estringana force-pushed the estringana/add-openai-integration branch 2 times, most recently from cff1eed to 1ae39aa Compare February 20, 2026 12:06
@estringana estringana marked this pull request as ready for review February 22, 2026 14:57
@estringana estringana requested review from a team as code owners February 22, 2026 14:57
@estringana estringana force-pushed the estringana/add-openai-integration branch from f363215 to 3fadba0 Compare February 23, 2026 09:55
@estringana estringana force-pushed the estringana/add-openai-integration branch from 3fadba0 to 6028af2 Compare February 23, 2026 09:55
cataphract
cataphract reviewed Feb 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cataphract cataphract left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd wait for a production rule to be ready (if it ain't already), update the recommended.json files and then also write an integration test. This would validate the correctness of the address and its parameters.

Comment thread src/DDTrace/Integrations/OpenAI/OpenAIIntegration.php
@estringana
Copy link
Copy Markdown
Contributor Author

estringana commented Feb 24, 2026

I'd wait for a production rule to be ready (if it ain't already), update the recommended.json files and then also write an integration test. This would validate the correctness of the address and its parameters.

I have the rule https://github.com/DataDog/appsec-event-rules/pull/265 but it's not merged yet. Also we would need to mock the openai library http call. Do we have a system for that already on integration?
@cataphract

@estringana estringana requested a review from a team as a code owner February 25, 2026 16:57
cataphract
cataphract requested changes Feb 25, 2026
View reviewed changes
Comment thread .../tests/integration/src/main/groovy/com/datadog/appsec/php/mock_agent/MockOpenAIServer.groovy Outdated
Comment thread ...tests/integration/src/main/groovy/com/datadog/appsec/php/mock_openai/MockOpenAIServer.groovy
Comment on lines +41 to +43
int getPort() {
PORT
}
Copy link
Copy Markdown
Contributor

@cataphract cataphract Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same effect could be gotten in groovy by not making PORT private (with no access modifiers, it generates setters/getters)

Comment thread appsec/tests/integration/src/main/groovy/com/datadog/appsec/php/docker/AppSecContainer.groovy Outdated
Comment thread appsec/tests/integration/src/main/groovy/com/datadog/appsec/php/docker/AppSecContainer.groovy Outdated
Comment thread ...c/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/LlmEventsTests.groovy Outdated
Comment thread ...c/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/LlmEventsTests.groovy
Comment thread appsec/tests/integration/src/test/www/llm/public/llm.php
@cataphract
Copy link
Copy Markdown
Contributor

cataphract commented Feb 25, 2026

@codex review

chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Feb 25, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3c92b6746e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/DDTrace/Integrations/OpenAI/OpenAIIntegration.php Outdated
@estringana estringana force-pushed the estringana/add-openai-integration branch from e713572 to 277957f Compare February 27, 2026 16:21
cataphract
cataphract approved these changes Feb 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cataphract cataphract left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems better now, pending test success, but see some new comments

Comment thread src/DDTrace/Integrations/OpenAI/OpenAIIntegration.php Outdated
Comment thread src/DDTrace/Integrations/OpenAI/OpenAIIntegration.php Outdated
Comment thread ...c/tests/integration/src/test/groovy/com/datadog/appsec/php/integration/LlmEventsTests.groovy
@estringana estringana merged commit c9f888d into master Mar 2, 2026
2060 of 2063 checks passed
@estringana estringana deleted the estringana/add-openai-integration branch March 2, 2026 12:35
@github-actions github-actions Bot added this to the 1.17.0 milestone Mar 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@cataphract cataphract cataphract approved these changes

@bwoebi bwoebi Awaiting requested review from bwoebi

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.17.0

Development

Successfully merging this pull request may close these issues.

3 participants

@estringana @codecov-commenter @cataphract