Feat/56 observability header redaction

[Amarjeet325]

Description

This PR introduces request and response header redaction for the HTTP client's observability hooks. It ensures that hook payloads expose useful metadata (like request and response headers) without leaking sensitive information such as API keys, authorization tokens, or cookies.

Semver impact: minor

Linked Issue

Closes #56

Type of Change

• 🐛 Bug fix (patch)
• ✨ New feature / method (minor)
• 💥 Breaking change (major)
• 📝 Documentation / TypeDoc update
• 🔧 Chore / refactor
• 🧪 Tests only

Changes Made

• src/http/http.types.ts: Expanded RequestHookPayload and ResponseHookPayload types to include the headers and responseHeaders properties. Both are typed to indicate they have been safely redacted.
• src/http/httpClient.ts: Implemented a new redactHeaders utility helper that replaces known sensitive headers (authorization, x-api-key, cookie, set-cookie) with [REDACTED]. Applied this helper to format headers inside the onRequest and onResponse hook payloads.
• tests/httpClient.test.ts: Updated observability hook tests to explicitly assert that sensitive headers are redacted while safe headers remain intact.
• docs/sdk-guide.md: Updated the documentation to reflect the availability of header metadata in hook payloads and added a warning against logging sensitive application data.

Public API Changes

// New exported utility function:
export function redactHeaders(headers: Headers | Record<string, string>): Record<string, string>;

// Modified types:
export type RequestHookPayload = {
  method: HttpMethod;
  path: string;
  /** Safely redacted headers. Sensitive values are replaced with '[REDACTED]'. */
  headers: Record<string, string>;
};

export type ResponseHookPayload = RequestHookPayload & {
  status: number;
  durationMs: number;
  /** Safely redacted response headers. Sensitive values are replaced with '[REDACTED]'. */
  responseHeaders: Record<string, string>;
};

[Lakes41]

Very well done,