[CWS] Skip ssh session patcher

[theop-dd]

What does this PR do?

Skip the SSH session patcher and add a test to illustrate the current issue.
In addition, adds the possibility to check specific fields in the json returned for ssh_session events.

Motivation

The retry mechanism could cause the agent to send no more than one event per minute if an SSH session was not properly resolved.
Previously, the event was not sent and the agent would wait one minute before sending it with the unknown type. However, this authtype would never be resolved because the session was initialized before the agent started processing events. As a result, every subsequent SSH event would wait one minute for nothing, causing a significant delay in agent events, potentially blocking all the other events.

Describe how you validated your changes

Added a test that illustrate the issue : TestSSHUserSessionBlocking
With this change, the ssh_session event is now sent with authtype set to unknown and directly sent.

Error without commenting the patcher :

        	Error:      	Received unexpected error:
        	            	All attempts fail:
        	            	#1: not found
        	            	#2: not found
        	            	#3: not found
        	            	#4: not found
        	            	#5: not found
        	            	#6: not found
        	            	#7: not found
        	            	#8: not found
        	            	#9: not found
        	            	#10: not found
        	            	#11: not found
        	            	#12: not found
        	            	#13: not found
        	            	#14: not found
        	            	#15: not found
        	            	#16: not found
        	            	#17: not found
        	            	#18: not found
        	            	#19: not found
        	            	#20: not found
        	            	#21: not found
        	            	#22: not found
        	            	#23: not found
        	            	#24: not found
        	            	#25: not found
        	            	#26: not found
        	            	#27: not found
        	            	#28: not found
        	            	#29: not found
        	            	#30: not found
        	Test:       	TestSSHUserSessionBlocking/second_ssh_no_auth

[agent-platform-auto-pr]

Static quality checks

✅ Please find below the results from static quality gates
Comparison made with ancestor e36fd8f
📊 Static Quality Gates Dashboard

Successful checks

Info

	Quality gate	Change	Size (prev → curr → max)
✅	agent_deb_amd64	-9.9 KiB (0.00% reduction)	752.512 → 752.503 → 754.830
✅	agent_deb_amd64_fips	-9.9 KiB (0.00% reduction)	701.173 → 701.164 → 704.000
✅	agent_heroku_amd64	-9.65 KiB (0.00% reduction)	326.975 → 326.966 → 329.530
✅	agent_msi	-9.06 KiB (0.00% reduction)	663.047 → 663.038 → 1072.620
✅	agent_rpm_amd64	-9.9 KiB (0.00% reduction)	752.496 → 752.486 → 754.800
✅	agent_rpm_amd64_fips	-9.9 KiB (0.00% reduction)	701.157 → 701.148 → 703.990
✅	agent_rpm_arm64	-9.87 KiB (0.00% reduction)	731.262 → 731.252 → 737.340
✅	agent_rpm_arm64_fips	-9.87 KiB (0.00% reduction)	683.253 → 683.243 → 688.480
✅	agent_suse_amd64	-9.9 KiB (0.00% reduction)	752.496 → 752.486 → 754.800
✅	agent_suse_amd64_fips	-9.9 KiB (0.00% reduction)	701.157 → 701.148 → 703.990
✅	agent_suse_arm64	-9.87 KiB (0.00% reduction)	731.262 → 731.252 → 737.340
✅	agent_suse_arm64_fips	-9.87 KiB (0.00% reduction)	683.253 → 683.243 → 688.480
✅	docker_agent_amd64	-9.91 KiB (0.00% reduction)	814.614 → 814.604 → 817.140
✅	docker_agent_arm64	-9.86 KiB (0.00% reduction)	817.970 → 817.960 → 824.020
✅	docker_agent_jmx_amd64	-9.9 KiB (0.00% reduction)	1005.492 → 1005.483 → 1008.020
✅	docker_agent_jmx_arm64	-9.87 KiB (0.00% reduction)	997.568 → 997.558 → 1003.620

15 successful checks with minimal change (< 2 KiB)

	Quality gate	Current Size
✅	docker_cluster_agent_amd64	181.104 MiB
✅	docker_cluster_agent_arm64	196.918 MiB
✅	docker_cws_instrumentation_amd64	7.135 MiB
✅	docker_cws_instrumentation_arm64	6.689 MiB
✅	docker_dogstatsd_amd64	38.836 MiB
✅	docker_dogstatsd_arm64	37.128 MiB
✅	dogstatsd_deb_amd64	30.055 MiB
✅	dogstatsd_deb_arm64	28.200 MiB
✅	dogstatsd_rpm_amd64	30.055 MiB
✅	dogstatsd_suse_amd64	30.055 MiB
✅	iot_agent_deb_amd64	43.029 MiB
✅	iot_agent_deb_arm64	40.135 MiB
✅	iot_agent_deb_armhf	40.701 MiB
✅	iot_agent_rpm_amd64	43.030 MiB
✅	iot_agent_suse_amd64	43.030 MiB

On-wire sizes (compressed)

	Quality gate	Change	Size (prev → curr → max)
✅	agent_deb_amd64	-3.74 KiB (0.00% reduction)	183.953 → 183.950 → 184.810
✅	agent_deb_amd64_fips	-25.34 KiB (0.01% reduction)	172.658 → 172.634 → 173.790
✅	agent_heroku_amd64	-5.83 KiB (0.01% reduction)	87.160 → 87.154 → 88.450
✅	agent_msi	+8.0 KiB (0.01% increase)	143.160 → 143.168 → 143.300
✅	agent_rpm_amd64	-18.34 KiB (0.01% reduction)	186.862 → 186.844 → 188.160
✅	agent_rpm_amd64_fips	+14.25 KiB (0.01% increase)	175.680 → 175.694 → 176.600
✅	agent_rpm_arm64	+3.82 KiB (0.00% increase)	168.603 → 168.606 → 169.930
✅	agent_rpm_arm64_fips	-26.1 KiB (0.02% reduction)	159.177 → 159.152 → 160.550
✅	agent_suse_amd64	-18.34 KiB (0.01% reduction)	186.862 → 186.844 → 188.160
✅	agent_suse_amd64_fips	+14.25 KiB (0.01% increase)	175.680 → 175.694 → 176.600
✅	agent_suse_arm64	+3.82 KiB (0.00% increase)	168.603 → 168.606 → 169.930
✅	agent_suse_arm64_fips	-26.1 KiB (0.02% reduction)	159.177 → 159.152 → 160.550
✅	docker_agent_amd64	-2.77 KiB (0.00% reduction)	276.624 → 276.621 → 277.400
✅	docker_agent_arm64	-11.01 KiB (0.00% reduction)	264.049 → 264.038 → 266.040
✅	docker_agent_jmx_amd64	-17.88 KiB (0.01% reduction)	345.269 → 345.252 → 346.020
✅	docker_agent_jmx_arm64	-9.93 KiB (0.00% reduction)	328.670 → 328.660 → 330.660
✅	docker_cluster_agent_amd64	neutral	63.996 MiB → 64.490
✅	docker_cluster_agent_arm64	neutral	60.254 MiB → 61.170
✅	docker_cws_instrumentation_amd64	neutral	2.994 MiB → 3.330
✅	docker_cws_instrumentation_arm64	neutral	2.726 MiB → 3.090
✅	docker_dogstatsd_amd64	neutral	15.030 MiB → 15.820
✅	docker_dogstatsd_arm64	neutral	14.353 MiB → 14.830
✅	dogstatsd_deb_amd64	neutral	7.946 MiB → 8.790
✅	dogstatsd_deb_arm64	neutral	6.825 MiB → 7.710
✅	dogstatsd_rpm_amd64	neutral	7.957 MiB → 8.800
✅	dogstatsd_suse_amd64	neutral	7.957 MiB → 8.800
✅	iot_agent_deb_amd64	-2.5 KiB (0.02% reduction)	11.292 → 11.290 → 12.040
✅	iot_agent_deb_arm64	-2.15 KiB (0.02% reduction)	9.652 → 9.650 → 10.450
✅	iot_agent_deb_armhf	neutral	9.846 MiB → 10.620
✅	iot_agent_rpm_amd64	neutral	11.309 MiB → 12.060
✅	iot_agent_suse_amd64	neutral	11.309 MiB → 12.060

[cit-pr-commenter-54b7da]

Regression Detector

Regression Detector Results

Metrics dashboard
Target profiles
Run ID: 332d7d08-3baa-4ec3-814f-1b5d7218df8e

Baseline: e36fd8f
Comparison: 1ee6bbc
Diff

Optimization Goals: ✅ No significant changes detected

Experiments ignored for regressions

Regressions in experiments with settings containing erratic: true are ignored.

perf	experiment	goal	Δ mean %	Δ mean % CI	trials	links
➖	docker_containers_cpu	% cpu utilization	+0.83	[-2.25, +3.91]	1	Logs

Fine details of change detection per experiment

perf	experiment	goal	Δ mean %	Δ mean % CI	trials	links
➖	quality_gate_metrics_logs	memory utilization	+1.29	[+1.06, +1.51]	1	Logs bounds checks dashboard
➖	docker_containers_cpu	% cpu utilization	+0.83	[-2.25, +3.91]	1	Logs
➖	ddot_logs	memory utilization	+0.47	[+0.41, +0.54]	1	Logs
➖	quality_gate_idle_all_features	memory utilization	+0.42	[+0.39, +0.46]	1	Logs bounds checks dashboard
➖	quality_gate_logs	% cpu utilization	+0.42	[-1.06, +1.90]	1	Logs bounds checks dashboard
➖	otlp_ingest_metrics	memory utilization	+0.30	[+0.14, +0.45]	1	Logs
➖	otlp_ingest_logs	memory utilization	+0.10	[+0.00, +0.19]	1	Logs
➖	file_to_blackhole_500ms_latency	egress throughput	+0.10	[-0.29, +0.48]	1	Logs
➖	file_to_blackhole_0ms_latency	egress throughput	+0.10	[-0.42, +0.61]	1	Logs
➖	uds_dogstatsd_20mb_12k_contexts_20_senders	memory utilization	+0.08	[+0.02, +0.13]	1	Logs
➖	ddot_metrics_sum_cumulative	memory utilization	+0.05	[-0.11, +0.21]	1	Logs
➖	file_to_blackhole_100ms_latency	egress throughput	+0.04	[+0.00, +0.09]	1	Logs
➖	uds_dogstatsd_to_api	ingress throughput	+0.02	[-0.10, +0.15]	1	Logs
➖	uds_dogstatsd_to_api_v3	ingress throughput	+0.01	[-0.12, +0.15]	1	Logs
➖	file_tree	memory utilization	+0.01	[-0.04, +0.07]	1	Logs
➖	tcp_dd_logs_filter_exclude	ingress throughput	+0.01	[-0.08, +0.10]	1	Logs
➖	file_to_blackhole_1000ms_latency	egress throughput	-0.07	[-0.47, +0.34]	1	Logs
➖	docker_containers_memory	memory utilization	-0.25	[-0.32, -0.17]	1	Logs
➖	ddot_metrics_sum_delta	memory utilization	-0.44	[-0.64, -0.24]	1	Logs
➖	quality_gate_idle	memory utilization	-0.44	[-0.49, -0.40]	1	Logs bounds checks dashboard
➖	tcp_syslog_to_blackhole	ingress throughput	-0.46	[-0.54, -0.38]	1	Logs
➖	ddot_metrics	memory utilization	-0.70	[-0.92, -0.47]	1	Logs
➖	ddot_metrics_sum_cumulativetodelta_exporter	memory utilization	-1.04	[-1.28, -0.81]	1	Logs

Bounds Checks: ✅ Passed

perf	experiment	bounds_check_name	replicates_passed	links
✅	docker_containers_cpu	simple_check_run	10/10
✅	docker_containers_memory	memory_usage	10/10
✅	docker_containers_memory	simple_check_run	10/10
✅	file_to_blackhole_0ms_latency	lost_bytes	10/10
✅	file_to_blackhole_0ms_latency	memory_usage	10/10
✅	file_to_blackhole_1000ms_latency	lost_bytes	10/10
✅	file_to_blackhole_1000ms_latency	memory_usage	10/10
✅	file_to_blackhole_100ms_latency	lost_bytes	10/10
✅	file_to_blackhole_100ms_latency	memory_usage	10/10
✅	file_to_blackhole_500ms_latency	lost_bytes	10/10
✅	file_to_blackhole_500ms_latency	memory_usage	10/10
✅	quality_gate_idle	intake_connections	10/10	bounds checks dashboard
✅	quality_gate_idle	memory_usage	10/10	bounds checks dashboard
✅	quality_gate_idle_all_features	intake_connections	10/10	bounds checks dashboard
✅	quality_gate_idle_all_features	memory_usage	10/10	bounds checks dashboard
✅	quality_gate_logs	intake_connections	10/10	bounds checks dashboard
✅	quality_gate_logs	lost_bytes	10/10	bounds checks dashboard
✅	quality_gate_logs	memory_usage	10/10	bounds checks dashboard
✅	quality_gate_metrics_logs	cpu_usage	10/10	bounds checks dashboard
✅	quality_gate_metrics_logs	intake_connections	10/10	bounds checks dashboard
✅	quality_gate_metrics_logs	lost_bytes	10/10	bounds checks dashboard
✅	quality_gate_metrics_logs	memory_usage	10/10	bounds checks dashboard

Explanation

Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%

Performance changes are noted in the perf column of each table:

• ✅ = significantly better comparison variant performance
• ❌ = significantly worse comparison variant performance
• ➖ = no significant change in performance

A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".

For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:

1. Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.

2. Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.

3. Its configuration does not mark it "erratic".

CI Pass/Fail Decision

✅ Passed. All Quality Gates passed.

• quality_gate_metrics_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_metrics_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.
• quality_gate_metrics_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
• quality_gate_metrics_logs, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
• quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
• quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.
• quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
• quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.

[safchain]

maybe in english ?

[theop-dd]

done

[theop-dd]

/merge

[gh-worker-devflow-routing-ef8351]

View all feedbacks in Devflow UI.

2026-01-27 16:03:42 UTC ℹ️ Start processing command /merge

---

2026-01-27 16:04:58 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 1h (p90).

---

2026-01-27 17:32:54 UTC ℹ️ MergeQueue: This merge request was merged