Add helper rewrite in rust

[cataphract]

Description

Passing integration and system-tests.

Further integration into sidecar and protocol changes pending.

Reviewer checklist

• Test coverage seems ok.
• Appropriate labels assigned.

[datadog-datadog-prod-us1]

⚠️ Tests

✨ Fix all issues with BitsAI or with Cursor

⚠️ Warnings

🧪 1028 Tests failed

testSearchPhpBinaries from integration.DDTrace\Tests\Integration\PHPInstallerTest (Datadog) (Fix with Cursor)

Risky Test
phpvfscomposer://tests/vendor/phpunit/phpunit/phpunit:97

testSimplePushAndProcess from laravel-58-test.DDTrace\Tests\Integrations\Laravel\V5_8\QueueTest (Datadog) (Fix with Cursor)

DDTrace\Tests\Integrations\Laravel\V5_8\QueueTest::testSimplePushAndProcess
Test code or tested code printed unexpected output: spanLinksTraceId: 69a1f7ed00000000618577efe3dbe452
tid: 69a1f7ed00000000
hexProcessTraceId: 618577efe3dbe452
hexProcessSpanId: 516738592b57b2c3
processTraceId: 7027154665785254994
processSpanId: 5865718995303772867

phpvfscomposer://tests/vendor/phpunit/phpunit/phpunit:106

testSimplePushAndProcess from laravel-8x-test.DDTrace\Tests\Integrations\Laravel\V8_x\QueueTest (Datadog) (Fix with Cursor)

DDTrace\Tests\Integrations\Laravel\V8_x\QueueTest::testSimplePushAndProcess
Test code or tested code printed unexpected output: spanLinksTraceId: 69a1f80c00000000863338c77b573cad
tid: 69a1f80c00000000
hexProcessTraceId: 863338c77b573cad
hexProcessSpanId: aa85239d2d50c65a
processTraceId: 9670135254313548973
processSpanId: 12287266316327372378

View all

ℹ️ Info

❄️ No new flaky tests detected

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: edf9007 | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!}

[codecov-commenter]

Codecov Report

❌ Patch coverage is 84.83167% with 820 lines in your changes missing coverage. Please review.
✅ Project coverage is 68.62%. Comparing base (f785afe) to head (edf9007).
⚠️ Report is 7 commits behind head on master.

Files with missing lines	Patch %	Lines
appsec/helper-rust/src/client.rs	89.58%	97 Missing ⚠️
appsec/helper-rust/src/lib.rs	53.47%	87 Missing ⚠️
appsec/helper-rust/src/rc.rs	85.71%	68 Missing ⚠️
appsec/src/extension/helper_process.c	6.55%	57 Missing ⚠️
appsec/helper-rust/src/telemetry/sidecar.rs	79.10%	56 Missing ⚠️
appsec/helper-rust/src/service.rs	91.01%	54 Missing ⚠️
appsec/src/extension/ddappsec.c	16.12%	48 Missing and 4 partials ⚠️
appsec/helper-rust/src/lock.rs	68.37%	37 Missing ⚠️
appsec/helper-rust/src/service/sampler.rs	90.76%	34 Missing ⚠️
appsec/helper-rust/src/service/waf_diag.rs	87.96%	29 Missing ⚠️
... and 19 more

❌ Your patch status has failed because the patch coverage (84.83%) is below the target coverage (90.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3581      +/-   ##
==========================================
+ Coverage   62.21%   68.62%   +6.40%     
==========================================
  Files         141      165      +24     
  Lines       13388    18766    +5378     
  Branches     1753     1772      +19     
==========================================
+ Hits         8330    12879    +4549     
- Misses       4260     5082     +822     
- Partials      798      805       +7     

Flag	Coverage Δ
helper-rust-integration	78.71% <78.71%> (?)
helper-rust-unit	49.67% <49.67%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
appsec/helper-rust/src/service/metrics.rs	100.00% <100.00%> (ø)
appsec/src/extension/configuration.h	100.00% <ø> (ø)
appsec/src/extension/user_tracking.c	75.00% <100.00%> (+0.08%)	⬆️
appsec/src/helper/client.cpp	75.46% <100.00%> (+0.05%)	⬆️
appsec/src/helper/client.hpp	89.58% <ø> (ø)
appsec/src/helper/engine.cpp	91.73% <100.00%> (ø)
appsec/src/helper/engine.hpp	100.00% <ø> (ø)
appsec/src/helper/network/proto.hpp	93.22% <ø> (ø)
appsec/src/helper/subscriber/base.hpp	100.00% <ø> (ø)
appsec/src/helper/subscriber/waf.cpp	71.57% <100.00%> (+0.04%)	⬆️
... and 30 more

... and 2 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f785afe...edf9007. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pr-commenter]

Benchmarks [ appsec ]

Benchmark execution time: 2026-02-27 20:30:46

Comparing candidate commit edf9007 in PR branch glopes/helper-rust with baseline commit f785afe in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

[pr-commenter]

Benchmarks [ tracer ]

Benchmark execution time: 2026-02-27 21:09:04

Comparing candidate commit edf9007 in PR branch glopes/helper-rust with baseline commit f785afe in branch master.

Found 2 performance improvements and 4 performance regressions! Performance is the same for 184 metrics, 4 unstable metrics.

scenario:MessagePackSerializationBench/benchMessagePackSerialization

• 🟩 execution_time [-7.487µs; -5.533µs] or [-6.804%; -5.028%]

scenario:MessagePackSerializationBench/benchMessagePackSerialization-opcache

• 🟩 execution_time [-7.220µs; -6.320µs] or [-6.468%; -5.662%]

scenario:SamplingRuleMatchingBench/benchRegexMatching1

• 🟥 execution_time [+81.110ns; +117.090ns] or [+7.027%; +10.144%]

scenario:SamplingRuleMatchingBench/benchRegexMatching2

• 🟥 execution_time [+98.091ns; +167.109ns] or [+8.448%; +14.392%]

scenario:SamplingRuleMatchingBench/benchRegexMatching3

• 🟥 execution_time [+99.071ns; +131.129ns] or [+8.569%; +11.341%]

scenario:SamplingRuleMatchingBench/benchRegexMatching4

• 🟥 execution_time [+91.376ns; +132.824ns] or [+7.938%; +11.539%]

[morrisonlevi]

This PR is so large that github will only permit me to review it one file at a time. I didn't even know that was a thing! You're going to need to break it down into a series of smaller PRs, probably.

[bwoebi]

@morrisonlevi I've had success for very big PRs with the PHPStorm/CLion github integrations in the past. Doesn't matter for small PRs, but can definitely recommend it for extra-large PRs :-)