fix(stats_flusher,http_client): address Copilot review comments

- Enforce target.timeout_ms on each stats POST attempt so the retry
  loop stays bounded by configuration, instead of blocking on a
  hung connection past the configured flush timeout.
- Bound the error-body preview captured from non-202 responses to 512
  bytes, fall back to lossy UTF-8 instead of silently emptying on
  invalid encoding, and include the HTTP status in the error message.
- Route HttpClientTrait::new_client through create_client(None,
  None, false) so the never-invoked fallback shares the same
  construction path and failure surface as the rest of the module.

Author: duncanista

bottlecap/src/traces/http_client.rs

@@ -43,18 +43,15 @@ impl HttpClient {
 }
 
 impl HttpClientTrait for HttpClient {
+    #[allow(clippy::expect_used)]
     fn new_client() -> Self {
-        // Used by libdd APIs that construct a default client when no
-        // pre-configured one is supplied. Bottlecap's production code paths
-        // build the client via `create_client` so this fallback only matches
-        // libdatadog's `new_default_client` shape.
-        let connector = libdd_common::connector::Connector::default();
-        let proxy_connector = hyper_http_proxy::ProxyConnector::new(connector)
-            .expect("failed to build default proxy connector");
-        let inner = http_common::client_builder()
-            .pool_max_idle_per_host(0)
-            .build(proxy_connector);
-        HttpClient { inner }
+        // Required by `HttpClientTrait` but never invoked on bottlecap's code
+        // paths — production builds the client via
+        // `create_client(proxy, tls_cert, skip_ssl)`. Routing this fallback
+        // through the same constructor keeps the failure mode and error
+        // surface consistent with the rest of the module.
+        create_client(None, None, false)
+            .expect("building default proxy connector with default TLS should not fail")
     }
 
     fn request(

bottlecap/src/traces/stats_flusher.rs

@@ -170,10 +170,15 @@ impl StatsFlusher {
     }
 }
 
+/// Maximum number of body bytes to surface in error messages.
+const ERROR_BODY_PREVIEW_BYTES: usize = 512;
+
 /// Posts a serialized stats payload using the supplied client.
 ///
 /// Equivalent to libdatadog's `stats_utils::send_stats_payload`, but uses the
-/// caller-provided client so bottlecap's proxy/TLS configuration is preserved.
+/// caller-provided client so bottlecap's proxy/TLS configuration is preserved,
+/// and enforces `target.timeout_ms` on each attempt so the surrounding retry
+/// loop stays bounded by configuration.
 async fn send_stats_payload(
     client: &HttpClient,
     target: &Endpoint,
@@ -188,14 +193,25 @@ async fn send_stats_payload(
         .header("DD-API-KEY", api_key)
         .body(Bytes::from(data))?;
 
-    let response = client
-        .request(req)
-        .await
-        .map_err(|e| anyhow::anyhow!("Failed to send trace stats: {e}"))?;
-
-    if response.status() != http::StatusCode::ACCEPTED {
-        let response_body = String::from_utf8(response.into_body().to_vec()).unwrap_or_default();
-        anyhow::bail!("Server did not accept trace stats: {response_body}");
+    let response = tokio::time::timeout(
+        std::time::Duration::from_millis(target.timeout_ms),
+        client.request(req),
+    )
+    .await
+    .map_err(|_| anyhow::anyhow!("Stats request timed out after {} ms", target.timeout_ms))?
+    .map_err(|e| anyhow::anyhow!("Failed to send trace stats: {e}"))?;
+
+    let status = response.status();
+    if status != http::StatusCode::ACCEPTED {
+        let body = response.into_body();
+        let preview_len = body.len().min(ERROR_BODY_PREVIEW_BYTES);
+        let preview = String::from_utf8_lossy(&body[..preview_len]);
+        let truncated = if body.len() > preview_len {
+            " (truncated)"
+        } else {
+            ""
+        };
+        anyhow::bail!("Server did not accept trace stats (status {status}): {preview}{truncated}");
     }
     Ok(())
 }