Python: Fix ENABLE_SENSITIVE_DATA env var not respected after load_dotenv()

[droideronline]

Motivation and Context

Fixes #4119

When users set ENABLE_SENSITIVE_DATA=true in a .env file and call load_dotenv() before configure_otel_providers() or enable_instrumentation(), the setting is silently ignored. This is because the module-level OBSERVABILITY_SETTINGS singleton caches env vars at import time — before load_dotenv() populates os.environ.

The same timing bug affects VS_CODE_EXTENSION_PORT.

Description

1. Added _env_bool(name) helper — re-reads a boolean from os.environ at call time, using the same truthy strings ("true", "1", "yes", "on") as _coerce_value in _settings.py.

2. Fixed enable_instrumentation() — when enable_sensitive_data param is None, falls back to _env_bool("ENABLE_SENSITIVE_DATA") to pick up values loaded by load_dotenv() after import.

3. Fixed configure_otel_providers() else branch — same _env_bool fallback for enable_sensitive_data, plus os.getenv("VS_CODE_EXTENSION_PORT") fallback for the VS Code extension port.

4. Added 5 unit tests covering:

   • configure_otel_providers() reads ENABLE_SENSITIVE_DATA from env
   • Explicit enable_sensitive_data=False param overrides env
   • enable_instrumentation() reads ENABLE_SENSITIVE_DATA from env
   • Explicit False in enable_instrumentation() overrides env
   • configure_otel_providers() reads VS_CODE_EXTENSION_PORT from env

Contribution Checklist

• The code builds clean without any errors or warnings
• The PR follows the Contribution Guidelines
• All unit tests pass, and I have added new tests where possible
• Is this a breaking change? No — only adds fallback behavior when params are None

[droideronline]

I've verified this fix locally - all existing tests pass (46 passed, 14 skipped for optional OTLP deps, 0 failures) along with the 5 new tests added here.

Let me know if you'd like to address this with a different approach, happy to rework it.

CC @eavanvalkenburg @TaoChenOSU

[Copilot]

Pull request overview

Fixes a timing issue in the Python observability module where module-level cached settings (e.g., ENABLE_SENSITIVE_DATA, VS_CODE_EXTENSION_PORT) were not reflecting values loaded into os.environ by load_dotenv() after import.

Changes:

• Added a small _env_bool() helper to re-read boolean env vars at call time.
• Updated enable_instrumentation() and the configure_otel_providers() non-env_file_path path to re-check env vars when parameters are omitted.
• Added unit tests covering env fallback behavior and explicit parameter overrides.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
python/packages/core/agent_framework/observability.py	Re-reads select env vars at call time to avoid stale module-level settings after load_dotenv().
python/packages/core/tests/core/test_observability.py	Adds new tests to validate env fallbacks and precedence rules.

[droideronline]

@eavanvalkenburg To add context on why this approach makes sense: no well-behaved library should call load_dotenv() at import time. The standard pattern (and what all the samples follow) is import → load_dotenv() → configure_otel_providers(). Since load_dotenv() will always run after import, the module-level singleton will always have stale values. Re-reading env vars at configure_otel_providers() / enable_instrumentation() call time is the natural place to pick up the freshly populated os.environ. Correct me if I am wrong.

[eavanvalkenburg]

Which is why we made a change to no longer use load_dotenv, so please check with the rc1 release if this is still a issue

[droideronline]

@eavanvalkenburg I am on the latest main (0086d38f, tagged python-1.0.0rc1). I understand your #4032 removed implicit load_dotenv() from inside the framework helpers (_get_exporters_from_env, create_resource), so the framework itself no longer calls load_dotenv() at import time.

However, the bug is not about the framework calling load_dotenv(). It is about the user's application calling load_dotenv() before configure_otel_providers(), which is what all the observability samples still do:

from dotenv import load_dotenv
load_dotenv()
# os.environ now has ENABLE_SENSITIVE_DATA=true

from agent_framework.observability import configure_otel_providers
configure_otel_providers()  # does NOT pick up ENABLE_SENSITIVE_DATA from os.environ

The module-level OBSERVABILITY_SETTINGS = ObservabilitySettings() runs at import time, caching enable_sensitive_data=False before load_dotenv() populates os.environ. Then configure_otel_providers() in the else branch (no env_file_path) never re-reads ENABLE_SENSITIVE_DATA from os.environ when the parameter is None.

The current observability samples happen to work because they pass enable_sensitive_data=True explicitly, but any user relying on the env var without passing the explicit parameter will hit this bug. The test cases in the PR reproduce this exact scenario.

[TaoChenOSU]

We shouldn't create the global observability setting at import time. We can create the setting when configure_otel_providers() is called. This method is not meant to be called once anyways.

[droideronline]

@TaoChenOSU That makes sense — moving the ObservabilitySettings creation into configure_otel_providers() instead of having it at import time is a cleaner fix. I'll start working on that approach.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

[Copilot]

With OBSERVABILITY_SETTINGS now defaulting to None, setting ENABLE_INSTRUMENTATION=true in the process environment no longer automatically enables instrumentation until some code explicitly calls enable_instrumentation()/configure_otel_providers(). This appears to regress the documented “zero-code via env vars” behavior (e.g., python/samples/02-agents/observability/README.md:156 says ENABLE_INSTRUMENTATION=true should cause the framework to emit observability data). Consider lazily initializing OBSERVABILITY_SETTINGS on first telemetry check (or at import time when env vars are already present) so env-only enablement continues to work while still supporting load_dotenv-after-import timing.

Suggested change

	OBSERVABILITY_SETTINGS: ObservabilitySettings | None = None
	if "ENABLE_INSTRUMENTATION" in os.environ:
	OBSERVABILITY_SETTINGS: ObservabilitySettings | None = load_settings()
	else:
	OBSERVABILITY_SETTINGS: ObservabilitySettings | None = None

[droideronline]

Every sample in the repo explicitly calls configure_otel_providers() or enable_instrumentation() — no sample relies on env-var-only enablement. The README's "zero-code" pattern (Pattern 5) refers to the opentelemetry-instrument CLI, which doesn't depend on OBSERVABILITY_SETTINGS. Deferring creation to call time is intentional so that env vars set via load_dotenv() after import are correctly picked up.

[Copilot]

configure_otel_providers() now always replaces the global OBSERVABILITY_SETTINGS with a new ObservabilitySettings instance. This breaks the function’s documented “call once”/idempotent behavior: calling configure_otel_providers() a second time will reset _executed_setup back to False and can reconfigure providers/handlers again, which can lead to duplicate exporters/handlers and unexpected telemetry. Consider reusing the existing settings when setup has already been executed (or otherwise preserving the original _executed_setup state) so repeated calls remain a no-op after the first successful configuration.

[droideronline]

The docstring states: "DO NOT call this method multiple times, as it may lead to unexpected behavior." Single-call-at-startup is the expected usage pattern. Not a regression.

[Copilot]

ChatTelemetryLayer.get_response() currently short-circuits when OBSERVABILITY_SETTINGS is None, which means env-var-only enablement (ENABLE_INSTRUMENTATION=true) won’t activate telemetry unless some other code has already created the settings object. If OBSERVABILITY_SETTINGS is meant to be “deferred”, consider ensuring it is initialized here (or via a shared helper) before checking settings.ENABLED so the first instrumented call can pick up env vars populated by load_dotenv().

[droideronline]

Same rationale as above — telemetry activation requires an explicit configure_otel_providers() or enable_instrumentation() call, which all samples do. None means no setup was called, so telemetry should be disabled.

[Copilot]

This check will skip observability setup whenever OBSERVABILITY_SETTINGS is still None. With the new deferred initialization, an env-var-only setup (ENABLE_INSTRUMENTATION=true) may never create OBSERVABILITY_SETTINGS, so DevUI will log “Instrumentation not enabled” even though env vars request it. Consider instantiating/initializing settings here (or calling a shared accessor) before checking ENABLED, so DevUI respects env-based enablement.

[droideronline]

DevUI calls configure_otel_providers() itself when it needs observability (visible just below in the same function). The None guard correctly skips the fast-path check when no setup has been done yet.

[droideronline]

@TaoChenOSU Updated per your feedback. OBSERVABILITY_SETTINGS is now None at import time and created fresh inside configure_otel_providers() / enable_instrumentation(). Would you mind taking another look when you get a chance?