Use OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT env var in MEAI to enable sensitive content?

[JamesNK]

A convention for libraries that output GenAI telemetry is to use OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT env var to control whether message content is written.

See:

• https://opentelemetry.io/blog/2024/otel-generative-ai/
• https://github.com/search?q=org%3Aopen-telemetry+OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT&type=code

Should MEAI use this setting to control the default value of EnableSensitiveData flag on the telemetry client?

Scenario:

1. Someone is using MEAI in an Aspire instrumented app.
2. Aspire automatically sets OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT=true on projects when run locally. Aspire already sets an env var like this to instruct telemetry libraries not to redact HTTP headers and query strings.
3. MEAI in the running project checks the env var, EnableSensitiveData is set to true, and automatically outputs message data to telemetry. Default dev experince is all info is available in the new GenAI visualizer
4. Production deployment doesn't have the setting. Default prod experience is secure.

Explicitly setting EnableSensitiveData in code would overwrite the value from the env var.

An alternative is we look OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT in the Aspire integrations that use MEAI and set the value in the integration. However, the benefit of doing the check in MEAI itself is then it wouldn't matter whether whether you're using an Aspire integration or not.

cc @sebastienros @eerhardt @stephentoub @davidfowl

[stephentoub]

I'd be fine defaulting the value of EnableSensitiveData to true if an OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT env var is set to true.

[stephentoub]

Addressed by #6790