Add a mechanism to redact fetch instrumentation

[nickdichev]

Hey guys,

I'm using better-auth in my app which uses fetch under the hood to make requests. I noticed that sensitive credentials were leaking into HyperDX via the fetch instrumentation. Obviously, I don't want this to happen.

This PR attempts to add a redaction mechanism on the fetch instrumentation. Was looking for some initial feedback on what you all think about this direction, since I think some of the other auto-instrumentation could/should use a similar pattern. I think there's a couple of other ways this feature could be implemented like modifying the HyperDXSpanProcessor or writing a custom exporter, but that would add a JSON.parse on every span (on http.request.body), which is maybe undesirable?

This work allows the application developer to instantiate their client side hyperdx like this:

HyperDX.init({
  apiKey: import.meta.env.PUBLIC_ENV__HYPERDX_API_KEY,
  service: import.meta.env.PUBLIC_ENV__HYPERDX_SERVICE_NAME || "unknown",
  tracePropagationTargets: [],
  consoleCapture: true,
  advancedNetworkCapture: true,
  instrumentations: {
    fetch: {
      propogateTraceHeaderCorsUrls: [],
      advancedNetworkCapture: () => true,
      redactKeys: {
        body: ["password"],
        headers: ["date", /content_.*/],
      },
    },
  },
});

Which will then end up like this on the console:

[changeset-bot]

⚠️ No Changeset found

Latest commit: 6c21b4c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR