Constrain auth.site to the documented Datadog sites#372
Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 5 commits intoMay 16, 2026
Merged
Constrain auth.site to the documented Datadog sites#372gh-worker-dd-mergequeue-cf854d[bot] merged 5 commits into
gh-worker-dd-mergequeue-cf854d[bot] merged 5 commits into
Conversation
Previously AuthOptions.site was string, which let typos flow silently into Datadog intake URLs. This change: - Introduces a SITES runtime tuple in packages/core/src/constants.ts as the single source of truth (matches the existing ALL_ENVS / SUPPORTED_BUNDLERS pattern). - Derives the Sites type from SITES so type and runtime stay in lockstep. - Validates auth.site and DATADOG_SITE / DD_SITE in validateOptions and throws a clear error pointing at https://docs.datadoghq.com/getting_started/site/ when an unsupported value is provided. - Renames the test helper FAKE_SITE -> DEFAULT_SITE (now a real Sites value) and types defaultAuth as AuthOptionsWithDefaults so test fixtures match the tightened contract. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7971543423
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
🎉 All green!❄️ No new flaky tests detected 🔗 Commit SHA: 604b9e4 | Docs | Datadog PR Page | Give us feedback! |
Two assertions in packages/plugins/apps/src/index.test.ts hardcoded the
prior FAKE_SITE value ('example.com'): the uploader.uploadArchive
expectation and the nock intake host. Both now reference DEFAULT_SITE
(imported from the test mocks helper) so the test tracks the helper
rather than the literal value.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Update both the generated full-configuration block (via the readme integrity template) and the auth.site prose section: - The type signature now shows site?: Sites instead of site?: string. - The prose lists all 8 documented Datadog sites explicitly (dropping the trailing "etc.") and calls out that invalid values now throw at plugin initialization. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
yoannmoinet
reviewed
May 15, 2026
- Rename the Sites type to Site (singular) everywhere it's used — auth.site, isSite typeguard, factory validation. The README's generated config block now shows site?: Site. - Move DEFAULT_SITE from packages/tests/_jest/helpers/mocks.ts to packages/core/src/constants.ts (derived from SITES[0]) so the factory's fallback and the test fixture share one source of truth. Tests that referenced DEFAULT_SITE now import from @dd/core/constants. - Collapse validateAuth + the post-validation re-narrow into a single resolveSite helper that both validates and narrows string | undefined -> Site | undefined. Drop the (SITES as readonly string[]) cast in isSite in favor of .some(). - Skip auth.site validation entirely when DATADOG_SITE / DD_SITE is set, via short-circuit in the envSite ?? resolveSite(...) chain, so a stale auth.site can't block a build that has opted into an env override. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
yoannmoinet
approved these changes
May 15, 2026
Co-authored-by: Yoann Moinet <597828+yoannmoinet@users.noreply.github.com>
gh-worker-dd-mergequeue-cf854d
Bot
deleted the
oliver/oliverli/typed-auth-sites
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What and why?
Previously
AuthOptions.sitewas string, which let typos flow silently into Datadog intake URLs.It was also a major source of bugs as sometimes Datadog API endpoints would inadvertently be specified as e.g.
https://${auth.site}/api/etc/etcwithout theapisubdomain, causing 403s when the APIs are run.How?
single source of truth (matches the existing ALL_ENVS / SUPPORTED_BUNDLERS
pattern).
throws a clear error pointing at
https://docs.datadoghq.com/getting_started/site/ when an unsupported value
is provided.
and types defaultAuth as AuthOptionsWithDefaults so test fixtures match
the tightened contract.
Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com