NOTICE: This is in Preview mode, we are fine tuning the interactions and bugs that arise. Please file issues or submit PRs. Thank you for your early interest!
Every AI agent needs a loyal companion. Meet Pup — the CLI that gives your agents full access to Datadog's observability platform (because even autonomous agents need good tooling, not just tricks).
A comprehensive, AI-agent-ready CLI with 200+ commands across 33 Datadog products. We've unleashed the full power of Datadog's APIs so your agents can fetch metrics, sniff out errors, and track down issues without barking up the wrong API tree.
AI agents are the fastest-growing interface for infrastructure management. Companies like Vercel and AWS are racing to make their platforms agent-accessible, but we're leading the pack. Pup makes Datadog the alpha choice for AI-native workflows with 100% documented API coverage while competitors are still learning basic commands.
- 🐾 Well-trained: Self-discoverable commands (no need to chase documentation)
- 🦮 Obedient: Structured JSON/YAML output for easy parsing
- 🐕🦺 On a leash: OAuth2 + PKCE for scoped access (no more long-lived keys running wild)
- 🐶 Knows all the tricks: Monitors, logs, metrics, RUM, security and more!
# Give your agent credentials (house-training, basically)
pup auth login
# Now they can fetch data like a good pup
pup monitors list --tags="team:api-platform" # Fetch monitors
pup logs search --query="status:error" --from="1h" # Sniff out errors
pup metrics query --query="avg:system.cpu.user{*}" # Track the metrics tail🐶 TL;DR: We built a comprehensive CLI so AI agents can use Datadog like a pro. Give your agent a pup. They're housetrained, loyal, and know way more tricks than you'd expect.
P.S. No actual puppies were harmed in the making of this CLI. Just a lot of Rust code and API endpoints.
Pup implements 45 of 85+ available Datadog APIs (53% coverage) with 300+ subcommands across 42 command groups.
See docs/COMMANDS.md for detailed command reference.
💡 Tip: Use Ctrl/Cmd+F to search for specific APIs. Request features via GitHub Issues.
📊 Core Observability (5/9 implemented)
| API Domain | Status | Pup Commands | Notes |
|---|---|---|---|
| Metrics | ✅ | metrics search, metrics query, metrics list, metrics get |
V1 and V2 APIs supported |
| Logs | ✅ | logs search, logs list, logs aggregate |
V1 and V2 APIs supported |
| Events | ✅ | events list, events search, events get |
Infrastructure event management |
| RUM | ✅ | rum apps, rum sessions, rum metrics, rum retention-filters, rum playlists, rum heatmaps |
Apps, sessions, metrics, retention filters, replay playlists, heatmaps |
| APM Services | ✅ | apm services, apm entities, apm dependencies, apm flow-map |
Services stats, operations, resources; entity queries; dependencies; flow visualization |
| Traces | ❌ | - | Not yet implemented |
| Profiling | ❌ | - | Not yet implemented |
| Session Replay | ❌ | - | Not yet implemented |
| Spans Metrics | ❌ | - | Not yet implemented |
🔔 Monitoring & Alerting (7/10 implemented)
| API Domain | Status | Pup Commands | Notes |
|---|---|---|---|
| Monitors | ✅ | monitors list, monitors get, monitors delete, monitors search |
Full CRUD support with advanced search |
| Dashboards | ✅ | dashboards list, dashboards get, dashboards delete, dashboards url |
Full management capabilities |
| SLOs | ✅ | slos list, slos get, slos delete, slos status |
Full CRUD plus V2 status query |
| Synthetics | ✅ | synthetics tests, synthetics locations, synthetics suites |
Tests, locations, and V2 suites management |
| Downtimes | ✅ | downtime list, downtime get, downtime cancel |
Full downtime management |
| Notebooks | ✅ | notebooks list, notebooks get, notebooks delete |
Investigation notebooks supported |
| Status Pages | ✅ | status-pages pages, status-pages components, status-pages degradations |
New — Pages, components, and degradation management |
| Dashboard Lists | ❌ | - | Not yet implemented |
| Powerpacks | ❌ | - | Not yet implemented |
| Workflow Automation | ❌ | - | Not yet implemented |
🔒 Security & Compliance (4/8 implemented)
| API Domain | Status | Pup Commands | Notes |
|---|---|---|---|
| Security Monitoring | ✅ | security rules, security signals, security findings, security content-packs, security risk-scores |
Rules, signals, findings, content packs, entity risk scores |
| Static Analysis | ✅ | static-analysis ast, static-analysis custom-rulesets, static-analysis sca, static-analysis coverage |
Code security analysis |
| Audit Logs | ✅ | audit-logs list, audit-logs search |
Full audit log search and listing |
| Data Governance | ✅ | data-governance scanner-rules list |
Sensitive data scanner rules |
| Application Security | ❌ | - | Not yet implemented |
| CSM Threats | ❌ | - | Not yet implemented |
| Cloud Security (CSPM) | ❌ | - | Not yet implemented |
| Sensitive Data Scanner | ❌ | - | Not yet implemented |
☁️ Infrastructure & Cloud (7/9 implemented)
| API Domain | Status | Pup Commands | Notes |
|---|---|---|---|
| Infrastructure | ✅ | infrastructure hosts list, infrastructure hosts get |
Host inventory management |
| Tags | ✅ | tags list, tags get, tags add, tags update, tags delete |
Host tag operations |
| Network | ⏳ | network flows list, network devices list |
Placeholder — API endpoints pending |
| Cloud (AWS) | ✅ | cloud aws list |
AWS integration management |
| Cloud (GCP) | ✅ | cloud gcp list |
GCP integration management |
| Cloud (Azure) | ✅ | cloud azure list |
Azure integration management |
| Cloud (OCI) | ✅ | cloud oci |
New — Oracle Cloud tenancy configs and products |
| Containers | ❌ | - | Not yet implemented |
| Processes | ❌ | - | Not yet implemented |
🚨 Incident & Operations (8/9 implemented)
| API Domain | Status | Pup Commands | Notes |
|---|---|---|---|
| Incidents | ✅ | incidents list, incidents get, incidents attachments, incidents settings, incidents handles, incidents postmortem-templates |
Incident management with settings, handles, and postmortem templates |
| On-Call (Teams) | ✅ | on-call teams (CRUD, memberships with roles) |
Full team management system with admin/member roles |
| Case Management | ✅ | cases (create, search, assign, archive, projects, jira, servicenow, move) |
Complete case management with Jira/ServiceNow linking |
| Error Tracking | ✅ | error-tracking issues search, error-tracking issues get |
Error issue search and details |
| Service Catalog | ✅ | service-catalog list, service-catalog get |
Service registry management |
| Scorecards | ✅ | scorecards list, scorecards get |
Service quality scores |
| Fleet Automation | ✅ | fleet agents, fleet deployments, fleet schedules |
Agent management, deployments, schedules (Preview) |
| HAMR | ✅ | hamr connections get, hamr connections create |
New — High Availability Multi-Region connections |
| Incident Services/Teams | ❌ | - | Not yet implemented |
🔧 CI/CD & Development (4/4 implemented)
| API Domain | Status | Pup Commands | Notes |
|---|---|---|---|
| CI Visibility | ✅ | cicd pipelines list, cicd events list |
CI/CD pipeline visibility and events |
| Test Optimization | ✅ | cicd tests, cicd flaky-tests |
New — Test events and flaky test management |
| DORA Metrics | ✅ | cicd dora |
New — DORA deployment patching |
| Code Coverage | ✅ | code-coverage branch-summary, code-coverage commit-summary |
New — Branch and commit-level coverage summaries |
👥 Organization & Access (5/6 implemented)
| API Domain | Status | Pup Commands | Notes |
|---|---|---|---|
| Users | ✅ | users list, users get, users roles |
User and role management |
| Organizations | ✅ | organizations get, organizations list |
Organization settings management |
| API Keys | ✅ | api-keys list, api-keys get, api-keys create, api-keys delete |
Full API key CRUD |
| App Keys | ✅ | app-keys list, app-keys get, app-keys create, app-keys update, app-keys delete |
Full application key CRUD |
| Service Accounts | ✅ | - | Managed via users commands |
| Roles | ❌ | - | Only list via users |
⚙️ Platform & Configuration (6/8 implemented)
| API Domain | Status | Pup Commands | Notes |
|---|---|---|---|
| Usage Metering | ✅ | usage summary, usage hourly |
Usage and billing metrics |
| Cost Management | ✅ | cost projected, cost attribution, cost by-org |
Cost attribution by tags and organizations |
| Product Analytics | ✅ | product-analytics events send |
Server-side product analytics events |
| Integrations | ✅ | integrations slack, integrations pagerduty, integrations webhooks, integrations jira, integrations servicenow |
Third-party integrations with Jira and ServiceNow support |
| Observability Pipelines | ⏳ | obs-pipelines list, obs-pipelines get |
Placeholder — API endpoints pending |
| Miscellaneous | ✅ | misc ip-ranges, misc status |
IP ranges and status |
| Key Management | ❌ | - | Not yet implemented |
| IP Allowlist | ❌ | - | Not yet implemented |
brew tap datadog-labs/pack
brew install datadog-labs/pack/pupgit clone https://github.com/datadog-labs/pup.git && cd pup
cargo build --release
cp target/release/pup /usr/local/bin/pupDownload pre-built binaries from the latest release.
Pup supports two authentication methods. OAuth2 is preferred and will be used automatically if you've logged in.
OAuth2 provides secure, browser-based authentication with automatic token refresh.
# Set your Datadog site (optional)
export DD_SITE="datadoghq.com" # Defaults to datadoghq.com
# Login via browser
pup auth login
# Use any command - OAuth tokens are used automatically
pup monitors list
# Check status
pup auth status
# Logout
pup auth logoutToken Storage: Tokens are stored securely in your system's keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service). Set DD_TOKEN_STORAGE=file to use file-based storage instead.
Note: OAuth2 requires Dynamic Client Registration (DCR) to be enabled on your Datadog site. If DCR is not available yet, use API key authentication.
See docs/OAUTH2.md for detailed OAuth2 documentation.
If OAuth2 tokens are not available, Pup automatically falls back to API key authentication.
export DD_API_KEY="your-datadog-api-key"
export DD_APP_KEY="your-datadog-application-key"
export DD_SITE="datadoghq.com" # Optional, defaults to datadoghq.com
# Use any command - API keys are used automatically
pup monitors listFor WASM builds or environments without keychain access, use a pre-obtained bearer token:
export DD_ACCESS_TOKEN="your-oauth-access-token"
export DD_SITE="datadoghq.com"
pup monitors listAPI key authentication (DD_API_KEY + DD_APP_KEY) also works in WASM. See the WASM section below.
Pup checks for authentication in this order:
DD_ACCESS_TOKEN- Stateless bearer token (highest priority)- OAuth2 tokens (from
pup auth login) - Used if valid tokens exist - API keys (from
DD_API_KEYandDD_APP_KEY) - Used if OAuth tokens not available
# OAuth2 login (recommended)
pup auth login
# Check authentication status
pup auth status
# Refresh access token
pup auth refresh
# Logout
pup auth logoutpup test# List all monitors
pup monitors list
# Get specific monitor
pup monitors get 12345678
# Delete monitor
pup monitors delete 12345678 --yes# Search metrics using classic query syntax (v1 API)
pup metrics search --query="avg:system.cpu.user{*}" --from="1h"
# Query time-series data (v2 API)
pup metrics query --query="avg:system.cpu.user{*}" --from="1h"
# List available metrics
pup metrics list --filter="system.*"# List all dashboards
pup dashboards list
# Get dashboard details
pup dashboards get abc-123-def
# Delete dashboard
pup dashboards delete abc-123-def --yes# List all SLOs
pup slos list
# Get SLO details
pup slos get abc-123
# Delete SLO
pup slos delete abc-123 --yes# List all incidents
pup incidents list
# Get incident details
pup incidents get abc-123-def-o, --output: Output format (json, table, yaml) - default: json-y, --yes: Skip confirmation prompts for destructive operations
DD_ACCESS_TOKEN: Bearer token for stateless auth (highest priority)DD_API_KEY: Datadog API key (optional if using OAuth2 or DD_ACCESS_TOKEN)DD_APP_KEY: Datadog Application key (optional if using OAuth2 or DD_ACCESS_TOKEN)DD_SITE: Datadog site (default: datadoghq.com)DD_AUTO_APPROVE: Auto-approve destructive operations (true/false)DD_TOKEN_STORAGE: Token storage backend (keychain or file, default: auto-detect)
When pup is invoked by an AI coding agent, it automatically switches to agent mode which returns structured JSON responses optimized for machine consumption (including metadata, error details, and hints). Agent mode also auto-approves confirmation prompts.
Agent mode is auto-detected when any of these environment variables are set to 1 or true:
| Variable | Agent |
|---|---|
CLAUDE_CODE or CLAUDECODE |
Claude Code |
CURSOR_AGENT |
Cursor |
CODEX or OPENAI_CODEX |
OpenAI Codex |
AIDER |
Aider |
CLINE |
Cline |
WINDSURF_AGENT |
Windsurf |
GITHUB_COPILOT |
GitHub Copilot |
AMAZON_Q or AWS_Q_DEVELOPER |
Amazon Q |
GEMINI_CODE_ASSIST |
Gemini Code Assist |
SRC_CODY |
Sourcegraph Cody |
FORCE_AGENT_MODE |
Any agent (manual override) |
You can also enable it explicitly with the --agent flag or by setting FORCE_AGENT_MODE=1:
# Auto-detected (e.g., running inside Claude Code)
pup monitors list
# Explicit flag
pup monitors list --agent
# Environment variable override
FORCE_AGENT_MODE=1 pup monitors listIf you are integrating pup into an AI agent workflow, make sure the appropriate environment variable is set so responses are optimized for your agent. Without it, pup defaults to human-friendly output.
Pup compiles to WebAssembly via the wasm32-wasip2 target for use in WASI-compatible runtimes such as Wasmtime, Wasmer, and Cloudflare Workers.
# Install the WASI target
rustup target add wasm32-wasip2
# Build for WASI
cargo build --target wasm32-wasip2 --no-default-features --features wasi --releaseThe WASM build supports stateless authentication — keychain storage and browser-based OAuth login are not available. Use either DD_ACCESS_TOKEN or API keys:
# Option 1: Bearer token
DD_ACCESS_TOKEN="your-token" DD_SITE="datadoghq.com" wasmtime run target/wasm32-wasip2/release/pup.wasm -- monitors list
# Option 2: API keys
DD_API_KEY="your-api-key" DD_APP_KEY="your-app-key" wasmtime run target/wasm32-wasip2/release/pup.wasm -- monitors listThe pup auth status command works in WASM and reports which credentials are configured. The login, logout, and refresh subcommands return guidance to use DD_ACCESS_TOKEN.
- No local token storage (keychain/file) — use
DD_ACCESS_TOKENor API keys - No browser-based OAuth login flow
- Networking relies on the host runtime's networking capabilities
# Run directly
wasmtime run --env DD_ACCESS_TOKEN="your-token" target/wasm32-wasip2/release/pup.wasm -- monitors list
# Or with API keys
wasmtime run --env DD_API_KEY="key" --env DD_APP_KEY="key" target/wasm32-wasip2/release/pup.wasm -- --help# Run tests
cargo test
# Build
cargo build --release
# Lint
cargo clippy -- -D warnings
# Format check
cargo fmt --check
# Build WASM
rustup target add wasm32-wasip2
cargo build --target wasm32-wasip2 --no-default-features --features wasi
# Run without building
cargo run -- monitors listApache License 2.0 - see LICENSE for details.
For detailed documentation, see CLAUDE.md.