CI: restore main detect-secrets scan (#38438)

* Tests: stabilize detect-secrets fixtures * Tests: fix rebased detect-secrets false positives * Docs: keep snippets valid under detect-secrets * Tests: finalize detect-secrets false-positive fixes * Tests: reduce detect-secrets false positives * Tests: keep detect-secrets pragmas inline * Tests: remediate next detect-secrets batch * Tests: tighten detect-secrets allowlists * Tests: stabilize detect-secrets formatter drift
2026-05-10 08:12:43 +00:00 · 2026-03-07 13:06:35 -05:00
parent 46e324e269
commit e4d80ed556
137 changed files with 1231 additions and 2700 deletions
--- a/src/agents/pi-embedded-runner-extraparams.test.ts
+++ b/src/agents/pi-embedded-runner-extraparams.test.ts
@@ -1072,7 +1072,7 @@ describe("applyExtraParamsToAgent", () => {

    // Simulate pi-agent-core passing apiKey in options (API key, not OAuth token)
    void agent.streamFn?.(model, context, {
-      apiKey: "sk-ant-api03-test",
+      apiKey: "sk-ant-api03-test", // pragma: allowlist secret
      headers: { "X-Custom": "1" },
    });

@@ -1130,7 +1130,7 @@ describe("applyExtraParamsToAgent", () => {

    // Simulate pi-agent-core passing an OAuth token (sk-ant-oat-*) as apiKey
    void agent.streamFn?.(model, context, {
-      apiKey: "sk-ant-oat01-test-oauth-token",
+      apiKey: "sk-ant-oat01-test-oauth-token", // pragma: allowlist secret
      headers: { "X-Custom": "1" },
    });

@@ -1151,7 +1151,7 @@ describe("applyExtraParamsToAgent", () => {
      cfg,
      modelId: "claude-sonnet-4-5",
      options: {
-        apiKey: "sk-ant-api03-test",
+        apiKey: "sk-ant-api03-test", // pragma: allowlist secret
        headers: { "anthropic-beta": "prompt-caching-2024-07-31" },
      },
    });