From 7e3084f4056378dd7820a1f57c8c9c1e3f9d57b6 Mon Sep 17 00:00:00 2001
From: Ziy1-Tan <ajb459684460@gmail.com>
Date: Wed, 22 Apr 2026 13:56:57 +0800
Subject: [PATCH] test: assert exact redaction sentinel in skills.update
 response test
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Use __OPENCLAW_REDACTED__ sentinel value instead of .not.toBe() to
properly verify the redaction contract — weak negation checks would
pass even if the field were silently dropped or set to null.
---
 .../server-methods/skills.update.normalizes-api-key.test.ts   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/gateway/server-methods/skills.update.normalizes-api-key.test.ts b/src/gateway/server-methods/skills.update.normalizes-api-key.test.ts
index fe4af5f507f..59a7073c185 100644
--- a/src/gateway/server-methods/skills.update.normalizes-api-key.test.ts
+++ b/src/gateway/server-methods/skills.update.normalizes-api-key.test.ts
@@ -90,9 +90,9 @@ describe("skills.update", () => {
 
     // Response must not expose plaintext secrets
     const config = (responseResult as { config: Record<string, unknown> }).config;
-    expect(config.apiKey).not.toBe("secret-api-key-123");
+    expect(config.apiKey).toBe("__OPENCLAW_REDACTED__");
     const env = config.env as Record<string, string>;
-    expect(env.GEMINI_API_KEY).not.toBe("secret-env-key-456");
+    expect(env.GEMINI_API_KEY).toBe("__OPENCLAW_REDACTED__");
     // Non-secret env values should still be present
     expect(env.BRAVE_REGION).toBe("us");
   });