Problem Description

The current default configuration for is set to , which means that by default, sensitive data such as tool inputs/outputs and LLM generations are automatically included in traces without requiring explicit user consent.

Security Risk

This default behavior violates the "secure by default" principle and poses several security risks:

1. Accidental Data Leakage: Users may unknowingly expose Personally Identifiable Information (PII), secrets, or confidential business data in traces
2. Compliance Violations: Organizations with strict data handling requirements (GDPR, HIPAA, SOC 2) may inadvertently violate compliance by exposing sensitive data
3. Production Security Incidents: Developers might accidentally log sensitive production data without realizing it, leading to potential security breaches

Proposed Solution

Change the default value of from to to make the SDK secure-by-default.

Implementation

A Pull Request has already been created with the fix:

PR Link: #2392

Changes in the PR:

• Changed environment variable default from "true" to "false" in
• Changed default from to in
• Updated tests to reflect the new secure-by-default behavior in

Migration for Users

Users who want to maintain the previous behavior (including sensitive data in traces) can:

Why This Matters

• Security Best Practices: Follows the principle of least privilege and secure-by-default
• Production Safety: Prevents accidental data exposure in production environments
• Compliance: Helps organizations meet data protection requirements
• Developer Experience: Forces explicit opt-in for sensitive data handling, making developers aware of the security implications

The fix is minimal (~15 lines changed) but has significant security impact for all users of the SDK.