refactor(config): add cross-product gate to prevent conflicting programmatic overrides

[mtoffl01]

What does this PR do?

Adds a cross-product gate to internal/config that prevents different products (tracer, profiler, etc.) from setting conflicting values for the same configuration field via programmatic APIs. When a conflict is attempted, a new telemetry metric config.product_conflict is emitted.

Every Set* method now accepts an optional ...Product parameter. When a product passes its identity (e.g. ProductTracer), the gate records that claim. If a different product later tries to set the same field, the call is rejected (first-in-wins) and a warning is logged.

Env vars, defaults, and non-programmatic origins bypass the gate entirely.
Tests and integrations omit the product parameter and are unaffected.

Motivation

Previously, each product (tracer, profiler, etc) loaded configuration independently from all sources and stored its own local copy. Programmatic APIs like tracer.WithService or profiler.WithEnv would overwrite only that product's local copy. As we consolidate into a single shared Config instance in internal/config, programmatic APIs from different products now write to the same fields. The gate ensures these writes don't silently conflict: the first product to claim a field via programmatic API owns it, and attempts from other products are rejected with a warning.

Reviewer's Checklist

• Changed code has unit tests for its functionality at or near 100% coverage.
• System-Tests covering this feature have been added and enabled with the va.b.c-dev version tag.
• There is a benchmark for any new code, or changes to existing code.
• If this interacts with the agent in a new way, a system test has been added.
• New code is free of linting errors. You can check this by running make lint locally.
• New code doesn't break existing tests. You can check this by running make test locally.
• Add an appropriate team label so this PR gets put in the right place for the release notes.
• All generated files are up to date. You can check this by running make generate locally.
• Non-trivial go.mod changes, e.g. adding new modules, are reviewed by @DataDog/dd-trace-go-guild. Make sure all nested modules are up to date by running make fix-modules locally.

Unsure? Have a question? Request a review!

[codecov]

Codecov Report

❌ Patch coverage is 51.72414% with 56 lines in your changes missing coverage. Please review.
✅ Project coverage is 60.73%. Comparing base (bfe344a) to head (5733188).
⚠️ Report is 22 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/config/config.go	48.14%	31 Missing and 25 partials ⚠️

Additional details and impacted files

Files with missing lines	Coverage Δ
ddtrace/tracer/option.go	85.00% <100.00%> (-2.28%)	⬇️
internal/config/config.go	62.06% <48.14%> (+3.22%)	⬆️

... and 269 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[datadog-datadog-prod-us1]

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage (details)
• Patch Coverage: 36.47%
• Overall Coverage: 60.09% (+3.91%)

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 4d980f7 | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!}

[pr-commenter]

Benchmarks

Benchmark execution time: 2026-04-09 20:39:13

Comparing candidate commit 4d980f7 in PR branch mtoff/crossproduct-gate with baseline commit bfe344a in branch main.

Found 1 performance improvements and 0 performance regressions! Performance is the same for 215 metrics, 8 unstable metrics.

Explanation

This is an A/B test comparing a candidate commit's performance against that of a baseline commit. Performance changes are noted in the tables below as:

• 🟩 = significantly better candidate vs. baseline
• 🟥 = significantly worse candidate vs. baseline

We compute a confidence interval (CI) over the relative difference of means between metrics from the candidate and baseline commits, considering the baseline as the reference.

If the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD), the change is considered significant.

Feel free to reach out to #apm-benchmarking-platform on Slack if you have any questions.

More details about the CI and significant changes

You can imagine this CI as a range of values that is likely to contain the true difference of means between the candidate and baseline commits.

CIs of the difference of means are often centered around 0%, because often changes are not that big:

---------------------------------(------|---^--------)-------------------------------->
                              -0.6%    0%  0.3%     +1.2%
                                 |          |        |
         lower bound of the CI --'          |        |
sample mean (center of the CI) -------------'        |
         upper bound of the CI ----------------------'

As described above, a change is considered significant if the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD).

For instance, for an execution time metric, this confidence interval indicates a significantly worse performance:

----------------------------------------|---------|---(---------^---------)---------->
                                       0%        1%  1.3%      2.2%      3.1%
                                                  |   |         |         |
       significant impact threshold --------------'   |         |         |
                      lower bound of CI --------------'         |         |
       sample mean (center of the CI) --------------------------'         |
                      upper bound of CI ----------------------------------'

scenario:BenchmarkParallelMetrics/rate/handle-reused-25

• 🟩 execution_time [-8.485ns; -1.725ns] or [-11.102%; -2.256%]

[hannahkm]

Is there a reason why we don't need to check for a "conflict" here too?

[mtoffl01]

See: https://github.com/DataDog/dd-trace-go/pull/4640/changes#r3058535000

[hannahkm]

Similar question/confirmation as below: what if c.featureFlags is not nil and contains some of the same keys as what we're adding? Since we're not checking for existing flags, it'll prioritize flags that come later?

[mtoffl01]

This is a good catch, but the behavior is intentional.

The cross-product gate prevents two products from disagreeing on a single, conflicting value (e.g., service name). By contrast, feature flags and service mappings are "additive" configs — each call adds entries to a shared collection rather than replacing a value, so there's no conflict to guard against.

I've added tests to showcase this behavior in 5733188

[hannahkm]

Can c.overrides be nil? Should we also check and initialize it to an empty map like we are elsewhere?

[mtoffl01]

It can never be nil because I initialize it to an empty map in the Config initialization ;)

[kakkoyun]

I think it reflects more correctly what this function does.

Suggested change

	func (c *Config) productConflict(field string, origin telemetry.Origin, value any, product ...Product) bool {
	func (c *Config) checkProductConflict(field string, origin telemetry.Origin, value any, product ...Product) bool {

[hannahkm]

LGTM!