Skip to content

Add typing for AppSec::SecurityEngine::Runner#try_run#5452

Draft
marcotc wants to merge 1 commit intomasterfrom
marcotc/type-appsec-engine-patches
Draft

Add typing for AppSec::SecurityEngine::Runner#try_run#5452
marcotc wants to merge 1 commit intomasterfrom
marcotc/type-appsec-engine-patches

Conversation

@marcotc
Copy link
Copy Markdown
Member

@marcotc marcotc commented Mar 13, 2026

What does this PR do?

Types the timeout parameter of the private try_run method in AppSec::SecurityEngine::Runner from untyped to ::Integer, matching:

  • The public run method signature (already typed as ?::Integer timeout)
  • The WAF::Context#run stub in vendor/rbs/libddwaf-stub

Motivation

Reduces untyped usage in AppSec security engine typing.

How to test the change?

bundle exec steep check lib/datadog/appsec/security_engine/runner.rb

Changelog

None.

@marcotc @claude
Add typing for AppSec::SecurityEngine::Runner#try_run timeout
d7e5a27 
Change `untyped timeout` to `::Integer timeout` in the private `try_run`
method, matching the `run` public method signature and the WAF::Context#run
stub in vendor/rbs/libddwaf-stub.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@marcotc marcotc added the AI Generated Largely based on code generated by an AI or LLM. This label is the same across all dd-trace-* repos label Mar 13, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 13, 2026

👋 Hey @marcotc, please fill "Change log entry" section in the pull request description.

If changes need to be present in CHANGELOG.md you can state it this way

**Change log entry**

Yes. A brief summary to be placed into the CHANGELOG.md

(possible answers Yes/Yep/Yeah)

Or you can opt out like that

**Change log entry**

None.

(possible answers No/Nope/None)

Visited at: 2026-03-13 19:38:25 UTC

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 13, 2026

Typing analysis

Note: Ignored files are excluded from the next sections.

Untyped methods

This PR clears 1 partially typed method. It increases the percentage of typed methods from 61.14% to 61.19% (+0.05%).

Partially typed methods (+0-1)Cleared: 
sig/datadog/appsec/security_engine/runner.rbs:35
└── def try_run: (input_data persistent_data, input_data ephemeral_data, untyped timeout) -> WAF::Result

@datadog-prod-us1-6
Copy link
Copy Markdown

datadog-prod-us1-6 bot commented Mar 13, 2026
edited by datadog-datadog-prod-us1 bot
Loading

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage (details)
Patch Coverage: 100.00%
Overall Coverage: 95.14% (-0.02%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: d7e5a27 | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!

@pr-commenter
Copy link
Copy Markdown

pr-commenter bot commented Mar 13, 2026

Benchmarks

Benchmark execution time: 2026-03-13 20:13:15

Comparing candidate commit d7e5a27 in PR branch marcotc/type-appsec-engine-patches with baseline commit 6b340a0 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 46 metrics, 0 unstable metrics.

Explanation

This is an A/B test comparing a candidate commit's performance against that of a baseline commit. Performance changes are noted in the tables below as:

  • 🟩 = significantly better candidate vs. baseline
  • 🟥 = significantly worse candidate vs. baseline

We compute a confidence interval (CI) over the relative difference of means between metrics from the candidate and baseline commits, considering the baseline as the reference.

If the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD), the change is considered significant.

Feel free to reach out to #apm-benchmarking-platform on Slack if you have any questions.

More details about the CI and significant changes

You can imagine this CI as a range of values that is likely to contain the true difference of means between the candidate and baseline commits.

CIs of the difference of means are often centered around 0%, because often changes are not that big:

---------------------------------(------|---^--------)-------------------------------->
                              -0.6%    0%  0.3%     +1.2%
                                 |          |        |
         lower bound of the CI --'          |        |
sample mean (center of the CI) -------------'        |
         upper bound of the CI ----------------------'

As described above, a change is considered significant if the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD).

For instance, for an execution time metric, this confidence interval indicates a significantly worse performance:

----------------------------------------|---------|---(---------^---------)---------->
                                       0%        1%  1.3%      2.2%      3.1%
                                                  |   |         |         |
       significant impact threshold --------------'   |         |         |
                      lower bound of CI --------------'         |         |
       sample mean (center of the CI) --------------------------'         |
                      upper bound of CI ----------------------------------'

marcotc added a commit that referenced this pull request Mar 13, 2026
@marcotc @claude
Update typing progress: PRs #5452-#5456
d5b376c 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

AI Generated Largely based on code generated by an AI or LLM. This label is the same across all dd-trace-* repos

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marcotc