feat: change cargo patch approach to generic annotations

[Aaalibaba42]

What does this PR do?

Change cargo patch approach to generic annotations

Motivation

Discussions with the team about the best approach.

Additional Notes

Currently this is for 1 (one) capability, when we have 2, 3, or more capabilities, all these annations should either:

• Be bundled up into one
• Take multiple generics (that actually will always be all correlated together)

In the former option, we lose the main gain of this approach: explicit denotation of the aspect that can change. In the latter, it's just more ugly than it already is.

But functionally, I agree this is still static dispatch for statically known information, so that's fine by me.

How to test the change?

For now this is mostly demonstrative, not actually something that ought be merged.

[github-actions]

📚 Documentation Check Results

⚠️ 1274 documentation warning(s) found

📦 libdd-data-pipeline - 793 warning(s)

📦 libdd-trace-utils - 481 warning(s)

---

Updated: 2026-02-26 16:37:13 UTC | Commit: 9fac1cf | missing-docs job results

[github-actions]

Clippy Allow Annotation Report

Comparing clippy allow annotations between branches:

• Base Branch: origin/jwiriath/capability-traits-architecture
• PR Branch: origin/jwiriath/capability-traits-architecture-generics

Summary by Rule

Rule	Base Branch	PR Branch	Change
unwrap_used	13	13	No change (0%)
Total	13	13	No change (0%)

Annotation Counts by File

File	Base Branch	PR Branch	Change
datadog-sidecar/src/service/agent_info.rs	4	4	No change (0%)
datadog-sidecar/src/service/tracing/trace_flusher.rs	1	1	No change (0%)
libdd-data-pipeline/src/stats_exporter.rs	1	1	No change (0%)
libdd-data-pipeline/src/trace_exporter/mod.rs	2	2	No change (0%)
libdd-trace-utils/src/send_data/mod.rs	5	5	No change (0%)

Annotation Stats by Crate

Crate	Base Branch	PR Branch	Change
clippy-annotation-reporter	5	5	No change (0%)
datadog-ffe-ffi	1	1	No change (0%)
datadog-ipc	27	27	No change (0%)
datadog-live-debugger	6	6	No change (0%)
datadog-live-debugger-ffi	10	10	No change (0%)
datadog-profiling-replayer	4	4	No change (0%)
datadog-remote-config	3	3	No change (0%)
datadog-sidecar	59	59	No change (0%)
libdd-common	10	10	No change (0%)
libdd-common-ffi	12	12	No change (0%)
libdd-crashtracker	12	12	No change (0%)
libdd-data-pipeline	5	5	No change (0%)
libdd-ddsketch	2	2	No change (0%)
libdd-dogstatsd-client	1	1	No change (0%)
libdd-profiling	13	13	No change (0%)
libdd-telemetry	19	19	No change (0%)
libdd-tinybytes	4	4	No change (0%)
libdd-trace-normalization	2	2	No change (0%)
libdd-trace-obfuscation	9	9	No change (0%)
libdd-trace-utils	15	15	No change (0%)
Total	219	219	No change (0%)

About This Report

This report tracks Clippy allow annotations for specific rules, showing how they've changed in this PR. Decreasing the number of these annotations generally improves code quality.

[github-actions]

🔒 Cargo Deny Results

⚠️ 3 issue(s) found, showing only errors (advisories, bans, sources)

📦 libdd-data-pipeline - 2 error(s)

Show output

error[vulnerability]: Integer overflow in `BytesMut::reserve`
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:50:1
   │
50 │ bytes 1.8.0 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0007
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0007
   ├ In the unique reclaim path of `BytesMut::reserve`, the condition
     ```rs
     if v_capacity >= new_cap + offset
     ```
     uses an unchecked addition. When `new_cap + offset` overflows `usize` in release builds, this condition may incorrectly pass, causing `self.cap` to be set to a value that exceeds the actual allocated capacity. Subsequent APIs such as `spare_capacity_mut()` then trust this corrupted `cap` value and may create out-of-bounds slices, leading to UB.
     
     This behavior is observable in release builds (integer overflow wraps), whereas debug builds panic due to overflow checks.
     
     ## PoC
     
     ```rs
     use bytes::*;
     
     fn main() {
         let mut a = BytesMut::from(&b"hello world"[..]);
         let mut b = a.split_off(5);
     
         // Ensure b becomes the unique owner of the backing storage
         drop(a);
     
         // Trigger overflow in new_cap + offset inside reserve
         b.reserve(usize::MAX - 6);
     
         // This call relies on the corrupted cap and may cause UB & HBO
         b.put_u8(b'h');
     }
     ```
     
     # Workarounds
     
     Users of `BytesMut::reserve` are only affected if integer overflow checks are configured to wrap. When integer overflow is configured to panic, this issue does not apply.
   ├ Announcement: https://github.com/advisories/GHSA-434x-w66g-qw3r
   ├ Solution: Upgrade to >=1.11.1 (try `cargo update -p bytes`)
   ├ bytes v1.8.0
     ├── h2 v0.4.6
     │   └── hyper v1.6.0
     │       ├── httpmock v0.8.0-alpha.1
     │       │   ├── (dev) libdd-data-pipeline v1.0.0
     │       │   └── libdd-trace-utils v1.0.0
     │       │       ├── libdd-data-pipeline v1.0.0 (*)
     │       │       ├── libdd-trace-stats v1.0.0
     │       │       │   └── libdd-data-pipeline v1.0.0 (*)
     │       │       └── (dev) libdd-trace-utils v1.0.0 (*)
     │       ├── hyper-rustls v0.27.3
     │       │   └── libdd-common v1.1.0
     │       │       ├── libdd-capabilities-impl v0.1.0
     │       │       │   ├── (dev) libdd-data-pipeline v1.0.0 (*)
     │       │       │   ├── libdd-telemetry v2.0.0
     │       │       │   │   └── libdd-data-pipeline v1.0.0 (*)
     │       │       │   └── (dev) libdd-trace-utils v1.0.0 (*)
     │       │       ├── libdd-data-pipeline v1.0.0 (*)
     │       │       ├── libdd-dogstatsd-client v1.0.0
     │       │       │   └── libdd-data-pipeline v1.0.0 (*)
     │       │       ├── libdd-telemetry v2.0.0 (*)
     │       │       └── libdd-trace-utils v1.0.0 (*)
     │       ├── hyper-util v0.1.17
     │       │   ├── httpmock v0.8.0-alpha.1 (*)
     │       │   ├── hyper-rustls v0.27.3 (*)
     │       │   └── libdd-common v1.1.0 (*)
     │       ├── libdd-capabilities-impl v0.1.0 (*)
     │       ├── libdd-common v1.1.0 (*)
     │       └── libdd-trace-utils v1.0.0 (*)
     ├── headers v0.4.0
     │   └── httpmock v0.8.0-alpha.1 (*)
     ├── http v1.1.0
     │   ├── h2 v0.4.6 (*)
     │   ├── headers v0.4.0 (*)
     │   ├── headers-core v0.3.0
     │   │   └── headers v0.4.0 (*)
     │   ├── http-body v1.0.1
     │   │   ├── http-body-util v0.1.2
     │   │   │   ├── httpmock v0.8.0-alpha.1 (*)
     │   │   │   ├── libdd-capabilities-impl v0.1.0 (*)
     │   │   │   ├── libdd-common v1.1.0 (*)
     │   │   │   ├── libdd-data-pipeline v1.0.0 (*)
     │   │   │   ├── libdd-telemetry v2.0.0 (*)
     │   │   │   └── libdd-trace-utils v1.0.0 (*)
     │   │   ├── hyper v1.6.0 (*)
     │   │   ├── hyper-util v0.1.17 (*)
     │   │   ├── libdd-common v1.1.0 (*)
     │   │   └── libdd-trace-utils v1.0.0 (*)
     │   ├── http-body-util v0.1.2 (*)
     │   ├── httpmock v0.8.0-alpha.1 (*)
     │   ├── hyper v1.6.0 (*)
     │   ├── hyper-rustls v0.27.3 (*)
     │   ├── hyper-util v0.1.17 (*)
     │   ├── libdd-capabilities v0.1.0
     │   │   ├── libdd-capabilities-impl v0.1.0 (*)
     │   │   ├── libdd-common v1.1.0 (*)
     │   │   ├── libdd-data-pipeline v1.0.0 (*)
     │   │   ├── libdd-telemetry v2.0.0 (*)
     │   │   └── libdd-trace-utils v1.0.0 (*)
     │   ├── libdd-capabilities-impl v0.1.0 (*)
     │   ├── libdd-common v1.1.0 (*)
     │   ├── libdd-data-pipeline v1.0.0 (*)
     │   ├── libdd-dogstatsd-client v1.0.0 (*)
     │   ├── libdd-telemetry v2.0.0 (*)
     │   ├── libdd-trace-utils v1.0.0 (*)
     │   └── multer v3.1.0
     │       └── (dev) libdd-common v1.1.0 (*)
     ├── http-body v1.0.1 (*)
     ├── http-body-util v0.1.2 (*)
     ├── httpmock v0.8.0-alpha.1 (*)
     ├── hyper v1.6.0 (*)
     ├── hyper-util v0.1.17 (*)
     ├── libdd-capabilities v0.1.0 (*)
     ├── libdd-capabilities-impl v0.1.0 (*)
     ├── (dev) libdd-common v1.1.0 (*)
     ├── libdd-data-pipeline v1.0.0 (*)
     ├── libdd-telemetry v2.0.0 (*)
     ├── libdd-trace-utils v1.0.0 (*)
     ├── multer v3.1.0 (*)
     ├── prost v0.14.3
     │   ├── libdd-ddsketch v1.0.0
     │   │   ├── libdd-data-pipeline v1.0.0 (*)
     │   │   ├── libdd-telemetry v2.0.0 (*)
     │   │   └── libdd-trace-stats v1.0.0 (*)
     │   ├── libdd-trace-protobuf v1.0.0
     │   │   ├── libdd-data-pipeline v1.0.0 (*)
     │   │   ├── libdd-trace-normalization v1.0.0
     │   │   │   └── libdd-trace-utils v1.0.0 (*)
     │   │   ├── libdd-trace-stats v1.0.0 (*)
     │   │   └── libdd-trace-utils v1.0.0 (*)
     │   └── libdd-trace-utils v1.0.0 (*)
     ├── tokio v1.49.0
     │   ├── h2 v0.4.6 (*)
     │   ├── httpmock v0.8.0-alpha.1 (*)
     │   ├── hyper v1.6.0 (*)
     │   ├── hyper-rustls v0.27.3 (*)
     │   ├── hyper-util v0.1.17 (*)
     │   ├── (dev) libdd-common v1.1.0 (*)
     │   ├── (dev) libdd-data-pipeline v1.0.0 (*)
     │   ├── (dev) libdd-dogstatsd-client v1.0.0 (*)
     │   ├── (dev) libdd-telemetry v2.0.0 (*)
     │   ├── (dev) libdd-trace-protobuf v1.0.0 (*)
     │   ├── (dev) libdd-trace-utils v1.0.0 (*)
     │   ├── tokio-rustls v0.26.0
     │   │   ├── hyper-rustls v0.27.3 (*)
     │   │   └── libdd-common v1.1.0 (*)
     │   └── tokio-util v0.7.12
     │       ├── h2 v0.4.6 (*)
     │       ├── libdd-data-pipeline v1.0.0 (*)
     │       └── libdd-telemetry v2.0.0 (*)
     └── tokio-util v0.7.12 (*)

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:293:1
    │
293 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      └── tracing-appender v0.2.3
          └── libdd-log v1.0.0
              └── (dev) libdd-data-pipeline v1.0.0

advisories FAILED, bans ok, sources ok

📦 libdd-trace-utils - 1 error(s)

Show output

error[vulnerability]: Integer overflow in `BytesMut::reserve`
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:42:1
   │
42 │ bytes 1.8.0 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0007
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0007
   ├ In the unique reclaim path of `BytesMut::reserve`, the condition
     ```rs
     if v_capacity >= new_cap + offset
     ```
     uses an unchecked addition. When `new_cap + offset` overflows `usize` in release builds, this condition may incorrectly pass, causing `self.cap` to be set to a value that exceeds the actual allocated capacity. Subsequent APIs such as `spare_capacity_mut()` then trust this corrupted `cap` value and may create out-of-bounds slices, leading to UB.
     
     This behavior is observable in release builds (integer overflow wraps), whereas debug builds panic due to overflow checks.
     
     ## PoC
     
     ```rs
     use bytes::*;
     
     fn main() {
         let mut a = BytesMut::from(&b"hello world"[..]);
         let mut b = a.split_off(5);
     
         // Ensure b becomes the unique owner of the backing storage
         drop(a);
     
         // Trigger overflow in new_cap + offset inside reserve
         b.reserve(usize::MAX - 6);
     
         // This call relies on the corrupted cap and may cause UB & HBO
         b.put_u8(b'h');
     }
     ```
     
     # Workarounds
     
     Users of `BytesMut::reserve` are only affected if integer overflow checks are configured to wrap. When integer overflow is configured to panic, this issue does not apply.
   ├ Announcement: https://github.com/advisories/GHSA-434x-w66g-qw3r
   ├ Solution: Upgrade to >=1.11.1 (try `cargo update -p bytes`)
   ├ bytes v1.8.0
     ├── h2 v0.4.6
     │   └── hyper v1.6.0
     │       ├── httpmock v0.8.0-alpha.1
     │       │   └── libdd-trace-utils v1.0.0
     │       │       └── (dev) libdd-trace-utils v1.0.0 (*)
     │       ├── hyper-rustls v0.27.3
     │       │   └── libdd-common v1.1.0
     │       │       ├── libdd-capabilities-impl v0.1.0
     │       │       │   └── (dev) libdd-trace-utils v1.0.0 (*)
     │       │       └── libdd-trace-utils v1.0.0 (*)
     │       ├── hyper-util v0.1.17
     │       │   ├── httpmock v0.8.0-alpha.1 (*)
     │       │   ├── hyper-rustls v0.27.3 (*)
     │       │   └── libdd-common v1.1.0 (*)
     │       ├── libdd-capabilities-impl v0.1.0 (*)
     │       ├── libdd-common v1.1.0 (*)
     │       └── libdd-trace-utils v1.0.0 (*)
     ├── headers v0.4.0
     │   └── httpmock v0.8.0-alpha.1 (*)
     ├── http v1.1.0
     │   ├── h2 v0.4.6 (*)
     │   ├── headers v0.4.0 (*)
     │   ├── headers-core v0.3.0
     │   │   └── headers v0.4.0 (*)
     │   ├── http-body v1.0.1
     │   │   ├── http-body-util v0.1.2
     │   │   │   ├── httpmock v0.8.0-alpha.1 (*)
     │   │   │   ├── libdd-capabilities-impl v0.1.0 (*)
     │   │   │   ├── libdd-common v1.1.0 (*)
     │   │   │   └── libdd-trace-utils v1.0.0 (*)
     │   │   ├── hyper v1.6.0 (*)
     │   │   ├── hyper-util v0.1.17 (*)
     │   │   ├── libdd-common v1.1.0 (*)
     │   │   └── libdd-trace-utils v1.0.0 (*)
     │   ├── http-body-util v0.1.2 (*)
     │   ├── httpmock v0.8.0-alpha.1 (*)
     │   ├── hyper v1.6.0 (*)
     │   ├── hyper-rustls v0.27.3 (*)
     │   ├── hyper-util v0.1.17 (*)
     │   ├── libdd-capabilities v0.1.0
     │   │   ├── libdd-capabilities-impl v0.1.0 (*)
     │   │   ├── libdd-common v1.1.0 (*)
     │   │   └── libdd-trace-utils v1.0.0 (*)
     │   ├── libdd-capabilities-impl v0.1.0 (*)
     │   ├── libdd-common v1.1.0 (*)
     │   ├── libdd-trace-utils v1.0.0 (*)
     │   └── multer v3.1.0
     │       └── (dev) libdd-common v1.1.0 (*)
     ├── http-body v1.0.1 (*)
     ├── http-body-util v0.1.2 (*)
     ├── httpmock v0.8.0-alpha.1 (*)
     ├── hyper v1.6.0 (*)
     ├── hyper-util v0.1.17 (*)
     ├── libdd-capabilities v0.1.0 (*)
     ├── libdd-capabilities-impl v0.1.0 (*)
     ├── (dev) libdd-common v1.1.0 (*)
     ├── libdd-trace-utils v1.0.0 (*)
     ├── multer v3.1.0 (*)
     ├── prost v0.14.3
     │   ├── libdd-trace-protobuf v1.0.0
     │   │   ├── libdd-trace-normalization v1.0.0
     │   │   │   └── libdd-trace-utils v1.0.0 (*)
     │   │   └── libdd-trace-utils v1.0.0 (*)
     │   └── libdd-trace-utils v1.0.0 (*)
     ├── tokio v1.49.0
     │   ├── h2 v0.4.6 (*)
     │   ├── httpmock v0.8.0-alpha.1 (*)
     │   ├── hyper v1.6.0 (*)
     │   ├── hyper-rustls v0.27.3 (*)
     │   ├── hyper-util v0.1.17 (*)
     │   ├── (dev) libdd-common v1.1.0 (*)
     │   ├── (dev) libdd-trace-protobuf v1.0.0 (*)
     │   ├── (dev) libdd-trace-utils v1.0.0 (*)
     │   ├── tokio-rustls v0.26.0
     │   │   ├── hyper-rustls v0.27.3 (*)
     │   │   └── libdd-common v1.1.0 (*)
     │   └── tokio-util v0.7.12
     │       └── h2 v0.4.6 (*)
     └── tokio-util v0.7.12 (*)

advisories FAILED, bans ok, sources ok

---

Updated: 2026-02-26 16:40:11 UTC | Commit: 9fac1cf | dependency-check job results