# Test files use fake API keys for mocking — not real secrets
# Note: bare paths like the line below are NOT valid gitleaks fingerprints.
# The supported format is `<sha>:<file>:<rule>:<line>`. Gitleaks emits an
# "Invalid .gitleaksignore entry" warning for bare paths but still scans
# the file; concrete fingerprints below are the supported form.
tests/test_cli.py

# v1.0.1 hotfix artifacts — example keys in docs + test fixture, not real secrets
69e8577af2f9fee66c963719048ff46f118744c0:docs/plans/EXECUTION_PLAN_V1_0_1_HOTFIX.md:curl-auth-header:130
59d0874bfd6a8eeadb836dbf22512a9d2db9e5fe:docs/launch/blind-agent-coldstart-report-v1.0.0-fullwalk.md:curl-auth-header:124
31ff84c7e15065c067b6a264607167c734d63f48:tests/mcp/test_http_endpoint.py:generic-api-key:112

# Convention reminder: plan/handoff docs MUST use placeholders (e.g.
# `<leaked-key>`) instead of even partial-prefix references like
# `fnlt_defe75cb...` inside `curl -H "X-...-Api-Key:"` examples — the
# `curl-auth-header` rule matches the curl+header SHAPE, not the key
# value, so even redacted-looking partials trip the deploy gate. See
# the 2026-05-14 hygiene-batch deploy failure for context.
