From 731f1aa9062a31f11f6bf79cafb17c2dc3794a4a Mon Sep 17 00:00:00 2001
From: Ayaan Zaidi <zaidi@uplause.io>
Date: Tue, 10 Mar 2026 08:43:07 +0530
Subject: [PATCH] test: avoid detect-secrets churn in observation fixtures

---
 .secrets.baseline                                |  8 ++++----
 src/agents/pi-embedded-error-observation.test.ts | 15 +++++++++------
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index b1f909e6ca4..5a0c639b9e3 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -205,7 +205,7 @@
         "filename": "apps/macos/Sources/OpenClawProtocol/GatewayModels.swift",
         "hashed_secret": "7990585255d25249fb1e6eac3d2bd6c37429b2cd",
         "is_verified": false,
-        "line_number": 1763
+        "line_number": 1859
       }
     ],
     "apps/macos/Tests/OpenClawIPCTests/AnthropicAuthResolverTests.swift": [
@@ -266,7 +266,7 @@
         "filename": "apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift",
         "hashed_secret": "7990585255d25249fb1e6eac3d2bd6c37429b2cd",
         "is_verified": false,
-        "line_number": 1763
+        "line_number": 1859
       }
     ],
     "docs/.i18n/zh-CN.tm.jsonl": [
@@ -11659,7 +11659,7 @@
         "filename": "src/agents/tools/web-search.ts",
         "hashed_secret": "dfba7aade0868074c2861c98e2a9a92f3178a51b",
         "is_verified": false,
-        "line_number": 292
+        "line_number": 291
       }
     ],
     "src/agents/tools/web-tools.enabled-defaults.e2e.test.ts": [
@@ -13013,5 +13013,5 @@
       }
     ]
   },
-  "generated_at": "2026-03-09T08:37:13Z"
+  "generated_at": "2026-03-10T03:11:06Z"
 }
diff --git a/src/agents/pi-embedded-error-observation.test.ts b/src/agents/pi-embedded-error-observation.test.ts
index 94979ebfb8c..4e1d6162d5c 100644
--- a/src/agents/pi-embedded-error-observation.test.ts
+++ b/src/agents/pi-embedded-error-observation.test.ts
@@ -6,6 +6,9 @@ import {
   sanitizeForConsole,
 } from "./pi-embedded-error-observation.js";
 
+const OBSERVATION_BEARER_TOKEN = "sk-redact-test-token";
+const OBSERVATION_COOKIE_VALUE = "session-cookie-token";
+
 afterEach(() => {
   vi.restoreAllMocks();
 });
@@ -29,27 +32,27 @@ describe("buildApiErrorObservationFields", () => {
 
   it("forces token redaction for observation previews", () => {
     const observed = buildApiErrorObservationFields(
-      "Authorization: Bearer sk-abcdefghijklmnopqrstuvwxyz123456",
+      `Authorization: Bearer ${OBSERVATION_BEARER_TOKEN}`,
     );
 
-    expect(observed.rawErrorPreview).not.toContain("sk-abcdefghijklmnopqrstuvwxyz123456");
-    expect(observed.rawErrorPreview).toContain("sk-abc");
+    expect(observed.rawErrorPreview).not.toContain(OBSERVATION_BEARER_TOKEN);
+    expect(observed.rawErrorPreview).toContain(OBSERVATION_BEARER_TOKEN.slice(0, 6));
     expect(observed.rawErrorHash).toMatch(/^sha256:/);
   });
 
   it("redacts observation-only header and cookie formats", () => {
     const observed = buildApiErrorObservationFields(
-      "x-api-key: sk-abcdefghijklmnopqrstuvwxyz123456 Cookie: session=abcdefghijklmnopqrstuvwxyz123456",
+      `x-api-key: ${OBSERVATION_BEARER_TOKEN} Cookie: session=${OBSERVATION_COOKIE_VALUE}`,
     );
 
-    expect(observed.rawErrorPreview).not.toContain("abcdefghijklmnopqrstuvwxyz123456");
+    expect(observed.rawErrorPreview).not.toContain(OBSERVATION_COOKIE_VALUE);
     expect(observed.rawErrorPreview).toContain("x-api-key: ***");
     expect(observed.rawErrorPreview).toContain("Cookie: session=");
   });
 
   it("does not let cookie redaction consume unrelated fields on the same line", () => {
     const observed = buildApiErrorObservationFields(
-      "Cookie: session=abcdefghijklmnopqrstuvwxyz123456 status=503 request_id=req_cookie",
+      `Cookie: session=${OBSERVATION_COOKIE_VALUE} status=503 request_id=req_cookie`,
     );
 
     expect(observed.rawErrorPreview).toContain("Cookie: session=");