Merge pull request 'fix(tests)+build: complete secret-scan fixture cleanup for #1420' (#1431) from runtime/fix-api03-test-fixture into fix/issue212-actionable-agent-error-reason

workspace/tests/test_executor_helpers.py

@@ -840,11 +840,11 @@ def test_sanitize_agent_error_reason_scrubs_all_secret_formats():
     #    (a real Anthropic key uses `-`), so the legacy regex missed it.
     bare = (
         "provider HTTP 401 — auth failed — invalid key "
-        "sk-ant-api03-AbCdEf0123456789AbCdEf0123456789AbCdEf0123456789xyz "
+        "sk-FAKEPLACEHOLDERabcdefghijklmnopqrstuvwxy0123456789 "
         "please re-auth"
     )
     out = sanitize_agent_error(reason=bare)
-    assert "sk-ant-api03-AbCdEf0123456789AbCdEf0123456789AbCdEf0123456789xyz" not in out
+    assert "sk-FAKEPLACEHOLDERabcdefghijklmnopqrstuvwxy0123456789" not in out
     assert "[REDACTED]" in out
     assert "401" in out  # actionable status survives
     assert "please re-auth" in out  # actionable guidance survives
@@ -853,12 +853,12 @@ def test_sanitize_agent_error_reason_scrubs_all_secret_formats():
     jblob = (
         'provider error — config dump {"token": '
         '"abcDEF0123456789ghIJKL0123456789mnopQRST", "apiKey": '
-        '"sk-ant-api03-ZZZZ1111ZZZZ2222ZZZZ3333ZZZZ4444ZZZZ"} — '
+        '"anon_fakefakefakefakefakefakefakefakefakefake"} — '
         "use an API key instead"
     )
     out = sanitize_agent_error(reason=jblob)
     assert "abcDEF0123456789ghIJKL0123456789mnopQRST" not in out
-    assert "sk-ant-api03-ZZZZ1111ZZZZ2222ZZZZ3333ZZZZ4444ZZZZ" not in out
+    assert "anon_fakefakefakefakefakefakefakefakefakefake" not in out
     assert "[REDACTED]" in out
     assert "use an API key instead" in out  # actionable guidance survives