[PROF-13798] [Browser Profiler] Quota check#4514
Draft
thomasbertet wants to merge 18 commits into
Draft
Conversation
thomasbertet
changed the title
🎉 All green!❄️ No new flaky tests detected 🎯 Code Coverage (details) 🔗 Commit SHA: 1177a58 | Docs | Datadog PR Page | Give us feedback! |
Bundles Sizes Evolution
🚀 CPU Performance
🧠 Memory Performance
|
thomasbertet
force-pushed
the
thomas.bertet/PROF-13798-profiling-quota-in-sdk
branch
from
c271da4 to
e82c5ab
Compare
New module that calls GET /api/unstable/profiling/admission with the RUM session ID. Returns 'quota-ok' (HTTP 200, timeout, network error) or 'quota-exceeded' (HTTP 429). Client-side 5s timeout via AbortController + Promise.race. Uses the Zone.js-safe fetch wrapper from @datadog/browser-core.
Profiler starts recording immediately (optimistic), then fires checkProfilingQuota() in parallel. On quota-exceeded (HTTP 429): - Profiler stops and discards the in-flight trace (no data sent) - _dd.profiling.error_reason is set to 'quota-exceeded' on RUM events Stale results (from a prior session) are discarded via a generation counter incremented on each start(). Within-session cancellation (user stop, session expiry) is handled by an instance state guard. SESSION_RENEWED now also restarts the profiler when it was stopped due to quota-exceeded, re-checking quota for the new session.
Expose clientToken on TransportConfiguration so it is accessible from RumConfiguration downstream. Previously clientToken was only available at init time when building endpoint builders, making it inaccessible from the profiler chunk. Also run Prettier on the two spec files that had formatting issues.
…uota" This reverts commit c280a62.
…eckProfilingQuota Move client token from dd-api-key query param to DD-CLIENT-TOKEN header to avoid leaking it in URL logs. Add getQuotaBaseURL() to resolve the correct base per site (datad0g.com uses dd.datad0g.com, others use app.<site>). Add credentials: 'omit' to suppress cookie sending.
…ingQuota Replace bespoke getQuotaBaseURL() with buildEndpointHost() so all sites are handled consistently (US1, EU1, AP1, AP2, GOV, staging). Drop the /api/unstable/profiling/admission path — session_id is now appended directly as a query param to the quota host.
…aReason and FrontendQuotaReason
- checkProfilingQuota returns QuotaResult { decision: 'quota_ok' | 'quota_ko', reason: QuotaReason }
- BackendQuotaReason: exact strings from the API (quota_ok, quota_exceeded, org_disabled,
backend_unavailable, backend_client_not_initialized, undefined)
- FrontendQuotaReason: SDK-only reasons for fail-open cases (timeout, api-error)
- decision drives profiler stop logic; reason flows to quota_reason in RUM events
- stateReason simplified to 'quota_ko' covering all denied cases
…uotaCheck.spec.ts
… and renamed mock
thomasbertet
force-pushed
the
thomas.bertet/PROF-13798-profiling-quota-in-sdk
branch
from
2a65de1 to
525fb77
Compare
…enewalEvent payload
…void CSP violations The quota check was sending a direct cross-origin fetch to quota.browser-intake-* which violated the E2E test environment's CSP (connect-src restricted to the local test server). Fix: - quotaCheck.ts: respects configuration.proxy (string or function), routing the request through the local proxy server in E2E - transportConfiguration.ts: exposes proxy on TransportConfiguration (and thus RumConfiguration) alongside clientToken - intake.ts: adds a GET handler for the quota path that always returns admitted:true in the test environment - profiler.spec.ts: fix post-rebase breakages (minNumberOfSamples removed, SESSION_RENEWED payload required)
Collaborator
Author
|
/to-staging |
|
View all feedbacks in Devflow UI.
Commit 1177a58550 will soon be integrated into staging-20.
Commit 1177a58550 has been merged into staging-20 in merge commit 0b7f455dee. If you need to revert this integration, you can use the following command: |
gh-worker-dd-mergequeue-cf854d Bot
added a commit
that referenced
this pull request
May 13, 2026
…o staging-20 Integrated commit sha: 1177a58 Co-authored-by: thomasbertet <thomas.bertet@datadoghq.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Adds client-side enforcement of the per-org profiling quota by calling the quota admission API before allowing profiling data to be sent. Ticket: PROF-13798.
Changes
New
quotaCheck.ts: callsGET https://quota.browser-intake-<site>/api/v2/profiling/quota?session_id=<id>with aDD-CLIENT-TOKENheader. Returns aQuotaResult { decision: 'quota_ok' | 'quota_ko', reason: QuotaReason }. Client-side 5 s timeout viaAbortController+Promise.race. Uses the Zone.js-safefetchandsetTimeoutwrappers from@datadog/browser-core. Fail-open on timeout (reason: 'timeout'), network error and unparseable response (reason: 'api-error').QuotaReasontype:BackendQuotaReason(exact strings from the API:quota_ok,quota_exceeded,org_disabled,backend_unavailable,backend_client_not_initialized,undefined) union withFrontendQuotaReason(timeout,api-error).profiler.ts: profiler starts recording immediately (optimistic), quota check fires in parallel. Onquota_kodecision: profiler stops, trace is discarded (no data sent),_dd.profiling.quota_reasonis set on RUM events with the specific reason. A generation counter prevents stale results from a prior session applying to a new one.SESSION_RENEWEDrestarts the profiler (and re-checks quota) when previously stopped due toquota_ko.rumProfiler.types.ts:RumProfilerStoppedInstance.stateReasonuses'quota_ko'to cover all quota-denied outcomes.transportConfiguration.ts: exposesclientTokenonTransportConfiguration(and thusRumConfiguration) so it is accessible from the profiler lazy-loaded chunk.Note:
_dd.profiling.quota_reasonis passed withas anyuntil therum-events-formatschema is updated.Test instructions
yarn test:unit --spec packages/rum/src/domain/profiling/quotaCheck.spec.ts(13 tests)yarn test:unit --spec packages/rum/src/domain/profiling/profiler.spec.ts(28 tests, includes quota check scenarios)_dd.profiling.quota_reasonappears on RUM events when the quota API returnsadmitted: falseChecklist