From 8e754f3ec5748c0a07821202f83795dfe6bc561e Mon Sep 17 00:00:00 2001
From: Carles Capell <carles.capell@datadoghq.com>
Date: Thu, 29 Jan 2026 12:05:55 +0100
Subject: [PATCH 1/3] Reenable Hardcoded passwords and secrets tests for
 Node.js

---
 manifests/nodejs.yml | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/manifests/nodejs.yml b/manifests/nodejs.yml
index d0f38a19373..65c67774654 100644
--- a/manifests/nodejs.yml
+++ b/manifests/nodejs.yml
@@ -204,42 +204,27 @@ manifest:
         "*": *ref_5_13_0
         fastify: *ref_5_61_0
         nextjs: missing_feature
-  tests/appsec/iast/sink/test_hardcoded_passwords.py::Test_HardcodedPasswords::test_hardcoded_passwords_exec:
-    - component_version: ">=5.82.0"
-      declaration: bug (APPSEC-60648)
   tests/appsec/iast/sink/test_hardcoded_passwords.py::Test_HardcodedPasswords_ExtendedLocation:
     - weblog_declaration:
         "*": *ref_5_37_0
         fastify: *ref_5_61_0
         nextjs: missing_feature
-  tests/appsec/iast/sink/test_hardcoded_passwords.py::Test_HardcodedPasswords_ExtendedLocation::test_extended_location_data:
-    - component_version: ">=5.82.0"
-      declaration: bug (APPSEC-60648)
   tests/appsec/iast/sink/test_hardcoded_passwords.py::Test_HardcodedPasswords_StackTrace: missing_feature
   tests/appsec/iast/sink/test_hardcoded_secrets.py::Test_HardcodedSecrets:
     - weblog_declaration:
         "*": *ref_4_18_0
         fastify: *ref_5_61_0
         nextjs: missing_feature
-  tests/appsec/iast/sink/test_hardcoded_secrets.py::Test_HardcodedSecrets::test_hardcoded_secrets_exec:
-    - component_version: ">=5.82.0"
-      declaration: bug (APPSEC-60648)
   tests/appsec/iast/sink/test_hardcoded_secrets.py::Test_HardcodedSecretsExtended:
     - weblog_declaration:
         "*": *ref_5_11_0
         fastify: *ref_5_61_0
         nextjs: missing_feature
-  tests/appsec/iast/sink/test_hardcoded_secrets.py::Test_HardcodedSecretsExtended::test_hardcoded_secrets_extended_exec:
-    - component_version: ">=5.82.0"
-      declaration: bug (APPSEC-60648)
   tests/appsec/iast/sink/test_hardcoded_secrets.py::Test_HardcodedSecrets_ExtendedLocation:
     - weblog_declaration:
         "*": *ref_5_37_0
         fastify: *ref_5_61_0
         nextjs: missing_feature
-  tests/appsec/iast/sink/test_hardcoded_secrets.py::Test_HardcodedSecrets_ExtendedLocation::test_extended_location_data:
-    - component_version: ">=5.82.0"
-      declaration: bug (APPSEC-60648)
   tests/appsec/iast/sink/test_hardcoded_secrets.py::Test_HardcodedSecrets_StackTrace: missing_feature
   tests/appsec/iast/sink/test_header_injection.py: irrelevant (Header Injection detection was removed)
   tests/appsec/iast/sink/test_hsts_missing_header.py::Test_HstsMissingHeader:

From 630cbc1bfcfe363d04786d700163601e52e6c73a Mon Sep 17 00:00:00 2001
From: Charles de Beauchesne <charles.de.beauchesne@gmail.com>
Date: Fri, 30 Jan 2026 11:30:36 +0100
Subject: [PATCH 2/3] Add debug harness

---
 .github/workflows/debug-harness.yml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/debug-harness.yml b/.github/workflows/debug-harness.yml
index 34c5443c7af..9c665957f47 100644
--- a/.github/workflows/debug-harness.yml
+++ b/.github/workflows/debug-harness.yml
@@ -1,6 +1,7 @@
 name: Run multiple times a scenario to trigger a flake
 
 on:
+  pull_request: {}
   workflow_dispatch:
     inputs:
       library:
@@ -29,10 +30,10 @@ on:
         type: string
 
 env:
-  LIBRARY:      ${{ (github.event_name == 'workflow_dispatch' && inputs.library)     || 'php' }}
-  WEBLOG:       ${{ (github.event_name == 'workflow_dispatch' && inputs.weblog)      || 'apache-mod-8.1' }}
-  SCENARIO:     ${{ (github.event_name == 'workflow_dispatch' && inputs.scenario)    || 'DEBUGGER_EXPRESSION_LANGUAGE' }}
-  JOB_COUNT:    ${{ (github.event_name == 'workflow_dispatch' && inputs.job_count)   || '10' }}
+  LIBRARY:      ${{ (github.event_name == 'workflow_dispatch' && inputs.library)     || 'nodejs' }}
+  WEBLOG:       ${{ (github.event_name == 'workflow_dispatch' && inputs.weblog)      || 'nextjs' }}
+  SCENARIO:     ${{ (github.event_name == 'workflow_dispatch' && inputs.scenario)    || 'DEFAULT' }}
+  JOB_COUNT:    ${{ (github.event_name == 'workflow_dispatch' && inputs.job_count)   || '100' }}
   AGENT_IMAGE:  ${{ (github.event_name == 'workflow_dispatch' && inputs.agent_image) || 'datadog/agent:latest' }}
   DEV_OR_PROD:  ${{ (github.event_name == 'workflow_dispatch' && inputs.dev_or_prod) || 'prod' }}
 
@@ -57,8 +58,9 @@ jobs:
       - name: Select agent image
         run: echo ${{ env.AGENT_IMAGE }} > binaries/agent-image
       - name: Get dev artifact
-        if: env.DEV_OR_PROD == 'dev'
         run: ./utils/scripts/load-binary.sh ${{ env.LIBRARY }}
+        env:
+          LIBRARY_TARGET_BRANCH: ccapell/check-discarded-payloads
       - name: Build weblog
         id: build
         run: SYSTEM_TEST_BUILD_ATTEMPTS=3 ./build.sh ${{ env.LIBRARY }} -i weblog -w ${{ env.WEBLOG }} -s --github-token-file "$RUNNER_TEMP/github_token.txt"

From 02ecb1ea04525b57c2b46b93397db6458e033216 Mon Sep 17 00:00:00 2001
From: Carles Capell <carles.capell@datadoghq.com>
Date: Mon, 2 Feb 2026 07:07:58 +0100
Subject: [PATCH 3/3] Revert "Add debug harness"

This reverts commit 630cbc1bfcfe363d04786d700163601e52e6c73a.
---
 .github/workflows/debug-harness.yml | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/debug-harness.yml b/.github/workflows/debug-harness.yml
index 9c665957f47..34c5443c7af 100644
--- a/.github/workflows/debug-harness.yml
+++ b/.github/workflows/debug-harness.yml
@@ -1,7 +1,6 @@
 name: Run multiple times a scenario to trigger a flake
 
 on:
-  pull_request: {}
   workflow_dispatch:
     inputs:
       library:
@@ -30,10 +29,10 @@ on:
         type: string
 
 env:
-  LIBRARY:      ${{ (github.event_name == 'workflow_dispatch' && inputs.library)     || 'nodejs' }}
-  WEBLOG:       ${{ (github.event_name == 'workflow_dispatch' && inputs.weblog)      || 'nextjs' }}
-  SCENARIO:     ${{ (github.event_name == 'workflow_dispatch' && inputs.scenario)    || 'DEFAULT' }}
-  JOB_COUNT:    ${{ (github.event_name == 'workflow_dispatch' && inputs.job_count)   || '100' }}
+  LIBRARY:      ${{ (github.event_name == 'workflow_dispatch' && inputs.library)     || 'php' }}
+  WEBLOG:       ${{ (github.event_name == 'workflow_dispatch' && inputs.weblog)      || 'apache-mod-8.1' }}
+  SCENARIO:     ${{ (github.event_name == 'workflow_dispatch' && inputs.scenario)    || 'DEBUGGER_EXPRESSION_LANGUAGE' }}
+  JOB_COUNT:    ${{ (github.event_name == 'workflow_dispatch' && inputs.job_count)   || '10' }}
   AGENT_IMAGE:  ${{ (github.event_name == 'workflow_dispatch' && inputs.agent_image) || 'datadog/agent:latest' }}
   DEV_OR_PROD:  ${{ (github.event_name == 'workflow_dispatch' && inputs.dev_or_prod) || 'prod' }}
 
@@ -58,9 +57,8 @@ jobs:
       - name: Select agent image
         run: echo ${{ env.AGENT_IMAGE }} > binaries/agent-image
       - name: Get dev artifact
+        if: env.DEV_OR_PROD == 'dev'
         run: ./utils/scripts/load-binary.sh ${{ env.LIBRARY }}
-        env:
-          LIBRARY_TARGET_BRANCH: ccapell/check-discarded-payloads
       - name: Build weblog
         id: build
         run: SYSTEM_TEST_BUILD_ATTEMPTS=3 ./build.sh ${{ env.LIBRARY }} -i weblog -w ${{ env.WEBLOG }} -s --github-token-file "$RUNNER_TEMP/github_token.txt"