Fix: Preserve Authorization headers in fetch instrumentation

[jhaynie]

The OpenTelemetry fetch instrumentation was overwriting existing headers when adding trace context. This caused issues with third-party SDKs like E2B that set Authorization headers, resulting in 'authorization header is missing' errors.

Changes:

• Only add trace context headers if they don't already exist
• Prevents overwriting critical headers like Authorization
• Properly preserves all existing headers from init.headers

Summary by CodeRabbit

• Bug Fixes
  • Improved header preservation during request processing, ensuring existing headers are not unintentionally overwritten while trace context is being applied.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@jhaynie has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 13 minutes and 1 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 893ec79 and c20d9f3.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• CHANGELOG.md (1 hunks)
• package.json (1 hunks)
• src/otel/fetch.ts (2 hunks)

Walkthrough

Modified header injection logic in the instrumented fetch path to conditionally apply trace context headers only when not already present, replacing unconditional header overwriting with safer preservation of existing headers.

Changes

Cohort / File(s)	Summary
Header Injection Logic Refactoring src/otel/fetch.ts	Changed from blindly mutating headers to conditionally adding trace context headers only when not already present. Now clones existing headers and checks for presence before injection; if no headers exist, sets carrier directly. Preserves original header state more safely.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Header cloning logic: Verify that cloning and iteration correctly preserve all existing headers
• Edge cases: Confirm handling of null/undefined init.headers and empty carrier scenarios
• Conditional logic: Ensure the "only set if not present" check works as intended for trace header propagation

Poem

🐰 Headers now skip, when already there,
No clashing traces, no overwrites rare,
Clone and preserve, the wise rabbit's way,
Conditional headers win the day! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main fix in the pull request - preserving Authorization headers in fetch instrumentation by conditionally adding trace headers instead of overwriting existing ones.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 474222d and 893ec79.

📒 Files selected for processing (1)

• src/otel/fetch.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

src/{logger,otel}/**

📄 CodeRabbit inference engine (AGENT.md)

Infrastructure code goes under src/logger/ and src/otel/ (OpenTelemetry)

Files:

• src/otel/fetch.ts

{src,test}/**/!(*.d).ts

📄 CodeRabbit inference engine (AGENT.md)

{src,test}/**/!(*.d).ts: Use strict TypeScript and prefer unknown over any
Use ESM import/export syntax; avoid CommonJS require/module.exports
Use relative imports for internal modules
Keep imports organized (sorted, no unused imports)
Use tabs with a visual width of 2 spaces
Limit lines to a maximum of 80 characters
Use single quotes for strings
Use proper Error types; do not throw strings
Prefer template literals over string concatenation

Files:

• src/otel/fetch.ts